From xen-changelog-bounces@lists.xenproject.org Fri Apr 01 16:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 01 Apr 2022 16:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297515.506850 (Exim 4.92) (envelope-from ) id 1naJre-0005wE-4p; Fri, 01 Apr 2022 16:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297515.506850; Fri, 01 Apr 2022 16:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naJre-0005w6-1x; Fri, 01 Apr 2022 16:11:06 +0000 Received: by outflank-mailman (input) for mailman id 297515; Fri, 01 Apr 2022 16:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naJrc-0005w0-S4 for xen-changelog@lists.xenproject.org; Fri, 01 Apr 2022 16:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naJrc-0000tL-PW for xen-changelog@lists.xenproject.org; Fri, 01 Apr 2022 16:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1naJrc-0006J0-OQ for xen-changelog@lists.xenproject.org; Fri, 01 Apr 2022 16:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IWv6yQ7F75Ji8+PKAyfchZtBi0SP2vr4Hs9tPsuX6gY=; b=c+keYaNBkrwfOON3DDoKv+vzg7 1/dN1QeBZy7M3SlqthM6WtORy52XMhd2sAAlZAGKe+8fkebgTVYtLaxlU2ETWrR8yfu6COiUUYl3H oNbLHLNIaNl8tXpVB+oANr8+5VuFsDAiqQeftX3FfXLpWmzOH7dthGSWVszA08O96dSc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxl: Don't segfault on soft-reset failure Message-Id: Date: Fri, 01 Apr 2022 16:11:04 +0000 commit d2ecf97f911fc00a85b34b70ca311b5d355a9756 Author: Jason Andryuk AuthorDate: Fri Apr 1 10:32:56 2022 -0400 Commit: Andrew Cooper CommitDate: Fri Apr 1 17:01:57 2022 +0100 libxl: Don't segfault on soft-reset failure If domain_soft_reset_cb can't rename the save file, it doesn't call initiate_domain_create() and calls domcreate_complete(). Skipping initiate_domain_create() means dcs->console_wait is uninitialized and all 0s. We have: domcreate_complete() libxl__xswait_stop() libxl__ev_xswatch_deregister(). The uninitialized slotnum 0 is considered valid (-1 is the invalid sentinel), so the NULL pointer path to passed to xs_unwatch() which segfaults. libxl__ev_xswatch_deregister:watch w=0x12bc250 wpath=(null) token=0/0: deregister slotnum=0 Move dcs->console_xswait initialization into the callers of initiate_domain_create, do_domain_create() and do_domain_soft_reset(), so it is initialized along with the other dcs state. Fixes: c57e6ebd8c3e ("(lib)xl: soft reset support") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_create.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 15ed021f41..885675591f 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1255,8 +1255,6 @@ static void initiate_domain_create(libxl__egc *egc, libxl_domain_config *const d_config = dcs->guest_config; libxl__domain_build_state *dbs = &dcs->build_state; - libxl__xswait_init(&dcs->console_xswait); - domid = dcs->domid; libxl__domain_build_state_init(dbs); dbs->restore = dcs->restore_fd >= 0; @@ -2072,6 +2070,7 @@ static int do_domain_create(libxl_ctx *ctx, libxl_domain_config *d_config, cdcs->dcs.callback = domain_create_cb; cdcs->dcs.domid = INVALID_DOMID; cdcs->dcs.soft_reset = false; + libxl__xswait_init(&cdcs->dcs.console_xswait); if (cdcs->dcs.restore_params.checkpointed_stream == LIBXL_CHECKPOINTED_STREAM_COLO) { @@ -2172,6 +2171,7 @@ static int do_domain_soft_reset(libxl_ctx *ctx, cdcs->dcs.domid = domid; cdcs->dcs.soft_reset = true; cdcs->dcs.callback = domain_create_cb; + libxl__xswait_init(&cdcs->dcs.console_xswait); libxl__ao_progress_gethow(&srs->cdcs.dcs.aop_console_how, aop_console_how); cdcs->domid_out = &domid_out; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 01 16:11:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 01 Apr 2022 16:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297516.506854 (Exim 4.92) (envelope-from ) id 1naJro-0005yE-6U; Fri, 01 Apr 2022 16:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297516.506854; Fri, 01 Apr 2022 16:11:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naJro-0005y6-3Z; Fri, 01 Apr 2022 16:11:16 +0000 Received: by outflank-mailman (input) for mailman id 297516; Fri, 01 Apr 2022 16:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naJrm-0005xv-U4 for xen-changelog@lists.xenproject.org; Fri, 01 Apr 2022 16:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naJrm-0000tP-TC for xen-changelog@lists.xenproject.org; Fri, 01 Apr 2022 16:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1naJrm-0006Jj-S5 for xen-changelog@lists.xenproject.org; Fri, 01 Apr 2022 16:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ll333CgHOzmyoeEmAUJjDRlTyu4rbcy2mfvCG43ZuoU=; b=feePxFxYMWV5LLFeczNdy2alM5 /vXlINB74kIHjQKMeBJjRMsDFvdRP+KWJN6czfPcUvTImqAuOLUfFEypMorCaAKBB2EUWQpLe2ct0 x9tF2iE4bIpynvpJN0BFCiYElbu/QBJuFCy6fAsS+NTz4YvwtAUFKOyeEUm72Rh0ybSY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxl: Re-scope qmp_proxy_spawn.ao usage Message-Id: Date: Fri, 01 Apr 2022 16:11:14 +0000 commit d62a34423a1a98aefd7c30e22d2d82d198f077c8 Author: Jason Andryuk AuthorDate: Fri Apr 1 10:33:10 2022 -0400 Commit: Andrew Cooper CommitDate: Fri Apr 1 17:01:57 2022 +0100 libxl: Re-scope qmp_proxy_spawn.ao usage I've observed this failed assertion: libxl_event.c:2057: libxl__ao_inprogress_gc: Assertion `ao' failed. AFAICT, this is happening in qmp_proxy_spawn_outcome where sdss->qmp_proxy_spawn.ao is NULL. The out label of spawn_stub_launch_dm() calls qmp_proxy_spawn_outcome(), but it is only in the success path that sdss->qmp_proxy_spawn.ao gets set to the current ao. qmp_proxy_spawn_outcome() should instead use sdss->dm.spawn.ao, which is the already in-use ao when spawn_stub_launch_dm() is called. The same is true for spawn_qmp_proxy(). With this, move sdss->qmp_proxy_spawn.ao initialization to spawn_qmp_proxy() since its use is for libxl__spawn_spawn() and it can be initialized along with the rest of sdss->qmp_proxy_spawn. Fixes: 83c845033dc8 ("libxl: use vchan for QMP access with Linux stubdomain") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_dm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 9a8ddbe188..1864ee30f0 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -2567,7 +2567,6 @@ static void spawn_stub_launch_dm(libxl__egc *egc, goto out; } - sdss->qmp_proxy_spawn.ao = ao; if (libxl__stubdomain_is_linux(&guest_config->b_info)) { spawn_qmp_proxy(egc, sdss); } else { @@ -2584,7 +2583,7 @@ out: static void spawn_qmp_proxy(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); const uint32_t guest_domid = sdss->dm.guest_domid; const uint32_t dm_domid = sdss->pvqemu.guest_domid; const char *dom_path = libxl__xs_get_dompath(gc, dm_domid); @@ -2598,6 +2597,7 @@ static void spawn_qmp_proxy(libxl__egc *egc, goto out; } + sdss->qmp_proxy_spawn.ao = ao; sdss->qmp_proxy_spawn.what = GCSPRINTF("domain %d device model qmp proxy", guest_domid); sdss->qmp_proxy_spawn.pidpath = GCSPRINTF("%s/image/qmp-proxy-pid", dom_path); sdss->qmp_proxy_spawn.xspath = DEVICE_MODEL_XS_PATH(gc, LIBXL_TOOLSTACK_DOMID, @@ -2685,7 +2685,7 @@ static void qmp_proxy_spawn_outcome(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss, int rc) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); /* * Until xenconsoled learns how to handle multiple consoles, require qemu * in dom0 to serve consoles for a stubdomain - it require at least 3 of them. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 03:33:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 03:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297690.507176 (Exim 4.92) (envelope-from ) id 1naUVb-0002tM-2v; Sat, 02 Apr 2022 03:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297690.507176; Sat, 02 Apr 2022 03:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naUVa-0002tD-VE; Sat, 02 Apr 2022 03:33:02 +0000 Received: by outflank-mailman (input) for mailman id 297690; Sat, 02 Apr 2022 03:33:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naUVZ-0002t7-GD for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 03:33:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naUVZ-0007zJ-EL for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 03:33:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1naUVZ-0003zN-DB for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 03:33:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=x6rirLBN5ugx8excPdtK3p9lfL7s+/jUr+eAbYdk+vI=; b=eLf5mG+y64lR0A9OIW3MDnyLqc BcGBuzVLwaZ/PqIF/QzkwVnvaBQlaT641QP0fi2GUAHI+Lh8BcE5lnCrw2Nlt9sDDzrBm8enKgsZh xoY9DoqxbPgYA2QZk5I7McxeNOEFCoolte6ppqMOFOhu9Q/CgWIR63jfHNDALr8u2kT4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] livepatch: fix typos Message-Id: Date: Sat, 02 Apr 2022 03:33:01 +0000 commit 04f34f84aa8bac5893428c07421f4bddc79d2ec7 Author: Bjoern Doebel AuthorDate: Thu Mar 31 10:45:14 2022 +0200 Commit: Jan Beulich CommitDate: Thu Mar 31 10:45:14 2022 +0200 livepatch: fix typos Fix a couple of typos in livepatch code. Signed-off-by: Bjoern Doebel Reviewed-by: Luca Fancellu Acked-by: Jan Beulich --- xen/arch/x86/livepatch.c | 2 +- xen/common/livepatch.c | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index a3553e94d0..b566ff1071 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -28,7 +28,7 @@ static bool has_active_waitqueue(const struct vm_event_domain *ved) } /* - * x86's implementation of waitqueue violates the livepatching safey principle + * x86's implementation of waitqueue violates the livepatching safety principle * of having unwound every CPUs stack before modifying live content. * * Search through every domain and check that no vCPUs have an active diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index be2cf75c2d..edf56a357f 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -40,7 +40,7 @@ static LIST_HEAD(payload_list); /* * Patches which have been applied. Need RCU in case we crash (and then - * traps code would iterate via applied_list) when adding entries onthe list. + * traps code would iterate via applied_list) when adding entries on the list. */ static DEFINE_RCU_READ_LOCK(rcu_applied_lock); static LIST_HEAD(applied_list); @@ -326,8 +326,8 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) /* * Total of all three regions - RX, RW, and RO. We have to have - * keep them in seperate pages so we PAGE_ALIGN the RX and RW to have - * them on seperate pages. The last one will by default fall on its + * keep them in separate pages so we PAGE_ALIGN the RX and RW to have + * them on separate pages. The last one will by default fall on its * own page. */ size = PAGE_ALIGN(payload->text_size) + PAGE_ALIGN(payload->rw_size) + @@ -882,7 +882,7 @@ static bool_t is_payload_symbol(const struct livepatch_elf *elf, return 0; /* - * The payload is not a final image as we dynmically link against it. + * The payload is not a final image as we dynamically link against it. * As such the linker has left symbols we don't care about and which * binutils would have removed had it be a final image. Hence we: * - For SHF_ALLOC - ignore symbols referring to sections that are not @@ -1523,7 +1523,7 @@ static bool_t is_work_scheduled(const struct payload *data) /* * Check if payload has any of the vetoing, non-atomic hooks assigned. - * A vetoing, non-atmic hook may perform an operation that changes the + * A vetoing, non-atomic hook may perform an operation that changes the * hypervisor state and may not be guaranteed to succeed. Result of * such operation may be returned and may change the livepatch workflow. * Such hooks may require additional cleanup actions performed by other -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 03:33:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 03:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297691.507180 (Exim 4.92) (envelope-from ) id 1naUVl-0002v2-3b; Sat, 02 Apr 2022 03:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297691.507180; Sat, 02 Apr 2022 03:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naUVl-0002uu-0Y; Sat, 02 Apr 2022 03:33:13 +0000 Received: by outflank-mailman (input) for mailman id 297691; Sat, 02 Apr 2022 03:33:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naUVj-0002ui-Iu for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 03:33:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naUVj-0007zg-I2 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 03:33:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1naUVj-000401-H7 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 03:33:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BU/RccSPC24iQuZIehpaHHPK666ci9dKKDDyr21pftU=; b=ugWY20Lq+slWMIanNeGn0kAKWJ E7+wruGwNH/kG+xFFHJ1K+o26zocYJQ9jliMbYG34YU3SWzkMZBY+dse81Lnudy1SO/KELTEMbvTG lc9p31grAcKeXpGVZte8gdEnFmHV0dt76E4+1nM6CZEUEgyxAx57vpxTektdogP/tjn0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] livepatch: account for patch offset when applying NOP patch Message-Id: Date: Sat, 02 Apr 2022 03:33:11 +0000 commit 8a87b9a0fb0564f9d68f0be0a0d1a17c34117b8b Author: Jan Beulich AuthorDate: Thu Mar 31 10:45:46 2022 +0200 Commit: Jan Beulich CommitDate: Thu Mar 31 10:45:46 2022 +0200 livepatch: account for patch offset when applying NOP patch While not triggered by the trivial xen_nop in-tree patch on staging/master, that patch exposes a problem on the stable trees, where all functions have ENDBR inserted. When NOP-ing out a range, we need to account for this. Handle this right in livepatch_insn_len(). This requires livepatch_insn_len() to be called _after_ ->patch_offset was set. Fixes: 6974c75180f1 ("xen/x86: Livepatch: support patching CET-enhanced functions") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/livepatch.c | 8 +++++--- xen/include/xen/livepatch.h | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index b566ff1071..78c35f1fef 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -145,9 +145,6 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) func->patch_offset = 0; old_ptr = func->old_addr; - len = livepatch_insn_len(func); - if ( !len ) - return; /* * CET hotpatching support: We may have functions starting with an ENDBR64 @@ -160,6 +157,11 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) if ( is_endbr64(old_ptr) || is_endbr64_poison(func->old_addr) ) func->patch_offset += ENDBR64_LEN; + /* This call must be done with ->patch_offset already set. */ + len = livepatch_insn_len(func); + if ( !len ) + return; + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { diff --git a/xen/include/xen/livepatch.h b/xen/include/xen/livepatch.h index f3ae10f007..9fdb29c382 100644 --- a/xen/include/xen/livepatch.h +++ b/xen/include/xen/livepatch.h @@ -90,7 +90,7 @@ static inline unsigned int livepatch_insn_len(const struct livepatch_func *func) { if ( !func->new_addr ) - return func->new_size; + return func->new_size - func->patch_offset; return ARCH_PATCH_INSN_SIZE; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 03:33:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 03:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297692.507184 (Exim 4.92) (envelope-from ) id 1naUVv-0002xs-4y; Sat, 02 Apr 2022 03:33:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297692.507184; Sat, 02 Apr 2022 03:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naUVv-0002xk-28; Sat, 02 Apr 2022 03:33:23 +0000 Received: by outflank-mailman (input) for mailman id 297692; Sat, 02 Apr 2022 03:33:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naUVt-0002xX-MF for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 03:33:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naUVt-0007zy-LU for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 03:33:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1naUVt-00040g-KQ for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 03:33:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZV0Xe1tTHtPyoi2UXqTe4piKUgjwfRQw2hDORDLaHwI=; b=hU9P6dpi6ckL2Ayv6pL3YGfCy7 /x0td7BK24eaZuT3ZXA51cm+8RZskrJslHY4pCpg0g6NfTFZPNg5mVzNU7KrxVVd0CTRxzUWLvyvi ChHgdlFT2PLwFwL5c8xvIla1CEke6mO7jq77/EMv14A7IYErHEYz6gc0wWPfXFlYNbJ0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xl: Fix global pci options Message-Id: Date: Sat, 02 Apr 2022 03:33:21 +0000 commit e45ad0b1b0bd6a43f59aaf4a6f86d88783c630e5 Author: Jason Andryuk AuthorDate: Wed Mar 30 14:17:41 2022 -0400 Commit: Andrew Cooper CommitDate: Thu Mar 31 19:48:12 2022 +0100 xl: Fix global pci options commit babde47a3fed "introduce a 'passthrough' configuration option to xl.cfg..." moved the pci list parsing ahead of the global pci option parsing. This broke the global pci configuration options since they need to be set first so that looping over the pci devices assigns their values. Move the global pci options ahead of the pci list to restore their function. Fixes: babde47a3fed ("introduce a 'passthrough' configuration option to xl.cfg...") Signed-off-by: Jason Andryuk Acked-by: Anthony PERARD --- tools/xl/xl_parse.c | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 117fcdcb2b..b98c0de378 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -1478,6 +1478,32 @@ void parse_config_data(const char *config_source, exit(1); } + /* To be reworked (automatically enabled) once the auto ballooning + * after guest starts is done (with PCI devices passed in). */ + if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { + xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); + } + + if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) + pci_msitranslate = l; + + if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) + pci_power_mgmt = l; + + if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) + pci_permissive = l; + + if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) + pci_seize = l; + + if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { + libxl_rdm_reserve rdm; + if (!xlu_rdm_parse(config, &rdm, buf)) { + b_info->u.hvm.rdm.strategy = rdm.strategy; + b_info->u.hvm.rdm.policy = rdm.policy; + } + } + if (!xlu_cfg_get_list (config, "pci", &pcis, 0, 0)) { d_config->num_pcidevs = 0; d_config->pcidevs = NULL; @@ -2338,32 +2364,6 @@ skip_vfb: } } - if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) - pci_msitranslate = l; - - if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) - pci_power_mgmt = l; - - if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) - pci_permissive = l; - - if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) - pci_seize = l; - - /* To be reworked (automatically enabled) once the auto ballooning - * after guest starts is done (with PCI devices passed in). */ - if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { - xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); - } - - if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { - libxl_rdm_reserve rdm; - if (!xlu_rdm_parse(config, &rdm, buf)) { - b_info->u.hvm.rdm.strategy = rdm.strategy; - b_info->u.hvm.rdm.policy = rdm.policy; - } - } - if (!xlu_cfg_get_list(config, "usbctrl", &usbctrls, 0, 0)) { d_config->num_usbctrls = 0; d_config->usbctrls = NULL; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 03:33:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 03:33:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297693.507189 (Exim 4.92) (envelope-from ) id 1naUW5-00030l-6w; Sat, 02 Apr 2022 03:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297693.507189; Sat, 02 Apr 2022 03:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naUW5-00030a-3X; Sat, 02 Apr 2022 03:33:33 +0000 Received: by outflank-mailman (input) for mailman id 297693; Sat, 02 Apr 2022 03:33:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naUW3-00030B-Pk for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 03:33:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1naUW3-000809-Ow for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 03:33:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1naUW3-00041B-O9 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 03:33:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JUIYEdKMNUK4gKcjGyNLbNl9nZoqdxa8Kw4btbAKktc=; b=EhDoSgJ7ckdVQkLziKMDwpE4NH 4RxHXWOoBwcImAp1Fz4SplXbpDXfQqzBdSrSnh4dpsJLNys7kDZncGrUyy6uJzU4KngoKiS+g3Dmp Fd/H1ARL0GaHf/Dl+mUc+XXoeRU93kMIUFDL2JDEscnuxQ6lDWDpIQiyC90lDdzI8trE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libxl: constify libxl__stubdomain_is_linux Message-Id: Date: Sat, 02 Apr 2022 03:33:31 +0000 commit e7cfcdc6719d586eb7cdb62d40275a7d17fe6760 Author: Jason Andryuk AuthorDate: Wed Mar 30 14:17:22 2022 -0400 Commit: Andrew Cooper CommitDate: Thu Mar 31 19:50:03 2022 +0100 libxl: constify libxl__stubdomain_is_linux libxl__stubdomain_is_linux can take a const pointer, so make the change. This isn't an issue in-tree, but was found with an OpenXT patch where it was called with only const libxl_domain_build_info available. Signed-off-by: Jason Andryuk Acked-by: Anthony PERARD --- tools/libs/light/libxl_internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index c0e7779d97..a26daec040 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -2326,7 +2326,7 @@ bool libxl__stubdomain_is_linux_running(libxl__gc *gc, uint32_t domid) } static inline -bool libxl__stubdomain_is_linux(libxl_domain_build_info *b_info) +bool libxl__stubdomain_is_linux(const libxl_domain_build_info *b_info) { /* right now qemu-tranditional implies MiniOS stubdomain and qemu-xen * implies Linux stubdomain */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:00:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:00:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297854.507395 (Exim 4.92) (envelope-from ) id 1nai2d-0001W4-96; Sat, 02 Apr 2022 18:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297854.507395; Sat, 02 Apr 2022 18:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai2d-0001Vh-5w; Sat, 02 Apr 2022 18:00:03 +0000 Received: by outflank-mailman (input) for mailman id 297854; Sat, 02 Apr 2022 18:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai2b-0001Di-Uk for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai2b-0007E6-Td for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai2b-00031y-SV for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Wjk2JgUk3RVZOO1eD5MsVf0T3QWCyA5ar5mCymcUSNs=; b=Lrke329orDX65Jx6DVERXjL1Oj ajEJu4Jp6Z08bJ4Fq1wHLq7P9tL3caP1ow/ljj07SAG3h8ci8Xnpobc+r7bvMYvcEHV1l4lCiyy0W 6rHCeuoSdnq7FeRs645gFcArK2DSBnUv6v/jqn9c0ErCvzwhcOQ5e5xDKI3yYJXX5bHs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86: Introduce support for CET-IBT Message-Id: Date: Sat, 02 Apr 2022 18:00:01 +0000 commit 917b6ef91b9372dc09ba9a56740590c0b6cda6ca Author: Andrew Cooper AuthorDate: Thu Oct 21 18:38:50 2021 +0100 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86: Introduce support for CET-IBT CET Indirect Branch Tracking is a hardware feature designed to provide forward-edge control flow integrity, protecting against jump/call oriented programming. IBT requires the placement of endbr{32,64} instructions at the target of every indirect call/jmp, and every entrypoint. It is necessary to check for both compiler and assembler support, as the notrack prefix can be emitted in certain cases. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 3667f7f8f7c471e94e58cf35a95f09a0fe5c1290) Note: For backports to 4.14 thru 4.16, we are deliberately not using -mmanual-endbr as done in staging, as an intermediate approach which is not too invasive to backport. x86/cet: Force -fno-jump-tables for CET-IBT Both GCC and Clang have a (mis)feature where, even with -fcf-protection=branch, jump tables are created using a notrack jump rather than using endbr's in each case statement. This is incompatible with the safety properties we want in Xen, and enforced by not setting MSR_S_CET.NOTRACK_EN. The consequence is a fatal #CP[endbr]. -fno-jump-tables is generally active as a side effect of CONFIG_INDIRECT_THUNK (retpoline), but as of c/s 95d9ab461436 ("x86/Kconfig: introduce option to select retpoline usage"), we explicitly support turning retpoline off. Fixes: 3667f7f8f7c4 ("x86: Introduce support for CET-IBT") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9d4a44380d273de22d5753883cbf5581795ff24d) --- Config.mk | 1 - xen/arch/x86/Kconfig | 17 +++++++++++++++++ xen/arch/x86/arch.mk | 9 +++++++++ xen/arch/x86/configs/pvshim_defconfig | 1 + xen/include/asm-x86/asm-defns.h | 6 ++++++ xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/cpufeatures.h | 1 + 7 files changed, 35 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index 8f9bc05f8c..32b6637b4d 100644 --- a/Config.mk +++ b/Config.mk @@ -199,7 +199,6 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables -EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index b4abfca46f..be343218de 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -39,6 +39,11 @@ config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) +config HAS_CC_CET_IBT + # GCC >= 9 and binutils >= 2.29 + # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 + def_bool $(cc-option,-fcf-protection=branch -mindirect-branch=thunk-extern) && $(as-instr,endbr64) + menu "Architecture Features" source "arch/Kconfig" @@ -124,6 +129,18 @@ config XEN_SHSTK When CET-SS is active, 32bit PV guests cannot be used. Backwards compatiblity can be provided via the PV Shim mechanism. +config XEN_IBT + bool "Supervisor Indirect Branch Tracking" + depends on HAS_CC_CET_IBT + default y + help + Control-flow Enforcement Technology (CET) is a set of features in + hardware designed to combat Return-oriented Programming (ROP, also + call/jump COP/JOP) attacks. Indirect Branch Tracking is one CET + feature designed to provide function pointer protection. + + This option arranges for Xen to use CET-IBT for its own protection. + config SHADOW_PAGING bool "Shadow Paging" default !PV_SHIM_EXCLUSIVE diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 1109595fbc..456e5d5c1a 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -46,6 +46,15 @@ CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch-register CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables +ifdef CONFIG_XEN_IBT +# Force -fno-jump-tables to work around +# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816 +# https://github.com/llvm/llvm-project/issues/54247 +CFLAGS += -fcf-protection=branch -fno-jump-tables +else +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +endif + # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. $(call cc-option-add,CFLAGS_stack_boundary,CC,-mpreferred-stack-boundary=3) diff --git a/xen/arch/x86/configs/pvshim_defconfig b/xen/arch/x86/configs/pvshim_defconfig index 787376df5a..d0e92c2ded 100644 --- a/xen/arch/x86/configs/pvshim_defconfig +++ b/xen/arch/x86/configs/pvshim_defconfig @@ -8,6 +8,7 @@ CONFIG_NR_CPUS=32 CONFIG_EXPERT=y # Disable features not used by the PV shim # CONFIG_XEN_SHSTK is not set +# CONFIG_XEN_IBT is not set # CONFIG_GRANT_TABLE is not set # CONFIG_HYPFS is not set # CONFIG_BIGMEM is not set diff --git a/xen/include/asm-x86/asm-defns.h b/xen/include/asm-x86/asm-defns.h index 505f39ad5f..8bd9007731 100644 --- a/xen/include/asm-x86/asm-defns.h +++ b/xen/include/asm-x86/asm-defns.h @@ -57,6 +57,12 @@ INDIRECT_BRANCH jmp \arg .endm +#ifdef CONFIG_XEN_IBT +# define ENDBR64 endbr64 +#else +# define ENDBR64 +#endif + .macro guest_access_mask_ptr ptr:req, scratch1:req, scratch2:req #if defined(CONFIG_SPECULATIVE_HARDEN_GUEST_ACCESS) /* diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 0ff6d899f9..35fae5d649 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -151,6 +151,7 @@ #define cpu_has_nscb boot_cpu_has(X86_FEATURE_NSCB) #define cpu_has_xen_lbr boot_cpu_has(X86_FEATURE_XEN_LBR) #define cpu_has_xen_shstk boot_cpu_has(X86_FEATURE_XEN_SHSTK) +#define cpu_has_xen_ibt boot_cpu_has(X86_FEATURE_XEN_IBT) #define cpu_has_msr_tsc_aux (cpu_has_rdtscp || cpu_has_rdpid) diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index b10154fc44..7413febd7a 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -39,6 +39,7 @@ XEN_CPUFEATURE(SC_VERW_PV, X86_SYNTH(23)) /* VERW used by Xen for PV */ XEN_CPUFEATURE(SC_VERW_HVM, X86_SYNTH(24)) /* VERW used by Xen for HVM */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ +XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:00:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297855.507398 (Exim 4.92) (envelope-from ) id 1nai2n-00026J-AN; Sat, 02 Apr 2022 18:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297855.507398; Sat, 02 Apr 2022 18:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai2n-00026C-7d; Sat, 02 Apr 2022 18:00:13 +0000 Received: by outflank-mailman (input) for mailman id 297855; Sat, 02 Apr 2022 18:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai2m-00025y-1h for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai2m-0007Ir-0n for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai2l-00033i-W8 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=P0MT1s/WyKD7Ax+7RiNW+kOnxRNbxk2cEDoK6csdgik=; b=SGvJQB3RqUBS2h2Ui091c7+eSE /ZzCyLg/tmDASICTV7MSA+csR18RqZ801NET14T5fo1LIO5gmx4m/A9as4HlP08L6S7N1euXVQ2yY sC98J67O76xWeyEdtVOZbTtMIFVq66ZXarXMPuZ5XdlYr2H0EXbdPQeVPsMdYhdd4qvo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/setup: Read CR4 earlier in __start_xen() Message-Id: Date: Sat, 02 Apr 2022 18:00:11 +0000 commit 875830393a420eedd2fb0cdba3e8512532c7daee Author: Andrew Cooper AuthorDate: Mon Nov 1 10:19:57 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/setup: Read CR4 earlier in __start_xen() This is necessary for read_cr4() to function correctly. Move the EFER caching at the same time. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9851bc4939101828d2ad7634b93c0d9ccaef5b7e) --- xen/arch/x86/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 369691dd13..9eba93b139 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -873,6 +873,9 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ + rdmsrl(MSR_EFER, this_cpu(efer)); + asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -919,9 +922,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) parse_video_info(); - rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); - /* We initialise the serial devices very early so we can get debugging. */ ns16550.io_base = 0x3f8; ns16550.irq = 4; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:00:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:00:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297856.507403 (Exim 4.92) (envelope-from ) id 1nai2x-00029H-CF; Sat, 02 Apr 2022 18:00:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297856.507403; Sat, 02 Apr 2022 18:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai2x-00029B-9C; Sat, 02 Apr 2022 18:00:23 +0000 Received: by outflank-mailman (input) for mailman id 297856; Sat, 02 Apr 2022 18:00:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai2w-000290-4x for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai2w-0007JT-41 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai2w-00034N-39 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wK7PHTF5I4+P7C1ODYzaI/m/GnA+FcYl5ghg+NvaeEQ=; b=5l/jaeU/pwDWhlJqvVI091Ssgs ZmXpbVSrGk0mk7Q0zZgduvY7TQsUtw5AKCcKTxP5jhhYOkV3UDX+bwoKngx4TYLba/s6UlJ4wJXkc ZbSU+9OXlVL8/7V9id0ZJExtY5crLSWpsKv//KEbDm/+ZMxB6FlE2QmrR08R8v+HdzkQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/alternatives: Clear CR4.CET when clearing CR0.WP Message-Id: Date: Sat, 02 Apr 2022 18:00:22 +0000 commit 9c8a0179039e523cee6de194073c7e3731b952e9 Author: Andrew Cooper AuthorDate: Mon Nov 1 10:17:59 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/alternatives: Clear CR4.CET when clearing CR0.WP This allows us to have CET active much earlier in boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 48cdc15a424f9fadad7f9aed00e7dc8ef16a2196) --- xen/arch/x86/alternative.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 1cb531c9df..f8023312f2 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -333,9 +333,13 @@ static int __init nmi_apply_alternatives(const struct cpu_user_regs *regs, */ if ( !(alt_done & alt_todo) ) { - unsigned long cr0; + unsigned long cr0, cr4; cr0 = read_cr0(); + cr4 = read_cr4(); + + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4 & ~X86_CR4_CET); /* Disable WP to allow patching read-only pages. */ write_cr0(cr0 & ~X86_CR0_WP); @@ -345,6 +349,9 @@ static int __init nmi_apply_alternatives(const struct cpu_user_regs *regs, write_cr0(cr0); + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4); + alt_done |= alt_todo; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:00:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:00:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297857.507407 (Exim 4.92) (envelope-from ) id 1nai37-0002Ch-Dc; Sat, 02 Apr 2022 18:00:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297857.507407; Sat, 02 Apr 2022 18:00:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai37-0002CX-Af; Sat, 02 Apr 2022 18:00:33 +0000 Received: by outflank-mailman (input) for mailman id 297857; Sat, 02 Apr 2022 18:00:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai36-0002CJ-81 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai36-0007Je-76 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai36-00034u-6M for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ef+saqtbTYMM7qtNS8omo2CklVNuoHPHUC5TF9rSjPQ=; b=NvEP5prVl811NnfYpns722+87d lKK/MkB2fYisbAliHSlLd8eZg+mM/Txf4XeG/RgXh8Vp1HXGMfA4BMYT5SWAwXqCOSUF00/w+NzwZ iwN9XNz7i4dCe+QN7yCNhwDZkR2a+th1MKwfnk2GNsLLj+xuFQwGbkV+y8YiPdACuIP8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/traps: Rework write_stub_trampoline() to not hardcode the jmp Message-Id: Date: Sat, 02 Apr 2022 18:00:32 +0000 commit f18d3a07a84d1c9c06e2cbf10da2f6f15d55431a Author: Andrew Cooper AuthorDate: Mon Nov 1 12:36:33 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/traps: Rework write_stub_trampoline() to not hardcode the jmp For CET-IBT, we will need to optionally insert an endbr64 instruction at the start of the stub. Don't hardcode the jmp displacement assuming that it starts at byte 24 of the stub. Also add extra comments describing what is going on. The mix of %rax and %rsp is far from trivial to follow. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 809beac3e7fdfd20000386453c64a1e2a3d93075) --- xen/arch/x86/x86_64/traps.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index d661d7ffca..edc6820b85 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -293,30 +293,39 @@ static unsigned int write_stub_trampoline( unsigned char *stub, unsigned long stub_va, unsigned long stack_bottom, unsigned long target_va) { + unsigned char *p = stub; + + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ - stub[0] = 0x48; - stub[1] = 0xa3; - *(uint64_t *)&stub[2] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xa3; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp in %rax */ /* movq %rsp, %rax */ - stub[10] = 0x48; - stub[11] = 0x89; - stub[12] = 0xe0; + *p++ = 0x48; + *p++ = 0x89; + *p++ = 0xe0; + /* Switch to Xen stack */ /* movabsq $stack_bottom - 8, %rsp */ - stub[13] = 0x48; - stub[14] = 0xbc; - *(uint64_t *)&stub[15] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xbc; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp into %rsp slot */ /* pushq %rax */ - stub[23] = 0x50; + *p++ = 0x50; /* jmp target_va */ - stub[24] = 0xe9; - *(int32_t *)&stub[25] = target_va - (stub_va + 29); + *p++ = 0xe9; + *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); + p += 4; /* Round up to a multiple of 16 bytes. */ - return 32; + return ROUNDUP(p - stub, 16); } DEFINE_PER_CPU(struct stubs, stubs); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:00:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:00:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297858.507410 (Exim 4.92) (envelope-from ) id 1nai3H-0002H8-Ey; Sat, 02 Apr 2022 18:00:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297858.507410; Sat, 02 Apr 2022 18:00:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3H-0002H0-CB; Sat, 02 Apr 2022 18:00:43 +0000 Received: by outflank-mailman (input) for mailman id 297858; Sat, 02 Apr 2022 18:00:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3G-0002Gq-B1 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3G-0007Jo-AC for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai3G-00035k-9K for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aXb5WCUoBz6NewhRtSImF6NqWjXsxS+T6v93GtPPWCE=; b=WgmH03qe7yEykKlUwxE67lTZNy l32Nj+xmEI9T9Uq0NQhslsq9n7ow5sn//1zC5f83zta0o7eM1Ne9+Y9us2B/mg5Y7HOGDs5Ff/sIJ Gey42tdL2F/xPv8ljyARFZS+SteJOohqpoCZv6M67dvV33tNoXB3b8hb/vFJQy3NNpQg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86: Introduce helpers/checks for endbr64 instructions Message-Id: Date: Sat, 02 Apr 2022 18:00:42 +0000 commit 1857cff82c5ff3ae4971e644aad3a6e1391f0280 Author: Andrew Cooper AuthorDate: Fri Nov 26 15:34:08 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86: Introduce helpers/checks for endbr64 instructions ... to prevent the optimiser creating unsafe code. See the code comment for full details. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4046ba97446e3974a4411db227263a9f11e0aeb4) Note: For the backport to 4.14 thru 4.16, we don't care for embedded endbr64 specifically, but place_endbr64() is a prerequisite for other parts of the series. --- xen/include/asm-x86/endbr.h | 55 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/xen/include/asm-x86/endbr.h b/xen/include/asm-x86/endbr.h new file mode 100644 index 0000000000..6090afeb0b --- /dev/null +++ b/xen/include/asm-x86/endbr.h @@ -0,0 +1,55 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2021-2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_ENDBR_H +#define XEN_ASM_ENDBR_H + +#include + +#define ENDBR64_LEN 4 + +/* + * In some cases we need to inspect/insert endbr64 instructions. + * + * The naive way, mem{cmp,cpy}(ptr, "\xf3\x0f\x1e\xfa", 4), optimises unsafely + * by placing 0xfa1e0ff3 in an imm32 operand, and marks a legal indirect + * branch target as far as the CPU is concerned. + * + * gen_endbr64() is written deliberately to avoid the problematic operand, and + * marked __const__ as it is safe for the optimiser to hoist/merge/etc. + */ +static inline uint32_t __attribute_const__ gen_endbr64(void) +{ + uint32_t res; + + asm ( "mov $~0xfa1e0ff3, %[res]\n\t" + "not %[res]\n\t" + : [res] "=&r" (res) ); + + return res; +} + +static inline bool is_endbr64(const void *ptr) +{ + return *(const uint32_t *)ptr == gen_endbr64(); +} + +static inline void place_endbr64(void *ptr) +{ + *(uint32_t *)ptr = gen_endbr64(); +} + +#endif /* XEN_ASM_ENDBR_H */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:00:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:00:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297859.507415 (Exim 4.92) (envelope-from ) id 1nai3R-0002K9-Gg; Sat, 02 Apr 2022 18:00:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297859.507415; Sat, 02 Apr 2022 18:00:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3R-0002K1-Do; Sat, 02 Apr 2022 18:00:53 +0000 Received: by outflank-mailman (input) for mailman id 297859; Sat, 02 Apr 2022 18:00:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3Q-0002Jr-EJ for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3Q-0007K3-DY for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai3Q-00036Q-Ce for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:00:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8hNdASIrtKnu71m0rScRglhFjUtq7/BcUp6MAxr+P2k=; b=e1uBPrpoVWQJK7l4K5YxS6Xpuy SR74RSunzMwZ2kIKPDe+rzb8FpQltleWLgdvn+UlRPWyPZf5bUMIA8aYDgBcQznKoJDZUuDtMBT9V O1mIhaZhGegguRD/x+DZvAwn/2jb2U4TFmyNBZO1+Iq148vBVNisuLFHUc7FoEoKLA4o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/emul: Update emulation stubs to be CET-IBT compatible Message-Id: Date: Sat, 02 Apr 2022 18:00:52 +0000 commit 135521e6d7bcb5ccf98f0698307df4f945ca7950 Author: Andrew Cooper AuthorDate: Mon Nov 1 10:09:59 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/emul: Update emulation stubs to be CET-IBT compatible All indirect branches need to land on an endbr64 instruction. For stub_selftests(), use endbr64 unconditionally for simplicity. For ioport and instruction emulation, add endbr64 conditionally. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0d101568d29e8b4bfd33f20031fedec2652aa0cf) --- xen/arch/x86/extable.c | 12 +++++++----- xen/arch/x86/pv/emul-priv-op.c | 7 +++++++ xen/arch/x86/x86_emulate.c | 13 +++++++++++-- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index 109ab7da98..0d30595ea1 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -127,20 +127,22 @@ search_exception_table(const struct cpu_user_regs *regs) static int __init stub_selftest(void) { static const struct { - uint8_t opc[4]; + uint8_t opc[8]; uint64_t rax; union stub_exception_token res; } tests[] __initconst = { - { .opc = { 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ +#define endbr64 0xf3, 0x0f, 0x1e, 0xfa + { .opc = { endbr64, 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ .res.fields.trapnr = TRAP_invalid_op }, - { .opc = { 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ + { .opc = { endbr64, 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ .rax = 0x0123456789abcdef, .res.fields.trapnr = TRAP_gp_fault }, - { .opc = { 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ + { .opc = { endbr64, 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ .rax = 0xfedcba9876543210, .res.fields.trapnr = TRAP_stack_error }, - { .opc = { 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ + { .opc = { endbr64, 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ .res.fields.trapnr = TRAP_int3 }, +#undef endbr64 }; unsigned long addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; unsigned int i; diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 7f4279a051..b73e698cbc 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -26,6 +26,7 @@ #include #include +#include #include #include #include @@ -111,6 +112,12 @@ static io_emul_stub_t *io_emul_stub_setup(struct priv_op_ctxt *ctxt, u8 opcode, p = ctxt->io_emul_stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + APPEND_BUFF(prologue); APPEND_CALL(load_guest_gprs); diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c index 1e082e6f3b..379e889768 100644 --- a/xen/arch/x86/x86_emulate.c +++ b/xen/arch/x86/x86_emulate.c @@ -17,6 +17,7 @@ #include #include /* cpu_has_amd_erratum() */ #include +#include /* Avoid namespace pollution. */ #undef cmpxchg @@ -29,11 +30,19 @@ cpu_has_amd_erratum(¤t_cpu_data, AMD_ERRATUM_##nr) #define get_stub(stb) ({ \ + void *ptr; \ BUILD_BUG_ON(STUB_BUF_SIZE / 2 < MAX_INST_LEN + 1); \ ASSERT(!(stb).ptr); \ (stb).addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; \ - memset(((stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn)))) + \ - ((stb).addr & ~PAGE_MASK), 0xcc, STUB_BUF_SIZE / 2); \ + (stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn))) + \ + ((stb).addr & ~PAGE_MASK); \ + ptr = memset((stb).ptr, 0xcc, STUB_BUF_SIZE / 2); \ + if ( cpu_has_xen_ibt ) \ + { \ + place_endbr64(ptr); \ + ptr += 4; \ + } \ + ptr; \ }) #define put_stub(stb) ({ \ if ( (stb).ptr ) \ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:01:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:01:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297860.507419 (Exim 4.92) (envelope-from ) id 1nai3b-0002NM-JR; Sat, 02 Apr 2022 18:01:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297860.507419; Sat, 02 Apr 2022 18:01:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3b-0002NE-GZ; Sat, 02 Apr 2022 18:01:03 +0000 Received: by outflank-mailman (input) for mailman id 297860; Sat, 02 Apr 2022 18:01:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3a-0002Mt-Hn for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3a-0007KQ-Gd for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai3a-00037L-Ft for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RjdLT8XzdpGChbzHBOOcjJONQ1x83DYZxWJUXe49qZo=; b=vNPgsTxw7f15qZ6IHRLQHbzZFR 1EmrnNcwIgL/gfGIJ3LGV7Vg0YatVQVfr2Fr+S3zM47p+8p6dDAOt+6gcAqkzRbnK7qwxPF7VW4Fx ACKhP2O8SCiZUJ+NsoY0aClFUjH87HC1xYUTae3LjWWvRFJ0q80Oj/eTrJt392rEj2I0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Message-Id: Date: Sat, 02 Apr 2022 18:01:02 +0000 commit c253b7794b341212b2d5d3b9f3c750a93c964817 Author: Andrew Cooper AuthorDate: Mon Nov 1 09:51:16 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Each of MSR_{L,C}STAR and MSR_SYSENTER_EIP need to land on an endbr64 instruction. For sysenter, this is easy. Unfortunately for syscall, the stubs are already 29 byte long with a limit of 32. endbr64 is 4 bytes. Luckily, there is a 1 byte instruction which can move from the stubs into the main handlers. Move the push %rax out of the stub and into {l,c}star_entry(), allowing room for the endbr64 instruction when appropriate. Update the comment describing the entry state. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 17d77ec62a299f4299883ec79ab10cacafd0b2f5) --- xen/arch/x86/x86_64/entry.S | 18 +++++++++--------- xen/arch/x86/x86_64/traps.c | 11 +++++++---- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index d5998acf88..f2e4b457f4 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -241,18 +241,17 @@ iret_exit_to_guest: * When entering SYSCALL from user mode: * Vector directly to the registered arch.syscall_addr. * - * Initial work is done by per-CPU trampolines. At this point %rsp has been - * initialised to point at the correct Xen stack, %rsp has been saved, and - * %rax needs to be restored from the %ss save slot. All other registers are - * still to be saved onto the stack, starting with RFLAGS, and an appropriate - * %ss must be saved into the space left by the trampoline. + * Initial work is done by per-CPU trampolines. + * - Guest %rax stored in the %ss slot + * - Guest %rsp stored in %rax + * - Xen stack loaded, pointing at the %ss slot */ ENTRY(lstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ - movq 8(%rsp),%rax /* Restore %rax. */ + push %rax /* Guest %rsp */ + movq 8(%rsp), %rax /* Restore guest %rax */ movq $FLAT_KERNEL_SS,8(%rsp) pushq %r11 pushq $FLAT_KERNEL_CS64 @@ -288,9 +287,9 @@ ENTRY(cstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ + push %rax /* Guest %rsp */ CR4_PV32_RESTORE - movq 8(%rsp), %rax /* Restore %rax. */ + movq 8(%rsp), %rax /* Restore guest %rax. */ movq $FLAT_USER_SS32, 8(%rsp) /* Assume a 64bit domain. Compat handled lower. */ pushq %r11 pushq $FLAT_USER_CS32 @@ -323,6 +322,7 @@ ENTRY(cstar_enter) jmp switch_to_kernel ENTRY(sysenter_entry) + ENDBR64 #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index edc6820b85..fccfb7c172 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -295,6 +296,12 @@ static unsigned int write_stub_trampoline( { unsigned char *p = stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ *p++ = 0x48; @@ -315,10 +322,6 @@ static unsigned int write_stub_trampoline( *(uint64_t *)p = stack_bottom - 8; p += 8; - /* Store guest %rsp into %rsp slot */ - /* pushq %rax */ - *p++ = 0x50; - /* jmp target_va */ *p++ = 0xe9; *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:01:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:01:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297861.507423 (Exim 4.92) (envelope-from ) id 1nai3l-0002QF-LB; Sat, 02 Apr 2022 18:01:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297861.507423; Sat, 02 Apr 2022 18:01:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3l-0002Q7-I7; Sat, 02 Apr 2022 18:01:13 +0000 Received: by outflank-mailman (input) for mailman id 297861; Sat, 02 Apr 2022 18:01:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3k-0002Pu-Km for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3k-0007KU-Jr for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai3k-000382-J4 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rbP9jApIctL5hvHaf28kjnL01YhADS/fsJtywZBC03A=; b=fPECmpB3FpIIY8vaW5RlZ2g75Z bLgT1DGCuTKZ9vYp67/dAqJicn6YyvnxjgGsl1lFGK3JOFT3tLAzj/O4BDcFu1vlfpxk0zEJvo5iD wYzkykm9jBWgAP+k75DWl5z2KvaokFCK/ehSlgWrG3vYNU3kL+axNvcJBtzP+waX14JU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/entry: Make IDT entrypoints CET-IBT compatible Message-Id: Date: Sat, 02 Apr 2022 18:01:12 +0000 commit 9cd9650377d564f56126b2974097f54e0318dd27 Author: Andrew Cooper AuthorDate: Mon Nov 1 17:08:24 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/entry: Make IDT entrypoints CET-IBT compatible Each IDT vector needs to land on an endbr64 instruction. This is especially important for the #CP handler, which will recurse indefinitely if the endbr64 is missing, eventually escalating to #DF if guard pages are active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e702e36d1d519f4b66086650c1c47d6bac96d4b9) Also include the continue_pv_domain() change from c/s 954bb07fdb5fad which is also in entry.S --- xen/arch/x86/x86_64/compat/entry.S | 1 + xen/arch/x86/x86_64/entry.S | 31 +++++++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index c84ff7ea64..5fd6dbbd45 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -12,6 +12,7 @@ #include ENTRY(entry_int82) + ENDBR64 ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movl $HYPERCALL_VECTOR, 4(%rsp) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index f2e4b457f4..2a86938f1f 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -386,6 +386,7 @@ UNLIKELY_END(sysenter_gpf) jmp .Lbounce_exception ENTRY(int80_direct_trap) + ENDBR64 ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movl $0x80, 4(%rsp) @@ -625,6 +626,7 @@ ENTRY(dom_crash_sync_extable) /* No special register assumptions. */ #ifdef CONFIG_PV ENTRY(continue_pv_domain) + ENDBR64 call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) @@ -697,6 +699,7 @@ ENTRY(common_interrupt) jmp ret_from_intr ENTRY(page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) /* No special register assumptions. */ GLOBAL(handle_exception) @@ -837,75 +840,91 @@ FATAL_exception_with_ints_disabled: BUG /* fatal_trap() shouldn't return. */ ENTRY(divide_error) + ENDBR64 pushq $0 movl $TRAP_divide_error,4(%rsp) jmp handle_exception ENTRY(coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_copro_error,4(%rsp) jmp handle_exception ENTRY(simd_coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_simd_error,4(%rsp) jmp handle_exception ENTRY(device_not_available) + ENDBR64 pushq $0 movl $TRAP_no_device,4(%rsp) jmp handle_exception ENTRY(debug) + ENDBR64 pushq $0 movl $TRAP_debug,4(%rsp) jmp handle_ist_exception ENTRY(int3) + ENDBR64 pushq $0 movl $TRAP_int3,4(%rsp) jmp handle_exception ENTRY(overflow) + ENDBR64 pushq $0 movl $TRAP_overflow,4(%rsp) jmp handle_exception ENTRY(bounds) + ENDBR64 pushq $0 movl $TRAP_bounds,4(%rsp) jmp handle_exception ENTRY(invalid_op) + ENDBR64 pushq $0 movl $TRAP_invalid_op,4(%rsp) jmp handle_exception ENTRY(invalid_TSS) + ENDBR64 movl $TRAP_invalid_tss,4(%rsp) jmp handle_exception ENTRY(segment_not_present) + ENDBR64 movl $TRAP_no_segment,4(%rsp) jmp handle_exception ENTRY(stack_segment) + ENDBR64 movl $TRAP_stack_error,4(%rsp) jmp handle_exception ENTRY(general_protection) + ENDBR64 movl $TRAP_gp_fault,4(%rsp) jmp handle_exception ENTRY(alignment_check) + ENDBR64 movl $TRAP_alignment_check,4(%rsp) jmp handle_exception ENTRY(entry_CP) + ENDBR64 movl $X86_EXC_CP, 4(%rsp) jmp handle_exception ENTRY(double_fault) + ENDBR64 movl $TRAP_double_fault,4(%rsp) /* Set AC to reduce chance of further SMAP faults */ ALTERNATIVE "", stac, X86_FEATURE_XEN_SMAP @@ -931,6 +950,7 @@ ENTRY(double_fault) .pushsection .init.text, "ax", @progbits ENTRY(early_page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) SAVE_ALL movq %rsp,%rdi @@ -939,6 +959,7 @@ ENTRY(early_page_fault) .popsection ENTRY(nmi) + ENDBR64 pushq $0 movl $TRAP_nmi,4(%rsp) handle_ist_exception: @@ -1041,12 +1062,14 @@ handle_ist_exception: #endif ENTRY(machine_check) + ENDBR64 pushq $0 movl $TRAP_machine_check,4(%rsp) jmp handle_ist_exception /* No op trap handler. Required for kexec crash path. */ GLOBAL(trap_nop) + ENDBR64 iretq /* Table of automatically generated entry points. One per vector. */ @@ -1075,7 +1098,9 @@ autogen_stubs: /* Automatically generated stubs. */ #endif ALIGN -1: pushq $0 +1: + ENDBR64 + pushq $0 movb $vec,4(%rsp) jmp common_interrupt @@ -1085,7 +1110,9 @@ autogen_stubs: /* Automatically generated stubs. */ .elseif vec == X86_EXC_CSO || vec == X86_EXC_SPV || \ vec == X86_EXC_VE || (vec > X86_EXC_CP && vec < TRAP_nr) -1: test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ +1: + ENDBR64 + test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ jz 2f /* size is 8 bytes. Check whether the processor gave us an */ pushq $0 /* error code, and insert an empty one if not. */ 2: movb $vec,4(%rsp) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:01:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:01:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297862.507428 (Exim 4.92) (envelope-from ) id 1nai3v-0002Sw-Nc; Sat, 02 Apr 2022 18:01:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297862.507428; Sat, 02 Apr 2022 18:01:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3v-0002Sp-Jh; Sat, 02 Apr 2022 18:01:23 +0000 Received: by outflank-mailman (input) for mailman id 297862; Sat, 02 Apr 2022 18:01:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3u-0002Sd-Nu for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai3u-0007Ks-N1 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai3u-00038f-MF for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=L3UZQIHsyGEXmJu2IuWnBNY/ksFqyxF+j+Dyr51BZz8=; b=B9jfzc19V+EAOMCh2p2Nhmth0p Nt4taktP/yrwLfzI14W98LqDn1/omKW6weSTkvvG04Gxr58zrp98P/HeaSe98tVKAZjhUdnGylbQc LKOrOQvLEki4T/CrVW/1VHWsMmdQqXfUhQxIbdqQdoEq2tg53FxFQrdpToU5X5yE61ew=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/setup: Rework MSR_S_CET handling for CET-IBT Message-Id: Date: Sat, 02 Apr 2022 18:01:22 +0000 commit 86a98948b9f8236de30651e5588f592bc5468da2 Author: Andrew Cooper AuthorDate: Mon Nov 1 16:13:29 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/setup: Rework MSR_S_CET handling for CET-IBT CET-SS and CET-IBT can be independently controlled, so the configuration of MSR_S_CET can't be constant any more. Introduce xen_msr_s_cet_value(), mostly because I don't fancy writing/maintaining that logic in assembly. Use this in the 3 paths which alter MSR_S_CET when both features are potentially active. To active CET-IBT, we only need CR4.CET and MSR_S_CET.ENDBR_EN. This is common with the CET-SS setup, so reorder the operations to set up CR4 and MSR_S_CET for any nonzero result from xen_msr_s_cet_value(), and set up MSR_PL0_SSP and SSP if SHSTK_EN was also set. Adjust the crash path to disable CET-IBT too. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 311434bfc9d10615adbd340d7fb08c05cd14f4c7) --- xen/arch/x86/acpi/wakeup_prot.S | 38 +++++++++++++++++++++++--------------- xen/arch/x86/boot/x86_64.S | 30 +++++++++++++++++++----------- xen/arch/x86/crash.c | 4 ++-- xen/arch/x86/setup.c | 17 ++++++++++++++++- xen/include/asm-x86/msr-index.h | 1 + 5 files changed, 61 insertions(+), 29 deletions(-) diff --git a/xen/arch/x86/acpi/wakeup_prot.S b/xen/arch/x86/acpi/wakeup_prot.S index 15052c300f..3855ff1ddb 100644 --- a/xen/arch/x86/acpi/wakeup_prot.S +++ b/xen/arch/x86/acpi/wakeup_prot.S @@ -63,7 +63,26 @@ ENTRY(s3_resume) pushq %rax lretq 1: -#ifdef CONFIG_XEN_SHSTK +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_cet_done + + /* Set up MSR_S_CET. */ + mov $MSR_S_CET, %ecx + xor %edx, %edx + wrmsr + + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_cet_done + /* * Restoring SSP is a little complicated, because we are intercepting * an in-use shadow stack. Write a temporary token under the stack, @@ -71,14 +90,6 @@ ENTRY(s3_resume) * reset MSR_PL0_SSP to its usual value and pop the temporary token. */ mov saved_ssp(%rip), %rdi - cmpq $1, %rdi - je .L_shstk_done - - /* Set up MSR_S_CET. */ - mov $MSR_S_CET, %ecx - xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax - wrmsr /* Construct the temporary supervisor token under SSP. */ sub $8, %rdi @@ -90,10 +101,6 @@ ENTRY(s3_resume) mov %edi, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ebx - mov %rbx, %cr4 - /* Write the temporary token onto the shadow stack, and activate it. */ wrssq %rdi, (%rdi) setssbsy @@ -106,8 +113,9 @@ ENTRY(s3_resume) /* Pop the temporary token off the stack. */ mov $2, %eax incsspd %eax -.L_shstk_done: -#endif +#endif /* CONFIG_XEN_SHSTK */ +.L_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ call load_system_tables diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index d61048c583..94b1d984cf 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -30,18 +30,27 @@ ENTRY(__high_start) test %ebx,%ebx jz .L_bsp - /* APs. Set up shadow stacks before entering C. */ -#ifdef CONFIG_XEN_SHSTK - testl $cpufeat_mask(X86_FEATURE_XEN_SHSTK), \ - CPUINFO_FEATURE_OFFSET(X86_FEATURE_XEN_SHSTK) + boot_cpu_data(%rip) - je .L_ap_shstk_done + /* APs. Set up CET before entering C properly. */ +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_ap_cet_done /* Set up MSR_S_CET. */ mov $MSR_S_CET, %ecx xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax wrmsr + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_ap_cet_done + /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ mov $MSR_PL0_SSP, %ecx mov %rsp, %rdx @@ -51,13 +60,12 @@ ENTRY(__high_start) or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx - mov %rcx, %cr4 setssbsy -#endif -.L_ap_shstk_done: +#endif /* CONFIG_XEN_SHSTK */ +.L_ap_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ + call start_secondary BUG /* start_secondary() shouldn't return. */ diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index 0611b4fb9b..cfc6bdab7b 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -200,8 +200,8 @@ void machine_crash_shutdown(void) /* Reset CPUID masking and faulting to the host's default. */ ctxt_switch_levelling(NULL); - /* Disable shadow stacks. */ - if ( cpu_has_xen_shstk ) + /* Disable CET. */ + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) { wrmsrl(MSR_S_CET, 0); write_cr4(read_cr4() & ~X86_CR4_CET); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 9eba93b139..c61d6b53cf 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -662,6 +662,21 @@ static void noreturn init_done(void) startup_cpu_idle_loop(); } +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) +/* + * Used by AP and S3 asm code to calcualte the appropriate MSR_S_CET setting. + * Do not use on the BSP before reinit_bsp_stack(), or it may turn SHSTK on + * too early. + */ +unsigned int xen_msr_s_cet_value(void) +{ + return ((cpu_has_xen_shstk ? CET_SHSTK_EN | CET_WRSS_EN : 0) | + (cpu_has_xen_ibt ? CET_ENDBR_EN : 0)); +} +#else +unsigned int xen_msr_s_cet_value(void); /* To avoid ifdefary */ +#endif + /* Reinitalise all state referring to the old virtual address of the stack. */ static void __init noreturn reinit_bsp_stack(void) { @@ -685,7 +700,7 @@ static void __init noreturn reinit_bsp_stack(void) { wrmsrl(MSR_PL0_SSP, (unsigned long)stack + (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8); - wrmsrl(MSR_S_CET, CET_SHSTK_EN | CET_WRSS_EN); + wrmsrl(MSR_S_CET, xen_msr_s_cet_value()); asm volatile ("setssbsy" ::: "memory"); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 9df1959fe5..3e038db618 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -117,6 +117,7 @@ #define MSR_S_CET 0x000006a2 #define CET_SHSTK_EN (_AC(1, ULL) << 0) #define CET_WRSS_EN (_AC(1, ULL) << 1) +#define CET_ENDBR_EN (_AC(1, ULL) << 2) #define MSR_PL0_SSP 0x000006a4 #define MSR_PL1_SSP 0x000006a5 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:01:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:01:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297863.507431 (Exim 4.92) (envelope-from ) id 1nai45-0002Vq-OX; Sat, 02 Apr 2022 18:01:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297863.507431; Sat, 02 Apr 2022 18:01:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai45-0002Vi-LQ; Sat, 02 Apr 2022 18:01:33 +0000 Received: by outflank-mailman (input) for mailman id 297863; Sat, 02 Apr 2022 18:01:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai44-0002VX-Qf for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai44-0007L8-Ps for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai44-00039C-PH for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xpTdCvQMe+L/YyKvl9VLuG7JK180RbEe9nLGP9CE8u4=; b=WBunnqeHU1oCmwmozUICS/xqck VPwFRfFFPFG8bj0FManx+Hi5+U34rGXiBofagPLrQnk1pEU/r40gxdFL4Lo8E7Soq6rLJiV38QguI MhqpwvoJSU8mA/iaxREUoOtKdBQPR2YEkVEy2C19FbgTCFB8ShE2gwOwrfJIXhglYeD0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/EFI: Disable CET-IBT around Runtime Services calls Message-Id: Date: Sat, 02 Apr 2022 18:01:32 +0000 commit d457f1ee88602e784644e0bcc562ff17f2d1af34 Author: Andrew Cooper AuthorDate: Mon Nov 1 21:54:26 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/EFI: Disable CET-IBT around Runtime Services calls UEFI Runtime services, at the time of writing, aren't CET-IBT compatible. Work is ongoing to address this. In the meantime, unconditionally disable IBT. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit d37a8a067e62e3b6709d224c22f740fdda9d0078) --- xen/common/efi/runtime.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c index d2fdc28df3..5060a17811 100644 --- a/xen/common/efi/runtime.c +++ b/xen/common/efi/runtime.c @@ -21,6 +21,7 @@ struct efi_rs_state { * don't strictly need that. */ unsigned long __aligned(32) cr3; + unsigned long msr_s_cet; #endif }; @@ -113,6 +114,19 @@ struct efi_rs_state efi_rs_enter(void) switch_cr3_cr4(mfn_to_maddr(efi_l4_mfn), read_cr4()); + /* + * At the time of writing (2022), no UEFI firwmare is CET-IBT compatible. + * Work is under way to remedy this. + * + * Stash MSR_S_CET and clobber ENDBR_EN. This is necessary because + * SHSTK_EN isn't configured until very late on the BSP. + */ + if ( cpu_has_xen_ibt ) + { + rdmsrl(MSR_S_CET, state.msr_s_cet); + wrmsrl(MSR_S_CET, state.msr_s_cet & ~CET_ENDBR_EN); + } + return state; } @@ -122,6 +136,10 @@ void efi_rs_leave(struct efi_rs_state *state) if ( !state->cr3 ) return; + + if ( state->msr_s_cet ) + wrmsrl(MSR_S_CET, state->msr_s_cet); + switch_cr3_cr4(state->cr3, read_cr4()); if ( is_pv_vcpu(curr) && !is_idle_vcpu(curr) ) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:01:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:01:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297864.507435 (Exim 4.92) (envelope-from ) id 1nai4F-0002YN-Ph; Sat, 02 Apr 2022 18:01:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297864.507435; Sat, 02 Apr 2022 18:01:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4F-0002YF-Mv; Sat, 02 Apr 2022 18:01:43 +0000 Received: by outflank-mailman (input) for mailman id 297864; Sat, 02 Apr 2022 18:01:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4E-0002Y8-VB for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4E-0007LC-UR for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai4E-00039j-SM for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=H2RWPFIrvi6WqDuZTWwnX7XSZ15E4gr1nOI/dHBJUf4=; b=ArSCziHWyA7v+p4LoO4IJMLaFy /ZNmIO14xXJkcViUf8Zbr9gSHkWuIvyjKoCtDKzHMFrfnukfCf5RHQ+hGp26uh+SWruiI4Jh6vlxC o1fV3WQ1ZCQuFUe8cmkTCPedt2etDO9uSmj9nW+p1diZ4wtU5uK7cBAaUz1oORNVdP0s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86: Enable CET Indirect Branch Tracking Message-Id: Date: Sat, 02 Apr 2022 18:01:42 +0000 commit 04d65ced04b263519d58dc3bd499ee61d7232054 Author: Andrew Cooper AuthorDate: Mon Nov 1 15:17:20 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86: Enable CET Indirect Branch Tracking With all the pieces now in place, turn CET-IBT on when available. MSR_S_CET, like SMEP/SMAP, controls Ring1 meaning that ENDBR_EN can't be enabled for Xen independently of PV32 kernels. As we already disable PV32 for CET-SS, extend this to all CET, adjusting the documentation/comments as appropriate. Introduce a cet=no-ibt command line option to allow the admin to disable IBT even when everything else is configured correctly. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit cdbe2b0a1aecae946639ee080f14831429b184b6) --- docs/misc/xen-command-line.pandoc | 16 +++++++++++---- xen/arch/x86/cpu/common.c | 1 + xen/arch/x86/setup.c | 42 ++++++++++++++++++++++++++++++++++----- 3 files changed, 50 insertions(+), 9 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index f606dc0e14..1d08fb7e9a 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -271,7 +271,7 @@ enough. Setting this to a high value may cause boot failure, particularly if the NMI watchdog is also enabled. ### cet - = List of [ shstk= ] + = List of [ shstk=, ibt= ] Applicability: x86 @@ -279,6 +279,10 @@ Controls for the use of Control-flow Enforcement Technology. CET is group a of hardware features designed to combat Return-oriented Programming (ROP, also call/jmp COP/JOP) attacks. +CET is incompatible with 32bit PV guests. If any CET sub-options are active, +they will override the `pv=32` boolean to `false`. Backwards compatibility +can be maintained with the pv-shim mechanism. + * The `shstk=` boolean controls whether Xen uses Shadow Stacks for its own protection. @@ -287,9 +291,13 @@ call/jmp COP/JOP) attacks. `cet=no-shstk` will cause Xen not to use Shadow Stacks even when support is available in hardware. - Shadow Stacks are incompatible with 32bit PV guests. This option will - override the `pv=32` boolean to false. Backwards compatibility can be - maintained with the `pv-shim` mechanism. +* The `ibt=` boolean controls whether Xen uses Indirect Branch Tracking for + its own protection. + + The option is available when `CONFIG_XEN_IBT` is compiled in, and defaults + to `true` on hardware supporting CET-IBT. Specifying `cet=no-ibt` will + cause Xen not to use Indirect Branch Tracking even when support is + available in hardware. ### clocksource (x86) > `= pit | hpet | acpi | tsc` diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index c4f07f2d1d..5c5e05e6e6 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -345,6 +345,7 @@ void __init early_cpu_init(void) if (c->cpuid_level >= 7) { cpuid_count(7, 0, &eax, &ebx, &ecx, &edx); c->x86_capability[cpufeat_word(X86_FEATURE_CET_SS)] = ecx; + c->x86_capability[cpufeat_word(X86_FEATURE_CET_IBT)] = edx; } eax = cpuid_eax(0x80000000); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index c61d6b53cf..9e5ccebbab 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -104,6 +104,12 @@ static bool __initdata opt_xen_shstk = true; #define opt_xen_shstk false #endif +#ifdef CONFIG_XEN_IBT +static bool __initdata opt_xen_ibt = true; +#else +#define opt_xen_ibt false +#endif + static int __init parse_cet(const char *s) { const char *ss; @@ -120,6 +126,14 @@ static int __init parse_cet(const char *s) opt_xen_shstk = val; #else no_config_param("XEN_SHSTK", "cet", s, ss); +#endif + } + else if ( (val = parse_boolean("ibt", s, ss)) >= 0 ) + { +#ifdef CONFIG_XEN_IBT + opt_xen_ibt = val; +#else + no_config_param("XEN_IBT", "cet", s, ss); #endif } else @@ -1103,11 +1117,33 @@ void __init noreturn __start_xen(unsigned long mbi_p) printk("Enabling Supervisor Shadow Stacks\n"); setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK); + } + + if ( opt_xen_ibt && boot_cpu_has(X86_FEATURE_CET_IBT) ) + { + printk("Enabling Indirect Branch Tracking\n"); + + setup_force_cpu_cap(X86_FEATURE_XEN_IBT); + + if ( efi_enabled(EFI_RS) ) + printk(" - IBT disabled in UEFI Runtime Services\n"); + + /* + * Enable IBT now. Only require the endbr64 on callees, which is + * entirely build-time arrangements. + */ + wrmsrl(MSR_S_CET, CET_ENDBR_EN); + } + + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) + { + set_in_cr4(X86_CR4_CET); + #ifdef CONFIG_PV32 if ( opt_pv32 ) { opt_pv32 = 0; - printk(" - Disabling PV32 due to Shadow Stacks\n"); + printk(" - Disabling PV32 due to CET\n"); } #endif } @@ -1864,10 +1900,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) alternative_branches(); - /* Defer CR4.CET until alternatives have finished playing with CR0.WP */ - if ( cpu_has_xen_shstk ) - set_in_cr4(X86_CR4_CET); - /* * NB: when running as a PV shim VCPUOP_up/down is wired to the shim * physical cpu_add/remove functions, so launch the guest with only -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:01:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:01:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297865.507440 (Exim 4.92) (envelope-from ) id 1nai4P-0002c7-TH; Sat, 02 Apr 2022 18:01:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297865.507440; Sat, 02 Apr 2022 18:01:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4P-0002bz-Q3; Sat, 02 Apr 2022 18:01:53 +0000 Received: by outflank-mailman (input) for mailman id 297865; Sat, 02 Apr 2022 18:01:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4P-0002be-2D for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4P-0007LJ-1N for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai4P-0003AN-0W for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:01:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BE6Q7W/43KWBEBWJnUNjpyGjabwi2kYp2q6IhIi3K/E=; b=ilxT0PNZB4YVq5/oR/j3wpt9Kv Cx9FNLnhrY3dKNHC6cWFNbSqeCZYALynArPFdkwy3nGH41w0pEa25aYrwUnfniS+jiMJ8eLvEN3sI amxJholrP9+voCxHEw9M4vGmAFw0x6SthPn+arM+J8eNX6DOmDz1KeRhi1B5F73Lymug=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/CET: Fix S3 resume with shadow stacks active Message-Id: Date: Sat, 02 Apr 2022 18:01:53 +0000 commit 766252b3ec3dd8af3d9a44ca2940143fce937c96 Author: Andrew Cooper AuthorDate: Thu Feb 24 12:18:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/CET: Fix S3 resume with shadow stacks active The original shadow stack support has an error on S3 resume with very bizarre fallout. The BSP comes back up, but APs fail with: (XEN) Enabling non-boot CPUs ... (XEN) Stuck ?? (XEN) Error bringing CPU1 up: -5 and then later (on at least two Intel TigerLake platforms), the next HVM vCPU to be scheduled on the BSP dies with: (XEN) d1v0 Unexpected vmexit: reason 3 (XEN) domain_crash called from vmx.c:4304 (XEN) Domain 1 (vcpu#0) crashed on cpu#0: The VMExit reason is EXIT_REASON_INIT, which has nothing to do with the scheduled vCPU, and will be addressed in a subsequent patch. It is a consequence of the APs triple faulting. The reason the APs triple fault is because we don't tear down the stacks on suspend. The idle/play_dead loop is killed in the middle of running, meaning that the supervisor token is left busy. On resume, SETSSBSY finds busy bit set, suffers #CP and triple faults because the IDT isn't configured this early. Rework the AP bring-up path to (re)create the supervisor token. This ensures the primary stack is non-busy before use. Note: There are potential issues with the IST shadow stacks too, but fixing those is more involved. Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Link: https://github.com/QubesOS/qubes-issues/issues/7283 Reported-by: Thiner Logoer Reported-by: Marek Marczykowski-GĂ³recki Signed-off-by: Andrew Cooper Tested-by: Thiner Logoer Tested-by: Marek Marczykowski-GĂ³recki Reviewed-by: Jan Beulich (cherry picked from commit 7d9589239ec068c944190408b9838774d5ec1f8f) --- xen/arch/x86/boot/x86_64.S | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index 94b1d984cf..f11b5d0679 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -51,13 +51,21 @@ ENTRY(__high_start) test $CET_SHSTK_EN, %al jz .L_ap_cet_done - /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ - mov $MSR_PL0_SSP, %ecx + /* Derive the supervisor token address from %rsp. */ mov %rsp, %rdx + and $~(STACK_SIZE - 1), %rdx + or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %rdx + + /* + * Write a new supervisor token. Doesn't matter on boot, but for S3 + * resume this clears the busy bit. + */ + wrssq %rdx, (%rdx) + + /* Point MSR_PL0_SSP at the token. */ + mov $MSR_PL0_SSP, %ecx + mov %edx, %eax shr $32, %rdx - mov %esp, %eax - and $~(STACK_SIZE - 1), %eax - or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr setssbsy -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:02:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:02:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297866.507444 (Exim 4.92) (envelope-from ) id 1nai4Z-0002f4-VF; Sat, 02 Apr 2022 18:02:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297866.507444; Sat, 02 Apr 2022 18:02:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4Z-0002ew-Re; Sat, 02 Apr 2022 18:02:03 +0000 Received: by outflank-mailman (input) for mailman id 297866; Sat, 02 Apr 2022 18:02:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4Z-0002en-5K for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4Z-0007Le-4R for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai4Z-0003BD-3g for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=b0sa3NW4irWzfCgbBIyJ0lhWULdRlNpfcQAuO1BnKWw=; b=fmVMZrf52easqVWXKIrxUO8Mgh qTy9eId5KTLUFDG9KWKQ3+MopL/Pls3NgGNx7lNxBesw9N6VZ8gW5JEooPrwGUySnnrJrT23TY8WQ UldE5e+GqVpXAmKNQ7exGa58UQIz/SQUhaJJD2viju9nJkt56cdh770GKc6T1TGii/SQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Disable retpolines with CET-IBT Message-Id: Date: Sat, 02 Apr 2022 18:02:03 +0000 commit 351428de6feee3769a0ba69fdab3f521be85e891 Author: Andrew Cooper AuthorDate: Mon Feb 28 19:26:37 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/spec-ctrl: Disable retpolines with CET-IBT CET-IBT depend on executing indirect branches for protections to apply. Extend the clobber for CET-SS to all of CET. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 6e3f36387de566b09aa4145ea0e3bfe4814d68b4) --- xen/arch/x86/spec_ctrl.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ae076bec3a..c19464da70 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -948,13 +948,14 @@ void __init init_speculation_mitigations(void) boot_cpu_has(X86_FEATURE_IBRS)); /* - * First, disable the use of retpolines if Xen is using shadow stacks, as - * they are incompatible. + * First, disable the use of retpolines if Xen is using CET. Retpolines + * are a ROP gadget so incompatbile with Shadow Stacks, while IBT depends + * on executing indirect branches for the safety properties to apply. * * In the absence of retpolines, IBRS needs to be used for speculative * safety. All CET-capable hardware has efficient IBRS. */ - if ( cpu_has_xen_shstk ) + if ( read_cr4() & X86_CR4_CET ) { if ( !has_spec_ctrl ) printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:02:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:02:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297867.507447 (Exim 4.92) (envelope-from ) id 1nai4k-0002hn-WA; Sat, 02 Apr 2022 18:02:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297867.507447; Sat, 02 Apr 2022 18:02:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4k-0002hf-TB; Sat, 02 Apr 2022 18:02:14 +0000 Received: by outflank-mailman (input) for mailman id 297867; Sat, 02 Apr 2022 18:02:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4j-0002hV-8K for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4j-0007Lo-7T for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai4j-0003Cc-6o for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=k9NMsxzoRdmdZ1Dgz234zYL+cj3oQbP4Hl5ciziG99A=; b=SWrphRLegFiSaTHcapK/vH1CkP Kbyjb2FIIheUr6Ua6yhFEZSJJ8OS8H+mLYMh7s84Ss86uIMjJWnVaw3Sllh8UUb2Dfkvm9KF2aEER 6JKMSrKgumgZpQhJYtJOBbKMYOLEOj+Y8Qy9JCWms5NqGSJ+Vuwa/5qH/yBFDEuUZJm4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/kexec: Fix kexec-reboot with CET active Message-Id: Date: Sat, 02 Apr 2022 18:02:13 +0000 commit 89262602e2d0deab5be5efddd27caa2a813c49ff Author: Andrew Cooper AuthorDate: Mon Mar 7 20:19:18 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/kexec: Fix kexec-reboot with CET active The kexec_reloc() asm has an indirect jump to relocate onto the identity trampoline. While we clear CET in machine_crash_shutdown(), we fail to clear CET for the non-crash path. This in turn highlights that the same is true of resetting the CPUID masking/faulting. Move both pieces of logic from machine_crash_shutdown() to machine_kexec(), the latter being common for all kexec transitions. Adjust the condition for CET being considered active to check in CR4, which is simpler and more robust. Fixes: 311434bfc9d1 ("x86/setup: Rework MSR_S_CET handling for CET-IBT") Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Fixes: 5ab9564c6fa1 ("x86/cpu: Context switch cpuid masks and faulting state in context_switch()") Reported-by: David Vrabel Signed-off-by: Andrew Cooper Reviewed-by: David Vrabel (cherry picked from commit 7f5b2448bd724f5f24426b2595a9bdceb1e5a346) --- xen/arch/x86/crash.c | 10 ---------- xen/arch/x86/machine_kexec.c | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index cfc6bdab7b..05a6104378 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -197,16 +197,6 @@ void machine_crash_shutdown(void) nmi_shootdown_cpus(); - /* Reset CPUID masking and faulting to the host's default. */ - ctxt_switch_levelling(NULL); - - /* Disable CET. */ - if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) - { - wrmsrl(MSR_S_CET, 0); - write_cr4(read_cr4() & ~X86_CR4_CET); - } - info = kexec_crash_save_info(); info->xen_phys_start = xen_phys_start; info->dom0_pfn_to_mfn_frame_list_list = diff --git a/xen/arch/x86/machine_kexec.c b/xen/arch/x86/machine_kexec.c index 08ec9fd43b..bc2c76c6b9 100644 --- a/xen/arch/x86/machine_kexec.c +++ b/xen/arch/x86/machine_kexec.c @@ -173,6 +173,16 @@ void machine_kexec(struct kexec_image *image) _update_gate_addr_lower(&idt_tables[i][TRAP_machine_check], &trap_nop); } + /* Reset CPUID masking and faulting to the host's default. */ + ctxt_switch_levelling(NULL); + + /* Disable CET. */ + if ( read_cr4() & X86_CR4_CET ) + { + wrmsrl(MSR_S_CET, 0); + write_cr4(read_cr4() & ~X86_CR4_CET); + } + /* Explicitly enable NMIs on this CPU. Some crashdump kernels do * not like running with NMIs disabled. */ enable_nmis(); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:02:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:02:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297868.507451 (Exim 4.92) (envelope-from ) id 1nai4v-0002ke-1f; Sat, 02 Apr 2022 18:02:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297868.507451; Sat, 02 Apr 2022 18:02:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4u-0002kV-Um; Sat, 02 Apr 2022 18:02:24 +0000 Received: by outflank-mailman (input) for mailman id 297868; Sat, 02 Apr 2022 18:02:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4t-0002kB-BT for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai4t-0007MF-Ag for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai4t-0003Dz-9w for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9fZjV6SPhiDWPPc2t0xO7sEsWS68EcprkKyvD6EtLR4=; b=xh6S/A01/bNHMv2ML8I1gsxANf CyJd6kwfz2S69GilE9W8txHQicHEDULVsVApm5zqGD7wOt24f2qb2insmrQ6/rdgUQQ8uWDsrSKYA zx8ugZ95Mao3s4NhTiugWd9aVz45uBguBZ9AfugJCtLqp2tN/9iVXX/dlyBObV51Tfw4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/cet: Clear IST supervisor token busy bits on S3 resume Message-Id: Date: Sat, 02 Apr 2022 18:02:23 +0000 commit cd48561b55d091205aa32996689c72e3057bbd42 Author: Andrew Cooper AuthorDate: Mon Mar 14 10:30:46 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/cet: Clear IST supervisor token busy bits on S3 resume Stacks are not freed across S3. Execution just stops, leaving supervisor token busy bits active. Fixing this for the primary shadow stack was done previously, but there is a (rare) risk that an IST token is left busy too, if the platform power-off happens to intersect with an NMI/#MC arriving. This will manifest as #DF next time the IST vector gets used. Introduce rdssp() and wrss() helpers in a new shstk.h, cleaning up fixup_exception_return() and explaining the trick with the literal 1. Then this infrastructure to rewrite the IST tokens in load_system_tables() when all the other IST details are being set up. In the case that an IST token were left busy across S3, this will clear the busy bit before the stack gets used. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e421ed0f68488863599532bda575c03c33cde0e0) --- xen/arch/x86/cpu/common.c | 25 ++++++++++++++++++++---- xen/arch/x86/traps.c | 8 +++----- xen/include/asm-x86/shstk.h | 46 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 5c5e05e6e6..9ce148a666 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include /* for XEN_INVALID_{SOCKET,CORE}_ID */ @@ -824,15 +825,31 @@ void load_system_tables(void) */ if (cpu_has_xen_shstk) { volatile uint64_t *ist_ssp = tss_page->ist_ssp; + unsigned long + mce_ssp = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8, + nmi_ssp = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8, + db_ssp = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8, + df_ssp = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; ist_ssp[0] = 0x8600111111111111ul; - ist_ssp[IST_MCE] = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_NMI] = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DB] = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DF] = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; + ist_ssp[IST_MCE] = mce_ssp; + ist_ssp[IST_NMI] = nmi_ssp; + ist_ssp[IST_DB] = db_ssp; + ist_ssp[IST_DF] = df_ssp; for ( i = IST_DF + 1; i < ARRAY_SIZE(tss_page->ist_ssp); ++i ) ist_ssp[i] = 0x8600111111111111ul; + if (IS_ENABLED(CONFIG_XEN_SHSTK) && rdssp() != SSP_NO_SHSTK) { + /* + * Rewrite supervisor tokens when shadow stacks are + * active. This resets any busy bits left across S3. + */ + wrss(mce_ssp, _p(mce_ssp)); + wrss(nmi_ssp, _p(nmi_ssp)); + wrss(db_ssp, _p(db_ssp)); + wrss(df_ssp, _p(df_ssp)); + } + wrmsrl(MSR_INTERRUPT_SSP_TABLE, (unsigned long)ist_ssp); } diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index d483aa91f2..6dd923a9fb 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -84,6 +84,7 @@ #include #include #include +#include /* * opt_nmi: one of 'ignore', 'dom0', or 'fatal'. @@ -900,8 +901,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, { unsigned long ssp, *ptr, *base; - asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); - if ( ssp == 1 ) + if ( (ssp = rdssp()) == SSP_NO_SHSTK ) goto shstk_done; ptr = _p(ssp); @@ -930,9 +930,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, */ if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) { - asm ( "wrssq %[fix], %[stk]" - : [stk] "=m" (ptr[0]) - : [fix] "r" (fixup) ); + wrss(fixup, ptr); goto shstk_done; } } diff --git a/xen/include/asm-x86/shstk.h b/xen/include/asm-x86/shstk.h new file mode 100644 index 0000000000..fdc9cc65a3 --- /dev/null +++ b/xen/include/asm-x86/shstk.h @@ -0,0 +1,46 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_SHSTK_H +#define XEN_ASM_SHSTK_H + +/* + * RDSSP is a nop when shadow stacks are inactive. Also, SSP has a minimum + * alignment of 4 which is enforced by hardware. + * + * We load 1 into a register, then RDSSP. If shadow stacks are not enabled, + * RDSSP is a nop, and the 1 is preserved. Otherwise, the 1 is clobbered with + * the real SSP, which has the bottom two bits clear. + */ +#define SSP_NO_SHSTK 1 + +static inline unsigned long rdssp(void) +{ + unsigned long ssp; + + asm volatile ( "rdsspq %0" : "=r" (ssp) : "0" (SSP_NO_SHSTK) ); + + return ssp; +} + +static inline void wrss(unsigned long val, unsigned long *ptr) +{ + asm ( "wrssq %[val], %[ptr]" + : [ptr] "=m" (*ptr) + : [val] "r" (val) ); +} + +#endif /* XEN_ASM_SHSTK_H */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:02:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:02:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297869.507454 (Exim 4.92) (envelope-from ) id 1nai55-0002nD-35; Sat, 02 Apr 2022 18:02:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297869.507454; Sat, 02 Apr 2022 18:02:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai55-0002n5-0B; Sat, 02 Apr 2022 18:02:35 +0000 Received: by outflank-mailman (input) for mailman id 297869; Sat, 02 Apr 2022 18:02:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai53-0002mt-Eg for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai53-0007MP-Dn for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai53-0003Ek-D3 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=P8ZSqFp5XgJGehXTP2MVd6WKN7swgN6FA+HIXC+5UNk=; b=YyorlTOIXnO9YDRBAypT94P9Td wuC2nkSZnYP4RaCU8AB5NagizB4DGJjwy84lOcxpwN7Xxo9ZO6hIDBuyqX40UqjajkT1lsme3zTOO Qa0DwQQ0rO4QGXw3rVs5zU9jvfyUqG+2ODgOwQWPt77STXbF/b6fOuFgpo2Rb2/hFGME=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/cet: Remove writeable mapping of the BSPs shadow stack Message-Id: Date: Sat, 02 Apr 2022 18:02:33 +0000 commit 27dc916a39e8be9de331a580a43f10ef85633133 Author: Andrew Cooper AuthorDate: Tue Mar 15 12:07:18 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/cet: Remove writeable mapping of the BSPs shadow stack An unintended consequence of the BSP using cpu0_stack[] is that writeable mappings to the BSPs shadow stacks are retained in the bss. This renders CET-SS almost useless, as an attacker can update both return addresses and the ret will not fault. We specifically don't want to shatter the superpage mapping .data and .bss, so the only way to fix this is to not have the BSP stack in the main Xen image. Break cpu_alloc_stack() out of cpu_smpboot_alloc(), and dynamically allocate the BSP stack as early as reasonable in __start_xen(). As a consequence, there is no need to delay the BSP's memguard_guard_stack() call. Copy the top of cpu info block just before switching to use the new stack. Fix a latent bug by setting %rsp to info->guest_cpu_user_regs rather than ->es; this would be buggy if reinit_bsp_stack() called schedule() (which rewrites the GPR block) directly, but luckily it doesn't. Finally, move cpu0_stack[] into .init, so it can be reclaimed after boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 37786b23b027ab83051175cb8ce9ac86cacfc58e) --- xen/arch/x86/setup.c | 20 +++++++++++++------- xen/arch/x86/smpboot.c | 26 +++++++++++++++++++------- xen/arch/x86/xen.lds.S | 2 +- xen/include/asm-x86/smp.h | 2 ++ 4 files changed, 35 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 9e5ccebbab..70b37d8afe 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -152,7 +152,7 @@ unsigned long __read_mostly xen_phys_start; unsigned long __read_mostly xen_virt_end; -char __section(".bss.stack_aligned") __aligned(STACK_SIZE) +char __section(".init.bss.stack_aligned") __aligned(STACK_SIZE) cpu0_stack[STACK_SIZE]; struct cpuinfo_x86 __read_mostly boot_cpu_data = { 0, 0, 0, 0, -1 }; @@ -704,7 +704,6 @@ static void __init noreturn reinit_bsp_stack(void) percpu_traps_init(); stack_base[0] = stack; - memguard_guard_stack(stack); rc = setup_cpu_root_pgt(0); if ( rc ) @@ -871,6 +870,8 @@ void __init noreturn __start_xen(unsigned long mbi_p) { char *memmap_type = NULL; char *cmdline, *kextra, *loader; + void *bsp_stack; + struct cpu_info *info = get_cpu_info(), *bsp_info; unsigned int initrdidx, num_parked = 0; multiboot_info_t *mbi; module_t *mod; @@ -903,7 +904,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + asm volatile ( "mov %%cr4,%0" : "=r" (info->cr4) ); /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -1733,6 +1734,10 @@ void __init noreturn __start_xen(unsigned long mbi_p) */ vm_init(); + bsp_stack = cpu_alloc_stack(0); + if ( !bsp_stack ) + panic("No memory for BSP stack\n"); + console_init_ring(); vesa_init(); @@ -1991,17 +1996,18 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - /* Jump to the 1:1 virtual mappings of cpu0_stack. */ + /* Copy the cpu info block, and move onto the BSP stack. */ + bsp_info = get_cpu_info_from_stack((unsigned long)bsp_stack); + *bsp_info = *info; + asm volatile ("mov %[stk], %%rsp; jmp %c[fn]" :: - [stk] "g" (__va(__pa(get_stack_bottom()))), + [stk] "g" (&bsp_info->guest_cpu_user_regs), [fn] "i" (reinit_bsp_stack) : "memory"); unreachable(); } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 2596e4374b..0694173173 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -1024,6 +1024,23 @@ static void cpu_smpboot_free(unsigned int cpu, bool remove) } } +void *cpu_alloc_stack(unsigned int cpu) +{ + nodeid_t node = cpu_to_node(cpu); + unsigned int memflags = 0; + void *stack; + + if ( node != NUMA_NO_NODE ) + memflags = MEMF_node(node); + + stack = alloc_xenheap_pages(STACK_ORDER, memflags); + + if ( stack ) + memguard_guard_stack(stack); + + return stack; +} + static int cpu_smpboot_alloc(unsigned int cpu) { struct cpu_info *info; @@ -1036,15 +1053,10 @@ static int cpu_smpboot_alloc(unsigned int cpu) if ( node != NUMA_NO_NODE ) memflags = MEMF_node(node); - if ( stack_base[cpu] == NULL ) - { - stack_base[cpu] = alloc_xenheap_pages(STACK_ORDER, memflags); - if ( !stack_base[cpu] ) + if ( stack_base[cpu] == NULL && + (stack_base[cpu] = cpu_alloc_stack(cpu)) == NULL ) goto out; - memguard_guard_stack(stack_base[cpu]); - } - info = get_cpu_info_from_stack((unsigned long)stack_base[cpu]); info->processor_id = cpu; info->per_cpu_offset = __per_cpu_offset[cpu]; diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 87e344d4dd..4c58f3209c 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -199,6 +199,7 @@ SECTIONS } PHDR(text) DECL_SECTION(.init.data) { #endif + *(.init.bss.stack_aligned) *(.init.rodata) *(.init.rodata.*) @@ -280,7 +281,6 @@ SECTIONS DECL_SECTION(.bss) { __bss_start = .; - *(.bss.stack_aligned) *(.bss.page_aligned*) . = ALIGN(PAGE_SIZE); __per_cpu_start = .; diff --git a/xen/include/asm-x86/smp.h b/xen/include/asm-x86/smp.h index f7485f602e..9628d7842d 100644 --- a/xen/include/asm-x86/smp.h +++ b/xen/include/asm-x86/smp.h @@ -85,6 +85,8 @@ extern cpumask_t **socket_cpumask; extern unsigned int disabled_cpus; extern bool unaccounted_cpus; +void *cpu_alloc_stack(unsigned int cpu); + #endif /* !__ASSEMBLY__ */ #endif -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:02:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:02:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297870.507460 (Exim 4.92) (envelope-from ) id 1nai5F-0002qr-6k; Sat, 02 Apr 2022 18:02:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297870.507460; Sat, 02 Apr 2022 18:02:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5F-0002qh-3E; Sat, 02 Apr 2022 18:02:45 +0000 Received: by outflank-mailman (input) for mailman id 297870; Sat, 02 Apr 2022 18:02:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5D-0002qU-Hc for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5D-0007MZ-Gj for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai5D-0003FL-G2 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=719Cf+T8PD1u6GVFy+GT9KzR+ZmRlnRSsVAEfSPdww4=; b=ydeR53/ROibgCz3qLUumJ1/Lk4 /gcYPIjqJaHQsgl84Xrc84MhRCkwH2CbegO04nXfCW1SksPyebb/qqFkEk7gfaW1iBeMnltvM8DzB ju0Ytl6PsZEiw9DUFHQ3FnXpAyUo5poHBw5fbfHykZ6LKR2lktaeE1pACJkca16aUe/c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xen/x86: Livepatch: support patching CET-enhanced functions Message-Id: Date: Sat, 02 Apr 2022 18:02:43 +0000 commit dcd44e3b9ad2f0491bd7f4751232a389e4ee57e7 Author: Bjoern Doebel AuthorDate: Thu Mar 10 07:35:36 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 xen/x86: Livepatch: support patching CET-enhanced functions Xen enabled CET for supporting architectures. The control flow aspect of CET require functions that can be called indirectly (i.e., via function pointers) to start with an ENDBR64 instruction. Otherwise a control flow exception is raised. This expectation breaks livepatching flows because we patch functions by overwriting their first 5 bytes with a JMP + , thus breaking the ENDBR64. We fix this by checking the start of a patched function for being ENDBR64. In the positive case we move the livepatch JMP to start behind the ENDBR64 instruction. To avoid having to guess the ENDBR64 offset again on patch reversal (which might race with other mechanisms adding/removing ENDBR dynamically), use the livepatch metadata to store the computed offset along with the saved bytes of the overwritten function. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall Tested-by: Jiamei Xie (cherry picked from commit 6974c75180f1aad44e5428eabf2396b2b50fb0e4) Note: For backports to 4.14 thru 4.16, there is no endbr-clobbering, hence no is_endbr64_poison() logic. --- xen/arch/x86/livepatch.c | 39 +++++++++++++++++++++++++++++++++------ xen/include/public/sysctl.h | 3 ++- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index 49f0d902e5..e94ac9b228 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -14,6 +14,7 @@ #include #include +#include #include #include #include @@ -113,8 +114,20 @@ int arch_livepatch_verify_func(const struct livepatch_func *func) if ( func->old_size < func->new_size ) return -EINVAL; } - else if ( func->old_size < ARCH_PATCH_INSN_SIZE ) - return -EINVAL; + else + { + /* + * Space needed now depends on whether the target function + * starts with an ENDBR64 instruction. + */ + uint8_t needed = ARCH_PATCH_INSN_SIZE; + + if ( is_endbr64(func->old_addr) ) + needed += ENDBR64_LEN; + + if ( func->old_size < needed ) + return -EINVAL; + } return 0; } @@ -129,12 +142,24 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) uint8_t insn[sizeof(func->opaque)]; unsigned int len; + func->patch_offset = 0; old_ptr = func->old_addr; len = livepatch_insn_len(func); if ( !len ) return; - memcpy(func->opaque, old_ptr, len); + /* + * CET hotpatching support: We may have functions starting with an ENDBR64 + * instruction that MUST remain the first instruction of the function, + * hence we need to move any hotpatch trampoline further into the function. + * For that we need to keep track of the patching offset used for any + * loaded hotpatch (to avoid racing against other fixups adding/removing + * ENDBR64 or similar instructions). + */ + if ( is_endbr64(old_ptr) ) + func->patch_offset += ENDBR64_LEN; + + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { int32_t val; @@ -142,14 +167,15 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) BUILD_BUG_ON(ARCH_PATCH_INSN_SIZE != (1 + sizeof(val))); insn[0] = 0xe9; /* Relative jump. */ - val = func->new_addr - func->old_addr - ARCH_PATCH_INSN_SIZE; + val = func->new_addr - (func->old_addr + func->patch_offset + + ARCH_PATCH_INSN_SIZE); memcpy(&insn[1], &val, sizeof(val)); } else add_nops(insn, len); - memcpy(old_ptr, insn, len); + memcpy(old_ptr + func->patch_offset, insn, len); } /* @@ -158,7 +184,8 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) */ void noinline arch_livepatch_revert(const struct livepatch_func *func) { - memcpy(func->old_addr, func->opaque, livepatch_insn_len(func)); + memcpy(func->old_addr + func->patch_offset, func->opaque, + livepatch_insn_len(func)); } /* diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index 55252e97f2..b0a4af8789 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -876,7 +876,8 @@ struct livepatch_func { uint8_t version; /* MUST be LIVEPATCH_PAYLOAD_VERSION. */ uint8_t opaque[LIVEPATCH_OPAQUE_SIZE]; uint8_t applied; - uint8_t _pad[7]; + uint8_t patch_offset; + uint8_t _pad[6]; livepatch_expectation_t expect; }; typedef struct livepatch_func livepatch_func_t; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:02:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:02:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297871.507463 (Exim 4.92) (envelope-from ) id 1nai5P-0002tl-7S; Sat, 02 Apr 2022 18:02:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297871.507463; Sat, 02 Apr 2022 18:02:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5P-0002td-4i; Sat, 02 Apr 2022 18:02:55 +0000 Received: by outflank-mailman (input) for mailman id 297871; Sat, 02 Apr 2022 18:02:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5N-0002tU-KR for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5N-0007Mj-Jd for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai5N-0003Fw-Iy for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:02:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dKw1kyWwZ04vGEhMMaamHCVKwyTsL4VKVO1UWqvBLK0=; b=x1LGOmMQVXJ1JUQTqSSoHrzaMA nmAPPYpilKRxTd8CLuzrHOyV4J76OTvRi4Eu0PZfkXvSYHI2C7/+H/eHnunXvLouGGd+ymPEM8ItF xpN042VfkHKKYMTk9IEuychmNctz5+SNK90Zi54PXjDu+WArOnNdvLBQwzw9iKoqanrk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/cet: Remove XEN_SHSTK's dependency on EXPERT Message-Id: Date: Sat, 02 Apr 2022 18:02:53 +0000 commit c7a861b2d065e7c26f9d499df32eb99f546e1671 Author: Andrew Cooper AuthorDate: Mon Feb 28 19:31:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/cet: Remove XEN_SHSTK's dependency on EXPERT CET-SS hardware is now available from multiple vendors, the feature has downstream users, and was declared security supported in XSA-398. Enable it by default. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross (cherry picked from commit fc90d75c2b71ae15b75128e7d0d4dbe718164ecb) --- xen/arch/x86/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index be343218de..ef72e7821b 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -116,8 +116,8 @@ config HVM If unsure, say Y. config XEN_SHSTK - bool "Supervisor Shadow Stacks (EXPERT)" - depends on HAS_AS_CET_SS && EXPERT + bool "Supervisor Shadow Stacks" + depends on HAS_AS_CET_SS default y ---help--- Control-flow Enforcement Technology (CET) is a set of features in -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:03:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:03:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297872.507467 (Exim 4.92) (envelope-from ) id 1nai5Z-0002wd-94; Sat, 02 Apr 2022 18:03:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297872.507467; Sat, 02 Apr 2022 18:03:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5Z-0002wV-67; Sat, 02 Apr 2022 18:03:05 +0000 Received: by outflank-mailman (input) for mailman id 297872; Sat, 02 Apr 2022 18:03:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5X-0002wJ-NP for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5X-0007N7-Md for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai5X-0003Gk-M4 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=m/rXVVzRJS6FBmfFHqc80sq0CDaA9hr9mJb6TI1veO8=; b=vcPEoM2Mnob9Eaazcjm/W4oocO Xe4ean5aLMojeYqdTiljpq6xu6opzMj2nIC8JUs2Jv0u4EylSq9RwGTugckZRqfXjvBzfIyRGxj69 j9Ox3j9xnkJr3b639R2PwBgctcZuBuwX1LqDk/SGjV9uQCkwq1rIZ83ErRRNnVo1WBTc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] livepatch: resolve old address before function verification Message-Id: Date: Sat, 02 Apr 2022 18:03:03 +0000 commit 4dcddbba664cc91e2c1952498e80d8025891b9ad Author: Bjoern Doebel AuthorDate: Wed Mar 9 16:22:03 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Mar 28 12:49:34 2022 +0100 livepatch: resolve old address before function verification When verifying that a livepatch can be applied, we may as well want to inspect the target function to be patched. To do so, we need to resolve this function's address before running the arch-specific livepatch_verify hook. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall (cherry picked from commit 5142dc5c25e317c208e3dc16d16b664b9f05dab5) --- xen/common/livepatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 7118551b27..329b01c1e8 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -685,11 +685,11 @@ static int prepare_payload(struct payload *payload, return -EINVAL; } - rc = arch_livepatch_verify_func(f); + rc = resolve_old_address(f, elf); if ( rc ) return rc; - rc = resolve_old_address(f, elf); + rc = arch_livepatch_verify_func(f); if ( rc ) return rc; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:03:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:03:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297873.507471 (Exim 4.92) (envelope-from ) id 1nai5j-0002zW-AY; Sat, 02 Apr 2022 18:03:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297873.507471; Sat, 02 Apr 2022 18:03:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5j-0002zO-7b; Sat, 02 Apr 2022 18:03:15 +0000 Received: by outflank-mailman (input) for mailman id 297873; Sat, 02 Apr 2022 18:03:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5h-0002zE-Qj for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5h-0007NH-Px for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai5h-0003HU-P9 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nxbUese5I3xD8YsDE+u/JqLLnv0u/Z08lmnnhGL2LfA=; b=qnwaoBkiH4KnY34cBw5W9AXa6v /Tpg5REEhnDL4k2DI0JC4cKAVKta0s9nKAFYUwefM5F7mYCThP7UnbWE3cytR441Bi+pyysGBlXln gdp3dlyizVNvovXDJU1huVt+UcbnxFQnGNpQwf2pnMFaW9GMgJkv6XE+47v1VDuCjZJo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/retpoline: split retpoline compiler support into separate option Message-Id: Date: Sat, 02 Apr 2022 18:03:13 +0000 commit 0caab659704bb0944a62f7535f3c726f5db922c5 Author: Roger Pau MonnĂ© AuthorDate: Thu Mar 31 10:54:08 2022 +0200 Commit: Jan Beulich CommitDate: Thu Mar 31 10:54:08 2022 +0200 x86/retpoline: split retpoline compiler support into separate option Keep the previous option as a way to signal generic retpoline support regardless of the underlying compiler, while introducing a new CC_HAS_INDIRECT_THUNK that signals whether the underlying compiler supports retpoline. No functional change intended. Signed-off-by: Roger Pau MonnĂ© Acked-by: Andrew Cooper master commit: e245bc154300b5d0367b64e8b937c9d1da508ad3 master date: 2022-02-21 18:17:56 +0000 --- xen/arch/x86/Kconfig | 6 +++++- xen/arch/x86/arch.mk | 10 ++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index ef72e7821b..e20e53edfc 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -32,9 +32,13 @@ config ARCH_DEFCONFIG string default "arch/x86/configs/x86_64_defconfig" -config INDIRECT_THUNK +config CC_HAS_INDIRECT_THUNK def_bool $(cc-option,-mindirect-branch-register) +config INDIRECT_THUNK + def_bool y + depends on CC_HAS_INDIRECT_THUNK + config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 456e5d5c1a..abb55b4408 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -41,10 +41,12 @@ CFLAGS += -mno-red-zone -fpic # SSE setup for variadic function calls. CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) -# Compile with thunk-extern, indirect-branch-register if avaiable. -CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern -CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch-register -CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables +ifeq ($(CONFIG_INDIRECT_THUNK),y) +# Compile with gcc thunk-extern, indirect-branch-register if available. +CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch=thunk-extern +CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch-register +CFLAGS-$(CONFIG_CC_IS_GCC) += -fno-jump-tables +endif ifdef CONFIG_XEN_IBT # Force -fno-jump-tables to work around -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:03:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:03:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297874.507475 (Exim 4.92) (envelope-from ) id 1nai5t-00032F-CI; Sat, 02 Apr 2022 18:03:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297874.507475; Sat, 02 Apr 2022 18:03:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5t-000323-99; Sat, 02 Apr 2022 18:03:25 +0000 Received: by outflank-mailman (input) for mailman id 297874; Sat, 02 Apr 2022 18:03:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5r-00031q-Tp for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai5r-0007Nk-T2 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai5r-0003I3-SM for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QRRUy08z2DApIyHR1g94whPPQkPoPt96eVEX6tUOihc=; b=NShNlAWljSWdp27CGudkkgItt+ xaTaRHWsh+qvzO7r+bPkxfbVkouEI+DE6ND4LnsOlL5X4a8nfu2/lFw8Nccd0N3xtRA30EdG2dEsw zE7UtLM8TnLV8V9F0+x9oairIhSXR4XsQ8apvofrTqtr4H36EKnXhzAgw6BenjU/zRAM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/clang: add retpoline support Message-Id: Date: Sat, 02 Apr 2022 18:03:23 +0000 commit dc24f4342b718c570ec794a0fc953e82e894ee3c Author: Roger Pau MonnĂ© AuthorDate: Thu Mar 31 10:56:34 2022 +0200 Commit: Jan Beulich CommitDate: Thu Mar 31 10:56:34 2022 +0200 x86/clang: add retpoline support Detect whether the compiler supports clang retpoline option and enable by default if available, just like it's done for gcc. Note clang already disables jump tables when retpoline is enabled, so there's no need to also pass the fno-jump-tables parameter. Also clang already passes the return address in a register always on amd64, so there's no need for any equivalent mindirect-branch-register parameter. Reported-by: Andrew Cooper Signed-off-by: Roger Pau MonnĂ© Acked-by: Andrew Cooper master commit: 9412486707f8f1ca2eb31c2ef330c5e39c0a2f30 master date: 2022-02-21 18:17:56 +0000 --- xen/arch/x86/Kconfig | 3 ++- xen/arch/x86/arch.mk | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index e20e53edfc..34dcb47ecd 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -33,7 +33,8 @@ config ARCH_DEFCONFIG default "arch/x86/configs/x86_64_defconfig" config CC_HAS_INDIRECT_THUNK - def_bool $(cc-option,-mindirect-branch-register) + def_bool $(cc-option,-mindirect-branch-register) || \ + $(cc-option,-mretpoline-external-thunk) config INDIRECT_THUNK def_bool y diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index abb55b4408..976ac5aafe 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -46,6 +46,9 @@ ifeq ($(CONFIG_INDIRECT_THUNK),y) CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch=thunk-extern CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch-register CFLAGS-$(CONFIG_CC_IS_GCC) += -fno-jump-tables + +# Enable clang retpoline support if available. +CFLAGS-$(CONFIG_CC_IS_CLANG) += -mretpoline-external-thunk endif ifdef CONFIG_XEN_IBT -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:03:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:03:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297875.507479 (Exim 4.92) (envelope-from ) id 1nai63-000350-Dj; Sat, 02 Apr 2022 18:03:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297875.507479; Sat, 02 Apr 2022 18:03:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai63-00034s-AZ; Sat, 02 Apr 2022 18:03:35 +0000 Received: by outflank-mailman (input) for mailman id 297875; Sat, 02 Apr 2022 18:03:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai62-00034Q-0U for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai61-0007Nx-W0 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai61-0003Ig-VK for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Hj5M9RDlhslP6zNnTpvfITCkcYQmq0QVFyRO+QmBo40=; b=3Ja+hLK/l9u1N8Vc0PH2lVT5kJ jeXqZnaDcgFS0Jc2AnCTYYr6a2sVdb0uBq1MiPNID0qoJnKk/U8pecM+7/MttzCI5nOtkU1kHpq7U Obl8eVVD1lDERqES/AZro40NxGlfhzow9yphb0Bt/Rfi+B3QFqWu8TPsn68hqWycHMZ8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/Kconfig: introduce option to select retpoline usage Message-Id: Date: Sat, 02 Apr 2022 18:03:33 +0000 commit dd359f9f505e7df960aad13116bc6f576f5fdd94 Author: Roger Pau MonnĂ© AuthorDate: Thu Mar 31 10:57:23 2022 +0200 Commit: Jan Beulich CommitDate: Thu Mar 31 10:57:23 2022 +0200 x86/Kconfig: introduce option to select retpoline usage Add a new Kconfig option under the "Speculative hardening" section that allows selecting whether to enable retpoline. This depends on the underlying compiler having retpoline support. Requested-by: Andrew Cooper Signed-off-by: Roger Pau MonnĂ© Acked-by: Andrew Cooper master commit: 95d9ab46143685f169f636cfdd7997e2fc630e86 master date: 2022-02-21 18:17:56 +0000 --- xen/arch/x86/Kconfig | 4 ---- xen/common/Kconfig | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 34dcb47ecd..3c14096c80 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -36,10 +36,6 @@ config CC_HAS_INDIRECT_THUNK def_bool $(cc-option,-mindirect-branch-register) || \ $(cc-option,-mretpoline-external-thunk) -config INDIRECT_THUNK - def_bool y - depends on CC_HAS_INDIRECT_THUNK - config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index db687b1785..6443943889 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -85,6 +85,20 @@ config STATIC_MEMORY menu "Speculative hardening" +config INDIRECT_THUNK + bool "Speculative Branch Target Injection Protection" + depends on CC_HAS_INDIRECT_THUNK + default y + help + Contemporary processors may use speculative execution as a + performance optimisation, but this can potentially be abused by an + attacker to leak data via speculative sidechannels. + + One source of data leakage is via branch target injection. + + When enabled, indirect branches are implemented using a new construct + called "retpoline" that prevents speculation. + config SPECULATIVE_HARDEN_ARRAY bool "Speculative Array Hardening" default y -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:03:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:03:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297876.507483 (Exim 4.92) (envelope-from ) id 1nai6D-00037w-Fb; Sat, 02 Apr 2022 18:03:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297876.507483; Sat, 02 Apr 2022 18:03:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai6D-00037o-C6; Sat, 02 Apr 2022 18:03:45 +0000 Received: by outflank-mailman (input) for mailman id 297876; Sat, 02 Apr 2022 18:03:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai6C-00037f-3R for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai6C-0007O7-2h for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai6C-0003JH-24 for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=F9/1710HFAvxFJ0eB8Wc/drewx6ndvfTIbXtIwcEk/8=; b=0w6QcGhRI9Cnl9Ouiw7f0C0GTw 8Zpk8bNrsAkzCWROLlLliHQu35gFktSnXvKdUGt6aPeUnnqmb/1ov+NOmZoUvXPFS8a34ddvYWIMv QKVl92szb8a18VMRYoGdjRmGvuQ8l7SEG1x8ZftB78iweFPrwPnaIugixP4upWhn4qs0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] vpci/msix: fix PBA accesses Message-Id: Date: Sat, 02 Apr 2022 18:03:44 +0000 commit ef63570d8391a35fd734a956865b8295d2c57112 Author: Roger Pau MonnĂ© AuthorDate: Thu Mar 31 10:58:42 2022 +0200 Commit: Jan Beulich CommitDate: Thu Mar 31 10:58:42 2022 +0200 vpci/msix: fix PBA accesses Map the PBA in order to access it from the MSI-X read and write handlers. Note that previously the handlers would pass the physical host address into the {read,write}{l,q} handlers, which is wrong as those expect a linear address. Map the PBA using ioremap when the first access is performed. Note that 32bit arches might want to abstract the call to ioremap into a vPCI arch handler, so they can use a fixmap range to map the PBA. Reported-by: Jan Beulich Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich Tested-by: Alex Olson master commit: b4f21160601155762a4d014db9623af921fec959 master date: 2022-03-09 16:21:01 +0100 --- xen/drivers/vpci/msix.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++--- xen/drivers/vpci/vpci.c | 2 ++ xen/include/xen/vpci.h | 2 ++ 3 files changed, 65 insertions(+), 4 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index 846f1b8d70..ac5de98f6d 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -182,6 +182,38 @@ static struct vpci_msix_entry *get_entry(struct vpci_msix *msix, return &msix->entries[(addr - start) / PCI_MSIX_ENTRY_SIZE]; } +static void __iomem *get_pba(struct vpci *vpci) +{ + struct vpci_msix *msix = vpci->msix; + /* + * PBA will only be unmapped when the device is deassigned, so access it + * without holding the vpci lock. + */ + void __iomem *pba = read_atomic(&msix->pba); + + if ( likely(pba) ) + return pba; + + pba = ioremap(vmsix_table_addr(vpci, VPCI_MSIX_PBA), + vmsix_table_size(vpci, VPCI_MSIX_PBA)); + if ( !pba ) + return read_atomic(&msix->pba); + + spin_lock(&vpci->lock); + if ( !msix->pba ) + { + write_atomic(&msix->pba, pba); + spin_unlock(&vpci->lock); + } + else + { + spin_unlock(&vpci->lock); + iounmap(pba); + } + + return read_atomic(&msix->pba); +} + static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, unsigned long *data) { @@ -200,6 +232,10 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); + /* * Access to PBA. * @@ -207,14 +243,22 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, * guest address space. If this changes the address will need to be * translated. */ + if ( !pba ) + { + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, report all pending\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - *data = readl(addr); + *data = readl(pba + idx); break; case 8: - *data = readq(addr); + *data = readq(pba + idx); break; default: @@ -278,14 +322,27 @@ static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, /* Ignore writes to PBA for DomUs, it's behavior is undefined. */ if ( is_hardware_domain(d) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); + + if ( !pba ) + { + /* Unable to map the PBA, ignore write. */ + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, write ignored\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - writel(data, addr); + writel(data, pba + idx); break; case 8: - writeq(data, addr); + writeq(data, pba + idx); break; default: diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index 657697fe34..dfc8136ffb 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -51,6 +51,8 @@ void vpci_remove_device(struct pci_dev *pdev) xfree(r); } spin_unlock(&pdev->vpci->lock); + if ( pdev->vpci->msix && pdev->vpci->msix->pba ) + iounmap(pdev->vpci->msix->pba); xfree(pdev->vpci->msix); xfree(pdev->vpci->msi); xfree(pdev->vpci); diff --git a/xen/include/xen/vpci.h b/xen/include/xen/vpci.h index 9ea66e033f..755b4fd5c8 100644 --- a/xen/include/xen/vpci.h +++ b/xen/include/xen/vpci.h @@ -129,6 +129,8 @@ struct vpci { bool enabled : 1; /* Masked? */ bool masked : 1; + /* PBA map */ + void __iomem *pba; /* Entries. */ struct vpci_msix_entry { uint64_t addr; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 02 18:03:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Apr 2022 18:03:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297877.507487 (Exim 4.92) (envelope-from ) id 1nai6N-0003BQ-IU; Sat, 02 Apr 2022 18:03:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297877.507487; Sat, 02 Apr 2022 18:03:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai6N-0003BI-Fj; Sat, 02 Apr 2022 18:03:55 +0000 Received: by outflank-mailman (input) for mailman id 297877; Sat, 02 Apr 2022 18:03:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai6M-0003B3-6I for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nai6M-0007Pp-5X for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nai6M-0003K2-4z for xen-changelog@lists.xenproject.org; Sat, 02 Apr 2022 18:03:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rt0bSRDcqqIY0c2D2OeTH/deq8gStl0FpXE5KG5rRJA=; b=mus1u7s3n/pEZ3Gy00z/JzY6UL 3sQjU7yuC/+9EDiszAsWnko8g1DA278F29VRa8QP666srsADisbstPJDbALGqr0TU7S3jXsooYvg9 YTNyh7bBn6oCi1NxBRPzrlmkFAFj8H7nSpNbv1Pd+CUfTdSyvzDb+O7kpqSQaSc+X/JQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] livepatch: account for patch offset when applying NOP patch Message-Id: Date: Sat, 02 Apr 2022 18:03:54 +0000 commit e34c16cc6ee029fa75c35bd21f75103d5502ea30 Author: Jan Beulich AuthorDate: Thu Mar 31 11:00:57 2022 +0200 Commit: Jan Beulich CommitDate: Thu Mar 31 11:00:57 2022 +0200 livepatch: account for patch offset when applying NOP patch While not triggered by the trivial xen_nop in-tree patch on staging/master, that patch exposes a problem on the stable trees, where all functions have ENDBR inserted. When NOP-ing out a range, we need to account for this. Handle this right in livepatch_insn_len(). This requires livepatch_insn_len() to be called _after_ ->patch_offset was set. Fixes: 6974c75180f1 ("xen/x86: Livepatch: support patching CET-enhanced functions") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 8a87b9a0fb0564f9d68f0be0a0d1a17c34117b8b master date: 2022-03-31 10:45:46 +0200 --- xen/arch/x86/livepatch.c | 8 +++++--- xen/include/xen/livepatch.h | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index e94ac9b228..a3cb63a7ea 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -144,9 +144,6 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) func->patch_offset = 0; old_ptr = func->old_addr; - len = livepatch_insn_len(func); - if ( !len ) - return; /* * CET hotpatching support: We may have functions starting with an ENDBR64 @@ -159,6 +156,11 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) if ( is_endbr64(old_ptr) ) func->patch_offset += ENDBR64_LEN; + /* This call must be done with ->patch_offset already set. */ + len = livepatch_insn_len(func); + if ( !len ) + return; + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { diff --git a/xen/include/xen/livepatch.h b/xen/include/xen/livepatch.h index f3ae10f007..9fdb29c382 100644 --- a/xen/include/xen/livepatch.h +++ b/xen/include/xen/livepatch.h @@ -90,7 +90,7 @@ static inline unsigned int livepatch_insn_len(const struct livepatch_func *func) { if ( !func->new_addr ) - return func->new_size; + return func->new_size - func->patch_offset; return ARCH_PATCH_INSN_SIZE; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sun Apr 03 02:00:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 03 Apr 2022 02:00:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297939.507542 (Exim 4.92) (envelope-from ) id 1napX9-0008Tq-4b; Sun, 03 Apr 2022 02:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297939.507542; Sun, 03 Apr 2022 02:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1napX9-0008TF-06; Sun, 03 Apr 2022 02:00:03 +0000 Received: by outflank-mailman (input) for mailman id 297939; Sun, 03 Apr 2022 02:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1napX8-0008Mb-Fk for xen-changelog@lists.xenproject.org; Sun, 03 Apr 2022 02:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1napX8-0008Sf-Dj for xen-changelog@lists.xenproject.org; Sun, 03 Apr 2022 02:00:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1napX8-0007HL-Ce for xen-changelog@lists.xenproject.org; Sun, 03 Apr 2022 02:00:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YqXR6YQN1TRXwgxsa4EwIeqc15wEequnczDzw7LScDw=; b=hJG30MIFcLS6CbWomWr9xeM15p vdwBy9ch7K2SN/FvGNkW5+Sp5okznRtiML3o2Z5JnQoJdYymr4Dh3isCkUP1yNCpcwMng95SldR+U 0TfTOBaIF+QJurH0SEJReRHCORBp9xAGRrCeTiChhI2R8pe9tz9j5rxAFdOHT5xmhv0k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libxl: Don't segfault on soft-reset failure Message-Id: Date: Sun, 03 Apr 2022 02:00:02 +0000 commit d2ecf97f911fc00a85b34b70ca311b5d355a9756 Author: Jason Andryuk AuthorDate: Fri Apr 1 10:32:56 2022 -0400 Commit: Andrew Cooper CommitDate: Fri Apr 1 17:01:57 2022 +0100 libxl: Don't segfault on soft-reset failure If domain_soft_reset_cb can't rename the save file, it doesn't call initiate_domain_create() and calls domcreate_complete(). Skipping initiate_domain_create() means dcs->console_wait is uninitialized and all 0s. We have: domcreate_complete() libxl__xswait_stop() libxl__ev_xswatch_deregister(). The uninitialized slotnum 0 is considered valid (-1 is the invalid sentinel), so the NULL pointer path to passed to xs_unwatch() which segfaults. libxl__ev_xswatch_deregister:watch w=0x12bc250 wpath=(null) token=0/0: deregister slotnum=0 Move dcs->console_xswait initialization into the callers of initiate_domain_create, do_domain_create() and do_domain_soft_reset(), so it is initialized along with the other dcs state. Fixes: c57e6ebd8c3e ("(lib)xl: soft reset support") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_create.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 15ed021f41..885675591f 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1255,8 +1255,6 @@ static void initiate_domain_create(libxl__egc *egc, libxl_domain_config *const d_config = dcs->guest_config; libxl__domain_build_state *dbs = &dcs->build_state; - libxl__xswait_init(&dcs->console_xswait); - domid = dcs->domid; libxl__domain_build_state_init(dbs); dbs->restore = dcs->restore_fd >= 0; @@ -2072,6 +2070,7 @@ static int do_domain_create(libxl_ctx *ctx, libxl_domain_config *d_config, cdcs->dcs.callback = domain_create_cb; cdcs->dcs.domid = INVALID_DOMID; cdcs->dcs.soft_reset = false; + libxl__xswait_init(&cdcs->dcs.console_xswait); if (cdcs->dcs.restore_params.checkpointed_stream == LIBXL_CHECKPOINTED_STREAM_COLO) { @@ -2172,6 +2171,7 @@ static int do_domain_soft_reset(libxl_ctx *ctx, cdcs->dcs.domid = domid; cdcs->dcs.soft_reset = true; cdcs->dcs.callback = domain_create_cb; + libxl__xswait_init(&cdcs->dcs.console_xswait); libxl__ao_progress_gethow(&srs->cdcs.dcs.aop_console_how, aop_console_how); cdcs->domid_out = &domid_out; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sun Apr 03 02:00:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 03 Apr 2022 02:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297940.507546 (Exim 4.92) (envelope-from ) id 1napXJ-0000y7-4a; Sun, 03 Apr 2022 02:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297940.507546; Sun, 03 Apr 2022 02:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1napXJ-0000xy-1U; Sun, 03 Apr 2022 02:00:13 +0000 Received: by outflank-mailman (input) for mailman id 297940; Sun, 03 Apr 2022 02:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1napXI-0000xq-Hy for xen-changelog@lists.xenproject.org; Sun, 03 Apr 2022 02:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1napXI-0000Q4-HB for xen-changelog@lists.xenproject.org; Sun, 03 Apr 2022 02:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1napXI-0007Is-GF for xen-changelog@lists.xenproject.org; Sun, 03 Apr 2022 02:00:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4zlNaquaWokMwilzSnE8AFO2jQEbLAYDQpzOm3SR37k=; b=pX87PK2KEN1OFRY+60A9R/bX7Y BQm3twnRGmhB9f9GHrm9NQruCaRCMx+3b/P4SGG6x2+FHZfj12NUdcXcEtwdJ/574w5n14sqGcC8z gPwcB7ytW5PYH8bNCTNRK9yWw30fAMsEa6OBxkN1XuneOeRQC7De3fgieaZF6UMR/i8U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libxl: Re-scope qmp_proxy_spawn.ao usage Message-Id: Date: Sun, 03 Apr 2022 02:00:12 +0000 commit d62a34423a1a98aefd7c30e22d2d82d198f077c8 Author: Jason Andryuk AuthorDate: Fri Apr 1 10:33:10 2022 -0400 Commit: Andrew Cooper CommitDate: Fri Apr 1 17:01:57 2022 +0100 libxl: Re-scope qmp_proxy_spawn.ao usage I've observed this failed assertion: libxl_event.c:2057: libxl__ao_inprogress_gc: Assertion `ao' failed. AFAICT, this is happening in qmp_proxy_spawn_outcome where sdss->qmp_proxy_spawn.ao is NULL. The out label of spawn_stub_launch_dm() calls qmp_proxy_spawn_outcome(), but it is only in the success path that sdss->qmp_proxy_spawn.ao gets set to the current ao. qmp_proxy_spawn_outcome() should instead use sdss->dm.spawn.ao, which is the already in-use ao when spawn_stub_launch_dm() is called. The same is true for spawn_qmp_proxy(). With this, move sdss->qmp_proxy_spawn.ao initialization to spawn_qmp_proxy() since its use is for libxl__spawn_spawn() and it can be initialized along with the rest of sdss->qmp_proxy_spawn. Fixes: 83c845033dc8 ("libxl: use vchan for QMP access with Linux stubdomain") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_dm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 9a8ddbe188..1864ee30f0 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -2567,7 +2567,6 @@ static void spawn_stub_launch_dm(libxl__egc *egc, goto out; } - sdss->qmp_proxy_spawn.ao = ao; if (libxl__stubdomain_is_linux(&guest_config->b_info)) { spawn_qmp_proxy(egc, sdss); } else { @@ -2584,7 +2583,7 @@ out: static void spawn_qmp_proxy(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); const uint32_t guest_domid = sdss->dm.guest_domid; const uint32_t dm_domid = sdss->pvqemu.guest_domid; const char *dom_path = libxl__xs_get_dompath(gc, dm_domid); @@ -2598,6 +2597,7 @@ static void spawn_qmp_proxy(libxl__egc *egc, goto out; } + sdss->qmp_proxy_spawn.ao = ao; sdss->qmp_proxy_spawn.what = GCSPRINTF("domain %d device model qmp proxy", guest_domid); sdss->qmp_proxy_spawn.pidpath = GCSPRINTF("%s/image/qmp-proxy-pid", dom_path); sdss->qmp_proxy_spawn.xspath = DEVICE_MODEL_XS_PATH(gc, LIBXL_TOOLSTACK_DOMID, @@ -2685,7 +2685,7 @@ static void qmp_proxy_spawn_outcome(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss, int rc) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); /* * Until xenconsoled learns how to handle multiple consoles, require qemu * in dom0 to serve consoles for a stubdomain - it require at least 3 of them. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 04 11:33:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Apr 2022 11:33:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298287.508077 (Exim 4.92) (envelope-from ) id 1nbKxG-0006ki-2G; Mon, 04 Apr 2022 11:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298287.508077; Mon, 04 Apr 2022 11:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbKxF-0006ka-VX; Mon, 04 Apr 2022 11:33:05 +0000 Received: by outflank-mailman (input) for mailman id 298287; Mon, 04 Apr 2022 11:33:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbKxE-0006kU-Us for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 11:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbKxE-00057n-Sb for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 11:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbKxE-0000uh-RN for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 11:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ur4cT6t08nJDy7o8xoxtwm3r491SoB7bhwrPNUTp6x4=; b=x1sBAj+7re+UZ5bke1k+TCiijD ix8oZdem88WKUDuEue278tNz4zPIh6fykH/49H83C2oT3hnlmxR0Nvj1A/tY7KeBYskrfAftrxf6T a2IBLasrhIXrF5gBPMWFY+4fASWZ6Ls2baj8rVEvQlOAxexf0IbuJzLJFoCTT4aIgK2M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/firmware: fix setting of fcf-protection=none Message-Id: Date: Mon, 04 Apr 2022 11:33:04 +0000 commit 7225f6e0cd3afd48b4d61c43dd8fead0f4c92193 Author: Roger Pau Monne AuthorDate: Mon Apr 4 12:40:43 2022 +0200 Commit: Andrew Cooper CommitDate: Mon Apr 4 12:30:00 2022 +0100 tools/firmware: fix setting of fcf-protection=none Setting the fcf-protection=none option in EMBEDDED_EXTRA_CFLAGS in the Makefile doesn't get it propagated to the subdirectories, so instead set the flag in firmware/Rules.mk, like it's done for other compiler flags. Fixes: 3667f7f8f7 ('x86: Introduce support for CET-IBT') Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Anthony PERARD Acked-by: Andrew Cooper --- tools/firmware/Makefile | 2 -- tools/firmware/Rules.mk | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile index 53ed4f161e..345037b93b 100644 --- a/tools/firmware/Makefile +++ b/tools/firmware/Makefile @@ -6,8 +6,6 @@ TARGET := hvmloader/hvmloader INST_DIR := $(DESTDIR)$(XENFIRMWAREDIR) DEBG_DIR := $(DESTDIR)$(DEBUG_DIR)$(XENFIRMWAREDIR) -EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none - SUBDIRS-y := SUBDIRS-$(CONFIG_OVMF) += ovmf-dir SUBDIRS-$(CONFIG_SEABIOS) += seabios-dir diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index 9f78a7dec9..c227fe2524 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -15,6 +15,8 @@ CFLAGS += -Werror $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -ffreestanding -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 04 11:33:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Apr 2022 11:33:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298289.508093 (Exim 4.92) (envelope-from ) id 1nbKxQ-00072a-Cn; Mon, 04 Apr 2022 11:33:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298289.508093; Mon, 04 Apr 2022 11:33:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbKxQ-00072L-9h; Mon, 04 Apr 2022 11:33:16 +0000 Received: by outflank-mailman (input) for mailman id 298289; Mon, 04 Apr 2022 11:33:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbKxP-00071u-0T for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 11:33:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbKxO-000582-Vr for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 11:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbKxO-0000vS-V1 for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 11:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/kUCRu2AcHBtQBq2dTTa1c1AL1qGUfSNbS3tFrvTscQ=; b=RwmXj+AwuIs4cbSWVNd63LIsSx d/XL+dXI+s95VccUXsqOq3adk+ewUi+amct6sr7HemfnYHOD4WrgVbM54MIZDjGkmNcTK0994nlvW o25cGmY3nqhv9Jo9ZKXeagwipIMlZsCcC1Sq+XoAsMFR1d0wSvUNnISxmx6ArlmNL4VQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/firmware: do not add a .note.gnu.property section Message-Id: Date: Mon, 04 Apr 2022 11:33:14 +0000 commit e270af94280e6a9610705ebc1fdd1d7a9b1f8a98 Author: Roger Pau Monne AuthorDate: Mon Apr 4 12:40:44 2022 +0200 Commit: Andrew Cooper CommitDate: Mon Apr 4 12:30:07 2022 +0100 tools/firmware: do not add a .note.gnu.property section Prevent the assembler from creating a .note.gnu.property section on the output objects, as it's not useful for firmware related binaries, and breaks the resulting rombios image. This requires modifying the cc-option Makefile macro so it can test assembler options (by replacing the usage of the -S flag with -c) and also stripping the -Wa, prefix if present when checking for the test output. Signed-off-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD Acked-by: Andrew Cooper --- Config.mk | 2 +- tools/firmware/Rules.mk | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index f56f7dc334..82832945e5 100644 --- a/Config.mk +++ b/Config.mk @@ -91,7 +91,7 @@ PYTHON_PREFIX_ARG ?= --prefix="$(prefix)" # # Usage: cflags-y += $(call cc-option,$(CC),-march=winchip-c6,-march=i586) cc-option = $(shell if test -z "`echo 'void*p=1;' | \ - $(1) $(2) -S -o /dev/null -x c - 2>&1 | grep -- $(2) -`"; \ + $(1) $(2) -c -o /dev/null -x c - 2>&1 | grep -- $(2:-Wa$(comma)%=%) -`"; \ then echo "$(2)"; else echo "$(3)"; fi ;) # cc-option-add: Add an option to compilation flags, but only if supported. diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index c227fe2524..278cca01e4 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -17,6 +17,10 @@ $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +# Do not add the .note.gnu.property section to any of the firmware objects: it +# breaks the rombios binary and is not useful for firmware anyway. +$(call cc-option-add,CFLAGS,CC,-Wa$$(comma)-mx86-used-note=no) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -ffreestanding -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 04 13:33:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Apr 2022 13:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298355.508229 (Exim 4.92) (envelope-from ) id 1nbMpO-0000GW-Hp; Mon, 04 Apr 2022 13:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298355.508229; Mon, 04 Apr 2022 13:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbMpO-0000GO-El; Mon, 04 Apr 2022 13:33:06 +0000 Received: by outflank-mailman (input) for mailman id 298355; Mon, 04 Apr 2022 13:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbMpM-0000GI-S6 for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 13:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbMpM-0007B1-Kc for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 13:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbMpM-0000Uq-Jd for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 13:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tkyTpXKJJBOwN/RBEIByOd2tDQcwQP3iLHtQBYBL4NE=; b=yMEXujJXIdx+X6jhvIpKPLHkBF TFWLqwZV9SqF5hwum+NLt9X3pzcXF1rUOitnNMIDO6coGLmY1HcdTY4CwEwe76v9b88u0KNyX0M7D J+GKAPi05H9uiwQ4A/5Ba5M0QXkGcW6Yu43HhgZQ/wgq/+DNXmQM6Q5XIPcTuFg1GuTk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] vpci/msix: fix PBA accesses Message-Id: Date: Mon, 04 Apr 2022 13:33:04 +0000 commit dd79dcc9f1bfd775fd7889d6684c41feee7c4eb0 Author: Roger Pau MonnĂ© AuthorDate: Mon Apr 4 15:19:52 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 4 15:19:52 2022 +0200 vpci/msix: fix PBA accesses Map the PBA in order to access it from the MSI-X read and write handlers. Note that previously the handlers would pass the physical host address into the {read,write}{l,q} handlers, which is wrong as those expect a linear address. Map the PBA using ioremap when the first access is performed. Note that 32bit arches might want to abstract the call to ioremap into a vPCI arch handler, so they can use a fixmap range to map the PBA. Reported-by: Jan Beulich Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich Tested-by: Alex Olson master commit: b4f21160601155762a4d014db9623af921fec959 master date: 2022-03-09 16:21:01 +0100 --- xen/drivers/vpci/msix.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++--- xen/drivers/vpci/vpci.c | 2 ++ xen/include/xen/vpci.h | 2 ++ 3 files changed, 65 insertions(+), 4 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index 846f1b8d70..ac5de98f6d 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -182,6 +182,38 @@ static struct vpci_msix_entry *get_entry(struct vpci_msix *msix, return &msix->entries[(addr - start) / PCI_MSIX_ENTRY_SIZE]; } +static void __iomem *get_pba(struct vpci *vpci) +{ + struct vpci_msix *msix = vpci->msix; + /* + * PBA will only be unmapped when the device is deassigned, so access it + * without holding the vpci lock. + */ + void __iomem *pba = read_atomic(&msix->pba); + + if ( likely(pba) ) + return pba; + + pba = ioremap(vmsix_table_addr(vpci, VPCI_MSIX_PBA), + vmsix_table_size(vpci, VPCI_MSIX_PBA)); + if ( !pba ) + return read_atomic(&msix->pba); + + spin_lock(&vpci->lock); + if ( !msix->pba ) + { + write_atomic(&msix->pba, pba); + spin_unlock(&vpci->lock); + } + else + { + spin_unlock(&vpci->lock); + iounmap(pba); + } + + return read_atomic(&msix->pba); +} + static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, unsigned long *data) { @@ -200,6 +232,10 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); + /* * Access to PBA. * @@ -207,14 +243,22 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, * guest address space. If this changes the address will need to be * translated. */ + if ( !pba ) + { + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, report all pending\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - *data = readl(addr); + *data = readl(pba + idx); break; case 8: - *data = readq(addr); + *data = readq(pba + idx); break; default: @@ -278,14 +322,27 @@ static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, /* Ignore writes to PBA for DomUs, it's behavior is undefined. */ if ( is_hardware_domain(d) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); + + if ( !pba ) + { + /* Unable to map the PBA, ignore write. */ + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, write ignored\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - writel(data, addr); + writel(data, pba + idx); break; case 8: - writeq(data, addr); + writeq(data, pba + idx); break; default: diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index cbd1bac7fc..a27c9e600d 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -48,6 +48,8 @@ void vpci_remove_device(struct pci_dev *pdev) xfree(r); } spin_unlock(&pdev->vpci->lock); + if ( pdev->vpci->msix && pdev->vpci->msix->pba ) + iounmap(pdev->vpci->msix->pba); xfree(pdev->vpci->msix); xfree(pdev->vpci->msi); xfree(pdev->vpci); diff --git a/xen/include/xen/vpci.h b/xen/include/xen/vpci.h index 9f5b5d52e1..f19e79447a 100644 --- a/xen/include/xen/vpci.h +++ b/xen/include/xen/vpci.h @@ -127,6 +127,8 @@ struct vpci { bool enabled : 1; /* Masked? */ bool masked : 1; + /* PBA map */ + void __iomem *pba; /* Entries. */ struct vpci_msix_entry { uint64_t addr; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Mon Apr 04 13:33:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Apr 2022 13:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298356.508233 (Exim 4.92) (envelope-from ) id 1nbMpX-0000It-JH; Mon, 04 Apr 2022 13:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298356.508233; Mon, 04 Apr 2022 13:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbMpX-0000Il-GF; Mon, 04 Apr 2022 13:33:15 +0000 Received: by outflank-mailman (input) for mailman id 298356; Mon, 04 Apr 2022 13:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbMpW-0000Id-OS for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 13:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbMpW-0007B9-NZ for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 13:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbMpW-0000VY-Ml for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 13:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fM3yeU2a4tZDWxZQp8y79iSGoC4diqvstGvxRWZEFUo=; b=RQCtFiGH9AM2Bx9g5I9ujgcxGA KoBbVGSwfmwosP2Wkszv+9QY1D2GJwS6T7ltHHFlMzPascEBhtPHSvVdI1wfXitcRzJFk5Yf43qaf cQ9iJQ5eh+vIrT92tuxXrUag3Ndvj5CU+xVkIJgK9TxhAPBDnxnNt6u09NOpx4i3VMak=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] livepatch: account for patch offset when applying NOP patch Message-Id: Date: Mon, 04 Apr 2022 13:33:14 +0000 commit e11d98d6fc433633f702db02256042862a48ddee Author: Jan Beulich AuthorDate: Mon Apr 4 15:21:29 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 4 15:21:29 2022 +0200 livepatch: account for patch offset when applying NOP patch While not triggered by the trivial xen_nop in-tree patch on staging/master, that patch exposes a problem on the stable trees, where all functions have ENDBR inserted. When NOP-ing out a range, we need to account for this. Handle this right in livepatch_insn_len(). This requires livepatch_insn_len() to be called _after_ ->patch_offset was set. Fixes: 6974c75180f1 ("xen/x86: Livepatch: support patching CET-enhanced functions") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 8a87b9a0fb0564f9d68f0be0a0d1a17c34117b8b master date: 2022-03-31 10:45:46 +0200 --- xen/arch/x86/livepatch.c | 8 +++++--- xen/include/xen/livepatch.h | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index e94ac9b228..a3cb63a7ea 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -144,9 +144,6 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) func->patch_offset = 0; old_ptr = func->old_addr; - len = livepatch_insn_len(func); - if ( !len ) - return; /* * CET hotpatching support: We may have functions starting with an ENDBR64 @@ -159,6 +156,11 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) if ( is_endbr64(old_ptr) ) func->patch_offset += ENDBR64_LEN; + /* This call must be done with ->patch_offset already set. */ + len = livepatch_insn_len(func); + if ( !len ) + return; + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { diff --git a/xen/include/xen/livepatch.h b/xen/include/xen/livepatch.h index f3ae10f007..9fdb29c382 100644 --- a/xen/include/xen/livepatch.h +++ b/xen/include/xen/livepatch.h @@ -90,7 +90,7 @@ static inline unsigned int livepatch_insn_len(const struct livepatch_func *func) { if ( !func->new_addr ) - return func->new_size; + return func->new_size - func->patch_offset; return ARCH_PATCH_INSN_SIZE; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Mon Apr 04 14:00:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Apr 2022 14:00:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298361.508248 (Exim 4.92) (envelope-from ) id 1nbNFV-0003Yj-Pk; Mon, 04 Apr 2022 14:00:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298361.508248; Mon, 04 Apr 2022 14:00:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbNFV-0003YN-Mg; Mon, 04 Apr 2022 14:00:05 +0000 Received: by outflank-mailman (input) for mailman id 298361; Mon, 04 Apr 2022 14:00:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbNFU-0003L7-Lq for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 14:00:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbNFU-0007i0-IB for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 14:00:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbNFU-0002Ia-Fx for xen-changelog@lists.xenproject.org; Mon, 04 Apr 2022 14:00:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wL2FjTcs+3NL4JIXywLIYRf4sMN162hgKEBVL7vtA1E=; b=xDPUvCHObsdo4mXBpvRt8QJpmy xKkdwjrPrtDgHxVBzfqFrb7jodJ1iNVK/FexsCWqsRr6+9DJQBf8OcFEA9bfBlxNd3U+IDWl7a6IL hxysZds2dXtTuNjewS+v9QWiH5DG04UUnFsB81GmCUMVQkZ1GpkMk+JdSCZQV1T7VUyc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] livepatch: account for patch offset when applying NOP patch Message-Id: Date: Mon, 04 Apr 2022 14:00:04 +0000 commit 57cd4b1c52881e49901b344ca3da00209c4689f7 Author: Jan Beulich AuthorDate: Mon Apr 4 15:58:04 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 4 15:58:04 2022 +0200 livepatch: account for patch offset when applying NOP patch While not triggered by the trivial xen_nop in-tree patch on staging/master, that patch exposes a problem on the stable trees, where all functions have ENDBR inserted. When NOP-ing out a range, we need to account for this. Handle this right in livepatch_insn_len(). This requires livepatch_insn_len() to be called _after_ ->patch_offset was set. Fixes: 6974c75180f1 ("xen/x86: Livepatch: support patching CET-enhanced functions") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 8a87b9a0fb0564f9d68f0be0a0d1a17c34117b8b master date: 2022-03-31 10:45:46 +0200 --- xen/arch/x86/livepatch.c | 8 +++++--- xen/include/xen/livepatch.h | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index e94ac9b228..a3cb63a7ea 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -144,9 +144,6 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) func->patch_offset = 0; old_ptr = func->old_addr; - len = livepatch_insn_len(func); - if ( !len ) - return; /* * CET hotpatching support: We may have functions starting with an ENDBR64 @@ -159,6 +156,11 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) if ( is_endbr64(old_ptr) ) func->patch_offset += ENDBR64_LEN; + /* This call must be done with ->patch_offset already set. */ + len = livepatch_insn_len(func); + if ( !len ) + return; + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { diff --git a/xen/include/xen/livepatch.h b/xen/include/xen/livepatch.h index f3ae10f007..9fdb29c382 100644 --- a/xen/include/xen/livepatch.h +++ b/xen/include/xen/livepatch.h @@ -90,7 +90,7 @@ static inline unsigned int livepatch_insn_len(const struct livepatch_func *func) { if ( !func->new_addr ) - return func->new_size; + return func->new_size - func->patch_offset; return ARCH_PATCH_INSN_SIZE; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:11:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:11:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298512.508519 (Exim 4.92) (envelope-from ) id 1nbYes-0002Ge-A9; Tue, 05 Apr 2022 02:11:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298512.508519; Tue, 05 Apr 2022 02:11:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYes-0002GV-6z; Tue, 05 Apr 2022 02:11:02 +0000 Received: by outflank-mailman (input) for mailman id 298512; Tue, 05 Apr 2022 02:11:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYer-0002GP-Nq for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYer-0005TG-Mx for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYer-0004AT-M4 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HoEZQQWyTR6eV3txQlvVDP08GjCJTQbz82w87o3EebA=; b=ADdE7alF0QJY6whHuA4w1Qs+pS tRXbR2Wc3mt6lIAcwRsKOGFxrGoNfSTgboPFoOieArt/QKYhmyFlAE1QzL4kEIvVFD2oiPXf40OJ7 KKnEawsd2+dzpmwgZh6uuO6wMl/hOoi25lHcCRnKnBXs71MsYijWgByjxrgPXlIcTVLA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86: Introduce support for CET-IBT Message-Id: Date: Tue, 05 Apr 2022 02:11:01 +0000 commit 96233cf87b4ead3f6480ed21c3ed2836dcc29418 Author: Andrew Cooper AuthorDate: Thu Oct 21 18:38:50 2021 +0100 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86: Introduce support for CET-IBT CET Indirect Branch Tracking is a hardware feature designed to provide forward-edge control flow integrity, protecting against jump/call oriented programming. IBT requires the placement of endbr{32,64} instructions at the target of every indirect call/jmp, and every entrypoint. It is necessary to check for both compiler and assembler support, as the notrack prefix can be emitted in certain cases. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 3667f7f8f7c471e94e58cf35a95f09a0fe5c1290) Note: For backports to 4.14 thru 4.16, we are deliberately not using -mmanual-endbr as done in staging, as an intermediate approach which is not too invasive to backport. x86/cet: Force -fno-jump-tables for CET-IBT Both GCC and Clang have a (mis)feature where, even with -fcf-protection=branch, jump tables are created using a notrack jump rather than using endbr's in each case statement. This is incompatible with the safety properties we want in Xen, and enforced by not setting MSR_S_CET.NOTRACK_EN. The consequence is a fatal #CP[endbr]. -fno-jump-tables is generally active as a side effect of CONFIG_INDIRECT_THUNK (retpoline), but as of c/s 95d9ab461436 ("x86/Kconfig: introduce option to select retpoline usage"), we explicitly support turning retpoline off. Fixes: 3667f7f8f7c4 ("x86: Introduce support for CET-IBT") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9d4a44380d273de22d5753883cbf5581795ff24d) --- Config.mk | 1 - xen/arch/x86/Kconfig | 17 +++++++++++++++++ xen/arch/x86/arch.mk | 9 +++++++++ xen/arch/x86/configs/pvshim_defconfig | 1 + xen/include/asm-x86/asm-defns.h | 6 ++++++ xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/cpufeatures.h | 1 + 7 files changed, 35 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index f467b43beb..ae5eaecd62 100644 --- a/Config.mk +++ b/Config.mk @@ -205,7 +205,6 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables -EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 27cb793165..4fdb39af3e 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -38,6 +38,11 @@ config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) +config HAS_CC_CET_IBT + # GCC >= 9 and binutils >= 2.29 + # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 + def_bool $(cc-option,-fcf-protection=branch -mindirect-branch=thunk-extern) && $(as-instr,endbr64) + menu "Architecture Features" source "arch/Kconfig" @@ -119,6 +124,18 @@ config XEN_SHSTK When CET-SS is active, 32bit PV guests cannot be used. Backwards compatiblity can be provided via the PV Shim mechanism. +config XEN_IBT + bool "Supervisor Indirect Branch Tracking" + depends on HAS_CC_CET_IBT + default y + help + Control-flow Enforcement Technology (CET) is a set of features in + hardware designed to combat Return-oriented Programming (ROP, also + call/jump COP/JOP) attacks. Indirect Branch Tracking is one CET + feature designed to provide function pointer protection. + + This option arranges for Xen to use CET-IBT for its own protection. + config SHADOW_PAGING bool "Shadow Paging" default !PV_SHIM_EXCLUSIVE diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index ce0c1a0e7f..033048ab6b 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -46,6 +46,15 @@ CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch-register CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables +ifdef CONFIG_XEN_IBT +# Force -fno-jump-tables to work around +# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816 +# https://github.com/llvm/llvm-project/issues/54247 +CFLAGS += -fcf-protection=branch -fno-jump-tables +else +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +endif + # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. $(call cc-option-add,CFLAGS-stack-boundary,CC,-mpreferred-stack-boundary=3) diff --git a/xen/arch/x86/configs/pvshim_defconfig b/xen/arch/x86/configs/pvshim_defconfig index cdf5776610..23ba51e728 100644 --- a/xen/arch/x86/configs/pvshim_defconfig +++ b/xen/arch/x86/configs/pvshim_defconfig @@ -9,6 +9,7 @@ CONFIG_EXPERT=y CONFIG_SCHED_NULL=y # Disable features not used by the PV shim # CONFIG_XEN_SHSTK is not set +# CONFIG_XEN_IBT is not set # CONFIG_GRANT_TABLE is not set # CONFIG_HYPFS is not set # CONFIG_BIGMEM is not set diff --git a/xen/include/asm-x86/asm-defns.h b/xen/include/asm-x86/asm-defns.h index 505f39ad5f..8bd9007731 100644 --- a/xen/include/asm-x86/asm-defns.h +++ b/xen/include/asm-x86/asm-defns.h @@ -57,6 +57,12 @@ INDIRECT_BRANCH jmp \arg .endm +#ifdef CONFIG_XEN_IBT +# define ENDBR64 endbr64 +#else +# define ENDBR64 +#endif + .macro guest_access_mask_ptr ptr:req, scratch1:req, scratch2:req #if defined(CONFIG_SPECULATIVE_HARDEN_GUEST_ACCESS) /* diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index fe04d98fa1..460d38356c 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -153,6 +153,7 @@ #define cpu_has_lfence_dispatch boot_cpu_has(X86_FEATURE_LFENCE_DISPATCH) #define cpu_has_xen_lbr boot_cpu_has(X86_FEATURE_XEN_LBR) #define cpu_has_xen_shstk boot_cpu_has(X86_FEATURE_XEN_SHSTK) +#define cpu_has_xen_ibt boot_cpu_has(X86_FEATURE_XEN_IBT) #define cpu_has_msr_tsc_aux (cpu_has_rdtscp || cpu_has_rdpid) diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 6c8f432aee..fe2f97354f 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -39,6 +39,7 @@ XEN_CPUFEATURE(SC_VERW_PV, X86_SYNTH(23)) /* VERW used by Xen for PV */ XEN_CPUFEATURE(SC_VERW_HVM, X86_SYNTH(24)) /* VERW used by Xen for HVM */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ +XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:11:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:11:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298513.508523 (Exim 4.92) (envelope-from ) id 1nbYf2-0002Ia-BU; Tue, 05 Apr 2022 02:11:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298513.508523; Tue, 05 Apr 2022 02:11:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYf2-0002IQ-8X; Tue, 05 Apr 2022 02:11:12 +0000 Received: by outflank-mailman (input) for mailman id 298513; Tue, 05 Apr 2022 02:11:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYf1-0002IK-R4 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYf1-0005Te-Q9 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYf1-0004BA-PM for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JSIgUpFxvH8Pncg2KlqkiH4lJ2jRMbpEDgBQQTRNTBY=; b=e4iIik4t0Oy/4L/KwWpgqoJIi9 I1MHkyPu2fdMUMGvErLR2I6Ia+/vo5rh40iBKHJ+fyh4f6BWVAfJv/0wCzabIlW9vtA4YmcrCAa+7 el7Y8uuQjBNAKfBB4DAihK9EwBIhaxzhwkSwr9iGSW2wetQakoHL1brzOkhm8F5f7p0g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/setup: Read CR4 earlier in __start_xen() Message-Id: Date: Tue, 05 Apr 2022 02:11:11 +0000 commit 473f7cb1a1a0299ebbc243e52d407a990936f79a Author: Andrew Cooper AuthorDate: Mon Nov 1 10:19:57 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/setup: Read CR4 earlier in __start_xen() This is necessary for read_cr4() to function correctly. Move the EFER caching at the same time. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9851bc4939101828d2ad7634b93c0d9ccaef5b7e) --- xen/arch/x86/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index b1f96f71b6..467dcfc4cf 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -870,6 +870,9 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ + rdmsrl(MSR_EFER, this_cpu(efer)); + asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -916,9 +919,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) parse_video_info(); - rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); - /* We initialise the serial devices very early so we can get debugging. */ ns16550.io_base = 0x3f8; ns16550.irq = 4; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:11:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:11:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298514.508527 (Exim 4.92) (envelope-from ) id 1nbYfD-0002LM-D5; Tue, 05 Apr 2022 02:11:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298514.508527; Tue, 05 Apr 2022 02:11:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfD-0002LE-A5; Tue, 05 Apr 2022 02:11:23 +0000 Received: by outflank-mailman (input) for mailman id 298514; Tue, 05 Apr 2022 02:11:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfB-0002L5-UH for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfB-0005Tp-TK for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYfB-0004Bl-SX for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ms575OtaZO9OyEt1xqkk2DSRScRCToJ+TSFxm7QdaRo=; b=RpOaFgePscQtaXujIukh8wBJTm LgKSe3THN1BhqcHjkwBIIlbiWVNixli+hX0TIcC9rVKZALcfWGXNtsGWPupoUieJo+4h9DvTCVdFU DNE9FVhChEEhsJQQPDlTy/nUEbStXpTGNbW9ewWYHi+MkMHwhH9DYM7pF9NPqYSIA7bk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/alternatives: Clear CR4.CET when clearing CR0.WP Message-Id: Date: Tue, 05 Apr 2022 02:11:21 +0000 commit aa53c1299b5c53005bd2ffedbfe397413197e6f1 Author: Andrew Cooper AuthorDate: Mon Nov 1 10:17:59 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/alternatives: Clear CR4.CET when clearing CR0.WP This allows us to have CET active much earlier in boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 48cdc15a424f9fadad7f9aed00e7dc8ef16a2196) --- xen/arch/x86/alternative.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 004e9ede25..41415db08c 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -334,9 +334,13 @@ static int __init nmi_apply_alternatives(const struct cpu_user_regs *regs, */ if ( !(alt_done & alt_todo) ) { - unsigned long cr0; + unsigned long cr0, cr4; cr0 = read_cr0(); + cr4 = read_cr4(); + + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4 & ~X86_CR4_CET); /* Disable WP to allow patching read-only pages. */ write_cr0(cr0 & ~X86_CR0_WP); @@ -346,6 +350,9 @@ static int __init nmi_apply_alternatives(const struct cpu_user_regs *regs, write_cr0(cr0); + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4); + alt_done |= alt_todo; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:11:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:11:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298515.508531 (Exim 4.92) (envelope-from ) id 1nbYfN-0002Oy-Fp; Tue, 05 Apr 2022 02:11:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298515.508531; Tue, 05 Apr 2022 02:11:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfN-0002Oq-Cq; Tue, 05 Apr 2022 02:11:33 +0000 Received: by outflank-mailman (input) for mailman id 298515; Tue, 05 Apr 2022 02:11:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfM-0002Oc-1F for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfM-0005U1-0B for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYfL-0004CM-Vj for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PdE4oVLHQ+k5sF3lGkUuYNcR4JdEimocZV4Mkm2jrPQ=; b=zwaoOWYoaBsB/r1317sUshb0CU l4O4VxApHU0Wmow2P1zTHm3LdM18Jyu+ItBfjIDOJm60TMc4+6WjzNBMCq1xnC+CLjRfgj0pQASuw eNEBY30giMSfdU4u62JXcp3r6PYMVscux/YukcQJc5jS6S+qLi5bibM8iPsD4Ql+UC4w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/traps: Rework write_stub_trampoline() to not hardcode the jmp Message-Id: Date: Tue, 05 Apr 2022 02:11:31 +0000 commit c8879601975365156aa148576bf4e5a271fdf252 Author: Andrew Cooper AuthorDate: Mon Nov 1 12:36:33 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/traps: Rework write_stub_trampoline() to not hardcode the jmp For CET-IBT, we will need to optionally insert an endbr64 instruction at the start of the stub. Don't hardcode the jmp displacement assuming that it starts at byte 24 of the stub. Also add extra comments describing what is going on. The mix of %rax and %rsp is far from trivial to follow. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 809beac3e7fdfd20000386453c64a1e2a3d93075) --- xen/arch/x86/x86_64/traps.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index 4116ecb9c0..66b8986dd9 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -268,30 +268,39 @@ static unsigned int write_stub_trampoline( unsigned char *stub, unsigned long stub_va, unsigned long stack_bottom, unsigned long target_va) { + unsigned char *p = stub; + + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ - stub[0] = 0x48; - stub[1] = 0xa3; - *(uint64_t *)&stub[2] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xa3; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp in %rax */ /* movq %rsp, %rax */ - stub[10] = 0x48; - stub[11] = 0x89; - stub[12] = 0xe0; + *p++ = 0x48; + *p++ = 0x89; + *p++ = 0xe0; + /* Switch to Xen stack */ /* movabsq $stack_bottom - 8, %rsp */ - stub[13] = 0x48; - stub[14] = 0xbc; - *(uint64_t *)&stub[15] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xbc; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp into %rsp slot */ /* pushq %rax */ - stub[23] = 0x50; + *p++ = 0x50; /* jmp target_va */ - stub[24] = 0xe9; - *(int32_t *)&stub[25] = target_va - (stub_va + 29); + *p++ = 0xe9; + *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); + p += 4; /* Round up to a multiple of 16 bytes. */ - return 32; + return ROUNDUP(p - stub, 16); } DEFINE_PER_CPU(struct stubs, stubs); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:11:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:11:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298516.508535 (Exim 4.92) (envelope-from ) id 1nbYfX-0002SG-HX; Tue, 05 Apr 2022 02:11:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298516.508535; Tue, 05 Apr 2022 02:11:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfX-0002S7-ER; Tue, 05 Apr 2022 02:11:43 +0000 Received: by outflank-mailman (input) for mailman id 298516; Tue, 05 Apr 2022 02:11:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfW-0002Rv-4J for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfW-0005UB-3O for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYfW-0004D3-2f for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=U+8kCZhO7hGY0dgOZy1j1y8NzsUKfV6BomwmyToxqMc=; b=Ga1vtq54eqjxTNQJMdX1dasgdn 7GUbrSbcq60J0eDZorCH/19FSCb32MLzxyEQyJX+SZduMy3sD1tZOEsqz49kK0nIgiZGSQbGAiJA2 WIpuk9QJ0hJ8nzcpEezxZMO747+JeY0b2a4+u7qGQU5pu78sR4NHLq3BRcoB3D/ggztY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86: Introduce helpers/checks for endbr64 instructions Message-Id: Date: Tue, 05 Apr 2022 02:11:42 +0000 commit 86a3a18552fa2b480f6827e81e4c759513a51845 Author: Andrew Cooper AuthorDate: Fri Nov 26 15:34:08 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86: Introduce helpers/checks for endbr64 instructions ... to prevent the optimiser creating unsafe code. See the code comment for full details. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4046ba97446e3974a4411db227263a9f11e0aeb4) Note: For the backport to 4.14 thru 4.16, we don't care for embedded endbr64 specifically, but place_endbr64() is a prerequisite for other parts of the series. --- xen/include/asm-x86/endbr.h | 55 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/xen/include/asm-x86/endbr.h b/xen/include/asm-x86/endbr.h new file mode 100644 index 0000000000..6090afeb0b --- /dev/null +++ b/xen/include/asm-x86/endbr.h @@ -0,0 +1,55 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2021-2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_ENDBR_H +#define XEN_ASM_ENDBR_H + +#include + +#define ENDBR64_LEN 4 + +/* + * In some cases we need to inspect/insert endbr64 instructions. + * + * The naive way, mem{cmp,cpy}(ptr, "\xf3\x0f\x1e\xfa", 4), optimises unsafely + * by placing 0xfa1e0ff3 in an imm32 operand, and marks a legal indirect + * branch target as far as the CPU is concerned. + * + * gen_endbr64() is written deliberately to avoid the problematic operand, and + * marked __const__ as it is safe for the optimiser to hoist/merge/etc. + */ +static inline uint32_t __attribute_const__ gen_endbr64(void) +{ + uint32_t res; + + asm ( "mov $~0xfa1e0ff3, %[res]\n\t" + "not %[res]\n\t" + : [res] "=&r" (res) ); + + return res; +} + +static inline bool is_endbr64(const void *ptr) +{ + return *(const uint32_t *)ptr == gen_endbr64(); +} + +static inline void place_endbr64(void *ptr) +{ + *(uint32_t *)ptr = gen_endbr64(); +} + +#endif /* XEN_ASM_ENDBR_H */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:11:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:11:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298517.508539 (Exim 4.92) (envelope-from ) id 1nbYfh-0002VB-Ir; Tue, 05 Apr 2022 02:11:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298517.508539; Tue, 05 Apr 2022 02:11:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfh-0002V3-Fy; Tue, 05 Apr 2022 02:11:53 +0000 Received: by outflank-mailman (input) for mailman id 298517; Tue, 05 Apr 2022 02:11:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfg-0002Um-7j for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfg-0005UM-6m for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYfg-0004Di-5x for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:11:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=h+IrGHr+xdLo4Aap70vxGJQ0GwHRsX+QowPPYhGzyUM=; b=Zd8jTh5DUmHcmWkBACP1/+B8m4 3WPXu6sDlFdDCef5Ql5CZbafv3SXmEu8+B0GMVBrkxD2/3GyOiSNAyLsrMHLPk+LU99Y+55K6YcxD IZfOUEeca6ndnivoMZ5cJpfNb3ZyoPS3kukbpUrDwHnGcdFw5DyDB3XvZIVEoQd8AJss=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/emul: Update emulation stubs to be CET-IBT compatible Message-Id: Date: Tue, 05 Apr 2022 02:11:52 +0000 commit ddeebb5f09b7a0c168395e919078c616a0965a49 Author: Andrew Cooper AuthorDate: Mon Nov 1 10:09:59 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/emul: Update emulation stubs to be CET-IBT compatible All indirect branches need to land on an endbr64 instruction. For stub_selftests(), use endbr64 unconditionally for simplicity. For ioport and instruction emulation, add endbr64 conditionally. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0d101568d29e8b4bfd33f20031fedec2652aa0cf) --- xen/arch/x86/extable.c | 12 +++++++----- xen/arch/x86/pv/emul-priv-op.c | 7 +++++++ xen/arch/x86/x86_emulate.c | 13 +++++++++++-- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index 109ab7da98..0d30595ea1 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -127,20 +127,22 @@ search_exception_table(const struct cpu_user_regs *regs) static int __init stub_selftest(void) { static const struct { - uint8_t opc[4]; + uint8_t opc[8]; uint64_t rax; union stub_exception_token res; } tests[] __initconst = { - { .opc = { 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ +#define endbr64 0xf3, 0x0f, 0x1e, 0xfa + { .opc = { endbr64, 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ .res.fields.trapnr = TRAP_invalid_op }, - { .opc = { 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ + { .opc = { endbr64, 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ .rax = 0x0123456789abcdef, .res.fields.trapnr = TRAP_gp_fault }, - { .opc = { 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ + { .opc = { endbr64, 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ .rax = 0xfedcba9876543210, .res.fields.trapnr = TRAP_stack_error }, - { .opc = { 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ + { .opc = { endbr64, 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ .res.fields.trapnr = TRAP_int3 }, +#undef endbr64 }; unsigned long addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; unsigned int i; diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 11467a1e3a..274a717979 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -26,6 +26,7 @@ #include #include +#include #include #include #include @@ -110,6 +111,12 @@ static io_emul_stub_t *io_emul_stub_setup(struct priv_op_ctxt *ctxt, u8 opcode, p = ctxt->io_emul_stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + APPEND_BUFF(prologue); APPEND_CALL(load_guest_gprs); diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c index 1e082e6f3b..379e889768 100644 --- a/xen/arch/x86/x86_emulate.c +++ b/xen/arch/x86/x86_emulate.c @@ -17,6 +17,7 @@ #include #include /* cpu_has_amd_erratum() */ #include +#include /* Avoid namespace pollution. */ #undef cmpxchg @@ -29,11 +30,19 @@ cpu_has_amd_erratum(¤t_cpu_data, AMD_ERRATUM_##nr) #define get_stub(stb) ({ \ + void *ptr; \ BUILD_BUG_ON(STUB_BUF_SIZE / 2 < MAX_INST_LEN + 1); \ ASSERT(!(stb).ptr); \ (stb).addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; \ - memset(((stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn)))) + \ - ((stb).addr & ~PAGE_MASK), 0xcc, STUB_BUF_SIZE / 2); \ + (stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn))) + \ + ((stb).addr & ~PAGE_MASK); \ + ptr = memset((stb).ptr, 0xcc, STUB_BUF_SIZE / 2); \ + if ( cpu_has_xen_ibt ) \ + { \ + place_endbr64(ptr); \ + ptr += 4; \ + } \ + ptr; \ }) #define put_stub(stb) ({ \ if ( (stb).ptr ) \ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:12:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:12:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298518.508543 (Exim 4.92) (envelope-from ) id 1nbYfr-0002YA-KS; Tue, 05 Apr 2022 02:12:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298518.508543; Tue, 05 Apr 2022 02:12:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfr-0002Y2-HY; Tue, 05 Apr 2022 02:12:03 +0000 Received: by outflank-mailman (input) for mailman id 298518; Tue, 05 Apr 2022 02:12:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfq-0002Xp-Az for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYfq-0005V6-A0 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYfq-0004Ec-9M for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=z3iQSLxE3LYiwu27PE1F6BjKbnDLPB1r8MEZY2s/cLA=; b=sXadC8DhP7OhthCXhPW2NSwpco 8nMYefngHTQ36x7A7jD2YefNNApcrjkV40HiXhvKns1UF8D/uIrV+ZvyeoJWPn6P0pYFdTX6VkX4Q u28cylfbHj75ahc4k0OHzUB758W/VsvirJp7ZgIBRobNxrZdkWV/ZRdaxZhH3P0ZzzFI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Message-Id: Date: Tue, 05 Apr 2022 02:12:02 +0000 commit b75e78f1ece4ec23e4534cf2f2ac24cbd8771c29 Author: Andrew Cooper AuthorDate: Mon Nov 1 09:51:16 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Each of MSR_{L,C}STAR and MSR_SYSENTER_EIP need to land on an endbr64 instruction. For sysenter, this is easy. Unfortunately for syscall, the stubs are already 29 byte long with a limit of 32. endbr64 is 4 bytes. Luckily, there is a 1 byte instruction which can move from the stubs into the main handlers. Move the push %rax out of the stub and into {l,c}star_entry(), allowing room for the endbr64 instruction when appropriate. Update the comment describing the entry state. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 17d77ec62a299f4299883ec79ab10cacafd0b2f5) --- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 14 +++++++------- xen/arch/x86/x86_64/traps.c | 11 +++++++---- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index c2c73cc732..5297583120 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -204,9 +204,9 @@ ENTRY(cstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ + push %rax /* Guest %rsp */ CR4_PV32_RESTORE - movq 8(%rsp),%rax /* Restore %rax. */ + movq 8(%rsp), %rax /* Restore guest %rax. */ movq $FLAT_USER_SS32, 8(%rsp) /* Assume a 64bit domain. Compat handled lower. */ pushq %r11 pushq $FLAT_USER_CS32 diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index e2ff4a9018..3327b4a646 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -241,18 +241,17 @@ iret_exit_to_guest: * When entering SYSCALL from user mode: * Vector directly to the registered arch.syscall_addr. * - * Initial work is done by per-CPU trampolines. At this point %rsp has been - * initialised to point at the correct Xen stack, %rsp has been saved, and - * %rax needs to be restored from the %ss save slot. All other registers are - * still to be saved onto the stack, starting with RFLAGS, and an appropriate - * %ss must be saved into the space left by the trampoline. + * Initial work is done by per-CPU trampolines. + * - Guest %rax stored in the %ss slot + * - Guest %rsp stored in %rax + * - Xen stack loaded, pointing at the %ss slot */ ENTRY(lstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ - movq 8(%rsp),%rax /* Restore %rax. */ + push %rax /* Guest %rsp */ + movq 8(%rsp), %rax /* Restore guest %rax */ movq $FLAT_KERNEL_SS,8(%rsp) pushq %r11 pushq $FLAT_KERNEL_CS64 @@ -284,6 +283,7 @@ ENTRY(lstar_enter) jmp test_all_events ENTRY(sysenter_entry) + ENDBR64 #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index 66b8986dd9..05a4a0bacf 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -270,6 +271,12 @@ static unsigned int write_stub_trampoline( { unsigned char *p = stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ *p++ = 0x48; @@ -290,10 +297,6 @@ static unsigned int write_stub_trampoline( *(uint64_t *)p = stack_bottom - 8; p += 8; - /* Store guest %rsp into %rsp slot */ - /* pushq %rax */ - *p++ = 0x50; - /* jmp target_va */ *p++ = 0xe9; *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:12:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:12:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298519.508546 (Exim 4.92) (envelope-from ) id 1nbYg1-0002ap-Lw; Tue, 05 Apr 2022 02:12:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298519.508546; Tue, 05 Apr 2022 02:12:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYg1-0002ah-J4; Tue, 05 Apr 2022 02:12:13 +0000 Received: by outflank-mailman (input) for mailman id 298519; Tue, 05 Apr 2022 02:12:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYg0-0002aX-Dz for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYg0-0005VM-Cy for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYg0-0004FE-CQ for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8sQWPTyvQrPGHY8/f2zHb4hnG9o22aMD4DJvqEI6O2I=; b=cRzZF1Z5ZxhjZm6WRqbAWbDYJl nTe9sZ2YWTH3eDwwiN9/fcy8l7CBUmp7w97MSAiXW8jW3uHAx2nMHcqRcJ73MJq76fRcUuZvsqOx8 WHjlpqqOcPVkT/3Z9Dn8lPgNBOc2/W4+n9/cWSUZHjhxv7oFKWyiWSGXBAiPCfzOx6IY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/entry: Make IDT entrypoints CET-IBT compatible Message-Id: Date: Tue, 05 Apr 2022 02:12:12 +0000 commit c3fed31049240de3583e0e1bbea2b3b6278afa2a Author: Andrew Cooper AuthorDate: Mon Nov 1 17:08:24 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/entry: Make IDT entrypoints CET-IBT compatible Each IDT vector needs to land on an endbr64 instruction. This is especially important for the #CP handler, which will recurse indefinitely if the endbr64 is missing, eventually escalating to #DF if guard pages are active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e702e36d1d519f4b66086650c1c47d6bac96d4b9) Also include the continue_pv_domain() change from c/s 954bb07fdb5fad which is also in entry.S --- xen/arch/x86/x86_64/compat/entry.S | 1 + xen/arch/x86/x86_64/entry.S | 31 +++++++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 5297583120..0cfe953142 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -14,6 +14,7 @@ #ifdef CONFIG_PV32 ENTRY(entry_int82) + ENDBR64 ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movl $HYPERCALL_VECTOR, 4(%rsp) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 3327b4a646..2f3f48ff27 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -345,6 +345,7 @@ UNLIKELY_END(sysenter_gpf) jmp .Lbounce_exception ENTRY(int80_direct_trap) + ENDBR64 ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movl $0x80, 4(%rsp) @@ -573,6 +574,7 @@ ENTRY(dom_crash_sync_extable) /* No special register assumptions. */ #ifdef CONFIG_PV ENTRY(continue_pv_domain) + ENDBR64 call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) @@ -641,6 +643,7 @@ ENTRY(common_interrupt) jmp ret_from_intr ENTRY(page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) /* No special register assumptions. */ GLOBAL(handle_exception) @@ -779,75 +782,91 @@ FATAL_exception_with_ints_disabled: BUG /* fatal_trap() shouldn't return. */ ENTRY(divide_error) + ENDBR64 pushq $0 movl $TRAP_divide_error,4(%rsp) jmp handle_exception ENTRY(coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_copro_error,4(%rsp) jmp handle_exception ENTRY(simd_coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_simd_error,4(%rsp) jmp handle_exception ENTRY(device_not_available) + ENDBR64 pushq $0 movl $TRAP_no_device,4(%rsp) jmp handle_exception ENTRY(debug) + ENDBR64 pushq $0 movl $TRAP_debug,4(%rsp) jmp handle_ist_exception ENTRY(int3) + ENDBR64 pushq $0 movl $TRAP_int3,4(%rsp) jmp handle_exception ENTRY(overflow) + ENDBR64 pushq $0 movl $TRAP_overflow,4(%rsp) jmp handle_exception ENTRY(bounds) + ENDBR64 pushq $0 movl $TRAP_bounds,4(%rsp) jmp handle_exception ENTRY(invalid_op) + ENDBR64 pushq $0 movl $TRAP_invalid_op,4(%rsp) jmp handle_exception ENTRY(invalid_TSS) + ENDBR64 movl $TRAP_invalid_tss,4(%rsp) jmp handle_exception ENTRY(segment_not_present) + ENDBR64 movl $TRAP_no_segment,4(%rsp) jmp handle_exception ENTRY(stack_segment) + ENDBR64 movl $TRAP_stack_error,4(%rsp) jmp handle_exception ENTRY(general_protection) + ENDBR64 movl $TRAP_gp_fault,4(%rsp) jmp handle_exception ENTRY(alignment_check) + ENDBR64 movl $TRAP_alignment_check,4(%rsp) jmp handle_exception ENTRY(entry_CP) + ENDBR64 movl $X86_EXC_CP, 4(%rsp) jmp handle_exception ENTRY(double_fault) + ENDBR64 movl $TRAP_double_fault,4(%rsp) /* Set AC to reduce chance of further SMAP faults */ ALTERNATIVE "", stac, X86_FEATURE_XEN_SMAP @@ -873,6 +892,7 @@ ENTRY(double_fault) .pushsection .init.text, "ax", @progbits ENTRY(early_page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) SAVE_ALL movq %rsp,%rdi @@ -881,6 +901,7 @@ ENTRY(early_page_fault) .popsection ENTRY(nmi) + ENDBR64 pushq $0 movl $TRAP_nmi,4(%rsp) handle_ist_exception: @@ -978,12 +999,14 @@ handle_ist_exception: #endif ENTRY(machine_check) + ENDBR64 pushq $0 movl $TRAP_machine_check,4(%rsp) jmp handle_ist_exception /* No op trap handler. Required for kexec crash path. */ GLOBAL(trap_nop) + ENDBR64 iretq /* Table of automatically generated entry points. One per vector. */ @@ -1012,7 +1035,9 @@ autogen_stubs: /* Automatically generated stubs. */ #endif ALIGN -1: pushq $0 +1: + ENDBR64 + pushq $0 movb $vec,4(%rsp) jmp common_interrupt @@ -1022,7 +1047,9 @@ autogen_stubs: /* Automatically generated stubs. */ .elseif vec == X86_EXC_CSO || vec == X86_EXC_SPV || \ vec == X86_EXC_VE || (vec > X86_EXC_CP && vec < TRAP_nr) -1: test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ +1: + ENDBR64 + test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ jz 2f /* size is 8 bytes. Check whether the processor gave us an */ pushq $0 /* error code, and insert an empty one if not. */ 2: movb $vec,4(%rsp) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:12:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:12:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298520.508551 (Exim 4.92) (envelope-from ) id 1nbYgB-0002eD-PA; Tue, 05 Apr 2022 02:12:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298520.508551; Tue, 05 Apr 2022 02:12:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgB-0002e4-Lt; Tue, 05 Apr 2022 02:12:23 +0000 Received: by outflank-mailman (input) for mailman id 298520; Tue, 05 Apr 2022 02:12:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgA-0002du-HB for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgA-0005VW-GK for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYgA-0004HJ-Fb for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uqsPN0xtDWalEoylCfTBYjPyt6Q+F2x0LvEaxmKV+FA=; b=4rZIIxAbC6SjMQd8LI7J7BiOIz pcGB6S2r4p9dCFD7eXRtWIWTHQrsCa4qGZqi0+HC20/bWFFKH3t0/cirJiECzczFTBpMaqdoWXe8v stRnqkpl+VBKSuHXxgLchej+Y11Cy/k7mYN5uoUmWWLOjWGoAWL222ggP/6UM3mWcErI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/setup: Rework MSR_S_CET handling for CET-IBT Message-Id: Date: Tue, 05 Apr 2022 02:12:22 +0000 commit 368cffb5be40a8b1d97ea5a557c578ae30b65134 Author: Andrew Cooper AuthorDate: Mon Nov 1 16:13:29 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/setup: Rework MSR_S_CET handling for CET-IBT CET-SS and CET-IBT can be independently controlled, so the configuration of MSR_S_CET can't be constant any more. Introduce xen_msr_s_cet_value(), mostly because I don't fancy writing/maintaining that logic in assembly. Use this in the 3 paths which alter MSR_S_CET when both features are potentially active. To active CET-IBT, we only need CR4.CET and MSR_S_CET.ENDBR_EN. This is common with the CET-SS setup, so reorder the operations to set up CR4 and MSR_S_CET for any nonzero result from xen_msr_s_cet_value(), and set up MSR_PL0_SSP and SSP if SHSTK_EN was also set. Adjust the crash path to disable CET-IBT too. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 311434bfc9d10615adbd340d7fb08c05cd14f4c7) --- xen/arch/x86/acpi/wakeup_prot.S | 38 +++++++++++++++++++++++--------------- xen/arch/x86/boot/x86_64.S | 30 +++++++++++++++++++----------- xen/arch/x86/crash.c | 4 ++-- xen/arch/x86/setup.c | 17 ++++++++++++++++- xen/include/asm-x86/msr-index.h | 1 + 5 files changed, 61 insertions(+), 29 deletions(-) diff --git a/xen/arch/x86/acpi/wakeup_prot.S b/xen/arch/x86/acpi/wakeup_prot.S index 15052c300f..3855ff1ddb 100644 --- a/xen/arch/x86/acpi/wakeup_prot.S +++ b/xen/arch/x86/acpi/wakeup_prot.S @@ -63,7 +63,26 @@ ENTRY(s3_resume) pushq %rax lretq 1: -#ifdef CONFIG_XEN_SHSTK +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_cet_done + + /* Set up MSR_S_CET. */ + mov $MSR_S_CET, %ecx + xor %edx, %edx + wrmsr + + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_cet_done + /* * Restoring SSP is a little complicated, because we are intercepting * an in-use shadow stack. Write a temporary token under the stack, @@ -71,14 +90,6 @@ ENTRY(s3_resume) * reset MSR_PL0_SSP to its usual value and pop the temporary token. */ mov saved_ssp(%rip), %rdi - cmpq $1, %rdi - je .L_shstk_done - - /* Set up MSR_S_CET. */ - mov $MSR_S_CET, %ecx - xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax - wrmsr /* Construct the temporary supervisor token under SSP. */ sub $8, %rdi @@ -90,10 +101,6 @@ ENTRY(s3_resume) mov %edi, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ebx - mov %rbx, %cr4 - /* Write the temporary token onto the shadow stack, and activate it. */ wrssq %rdi, (%rdi) setssbsy @@ -106,8 +113,9 @@ ENTRY(s3_resume) /* Pop the temporary token off the stack. */ mov $2, %eax incsspd %eax -.L_shstk_done: -#endif +#endif /* CONFIG_XEN_SHSTK */ +.L_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ call load_system_tables diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index d61048c583..94b1d984cf 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -30,18 +30,27 @@ ENTRY(__high_start) test %ebx,%ebx jz .L_bsp - /* APs. Set up shadow stacks before entering C. */ -#ifdef CONFIG_XEN_SHSTK - testl $cpufeat_mask(X86_FEATURE_XEN_SHSTK), \ - CPUINFO_FEATURE_OFFSET(X86_FEATURE_XEN_SHSTK) + boot_cpu_data(%rip) - je .L_ap_shstk_done + /* APs. Set up CET before entering C properly. */ +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_ap_cet_done /* Set up MSR_S_CET. */ mov $MSR_S_CET, %ecx xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax wrmsr + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_ap_cet_done + /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ mov $MSR_PL0_SSP, %ecx mov %rsp, %rdx @@ -51,13 +60,12 @@ ENTRY(__high_start) or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx - mov %rcx, %cr4 setssbsy -#endif -.L_ap_shstk_done: +#endif /* CONFIG_XEN_SHSTK */ +.L_ap_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ + call start_secondary BUG /* start_secondary() shouldn't return. */ diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index 0611b4fb9b..cfc6bdab7b 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -200,8 +200,8 @@ void machine_crash_shutdown(void) /* Reset CPUID masking and faulting to the host's default. */ ctxt_switch_levelling(NULL); - /* Disable shadow stacks. */ - if ( cpu_has_xen_shstk ) + /* Disable CET. */ + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) { wrmsrl(MSR_S_CET, 0); write_cr4(read_cr4() & ~X86_CR4_CET); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 467dcfc4cf..a9cc6c2955 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -660,6 +660,21 @@ static void noreturn init_done(void) startup_cpu_idle_loop(); } +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) +/* + * Used by AP and S3 asm code to calcualte the appropriate MSR_S_CET setting. + * Do not use on the BSP before reinit_bsp_stack(), or it may turn SHSTK on + * too early. + */ +unsigned int xen_msr_s_cet_value(void) +{ + return ((cpu_has_xen_shstk ? CET_SHSTK_EN | CET_WRSS_EN : 0) | + (cpu_has_xen_ibt ? CET_ENDBR_EN : 0)); +} +#else +unsigned int xen_msr_s_cet_value(void); /* To avoid ifdefary */ +#endif + /* Reinitalise all state referring to the old virtual address of the stack. */ static void __init noreturn reinit_bsp_stack(void) { @@ -683,7 +698,7 @@ static void __init noreturn reinit_bsp_stack(void) { wrmsrl(MSR_PL0_SSP, (unsigned long)stack + (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8); - wrmsrl(MSR_S_CET, CET_SHSTK_EN | CET_WRSS_EN); + wrmsrl(MSR_S_CET, xen_msr_s_cet_value()); asm volatile ("setssbsy" ::: "memory"); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index e2d4ebead0..3ea30aab75 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -110,6 +110,7 @@ #define MSR_S_CET 0x000006a2 #define CET_SHSTK_EN (_AC(1, ULL) << 0) #define CET_WRSS_EN (_AC(1, ULL) << 1) +#define CET_ENDBR_EN (_AC(1, ULL) << 2) #define MSR_PL0_SSP 0x000006a4 #define MSR_PL1_SSP 0x000006a5 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:12:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:12:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298521.508555 (Exim 4.92) (envelope-from ) id 1nbYgL-0002hK-QE; Tue, 05 Apr 2022 02:12:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298521.508555; Tue, 05 Apr 2022 02:12:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgL-0002hC-NK; Tue, 05 Apr 2022 02:12:33 +0000 Received: by outflank-mailman (input) for mailman id 298521; Tue, 05 Apr 2022 02:12:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgK-0002h0-KO for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgK-0005Vg-JY for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYgK-0004IA-Is for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uMVdvpjDwUsPeNNdXxn8bQ6vIRS2YCHjJ9mza19Fj1k=; b=0DGViq8QkgfnVKVGdDB6MPXpPi AnEH9HDmFMFjp4mKk166P+KG2cogomqgrKNVi4tY8GiZLYwOAjSN03XOxxP0WryANbZzR+miwCXiV OyjOXZZjdfQPP35Ti+Z/Q3My8vzGEeJWUIDWuRe6+n9/wshFvmnd3o3Qfd/hvfuKgOTU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/EFI: Disable CET-IBT around Runtime Services calls Message-Id: Date: Tue, 05 Apr 2022 02:12:32 +0000 commit cf7bd0919fd4cff1fbdad882eea24b3d323a5dd3 Author: Andrew Cooper AuthorDate: Mon Nov 1 21:54:26 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/EFI: Disable CET-IBT around Runtime Services calls UEFI Runtime services, at the time of writing, aren't CET-IBT compatible. Work is ongoing to address this. In the meantime, unconditionally disable IBT. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit d37a8a067e62e3b6709d224c22f740fdda9d0078) --- xen/common/efi/runtime.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c index bbcc756f57..a8fc2b99ae 100644 --- a/xen/common/efi/runtime.c +++ b/xen/common/efi/runtime.c @@ -21,6 +21,7 @@ struct efi_rs_state { * don't strictly need that. */ unsigned long __aligned(32) cr3; + unsigned long msr_s_cet; #endif }; @@ -113,6 +114,19 @@ struct efi_rs_state efi_rs_enter(void) switch_cr3_cr4(virt_to_maddr(efi_l4_pgtable), read_cr4()); + /* + * At the time of writing (2022), no UEFI firwmare is CET-IBT compatible. + * Work is under way to remedy this. + * + * Stash MSR_S_CET and clobber ENDBR_EN. This is necessary because + * SHSTK_EN isn't configured until very late on the BSP. + */ + if ( cpu_has_xen_ibt ) + { + rdmsrl(MSR_S_CET, state.msr_s_cet); + wrmsrl(MSR_S_CET, state.msr_s_cet & ~CET_ENDBR_EN); + } + return state; } @@ -122,6 +136,10 @@ void efi_rs_leave(struct efi_rs_state *state) if ( !state->cr3 ) return; + + if ( state->msr_s_cet ) + wrmsrl(MSR_S_CET, state->msr_s_cet); + switch_cr3_cr4(state->cr3, read_cr4()); if ( is_pv_vcpu(curr) && !is_idle_vcpu(curr) ) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:12:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:12:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298522.508559 (Exim 4.92) (envelope-from ) id 1nbYgV-0002k7-Rv; Tue, 05 Apr 2022 02:12:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298522.508559; Tue, 05 Apr 2022 02:12:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgV-0002jz-Ov; Tue, 05 Apr 2022 02:12:43 +0000 Received: by outflank-mailman (input) for mailman id 298522; Tue, 05 Apr 2022 02:12:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgU-0002jj-Nt for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgU-0005Vk-Mv for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYgU-0004It-MF for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=cL0FOlRJucFylJsWgCkhl8FRd3SWcrboK/4Qy0HmJN4=; b=cJ6C4arw0GneTsRyddcHsBuE8k Q0Mma+QJ0pGPzLKA0Y46GYc6xiRrans79+u7wwXwYWi5Ap+87eTszCwVXmxeQ0oCdjPLuXZNhOhfW QF0H2v68L0klR171pOl8UAkdJU2ZbptHB0yCm7vVwTFKkjk/orEwvlSyeI0lTG3GFd1I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86: Enable CET Indirect Branch Tracking Message-Id: Date: Tue, 05 Apr 2022 02:12:42 +0000 commit 7f35c1f34b59b6b50518d3ff5b0d04b391ebf92e Author: Andrew Cooper AuthorDate: Mon Nov 1 15:17:20 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86: Enable CET Indirect Branch Tracking With all the pieces now in place, turn CET-IBT on when available. MSR_S_CET, like SMEP/SMAP, controls Ring1 meaning that ENDBR_EN can't be enabled for Xen independently of PV32 kernels. As we already disable PV32 for CET-SS, extend this to all CET, adjusting the documentation/comments as appropriate. Introduce a cet=no-ibt command line option to allow the admin to disable IBT even when everything else is configured correctly. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit cdbe2b0a1aecae946639ee080f14831429b184b6) --- docs/misc/xen-command-line.pandoc | 16 +++++++++++---- xen/arch/x86/cpu/common.c | 1 + xen/arch/x86/setup.c | 42 ++++++++++++++++++++++++++++++++++----- 3 files changed, 50 insertions(+), 9 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 2392537954..1cab26fef6 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -271,7 +271,7 @@ enough. Setting this to a high value may cause boot failure, particularly if the NMI watchdog is also enabled. ### cet - = List of [ shstk= ] + = List of [ shstk=, ibt= ] Applicability: x86 @@ -279,6 +279,10 @@ Controls for the use of Control-flow Enforcement Technology. CET is group a of hardware features designed to combat Return-oriented Programming (ROP, also call/jmp COP/JOP) attacks. +CET is incompatible with 32bit PV guests. If any CET sub-options are active, +they will override the `pv=32` boolean to `false`. Backwards compatibility +can be maintained with the pv-shim mechanism. + * The `shstk=` boolean controls whether Xen uses Shadow Stacks for its own protection. @@ -287,9 +291,13 @@ call/jmp COP/JOP) attacks. `cet=no-shstk` will cause Xen not to use Shadow Stacks even when support is available in hardware. - Shadow Stacks are incompatible with 32bit PV guests. This option will - override the `pv=32` boolean to false. Backwards compatibility can be - maintained with the `pv-shim` mechanism. +* The `ibt=` boolean controls whether Xen uses Indirect Branch Tracking for + its own protection. + + The option is available when `CONFIG_XEN_IBT` is compiled in, and defaults + to `true` on hardware supporting CET-IBT. Specifying `cet=no-ibt` will + cause Xen not to use Indirect Branch Tracking even when support is + available in hardware. ### clocksource (x86) > `= pit | hpet | acpi | tsc` diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 0ded3148d3..b9cb8ffbe3 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -332,6 +332,7 @@ void __init early_cpu_init(void) if (c->cpuid_level >= 7) { cpuid_count(7, 0, &eax, &ebx, &ecx, &edx); c->x86_capability[cpufeat_word(X86_FEATURE_CET_SS)] = ecx; + c->x86_capability[cpufeat_word(X86_FEATURE_CET_IBT)] = edx; } eax = cpuid_eax(0x80000000); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index a9cc6c2955..c8cf9ce7b1 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -102,6 +102,12 @@ static bool __initdata opt_xen_shstk = true; #define opt_xen_shstk false #endif +#ifdef CONFIG_XEN_IBT +static bool __initdata opt_xen_ibt = true; +#else +#define opt_xen_ibt false +#endif + static int __init parse_cet(const char *s) { const char *ss; @@ -118,6 +124,14 @@ static int __init parse_cet(const char *s) opt_xen_shstk = val; #else no_config_param("XEN_SHSTK", "cet", s, ss); +#endif + } + else if ( (val = parse_boolean("ibt", s, ss)) >= 0 ) + { +#ifdef CONFIG_XEN_IBT + opt_xen_ibt = val; +#else + no_config_param("XEN_IBT", "cet", s, ss); #endif } else @@ -1100,11 +1114,33 @@ void __init noreturn __start_xen(unsigned long mbi_p) printk("Enabling Supervisor Shadow Stacks\n"); setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK); + } + + if ( opt_xen_ibt && boot_cpu_has(X86_FEATURE_CET_IBT) ) + { + printk("Enabling Indirect Branch Tracking\n"); + + setup_force_cpu_cap(X86_FEATURE_XEN_IBT); + + if ( efi_enabled(EFI_RS) ) + printk(" - IBT disabled in UEFI Runtime Services\n"); + + /* + * Enable IBT now. Only require the endbr64 on callees, which is + * entirely build-time arrangements. + */ + wrmsrl(MSR_S_CET, CET_ENDBR_EN); + } + + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) + { + set_in_cr4(X86_CR4_CET); + #ifdef CONFIG_PV32 if ( opt_pv32 ) { opt_pv32 = 0; - printk(" - Disabling PV32 due to Shadow Stacks\n"); + printk(" - Disabling PV32 due to CET\n"); } #endif } @@ -1856,10 +1892,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) alternative_branches(); - /* Defer CR4.CET until alternatives have finished playing with CR0.WP */ - if ( cpu_has_xen_shstk ) - set_in_cr4(X86_CR4_CET); - /* * NB: when running as a PV shim VCPUOP_up/down is wired to the shim * physical cpu_add/remove functions, so launch the guest with only -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:12:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:12:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298523.508563 (Exim 4.92) (envelope-from ) id 1nbYgf-0002mw-TB; Tue, 05 Apr 2022 02:12:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298523.508563; Tue, 05 Apr 2022 02:12:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgf-0002mp-QN; Tue, 05 Apr 2022 02:12:53 +0000 Received: by outflank-mailman (input) for mailman id 298523; Tue, 05 Apr 2022 02:12:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYge-0002mf-Qk for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYge-0005Vo-Px for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYge-0004JY-PN for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:12:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+csMFD6CG/jclHti+UMxjz2258g/D6pFnX4QmLacwnU=; b=mvOTI3wvlbWkXUMgSAz1IFTq3+ FjeJ+pHGkxOtaD5nFsDYH4RVYU2aNt2qG30LQVbZRGwg7rKu84lzCL+PevfGfOPdkc6Z+O+pir9O4 0+UmyiE7PyVxr1H2wSEmO6SBRZei5j8zWjssdUsYJiGxOgp1XSGPmTBIMbn7CSnlrpho=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/CET: Fix S3 resume with shadow stacks active Message-Id: Date: Tue, 05 Apr 2022 02:12:52 +0000 commit 82fc15285634bb56125a5b321402d7d52c440646 Author: Andrew Cooper AuthorDate: Thu Feb 24 12:18:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/CET: Fix S3 resume with shadow stacks active The original shadow stack support has an error on S3 resume with very bizarre fallout. The BSP comes back up, but APs fail with: (XEN) Enabling non-boot CPUs ... (XEN) Stuck ?? (XEN) Error bringing CPU1 up: -5 and then later (on at least two Intel TigerLake platforms), the next HVM vCPU to be scheduled on the BSP dies with: (XEN) d1v0 Unexpected vmexit: reason 3 (XEN) domain_crash called from vmx.c:4304 (XEN) Domain 1 (vcpu#0) crashed on cpu#0: The VMExit reason is EXIT_REASON_INIT, which has nothing to do with the scheduled vCPU, and will be addressed in a subsequent patch. It is a consequence of the APs triple faulting. The reason the APs triple fault is because we don't tear down the stacks on suspend. The idle/play_dead loop is killed in the middle of running, meaning that the supervisor token is left busy. On resume, SETSSBSY finds busy bit set, suffers #CP and triple faults because the IDT isn't configured this early. Rework the AP bring-up path to (re)create the supervisor token. This ensures the primary stack is non-busy before use. Note: There are potential issues with the IST shadow stacks too, but fixing those is more involved. Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Link: https://github.com/QubesOS/qubes-issues/issues/7283 Reported-by: Thiner Logoer Reported-by: Marek Marczykowski-GĂ³recki Signed-off-by: Andrew Cooper Tested-by: Thiner Logoer Tested-by: Marek Marczykowski-GĂ³recki Reviewed-by: Jan Beulich (cherry picked from commit 7d9589239ec068c944190408b9838774d5ec1f8f) --- xen/arch/x86/boot/x86_64.S | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index 94b1d984cf..f11b5d0679 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -51,13 +51,21 @@ ENTRY(__high_start) test $CET_SHSTK_EN, %al jz .L_ap_cet_done - /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ - mov $MSR_PL0_SSP, %ecx + /* Derive the supervisor token address from %rsp. */ mov %rsp, %rdx + and $~(STACK_SIZE - 1), %rdx + or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %rdx + + /* + * Write a new supervisor token. Doesn't matter on boot, but for S3 + * resume this clears the busy bit. + */ + wrssq %rdx, (%rdx) + + /* Point MSR_PL0_SSP at the token. */ + mov $MSR_PL0_SSP, %ecx + mov %edx, %eax shr $32, %rdx - mov %esp, %eax - and $~(STACK_SIZE - 1), %eax - or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr setssbsy -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:13:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:13:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298524.508567 (Exim 4.92) (envelope-from ) id 1nbYgp-0002pd-Ul; Tue, 05 Apr 2022 02:13:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298524.508567; Tue, 05 Apr 2022 02:13:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgp-0002pV-Rw; Tue, 05 Apr 2022 02:13:03 +0000 Received: by outflank-mailman (input) for mailman id 298524; Tue, 05 Apr 2022 02:13:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgo-0002pK-Tt for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgo-0005Xw-T3 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYgo-0004KM-SO for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=746DrxDzwpCNLQA0mdW6w0jAqBLymtmy7C50Svi04Iw=; b=7D67M8NikMdx1Z/ZUN23feNcDc 8KS/sGw4Xvvzr7b8Tjgn3V3DcCt2EJMJnX0fTbI1yn19mruyP/iHhlJCWuMooG7KOvmw3n3ctczfX ncpdB39PJW4sirppIB1FyCIfGTq043gHREor2zirM61Nz+4hRFuHsWxwPWwQmPlq4mSw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Disable retpolines with CET-IBT Message-Id: Date: Tue, 05 Apr 2022 02:13:02 +0000 commit 67fa16fbc29ebc127372450fcb09a022269f556f Author: Andrew Cooper AuthorDate: Mon Feb 28 19:26:37 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/spec-ctrl: Disable retpolines with CET-IBT CET-IBT depend on executing indirect branches for protections to apply. Extend the clobber for CET-SS to all of CET. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 6e3f36387de566b09aa4145ea0e3bfe4814d68b4) --- xen/arch/x86/spec_ctrl.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 7ded6ecba1..1e226102d3 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -919,13 +919,14 @@ void __init init_speculation_mitigations(void) boot_cpu_has(X86_FEATURE_IBRS)); /* - * First, disable the use of retpolines if Xen is using shadow stacks, as - * they are incompatible. + * First, disable the use of retpolines if Xen is using CET. Retpolines + * are a ROP gadget so incompatbile with Shadow Stacks, while IBT depends + * on executing indirect branches for the safety properties to apply. * * In the absence of retpolines, IBRS needs to be used for speculative * safety. All CET-capable hardware has efficient IBRS. */ - if ( cpu_has_xen_shstk ) + if ( read_cr4() & X86_CR4_CET ) { if ( !has_spec_ctrl ) printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:13:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:13:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298525.508571 (Exim 4.92) (envelope-from ) id 1nbYh0-0002t8-1M; Tue, 05 Apr 2022 02:13:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298525.508571; Tue, 05 Apr 2022 02:13:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgz-0002t0-Uk; Tue, 05 Apr 2022 02:13:13 +0000 Received: by outflank-mailman (input) for mailman id 298525; Tue, 05 Apr 2022 02:13:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgz-0002ss-0d for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYgy-0005Y0-Vy for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYgy-0004LC-VQ for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fUeNcbzJW4laG6I+D5eVNt8aGSTc9eQEnsGofqdnWRE=; b=KzNuNhuI0MX3yQVMeU4EdclFZi CcHjyiVDzVnaouJ8qDaC7wvRMSmt3waKOnr/gKfVISXT3cFNml3v94ZYkihgl//5S4VBmbubkok92 LjCSEr36q0Pg9KfpDw2+G9LB7oyTjmbNCJM31DZTIXqKOXChwxjRiqek2LK1a4UHUjmU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/kexec: Fix kexec-reboot with CET active Message-Id: Date: Tue, 05 Apr 2022 02:13:12 +0000 commit c0b7bbed60428ebb4be5492468868bf288290ec2 Author: Andrew Cooper AuthorDate: Mon Mar 7 20:19:18 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/kexec: Fix kexec-reboot with CET active The kexec_reloc() asm has an indirect jump to relocate onto the identity trampoline. While we clear CET in machine_crash_shutdown(), we fail to clear CET for the non-crash path. This in turn highlights that the same is true of resetting the CPUID masking/faulting. Move both pieces of logic from machine_crash_shutdown() to machine_kexec(), the latter being common for all kexec transitions. Adjust the condition for CET being considered active to check in CR4, which is simpler and more robust. Fixes: 311434bfc9d1 ("x86/setup: Rework MSR_S_CET handling for CET-IBT") Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Fixes: 5ab9564c6fa1 ("x86/cpu: Context switch cpuid masks and faulting state in context_switch()") Reported-by: David Vrabel Signed-off-by: Andrew Cooper Reviewed-by: David Vrabel (cherry picked from commit 7f5b2448bd724f5f24426b2595a9bdceb1e5a346) --- xen/arch/x86/crash.c | 10 ---------- xen/arch/x86/machine_kexec.c | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index cfc6bdab7b..05a6104378 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -197,16 +197,6 @@ void machine_crash_shutdown(void) nmi_shootdown_cpus(); - /* Reset CPUID masking and faulting to the host's default. */ - ctxt_switch_levelling(NULL); - - /* Disable CET. */ - if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) - { - wrmsrl(MSR_S_CET, 0); - write_cr4(read_cr4() & ~X86_CR4_CET); - } - info = kexec_crash_save_info(); info->xen_phys_start = xen_phys_start; info->dom0_pfn_to_mfn_frame_list_list = diff --git a/xen/arch/x86/machine_kexec.c b/xen/arch/x86/machine_kexec.c index 08ec9fd43b..bc2c76c6b9 100644 --- a/xen/arch/x86/machine_kexec.c +++ b/xen/arch/x86/machine_kexec.c @@ -173,6 +173,16 @@ void machine_kexec(struct kexec_image *image) _update_gate_addr_lower(&idt_tables[i][TRAP_machine_check], &trap_nop); } + /* Reset CPUID masking and faulting to the host's default. */ + ctxt_switch_levelling(NULL); + + /* Disable CET. */ + if ( read_cr4() & X86_CR4_CET ) + { + wrmsrl(MSR_S_CET, 0); + write_cr4(read_cr4() & ~X86_CR4_CET); + } + /* Explicitly enable NMIs on this CPU. Some crashdump kernels do * not like running with NMIs disabled. */ enable_nmis(); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:13:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:13:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298526.508575 (Exim 4.92) (envelope-from ) id 1nbYhA-0002vq-2u; Tue, 05 Apr 2022 02:13:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298526.508575; Tue, 05 Apr 2022 02:13:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhA-0002vi-01; Tue, 05 Apr 2022 02:13:24 +0000 Received: by outflank-mailman (input) for mailman id 298526; Tue, 05 Apr 2022 02:13:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYh9-0002vL-3p for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYh9-0005Y4-2v for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYh9-0004Ll-2F for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wIpxHelRZe19gg2fI7WrOELD4E4/CHWNSDGj3PgHde4=; b=yhSEb/1spDSh0K8croWshEkSdP HDwaDYXdV1hrsQy9W56cdNcz29QLxLSgc2KMQyR8sXfQmmGWweGQfno4mDM1ebLkxPcPICrkCz0qC JbAo4jxqQj9eQ3V/1Xf+ksVuwbwnsHok7Ji7FbmySMIImN1wbVUpEGRZCJ1tTagBQkvQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/cet: Clear IST supervisor token busy bits on S3 resume Message-Id: Date: Tue, 05 Apr 2022 02:13:23 +0000 commit c3407c77a02eb9077ce2360df6240a9b0e9cb7db Author: Andrew Cooper AuthorDate: Mon Mar 14 10:30:46 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/cet: Clear IST supervisor token busy bits on S3 resume Stacks are not freed across S3. Execution just stops, leaving supervisor token busy bits active. Fixing this for the primary shadow stack was done previously, but there is a (rare) risk that an IST token is left busy too, if the platform power-off happens to intersect with an NMI/#MC arriving. This will manifest as #DF next time the IST vector gets used. Introduce rdssp() and wrss() helpers in a new shstk.h, cleaning up fixup_exception_return() and explaining the trick with the literal 1. Then this infrastructure to rewrite the IST tokens in load_system_tables() when all the other IST details are being set up. In the case that an IST token were left busy across S3, this will clear the busy bit before the stack gets used. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e421ed0f68488863599532bda575c03c33cde0e0) --- xen/arch/x86/cpu/common.c | 25 ++++++++++++++++++++---- xen/arch/x86/traps.c | 8 +++----- xen/include/asm-x86/shstk.h | 46 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index b9cb8ffbe3..40a81d63e2 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include /* for XEN_INVALID_{SOCKET,CORE}_ID */ @@ -811,15 +812,31 @@ void load_system_tables(void) */ if (cpu_has_xen_shstk) { volatile uint64_t *ist_ssp = tss_page->ist_ssp; + unsigned long + mce_ssp = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8, + nmi_ssp = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8, + db_ssp = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8, + df_ssp = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; ist_ssp[0] = 0x8600111111111111ul; - ist_ssp[IST_MCE] = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_NMI] = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DB] = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DF] = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; + ist_ssp[IST_MCE] = mce_ssp; + ist_ssp[IST_NMI] = nmi_ssp; + ist_ssp[IST_DB] = db_ssp; + ist_ssp[IST_DF] = df_ssp; for ( i = IST_DF + 1; i < ARRAY_SIZE(tss_page->ist_ssp); ++i ) ist_ssp[i] = 0x8600111111111111ul; + if (IS_ENABLED(CONFIG_XEN_SHSTK) && rdssp() != SSP_NO_SHSTK) { + /* + * Rewrite supervisor tokens when shadow stacks are + * active. This resets any busy bits left across S3. + */ + wrss(mce_ssp, _p(mce_ssp)); + wrss(nmi_ssp, _p(nmi_ssp)); + wrss(db_ssp, _p(db_ssp)); + wrss(df_ssp, _p(df_ssp)); + } + wrmsrl(MSR_INTERRUPT_SSP_TABLE, (unsigned long)ist_ssp); } diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 10efcc6585..963989be95 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -83,6 +83,7 @@ #include #include #include +#include /* * opt_nmi: one of 'ignore', 'dom0', or 'fatal'. @@ -788,8 +789,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, { unsigned long ssp, *ptr, *base; - asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); - if ( ssp == 1 ) + if ( (ssp = rdssp()) == SSP_NO_SHSTK ) goto shstk_done; ptr = _p(ssp); @@ -818,9 +818,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, */ if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) { - asm ( "wrssq %[fix], %[stk]" - : [stk] "=m" (ptr[0]) - : [fix] "r" (fixup) ); + wrss(fixup, ptr); goto shstk_done; } } diff --git a/xen/include/asm-x86/shstk.h b/xen/include/asm-x86/shstk.h new file mode 100644 index 0000000000..fdc9cc65a3 --- /dev/null +++ b/xen/include/asm-x86/shstk.h @@ -0,0 +1,46 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_SHSTK_H +#define XEN_ASM_SHSTK_H + +/* + * RDSSP is a nop when shadow stacks are inactive. Also, SSP has a minimum + * alignment of 4 which is enforced by hardware. + * + * We load 1 into a register, then RDSSP. If shadow stacks are not enabled, + * RDSSP is a nop, and the 1 is preserved. Otherwise, the 1 is clobbered with + * the real SSP, which has the bottom two bits clear. + */ +#define SSP_NO_SHSTK 1 + +static inline unsigned long rdssp(void) +{ + unsigned long ssp; + + asm volatile ( "rdsspq %0" : "=r" (ssp) : "0" (SSP_NO_SHSTK) ); + + return ssp; +} + +static inline void wrss(unsigned long val, unsigned long *ptr) +{ + asm ( "wrssq %[val], %[ptr]" + : [ptr] "=m" (*ptr) + : [val] "r" (val) ); +} + +#endif /* XEN_ASM_SHSTK_H */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:13:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:13:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298527.508579 (Exim 4.92) (envelope-from ) id 1nbYhL-0002yp-4e; Tue, 05 Apr 2022 02:13:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298527.508579; Tue, 05 Apr 2022 02:13:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhL-0002yh-1g; Tue, 05 Apr 2022 02:13:35 +0000 Received: by outflank-mailman (input) for mailman id 298527; Tue, 05 Apr 2022 02:13:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhJ-0002yJ-76 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhJ-0005Y8-6G for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYhJ-0004MS-5X for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=M++alZhmZ6GAkVaFa9BY/fpToKmmiwms91jIszofhnI=; b=Zeg/89+KJt4CelaVDFdkamaac0 kVjHgPK2qXCUsfRBIeI/cytpXKOGyvtaasA6at5yg27bUhSKW5zWH4NFilQ99jcydhs6w9opPlEaQ recuSJUCXeHor0KcEQUHXvth9zt+FGGgT14S0mibLp4KgvdEXDBUKWyRsccRW/yL3G3M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/cet: Remove writeable mapping of the BSPs shadow stack Message-Id: Date: Tue, 05 Apr 2022 02:13:33 +0000 commit 74aeb555745b27575c3f82051a83942ee05bd842 Author: Andrew Cooper AuthorDate: Tue Mar 15 12:07:18 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/cet: Remove writeable mapping of the BSPs shadow stack An unintended consequence of the BSP using cpu0_stack[] is that writeable mappings to the BSPs shadow stacks are retained in the bss. This renders CET-SS almost useless, as an attacker can update both return addresses and the ret will not fault. We specifically don't want to shatter the superpage mapping .data and .bss, so the only way to fix this is to not have the BSP stack in the main Xen image. Break cpu_alloc_stack() out of cpu_smpboot_alloc(), and dynamically allocate the BSP stack as early as reasonable in __start_xen(). As a consequence, there is no need to delay the BSP's memguard_guard_stack() call. Copy the top of cpu info block just before switching to use the new stack. Fix a latent bug by setting %rsp to info->guest_cpu_user_regs rather than ->es; this would be buggy if reinit_bsp_stack() called schedule() (which rewrites the GPR block) directly, but luckily it doesn't. Finally, move cpu0_stack[] into .init, so it can be reclaimed after boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 37786b23b027ab83051175cb8ce9ac86cacfc58e) --- xen/arch/x86/setup.c | 20 +++++++++++++------- xen/arch/x86/smpboot.c | 26 +++++++++++++++++++------- xen/arch/x86/xen.lds.S | 2 +- xen/include/asm-x86/smp.h | 2 ++ 4 files changed, 35 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index c8cf9ce7b1..30d028af6d 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -150,7 +150,7 @@ unsigned long __read_mostly xen_phys_start; unsigned long __read_mostly xen_virt_end; -char __section(".bss.stack_aligned") __aligned(STACK_SIZE) +char __section(".init.bss.stack_aligned") __aligned(STACK_SIZE) cpu0_stack[STACK_SIZE]; struct cpuinfo_x86 __read_mostly boot_cpu_data = { 0, 0, 0, 0, -1 }; @@ -702,7 +702,6 @@ static void __init noreturn reinit_bsp_stack(void) percpu_traps_init(); stack_base[0] = stack; - memguard_guard_stack(stack); rc = setup_cpu_root_pgt(0); if ( rc ) @@ -868,6 +867,8 @@ void __init noreturn __start_xen(unsigned long mbi_p) { char *memmap_type = NULL; char *cmdline, *kextra, *loader; + void *bsp_stack; + struct cpu_info *info = get_cpu_info(), *bsp_info; unsigned int initrdidx, num_parked = 0; multiboot_info_t *mbi; module_t *mod; @@ -900,7 +901,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + asm volatile ( "mov %%cr4,%0" : "=r" (info->cr4) ); /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -1728,6 +1729,10 @@ void __init noreturn __start_xen(unsigned long mbi_p) */ vm_init(); + bsp_stack = cpu_alloc_stack(0); + if ( !bsp_stack ) + panic("No memory for BSP stack\n"); + console_init_ring(); vesa_init(); @@ -1983,17 +1988,18 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - /* Jump to the 1:1 virtual mappings of cpu0_stack. */ + /* Copy the cpu info block, and move onto the BSP stack. */ + bsp_info = get_cpu_info_from_stack((unsigned long)bsp_stack); + *bsp_info = *info; + asm volatile ("mov %[stk], %%rsp; jmp %c[fn]" :: - [stk] "g" (__va(__pa(get_stack_bottom()))), + [stk] "g" (&bsp_info->guest_cpu_user_regs), [fn] "i" (reinit_bsp_stack) : "memory"); unreachable(); } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 2a2e093cff..7bb54c2207 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -1008,6 +1008,23 @@ static void cpu_smpboot_free(unsigned int cpu, bool remove) } } +void *cpu_alloc_stack(unsigned int cpu) +{ + nodeid_t node = cpu_to_node(cpu); + unsigned int memflags = 0; + void *stack; + + if ( node != NUMA_NO_NODE ) + memflags = MEMF_node(node); + + stack = alloc_xenheap_pages(STACK_ORDER, memflags); + + if ( stack ) + memguard_guard_stack(stack); + + return stack; +} + static int cpu_smpboot_alloc(unsigned int cpu) { struct cpu_info *info; @@ -1020,15 +1037,10 @@ static int cpu_smpboot_alloc(unsigned int cpu) if ( node != NUMA_NO_NODE ) memflags = MEMF_node(node); - if ( stack_base[cpu] == NULL ) - { - stack_base[cpu] = alloc_xenheap_pages(STACK_ORDER, memflags); - if ( !stack_base[cpu] ) + if ( stack_base[cpu] == NULL && + (stack_base[cpu] = cpu_alloc_stack(cpu)) == NULL ) goto out; - memguard_guard_stack(stack_base[cpu]); - } - info = get_cpu_info_from_stack((unsigned long)stack_base[cpu]); info->processor_id = cpu; info->per_cpu_offset = __per_cpu_offset[cpu]; diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index fcc6646487..7c9758c8cc 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -205,6 +205,7 @@ SECTIONS } :text DECL_SECTION(.init.data) { #endif + *(.init.bss.stack_aligned) *(.init.rodata) *(.init.rodata.*) @@ -293,7 +294,6 @@ SECTIONS DECL_SECTION(.bss) { __bss_start = .; - *(.bss.stack_aligned) *(.bss.page_aligned*) . = ALIGN(PAGE_SIZE); __per_cpu_start = .; diff --git a/xen/include/asm-x86/smp.h b/xen/include/asm-x86/smp.h index f7485f602e..9628d7842d 100644 --- a/xen/include/asm-x86/smp.h +++ b/xen/include/asm-x86/smp.h @@ -85,6 +85,8 @@ extern cpumask_t **socket_cpumask; extern unsigned int disabled_cpus; extern bool unaccounted_cpus; +void *cpu_alloc_stack(unsigned int cpu); + #endif /* !__ASSEMBLY__ */ #endif -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:13:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:13:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298528.508583 (Exim 4.92) (envelope-from ) id 1nbYhV-00031b-60; Tue, 05 Apr 2022 02:13:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298528.508583; Tue, 05 Apr 2022 02:13:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhV-00031T-3C; Tue, 05 Apr 2022 02:13:45 +0000 Received: by outflank-mailman (input) for mailman id 298528; Tue, 05 Apr 2022 02:13:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhT-00031C-AR for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhT-0005YC-9U for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYhT-0004N7-8t for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EH/MMEVWwaiC0JspDf6Jxc7a0mKaR1zCuPr2RYzZkac=; b=xRwR7AT4iTiejir5LrhdRShwrK M46WcbIQmo3+1YnyQ/7j6PKwWkAqFgq4tusn9njOZU30kjvZlGgIr+VDJ/Vj9+1DEz2SRZ5UbKe98 PbVOLDEG3MnArvgXhQiEPh7qx9kKvPI9pUsG84iSvptegZqOLa7XSYpMqKZnuniDbVeI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xen/x86: Livepatch: support patching CET-enhanced functions Message-Id: Date: Tue, 05 Apr 2022 02:13:43 +0000 commit be9facf323b40b5a18c5e3f70fce5b245818c42f Author: Bjoern Doebel AuthorDate: Thu Mar 10 07:35:36 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 xen/x86: Livepatch: support patching CET-enhanced functions Xen enabled CET for supporting architectures. The control flow aspect of CET require functions that can be called indirectly (i.e., via function pointers) to start with an ENDBR64 instruction. Otherwise a control flow exception is raised. This expectation breaks livepatching flows because we patch functions by overwriting their first 5 bytes with a JMP + , thus breaking the ENDBR64. We fix this by checking the start of a patched function for being ENDBR64. In the positive case we move the livepatch JMP to start behind the ENDBR64 instruction. To avoid having to guess the ENDBR64 offset again on patch reversal (which might race with other mechanisms adding/removing ENDBR dynamically), use the livepatch metadata to store the computed offset along with the saved bytes of the overwritten function. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall Tested-by: Jiamei Xie (cherry picked from commit 6974c75180f1aad44e5428eabf2396b2b50fb0e4) Note: For backports to 4.14 thru 4.16, there is no endbr-clobbering, hence no is_endbr64_poison() logic. --- xen/arch/x86/livepatch.c | 39 +++++++++++++++++++++++++++++++++------ xen/include/public/sysctl.h | 3 ++- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index 49f0d902e5..e94ac9b228 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -14,6 +14,7 @@ #include #include +#include #include #include #include @@ -113,8 +114,20 @@ int arch_livepatch_verify_func(const struct livepatch_func *func) if ( func->old_size < func->new_size ) return -EINVAL; } - else if ( func->old_size < ARCH_PATCH_INSN_SIZE ) - return -EINVAL; + else + { + /* + * Space needed now depends on whether the target function + * starts with an ENDBR64 instruction. + */ + uint8_t needed = ARCH_PATCH_INSN_SIZE; + + if ( is_endbr64(func->old_addr) ) + needed += ENDBR64_LEN; + + if ( func->old_size < needed ) + return -EINVAL; + } return 0; } @@ -129,12 +142,24 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) uint8_t insn[sizeof(func->opaque)]; unsigned int len; + func->patch_offset = 0; old_ptr = func->old_addr; len = livepatch_insn_len(func); if ( !len ) return; - memcpy(func->opaque, old_ptr, len); + /* + * CET hotpatching support: We may have functions starting with an ENDBR64 + * instruction that MUST remain the first instruction of the function, + * hence we need to move any hotpatch trampoline further into the function. + * For that we need to keep track of the patching offset used for any + * loaded hotpatch (to avoid racing against other fixups adding/removing + * ENDBR64 or similar instructions). + */ + if ( is_endbr64(old_ptr) ) + func->patch_offset += ENDBR64_LEN; + + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { int32_t val; @@ -142,14 +167,15 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) BUILD_BUG_ON(ARCH_PATCH_INSN_SIZE != (1 + sizeof(val))); insn[0] = 0xe9; /* Relative jump. */ - val = func->new_addr - func->old_addr - ARCH_PATCH_INSN_SIZE; + val = func->new_addr - (func->old_addr + func->patch_offset + + ARCH_PATCH_INSN_SIZE); memcpy(&insn[1], &val, sizeof(val)); } else add_nops(insn, len); - memcpy(old_ptr, insn, len); + memcpy(old_ptr + func->patch_offset, insn, len); } /* @@ -158,7 +184,8 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) */ void noinline arch_livepatch_revert(const struct livepatch_func *func) { - memcpy(func->old_addr, func->opaque, livepatch_insn_len(func)); + memcpy(func->old_addr + func->patch_offset, func->opaque, + livepatch_insn_len(func)); } /* diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index 039ccf885c..3145aff95b 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -870,7 +870,8 @@ struct livepatch_func { uint8_t version; /* MUST be LIVEPATCH_PAYLOAD_VERSION. */ uint8_t opaque[LIVEPATCH_OPAQUE_SIZE]; uint8_t applied; - uint8_t _pad[7]; + uint8_t patch_offset; + uint8_t _pad[6]; livepatch_expectation_t expect; }; typedef struct livepatch_func livepatch_func_t; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:13:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:13:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298529.508587 (Exim 4.92) (envelope-from ) id 1nbYhf-00034b-7X; Tue, 05 Apr 2022 02:13:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298529.508587; Tue, 05 Apr 2022 02:13:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhf-00034T-4d; Tue, 05 Apr 2022 02:13:55 +0000 Received: by outflank-mailman (input) for mailman id 298529; Tue, 05 Apr 2022 02:13:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhd-000344-DQ for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhd-0005YJ-CV for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYhd-0004Nu-Bp for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:13:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=htfj/0f4rSTx7RUxx2d7L+eKH2/vjEmzZP0O/VQcJO8=; b=fqVIuzBHQt7tGkEFUJGVfahSGM anFVHPDWJG1ATjrrjL57oCUwo++7h/e9Boe+liZHwcyTcYkClY9sB56WSzaFQ/e/wNM7NBBLyLF30 dbH1mi6uOTlMjfsoXEW04ONsRaCke0SkgI6OZJQoN/MsbBYls5D6RwI2XyvwrIHhYWa0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/cet: Remove XEN_SHSTK's dependency on EXPERT Message-Id: Date: Tue, 05 Apr 2022 02:13:53 +0000 commit 3c8e7395e2d01140c862c78fa9483e46c0dbd343 Author: Andrew Cooper AuthorDate: Mon Feb 28 19:31:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/cet: Remove XEN_SHSTK's dependency on EXPERT CET-SS hardware is now available from multiple vendors, the feature has downstream users, and was declared security supported in XSA-398. Enable it by default. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross (cherry picked from commit fc90d75c2b71ae15b75128e7d0d4dbe718164ecb) --- xen/arch/x86/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 4fdb39af3e..51763450e4 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -111,8 +111,8 @@ config HVM If unsure, say Y. config XEN_SHSTK - bool "Supervisor Shadow Stacks (EXPERT)" - depends on HAS_AS_CET_SS && EXPERT + bool "Supervisor Shadow Stacks" + depends on HAS_AS_CET_SS default y ---help--- Control-flow Enforcement Technology (CET) is a set of features in -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:14:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:14:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298530.508590 (Exim 4.92) (envelope-from ) id 1nbYhp-00037t-AG; Tue, 05 Apr 2022 02:14:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298530.508590; Tue, 05 Apr 2022 02:14:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhp-00037l-7Y; Tue, 05 Apr 2022 02:14:05 +0000 Received: by outflank-mailman (input) for mailman id 298530; Tue, 05 Apr 2022 02:14:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhn-00037b-GT for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:14:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhn-0005Yt-Fh for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:14:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYhn-0004Og-F7 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:14:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9X29Mvr8EeGqUIxwg9/qxPbAT/yrbjtYoy0C7IoPWRM=; b=NRlp2c6WSAyAQzTG31CZR7nPaU ubH3JAFTZvYCLCOSw+gHvGaA7SQlGaQt6yFaVPb1kkffuxx9mSIKq55db9bTl0EoJVAyrTNA0Aa65 COdHn8QQDbVavu9gYUw54D0nMrlZu9++yGvShmQ2+FLN8v3J1IcKk6DvBMG8vQ27eaeA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] livepatch: resolve old address before function verification Message-Id: Date: Tue, 05 Apr 2022 02:14:03 +0000 commit bb43e0e1ca20dff14536b7c90ff870f3f50bff8f Author: Bjoern Doebel AuthorDate: Wed Mar 9 16:22:03 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Mar 28 12:50:13 2022 +0100 livepatch: resolve old address before function verification When verifying that a livepatch can be applied, we may as well want to inspect the target function to be patched. To do so, we need to resolve this function's address before running the arch-specific livepatch_verify hook. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall (cherry picked from commit 5142dc5c25e317c208e3dc16d16b664b9f05dab5) --- xen/common/livepatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 7118551b27..329b01c1e8 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -685,11 +685,11 @@ static int prepare_payload(struct payload *payload, return -EINVAL; } - rc = arch_livepatch_verify_func(f); + rc = resolve_old_address(f, elf); if ( rc ) return rc; - rc = resolve_old_address(f, elf); + rc = arch_livepatch_verify_func(f); if ( rc ) return rc; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:14:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:14:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298531.508596 (Exim 4.92) (envelope-from ) id 1nbYhz-0003Ai-CE; Tue, 05 Apr 2022 02:14:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298531.508596; Tue, 05 Apr 2022 02:14:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhz-0003AY-8w; Tue, 05 Apr 2022 02:14:15 +0000 Received: by outflank-mailman (input) for mailman id 298531; Tue, 05 Apr 2022 02:14:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhx-0003AM-JW for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:14:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYhx-0005Z7-Ig for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:14:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYhx-0004PY-IC for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:14:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/FwRRcmtcwUEGCGnWsrm7E+pqxYBY1dSW+1GI7Yyf4s=; b=xIvzbf6fSQ3+2mpQReo6XiNSdF nasoOqt4ko1mPq04wQkkoUeLkhjgVJ0Oolh9B7PZ5VvE69WwAYTMN3YF4GWbRLTs3xsdEihc57xpz 3NjuhDiPIPNRu/Xql7gWu6ELRzTLvaqU1I3ZL6clWH3c2Np97hPKO1tpl2eZqQQTFRtg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] vpci/msix: fix PBA accesses Message-Id: Date: Tue, 05 Apr 2022 02:14:13 +0000 commit dd79dcc9f1bfd775fd7889d6684c41feee7c4eb0 Author: Roger Pau MonnĂ© AuthorDate: Mon Apr 4 15:19:52 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 4 15:19:52 2022 +0200 vpci/msix: fix PBA accesses Map the PBA in order to access it from the MSI-X read and write handlers. Note that previously the handlers would pass the physical host address into the {read,write}{l,q} handlers, which is wrong as those expect a linear address. Map the PBA using ioremap when the first access is performed. Note that 32bit arches might want to abstract the call to ioremap into a vPCI arch handler, so they can use a fixmap range to map the PBA. Reported-by: Jan Beulich Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich Tested-by: Alex Olson master commit: b4f21160601155762a4d014db9623af921fec959 master date: 2022-03-09 16:21:01 +0100 --- xen/drivers/vpci/msix.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++--- xen/drivers/vpci/vpci.c | 2 ++ xen/include/xen/vpci.h | 2 ++ 3 files changed, 65 insertions(+), 4 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index 846f1b8d70..ac5de98f6d 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -182,6 +182,38 @@ static struct vpci_msix_entry *get_entry(struct vpci_msix *msix, return &msix->entries[(addr - start) / PCI_MSIX_ENTRY_SIZE]; } +static void __iomem *get_pba(struct vpci *vpci) +{ + struct vpci_msix *msix = vpci->msix; + /* + * PBA will only be unmapped when the device is deassigned, so access it + * without holding the vpci lock. + */ + void __iomem *pba = read_atomic(&msix->pba); + + if ( likely(pba) ) + return pba; + + pba = ioremap(vmsix_table_addr(vpci, VPCI_MSIX_PBA), + vmsix_table_size(vpci, VPCI_MSIX_PBA)); + if ( !pba ) + return read_atomic(&msix->pba); + + spin_lock(&vpci->lock); + if ( !msix->pba ) + { + write_atomic(&msix->pba, pba); + spin_unlock(&vpci->lock); + } + else + { + spin_unlock(&vpci->lock); + iounmap(pba); + } + + return read_atomic(&msix->pba); +} + static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, unsigned long *data) { @@ -200,6 +232,10 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); + /* * Access to PBA. * @@ -207,14 +243,22 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, * guest address space. If this changes the address will need to be * translated. */ + if ( !pba ) + { + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, report all pending\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - *data = readl(addr); + *data = readl(pba + idx); break; case 8: - *data = readq(addr); + *data = readq(pba + idx); break; default: @@ -278,14 +322,27 @@ static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, /* Ignore writes to PBA for DomUs, it's behavior is undefined. */ if ( is_hardware_domain(d) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); + + if ( !pba ) + { + /* Unable to map the PBA, ignore write. */ + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, write ignored\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - writel(data, addr); + writel(data, pba + idx); break; case 8: - writeq(data, addr); + writeq(data, pba + idx); break; default: diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index cbd1bac7fc..a27c9e600d 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -48,6 +48,8 @@ void vpci_remove_device(struct pci_dev *pdev) xfree(r); } spin_unlock(&pdev->vpci->lock); + if ( pdev->vpci->msix && pdev->vpci->msix->pba ) + iounmap(pdev->vpci->msix->pba); xfree(pdev->vpci->msix); xfree(pdev->vpci->msi); xfree(pdev->vpci); diff --git a/xen/include/xen/vpci.h b/xen/include/xen/vpci.h index 9f5b5d52e1..f19e79447a 100644 --- a/xen/include/xen/vpci.h +++ b/xen/include/xen/vpci.h @@ -127,6 +127,8 @@ struct vpci { bool enabled : 1; /* Masked? */ bool masked : 1; + /* PBA map */ + void __iomem *pba; /* Entries. */ struct vpci_msix_entry { uint64_t addr; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 02:14:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 02:14:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298532.508599 (Exim 4.92) (envelope-from ) id 1nbYi9-0003DN-DC; Tue, 05 Apr 2022 02:14:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298532.508599; Tue, 05 Apr 2022 02:14:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYi9-0003DF-AM; Tue, 05 Apr 2022 02:14:25 +0000 Received: by outflank-mailman (input) for mailman id 298532; Tue, 05 Apr 2022 02:14:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYi7-0003D4-MY for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:14:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbYi7-0005ZD-Ld for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:14:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbYi7-0004QJ-L5 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 02:14:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LUrLNwgAeozFrpzdQvQHgZbwuWWsTyw0h3vhmhVl65E=; b=F/mceqFfpcsxx7DHWzAaBEZF/L 6L1RMCeSsOzM1LO8TD2HO6yugsuKeGPmZUJV9fuxgy9gglrjXqa1BaCEHWUOiEvAvZC5CV9OPDmiO DqEWElzVLH1osaOp37tesNyPq5rXgtBE2bdvmSlAgbdxcMrvASRRHjomTKzaP/dfjFpY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] livepatch: account for patch offset when applying NOP patch Message-Id: Date: Tue, 05 Apr 2022 02:14:23 +0000 commit e11d98d6fc433633f702db02256042862a48ddee Author: Jan Beulich AuthorDate: Mon Apr 4 15:21:29 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 4 15:21:29 2022 +0200 livepatch: account for patch offset when applying NOP patch While not triggered by the trivial xen_nop in-tree patch on staging/master, that patch exposes a problem on the stable trees, where all functions have ENDBR inserted. When NOP-ing out a range, we need to account for this. Handle this right in livepatch_insn_len(). This requires livepatch_insn_len() to be called _after_ ->patch_offset was set. Fixes: 6974c75180f1 ("xen/x86: Livepatch: support patching CET-enhanced functions") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 8a87b9a0fb0564f9d68f0be0a0d1a17c34117b8b master date: 2022-03-31 10:45:46 +0200 --- xen/arch/x86/livepatch.c | 8 +++++--- xen/include/xen/livepatch.h | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index e94ac9b228..a3cb63a7ea 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -144,9 +144,6 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) func->patch_offset = 0; old_ptr = func->old_addr; - len = livepatch_insn_len(func); - if ( !len ) - return; /* * CET hotpatching support: We may have functions starting with an ENDBR64 @@ -159,6 +156,11 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) if ( is_endbr64(old_ptr) ) func->patch_offset += ENDBR64_LEN; + /* This call must be done with ->patch_offset already set. */ + len = livepatch_insn_len(func); + if ( !len ) + return; + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { diff --git a/xen/include/xen/livepatch.h b/xen/include/xen/livepatch.h index f3ae10f007..9fdb29c382 100644 --- a/xen/include/xen/livepatch.h +++ b/xen/include/xen/livepatch.h @@ -90,7 +90,7 @@ static inline unsigned int livepatch_insn_len(const struct livepatch_func *func) { if ( !func->new_addr ) - return func->new_size; + return func->new_size - func->patch_offset; return ARCH_PATCH_INSN_SIZE; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 04:44:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 04:44:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298543.508614 (Exim 4.92) (envelope-from ) id 1nbb2w-0000pj-NU; Tue, 05 Apr 2022 04:44:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298543.508614; Tue, 05 Apr 2022 04:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbb2w-0000pc-KS; Tue, 05 Apr 2022 04:44:02 +0000 Received: by outflank-mailman (input) for mailman id 298543; Tue, 05 Apr 2022 04:44:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbb2v-0000pW-Jb for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 04:44:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbb2v-0008At-GO for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 04:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbb2v-00063i-FF for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 04:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OJI+BMwsGQzzMbR98FBsbqOCyyhBjoRl//LfjmfnirY=; b=C/URDUJU2Z1tS55pMdXQ6g79wT NIHo0Fh1XkHCnk833Qqvyoe28VY+CN5mqp0GVB9EPQ8cbjakw1NuyQGQfR8jBdE4zSRYt/duqZufz 8CXjYSv3m0khxq8JV6Fxo7VtB+Awa7NlIe1LyYdGssrllqWDErSVz8VOUQKlXpb0ceSc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/firmware: fix setting of fcf-protection=none Message-Id: Date: Tue, 05 Apr 2022 04:44:01 +0000 commit 7225f6e0cd3afd48b4d61c43dd8fead0f4c92193 Author: Roger Pau Monne AuthorDate: Mon Apr 4 12:40:43 2022 +0200 Commit: Andrew Cooper CommitDate: Mon Apr 4 12:30:00 2022 +0100 tools/firmware: fix setting of fcf-protection=none Setting the fcf-protection=none option in EMBEDDED_EXTRA_CFLAGS in the Makefile doesn't get it propagated to the subdirectories, so instead set the flag in firmware/Rules.mk, like it's done for other compiler flags. Fixes: 3667f7f8f7 ('x86: Introduce support for CET-IBT') Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Anthony PERARD Acked-by: Andrew Cooper --- tools/firmware/Makefile | 2 -- tools/firmware/Rules.mk | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile index 53ed4f161e..345037b93b 100644 --- a/tools/firmware/Makefile +++ b/tools/firmware/Makefile @@ -6,8 +6,6 @@ TARGET := hvmloader/hvmloader INST_DIR := $(DESTDIR)$(XENFIRMWAREDIR) DEBG_DIR := $(DESTDIR)$(DEBUG_DIR)$(XENFIRMWAREDIR) -EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none - SUBDIRS-y := SUBDIRS-$(CONFIG_OVMF) += ovmf-dir SUBDIRS-$(CONFIG_SEABIOS) += seabios-dir diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index 9f78a7dec9..c227fe2524 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -15,6 +15,8 @@ CFLAGS += -Werror $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -ffreestanding -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 04:44:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 04:44:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298544.508618 (Exim 4.92) (envelope-from ) id 1nbb36-0000s9-PC; Tue, 05 Apr 2022 04:44:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298544.508618; Tue, 05 Apr 2022 04:44:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbb36-0000s0-MI; Tue, 05 Apr 2022 04:44:12 +0000 Received: by outflank-mailman (input) for mailman id 298544; Tue, 05 Apr 2022 04:44:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbb35-0000ro-KT for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 04:44:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbb35-0008B4-Jb for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 04:44:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbb35-00064T-Ii for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 04:44:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nVzOke1X+eAnP8LFNZYTAjZRDjoDYseDMbz0sOlnh/8=; b=RPXWDWDblLni59tmeiMSE02hkM 0UVeofU6K4IoxYlgqhF4U2SAx5w9TOJOriDOXVImtDoJW3qdeim14WCsVkyE6Fn2zQ3DKIeZpzz8R qjfneQW2YsqriY+OK2BgOupC/AP/Xfr9aJnbiIGqmClKemyixpT9N78zwIFpeHGDUsRM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/firmware: do not add a .note.gnu.property section Message-Id: Date: Tue, 05 Apr 2022 04:44:11 +0000 commit e270af94280e6a9610705ebc1fdd1d7a9b1f8a98 Author: Roger Pau Monne AuthorDate: Mon Apr 4 12:40:44 2022 +0200 Commit: Andrew Cooper CommitDate: Mon Apr 4 12:30:07 2022 +0100 tools/firmware: do not add a .note.gnu.property section Prevent the assembler from creating a .note.gnu.property section on the output objects, as it's not useful for firmware related binaries, and breaks the resulting rombios image. This requires modifying the cc-option Makefile macro so it can test assembler options (by replacing the usage of the -S flag with -c) and also stripping the -Wa, prefix if present when checking for the test output. Signed-off-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD Acked-by: Andrew Cooper --- Config.mk | 2 +- tools/firmware/Rules.mk | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index f56f7dc334..82832945e5 100644 --- a/Config.mk +++ b/Config.mk @@ -91,7 +91,7 @@ PYTHON_PREFIX_ARG ?= --prefix="$(prefix)" # # Usage: cflags-y += $(call cc-option,$(CC),-march=winchip-c6,-march=i586) cc-option = $(shell if test -z "`echo 'void*p=1;' | \ - $(1) $(2) -S -o /dev/null -x c - 2>&1 | grep -- $(2) -`"; \ + $(1) $(2) -c -o /dev/null -x c - 2>&1 | grep -- $(2:-Wa$(comma)%=%) -`"; \ then echo "$(2)"; else echo "$(3)"; fi ;) # cc-option-add: Add an option to compilation flags, but only if supported. diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index c227fe2524..278cca01e4 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -17,6 +17,10 @@ $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +# Do not add the .note.gnu.property section to any of the firmware objects: it +# breaks the rombios binary and is not useful for firmware anyway. +$(call cc-option-add,CFLAGS,CC,-Wa$$(comma)-mx86-used-note=no) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -ffreestanding -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 09:44:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 09:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298672.508877 (Exim 4.92) (envelope-from ) id 1nbfjJ-0000a8-Ju; Tue, 05 Apr 2022 09:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298672.508877; Tue, 05 Apr 2022 09:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjJ-0000a0-H7; Tue, 05 Apr 2022 09:44:05 +0000 Received: by outflank-mailman (input) for mailman id 298672; Tue, 05 Apr 2022 09:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjI-0000Zu-MF for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjI-0005kH-KV for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbfjI-0002Pj-Jf for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0Mxwm96XhhgeYmFC1lbU3mxkoO6BokWiyskEumvj8pU=; b=eWXEpFYF4n2iKdaD/NDASfyLUA hYhzOSf9vDtLJDA60xYlRhu5dgsuiQ9ruvLy5wdOyXvIDPHGGatzVg0bE0F7jUL51YTcaYlGPYPaW mkBuRVK+C+PsrJKFJjNDy5IUOWefVOhX1AbX/7IgKA2w1pB1ubRve9yL+WoynsXdxqE4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: grab common EFI source files in arch specific dir Message-Id: Date: Tue, 05 Apr 2022 09:44:04 +0000 commit 39341fba7cb292d16ae77f54aaff1af3538f9115 Author: Anthony PERARD AuthorDate: Tue Apr 5 11:33:29 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 11:33:29 2022 +0200 build: grab common EFI source files in arch specific dir Rather than preparing the efi source file, we will make the symbolic link as needed from the build location. The `ln` command is run every time to allow to update the link in case the source tree change location. This patch also introduce "efi-common.mk" which allow to reuse the common make instructions without having to duplicate them into each arch. And now that we have a list of common source file, we can start to remove the links to the source files on clean. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich Acked-by: Julien Grall --- xen/Makefile | 5 ----- xen/arch/arm/efi/Makefile | 4 ++-- xen/arch/x86/efi/Makefile | 5 +---- xen/common/efi/efi-common.mk | 15 +++++++++++++++ 4 files changed, 18 insertions(+), 11 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index ad9bfc2506..51d8c3b530 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -441,11 +441,6 @@ $(TARGET).gz: $(TARGET) $(TARGET): FORCE $(Q)$(MAKE) $(build)=tools $(Q)$(MAKE) $(build)=. include/xen/compile.h - [ -e arch/$(TARGET_ARCH)/efi ] && for f in $$(cd common/efi; echo *.[ch]); \ - do test -r arch/$(TARGET_ARCH)/efi/$$f || \ - ln -nsf ../../../common/efi/$$f arch/$(TARGET_ARCH)/efi/; \ - done; \ - true $(Q)$(MAKE) $(build)=include all $(Q)$(MAKE) $(build)=arch/$(TARGET_ARCH) include $(Q)$(MAKE) $(build)=. arch/$(TARGET_ARCH)/include/asm/asm-offsets.h diff --git a/xen/arch/arm/efi/Makefile b/xen/arch/arm/efi/Makefile index 1b1ed06fed..4313c39066 100644 --- a/xen/arch/arm/efi/Makefile +++ b/xen/arch/arm/efi/Makefile @@ -1,4 +1,4 @@ -CFLAGS-y += -fshort-wchar +include $(srctree)/common/efi/efi-common.mk -obj-y += boot.init.o pe.init.o ebmalloc.o runtime.o +obj-y += $(EFIOBJ-y) obj-$(CONFIG_ACPI) += efi-dom0.init.o diff --git a/xen/arch/x86/efi/Makefile b/xen/arch/x86/efi/Makefile index e08b4d8e48..034ec87895 100644 --- a/xen/arch/x86/efi/Makefile +++ b/xen/arch/x86/efi/Makefile @@ -1,4 +1,4 @@ -CFLAGS-y += -fshort-wchar +include $(srctree)/common/efi/efi-common.mk quiet_cmd_objcopy_o_ihex = OBJCOPY $@ cmd_objcopy_o_ihex = $(OBJCOPY) -I ihex -O binary $< $@ @@ -8,9 +8,6 @@ $(obj)/%.o: $(src)/%.ihex FORCE $(obj)/boot.init.o: $(obj)/buildid.o -EFIOBJ-y := boot.init.o pe.init.o ebmalloc.o runtime.o -EFIOBJ-$(CONFIG_COMPAT) += compat.o - $(call cc-option-add,cflags-stack-boundary,CC,-mpreferred-stack-boundary=4) $(addprefix $(obj)/,$(EFIOBJ-y)): CFLAGS_stack_boundary := $(cflags-stack-boundary) diff --git a/xen/common/efi/efi-common.mk b/xen/common/efi/efi-common.mk new file mode 100644 index 0000000000..960d44a6d5 --- /dev/null +++ b/xen/common/efi/efi-common.mk @@ -0,0 +1,15 @@ +EFIOBJ-y := boot.init.o pe.init.o ebmalloc.o runtime.o +EFIOBJ-$(CONFIG_COMPAT) += compat.o + +CFLAGS-y += -fshort-wchar +CFLAGS-y += -iquote $(srctree)/common/efi + +# Part of the command line transforms $(obj) +# e.g.: It transforms "dir/foo/bar" into successively +# "dir foo bar", ".. .. ..", "../../.." +$(obj)/%.c: $(srctree)/common/efi/%.c FORCE + $(Q)ln -nfs $(subst $(space),/,$(patsubst %,..,$(subst /, ,$(obj))))/common/efi/$( Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 09:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298673.508883 (Exim 4.92) (envelope-from ) id 1nbfjT-0000c5-M4; Tue, 05 Apr 2022 09:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298673.508883; Tue, 05 Apr 2022 09:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjT-0000bv-Ib; Tue, 05 Apr 2022 09:44:15 +0000 Received: by outflank-mailman (input) for mailman id 298673; Tue, 05 Apr 2022 09:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjS-0000bl-Oh for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjS-0005kM-Nn for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbfjS-0002QQ-Mz for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EUlARn/N5gtb+X0cJuymFVWLw9NBHFB/w73RXAoF5+k=; b=NRLGxzdE5x3xK0xvkFs836EGWo VmoIu8ZgStkaH1Gh8/mvAFUB1dsW+KTBZ+G0mnxAB4iE6G5XFmr851ettBqWPtSjXS5HiyAOnUb/i cb0WtcJ7RjkjdHAd8LXp/4fu93E7WhhIF15ocLUvrZ2wH2rHGKqIbC9KIQI2EMfm11yM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/APIC: calibrate against platform timer when possible Message-Id: Date: Tue, 05 Apr 2022 09:44:14 +0000 commit 3f3906b462d57613d45051940d9083d02f49d1d2 Author: Jan Beulich AuthorDate: Tue Apr 5 11:36:32 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 11:36:32 2022 +0200 x86/APIC: calibrate against platform timer when possible Use the original calibration against PIT only when the platform timer is PIT. This implicitly excludes the "xen_guest" case from using the PIT logic (init_pit() fails there, and as of 5e73b2594c54 ["x86/time: minor adjustments to init_pit()"] using_pit also isn't being set too early anymore), so the respective hack there can be dropped at the same time. This also reduces calibration time from 100ms to 50ms, albeit this step is being skipped as of 0731a56c7c72 ("x86/APIC: no need for timer calibration when using TDT") anyway. While re-indenting the PIT logic in calibrate_APIC_clock(), besides adjusting style also switch around the 2nd TSC/TMCCT read pair, to match the order of the 1st one, yielding more consistent deltas. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/apic.c | 72 ++++++++++++++++++++--------------------- xen/arch/x86/include/asm/apic.h | 3 ++ xen/arch/x86/time.c | 65 +++++++++++++++++++++++++++++++++++++ 3 files changed, 103 insertions(+), 37 deletions(-) diff --git a/xen/arch/x86/apic.c b/xen/arch/x86/apic.c index 96d73a7449..2f1403f00c 100644 --- a/xen/arch/x86/apic.c +++ b/xen/arch/x86/apic.c @@ -1183,18 +1183,20 @@ static void __init check_deadline_errata(void) "please update microcode to version %#x (or later)\n", rev); } -static void __init wait_tick_pvh(void) +uint32_t __init apic_tmcct_read(void) { - u64 lapse_ns = 1000000000ULL / HZ; - s_time_t start, curr_time; - - start = NOW(); + if ( x2apic_enabled ) + { + /* + * Have a barrier here just like in rdtsc_ordered() as it's + * unclear whether this non-serializing RDMSR also can be + * executed speculatively (like RDTSC can). + */ + alternative("lfence", "mfence", X86_FEATURE_MFENCE_RDTSC); + return apic_rdmsr(APIC_TMCCT); + } - /* Won't wrap around */ - do { - cpu_relax(); - curr_time = NOW(); - } while ( curr_time - start < lapse_ns ); + return apic_mem_read(APIC_TMCCT); } /* @@ -1212,9 +1214,6 @@ static void __init wait_tick_pvh(void) static void __init calibrate_APIC_clock(void) { - unsigned long long t1, t2; - unsigned long tt1, tt2; - unsigned int i; unsigned long bus_freq; /* KAF: pointer-size avoids compile warns. */ unsigned int bus_cycle; /* length of one bus cycle in pico-seconds */ #define LOOPS_FRAC 10U /* measure for one tenth of a second */ @@ -1227,39 +1226,38 @@ static void __init calibrate_APIC_clock(void) */ __setup_APIC_LVTT(0xffffffff); - if ( !xen_guest ) + bus_freq = calibrate_apic_timer(); + if ( !bus_freq ) + { + unsigned int i, tt1, tt2; + unsigned long t1, t2; + + ASSERT(!xen_guest); + /* - * The timer chip counts down to zero. Let's wait - * for a wraparound to start exact measurement: - * (the current tick might have been already half done) + * The timer chip counts down to zero. Let's wait for a wraparound to + * start exact measurement (the current tick might have been already + * half done): */ wait_8254_wraparound(); - else - wait_tick_pvh(); - /* - * We wrapped around just now. Let's start: - */ - t1 = rdtsc_ordered(); - tt1 = apic_read(APIC_TMCCT); + /* We wrapped around just now. Let's start: */ + t1 = rdtsc_ordered(); + tt1 = apic_read(APIC_TMCCT); - /* - * Let's wait HZ / LOOPS_FRAC ticks: - */ - for (i = 0; i < HZ / LOOPS_FRAC; i++) - if ( !xen_guest ) + /* Let's wait HZ / LOOPS_FRAC ticks: */ + for ( i = 0; i < HZ / LOOPS_FRAC; ++i ) wait_8254_wraparound(); - else - wait_tick_pvh(); - tt2 = apic_read(APIC_TMCCT); - t2 = rdtsc_ordered(); + t2 = rdtsc_ordered(); + tt2 = apic_read(APIC_TMCCT); - bus_freq = (tt1 - tt2) * APIC_DIVISOR * LOOPS_FRAC; + bus_freq = (tt1 - tt2) * APIC_DIVISOR * LOOPS_FRAC; - apic_printk(APIC_VERBOSE, "..... CPU clock speed is %lu.%04lu MHz.\n", - ((unsigned long)(t2 - t1) * LOOPS_FRAC) / 1000000, - (((unsigned long)(t2 - t1) * LOOPS_FRAC) / 100) % 10000); + apic_printk(APIC_VERBOSE, "..... CPU clock speed is %lu.%04lu MHz.\n", + ((t2 - t1) * LOOPS_FRAC) / 1000000, + (((t2 - t1) * LOOPS_FRAC) / 100) % 10000); + } apic_printk(APIC_VERBOSE, "..... host bus clock speed is %ld.%04ld MHz.\n", bus_freq / 1000000, (bus_freq / 100) % 10000); diff --git a/xen/arch/x86/include/asm/apic.h b/xen/arch/x86/include/asm/apic.h index 2fe54bbf1c..7625c0ecd6 100644 --- a/xen/arch/x86/include/asm/apic.h +++ b/xen/arch/x86/include/asm/apic.h @@ -192,6 +192,9 @@ extern void record_boot_APIC_mode(void); extern enum apic_mode current_local_apic_mode(void); extern void check_for_unexpected_msi(unsigned int vector); +uint64_t calibrate_apic_timer(void); +uint32_t apic_tmcct_read(void); + extern void check_nmi_watchdog(void); extern unsigned int nmi_watchdog; diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index c549daadcc..90fbd23cc0 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -1018,6 +1019,70 @@ static u64 __init init_platform_timer(void) return rc; } +static uint64_t __init read_pt_and_tmcct(uint32_t *tmcct) +{ + uint32_t tmcct_prev = *tmcct = apic_tmcct_read(), tmcct_min = ~0; + uint64_t best = best; + unsigned int i; + + for ( i = 0; ; ++i ) + { + uint64_t pt = plt_src.read_counter(); + uint32_t tmcct_cur = apic_tmcct_read(); + uint32_t tmcct_delta = tmcct_prev - tmcct_cur; + + if ( tmcct_delta < tmcct_min ) + { + tmcct_min = tmcct_delta; + *tmcct = tmcct_cur; + best = pt; + } + else if ( i > 2 ) + break; + + tmcct_prev = tmcct_cur; + } + + return best; +} + +uint64_t __init calibrate_apic_timer(void) +{ + uint32_t start, end; + uint64_t count = read_pt_and_tmcct(&start), elapsed; + uint64_t target = CALIBRATE_VALUE(plt_src.frequency), actual; + uint64_t mask = (uint64_t)~0 >> (64 - plt_src.counter_bits); + + /* + * PIT cannot be used here as it requires the timer interrupt to maintain + * its 32-bit software counter, yet here we run with IRQs disabled. + */ + if ( using_pit ) + return 0; + + while ( ((plt_src.read_counter() - count) & mask) < target ) + continue; + + actual = (read_pt_and_tmcct(&end) - count) & mask; + elapsed = start - end; + + if ( likely(actual > target) ) + { + /* + * See the comment in calibrate_tsc(). But first scale down values + * to actually fit muldiv64()'s input range. + */ + while ( unlikely(actual > (uint32_t)actual) ) + { + actual >>= 1; + target >>= 1; + } + elapsed = muldiv64(elapsed, target, actual); + } + + return elapsed * CALIBRATE_FRAC; +} + u64 stime2tsc(s_time_t stime) { struct cpu_time *t; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 09:44:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 09:44:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298674.508886 (Exim 4.92) (envelope-from ) id 1nbfjd-0000g3-Oc; Tue, 05 Apr 2022 09:44:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298674.508886; Tue, 05 Apr 2022 09:44:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjd-0000fv-LV; Tue, 05 Apr 2022 09:44:25 +0000 Received: by outflank-mailman (input) for mailman id 298674; Tue, 05 Apr 2022 09:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjc-0000fd-SI for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjc-0005kg-RO for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbfjc-0002Qz-QN for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XF4H8R80Tzz/6xRRzEMt2iXjtTJ0fb+enT2XvYFmyU4=; b=nEr5sGTPCGIX17Vzi8Q7P+6Ck7 YN/rN1Bs2voJOvrp3tYqs+Z0YrVAffQYiScO9GZWtByeVwAjIGJj/STzvBbqshJS9WAUHbLfRWLNC gpxcHPdvMsb0cST8ANx7uwi24SPP11VZ5ZgKKLncfxDD7Dur35cjOMrd1pO3O61zbOyw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/APIC: make connections between seemingly arbitrary numbers Message-Id: Date: Tue, 05 Apr 2022 09:44:24 +0000 commit 5c04f6b4878ef92356f67fc3a192c6375ef28ec8 Author: Jan Beulich AuthorDate: Tue Apr 5 11:38:04 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 11:38:04 2022 +0200 x86/APIC: make connections between seemingly arbitrary numbers Making adjustments to arbitrarily chosen values shouldn't require auditing the code for possible derived numbers - such a change should be doable in a single place, having an effect on all code depending on that choice. For one make the TDCR write actually use APIC_DIVISOR. With the necessary mask constant introduced, also use that in vLAPIC code. While introducing the constant, drop APIC_TDR_DIV_TMBASE: The bit has been undefined in halfway recent SDM and PM versions. And then introduce a constant tying together the scale used when converting nanoseconds to bus clocks. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/apic.c | 13 ++++++++----- xen/arch/x86/hvm/vlapic.c | 6 +++--- xen/arch/x86/include/asm/apicdef.h | 2 +- xen/include/xen/lib.h | 4 ++++ 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/apic.c b/xen/arch/x86/apic.c index 2f1403f00c..47e6e5fe41 100644 --- a/xen/arch/x86/apic.c +++ b/xen/arch/x86/apic.c @@ -1078,8 +1078,8 @@ static void __setup_APIC_LVTT(unsigned int clocks) lvtt_value = APIC_TIMER_MODE_ONESHOT | LOCAL_TIMER_VECTOR; apic_write(APIC_LVTT, lvtt_value); - tmp_value = apic_read(APIC_TDCR); - apic_write(APIC_TDCR, tmp_value | APIC_TDR_DIV_1); + tmp_value = apic_read(APIC_TDCR) & ~APIC_TDR_DIV_MASK; + apic_write(APIC_TDCR, tmp_value | PASTE(APIC_TDR_DIV_, APIC_DIVISOR)); apic_write(APIC_TMICT, clocks / APIC_DIVISOR); } @@ -1212,6 +1212,8 @@ uint32_t __init apic_tmcct_read(void) * APIC irq that way. */ +#define BUS_SCALE_SHIFT 18 + static void __init calibrate_APIC_clock(void) { unsigned long bus_freq; /* KAF: pointer-size avoids compile warns. */ @@ -1265,8 +1267,8 @@ static void __init calibrate_APIC_clock(void) /* set up multipliers for accurate timer code */ bus_cycle = 1000000000000UL / bus_freq; /* in pico seconds */ bus_cycle += (1000000000000UL % bus_freq) * 2 > bus_freq; - bus_scale = (1000*262144)/bus_cycle; - bus_scale += ((1000 * 262144) % bus_cycle) * 2 > bus_cycle; + bus_scale = (1000 << BUS_SCALE_SHIFT) / bus_cycle; + bus_scale += ((1000 << BUS_SCALE_SHIFT) % bus_cycle) * 2 > bus_cycle; apic_printk(APIC_VERBOSE, "..... bus_scale = %#x\n", bus_scale); /* reset APIC to zero timeout value */ @@ -1353,7 +1355,8 @@ int reprogram_timer(s_time_t timeout) } if ( timeout && ((expire = timeout - NOW()) > 0) ) - apic_tmict = min_t(u64, (bus_scale * expire) >> 18, UINT_MAX); + apic_tmict = min_t(uint64_t, (bus_scale * expire) >> BUS_SCALE_SHIFT, + UINT32_MAX); apic_write(APIC_TMICT, (unsigned long)apic_tmict); diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c index 49be9c8ea4..257d3b6851 100644 --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c @@ -580,7 +580,7 @@ static uint32_t vlapic_get_tmcct(const struct vlapic *vlapic) static void vlapic_set_tdcr(struct vlapic *vlapic, unsigned int val) { /* Only bits 0, 1 and 3 are settable; others are MBZ. */ - val &= 0xb; + val &= APIC_TDR_DIV_MASK; vlapic_set_reg(vlapic, APIC_TDCR, val); /* Update the demangled hw.timer_divisor. */ @@ -888,7 +888,7 @@ void vlapic_reg_write(struct vcpu *v, unsigned int reg, uint32_t val) { uint32_t current_divisor = vlapic->hw.timer_divisor; - vlapic_set_tdcr(vlapic, val & 0xb); + vlapic_set_tdcr(vlapic, val); vlapic_update_timer(vlapic, vlapic_get_reg(vlapic, APIC_LVTT), false, current_divisor); @@ -1020,7 +1020,7 @@ int guest_wrmsr_x2apic(struct vcpu *v, uint32_t msr, uint64_t msr_content) break; case APIC_TDCR: - if ( msr_content & ~APIC_TDR_DIV_1 ) + if ( msr_content & ~APIC_TDR_DIV_MASK ) return X86EMUL_EXCEPTION; break; diff --git a/xen/arch/x86/include/asm/apicdef.h b/xen/arch/x86/include/asm/apicdef.h index 0633da9fe1..2440d83c8d 100644 --- a/xen/arch/x86/include/asm/apicdef.h +++ b/xen/arch/x86/include/asm/apicdef.h @@ -106,7 +106,7 @@ #define APIC_TMICT 0x380 #define APIC_TMCCT 0x390 #define APIC_TDCR 0x3E0 -#define APIC_TDR_DIV_TMBASE (1<<2) +#define APIC_TDR_DIV_MASK 0xB #define APIC_TDR_DIV_1 0xB #define APIC_TDR_DIV_2 0x0 #define APIC_TDR_DIV_4 0x1 diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index bf6470a2e7..b9b24a0436 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -13,6 +13,10 @@ #define count_args(args...) \ count_args_(., ## args, 8, 7, 6, 5, 4, 3, 2, 1, 0) +/* Indirect macros required for expanded argument pasting. */ +#define PASTE_(a, b) a ## b +#define PASTE(a, b) PASTE_(a, b) + #ifndef __ASSEMBLY__ #include -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 09:44:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 09:44:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298675.508890 (Exim 4.92) (envelope-from ) id 1nbfjn-0000is-Pp; Tue, 05 Apr 2022 09:44:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298675.508890; Tue, 05 Apr 2022 09:44:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjn-0000ii-N5; Tue, 05 Apr 2022 09:44:35 +0000 Received: by outflank-mailman (input) for mailman id 298675; Tue, 05 Apr 2022 09:44:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjm-0000iK-VK for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjm-0005kq-UU for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbfjm-0002Rl-Th for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=W3/QX0FQ+rGVTb/wskXHKk6p+KSDiWLM5JlaQrfuM3w=; b=Kb+dvHlk4BRMBc2AuwN9L9peah cfZkcou3u0/JzQxncFwon0uabl+CY7WGMQGGj+IgIpcz1Q9fdoVdHHp+hOq0kJ3TnlkY1uttFaodo wPTFtiSYUMBxj0ulD8UtamBGgDGKwlzyKFa8pfsdwEonLryeqKjg2wLTzHTj12YuwaQU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] include: move STR() and IS_ALIGNED() Message-Id: Date: Tue, 05 Apr 2022 09:44:34 +0000 commit 472839e61c7c2a8a5d8221834761de85e745ae33 Author: Jan Beulich AuthorDate: Tue Apr 5 11:39:12 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 11:39:12 2022 +0200 include: move STR() and IS_ALIGNED() lib.h is imo a better fit for them than config.h. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall Reviewed-by: Roger Pau MonnĂ© --- xen/arch/arm/xen.lds.S | 1 + xen/arch/x86/xen.lds.S | 1 + xen/include/xen/config.h | 5 ----- xen/include/xen/lib.h | 5 +++++ 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S index 7921d8fa28..ad7f966f0e 100644 --- a/xen/arch/arm/xen.lds.S +++ b/xen/arch/arm/xen.lds.S @@ -3,6 +3,7 @@ /* Modified for ARM Xen by Ian Campbell */ #include +#include #include #undef ENTRY #undef ALIGN diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 3f9f633f55..6926e88e54 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -2,6 +2,7 @@ /* Modified for i386/x86-64 Xen by Keir Fraser */ #include +#include #include #undef ENTRY #undef ALIGN diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h index b76222ecf6..85c6f59be9 100644 --- a/xen/include/xen/config.h +++ b/xen/include/xen/config.h @@ -82,11 +82,6 @@ #define MB(_mb) (_AC(_mb, ULL) << 20) #define GB(_gb) (_AC(_gb, ULL) << 30) -#define IS_ALIGNED(val, align) (((val) & ((align) - 1)) == 0) - -#define __STR(...) #__VA_ARGS__ -#define STR(...) __STR(__VA_ARGS__) - /* allow existing code to work with Kconfig variable */ #define NR_CPUS CONFIG_NR_CPUS diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index b9b24a0436..aab1fc7c4a 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -3,6 +3,8 @@ #define ROUNDUP(x, a) (((x) + (a) - 1) & ~((a) - 1)) +#define IS_ALIGNED(val, align) (!((val) & ((align) - 1))) + #define DIV_ROUND(n, d) (((n) + (d) / 2) / (d)) #define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) @@ -17,6 +19,9 @@ #define PASTE_(a, b) a ## b #define PASTE(a, b) PASTE_(a, b) +#define __STR(...) #__VA_ARGS__ +#define STR(...) __STR(__VA_ARGS__) + #ifndef __ASSEMBLY__ #include -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 09:44:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 09:44:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298676.508894 (Exim 4.92) (envelope-from ) id 1nbfjx-0000m0-RX; Tue, 05 Apr 2022 09:44:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298676.508894; Tue, 05 Apr 2022 09:44:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjx-0000ls-Ob; Tue, 05 Apr 2022 09:44:45 +0000 Received: by outflank-mailman (input) for mailman id 298676; Tue, 05 Apr 2022 09:44:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjx-0000lf-2J for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbfjx-0005l0-1O for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbfjx-0002SX-0T for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 09:44:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=w8j6Ym20Pxenba6/1MbF5DbqcNh7nw3+apkWA4LJxgs=; b=BNCUPmxigdmjoPBSZHnUP39OCY 4Nb8hwdjts3YdzOc4KasNoWDBBcBWgdpo72UNQTKrW7YDgJStjmNrxooWXmvKDE2PPdqVNiyacnfl OcX5psM3zPn9mrBzdONGuB7G+x7Bb9WntpbYJYLr6kjQ7RkqzuCH+X9cwh3j9hvOfnoA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/time: use fake read_tsc() Message-Id: Date: Tue, 05 Apr 2022 09:44:45 +0000 commit 120e26c2bb0097a589d718b1b58d7052ccce4458 Author: Jan Beulich AuthorDate: Tue Apr 5 11:40:58 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 11:40:58 2022 +0200 x86/time: use fake read_tsc() Go a step further than bed9ae54df44 ("x86/time: switch platform timer hooks to altcall") did and eliminate the "real" read_tsc() altogether: It's not used except in pointer comparisons, and hence it looks overall more safe to simply poison plt_tsc's read_counter hook. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/time.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index 90fbd23cc0..b01acd390d 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -607,16 +607,18 @@ static s64 __init cf_check init_tsc(struct platform_timesource *pts) return ret; } -static uint64_t __init cf_check read_tsc(void) -{ - return rdtsc_ordered(); -} +/* + * plt_tsc's read_counter hook is not (and should not be) invoked via the + * struct field. To avoid carrying an unused, indirectly reachable function, + * poison the field with an easily identifiable non-canonical pointer. + */ +#define READ_TSC_POISON ((uint64_t(*)(void))0x75C75C75C75C75C0ul) static struct platform_timesource __initdata_cf_clobber plt_tsc = { .id = "tsc", .name = "TSC", - .read_counter = read_tsc, + .read_counter = READ_TSC_POISON, /* * Calculations for platform timer overflow assume u64 boundary. * Hence we set to less than 64, such that the TSC wraparound is @@ -846,7 +848,7 @@ static uint64_t read_counter(void) * hence we can't invoke read_tsc() that way. Special case it here, open- * coding the function call at the same time. */ - return plt_src.read_counter != read_tsc + return plt_src.read_counter != READ_TSC_POISON ? alternative_call(plt_src.read_counter) : rdtsc_ordered(); } @@ -2510,7 +2512,7 @@ uint64_t pv_soft_rdtsc(const struct vcpu *v, const struct cpu_user_regs *regs) bool clocksource_is_tsc(void) { - return plt_src.read_counter == read_tsc; + return plt_src.read_counter == READ_TSC_POISON; } int host_tsc_is_safe(void) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:33:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298958.509224 (Exim 4.92) (envelope-from ) id 1nbiMs-0000h0-Ne; Tue, 05 Apr 2022 12:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298958.509224; Tue, 05 Apr 2022 12:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiMs-0000gs-Kp; Tue, 05 Apr 2022 12:33:06 +0000 Received: by outflank-mailman (input) for mailman id 298958; Tue, 05 Apr 2022 12:33:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiMr-0000gm-8w for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiMr-0000Mt-5s for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiMr-0001Cl-4t for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BqxfjvnqEbNqoyz1x9vBsUdGhxhd4tAb+Sn4HKbuMcs=; b=r7XCgCxjLLYqTdd6mUwKRJkZu/ CtgB4Y7X8GZZFE6DQa+TzBRLB2fd6CdDRu2LhEgnlIV8YaQv89teSK0EFvo0izqeznel6/7vQZpCY uCjyvWDLvKlMwSbF1UDW36kt+4iak7umYeeiapeQyWrpIKiGJhd33cUj3RR+lYnEAniY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hap: do not switch on log dirty for VRAM tracking Message-Id: Date: Tue, 05 Apr 2022 12:33:05 +0000 commit 4f4db53784d912c4f409a451c36ebfd4754e0a42 Author: Roger Pau Monne AuthorDate: Wed Feb 23 09:40:40 2022 +0100 Commit: Jan Beulich CommitDate: Tue Apr 5 14:11:30 2022 +0200 x86/hap: do not switch on log dirty for VRAM tracking XEN_DMOP_track_dirty_vram possibly calls into paging_log_dirty_enable when using HAP mode, and it can interact badly with other ongoing paging domctls, as XEN_DMOP_track_dirty_vram is not holding the domctl lock. This was detected as a result of the following assert triggering when doing repeated migrations of a HAP HVM domain with a stubdom: Assertion 'd->arch.paging.log_dirty.allocs == 0' failed at paging.c:198 ----[ Xen-4.17-unstable x86_64 debug=y Not tainted ]---- CPU: 34 RIP: e008:[] arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x6 RFLAGS: 0000000000010206 CONTEXT: hypervisor (d0v23) [...] Xen call trace: [] R arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x63a [] S xsm/flask/hooks.c#domain_has_perm+0x5a/0x67 [] F paging_domctl+0x251/0xd41 [] F paging_domctl_continuation+0x19d/0x202 [] F pv_hypercall+0x150/0x2a7 [] F lstar_enter+0x12d/0x140 Such assert triggered because the stubdom used XEN_DMOP_track_dirty_vram while dom0 was in the middle of executing XEN_DOMCTL_SHADOW_OP_OFF, and so log dirty become enabled while retiring the old structures, thus leading to new entries being populated in already clear slots. Fix this by not enabling log dirty for VRAM tracking, similar to what is done when using shadow instead of HAP. Call p2m_enable_hardware_log_dirty when enabling VRAM tracking in order to get some hardware assistance if available. As a side effect the memory pressure on the p2m pool should go down if only VRAM tracking is enabled, as the dirty bitmap is no longer allocated. Note that paging_log_dirty_range (used to get the dirty bitmap for VRAM tracking) doesn't use the log dirty bitmap, and instead relies on checking whether each gfn on the range has been switched from p2m_ram_logdirty to p2m_ram_rw in order to account for dirty pages. This is CVE-2022-26356 / XSA-397. Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/paging.h | 3 --- xen/arch/x86/mm/hap/hap.c | 11 ++++------- xen/arch/x86/mm/paging.c | 2 +- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/include/asm/paging.h b/xen/arch/x86/include/asm/paging.h index f0b4efc66e..b7ecfd4721 100644 --- a/xen/arch/x86/include/asm/paging.h +++ b/xen/arch/x86/include/asm/paging.h @@ -160,9 +160,6 @@ void paging_log_dirty_range(struct domain *d, unsigned long nr, uint8_t *dirty_bitmap); -/* enable log dirty */ -int paging_log_dirty_enable(struct domain *d, bool log_global); - /* log dirty initialization */ void paging_log_dirty_init(struct domain *d, const struct log_dirty_ops *ops); diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index c19e337d65..79929774e8 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -69,13 +69,6 @@ int hap_track_dirty_vram(struct domain *d, { unsigned int size = DIV_ROUND_UP(nr_frames, BITS_PER_BYTE); - if ( !paging_mode_log_dirty(d) ) - { - rc = paging_log_dirty_enable(d, false); - if ( rc ) - goto out; - } - rc = -ENOMEM; dirty_bitmap = vzalloc(size); if ( !dirty_bitmap ) @@ -107,6 +100,10 @@ int hap_track_dirty_vram(struct domain *d, paging_unlock(d); + domain_pause(d); + p2m_enable_hardware_log_dirty(d); + domain_unpause(d); + if ( oend > ostart ) p2m_change_type_range(d, ostart, oend, p2m_ram_logdirty, p2m_ram_rw); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index 1f0b94ad21..b7e2750817 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -212,7 +212,7 @@ static int paging_free_log_dirty_bitmap(struct domain *d, int rc) return rc; } -int paging_log_dirty_enable(struct domain *d, bool log_global) +static int paging_log_dirty_enable(struct domain *d, bool log_global) { int ret; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:33:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:33:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298959.509228 (Exim 4.92) (envelope-from ) id 1nbiN2-0000jc-P5; Tue, 05 Apr 2022 12:33:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298959.509228; Tue, 05 Apr 2022 12:33:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiN2-0000jU-MF; Tue, 05 Apr 2022 12:33:16 +0000 Received: by outflank-mailman (input) for mailman id 298959; Tue, 05 Apr 2022 12:33:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiN1-0000jF-9k for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiN1-0000N4-8y for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiN1-0001Ds-8C for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+nas9WtfmHCvMllqOaZSVtzSh7DABHdZtXYi4ist7CY=; b=a9UhaM2sU6Qq8toA2mDF/rS5X0 7jWlbxvMPtEVdH1mPc1LOC8BcfjkfYymGSYHZSmRhIykrvFHn/1zdXVQbr2Bu/kCHOfAIhEatT74B Okw9WKBxJqj6jD670La/6ncME1W834iX/yfibL+05R8i6cbc9qSayHWuTmb5rjSd7o7k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: correct ordering of operations in cleanup_domid_map() Message-Id: Date: Tue, 05 Apr 2022 12:33:15 +0000 commit d9eca7bb6c6636eb87bb17b08ba7de270f47ecd0 Author: Jan Beulich AuthorDate: Tue Apr 5 14:12:27 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:12:27 2022 +0200 VT-d: correct ordering of operations in cleanup_domid_map() The function may be called without any locks held (leaving aside the domctl one, which we surely don't want to depend on here), so needs to play safe wrt other accesses to domid_map[] and domid_bitmap[]. This is to avoid context_set_domain_id()'s writing of domid_map[] to be reset to zero right away in the case of it racing the freeing of a DID. For the interaction with context_set_domain_id() and did_to_domain_id() see the code comment. {check_,}cleanup_domid_map() are called with pcidevs_lock held or during domain cleanup only (and pcidevs_lock is also held around context_set_domain_id()), i.e. racing calls with the same (dom, iommu) tuple cannot occur. domain_iommu_domid(), besides its use by cleanup_domid_map(), has its result used only to control flushing, and hence a stale result would only lead to a stray extra flush. This is CVE-2022-26357 / XSA-399. Fixes: b9c20c78789f ("VT-d: per-iommu domain-id") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/vtd/iommu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 82b485e7d4..c466eef56e 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -175,8 +175,14 @@ static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) if ( iommu_domid >= 0 ) { + /* + * Update domid_map[] /before/ domid_bitmap[] to avoid a race with + * context_set_domain_id(), setting the slot to DOMID_INVALID for + * did_to_domain_id() to return a suitable value while the bit is + * still set. + */ + iommu->domid_map[iommu_domid] = DOMID_INVALID; clear_bit(iommu_domid, iommu->domid_bitmap); - iommu->domid_map[iommu_domid] = 0; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:33:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:33:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298960.509232 (Exim 4.92) (envelope-from ) id 1nbiNC-0000nR-R6; Tue, 05 Apr 2022 12:33:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298960.509232; Tue, 05 Apr 2022 12:33:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNC-0000nI-Nn; Tue, 05 Apr 2022 12:33:26 +0000 Received: by outflank-mailman (input) for mailman id 298960; Tue, 05 Apr 2022 12:33:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNB-0000mk-D8 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNB-0000NH-CE for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiNB-0001EX-BM for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nkiGhh6FJLzKSPwQvaJlPs8N3Knb879914TTQjO4rvg=; b=gyiqDUdns772l9qrmJ2hAC2DsX VqLu3V+6Xasbm2VCoKddHkt9moa8peK0fIjAcf0QiYqpJoaHGDBcg+ej9ises+TEjzXs9Mf/QTHQ5 puWALLvFPTv3i9yuMhe0CtDziI3gWBOrWS6gefMOsFgso+qdbCaLlZ8Hjj7JhX0InQQg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: fix (de)assign ordering when RMRRs are in use Message-Id: Date: Tue, 05 Apr 2022 12:33:25 +0000 commit 78a40f8b5dfa1a3aec43528663f39473d4429101 Author: Jan Beulich AuthorDate: Tue Apr 5 14:15:33 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:15:33 2022 +0200 VT-d: fix (de)assign ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully updated. Also adjust a related log message. This is CVE-2022-26358 / part of XSA-400. Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 56 ++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index c466eef56e..752024ee10 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2409,6 +2409,10 @@ static int cf_check reassign_device_ownership( { int ret; + ret = domain_context_unmap(source, devfn, pdev); + if ( ret ) + return ret; + /* * If the device belongs to the hardware domain, and it has RMRR, don't * remove it from the hardware domain, because BIOS may use RMRR at @@ -2437,10 +2441,6 @@ static int cf_check reassign_device_ownership( } } - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; - if ( devfn == pdev->devfn && pdev->domain != dom_io ) { list_move(&pdev->domain_list, &dom_io->pdev_list); @@ -2525,9 +2525,8 @@ static int cf_check intel_iommu_assign_device( } } - ret = reassign_device_ownership(s, d, devfn, pdev); - if ( ret || d == dom_io ) - return ret; + if ( d == dom_io ) + return reassign_device_ownership(s, d, devfn, pdev); /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) @@ -2540,20 +2539,37 @@ static int cf_check intel_iommu_assign_device( rmrr->end_address, flag); if ( ret ) { - int rc; - - rc = reassign_device_ownership(d, s, devfn, pdev); printk(XENLOG_G_ERR VTDPREFIX - " cannot map reserved region (%"PRIx64",%"PRIx64"] for Dom%d (%d)\n", - rmrr->base_address, rmrr->end_address, - d->domain_id, ret); - if ( rc ) - { - printk(XENLOG_ERR VTDPREFIX - " failed to reclaim %pp from %pd (%d)\n", - &PCI_SBDF3(seg, bus, devfn), d, rc); - domain_crash(d); - } + "%pd: cannot map reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, ret); + break; + } + } + } + + if ( !ret ) + ret = reassign_device_ownership(s, d, devfn, pdev); + + /* See reassign_device_ownership() for the hwdom aspect. */ + if ( !ret || is_hardware_domain(d) ) + return ret; + + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment == seg && + PCI_BUS(bdf) == bus && + PCI_DEVFN2(bdf) == devfn ) + { + int rc = iommu_identity_mapping(d, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); + + if ( rc && rc != -ENOENT ) + { + printk(XENLOG_ERR VTDPREFIX + "%pd: cannot unmap reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, rc); + domain_crash(d); break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:33:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:33:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298961.509236 (Exim 4.92) (envelope-from ) id 1nbiNL-0000qF-SD; Tue, 05 Apr 2022 12:33:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298961.509236; Tue, 05 Apr 2022 12:33:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNL-0000q7-PN; Tue, 05 Apr 2022 12:33:35 +0000 Received: by outflank-mailman (input) for mailman id 298961; Tue, 05 Apr 2022 12:33:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNL-0000q1-GL for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNL-0000NR-FS for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiNL-0001F7-ET for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yP2bTXMGkmP7iPV29Gx6rxenrx3J9fp4pCTpSFc6FCY=; b=U+8jkafe3xYYnbUhKmcrbd6aly LJw0B+I+uOlBYvo2fcKNtYDLIC1lH3+gIScum/YYBtvltHTznb3e+OAphowjxvULw4mMufIUa7jdu KCZT2fufRcSU9NYI+lOW+9FNUVjsg5IYBf/lIIDBwBn7IPzslNwj0la7EkekJpz/2RLw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: fix add/remove ordering when RMRRs are in use Message-Id: Date: Tue, 05 Apr 2022 12:33:35 +0000 commit 3221f270cf2eba0a22fd4f92319d664eacb92889 Author: Jan Beulich AuthorDate: Tue Apr 5 14:16:10 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:16:10 2022 +0200 VT-d: fix add/remove ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully cleared. Also switch to %pd in related log messages. Fixes: fa88cfadf918 ("vt-d: Map RMRR in intel_iommu_add_device() if the device has RMRR") Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 752024ee10..06ba21aad8 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1992,14 +1992,6 @@ static int cf_check intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - ret = domain_context_mapping(pdev->domain, devfn, pdev); - if ( ret ) - { - dprintk(XENLOG_ERR VTDPREFIX, "d%d: context mapping failed\n", - pdev->domain->domain_id); - return ret; - } - for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment == pdev->seg && @@ -2016,12 +2008,17 @@ static int cf_check intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) rmrr->base_address, rmrr->end_address, 0); if ( ret ) - dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", - pdev->domain->domain_id); + dprintk(XENLOG_ERR VTDPREFIX, "%pd: RMRR mapping failed\n", + pdev->domain); } } - return 0; + ret = domain_context_mapping(pdev->domain, devfn, pdev); + if ( ret ) + dprintk(XENLOG_ERR VTDPREFIX, "%pd: context mapping failed\n", + pdev->domain); + + return ret; } static int cf_check intel_iommu_enable_device(struct pci_dev *pdev) @@ -2043,11 +2040,15 @@ static int cf_check intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; - int i; + int ret, i; if ( !pdev->domain ) return -EINVAL; + ret = domain_context_unmap(pdev->domain, devfn, pdev); + if ( ret ) + return ret; + for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment != pdev->seg || @@ -2063,7 +2064,7 @@ static int cf_check intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } - return domain_context_unmap(pdev->domain, devfn, pdev); + return 0; } static int __hwdom_init cf_check setup_hwdom_device( -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:33:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:33:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298962.509241 (Exim 4.92) (envelope-from ) id 1nbiNW-0000tl-VV; Tue, 05 Apr 2022 12:33:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298962.509241; Tue, 05 Apr 2022 12:33:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNW-0000tb-Qt; Tue, 05 Apr 2022 12:33:46 +0000 Received: by outflank-mailman (input) for mailman id 298962; Tue, 05 Apr 2022 12:33:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNV-0000t7-Jl for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNV-0000Nb-Ix for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiNV-0001Fk-IA for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ApkQOIQFP0F2fNih/1XpumTMYRfXy66QvY4Hufc2La8=; b=m5UZ2zr/hSmkvUcb/TACBLCbHF mb4qwGb1NbVZb9KB7i6z10tYWMTdLwQZOvCVqQueUsJnQLoyWowoU33XxhI96JnnKMEncJ7T4XDpN QdsX2akpbS78bVGtYx+LNJ4WY2BC7S9ibEAKhVL8YZ8QEgE3zMch52jVURVYBcsXOtFY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter Message-Id: Date: Tue, 05 Apr 2022 12:33:45 +0000 commit eba09b9dd78f9e8cbaa78ef0edb301b32def2c7a Author: Jan Beulich AuthorDate: Tue Apr 5 14:16:46 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:16:46 2022 +0200 IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter This is to make more obvious that nothing outside of domain_iommu(d) actually changes or is otherwise needed by the function. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian --- xen/arch/x86/include/asm/iommu.h | 3 ++- xen/drivers/passthrough/amd/iommu_map.c | 10 +++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 8 ++++---- xen/drivers/passthrough/x86/iommu.c | 3 +-- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index e3484ca023..5060f97124 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -141,7 +141,8 @@ static inline void iommu_sync_cache(const void *addr, unsigned int size) } int __must_check iommu_free_pgtables(struct domain *d); -struct page_info *__must_check iommu_alloc_pgtable(struct domain *d); +struct domain_iommu; +struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); #endif /* !__ARCH_X86_IOMMU_H__ */ /* diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index bf5df5fe5d..70089db76d 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -184,7 +184,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, unsigned long next_table_mfn; unsigned int level; struct page_info *table; - const struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(d); table = hd->arch.amd.root_table; level = hd->arch.amd.paging_mode; @@ -219,7 +219,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, mfn = next_table_mfn; /* allocate lower level page table */ - table = iommu_alloc_pgtable(d); + table = iommu_alloc_pgtable(hd); if ( table == NULL ) { AMD_IOMMU_ERROR("cannot allocate I/O page table\n"); @@ -249,7 +249,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, if ( next_table_mfn == 0 ) { - table = iommu_alloc_pgtable(d); + table = iommu_alloc_pgtable(hd); if ( table == NULL ) { AMD_IOMMU_ERROR("cannot allocate I/O page table\n"); @@ -555,7 +555,7 @@ int __init cf_check amd_iommu_quarantine_init(struct domain *d) spin_lock(&hd->arch.mapping_lock); - hd->arch.amd.root_table = iommu_alloc_pgtable(d); + hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) goto out; @@ -570,7 +570,7 @@ int __init cf_check amd_iommu_quarantine_init(struct domain *d) * page table pages, and the resulting allocations are always * zeroed. */ - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); if ( !pg ) break; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 4b59a4efe9..7b21380a46 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -242,7 +242,7 @@ int amd_iommu_alloc_root(struct domain *d) if ( unlikely(!hd->arch.amd.root_table) ) { - hd->arch.amd.root_table = iommu_alloc_pgtable(d); + hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) return -ENOMEM; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 06ba21aad8..0e90089c9b 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -318,7 +318,7 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) { struct page_info *pg; - if ( !alloc || !(pg = iommu_alloc_pgtable(domain)) ) + if ( !alloc || !(pg = iommu_alloc_pgtable(hd)) ) goto out; hd->arch.vtd.pgd_maddr = page_to_maddr(pg); @@ -338,7 +338,7 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) if ( !alloc ) break; - pg = iommu_alloc_pgtable(domain); + pg = iommu_alloc_pgtable(hd); if ( !pg ) break; @@ -2758,7 +2758,7 @@ static int __init cf_check intel_iommu_quarantine_init(struct domain *d) goto out; } - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); rc = -ENOMEM; if ( !pg ) @@ -2777,7 +2777,7 @@ static int __init cf_check intel_iommu_quarantine_init(struct domain *d) * page table pages, and the resulting allocations are always * zeroed. */ - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); if ( !pg ) goto out; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 65a622f26d..9c5fb6fa46 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -420,9 +420,8 @@ int iommu_free_pgtables(struct domain *d) return 0; } -struct page_info *iommu_alloc_pgtable(struct domain *d) +struct page_info *iommu_alloc_pgtable(struct domain_iommu *hd) { - struct domain_iommu *hd = dom_iommu(d); unsigned int memflags = 0; struct page_info *pg; void *p; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:33:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:33:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298963.509244 (Exim 4.92) (envelope-from ) id 1nbiNh-0000x0-0s; Tue, 05 Apr 2022 12:33:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298963.509244; Tue, 05 Apr 2022 12:33:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNg-0000ws-U3; Tue, 05 Apr 2022 12:33:56 +0000 Received: by outflank-mailman (input) for mailman id 298963; Tue, 05 Apr 2022 12:33:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNf-0000wi-Mh for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNf-0000PJ-Lq for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiNf-0001Gk-LH for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:33:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xkGvTUuRYAjtsufqmH5pUy1px5s1aeqKUyOAXlQ88Jw=; b=ALvydRi97IanAFhgNPy/NJI8Bm +inAOb23hHdLqE0b8DR3KjxlgEMH8T8e1xytWYfweetdH5UFAYpQjAhHzLTSLY3MNaIdH4lA5qoT2 RU/TG6dNt2uTzCzHOQXPJbAGmpnqAvUcbYFBgZ2s3qDN68amwcKaLhv4nEeY+hY9tUM8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: drop ownership checking from domain_context_mapping_one() Message-Id: Date: Tue, 05 Apr 2022 12:33:55 +0000 commit a680b8134b2d1828bbbf443a97feea66e8a85c75 Author: Jan Beulich AuthorDate: Tue Apr 5 14:17:21 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:17:21 2022 +0200 VT-d: drop ownership checking from domain_context_mapping_one() Despite putting in quite a bit of effort it was not possible to establish why exactly this code exists (beyond possibly sanity checking). Instead of a subsequent change further complicating this logic, simply get rid of it. Take the opportunity and move the respective unmap_vtd_domain_page() out of the locked region. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 61 ++----------------------------------- 1 file changed, 2 insertions(+), 59 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 0e90089c9b..b1eeba377e 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -142,28 +142,6 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static int context_get_domain_id(const struct context_entry *context, - const struct vtd_iommu *iommu) -{ - int domid = -1; - - if ( iommu && context ) - { - unsigned int dom_index = context_domain_id(*context); - - domid = did_to_domain_id(iommu, dom_index); - if ( domid == DOMID_INVALID ) - { - dprintk(XENLOG_DEBUG VTDPREFIX, - "no domid for did %u (nr_dom %u)\n", - dom_index, cap_ndoms(iommu->cap)); - domid = -1; - } - } - - return domid; -} - static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) { int iommu_domid; @@ -1410,44 +1388,9 @@ int domain_context_mapping_one( if ( context_present(*context) ) { - int res = 0; - - /* Try to get domain ownership from device structure. If that's - * not available, try to read it from the context itself. */ - if ( pdev ) - { - if ( pdev->domain != domain ) - { - printk(XENLOG_G_INFO VTDPREFIX "%pd: %pp owned by %pd", - domain, &PCI_SBDF3(seg, bus, devfn), - pdev->domain); - res = -EINVAL; - } - } - else - { - int cdomain; - cdomain = context_get_domain_id(context, iommu); - - if ( cdomain < 0 ) - { - printk(XENLOG_G_WARNING VTDPREFIX - "%pd: %pp mapped, but can't find owner\n", - domain, &PCI_SBDF3(seg, bus, devfn)); - res = -EINVAL; - } - else if ( cdomain != domain->domain_id ) - { - printk(XENLOG_G_INFO VTDPREFIX - "%pd: %pp already mapped to d%d", - domain, &PCI_SBDF3(seg, bus, devfn), cdomain); - res = -EINVAL; - } - } - - unmap_vtd_domain_page(context_entries); spin_unlock(&iommu->lock); - return res; + unmap_vtd_domain_page(context_entries); + return 0; } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:34:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:34:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298964.509248 (Exim 4.92) (envelope-from ) id 1nbiNr-0000zv-2b; Tue, 05 Apr 2022 12:34:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298964.509248; Tue, 05 Apr 2022 12:34:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNq-0000zl-Vi; Tue, 05 Apr 2022 12:34:06 +0000 Received: by outflank-mailman (input) for mailman id 298964; Tue, 05 Apr 2022 12:34:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNp-0000zZ-Pt for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNp-0000Pz-P2 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiNp-0001IH-OG for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qKo4xGM+SeyeRPuhUwO5EyvKGHC7gpjdQn1O1KVrE3s=; b=xcT0Jnj+DQU0eVZx5SibYROIGB KNhNEW69qjG30Iw/viXjwAPXxdkK6M4bhu9j7c9Z3GSyL4LoTj6mB698lFKGFJjamvTeJaqk2n/4C nopRNOIq9CjW3Qy0Ys9t8TuH6TB+Xzd1SGIkJYWuwaLfi8VgHXFLYQENlHfQvVvse878=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: re-assign devices directly Message-Id: Date: Tue, 05 Apr 2022 12:34:05 +0000 commit 8f41e481b4852173909363b88c1ab3da747d3a05 Author: Jan Beulich AuthorDate: Tue Apr 5 14:17:42 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:17:42 2022 +0200 VT-d: re-assign devices directly Devices with RMRRs, due to it being unspecified how/when the specified memory regions may get accessed, may not be left disconnected from their respective mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than unmapping the old context and then mapping the new one, re-assignment needs to be done in a single step. This is CVE-2022-26359 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any RMRRs. The main difference is when it comes to updating context entries, which need to be atomic when there are RMRRs. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. The seemingly complicated choice of non-negative return values for domain_context_mapping_one() is to limit code churn: This way callers passing NULL for pdev don't need fiddling with. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/vtd/extern.h | 7 +- xen/drivers/passthrough/vtd/iommu.c | 284 ++++++++++++++++++++++++++--------- xen/drivers/passthrough/vtd/iommu.h | 8 +- xen/drivers/passthrough/vtd/quirks.c | 14 +- xen/drivers/passthrough/vtd/vtd.h | 10 +- 5 files changed, 243 insertions(+), 80 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index e6535548e1..92e09cc095 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -81,7 +81,8 @@ void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(const void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *); + uint8_t bus, uint8_t devfn, + const struct pci_dev *pdev, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, u8 bus, u8 devfn); int cf_check intel_iommu_get_reserved_device_memory( @@ -103,8 +104,8 @@ bool is_azalia_tlb_enabled(const struct acpi_drhd_unit *); void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); -int __must_check me_wifi_quirk(struct domain *domain, - u8 bus, u8 devfn, int map); +int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, + uint8_t devfn, unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index b1eeba377e..144e877993 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -138,6 +138,7 @@ static int context_set_domain_id(struct context_entry *context, else i = convert_domid(iommu, d->domain_id); + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; return 0; } @@ -1365,15 +1366,27 @@ static void __hwdom_init cf_check intel_iommu_hwdom_init(struct domain *d) } } +/* + * This function returns + * - a negative errno value upon error, + * - zero upon success when previously the entry was non-present, or this isn't + * the "main" request for a device (pdev == NULL), or for no-op quarantining + * assignments, + * - positive (one) upon success when previously the entry was present and this + * is the "main" request for a device (pdev != NULL). + */ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *pdev) + uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, + unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); - struct context_entry *context, *context_entries; + struct context_entry *context, *context_entries, lctxt; + __uint128_t old; u64 maddr, pgd_maddr; - u16 seg = iommu->drhd->segment; + uint16_t seg = iommu->drhd->segment, prev_did = 0; + struct domain *prev_dom = NULL; int rc, ret; bool_t flush_dev_iotlb; @@ -1385,17 +1398,32 @@ int domain_context_mapping_one( maddr = bus_to_context_maddr(iommu, bus); context_entries = (struct context_entry *)map_vtd_domain_page(maddr); context = &context_entries[devfn]; + old = (lctxt = *context).full; - if ( context_present(*context) ) + if ( context_present(lctxt) ) { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return 0; + domid_t domid; + + prev_did = context_domain_id(lctxt); + domid = did_to_domain_id(iommu, prev_did); + if ( domid < DOMID_FIRST_RESERVED ) + prev_dom = rcu_lock_domain_by_id(domid); + else if ( domid == DOMID_IO ) + prev_dom = rcu_lock_domain(dom_io); + if ( !prev_dom ) + { + spin_unlock(&iommu->lock); + unmap_vtd_domain_page(context_entries); + dprintk(XENLOG_DEBUG VTDPREFIX, + "no domain for did %u (nr_dom %u)\n", + prev_did, cap_ndoms(iommu->cap)); + return -ESRCH; + } } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) { - context_set_translation_type(*context, CONTEXT_TT_PASS_THRU); + context_set_translation_type(lctxt, CONTEXT_TT_PASS_THRU); } else { @@ -1407,37 +1435,108 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -ENOMEM; } - context_set_address_root(*context, pgd_maddr); + context_set_address_root(lctxt, pgd_maddr); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) - context_set_translation_type(*context, CONTEXT_TT_DEV_IOTLB); + context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else - context_set_translation_type(*context, CONTEXT_TT_MULTI_LEVEL); + context_set_translation_type(lctxt, CONTEXT_TT_MULTI_LEVEL); spin_unlock(&hd->arch.mapping_lock); } - rc = context_set_domain_id(context, domain, iommu); + rc = context_set_domain_id(&lctxt, domain, iommu); if ( rc ) { + unlock: spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return rc; } - context_set_address_width(*context, level_to_agaw(iommu->nr_pt_levels)); - context_set_fault_enable(*context); - context_set_present(*context); + if ( !prev_dom ) + { + context_set_address_width(lctxt, level_to_agaw(iommu->nr_pt_levels)); + context_set_fault_enable(lctxt); + context_set_present(lctxt); + } + else if ( prev_dom == domain ) + { + ASSERT(lctxt.full == context->full); + rc = !!pdev; + goto unlock; + } + else + { + ASSERT(context_address_width(lctxt) == + level_to_agaw(iommu->nr_pt_levels)); + ASSERT(!context_fault_disable(lctxt)); + } + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(context, &old, &lctxt.full); + + /* + * Hardware does not update the context entry behind our backs, + * so the return value should match "old". + */ + if ( res != old ) + { + if ( pdev ) + check_cleanup_domid_map(domain, pdev, iommu); + printk(XENLOG_ERR + "%pp: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + rc = -EILSEQ; + goto unlock; + } + } + else if ( !prev_dom || !(mode & MAP_WITH_RMRR) ) + { + context_clear_present(*context); + iommu_sync_cache(context, sizeof(*context)); + + write_atomic(&context->hi, lctxt.hi); + /* No barrier should be needed between these two. */ + write_atomic(&context->lo, lctxt.lo); + } + else /* Best effort, updating DID last. */ + { + /* + * By non-atomically updating the context entry's DID field last, + * during a short window in time TLB entries with the old domain ID + * but the new page tables may be inserted. This could affect I/O + * of other devices using this same (old) domain ID. Such updating + * therefore is not a problem if this was the only device associated + * with the old domain ID. Diverting I/O of any of a dying domain's + * devices to the quarantine page tables is intended anyway. + */ + if ( !(mode & (MAP_OWNER_DYING | MAP_SINGLE_DEVICE)) ) + printk(XENLOG_WARNING VTDPREFIX + " %pp: reassignment may cause %pd data corruption\n", + &PCI_SBDF3(seg, bus, devfn), prev_dom); + + write_atomic(&context->lo, lctxt.lo); + /* No barrier should be needed between these two. */ + write_atomic(&context->hi, lctxt.hi); + } + iommu_sync_cache(context, sizeof(struct context_entry)); spin_unlock(&iommu->lock); - /* Context entry was previously non-present (with domid 0). */ - rc = iommu_flush_context_device(iommu, 0, PCI_BDF2(bus, devfn), - DMA_CCMD_MASK_NOBIT, 1); + rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF2(bus, devfn), + DMA_CCMD_MASK_NOBIT, !prev_dom); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - ret = iommu_flush_iotlb_dsi(iommu, 0, 1, flush_dev_iotlb); + ret = iommu_flush_iotlb_dsi(iommu, prev_did, !prev_dom, flush_dev_iotlb); /* * The current logic for returns: @@ -1458,17 +1557,26 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, MAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, mode); if ( rc ) { - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + if ( !prev_dom ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); + else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + mode & MAP_WITH_RMRR) < 0; + else + ret = 1; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); } - return rc; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + + return rc ?: pdev && prev_dom; } static int domain_context_unmap(struct domain *d, uint8_t devfn, @@ -1478,8 +1586,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + const struct acpi_rmrr_unit *rmrr; int ret = 0; - uint16_t seg = pdev->seg; + unsigned int i, mode = 0; + uint16_t seg = pdev->seg, bdf; uint8_t bus = pdev->bus, secbus; /* @@ -1495,8 +1605,29 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, ASSERT(pcidevs_locked()); + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment != pdev->seg || bdf != pdev->sbdf.bdf ) + continue; + + mode |= MAP_WITH_RMRR; + break; + } + + if ( domain != pdev->domain ) + { + if ( pdev->domain->is_dying ) + mode |= MAP_OWNER_DYING; + else if ( drhd && + !any_pdev_behind_iommu(pdev->domain, pdev, drhd->iommu) && + !pdev->phantom_stride ) + mode |= MAP_SINGLE_DEVICE; + } + switch ( pdev->type ) { + bool prev_present; + case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "%pd:Hostbridge: skip %pp map\n", @@ -1518,7 +1649,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); + pdev, mode); + if ( ret > 0 ) + ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) enable_ats_device(pdev, &drhd->iommu->ats_devices); @@ -1533,9 +1666,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); - if ( ret ) + pdev, mode); + if ( ret < 0 ) break; + prev_present = ret; if ( (ret = find_upstream_bridge(seg, &bus, &devfn, &secbus)) < 1 ) { @@ -1543,6 +1677,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; ret = -ENXIO; } + /* + * Strictly speaking if the device is the only one behind this bridge + * and the only one with this (secbus,0,0) tuple, it could be allowed + * to be re-assigned regardless of RMRR presence. But let's deal with + * that case only if it is actually found in the wild. + */ + else if ( prev_present && (mode & MAP_WITH_RMRR) && + domain != pdev->domain ) + ret = -EOPNOTSUPP; /* * Mapping a bridge should, if anything, pass the struct pci_dev of @@ -1551,7 +1694,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL); + NULL, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1566,10 +1709,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL); + NULL, mode); if ( ret ) - domain_context_unmap(domain, devfn, pdev); + { + if ( !prev_present ) + domain_context_unmap(domain, devfn, pdev); + else if ( pdev->domain != domain ) /* Avoid infinite recursion. */ + domain_context_mapping(pdev->domain, devfn, pdev); + } break; @@ -2353,9 +2501,47 @@ static int cf_check reassign_device_ownership( { int ret; - ret = domain_context_unmap(source, devfn, pdev); + if ( !QUARANTINE_SKIP(target) ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_assign(target); + + /* + * Devices assigned to untrusted domains (here assumed to be any domU) + * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected + * by the root complex unless interrupt remapping is enabled. + */ + if ( !iommu_intremap && !is_hardware_domain(target) && + !is_system_domain(target) ) + untrusted_msi = true; + + ret = domain_context_mapping(target, devfn, pdev); + + if ( !ret && !QUARANTINE_SKIP(source) && pdev->devfn == devfn ) + { + const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + + if ( drhd ) + check_cleanup_domid_map(source, pdev, drhd->iommu); + } + } + else + ret = domain_context_unmap(source, devfn, pdev); if ( ret ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_deassign(target); return ret; + } + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + + if ( !has_arch_pdevs(source) ) + vmx_pi_hooks_deassign(source); /* * If the device belongs to the hardware domain, and it has RMRR, don't @@ -2385,43 +2571,7 @@ static int cf_check reassign_device_ownership( } } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - if ( !has_arch_pdevs(source) ) - vmx_pi_hooks_deassign(source); - - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_assign(target); - - /* - * Devices assigned to untrusted domains (here assumed to be any domU) - * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected - * by the root complex unless interrupt remapping is enabled. - */ - if ( !iommu_intremap && !is_hardware_domain(target) && - !is_system_domain(target) ) - untrusted_msi = true; - - ret = domain_context_mapping(target, devfn, pdev); - if ( ret ) - { - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_deassign(target); - - return ret; - } - - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - - return ret; + return 0; } static int cf_check intel_iommu_assign_device( diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 652b8c9d09..67e34dd875 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -197,8 +197,12 @@ struct root_entry { do {(root).val |= ((value) & PAGE_MASK_4K);} while(0) struct context_entry { - u64 lo; - u64 hi; + union { + struct { + uint64_t lo, hi; + }; + __uint128_t full; + }; }; #define ROOT_ENTRY_NR (PAGE_SIZE_4K/sizeof(struct root_entry)) #define context_present(c) ((c).lo & 1) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 0590ddeea7..250bb7a344 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -407,7 +407,8 @@ void __init platform_quirks_init(void) */ static int __must_check map_me_phantom_function(struct domain *domain, - u32 dev, int map) + unsigned int dev, + unsigned int mode) { struct acpi_drhd_unit *drhd; struct pci_dev *pdev; @@ -418,9 +419,9 @@ static int __must_check map_me_phantom_function(struct domain *domain, drhd = acpi_find_matched_drhd_unit(pdev); /* map or unmap ME phantom function */ - if ( map ) + if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL); + PCI_DEVFN(dev, 7), NULL, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, PCI_DEVFN(dev, 7)); @@ -428,7 +429,8 @@ static int __must_check map_me_phantom_function(struct domain *domain, return rc; } -int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) +int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, + unsigned int mode) { u32 id; int rc = 0; @@ -452,7 +454,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, map); + rc = map_me_phantom_function(domain, 3, mode); break; default: break; @@ -478,7 +480,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, map); + rc = map_me_phantom_function(domain, 22, mode); break; default: break; diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index bb8889f350..e4ab242fee 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -22,8 +22,14 @@ #include -#define MAP_ME_PHANTOM_FUNC 1 -#define UNMAP_ME_PHANTOM_FUNC 0 +/* + * Values for domain_context_mapping_one()'s and me_wifi_quirk()'s "mode" + * parameters. + */ +#define MAP_WITH_RMRR (1u << 0) +#define MAP_OWNER_DYING (1u << 1) +#define MAP_SINGLE_DEVICE (1u << 2) +#define UNMAP_ME_PHANTOM_FUNC (1u << 3) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:34:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:34:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298965.509252 (Exim 4.92) (envelope-from ) id 1nbiO1-00012N-45; Tue, 05 Apr 2022 12:34:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298965.509252; Tue, 05 Apr 2022 12:34:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiO1-00012F-18; Tue, 05 Apr 2022 12:34:17 +0000 Received: by outflank-mailman (input) for mailman id 298965; Tue, 05 Apr 2022 12:34:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNz-00011v-TB for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiNz-0000QA-S7 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiNz-0001JT-RN for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=T7fncefmCoYBmrjXe0KJIhfr/rnGesLpKkrSBK0kAKg=; b=uSBuYv55ba6cWpVYasA58XNv87 FGdjJIreoYcqe8PI3UUc5EURJtWxmaKTrvFTFqacWn0Y0cak2C/s5Qw3EGrFhI6LYk5AUnHm4ZKOG 4MvJC2ygnBSEqESn0OTuPn6VShv4LJtMWm10vW11pLAlvzjUAG25hJDttzanTc/ogXio=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: re-assign devices directly Message-Id: Date: Tue, 05 Apr 2022 12:34:15 +0000 commit 1fa6e9aa36233fe9c29a204fcb2697e985b8345f Author: Jan Beulich AuthorDate: Tue Apr 5 14:18:04 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:18:04 2022 +0200 AMD/IOMMU: re-assign devices directly Devices with unity map ranges, due to it being unspecified how/when these memory ranges may get accessed, may not be left disconnected from their unity mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than tearing down the old root page table pointer and then establishing the new one, re-assignment needs to be done in a single step. This is CVE-2022-26360 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any unity map ranges. The main difference is when it comes to updating DTEs, which need to be atomic when there are unity mappings. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/amd/iommu.h | 10 +- xen/drivers/passthrough/amd/iommu_map.c | 67 ++++++++++++- xen/drivers/passthrough/amd/pci_amd_iommu.c | 142 ++++++++++++++++++++++------ 3 files changed, 184 insertions(+), 35 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 0665deeab5..722b92fd78 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -263,9 +263,13 @@ void amd_iommu_set_intremap_table(struct amd_iommu_dte *dte, const void *ptr, const struct amd_iommu *iommu, bool valid); -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid); +#define SET_ROOT_VALID (1u << 0) +#define SET_ROOT_WITH_UNITY_MAP (1u << 1) +int __must_check amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, + uint16_t domain_id, + uint8_t paging_mode, + unsigned int flags); void iommu_dte_add_device_entry(struct amd_iommu_dte *dte, const struct ivrs_mappings *ivrs_dev); diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 70089db76d..500a176e47 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -114,10 +114,69 @@ static unsigned int set_iommu_ptes_present(unsigned long pt_mfn, return flush_flags; } -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid) +/* + * This function returns + * - -errno for errors, + * - 0 for a successful update, atomic when necessary + * - 1 for a successful but non-atomic update, which may need to be warned + * about by the caller. + */ +int amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, uint16_t domain_id, + uint8_t paging_mode, unsigned int flags) { + bool valid = flags & SET_ROOT_VALID; + + if ( dte->v && dte->tv && + (cpu_has_cx16 || (flags & SET_ROOT_WITH_UNITY_MAP)) ) + { + union { + struct amd_iommu_dte dte; + uint64_t raw64[4]; + __uint128_t raw128[2]; + } ldte = { .dte = *dte }; + __uint128_t old = ldte.raw128[0]; + int ret = 0; + + ldte.dte.domain_id = domain_id; + ldte.dte.pt_root = paddr_to_pfn(root_ptr); + ldte.dte.iw = true; + ldte.dte.ir = true; + ldte.dte.paging_mode = paging_mode; + ldte.dte.v = valid; + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(dte, &old, &ldte.raw128[0]); + + /* + * Hardware does not update the DTE behind our backs, so the + * return value should match "old". + */ + if ( res != old ) + { + printk(XENLOG_ERR + "Dom%d: unexpected DTE %016lx_%016lx (expected %016lx_%016lx)\n", + domain_id, + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + ret = -EILSEQ; + } + } + else /* Best effort, updating domain_id last. */ + { + uint64_t *ptr = (void *)dte; + + write_atomic(ptr + 0, ldte.raw64[0]); + /* No barrier should be needed between these two. */ + write_atomic(ptr + 1, ldte.raw64[1]); + + ret = 1; + } + + return ret; + } + if ( valid || dte->v ) { dte->tv = false; @@ -132,6 +191,8 @@ void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, smp_wmb(); dte->tv = true; dte->v = valid; + + return 0; } void amd_iommu_set_intremap_table( diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 7b21380a46..38d2e5e15e 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -96,13 +96,32 @@ static int __must_check allocate_domain_resources(struct domain *d) return rc; } +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct amd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + if ( pdev == exclude ) + continue; + + if ( find_iommu_for_device(pdev->seg, pdev->sbdf.bdf) == iommu ) + return true; + } + + return false; +} + static int __must_check amd_iommu_setup_domain_device( struct domain *domain, struct amd_iommu *iommu, uint8_t devfn, struct pci_dev *pdev) { struct amd_iommu_dte *table, *dte; unsigned long flags; - int req_id, valid = 1, rc; + unsigned int req_id, sr_flags; + int rc; u8 bus = pdev->bus; struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; @@ -116,8 +135,11 @@ static int __must_check amd_iommu_setup_domain_device( if ( rc ) return rc; - if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) - valid = 0; + req_id = get_dma_requestor_id(iommu->seg, pdev->sbdf.bdf); + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + sr_flags = (iommu_hwdom_passthrough && is_hardware_domain(domain) + ? 0 : SET_ROOT_VALID) + | (ivrs_dev->unity_map ? SET_ROOT_WITH_UNITY_MAP : 0); /* get device-table entry */ req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); @@ -130,9 +152,15 @@ static int __must_check amd_iommu_setup_domain_device( if ( !dte->v || !dte->tv ) { /* bind DTE to domain page-tables */ - amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, valid); + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + if ( rc ) + { + ASSERT(rc < 0); + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } /* Undo what amd_iommu_disable_domain_device() may have done. */ if ( dte->it_root ) @@ -152,17 +180,76 @@ static int __must_check amd_iommu_setup_domain_device( spin_unlock_irqrestore(&iommu->lock, flags); amd_iommu_flush_device(iommu, req_id); + } + else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.amd.root_table)) ) + { + /* + * Strictly speaking if the device is the only one with this requestor + * ID, it could be allowed to be re-assigned regardless of unity map + * presence. But let's deal with that case only if it is actually + * found in the wild. + */ + if ( req_id != PCI_BDF2(bus, devfn) && + (sr_flags & SET_ROOT_WITH_UNITY_MAP) ) + rc = -EOPNOTSUPP; + else + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + if ( rc < 0 ) + { + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } + if ( rc && + domain != pdev->domain && + /* + * By non-atomically updating the DTE's domain ID field last, + * during a short window in time TLB entries with the old domain + * ID but the new page tables may have been inserted. This could + * affect I/O of other devices using this same (old) domain ID. + * Such updating therefore is not a problem if this was the only + * device associated with the old domain ID. Diverting I/O of any + * of a dying domain's devices to the quarantine page tables is + * intended anyway. + */ + !pdev->domain->is_dying && + (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || + pdev->phantom_stride) ) + AMD_IOMMU_WARN(" %pp: reassignment may cause %pd data corruption\n", + &PCI_SBDF3(pdev->seg, bus, devfn), pdev->domain); + + /* + * Check remaining settings are still in place from an earlier call + * here. They're all independent of the domain, so should not have + * changed. + */ + if ( dte->it_root ) + ASSERT(dte->int_ctl == IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED); + ASSERT(dte->iv == iommu_intremap); + ASSERT(dte->ex == ivrs_dev->dte_allow_exclusion); + ASSERT(dte->sys_mgt == MASK_EXTR(ivrs_dev->device_flags, + ACPI_IVHD_SYSTEM_MGMT)); - AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " - "root table = %#"PRIx64", " - "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode); + if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && + !ivrs_dev->block_ats && + iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) + ASSERT(dte->i == ats_enabled); + + spin_unlock_irqrestore(&iommu->lock, flags); + + amd_iommu_flush_device(iommu, req_id); } else spin_unlock_irqrestore(&iommu->lock, flags); + AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " + "root table = %#"PRIx64", " + "domain = %d, paging mode = %d\n", + req_id, pdev->type, + page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode); + ASSERT(pcidevs_locked()); if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && @@ -367,7 +454,20 @@ static int cf_check reassign_device( return -ENODEV; } - amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + if ( !QUARANTINE_SKIP(target) ) + { + rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); + if ( rc ) + return rc; + } + else + amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } /* * If the device belongs to the hardware domain, and it has a unity mapping, @@ -383,25 +483,9 @@ static int cf_check reassign_device( return rc; } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); - if ( rc ) - return rc; - AMD_IOMMU_DEBUG("Re-assign %pp from dom%d to dom%d\n", &pdev->sbdf, source->domain_id, target->domain_id); - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:34:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:34:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298966.509256 (Exim 4.92) (envelope-from ) id 1nbiOB-00015g-7T; Tue, 05 Apr 2022 12:34:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298966.509256; Tue, 05 Apr 2022 12:34:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOB-00015W-4F; Tue, 05 Apr 2022 12:34:27 +0000 Received: by outflank-mailman (input) for mailman id 298966; Tue, 05 Apr 2022 12:34:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiO9-00015J-W5 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiO9-0000QO-VJ for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiO9-0001KQ-UZ for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BBY7CHCn73aMkGo5AL4bWWO1AeZvX32XsmTwqz/XMGg=; b=wICInFwDTYTuZXJx4a8dhbeXCq LUGgkQFd/HAUL/TbIi0+ohgfOUJogPV3FnDbOSaJMxs8iu1lUwMmAy+Y0WHmIVqrkjNQ6rVXjj6yb esZQ0CHJdN5Sy8itzCgcbaE6GzPvJK1JJv3PTAkvM9K/7sYg28aVt1KSYUeJ7nWkJSp0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: prepare for per-device quarantine page tables (part I) Message-Id: Date: Tue, 05 Apr 2022 12:34:25 +0000 commit eb19326a328d49a6a4dc3930391b340f3bcd8948 Author: Jan Beulich AuthorDate: Tue Apr 5 14:18:26 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:18:26 2022 +0200 VT-d: prepare for per-device quarantine page tables (part I) Arrange for domain ID and page table root to be passed around, the latter in particular to domain_pgd_maddr() such that taking it from the per-domain fields can be overridden. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/extern.h | 8 ++-- xen/drivers/passthrough/vtd/iommu.c | 76 +++++++++++++++++++++++------------- xen/drivers/passthrough/vtd/quirks.c | 13 +++--- 3 files changed, 62 insertions(+), 35 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 92e09cc095..9ff38f3ded 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -82,9 +82,10 @@ void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(const void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, - const struct pci_dev *pdev, unsigned int mode); + const struct pci_dev *pdev, domid_t domid, + paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn); + uint8_t bus, uint8_t devfn, domid_t domid); int cf_check intel_iommu_get_reserved_device_memory( iommu_grdm_t *func, void *ctxt); @@ -105,7 +106,8 @@ void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, - uint8_t devfn, unsigned int mode); + uint8_t devfn, domid_t domid, paddr_t pgd_maddr, + unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 144e877993..a291dd85bc 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -43,7 +43,7 @@ #include "../ats.h" /* dom_io is used as a sentinel for quarantined devices */ -#define QUARANTINE_SKIP(d) ((d) == dom_io && !dom_iommu(d)->arch.vtd.pgd_maddr) +#define QUARANTINE_SKIP(d, pgd_maddr) ((d) == dom_io && !(pgd_maddr)) /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -346,15 +346,17 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) return pte_maddr; } -static uint64_t domain_pgd_maddr(struct domain *d, unsigned int nr_pt_levels) +static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, + unsigned int nr_pt_levels) { struct domain_iommu *hd = dom_iommu(d); - uint64_t pgd_maddr; unsigned int agaw; ASSERT(spin_is_locked(&hd->arch.mapping_lock)); - if ( iommu_use_hap_pt(d) ) + if ( pgd_maddr ) + /* nothing */; + else if ( iommu_use_hap_pt(d) ) { pagetable_t pgt = p2m_get_pagetable(p2m_get_hostp2m(d)); @@ -1379,18 +1381,18 @@ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); struct context_entry *context, *context_entries, lctxt; __uint128_t old; - u64 maddr, pgd_maddr; + uint64_t maddr; uint16_t seg = iommu->drhd->segment, prev_did = 0; struct domain *prev_dom = NULL; int rc, ret; bool_t flush_dev_iotlb; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, pgd_maddr) ) return 0; ASSERT(pcidevs_locked()); @@ -1427,10 +1429,12 @@ int domain_context_mapping_one( } else { + paddr_t root; + spin_lock(&hd->arch.mapping_lock); - pgd_maddr = domain_pgd_maddr(domain, iommu->nr_pt_levels); - if ( !pgd_maddr ) + root = domain_pgd_maddr(domain, pgd_maddr, iommu->nr_pt_levels); + if ( !root ) { spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); @@ -1440,7 +1444,7 @@ int domain_context_mapping_one( return -ENOMEM; } - context_set_address_root(lctxt, pgd_maddr); + context_set_address_root(lctxt, root); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else @@ -1557,15 +1561,21 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, mode); + rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); if ( rc ) { if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + { + hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + domain->domain_id, + hd->arch.vtd.pgd_maddr, mode & MAP_WITH_RMRR) < 0; + } else ret = 1; @@ -1587,6 +1597,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); const struct acpi_rmrr_unit *rmrr; + paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1649,7 +1660,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret > 0 ) ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) @@ -1666,7 +1678,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret < 0 ) break; prev_present = ret; @@ -1694,7 +1707,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1709,7 +1723,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); if ( ret ) { @@ -1737,14 +1752,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn) + uint8_t bus, uint8_t devfn, domid_t domid) { struct context_entry *context, *context_entries; u64 maddr; int iommu_domid, rc, ret; bool_t flush_dev_iotlb; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) return 0; ASSERT(pcidevs_locked()); @@ -1798,7 +1813,7 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1845,7 +1860,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1858,7 +1874,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( ret ) break; @@ -1884,12 +1901,15 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, /* PCIe to PCI/PCIx bridge */ if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0); + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + domain->domain_id); } else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); break; @@ -1899,7 +1919,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, return -EINVAL; } - if ( !ret && !QUARANTINE_SKIP(domain) && pdev->devfn == devfn ) + if ( !ret && pdev->devfn == devfn && + !QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) check_cleanup_domid_map(domain, pdev, iommu); return ret; @@ -2501,7 +2522,7 @@ static int cf_check reassign_device_ownership( { int ret; - if ( !QUARANTINE_SKIP(target) ) + if ( !QUARANTINE_SKIP(target, dom_iommu(target)->arch.vtd.pgd_maddr) ) { if ( !has_arch_pdevs(target) ) vmx_pi_hooks_assign(target); @@ -2517,7 +2538,8 @@ static int cf_check reassign_device_ownership( ret = domain_context_mapping(target, devfn, pdev); - if ( !ret && !QUARANTINE_SKIP(source) && pdev->devfn == devfn ) + if ( !ret && pdev->devfn == devfn && + !QUARANTINE_SKIP(source, dom_iommu(source)->arch.vtd.pgd_maddr) ) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 250bb7a344..f6f74416d0 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -408,6 +408,8 @@ void __init platform_quirks_init(void) static int __must_check map_me_phantom_function(struct domain *domain, unsigned int dev, + domid_t domid, + paddr_t pgd_maddr, unsigned int mode) { struct acpi_drhd_unit *drhd; @@ -421,16 +423,17 @@ static int __must_check map_me_phantom_function(struct domain *domain, /* map or unmap ME phantom function */ if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL, mode); + PCI_DEVFN(dev, 7), NULL, + domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7)); + PCI_DEVFN(dev, 7), domid); return rc; } int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { u32 id; int rc = 0; @@ -454,7 +457,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, mode); + rc = map_me_phantom_function(domain, 3, domid, pgd_maddr, mode); break; default: break; @@ -480,7 +483,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, mode); + rc = map_me_phantom_function(domain, 22, domid, pgd_maddr, mode); break; default: break; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:34:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:34:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298967.509260 (Exim 4.92) (envelope-from ) id 1nbiOL-00018j-8j; Tue, 05 Apr 2022 12:34:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298967.509260; Tue, 05 Apr 2022 12:34:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOL-00018a-5n; Tue, 05 Apr 2022 12:34:37 +0000 Received: by outflank-mailman (input) for mailman id 298967; Tue, 05 Apr 2022 12:34:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOK-00018Q-4Q for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOK-0000QS-3d for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiOK-0001Lr-2H for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=D+p7Jgehae6uMPg13lJ7U7r3Dih2xQZSTwIoWRzfJ0w=; b=f4tmVlTGFyJbf5Apx2gcLE0+vy U/qTBmiAgRFaMSOHy+sTXtj5QV0VyPXxl7byPO4a//eHmXHNagJM/tJfZpMvZZsbdgNymtbBNeV9U WbvztWHYMKSFZXZ0IVKsnrILa0sDXF91JbyGvDBc78YoDA+vCs0gJ8QswXDYbPS4Y/mY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: prepare for per-device quarantine page tables (part II) Message-Id: Date: Tue, 05 Apr 2022 12:34:36 +0000 commit 7131163c4806e3c7de24873164d1a003d2a27dee Author: Jan Beulich AuthorDate: Tue Apr 5 14:18:48 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:18:48 2022 +0200 VT-d: prepare for per-device quarantine page tables (part II) Replace the passing of struct domain * by domid_t in preparation of per-device quarantine page tables also requiring per-device pseudo domain IDs, which aren't going to be associated with any struct domain instances. No functional change intended (except for slightly adjusted log message text). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/vtd/iommu.c | 39 ++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index a291dd85bc..2fd079a901 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -79,28 +79,28 @@ static domid_t convert_domid(const struct vtd_iommu *iommu, domid_t domid) return !cap_caching_mode(iommu->cap) ? domid : ~domid; } -static int domain_iommu_domid(const struct domain *d, - const struct vtd_iommu *iommu) +static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, + bool warn) { unsigned int nr_dom, i; if ( !domid_mapping(iommu) ) - return convert_domid(iommu, d->domain_id); + return convert_domid(iommu, domid); nr_dom = cap_ndoms(iommu->cap); i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) return i; i = find_next_bit(iommu->domid_bitmap, nr_dom, i + 1); } - if ( !d->is_dying ) + if ( warn ) dprintk(XENLOG_ERR VTDPREFIX, - "Cannot get valid iommu %u domid: %pd\n", - iommu->index, d); + "No valid iommu %u domid for Dom%d\n", + iommu->index, domid); return -1; } @@ -108,8 +108,7 @@ static int domain_iommu_domid(const struct domain *d, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 static int context_set_domain_id(struct context_entry *context, - const struct domain *d, - struct vtd_iommu *iommu) + domid_t domid, struct vtd_iommu *iommu) { unsigned int i; @@ -120,7 +119,7 @@ static int context_set_domain_id(struct context_entry *context, unsigned int nr_dom = cap_ndoms(iommu->cap); i = find_first_bit(iommu->domid_bitmap, nr_dom); - while ( i < nr_dom && iommu->domid_map[i] != d->domain_id ) + while ( i < nr_dom && iommu->domid_map[i] != domid ) i = find_next_bit(iommu->domid_bitmap, nr_dom, i + 1); if ( i >= nr_dom ) @@ -131,26 +130,26 @@ static int context_set_domain_id(struct context_entry *context, dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: no free domain id\n"); return -EBUSY; } - iommu->domid_map[i] = d->domain_id; + iommu->domid_map[i] = domid; set_bit(i, iommu->domid_bitmap); } } else - i = convert_domid(iommu, d->domain_id); + i = convert_domid(iommu, domid); context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; return 0; } -static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) +static void cleanup_domid_map(domid_t domid, struct vtd_iommu *iommu) { int iommu_domid; if ( !domid_mapping(iommu) ) return; - iommu_domid = domain_iommu_domid(domain, iommu); + iommu_domid = get_iommu_did(domid, iommu, false); if ( iommu_domid >= 0 ) { @@ -190,7 +189,7 @@ static bool any_pdev_behind_iommu(const struct domain *d, * If no other devices under the same iommu owned by this domain, * clear iommu in iommu_bitmap and clear domain_id in domid_bitmap. */ -static void check_cleanup_domid_map(struct domain *d, +static void check_cleanup_domid_map(const struct domain *d, const struct pci_dev *exclude, struct vtd_iommu *iommu) { @@ -206,7 +205,7 @@ static void check_cleanup_domid_map(struct domain *d, if ( !found ) { clear_bit(iommu->index, dom_iommu(d)->arch.vtd.iommu_bitmap); - cleanup_domid_map(d, iommu); + cleanup_domid_map(d->domain_id, iommu); } } @@ -667,7 +666,7 @@ static int __must_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, continue; flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - iommu_domid= domain_iommu_domid(d, iommu); + iommu_domid = get_iommu_did(d->domain_id, iommu, !d->is_dying); if ( iommu_domid == -1 ) continue; @@ -1453,7 +1452,7 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); } - rc = context_set_domain_id(&lctxt, domain, iommu); + rc = context_set_domain_id(&lctxt, domid, iommu); if ( rc ) { unlock: @@ -1780,7 +1779,7 @@ int domain_context_unmap_one( context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid= domain_iommu_domid(domain, iommu); + iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); if ( iommu_domid == -1 ) { spin_unlock(&iommu->lock); @@ -1948,7 +1947,7 @@ static void cf_check iommu_domain_teardown(struct domain *d) ASSERT(!hd->arch.vtd.pgd_maddr); for_each_drhd_unit ( drhd ) - cleanup_domid_map(d, drhd->iommu); + cleanup_domid_map(d->domain_id, drhd->iommu); XFREE(hd->arch.vtd.iommu_bitmap); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:34:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:34:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298968.509264 (Exim 4.92) (envelope-from ) id 1nbiOV-0001Bj-Ab; Tue, 05 Apr 2022 12:34:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298968.509264; Tue, 05 Apr 2022 12:34:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOV-0001BZ-7L; Tue, 05 Apr 2022 12:34:47 +0000 Received: by outflank-mailman (input) for mailman id 298968; Tue, 05 Apr 2022 12:34:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOU-0001BP-8C for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOU-0000Qc-7I for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiOU-0001N5-6L for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WKdpdXRtuL/0red6xwJXNzQXNZ11CZeS5sDGT7zNaoc=; b=EyzmxPTGRWwosMzqwVUD2GvoeI avv6n9/6Kz2b7KK6H9B0vJs6u9hfU16NOZPwk7Lj9H+BzthwEgY4I85uI0EyEuyjfduDhfuSwHkgU wxXr5IFHdYdC/bWCt1khA2fANwpV30tbtr7QG7KD4MHJP0tbMlXHrLFyRxdWUsCw1dIk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU/x86: maintain a per-device pseudo domain ID Message-Id: Date: Tue, 05 Apr 2022 12:34:46 +0000 commit 97af062b89d52c0ecf7af254b53345c97d438e33 Author: Jan Beulich AuthorDate: Tue Apr 5 14:19:10 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:19:10 2022 +0200 IOMMU/x86: maintain a per-device pseudo domain ID In order to subsequently enable per-device quarantine page tables, we'll need domain-ID-like identifiers to be inserted in the respective device (AMD) or context (Intel) table entries alongside the per-device page table root addresses. Make use of "real" domain IDs occupying only half of the value range coverable by domid_t. Note that in VT-d's iommu_alloc() I didn't want to introduce new memory leaks in case of error, but existing ones don't get plugged - that'll be the subject of a later change. The VT-d changes are slightly asymmetric, but this way we can avoid assigning pseudo domain IDs to devices which would never be mapped while still avoiding to add a new parameter to domain_context_unmap(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/include/asm/iommu.h | 4 ++ xen/arch/x86/include/asm/pci.h | 8 ++- xen/drivers/passthrough/amd/iommu.h | 1 + xen/drivers/passthrough/amd/iommu_detect.c | 8 +++ xen/drivers/passthrough/amd/pci_amd_iommu.c | 22 ++++++- xen/drivers/passthrough/pci.c | 11 +++- xen/drivers/passthrough/vtd/iommu.c | 90 ++++++++++++++++++++++++----- xen/drivers/passthrough/vtd/iommu.h | 1 + xen/drivers/passthrough/x86/iommu.c | 60 +++++++++++++++++++ 9 files changed, 184 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index 5060f97124..9ccf4f8bdd 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -140,6 +140,10 @@ static inline void iommu_sync_cache(const void *addr, unsigned int size) cache_writeback(addr, size); } +unsigned long *iommu_init_domid(domid_t reserve); +domid_t iommu_alloc_domid(unsigned long *map); +void iommu_free_domid(domid_t domid, unsigned long *map); + int __must_check iommu_free_pgtables(struct domain *d); struct domain_iommu; struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); diff --git a/xen/arch/x86/include/asm/pci.h b/xen/arch/x86/include/asm/pci.h index 443f25347d..f944017128 100644 --- a/xen/arch/x86/include/asm/pci.h +++ b/xen/arch/x86/include/asm/pci.h @@ -13,6 +13,12 @@ struct arch_pci_dev { vmask_t used_vectors; + /* + * These fields are (de)initialized under pcidevs-lock. Other uses of + * them don't race (de)initialization and hence don't strictly need any + * locking. + */ + domid_t pseudo_domid; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, @@ -36,6 +42,6 @@ static always_inline bool is_pci_passthrough_enabled(void) return true; } -static inline void arch_pci_init_pdev(struct pci_dev *pdev) {} +void arch_pci_init_pdev(struct pci_dev *pdev); #endif /* __X86_PCI_H__ */ diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 722b92fd78..ec7e030273 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -96,6 +96,7 @@ struct amd_iommu { struct ring_buffer cmd_buffer; struct ring_buffer event_log; struct ring_buffer ppr_log; + unsigned long *domid_map; int exclusion_enable; int exclusion_allow_all; diff --git a/xen/drivers/passthrough/amd/iommu_detect.c b/xen/drivers/passthrough/amd/iommu_detect.c index f52e7b90e1..fd89475a8d 100644 --- a/xen/drivers/passthrough/amd/iommu_detect.c +++ b/xen/drivers/passthrough/amd/iommu_detect.c @@ -223,6 +223,11 @@ int __init amd_iommu_detect_one_acpi( if ( rt ) goto out; + iommu->domid_map = iommu_init_domid(DOMID_INVALID); + rt = -ENOMEM; + if ( !iommu->domid_map ) + goto out; + rt = pci_ro_device(iommu->seg, bus, PCI_DEVFN(dev, func)); if ( rt ) printk(XENLOG_ERR "Could not mark config space of %pp read-only (%d)\n", @@ -233,7 +238,10 @@ int __init amd_iommu_detect_one_acpi( out: if ( rt ) + { + xfree(iommu->domid_map); xfree(iommu); + } return rt; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 38d2e5e15e..c9a1cdddaa 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -539,6 +539,8 @@ static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) struct amd_iommu *iommu; u16 bdf; struct ivrs_mappings *ivrs_mappings; + bool fresh_domid = false; + int ret; if ( !pdev->domain ) return -EINVAL; @@ -606,7 +608,22 @@ static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) AMD_IOMMU_WARN("%pd: unity mapping failed for %pp\n", pdev->domain, &pdev->sbdf); - return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = iommu_alloc_domid(iommu->domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + fresh_domid = true; + } + + ret = amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( ret && fresh_domid ) + { + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + + return ret; } static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) @@ -638,6 +655,9 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) AMD_IOMMU_WARN("%pd: unity unmapping failed for %pp\n", pdev->domain, &pdev->sbdf); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + if ( amd_iommu_perdev_intremap && ivrs_mappings[bdf].dte_requestor_id == bdf && ivrs_mappings[bdf].intremap_table ) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index c6d99af5d4..b59c1b61b7 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1342,9 +1342,14 @@ static int cf_check _dump_pci_devices(struct pci_seg *pseg, void *arg) list_for_each_entry ( pdev, &pseg->alldevs_list, alldevs_list ) { - printk("%pp - %pd - node %-3d", - &pdev->sbdf, pdev->domain, - (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); + printk("%pp - ", &pdev->sbdf); +#ifdef CONFIG_X86 + if ( pdev->domain == dom_io ) + printk("DomIO:%x", pdev->arch.pseudo_domid); + else +#endif + printk("%pd", pdev->domain); + printk(" - node %-3d", (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); pdev_dump_msi(pdev); printk("\n"); } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 2fd079a901..870bf465bc 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -1199,6 +1200,8 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { struct vtd_iommu *iommu; unsigned int sagaw, agaw = 0, nr_dom; + domid_t reserved_domid = DOMID_INVALID; + int rc; iommu = xzalloc(struct vtd_iommu); if ( iommu == NULL ) @@ -1269,7 +1272,7 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) nr_dom = cap_ndoms(iommu->cap); - if ( nr_dom <= DOMID_MASK + cap_caching_mode(iommu->cap) ) + if ( nr_dom <= DOMID_MASK * 2 + cap_caching_mode(iommu->cap) ) { /* Allocate domain id (bit) maps. */ iommu->domid_bitmap = xzalloc_array(unsigned long, @@ -1293,9 +1296,24 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) /* Don't leave dangling NULL pointers. */ iommu->domid_bitmap = ZERO_BLOCK_PTR; iommu->domid_map = ZERO_BLOCK_PTR; + + /* + * If Caching mode is set, then invalid translations are tagged + * with domain id 0. Hence reserve the ID taking up bit/slot 0. + */ + reserved_domid = convert_domid(iommu, 0) ?: DOMID_INVALID; } + iommu->pseudo_domid_map = iommu_init_domid(reserved_domid); + rc = -ENOMEM; + if ( !iommu->pseudo_domid_map ) + goto free; + return 0; + + free: + iommu_free(drhd); + return rc; } void __init iommu_free(struct acpi_drhd_unit *drhd) @@ -1318,6 +1336,7 @@ void __init iommu_free(struct acpi_drhd_unit *drhd) xfree(iommu->domid_bitmap); xfree(iommu->domid_map); + xfree(iommu->pseudo_domid_map); if ( iommu->msi.irq >= 0 ) destroy_irq(iommu->msi.irq); @@ -1588,8 +1607,8 @@ int domain_context_mapping_one( return rc ?: pdev && prev_dom; } -static int domain_context_unmap(struct domain *d, uint8_t devfn, - struct pci_dev *pdev); +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *d, uint8_t devfn, struct pci_dev *pdev); static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) @@ -1597,6 +1616,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); const struct acpi_rmrr_unit *rmrr; paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; + domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1655,6 +1675,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !drhd ) return -ENODEV; + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1672,6 +1700,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !drhd ) return -ENODEV; + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1745,6 +1781,13 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && devfn == pdev->devfn ) pci_vtd_quirk(pdev); + if ( ret && drhd && orig_domid == DOMID_INVALID ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return ret; } @@ -1830,8 +1873,10 @@ int domain_context_unmap_one( return rc; } -static int domain_context_unmap(struct domain *domain, u8 devfn, - struct pci_dev *pdev) +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *domain, + uint8_t devfn, + struct pci_dev *pdev) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); struct vtd_iommu *iommu = drhd ? drhd->iommu : NULL; @@ -1845,16 +1890,16 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:Hostbridge: skip %pp unmap\n", domain, &PCI_SBDF3(seg, bus, devfn)); - return is_hardware_domain(domain) ? 0 : -EPERM; + return ERR_PTR(is_hardware_domain(domain) ? 0 : -EPERM); case DEV_TYPE_PCIe_BRIDGE: case DEV_TYPE_PCIe2PCI_BRIDGE: case DEV_TYPE_LEGACY_PCI_BRIDGE: - return 0; + return ERR_PTR(0); case DEV_TYPE_PCIe_ENDPOINT: if ( !iommu ) - return -ENODEV; + return ERR_PTR(-ENODEV); if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", @@ -1868,7 +1913,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, case DEV_TYPE_PCI: if ( !iommu ) - return -ENODEV; + return ERR_PTR(-ENODEV); if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", @@ -1915,14 +1960,14 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, default: dprintk(XENLOG_ERR VTDPREFIX, "%pd:unknown(%u): %pp\n", domain, pdev->type, &PCI_SBDF3(seg, bus, devfn)); - return -EINVAL; + return ERR_PTR(-EINVAL); } if ( !ret && pdev->devfn == devfn && !QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) check_cleanup_domid_map(domain, pdev, iommu); - return ret; + return drhd; } static void cf_check iommu_clear_root_pgtable(struct domain *d) @@ -2149,16 +2194,17 @@ static int cf_check intel_iommu_enable_device(struct pci_dev *pdev) static int cf_check intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { + const struct acpi_drhd_unit *drhd; struct acpi_rmrr_unit *rmrr; u16 bdf; - int ret, i; + unsigned int i; if ( !pdev->domain ) return -EINVAL; - ret = domain_context_unmap(pdev->domain, devfn, pdev); - if ( ret ) - return ret; + drhd = domain_context_unmap(pdev->domain, devfn, pdev); + if ( IS_ERR(drhd) ) + return PTR_ERR(drhd); for_each_rmrr_device ( rmrr, bdf, i ) { @@ -2175,6 +2221,13 @@ static int cf_check intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + if ( drhd ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return 0; } @@ -2547,7 +2600,12 @@ static int cf_check reassign_device_ownership( } } else - ret = domain_context_unmap(source, devfn, pdev); + { + const struct acpi_drhd_unit *drhd; + + drhd = domain_context_unmap(source, devfn, pdev); + ret = IS_ERR(drhd) ? PTR_ERR(drhd) : 0; + } if ( ret ) { if ( !has_arch_pdevs(target) ) diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 67e34dd875..3c76218f76 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -503,6 +503,7 @@ struct vtd_iommu { } flush; struct list_head ats_devices; + unsigned long *pseudo_domid_map; /* "pseudo" domain id bitmap */ unsigned long *domid_bitmap; /* domain id bitmap */ domid_t *domid_map; /* domain id mapping array */ uint32_t version; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 9c5fb6fa46..b942f2119e 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -391,6 +391,66 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) return; } +void arch_pci_init_pdev(struct pci_dev *pdev) +{ + pdev->arch.pseudo_domid = DOMID_INVALID; +} + +unsigned long *__init iommu_init_domid(domid_t reserve) +{ + unsigned long *map; + + if ( !iommu_quarantine ) + return ZERO_BLOCK_PTR; + + BUILD_BUG_ON(DOMID_MASK * 2U >= UINT16_MAX); + + map = xzalloc_array(unsigned long, BITS_TO_LONGS(UINT16_MAX - DOMID_MASK)); + if ( map && reserve != DOMID_INVALID ) + { + ASSERT(reserve > DOMID_MASK); + __set_bit(reserve & DOMID_MASK, map); + } + + return map; +} + +domid_t iommu_alloc_domid(unsigned long *map) +{ + /* + * This is used uniformly across all IOMMUs, such that on typical + * systems we wouldn't re-use the same ID very quickly (perhaps never). + */ + static unsigned int start; + unsigned int idx = find_next_zero_bit(map, UINT16_MAX - DOMID_MASK, start); + + ASSERT(pcidevs_locked()); + + if ( idx >= UINT16_MAX - DOMID_MASK ) + idx = find_first_zero_bit(map, UINT16_MAX - DOMID_MASK); + if ( idx >= UINT16_MAX - DOMID_MASK ) + return DOMID_INVALID; + + __set_bit(idx, map); + + start = idx + 1; + + return idx | (DOMID_MASK + 1); +} + +void iommu_free_domid(domid_t domid, unsigned long *map) +{ + ASSERT(pcidevs_locked()); + + if ( domid == DOMID_INVALID ) + return; + + ASSERT(domid > DOMID_MASK); + + if ( !__test_and_clear_bit(domid & DOMID_MASK, map) ) + BUG(); +} + int iommu_free_pgtables(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:34:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:34:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298969.509268 (Exim 4.92) (envelope-from ) id 1nbiOf-0001Ey-D9; Tue, 05 Apr 2022 12:34:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298969.509268; Tue, 05 Apr 2022 12:34:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOf-0001Eq-AI; Tue, 05 Apr 2022 12:34:57 +0000 Received: by outflank-mailman (input) for mailman id 298969; Tue, 05 Apr 2022 12:34:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOe-0001Eh-Bg for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOe-0000Qj-Ar for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiOe-0001OI-9x for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:34:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=62FGUkzfPeKhDC4BxOeHPl3KBrUmmURYg4zO0pywLDU=; b=m6tuo4U6LpNV0dhENbpxCyk7GX YuDzrcPgOF1edMVu0QVnmxjhkE1Y6nSYXV/EBtplQTOpyP0p5Q6ROD4d8VrnuIiPWmJDmqnMf+K9V pNXhHg2JoDR+9l7fRWCIV/zbdqEcc0SyaXyUrpTbVNH9lhTTmbl0x9EaIPuXiPReSi60=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU/x86: drop TLB flushes from quarantine_init() hooks Message-Id: Date: Tue, 05 Apr 2022 12:34:56 +0000 commit 54c5cef49239e2f27ec3b3fc8804bf57aa4bf46d Author: Jan Beulich AuthorDate: Tue Apr 5 14:19:42 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:19:42 2022 +0200 IOMMU/x86: drop TLB flushes from quarantine_init() hooks The page tables just created aren't hooked up yet anywhere, so there's nothing that could be present in any TLB, and hence nothing to flush. Dropping this flush is, at least on the VT-d side, a prereq to per- device domain ID use when quarantining devices, as dom_io isn't going to be assigned a DID anymore: The warning in get_iommu_did() would trigger. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian --- xen/drivers/passthrough/amd/iommu_map.c | 2 -- xen/drivers/passthrough/vtd/iommu.c | 3 --- 2 files changed, 5 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 500a176e47..080ffd4173 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -656,8 +656,6 @@ int __init cf_check amd_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - amd_iommu_flush_all_pages(d); - /* Pages leaked in failure case */ return level ? -ENOMEM : 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 870bf465bc..a00f436467 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2975,9 +2975,6 @@ static int __init cf_check intel_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - if ( !rc ) - rc = iommu_flush_iotlb_all(d); - /* Pages may be leaked in failure case */ return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:35:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:35:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298970.509273 (Exim 4.92) (envelope-from ) id 1nbiOp-0001Hk-FI; Tue, 05 Apr 2022 12:35:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298970.509273; Tue, 05 Apr 2022 12:35:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOp-0001Ha-Bo; Tue, 05 Apr 2022 12:35:07 +0000 Received: by outflank-mailman (input) for mailman id 298970; Tue, 05 Apr 2022 12:35:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOo-0001HR-Eq for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:35:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOo-0000RM-E5 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:35:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiOo-0001PV-DR for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:35:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OThVlUrmH2BXVYrKtL6BlJE6m11PsDBpU4hFdbY5y7A=; b=GIE2SbiYVPSqc0egBPp7fejJ8B aLdpI2Ix/qBkmfNfeZBfXpB66d7RdjAoYdR405IN0+24bWd78RB88aqah9gKDGFOqvpsC4vjj6Gjq RbDJpt/Ya8z/Be7qqi32yJCzVd9jszDIuvA9ncolo9smsNlJ2bXN+ihyKI7D9/HFxsFk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: abstract maximum number of page table levels Message-Id: Date: Tue, 05 Apr 2022 12:35:06 +0000 commit a038b514c1e970a8dc32229cbd31f6769ee61ad5 Author: Jan Beulich AuthorDate: Tue Apr 5 14:20:04 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:20:04 2022 +0200 AMD/IOMMU: abstract maximum number of page table levels We will want to use the constant elsewhere. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu-defs.h | 1 + xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/amd/iommu-defs.h b/xen/drivers/passthrough/amd/iommu-defs.h index 774234dfd2..8a17697ea7 100644 --- a/xen/drivers/passthrough/amd/iommu-defs.h +++ b/xen/drivers/passthrough/amd/iommu-defs.h @@ -106,6 +106,7 @@ struct amd_iommu_dte { bool tv:1; unsigned int :5; unsigned int had:2; +#define IOMMU_MAX_PT_LEVELS 6 unsigned int paging_mode:3; uint64_t pt_root:40; bool ppr:1; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index c9a1cdddaa..85c07e6999 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -337,7 +337,7 @@ int amd_iommu_alloc_root(struct domain *d) return 0; } -unsigned int __read_mostly amd_iommu_max_paging_mode = 6; +unsigned int __read_mostly amd_iommu_max_paging_mode = IOMMU_MAX_PT_LEVELS; int __read_mostly amd_iommu_min_paging_mode = 1; static int cf_check amd_iommu_domain_init(struct domain *d) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:35:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:35:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.298971.509276 (Exim 4.92) (envelope-from ) id 1nbiOz-0001Kf-GN; Tue, 05 Apr 2022 12:35:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 298971.509276; Tue, 05 Apr 2022 12:35:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOz-0001KX-DK; Tue, 05 Apr 2022 12:35:17 +0000 Received: by outflank-mailman (input) for mailman id 298971; Tue, 05 Apr 2022 12:35:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOy-0001KH-ID for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:35:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiOy-0000RQ-HR for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:35:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiOy-0001QQ-Go for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:35:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Es+MMf4PUIogRimSTJhiWBG0Vf+x4R9uS+4crhIowBQ=; b=NpZr+i5dwS0K4Bj41T50YzkdM5 8vfM8wHH3dAnQLbLmHkak5/qBp28WCYFAN73DKm2P0I1fSfp1fFElzZypEkqNM/dmh64U6hV+eHd6 GpsidH9F/p/OykyG3uxsdacsay9/cP1/C3HWIs2PWcGcC1bW73XEWEq730UH79eOwTxo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU/x86: use per-device page tables for quarantining Message-Id: Date: Tue, 05 Apr 2022 12:35:16 +0000 commit 14dd241aad8af447680ac73e8579990e2c09c1e7 Author: Jan Beulich AuthorDate: Tue Apr 5 14:24:18 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:24:18 2022 +0200 IOMMU/x86: use per-device page tables for quarantining Devices with RMRRs / unity mapped regions, due to it being unspecified how/when these memory regions may be accessed, may not be left disconnected from the mappings of these regions (as long as it's not certain that the device has been fully quiesced). Hence even the page tables used when quarantining such devices need to have mappings of those regions. This implies installing page tables in the first place even when not in scratch-page quarantining mode. This is CVE-2022-26361 / part of XSA-400. While for the purpose here it would be sufficient to have devices with RMRRs / unity mapped regions use per-device page tables, extend this to all devices (in scratch-page quarantining mode). This allows the leaf pages to be mapped r/w, thus covering also memory writes (rather than just reads) issued by non-quiescent devices. Set up quarantine page tables as late as possible, yet early enough to not encounter failure during de-assign. This means setup generally happens in assign_device(), while (for now) the one in deassign_device() is there mainly to be on the safe side. As to the removal of QUARANTINE_SKIP() from domain_context_unmap_one(): I think this was never really needed there, as the function explicitly deals with finding a non-present context entry. Leaving it there would require propagating pgd_maddr into the function (like was done by "VT-d: prepare for per-device quarantine page tables" for domain_context_mapping_one()). In VT-d's DID allocation function don't require the IOMMU lock to be held anymore: All involved code paths hold pcidevs_lock, so this way we avoid the need to acquire the IOMMU lock around the new call to context_set_domain_id(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/include/asm/pci.h | 13 ++ xen/drivers/passthrough/amd/iommu.h | 3 +- xen/drivers/passthrough/amd/iommu_map.c | 156 ++++++++++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 43 +++-- xen/drivers/passthrough/iommu.c | 19 ++- xen/drivers/passthrough/pci.c | 20 ++- xen/drivers/passthrough/vtd/iommu.c | 255 +++++++++++++++++++--------- xen/drivers/passthrough/vtd/iommu.h | 2 +- xen/include/xen/iommu.h | 3 +- 9 files changed, 364 insertions(+), 150 deletions(-) diff --git a/xen/arch/x86/include/asm/pci.h b/xen/arch/x86/include/asm/pci.h index f944017128..c8e1a9ecdb 100644 --- a/xen/arch/x86/include/asm/pci.h +++ b/xen/arch/x86/include/asm/pci.h @@ -1,6 +1,8 @@ #ifndef __X86_PCI_H__ #define __X86_PCI_H__ +#include + #define CF8_BDF(cf8) ( ((cf8) & 0x00ffff00) >> 8) #define CF8_ADDR_LO(cf8) ( (cf8) & 0x000000fc) #define CF8_ADDR_HI(cf8) ( ((cf8) & 0x0f000000) >> 16) @@ -18,7 +20,18 @@ struct arch_pci_dev { * them don't race (de)initialization and hence don't strictly need any * locking. */ + union { + /* Subset of struct arch_iommu's fields, to be used in dom_io. */ + struct { + uint64_t pgd_maddr; + } vtd; + struct { + struct page_info *root_table; + } amd; + }; domid_t pseudo_domid; + mfn_t leaf_mfn; + struct page_list_head pgtables_list; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index ec7e030273..64e4bbf33c 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -237,7 +237,8 @@ int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); void cf_check iov_adjust_irq_affinities(void); -int cf_check amd_iommu_quarantine_init(struct domain *d); +int cf_check amd_iommu_quarantine_init(struct pci_dev *pdev, bool scratch_page); +void amd_iommu_quarantine_teardown(struct pci_dev *pdev); /* mapping functions */ int __must_check cf_check amd_iommu_map_page( diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 080ffd4173..1f5eae9b7d 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -600,64 +600,138 @@ int cf_check amd_iommu_get_reserved_device_memory( return 0; } -int __init cf_check amd_iommu_quarantine_init(struct domain *d) +static int fill_qpt(union amd_iommu_pte *this, unsigned int level, + struct page_info *pgs[IOMMU_MAX_PT_LEVELS]) { - struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_PER_TABLE_SIZE; ++i ) + { + union amd_iommu_pte *pte = &this[i], *next; + + if ( !pte->pr ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = iommu_alloc_pgtable(hd); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + if ( level ) + { + next = __map_domain_page(pgs[level]); + rc = fill_qpt(next, level - 1, pgs); + unmap_domain_page(next); + } + } + + /* + * PDEs are essentially a subset of PTEs, so this function + * is fine to use even at the leaf. + */ + set_iommu_pde_present(pte, mfn_x(page_to_mfn(pgs[level])), level, + true, true); + } + else if ( level && pte->next_level ) + { + next = map_domain_page(_mfn(pte->mfn)); + rc = fill_qpt(next, level - 1, pgs); + unmap_domain_page(next); + } + } + + return rc; +} + +int cf_check amd_iommu_quarantine_init(struct pci_dev *pdev, bool scratch_page) +{ + struct domain_iommu *hd = dom_iommu(dom_io); unsigned long end_gfn = 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT); unsigned int level = amd_iommu_get_paging_mode(end_gfn); - union amd_iommu_pte *table; + unsigned int req_id = get_dma_requestor_id(pdev->seg, pdev->sbdf.bdf); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + int rc; + + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.amd.root_table); + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + + if ( !scratch_page && !ivrs_mappings[req_id].unity_map ) + return 0; + + ASSERT(pdev->arch.pseudo_domid != DOMID_INVALID); - if ( hd->arch.amd.root_table ) + if ( pdev->arch.amd.root_table ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + pdev->arch.amd.root_table = iommu_alloc_pgtable(hd); + if ( !pdev->arch.amd.root_table ) + return -ENOMEM; - hd->arch.amd.root_table = iommu_alloc_pgtable(hd); - if ( !hd->arch.amd.root_table ) - goto out; + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.amd.root_table = pdev->arch.amd.root_table; + + rc = amd_iommu_reserve_domain_unity_map(dom_io, + ivrs_mappings[req_id].unity_map, + 0); - table = __map_domain_page(hd->arch.amd.root_table); - while ( level ) + iommu_identity_map_teardown(dom_io); + hd->arch.amd.root_table = NULL; + + if ( rc ) + AMD_IOMMU_WARN("%pp: quarantine unity mapping failed\n", &pdev->sbdf); + else if ( scratch_page ) { - struct page_info *pg; - unsigned int i; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = iommu_alloc_pgtable(hd); - if ( !pg ) - break; - - for ( i = 0; i < PTE_PER_TABLE_SIZE; i++ ) - { - union amd_iommu_pte *pde = &table[i]; + union amd_iommu_pte *root; + struct page_info *pgs[IOMMU_MAX_PT_LEVELS] = {}; - /* - * PDEs are essentially a subset of PTEs, so this function - * is fine to use even at the leaf. - */ - set_iommu_pde_present(pde, mfn_x(page_to_mfn(pg)), level - 1, - false, true); - } + spin_lock(&hd->arch.mapping_lock); - unmap_domain_page(table); - table = __map_domain_page(pg); - level--; + root = __map_domain_page(pdev->arch.amd.root_table); + rc = fill_qpt(root, level - 1, pgs); + unmap_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_domain_page(table); - out: - spin_unlock(&hd->arch.mapping_lock); + page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); + + if ( rc ) + amd_iommu_quarantine_teardown(pdev); + + return rc; +} + +void amd_iommu_quarantine_teardown(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.amd.root_table ) + return; - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + page_list_move(&hd->arch.pgtables.list, &pdev->arch.pgtables_list); + while ( iommu_free_pgtables(dom_io) == -ERESTART ) + /* nothing */; + pdev->arch.amd.root_table = NULL; } /* diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 85c07e6999..dee51efd1a 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -26,7 +26,7 @@ #include "../ats.h" /* dom_io is used as a sentinel for quarantined devices */ -#define QUARANTINE_SKIP(d) ((d) == dom_io && !dom_iommu(d)->arch.amd.root_table) +#define QUARANTINE_SKIP(d, p) ((d) == dom_io && !(p)->arch.amd.root_table) static bool_t __read_mostly init_done; @@ -125,8 +125,10 @@ static int __must_check amd_iommu_setup_domain_device( u8 bus = pdev->bus; struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; + const struct page_info *root_pg; + domid_t domid; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, pdev) ) return 0; BUG_ON(!hd->arch.amd.paging_mode || !iommu->dev_table.buffer); @@ -147,14 +149,25 @@ static int __must_check amd_iommu_setup_domain_device( dte = &table[req_id]; ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + if ( domain != dom_io ) + { + root_pg = hd->arch.amd.root_table; + domid = domain->domain_id; + } + else + { + root_pg = pdev->arch.amd.root_table; + domid = pdev->arch.pseudo_domid; + } + spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { /* bind DTE to domain page-tables */ rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.amd.paging_mode, sr_flags); if ( rc ) { ASSERT(rc < 0); @@ -181,7 +194,7 @@ static int __must_check amd_iommu_setup_domain_device( amd_iommu_flush_device(iommu, req_id); } - else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.amd.root_table)) ) + else if ( dte->pt_root != mfn_x(page_to_mfn(root_pg)) ) { /* * Strictly speaking if the device is the only one with this requestor @@ -194,8 +207,8 @@ static int __must_check amd_iommu_setup_domain_device( rc = -EOPNOTSUPP; else rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.amd.paging_mode, sr_flags); if ( rc < 0 ) { spin_unlock_irqrestore(&iommu->lock, flags); @@ -214,6 +227,7 @@ static int __must_check amd_iommu_setup_domain_device( * intended anyway. */ !pdev->domain->is_dying && + pdev->domain != dom_io && (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || pdev->phantom_stride) ) AMD_IOMMU_WARN(" %pp: reassignment may cause %pd data corruption\n", @@ -246,9 +260,8 @@ static int __must_check amd_iommu_setup_domain_device( AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " "root table = %#"PRIx64", " "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode); + req_id, pdev->type, page_to_maddr(root_pg), + domid, hd->arch.amd.paging_mode); ASSERT(pcidevs_locked()); @@ -327,7 +340,7 @@ int amd_iommu_alloc_root(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - if ( unlikely(!hd->arch.amd.root_table) ) + if ( unlikely(!hd->arch.amd.root_table) && d != dom_io ) { hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) @@ -391,7 +404,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, int req_id; u8 bus = pdev->bus; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, pdev) ) return; ASSERT(pcidevs_locked()); @@ -430,7 +443,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, AMD_IOMMU_DEBUG("Disable: device id = %#x, " "domain = %d, paging mode = %d\n", - req_id, domain->domain_id, + req_id, dte->domain_id, dom_iommu(domain)->arch.amd.paging_mode); } else @@ -454,7 +467,7 @@ static int cf_check reassign_device( return -ENODEV; } - if ( !QUARANTINE_SKIP(target) ) + if ( !QUARANTINE_SKIP(target, pdev) ) { rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); if ( rc ) @@ -655,6 +668,8 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) AMD_IOMMU_WARN("%pd: unity unmapping failed for %pp\n", pdev->domain, &pdev->sbdf); + amd_iommu_quarantine_teardown(pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); pdev->arch.pseudo_domid = DOMID_INVALID; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index c6b2c384d1..73a7da71cd 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -466,21 +466,22 @@ int iommu_iotlb_flush_all(struct domain *d, unsigned int flush_flags) return rc; } -static int __init iommu_quarantine_init(void) +int iommu_quarantine_dev_init(device_t *dev) { const struct domain_iommu *hd = dom_iommu(dom_io); - int rc; - dom_io->options |= XEN_DOMCTL_CDF_iommu; + if ( !iommu_quarantine || !hd->platform_ops->quarantine_init ) + return 0; - rc = iommu_domain_init(dom_io, 0); - if ( rc || iommu_quarantine < IOMMU_quarantine_scratch_page ) - return rc; + return iommu_call(hd->platform_ops, quarantine_init, + dev, iommu_quarantine == IOMMU_quarantine_scratch_page); +} - if ( !hd->platform_ops->quarantine_init ) - return 0; +static int __init iommu_quarantine_init(void) +{ + dom_io->options |= XEN_DOMCTL_CDF_iommu; - return hd->platform_ops->quarantine_init(dom_io); + return iommu_domain_init(dom_io, 0); } int __init iommu_setup(void) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index b59c1b61b7..d86ae67ae2 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -921,9 +921,16 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus, return -ENODEV; /* De-assignment from dom_io should de-quarantine the device */ - target = ((pdev->quarantine || iommu_quarantine) && - pdev->domain != dom_io) ? - dom_io : hardware_domain; + if ( (pdev->quarantine || iommu_quarantine) && pdev->domain != dom_io ) + { + ret = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( ret ) + return ret; + + target = dom_io; + } + else + target = hardware_domain; while ( pdev->phantom_stride ) { @@ -1503,6 +1510,13 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) if ( rc ) goto done; + if ( pdev->domain != dom_io ) + { + rc = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( rc ) + goto done; + } + pdev->fault.count = 0; if ( (rc = iommu_call(hd->platform_ops, assign_device, d, devfn, diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index a00f436467..f7cb7cd3a6 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -45,6 +45,11 @@ /* dom_io is used as a sentinel for quarantined devices */ #define QUARANTINE_SKIP(d, pgd_maddr) ((d) == dom_io && !(pgd_maddr)) +#define DEVICE_DOMID(d, pdev) ((d) != dom_io ? (d)->domain_id \ + : (pdev)->arch.pseudo_domid) +#define DEVICE_PGTABLE(d, pdev) ((d) != dom_io \ + ? dom_iommu(d)->arch.vtd.pgd_maddr \ + : (pdev)->arch.vtd.pgd_maddr) /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -108,12 +113,17 @@ static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 + +/* + * This function may have "context" passed as NULL, to merely obtain a DID + * for "domid". + */ static int context_set_domain_id(struct context_entry *context, domid_t domid, struct vtd_iommu *iommu) { unsigned int i; - ASSERT(spin_is_locked(&iommu->lock)); + ASSERT(pcidevs_locked()); if ( domid_mapping(iommu) ) { @@ -138,8 +148,12 @@ static int context_set_domain_id(struct context_entry *context, else i = convert_domid(iommu, domid); - context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); - context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + if ( context ) + { + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); + context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + } + return 0; } @@ -194,8 +208,12 @@ static void check_cleanup_domid_map(const struct domain *d, const struct pci_dev *exclude, struct vtd_iommu *iommu) { - bool found = any_pdev_behind_iommu(d, exclude, iommu); + bool found; + + if ( d == dom_io ) + return; + found = any_pdev_behind_iommu(d, exclude, iommu); /* * Hidden devices are associated with DomXEN but usable by the hardware * domain. Hence they need considering here as well. @@ -212,7 +230,7 @@ static void check_cleanup_domid_map(const struct domain *d, domid_t did_to_domain_id(const struct vtd_iommu *iommu, unsigned int did) { - if ( did >= min(cap_ndoms(iommu->cap), DOMID_MASK + 1) ) + if ( did >= cap_ndoms(iommu->cap) ) return DOMID_INVALID; if ( !domid_mapping(iommu) ) @@ -1428,7 +1446,7 @@ int domain_context_mapping_one( domid = did_to_domain_id(iommu, prev_did); if ( domid < DOMID_FIRST_RESERVED ) prev_dom = rcu_lock_domain_by_id(domid); - else if ( domid == DOMID_IO ) + else if ( pdev ? domid == pdev->arch.pseudo_domid : domid > DOMID_MASK ) prev_dom = rcu_lock_domain(dom_io); if ( !prev_dom ) { @@ -1585,15 +1603,12 @@ int domain_context_mapping_one( { if ( !prev_dom ) ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ - { - hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, - domain->domain_id, - hd->arch.vtd.pgd_maddr, + DEVICE_DOMID(prev_dom, pdev), + DEVICE_PGTABLE(prev_dom, pdev), mode & MAP_WITH_RMRR) < 0; - } else ret = 1; @@ -1615,7 +1630,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); const struct acpi_rmrr_unit *rmrr; - paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; + paddr_t pgd_maddr = DEVICE_PGTABLE(domain, pdev); domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; @@ -1644,7 +1659,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; } - if ( domain != pdev->domain ) + if ( domain != pdev->domain && pdev->domain != dom_io ) { if ( pdev->domain->is_dying ) mode |= MAP_OWNER_DYING; @@ -1686,8 +1701,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, + ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, + DEVICE_DOMID(domain, pdev), pgd_maddr, mode); if ( ret > 0 ) ret = 0; @@ -1713,8 +1728,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, - mode); + pdev, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret < 0 ) break; prev_present = ret; @@ -1742,8 +1757,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1758,8 +1773,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret ) { @@ -1801,9 +1816,6 @@ int domain_context_unmap_one( int iommu_domid, rc, ret; bool_t flush_dev_iotlb; - if ( QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) - return 0; - ASSERT(pcidevs_locked()); spin_lock(&iommu->lock); @@ -1905,7 +1917,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1919,7 +1931,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( ret ) break; @@ -1942,18 +1954,12 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + DEVICE_DOMID(domain, pdev)); /* PCIe to PCI/PCIx bridge */ - if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); - if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - domain->domain_id); - } - else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); + if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + DEVICE_DOMID(domain, pdev)); break; @@ -1964,7 +1970,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( } if ( !ret && pdev->devfn == devfn && - !QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) + !QUARANTINE_SKIP(domain, pdev->arch.vtd.pgd_maddr) ) check_cleanup_domid_map(domain, pdev, iommu); return drhd; @@ -1997,6 +2003,26 @@ static void cf_check iommu_domain_teardown(struct domain *d) XFREE(hd->arch.vtd.iommu_bitmap); } +static void quarantine_teardown(struct pci_dev *pdev, + const struct acpi_drhd_unit *drhd) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.vtd.pgd_maddr ) + return; + + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + page_list_move(&hd->arch.pgtables.list, &pdev->arch.pgtables_list); + while ( iommu_free_pgtables(dom_io) == -ERESTART ) + /* nothing */; + pdev->arch.vtd.pgd_maddr = 0; + + if ( drhd ) + cleanup_domid_map(pdev->arch.pseudo_domid, drhd->iommu); +} + static int __must_check cf_check intel_iommu_map_page( struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, unsigned int *flush_flags) @@ -2221,6 +2247,8 @@ static int cf_check intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + quarantine_teardown(pdev, drhd); + if ( drhd ) { iommu_free_domid(pdev->arch.pseudo_domid, @@ -2574,7 +2602,7 @@ static int cf_check reassign_device_ownership( { int ret; - if ( !QUARANTINE_SKIP(target, dom_iommu(target)->arch.vtd.pgd_maddr) ) + if ( !QUARANTINE_SKIP(target, pdev->arch.vtd.pgd_maddr) ) { if ( !has_arch_pdevs(target) ) vmx_pi_hooks_assign(target); @@ -2591,7 +2619,7 @@ static int cf_check reassign_device_ownership( ret = domain_context_mapping(target, devfn, pdev); if ( !ret && pdev->devfn == devfn && - !QUARANTINE_SKIP(source, dom_iommu(source)->arch.vtd.pgd_maddr) ) + !QUARANTINE_SKIP(source, pdev->arch.vtd.pgd_maddr) ) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); @@ -2913,69 +2941,136 @@ static void cf_check vtd_dump_page_tables(struct domain *d) agaw_to_level(hd->arch.vtd.agaw), 0, 0); } -static int __init cf_check intel_iommu_quarantine_init(struct domain *d) +static int fill_qpt(struct dma_pte *this, unsigned int level, + struct page_info *pgs[6]) { - struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_NUM; ++i ) + { + struct dma_pte *pte = &this[i], *next; + + if ( !dma_pte_present(*pte) ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = iommu_alloc_pgtable(hd); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + if ( level ) + { + next = map_vtd_domain_page(page_to_maddr(pgs[level])); + rc = fill_qpt(next, level - 1, pgs); + unmap_vtd_domain_page(next); + } + } + + dma_set_pte_addr(*pte, page_to_maddr(pgs[level])); + dma_set_pte_readable(*pte); + dma_set_pte_writable(*pte); + } + else if ( level && !dma_pte_superpage(*pte) ) + { + next = map_vtd_domain_page(dma_pte_addr(*pte)); + rc = fill_qpt(next, level - 1, pgs); + unmap_vtd_domain_page(next); + } + } + + return rc; +} + +static int cf_check intel_iommu_quarantine_init(struct pci_dev *pdev, + bool scratch_page) +{ + struct domain_iommu *hd = dom_iommu(dom_io); struct page_info *pg; - struct dma_pte *parent; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); - int rc = 0; + const struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; + unsigned int i, bdf; + bool rmrr_found = false; + int rc; - spin_lock(&hd->arch.mapping_lock); + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.vtd.pgd_maddr); + ASSERT(page_list_empty(&hd->arch.pgtables.list)); - if ( hd->arch.vtd.pgd_maddr ) + if ( pdev->arch.vtd.pgd_maddr ) { - ASSERT_UNREACHABLE(); - goto out; + clear_domain_page(pdev->arch.leaf_mfn); + return 0; } - pg = iommu_alloc_pgtable(hd); + drhd = acpi_find_matched_drhd_unit(pdev); + if ( !drhd ) + return -ENODEV; - rc = -ENOMEM; + pg = iommu_alloc_pgtable(hd); if ( !pg ) - goto out; + return -ENOMEM; + + rc = context_set_domain_id(NULL, pdev->arch.pseudo_domid, drhd->iommu); + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ hd->arch.vtd.pgd_maddr = page_to_maddr(pg); - parent = map_vtd_domain_page(hd->arch.vtd.pgd_maddr); - while ( level ) + for_each_rmrr_device ( rmrr, bdf, i ) { - uint64_t maddr; - unsigned int offset; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = iommu_alloc_pgtable(hd); - - if ( !pg ) - goto out; + if ( rc ) + break; - maddr = page_to_maddr(pg); - for ( offset = 0; offset < PTE_NUM; offset++ ) + if ( rmrr->segment == pdev->seg && bdf == pdev->sbdf.bdf ) { - struct dma_pte *pte = &parent[offset]; + rmrr_found = true; - dma_set_pte_addr(*pte, maddr); - dma_set_pte_readable(*pte); + rc = iommu_identity_mapping(dom_io, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); + if ( rc ) + printk(XENLOG_ERR VTDPREFIX + "%pp: RMRR quarantine mapping failed\n", + &pdev->sbdf); } - iommu_sync_cache(parent, PAGE_SIZE); + } - unmap_vtd_domain_page(parent); - parent = map_vtd_domain_page(maddr); - level--; + iommu_identity_map_teardown(dom_io); + hd->arch.vtd.pgd_maddr = 0; + pdev->arch.vtd.pgd_maddr = page_to_maddr(pg); + + if ( !rc && scratch_page ) + { + struct dma_pte *root; + struct page_info *pgs[6] = {}; + + spin_lock(&hd->arch.mapping_lock); + + root = map_vtd_domain_page(pdev->arch.vtd.pgd_maddr); + rc = fill_qpt(root, level - 1, pgs); + unmap_vtd_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_vtd_domain_page(parent); - rc = 0; + page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc || (!scratch_page && !rmrr_found) ) + quarantine_teardown(pdev, drhd); - /* Pages may be leaked in failure case */ return rc; } diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 3c76218f76..aca055f577 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -477,7 +477,7 @@ struct vtd_iommu { u32 nr_pt_levels; u64 cap; u64 ecap; - spinlock_t lock; /* protect context, domain ids */ + spinlock_t lock; /* protect context */ spinlock_t register_lock; /* protect iommu register handling */ u64 root_maddr; /* root entry machine address */ nodeid_t node; diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index e4d526052d..3a83981464 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -233,7 +233,7 @@ typedef int iommu_grdm_t(xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt); struct iommu_ops { int (*init)(struct domain *d); void (*hwdom_init)(struct domain *d); - int (*quarantine_init)(struct domain *d); + int (*quarantine_init)(device_t *dev, bool scratch_page); int (*add_device)(u8 devfn, device_t *dev); int (*enable_device)(device_t *dev); int (*remove_device)(u8 devfn, device_t *dev); @@ -349,6 +349,7 @@ int __must_check iommu_suspend(void); void iommu_resume(void); void iommu_crash_shutdown(void); int iommu_get_reserved_device_memory(iommu_grdm_t *, void *); +int iommu_quarantine_dev_init(device_t *dev); #ifdef CONFIG_HAS_PCI int iommu_do_pci_domctl(struct xen_domctl *, struct domain *d, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:55:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299015.509293 (Exim 4.92) (envelope-from ) id 1nbii9-0004DR-T3; Tue, 05 Apr 2022 12:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299015.509293; Tue, 05 Apr 2022 12:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbii9-0004DJ-Q9; Tue, 05 Apr 2022 12:55:05 +0000 Received: by outflank-mailman (input) for mailman id 299015; Tue, 05 Apr 2022 12:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbii8-0004DD-Kk for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbii8-0000nu-JU for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbii8-0002sR-IR for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NEx7yfU8z9cdUrp4HgKVgJenC/Sudgf2M7mpOtVUCis=; b=znN0lzcxroJ4ZrVFU52hTLABBO JPjtdUQcIRivE3MAyl8PT34zhje1bcVq4uKwSdUQieD6CFj+hMNpaEQfZff92aeoG4jz0fcgf+/dO o/EWoB7mAL08OIK7WyKfyMpTROEnISwUlWB79JBC5IQg6fNW7BIw0jDfkxkwRGEA/R8E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/hap: do not switch on log dirty for VRAM tracking Message-Id: Date: Tue, 05 Apr 2022 12:55:04 +0000 commit 309487036c9447fbfbc60f88667970dedf376aa4 Author: Roger Pau MonnĂ© AuthorDate: Tue Apr 5 14:43:32 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:43:32 2022 +0200 x86/hap: do not switch on log dirty for VRAM tracking XEN_DMOP_track_dirty_vram possibly calls into paging_log_dirty_enable when using HAP mode, and it can interact badly with other ongoing paging domctls, as XEN_DMOP_track_dirty_vram is not holding the domctl lock. This was detected as a result of the following assert triggering when doing repeated migrations of a HAP HVM domain with a stubdom: Assertion 'd->arch.paging.log_dirty.allocs == 0' failed at paging.c:198 ----[ Xen-4.17-unstable x86_64 debug=y Not tainted ]---- CPU: 34 RIP: e008:[] arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x6 RFLAGS: 0000000000010206 CONTEXT: hypervisor (d0v23) [...] Xen call trace: [] R arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x63a [] S xsm/flask/hooks.c#domain_has_perm+0x5a/0x67 [] F paging_domctl+0x251/0xd41 [] F paging_domctl_continuation+0x19d/0x202 [] F pv_hypercall+0x150/0x2a7 [] F lstar_enter+0x12d/0x140 Such assert triggered because the stubdom used XEN_DMOP_track_dirty_vram while dom0 was in the middle of executing XEN_DOMCTL_SHADOW_OP_OFF, and so log dirty become enabled while retiring the old structures, thus leading to new entries being populated in already clear slots. Fix this by not enabling log dirty for VRAM tracking, similar to what is done when using shadow instead of HAP. Call p2m_enable_hardware_log_dirty when enabling VRAM tracking in order to get some hardware assistance if available. As a side effect the memory pressure on the p2m pool should go down if only VRAM tracking is enabled, as the dirty bitmap is no longer allocated. Note that paging_log_dirty_range (used to get the dirty bitmap for VRAM tracking) doesn't use the log dirty bitmap, and instead relies on checking whether each gfn on the range has been switched from p2m_ram_logdirty to p2m_ram_rw in order to account for dirty pages. This is CVE-2022-26356 / XSA-397. Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich master commit: 4f4db53784d912c4f409a451c36ebfd4754e0a42 master date: 2022-04-05 14:11:30 +0200 --- xen/arch/x86/mm/hap/hap.c | 11 ++++------- xen/arch/x86/mm/paging.c | 2 +- xen/include/asm-x86/paging.h | 3 --- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 73575deb0d..47a7487fa7 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -69,13 +69,6 @@ int hap_track_dirty_vram(struct domain *d, { unsigned int size = DIV_ROUND_UP(nr_frames, BITS_PER_BYTE); - if ( !paging_mode_log_dirty(d) ) - { - rc = paging_log_dirty_enable(d, false); - if ( rc ) - goto out; - } - rc = -ENOMEM; dirty_bitmap = vzalloc(size); if ( !dirty_bitmap ) @@ -107,6 +100,10 @@ int hap_track_dirty_vram(struct domain *d, paging_unlock(d); + domain_pause(d); + p2m_enable_hardware_log_dirty(d); + domain_unpause(d); + if ( oend > ostart ) p2m_change_type_range(d, ostart, oend, p2m_ram_logdirty, p2m_ram_rw); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index dd6b2bdf6f..97ac9ccf59 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -211,7 +211,7 @@ static int paging_free_log_dirty_bitmap(struct domain *d, int rc) return rc; } -int paging_log_dirty_enable(struct domain *d, bool log_global) +static int paging_log_dirty_enable(struct domain *d, bool log_global) { int ret; diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h index 996c2cd038..27890791d8 100644 --- a/xen/include/asm-x86/paging.h +++ b/xen/include/asm-x86/paging.h @@ -162,9 +162,6 @@ void paging_log_dirty_range(struct domain *d, unsigned long nr, uint8_t *dirty_bitmap); -/* enable log dirty */ -int paging_log_dirty_enable(struct domain *d, bool log_global); - /* log dirty initialization */ void paging_log_dirty_init(struct domain *d, const struct log_dirty_ops *ops); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:55:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:55:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299016.509298 (Exim 4.92) (envelope-from ) id 1nbiiJ-0004FT-Ue; Tue, 05 Apr 2022 12:55:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299016.509298; Tue, 05 Apr 2022 12:55:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiiJ-0004FL-Re; Tue, 05 Apr 2022 12:55:15 +0000 Received: by outflank-mailman (input) for mailman id 299016; Tue, 05 Apr 2022 12:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiiI-0004F9-Os for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiiI-0000o2-O2 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiiI-0002t7-Lq for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Bw/OuNP45E0G8mnpUveJ3F8PMrtUfhlvJ+52/TCRDNE=; b=XqP3BdHvqUHTeAB7tiIjm67A8m Xw/165VL266fbH9yOb55+K4NWMzVaWCXe4jSgDJpCzJsuPuNevATp2L3TxUyWPNa9R6OXXN904aCd Y7yqI1emP9Ediw4InDVlzSieKl6wMX6ZiIMdvbHb2COOfoJQPcoG68aDDmsUcmObhO8g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] VT-d: correct ordering of operations in cleanup_domid_map() Message-Id: Date: Tue, 05 Apr 2022 12:55:14 +0000 commit 0e754e07b00f3ad644a3c05f85702bce8b4c0d5c Author: Jan Beulich AuthorDate: Tue Apr 5 14:43:57 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:43:57 2022 +0200 VT-d: correct ordering of operations in cleanup_domid_map() The function may be called without any locks held (leaving aside the domctl one, which we surely don't want to depend on here), so needs to play safe wrt other accesses to domid_map[] and domid_bitmap[]. This is to avoid context_set_domain_id()'s writing of domid_map[] to be reset to zero right away in the case of it racing the freeing of a DID. For the interaction with context_set_domain_id() and did_to_domain_id() see the code comment. {check_,}cleanup_domid_map() are called with pcidevs_lock held or during domain cleanup only (and pcidevs_lock is also held around context_set_domain_id()), i.e. racing calls with the same (dom, iommu) tuple cannot occur. domain_iommu_domid(), besides its use by cleanup_domid_map(), has its result used only to control flushing, and hence a stale result would only lead to a stray extra flush. This is CVE-2022-26357 / XSA-399. Fixes: b9c20c78789f ("VT-d: per-iommu domain-id") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: d9eca7bb6c6636eb87bb17b08ba7de270f47ecd0 master date: 2022-04-05 14:12:27 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index ead12db6a4..a1645d3372 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -152,8 +152,14 @@ static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) if ( iommu_domid >= 0 ) { + /* + * Update domid_map[] /before/ domid_bitmap[] to avoid a race with + * context_set_domain_id(), setting the slot to DOMID_INVALID for + * ->domid_map[] reads to produce a suitable value while the bit is + * still set. + */ + iommu->domid_map[iommu_domid] = DOMID_INVALID; clear_bit(iommu_domid, iommu->domid_bitmap); - iommu->domid_map[iommu_domid] = 0; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299017.509304 (Exim 4.92) (envelope-from ) id 1nbiiU-0004Ip-0U; Tue, 05 Apr 2022 12:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299017.509304; Tue, 05 Apr 2022 12:55:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiiT-0004Ih-T8; Tue, 05 Apr 2022 12:55:25 +0000 Received: by outflank-mailman (input) for mailman id 299017; Tue, 05 Apr 2022 12:55:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiiS-0004IR-SU for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiiS-0000oN-RY for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiiS-0002uD-Qh for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iBG2p+gvDz6A61VZLcrszah7ru3sJ1b0PVYV835Qvt8=; b=FUOo882lfUpcsecAYG1YjF8iDU 0DF1juOue/22ciWu9C2IhaZrhcGCDrwDWarktIekJzTlG0Ks4Zvh63BSZfltxn7TFpA4JmEtliCng qZKaiRxZhuDIUoH7Z1fNSjV9hTN4VixLqLdYyH0W5k9pwku369ZruVggyNOpHwXCC+hk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] VT-d: fix (de)assign ordering when RMRRs are in use Message-Id: Date: Tue, 05 Apr 2022 12:55:24 +0000 commit 2c0e367013f7f17753b48f2bd5ed34d85dcb8881 Author: Jan Beulich AuthorDate: Tue Apr 5 14:44:14 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:44:14 2022 +0200 VT-d: fix (de)assign ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully updated. Also adjust a related log message. This is CVE-2022-26358 / part of XSA-400. Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: 78a40f8b5dfa1a3aec43528663f39473d4429101 master date: 2022-04-05 14:15:33 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 56 ++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index a1645d3372..5e3740feb6 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2419,6 +2419,10 @@ static int reassign_device_ownership( { int ret; + ret = domain_context_unmap(source, devfn, pdev); + if ( ret ) + return ret; + /* * Devices assigned to untrusted domains (here assumed to be any domU) * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected @@ -2455,10 +2459,6 @@ static int reassign_device_ownership( } } - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; - if ( devfn == pdev->devfn && pdev->domain != dom_io ) { list_move(&pdev->domain_list, &dom_io->pdev_list); @@ -2534,9 +2534,8 @@ static int intel_iommu_assign_device( } } - ret = reassign_device_ownership(s, d, devfn, pdev); - if ( ret || d == dom_io ) - return ret; + if ( d == dom_io ) + return reassign_device_ownership(s, d, devfn, pdev); /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) @@ -2549,20 +2548,37 @@ static int intel_iommu_assign_device( rmrr->end_address, flag); if ( ret ) { - int rc; - - rc = reassign_device_ownership(d, s, devfn, pdev); printk(XENLOG_G_ERR VTDPREFIX - " cannot map reserved region (%"PRIx64",%"PRIx64"] for Dom%d (%d)\n", - rmrr->base_address, rmrr->end_address, - d->domain_id, ret); - if ( rc ) - { - printk(XENLOG_ERR VTDPREFIX - " failed to reclaim %pp from %pd (%d)\n", - &PCI_SBDF3(seg, bus, devfn), d, rc); - domain_crash(d); - } + "%pd: cannot map reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, ret); + break; + } + } + } + + if ( !ret ) + ret = reassign_device_ownership(s, d, devfn, pdev); + + /* See reassign_device_ownership() for the hwdom aspect. */ + if ( !ret || is_hardware_domain(d) ) + return ret; + + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment == seg && + PCI_BUS(bdf) == bus && + PCI_DEVFN2(bdf) == devfn ) + { + int rc = iommu_identity_mapping(d, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); + + if ( rc && rc != -ENOENT ) + { + printk(XENLOG_ERR VTDPREFIX + "%pd: cannot unmap reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, rc); + domain_crash(d); break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:55:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299018.509306 (Exim 4.92) (envelope-from ) id 1nbiie-0004Lh-1E; Tue, 05 Apr 2022 12:55:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299018.509306; Tue, 05 Apr 2022 12:55:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiid-0004LZ-Ug; Tue, 05 Apr 2022 12:55:35 +0000 Received: by outflank-mailman (input) for mailman id 299018; Tue, 05 Apr 2022 12:55:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiic-0004LQ-VY for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiic-0000oq-Ui for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiic-0002vM-Tp for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6foS1m71CjCeHEwjigVR6q08qFuV1ELzBw5S82b/qEo=; b=IzR3QhNDr+qzTA216DwFg8yydu BsMExPkjH5AfDc6VgcxhK4P5aOI8cUUELpwi3ii8Wff7v19u2TMlQOeJe0WSGnzff4P7xi7R1UqpS D/7cDP5mY2//1llZnWz0UUiwQG4JP/u/UloxV0PdtyyiyNP3GDXlvpKxt6wOREPlRnJ0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] VT-d: fix add/remove ordering when RMRRs are in use Message-Id: Date: Tue, 05 Apr 2022 12:55:34 +0000 commit cf0dc7379b9e2aa5f4b3983d81c6e2ed9811c34f Author: Jan Beulich AuthorDate: Tue Apr 5 14:44:53 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:44:53 2022 +0200 VT-d: fix add/remove ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully cleared. Also switch to %pd in related log messages. Fixes: fa88cfadf918 ("vt-d: Map RMRR in intel_iommu_add_device() if the device has RMRR") Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 3221f270cf2eba0a22fd4f92319d664eacb92889 master date: 2022-04-05 14:16:10 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 5e3740feb6..19696a8818 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1997,14 +1997,6 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - ret = domain_context_mapping(pdev->domain, devfn, pdev); - if ( ret ) - { - dprintk(XENLOG_ERR VTDPREFIX, "d%d: context mapping failed\n", - pdev->domain->domain_id); - return ret; - } - for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment == pdev->seg && @@ -2021,12 +2013,17 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) rmrr->base_address, rmrr->end_address, 0); if ( ret ) - dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", - pdev->domain->domain_id); + dprintk(XENLOG_ERR VTDPREFIX, "%pd: RMRR mapping failed\n", + pdev->domain); } } - return 0; + ret = domain_context_mapping(pdev->domain, devfn, pdev); + if ( ret ) + dprintk(XENLOG_ERR VTDPREFIX, "%pd: context mapping failed\n", + pdev->domain); + + return ret; } static int intel_iommu_enable_device(struct pci_dev *pdev) @@ -2048,11 +2045,15 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; - int i; + int ret, i; if ( !pdev->domain ) return -EINVAL; + ret = domain_context_unmap(pdev->domain, devfn, pdev); + if ( ret ) + return ret; + for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment != pdev->seg || @@ -2068,7 +2069,7 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } - return domain_context_unmap(pdev->domain, devfn, pdev); + return 0; } static int __hwdom_init setup_hwdom_device(u8 devfn, struct pci_dev *pdev) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:55:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:55:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299019.509310 (Exim 4.92) (envelope-from ) id 1nbiio-0004QI-2v; Tue, 05 Apr 2022 12:55:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299019.509310; Tue, 05 Apr 2022 12:55:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiio-0004QA-00; Tue, 05 Apr 2022 12:55:46 +0000 Received: by outflank-mailman (input) for mailman id 299019; Tue, 05 Apr 2022 12:55:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiin-0004Q0-2j for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiin-0000p3-1k for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiin-0002w3-10 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=L6e724Zgt28Od2L/bM5PgHOxcMdnGSbJIB+PB2hIDPg=; b=E9Bk/yPQaMBfP9i8GC+PalDWb5 rF7Wq+oYe/cdp27cdBwjsRYPc+MhDS5CfoPU844EZqBkV5hhSRClcsdo8Z7UfogXVCSfkqINM4/0G cn7UvxQ5ymn9K8vPBJF8wfAJN8Hq7+wc5T6I497dG6DrkJJfIxqlMY6GpZHbh72yJ9m8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter Message-Id: Date: Tue, 05 Apr 2022 12:55:45 +0000 commit e0bd36c36ae1088b6687da7351a035b6d9a02940 Author: Jan Beulich AuthorDate: Tue Apr 5 14:45:29 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:45:29 2022 +0200 IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter This is to make more obvious that nothing outside of domain_iommu(d) actually changes or is otherwise needed by the function. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: eba09b9dd78f9e8cbaa78ef0edb301b32def2c7a master date: 2022-04-05 14:16:46 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 10 +++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 8 ++++---- xen/drivers/passthrough/x86/iommu.c | 3 +-- xen/include/asm-x86/iommu.h | 3 ++- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index b0330157ea..8f9be319ad 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -184,7 +184,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, unsigned long next_table_mfn; unsigned int level; struct page_info *table; - const struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(d); table = hd->arch.amd.root_table; level = hd->arch.amd.paging_mode; @@ -219,7 +219,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, mfn = next_table_mfn; /* allocate lower level page table */ - table = iommu_alloc_pgtable(d); + table = iommu_alloc_pgtable(hd); if ( table == NULL ) { AMD_IOMMU_ERROR("cannot allocate I/O page table\n"); @@ -249,7 +249,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, if ( next_table_mfn == 0 ) { - table = iommu_alloc_pgtable(d); + table = iommu_alloc_pgtable(hd); if ( table == NULL ) { AMD_IOMMU_ERROR("cannot allocate I/O page table\n"); @@ -553,7 +553,7 @@ int __init amd_iommu_quarantine_init(struct domain *d) spin_lock(&hd->arch.mapping_lock); - hd->arch.amd.root_table = iommu_alloc_pgtable(d); + hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) goto out; @@ -568,7 +568,7 @@ int __init amd_iommu_quarantine_init(struct domain *d) * page table pages, and the resulting allocations are always * zeroed. */ - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); if ( !pg ) break; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 9642bba43a..31e8c5dd3d 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -242,7 +242,7 @@ int amd_iommu_alloc_root(struct domain *d) if ( unlikely(!hd->arch.amd.root_table) ) { - hd->arch.amd.root_table = iommu_alloc_pgtable(d); + hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) return -ENOMEM; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 19696a8818..1b04a261f2 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -330,7 +330,7 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) { struct page_info *pg; - if ( !alloc || !(pg = iommu_alloc_pgtable(domain)) ) + if ( !alloc || !(pg = iommu_alloc_pgtable(hd)) ) goto out; hd->arch.vtd.pgd_maddr = page_to_maddr(pg); @@ -350,7 +350,7 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) if ( !alloc ) break; - pg = iommu_alloc_pgtable(domain); + pg = iommu_alloc_pgtable(hd); if ( !pg ) break; @@ -2766,7 +2766,7 @@ static int __init intel_iommu_quarantine_init(struct domain *d) goto out; } - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); rc = -ENOMEM; if ( !pg ) @@ -2785,7 +2785,7 @@ static int __init intel_iommu_quarantine_init(struct domain *d) * page table pages, and the resulting allocations are always * zeroed. */ - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); if ( !pg ) goto out; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index b2284ae001..295d853003 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -416,9 +416,8 @@ int iommu_free_pgtables(struct domain *d) return 0; } -struct page_info *iommu_alloc_pgtable(struct domain *d) +struct page_info *iommu_alloc_pgtable(struct domain_iommu *hd) { - struct domain_iommu *hd = dom_iommu(d); unsigned int memflags = 0; struct page_info *pg; void *p; diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index de46149b40..cb794fe1ef 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -142,7 +142,8 @@ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, }) int __must_check iommu_free_pgtables(struct domain *d); -struct page_info *__must_check iommu_alloc_pgtable(struct domain *d); +struct domain_iommu; +struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); #endif /* !__ARCH_X86_IOMMU_H__ */ /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:55:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:55:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299020.509314 (Exim 4.92) (envelope-from ) id 1nbiiy-0004TZ-5e; Tue, 05 Apr 2022 12:55:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299020.509314; Tue, 05 Apr 2022 12:55:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiiy-0004TR-2q; Tue, 05 Apr 2022 12:55:56 +0000 Received: by outflank-mailman (input) for mailman id 299020; Tue, 05 Apr 2022 12:55:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiix-0004TK-5Z for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiix-0000pI-4i for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiix-0002wi-3z for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:55:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=L1yb+aFWrf9z20xXL+amtWa29WNYBEPVvQZGYLDfPAc=; b=hrX7RB4ciW2fD/Q+8ZmSBvasiV uHFYhm25u1QtUKMFQx3ow2PuvQtp92WsvAZ2Deq9ZpxjrCcZml3qnicdTf/wFFq2e4uqqm1gVJLaL MjhdmT9BnYcyj/ZsIXGP863A5OV+i8VATAI1oxfDe4i01yyqt7vrCXu26jUqyE/Qg+1M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] VT-d: drop ownership checking from domain_context_mapping_one() Message-Id: Date: Tue, 05 Apr 2022 12:55:55 +0000 commit 840920147f5a32bf329bfcfb4f205154cf43964f Author: Jan Beulich AuthorDate: Tue Apr 5 14:46:03 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:46:03 2022 +0200 VT-d: drop ownership checking from domain_context_mapping_one() Despite putting in quite a bit of effort it was not possible to establish why exactly this code exists (beyond possibly sanity checking). Instead of a subsequent change further complicating this logic, simply get rid of it. Take the opportunity and move the respective unmap_vtd_domain_page() out of the locked region. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: a680b8134b2d1828bbbf443a97feea66e8a85c75 master date: 2022-04-05 14:17:21 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 61 ++----------------------------------- 1 file changed, 2 insertions(+), 59 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 1b04a261f2..3fd96dc312 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -124,28 +124,6 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static int context_get_domain_id(struct context_entry *context, - struct vtd_iommu *iommu) -{ - unsigned long dom_index, nr_dom; - int domid = -1; - - if (iommu && context) - { - nr_dom = cap_ndoms(iommu->cap); - - dom_index = context_domain_id(*context); - - if ( dom_index < nr_dom && iommu->domid_map ) - domid = iommu->domid_map[dom_index]; - else - dprintk(XENLOG_DEBUG VTDPREFIX, - "dom_index %lu exceeds nr_dom %lu or iommu has no domid_map\n", - dom_index, nr_dom); - } - return domid; -} - static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) { int iommu_domid = domain_iommu_domid(domain, iommu); @@ -1416,44 +1394,9 @@ int domain_context_mapping_one( if ( context_present(*context) ) { - int res = 0; - - /* Try to get domain ownership from device structure. If that's - * not available, try to read it from the context itself. */ - if ( pdev ) - { - if ( pdev->domain != domain ) - { - printk(XENLOG_G_INFO VTDPREFIX "%pd: %pp owned by %pd", - domain, &PCI_SBDF3(seg, bus, devfn), - pdev->domain); - res = -EINVAL; - } - } - else - { - int cdomain; - cdomain = context_get_domain_id(context, iommu); - - if ( cdomain < 0 ) - { - printk(XENLOG_G_WARNING VTDPREFIX - "%pd: %pp mapped, but can't find owner\n", - domain, &PCI_SBDF3(seg, bus, devfn)); - res = -EINVAL; - } - else if ( cdomain != domain->domain_id ) - { - printk(XENLOG_G_INFO VTDPREFIX - "%pd: %pp already mapped to d%d", - domain, &PCI_SBDF3(seg, bus, devfn), cdomain); - res = -EINVAL; - } - } - - unmap_vtd_domain_page(context_entries); spin_unlock(&iommu->lock); - return res; + unmap_vtd_domain_page(context_entries); + return 0; } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:56:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:56:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299021.509318 (Exim 4.92) (envelope-from ) id 1nbij8-0004WM-7D; Tue, 05 Apr 2022 12:56:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299021.509318; Tue, 05 Apr 2022 12:56:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbij8-0004WF-4N; Tue, 05 Apr 2022 12:56:06 +0000 Received: by outflank-mailman (input) for mailman id 299021; Tue, 05 Apr 2022 12:56:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbij7-0004W4-8h for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbij7-0000q0-7n for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbij7-0002xc-76 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=POMHn4JbeuqhIuLhdCvq+dIAQzRKslwnf7BSPmzD6Bg=; b=46WqKKJDny0RPCUtVdJpjdDjX9 BxuUq1A4cBBrmfsPBCU4m09MvjhOb3yBD9FdEQyxlqEgEq1jscGSFv/dMOxrOso2vum0u7bvFoyqP zRAUKsg8vqHJpjHVGxjt1UEjVoTqNekrEZeQFijAXryUq0nAasm6DZgJN8ku+rEBKRq0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] VT-d: re-assign devices directly Message-Id: Date: Tue, 05 Apr 2022 12:56:05 +0000 commit e579153bfe650d533525e46709a2ed6610303dfb Author: Jan Beulich AuthorDate: Tue Apr 5 14:46:45 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:46:45 2022 +0200 VT-d: re-assign devices directly Devices with RMRRs, due to it being unspecified how/when the specified memory regions may get accessed, may not be left disconnected from their respective mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than unmapping the old context and then mapping the new one, re-assignment needs to be done in a single step. This is CVE-2022-26359 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any RMRRs. The main difference is when it comes to updating context entries, which need to be atomic when there are RMRRs. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. The seemingly complicated choice of non-negative return values for domain_context_mapping_one() is to limit code churn: This way callers passing NULL for pdev don't need fiddling with. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 8f41e481b4852173909363b88c1ab3da747d3a05 master date: 2022-04-05 14:17:42 +0200 --- xen/drivers/passthrough/vtd/extern.h | 7 +- xen/drivers/passthrough/vtd/iommu.c | 280 +++++++++++++++++++++++++++-------- xen/drivers/passthrough/vtd/iommu.h | 8 +- xen/drivers/passthrough/vtd/quirks.c | 14 +- xen/drivers/passthrough/vtd/vtd.h | 10 +- 5 files changed, 241 insertions(+), 78 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 6fb00a25c3..d125bdba0e 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -84,7 +84,8 @@ void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(const void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *); + uint8_t bus, uint8_t devfn, + const struct pci_dev *pdev, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, u8 bus, u8 devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); @@ -104,8 +105,8 @@ bool is_azalia_tlb_enabled(const struct acpi_drhd_unit *); void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); -int __must_check me_wifi_quirk(struct domain *domain, - u8 bus, u8 devfn, int map); +int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, + uint8_t devfn, unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 3fd96dc312..bd9687be1d 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -120,6 +120,7 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; return 0; } @@ -1371,15 +1372,27 @@ static void __hwdom_init intel_iommu_hwdom_init(struct domain *d) } } +/* + * This function returns + * - a negative errno value upon error, + * - zero upon success when previously the entry was non-present, or this isn't + * the "main" request for a device (pdev == NULL), or for no-op quarantining + * assignments, + * - positive (one) upon success when previously the entry was present and this + * is the "main" request for a device (pdev != NULL). + */ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *pdev) + uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, + unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); - struct context_entry *context, *context_entries; + struct context_entry *context, *context_entries, lctxt; + __uint128_t old; u64 maddr, pgd_maddr; - u16 seg = iommu->drhd->segment; + uint16_t seg = iommu->drhd->segment, prev_did = 0; + struct domain *prev_dom = NULL; int rc, ret; bool_t flush_dev_iotlb; @@ -1391,17 +1404,32 @@ int domain_context_mapping_one( maddr = bus_to_context_maddr(iommu, bus); context_entries = (struct context_entry *)map_vtd_domain_page(maddr); context = &context_entries[devfn]; + old = (lctxt = *context).full; - if ( context_present(*context) ) + if ( context_present(lctxt) ) { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return 0; + domid_t domid; + + prev_did = context_domain_id(lctxt); + domid = iommu->domid_map[prev_did]; + if ( domid < DOMID_FIRST_RESERVED ) + prev_dom = rcu_lock_domain_by_id(domid); + else if ( domid == DOMID_IO ) + prev_dom = rcu_lock_domain(dom_io); + if ( !prev_dom ) + { + spin_unlock(&iommu->lock); + unmap_vtd_domain_page(context_entries); + dprintk(XENLOG_DEBUG VTDPREFIX, + "no domain for did %u (nr_dom %u)\n", + prev_did, cap_ndoms(iommu->cap)); + return -ESRCH; + } } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) { - context_set_translation_type(*context, CONTEXT_TT_PASS_THRU); + context_set_translation_type(lctxt, CONTEXT_TT_PASS_THRU); } else { @@ -1413,36 +1441,107 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -ENOMEM; } - context_set_address_root(*context, pgd_maddr); + context_set_address_root(lctxt, pgd_maddr); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) - context_set_translation_type(*context, CONTEXT_TT_DEV_IOTLB); + context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else - context_set_translation_type(*context, CONTEXT_TT_MULTI_LEVEL); + context_set_translation_type(lctxt, CONTEXT_TT_MULTI_LEVEL); spin_unlock(&hd->arch.mapping_lock); } - if ( context_set_domain_id(context, domain, iommu) ) + if ( context_set_domain_id(&lctxt, domain, iommu) ) { + unlock: spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -EFAULT; } - context_set_address_width(*context, level_to_agaw(iommu->nr_pt_levels)); - context_set_fault_enable(*context); - context_set_present(*context); + if ( !prev_dom ) + { + context_set_address_width(lctxt, level_to_agaw(iommu->nr_pt_levels)); + context_set_fault_enable(lctxt); + context_set_present(lctxt); + } + else if ( prev_dom == domain ) + { + ASSERT(lctxt.full == context->full); + rc = !!pdev; + goto unlock; + } + else + { + ASSERT(context_address_width(lctxt) == + level_to_agaw(iommu->nr_pt_levels)); + ASSERT(!context_fault_disable(lctxt)); + } + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(context, &old, &lctxt.full); + + /* + * Hardware does not update the context entry behind our backs, + * so the return value should match "old". + */ + if ( res != old ) + { + if ( pdev ) + check_cleanup_domid_map(domain, pdev, iommu); + printk(XENLOG_ERR + "%pp: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + rc = -EILSEQ; + goto unlock; + } + } + else if ( !prev_dom || !(mode & MAP_WITH_RMRR) ) + { + context_clear_present(*context); + iommu_sync_cache(context, sizeof(*context)); + + write_atomic(&context->hi, lctxt.hi); + /* No barrier should be needed between these two. */ + write_atomic(&context->lo, lctxt.lo); + } + else /* Best effort, updating DID last. */ + { + /* + * By non-atomically updating the context entry's DID field last, + * during a short window in time TLB entries with the old domain ID + * but the new page tables may be inserted. This could affect I/O + * of other devices using this same (old) domain ID. Such updating + * therefore is not a problem if this was the only device associated + * with the old domain ID. Diverting I/O of any of a dying domain's + * devices to the quarantine page tables is intended anyway. + */ + if ( !(mode & (MAP_OWNER_DYING | MAP_SINGLE_DEVICE)) ) + printk(XENLOG_WARNING VTDPREFIX + " %pp: reassignment may cause %pd data corruption\n", + &PCI_SBDF3(seg, bus, devfn), prev_dom); + + write_atomic(&context->lo, lctxt.lo); + /* No barrier should be needed between these two. */ + write_atomic(&context->hi, lctxt.hi); + } + iommu_sync_cache(context, sizeof(struct context_entry)); spin_unlock(&iommu->lock); - /* Context entry was previously non-present (with domid 0). */ - rc = iommu_flush_context_device(iommu, 0, PCI_BDF2(bus, devfn), - DMA_CCMD_MASK_NOBIT, 1); + rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF2(bus, devfn), + DMA_CCMD_MASK_NOBIT, !prev_dom); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - ret = iommu_flush_iotlb_dsi(iommu, 0, 1, flush_dev_iotlb); + ret = iommu_flush_iotlb_dsi(iommu, prev_did, !prev_dom, flush_dev_iotlb); /* * The current logic for returns: @@ -1463,17 +1562,26 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, MAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, mode); if ( rc ) { - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + if ( !prev_dom ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); + else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + mode & MAP_WITH_RMRR) < 0; + else + ret = 1; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); } - return rc; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + + return rc ?: pdev && prev_dom; } static int domain_context_unmap(struct domain *d, uint8_t devfn, @@ -1483,8 +1591,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + const struct acpi_rmrr_unit *rmrr; int ret = 0; - uint16_t seg = pdev->seg; + unsigned int i, mode = 0; + uint16_t seg = pdev->seg, bdf; uint8_t bus = pdev->bus, secbus; /* @@ -1500,8 +1610,29 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, ASSERT(pcidevs_locked()); + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment != pdev->seg || bdf != pdev->sbdf.bdf ) + continue; + + mode |= MAP_WITH_RMRR; + break; + } + + if ( domain != pdev->domain ) + { + if ( pdev->domain->is_dying ) + mode |= MAP_OWNER_DYING; + else if ( drhd && + !any_pdev_behind_iommu(pdev->domain, pdev, drhd->iommu) && + !pdev->phantom_stride ) + mode |= MAP_SINGLE_DEVICE; + } + switch ( pdev->type ) { + bool prev_present; + case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "%pd:Hostbridge: skip %pp map\n", @@ -1523,7 +1654,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); + pdev, mode); + if ( ret > 0 ) + ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) enable_ats_device(pdev, &drhd->iommu->ats_devices); @@ -1538,9 +1671,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); - if ( ret ) + pdev, mode); + if ( ret < 0 ) break; + prev_present = ret; if ( (ret = find_upstream_bridge(seg, &bus, &devfn, &secbus)) < 1 ) { @@ -1548,6 +1682,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; ret = -ENXIO; } + /* + * Strictly speaking if the device is the only one behind this bridge + * and the only one with this (secbus,0,0) tuple, it could be allowed + * to be re-assigned regardless of RMRR presence. But let's deal with + * that case only if it is actually found in the wild. + */ + else if ( prev_present && (mode & MAP_WITH_RMRR) && + domain != pdev->domain ) + ret = -EOPNOTSUPP; /* * Mapping a bridge should, if anything, pass the struct pci_dev of @@ -1556,7 +1699,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL); + NULL, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1571,10 +1714,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL); + NULL, mode); if ( ret ) - domain_context_unmap(domain, devfn, pdev); + { + if ( !prev_present ) + domain_context_unmap(domain, devfn, pdev); + else if ( pdev->domain != domain ) /* Avoid infinite recursion. */ + domain_context_mapping(pdev->domain, devfn, pdev); + } break; @@ -2363,17 +2511,46 @@ static int reassign_device_ownership( { int ret; - ret = domain_context_unmap(source, devfn, pdev); + if ( !QUARANTINE_SKIP(target) ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_assign(target); + + /* + * Devices assigned to untrusted domains (here assumed to be any domU) + * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected + * by the root complex unless interrupt remapping is enabled. + */ + if ( (target != hardware_domain) && !iommu_intremap ) + untrusted_msi = true; + + ret = domain_context_mapping(target, devfn, pdev); + + if ( !ret && !QUARANTINE_SKIP(source) && pdev->devfn == devfn ) + { + const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + + if ( drhd ) + check_cleanup_domid_map(source, pdev, drhd->iommu); + } + } + else + ret = domain_context_unmap(source, devfn, pdev); if ( ret ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_deassign(target); return ret; + } - /* - * Devices assigned to untrusted domains (here assumed to be any domU) - * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected - * by the root complex unless interrupt remapping is enabled. - */ - if ( (target != hardware_domain) && !iommu_intremap ) - untrusted_msi = true; + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + + if ( !has_arch_pdevs(source) ) + vmx_pi_hooks_deassign(source); /* * If the device belongs to the hardware domain, and it has RMRR, don't @@ -2403,34 +2580,7 @@ static int reassign_device_ownership( } } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - if ( !has_arch_pdevs(source) ) - vmx_pi_hooks_deassign(source); - - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_assign(target); - - ret = domain_context_mapping(target, devfn, pdev); - if ( ret ) - { - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_deassign(target); - - return ret; - } - - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - - return ret; + return 0; } static int intel_iommu_assign_device( diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index ee28ecac6d..2e4d39cc61 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -202,8 +202,12 @@ struct root_entry { do {(root).val |= ((value) & PAGE_MASK_4K);} while(0) struct context_entry { - u64 lo; - u64 hi; + union { + struct { + uint64_t lo, hi; + }; + __uint128_t full; + }; }; #define ROOT_ENTRY_NR (PAGE_SIZE_4K/sizeof(struct root_entry)) #define context_present(c) ((c).lo & 1) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 52b47dd893..90331b7dd4 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -407,7 +407,8 @@ void __init platform_quirks_init(void) */ static int __must_check map_me_phantom_function(struct domain *domain, - u32 dev, int map) + unsigned int dev, + unsigned int mode) { struct acpi_drhd_unit *drhd; struct pci_dev *pdev; @@ -418,9 +419,9 @@ static int __must_check map_me_phantom_function(struct domain *domain, drhd = acpi_find_matched_drhd_unit(pdev); /* map or unmap ME phantom function */ - if ( map ) + if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL); + PCI_DEVFN(dev, 7), NULL, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, PCI_DEVFN(dev, 7)); @@ -428,7 +429,8 @@ static int __must_check map_me_phantom_function(struct domain *domain, return rc; } -int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) +int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, + unsigned int mode) { u32 id; int rc = 0; @@ -452,7 +454,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, map); + rc = map_me_phantom_function(domain, 3, mode); break; default: break; @@ -478,7 +480,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, map); + rc = map_me_phantom_function(domain, 22, mode); break; default: break; diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index bb8889f350..e4ab242fee 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -22,8 +22,14 @@ #include -#define MAP_ME_PHANTOM_FUNC 1 -#define UNMAP_ME_PHANTOM_FUNC 0 +/* + * Values for domain_context_mapping_one()'s and me_wifi_quirk()'s "mode" + * parameters. + */ +#define MAP_WITH_RMRR (1u << 0) +#define MAP_OWNER_DYING (1u << 1) +#define MAP_SINGLE_DEVICE (1u << 2) +#define UNMAP_ME_PHANTOM_FUNC (1u << 3) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:56:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:56:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299022.509322 (Exim 4.92) (envelope-from ) id 1nbijI-0004ZA-94; Tue, 05 Apr 2022 12:56:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299022.509322; Tue, 05 Apr 2022 12:56:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijI-0004Z2-63; Tue, 05 Apr 2022 12:56:16 +0000 Received: by outflank-mailman (input) for mailman id 299022; Tue, 05 Apr 2022 12:56:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijH-0004Yq-Bj for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijH-0000q5-Au for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbijH-0002y7-A7 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OYTNpJvE7YbfwDr+45+0xNkrxGK+tLLnzat/rbUi/Yg=; b=Fv/L7H6W08R2wB1w9erSWUSABC FcCE2yR4/QmDuNWLqxiqJ41sC6uJXj1fsclXTUktsfkJSLqyk0oall+0XuB03qAx6GxfeVh6670uO /FqdamUVDP3yg1QNAKe1CQbj+Tq0WbFmQNgjNxoUnQyZkRtb9PlMIQcYCLX3CcSgbZQE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] AMD/IOMMU: re-assign devices directly Message-Id: Date: Tue, 05 Apr 2022 12:56:15 +0000 commit 81717050857b002ccd30f5476d179e3173707047 Author: Jan Beulich AuthorDate: Tue Apr 5 14:47:05 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:47:05 2022 +0200 AMD/IOMMU: re-assign devices directly Devices with unity map ranges, due to it being unspecified how/when these memory ranges may get accessed, may not be left disconnected from their unity mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than tearing down the old root page table pointer and then establishing the new one, re-assignment needs to be done in a single step. This is CVE-2022-26360 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any unity map ranges. The main difference is when it comes to updating DTEs, which need to be atomic when there are unity mappings. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© master commit: 1fa6e9aa36233fe9c29a204fcb2697e985b8345f master date: 2022-04-05 14:18:04 +0200 --- xen/drivers/passthrough/amd/iommu.h | 10 +- xen/drivers/passthrough/amd/iommu_map.c | 67 ++++++++++++- xen/drivers/passthrough/amd/pci_amd_iommu.c | 142 ++++++++++++++++++++++------ 3 files changed, 184 insertions(+), 35 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 93243424e8..2e1bd85e7c 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -262,9 +262,13 @@ void amd_iommu_set_intremap_table(struct amd_iommu_dte *dte, const void *ptr, const struct amd_iommu *iommu, bool valid); -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid); +#define SET_ROOT_VALID (1u << 0) +#define SET_ROOT_WITH_UNITY_MAP (1u << 1) +int __must_check amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, + uint16_t domain_id, + uint8_t paging_mode, + unsigned int flags); void iommu_dte_add_device_entry(struct amd_iommu_dte *dte, const struct ivrs_mappings *ivrs_dev); diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 8f9be319ad..cfa5371148 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -114,10 +114,69 @@ static unsigned int set_iommu_ptes_present(unsigned long pt_mfn, return flush_flags; } -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid) +/* + * This function returns + * - -errno for errors, + * - 0 for a successful update, atomic when necessary + * - 1 for a successful but non-atomic update, which may need to be warned + * about by the caller. + */ +int amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, uint16_t domain_id, + uint8_t paging_mode, unsigned int flags) { + bool valid = flags & SET_ROOT_VALID; + + if ( dte->v && dte->tv && + (cpu_has_cx16 || (flags & SET_ROOT_WITH_UNITY_MAP)) ) + { + union { + struct amd_iommu_dte dte; + uint64_t raw64[4]; + __uint128_t raw128[2]; + } ldte = { .dte = *dte }; + __uint128_t old = ldte.raw128[0]; + int ret = 0; + + ldte.dte.domain_id = domain_id; + ldte.dte.pt_root = paddr_to_pfn(root_ptr); + ldte.dte.iw = true; + ldte.dte.ir = true; + ldte.dte.paging_mode = paging_mode; + ldte.dte.v = valid; + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(dte, &old, &ldte.raw128[0]); + + /* + * Hardware does not update the DTE behind our backs, so the + * return value should match "old". + */ + if ( res != old ) + { + printk(XENLOG_ERR + "Dom%d: unexpected DTE %016lx_%016lx (expected %016lx_%016lx)\n", + domain_id, + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + ret = -EILSEQ; + } + } + else /* Best effort, updating domain_id last. */ + { + uint64_t *ptr = (void *)dte; + + write_atomic(ptr + 0, ldte.raw64[0]); + /* No barrier should be needed between these two. */ + write_atomic(ptr + 1, ldte.raw64[1]); + + ret = 1; + } + + return ret; + } + if ( valid || dte->v ) { dte->tv = false; @@ -132,6 +191,8 @@ void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, smp_wmb(); dte->tv = true; dte->v = valid; + + return 0; } void amd_iommu_set_intremap_table( diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 31e8c5dd3d..ac6a0ed199 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -96,13 +96,32 @@ static int __must_check allocate_domain_resources(struct domain *d) return rc; } +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct amd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + if ( pdev == exclude ) + continue; + + if ( find_iommu_for_device(pdev->seg, pdev->sbdf.bdf) == iommu ) + return true; + } + + return false; +} + static int __must_check amd_iommu_setup_domain_device( struct domain *domain, struct amd_iommu *iommu, uint8_t devfn, struct pci_dev *pdev) { struct amd_iommu_dte *table, *dte; unsigned long flags; - int req_id, valid = 1, rc; + unsigned int req_id, sr_flags; + int rc; u8 bus = pdev->bus; struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; @@ -116,8 +135,11 @@ static int __must_check amd_iommu_setup_domain_device( if ( rc ) return rc; - if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) - valid = 0; + req_id = get_dma_requestor_id(iommu->seg, pdev->sbdf.bdf); + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + sr_flags = (iommu_hwdom_passthrough && is_hardware_domain(domain) + ? 0 : SET_ROOT_VALID) + | (ivrs_dev->unity_map ? SET_ROOT_WITH_UNITY_MAP : 0); /* get device-table entry */ req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); @@ -130,9 +152,15 @@ static int __must_check amd_iommu_setup_domain_device( if ( !dte->v || !dte->tv ) { /* bind DTE to domain page-tables */ - amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, valid); + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + if ( rc ) + { + ASSERT(rc < 0); + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } /* Undo what amd_iommu_disable_domain_device() may have done. */ if ( dte->it_root ) @@ -152,17 +180,76 @@ static int __must_check amd_iommu_setup_domain_device( spin_unlock_irqrestore(&iommu->lock, flags); amd_iommu_flush_device(iommu, req_id); + } + else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.amd.root_table)) ) + { + /* + * Strictly speaking if the device is the only one with this requestor + * ID, it could be allowed to be re-assigned regardless of unity map + * presence. But let's deal with that case only if it is actually + * found in the wild. + */ + if ( req_id != PCI_BDF2(bus, devfn) && + (sr_flags & SET_ROOT_WITH_UNITY_MAP) ) + rc = -EOPNOTSUPP; + else + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + if ( rc < 0 ) + { + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } + if ( rc && + domain != pdev->domain && + /* + * By non-atomically updating the DTE's domain ID field last, + * during a short window in time TLB entries with the old domain + * ID but the new page tables may have been inserted. This could + * affect I/O of other devices using this same (old) domain ID. + * Such updating therefore is not a problem if this was the only + * device associated with the old domain ID. Diverting I/O of any + * of a dying domain's devices to the quarantine page tables is + * intended anyway. + */ + !pdev->domain->is_dying && + (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || + pdev->phantom_stride) ) + AMD_IOMMU_WARN(" %pp: reassignment may cause %pd data corruption\n", + &PCI_SBDF3(pdev->seg, bus, devfn), pdev->domain); + + /* + * Check remaining settings are still in place from an earlier call + * here. They're all independent of the domain, so should not have + * changed. + */ + if ( dte->it_root ) + ASSERT(dte->int_ctl == IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED); + ASSERT(dte->iv == iommu_intremap); + ASSERT(dte->ex == ivrs_dev->dte_allow_exclusion); + ASSERT(dte->sys_mgt == MASK_EXTR(ivrs_dev->device_flags, + ACPI_IVHD_SYSTEM_MGMT)); - AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " - "root table = %#"PRIx64", " - "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode); + if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && + !ivrs_dev->block_ats && + iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) + ASSERT(dte->i == ats_enabled); + + spin_unlock_irqrestore(&iommu->lock, flags); + + amd_iommu_flush_device(iommu, req_id); } else spin_unlock_irqrestore(&iommu->lock, flags); + AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " + "root table = %#"PRIx64", " + "domain = %d, paging mode = %d\n", + req_id, pdev->type, + page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode); + ASSERT(pcidevs_locked()); if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && @@ -366,7 +453,20 @@ static int reassign_device(struct domain *source, struct domain *target, return -ENODEV; } - amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + if ( !QUARANTINE_SKIP(target) ) + { + rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); + if ( rc ) + return rc; + } + else + amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } /* * If the device belongs to the hardware domain, and it has a unity mapping, @@ -382,25 +482,9 @@ static int reassign_device(struct domain *source, struct domain *target, return rc; } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); - if ( rc ) - return rc; - AMD_IOMMU_DEBUG("Re-assign %pp from dom%d to dom%d\n", &pdev->sbdf, source->domain_id, target->domain_id); - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:56:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:56:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299023.509326 (Exim 4.92) (envelope-from ) id 1nbijS-0004ct-CS; Tue, 05 Apr 2022 12:56:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299023.509326; Tue, 05 Apr 2022 12:56:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijS-0004cl-9L; Tue, 05 Apr 2022 12:56:26 +0000 Received: by outflank-mailman (input) for mailman id 299023; Tue, 05 Apr 2022 12:56:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijR-0004cZ-FE for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijR-0000qH-EL for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbijR-0002yi-DW for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8fPjV3BhExNXvSsFMw6PrZEW+SdvJcl+sFhPPQwvCfs=; b=zbBmDFxBx46zQ6be++t6xqRDo1 x3tPkmfErw9E9f5snf3hPp0y39PuVzM8pUGS7vhL+y4nyGo9VWc4Y9a2+nVk/O2tHhWf0feI9VgeX eiU1htYw8jlHLHWItTa4LrSdbHfsOk+6x9fu4k/cMRSQg3/Jc6IRBxGsk9oU/UkoTINM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] VT-d: prepare for per-device quarantine page tables (part I) Message-Id: Date: Tue, 05 Apr 2022 12:56:25 +0000 commit 7e21a1b806494d6486bfe85b471d7bee7bcadc53 Author: Jan Beulich AuthorDate: Tue Apr 5 14:47:32 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:47:32 2022 +0200 VT-d: prepare for per-device quarantine page tables (part I) Arrange for domain ID and page table root to be passed around, the latter in particular to domain_pgd_maddr() such that taking it from the per-domain fields can be overridden. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: eb19326a328d49a6a4dc3930391b340f3bcd8948 master date: 2022-04-05 14:18:26 +0200 --- xen/drivers/passthrough/vtd/extern.h | 8 ++-- xen/drivers/passthrough/vtd/iommu.c | 76 +++++++++++++++++++++++------------- xen/drivers/passthrough/vtd/quirks.c | 13 +++--- 3 files changed, 62 insertions(+), 35 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index d125bdba0e..2f79b22a74 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -85,9 +85,10 @@ void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(const void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, - const struct pci_dev *pdev, unsigned int mode); + const struct pci_dev *pdev, domid_t domid, + paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn); + uint8_t bus, uint8_t devfn, domid_t domid); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); @@ -106,7 +107,8 @@ void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, - uint8_t devfn, unsigned int mode); + uint8_t devfn, domid_t domid, paddr_t pgd_maddr, + unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index bd9687be1d..5a64f1bd0f 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -43,7 +43,7 @@ #include "../ats.h" /* dom_io is used as a sentinel for quarantined devices */ -#define QUARANTINE_SKIP(d) ((d) == dom_io && !dom_iommu(d)->arch.vtd.pgd_maddr) +#define QUARANTINE_SKIP(d, pgd_maddr) ((d) == dom_io && !(pgd_maddr)) /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -358,15 +358,17 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) return pte_maddr; } -static uint64_t domain_pgd_maddr(struct domain *d, unsigned int nr_pt_levels) +static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, + unsigned int nr_pt_levels) { struct domain_iommu *hd = dom_iommu(d); - uint64_t pgd_maddr; unsigned int agaw; ASSERT(spin_is_locked(&hd->arch.mapping_lock)); - if ( iommu_use_hap_pt(d) ) + if ( pgd_maddr ) + /* nothing */; + else if ( iommu_use_hap_pt(d) ) { pagetable_t pgt = p2m_get_pagetable(p2m_get_hostp2m(d)); @@ -1385,18 +1387,18 @@ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); struct context_entry *context, *context_entries, lctxt; __uint128_t old; - u64 maddr, pgd_maddr; + uint64_t maddr; uint16_t seg = iommu->drhd->segment, prev_did = 0; struct domain *prev_dom = NULL; int rc, ret; bool_t flush_dev_iotlb; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, pgd_maddr) ) return 0; ASSERT(pcidevs_locked()); @@ -1433,10 +1435,12 @@ int domain_context_mapping_one( } else { + paddr_t root; + spin_lock(&hd->arch.mapping_lock); - pgd_maddr = domain_pgd_maddr(domain, iommu->nr_pt_levels); - if ( !pgd_maddr ) + root = domain_pgd_maddr(domain, pgd_maddr, iommu->nr_pt_levels); + if ( !root ) { spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); @@ -1446,7 +1450,7 @@ int domain_context_mapping_one( return -ENOMEM; } - context_set_address_root(lctxt, pgd_maddr); + context_set_address_root(lctxt, root); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else @@ -1562,15 +1566,21 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, mode); + rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); if ( rc ) { if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + { + hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + domain->domain_id, + hd->arch.vtd.pgd_maddr, mode & MAP_WITH_RMRR) < 0; + } else ret = 1; @@ -1592,6 +1602,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); const struct acpi_rmrr_unit *rmrr; + paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1654,7 +1665,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret > 0 ) ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) @@ -1671,7 +1683,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret < 0 ) break; prev_present = ret; @@ -1699,7 +1712,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1714,7 +1728,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); if ( ret ) { @@ -1742,14 +1757,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn) + uint8_t bus, uint8_t devfn, domid_t domid) { struct context_entry *context, *context_entries; u64 maddr; int iommu_domid, rc, ret; bool_t flush_dev_iotlb; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) return 0; ASSERT(pcidevs_locked()); @@ -1803,7 +1818,7 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1850,7 +1865,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1863,7 +1879,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( ret ) break; @@ -1889,12 +1906,15 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, /* PCIe to PCI/PCIx bridge */ if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0); + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + domain->domain_id); } else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); break; @@ -1904,7 +1924,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, return -EINVAL; } - if ( !ret && !QUARANTINE_SKIP(domain) && pdev->devfn == devfn ) + if ( !ret && pdev->devfn == devfn && + !QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) check_cleanup_domid_map(domain, pdev, iommu); return ret; @@ -2511,7 +2532,7 @@ static int reassign_device_ownership( { int ret; - if ( !QUARANTINE_SKIP(target) ) + if ( !QUARANTINE_SKIP(target, dom_iommu(target)->arch.vtd.pgd_maddr) ) { if ( !has_arch_pdevs(target) ) vmx_pi_hooks_assign(target); @@ -2526,7 +2547,8 @@ static int reassign_device_ownership( ret = domain_context_mapping(target, devfn, pdev); - if ( !ret && !QUARANTINE_SKIP(source) && pdev->devfn == devfn ) + if ( !ret && pdev->devfn == devfn && + !QUARANTINE_SKIP(source, dom_iommu(source)->arch.vtd.pgd_maddr) ) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 90331b7dd4..a1a164222c 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -408,6 +408,8 @@ void __init platform_quirks_init(void) static int __must_check map_me_phantom_function(struct domain *domain, unsigned int dev, + domid_t domid, + paddr_t pgd_maddr, unsigned int mode) { struct acpi_drhd_unit *drhd; @@ -421,16 +423,17 @@ static int __must_check map_me_phantom_function(struct domain *domain, /* map or unmap ME phantom function */ if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL, mode); + PCI_DEVFN(dev, 7), NULL, + domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7)); + PCI_DEVFN(dev, 7), domid); return rc; } int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { u32 id; int rc = 0; @@ -454,7 +457,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, mode); + rc = map_me_phantom_function(domain, 3, domid, pgd_maddr, mode); break; default: break; @@ -480,7 +483,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, mode); + rc = map_me_phantom_function(domain, 22, domid, pgd_maddr, mode); break; default: break; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:56:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:56:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299024.509330 (Exim 4.92) (envelope-from ) id 1nbijd-0004ff-Dp; Tue, 05 Apr 2022 12:56:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299024.509330; Tue, 05 Apr 2022 12:56:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijd-0004fY-B5; Tue, 05 Apr 2022 12:56:37 +0000 Received: by outflank-mailman (input) for mailman id 299024; Tue, 05 Apr 2022 12:56:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijb-0004fJ-JZ for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijb-0000qW-Im for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbijb-0002zm-Gg for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MFa5jVGerQGeHEB3nAXVmfxeRbRG1CbOUeaQi4uUKSk=; b=XBH+HkJ2XW9wLXfhNRItqG/26D qnDnyyv6rKaGf0nbedP7Jx0kdfU0N6Fax7YSw/oeHGGBnQDt0CwgEBYzombg0lgKkPPyjJjaeuZX5 uaqG1mTPd6x29toPImYWSj6Rk/Rs4neWcjE0OLOmUWwzFWc6AY3kO7EhXIxgUHQZS6dA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] VT-d: prepare for per-device quarantine page tables (part II) Message-Id: Date: Tue, 05 Apr 2022 12:56:35 +0000 commit 26293b93409bb46bcc8445379ff9f1841f7f98d2 Author: Jan Beulich AuthorDate: Tue Apr 5 14:48:09 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:48:09 2022 +0200 VT-d: prepare for per-device quarantine page tables (part II) Replace the passing of struct domain * by domid_t in preparation of per-device quarantine page tables also requiring per-device pseudo domain IDs, which aren't going to be associated with any struct domain instances. No functional change intended (except for slightly adjusted log message text). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 7131163c4806e3c7de24873164d1a003d2a27dee master date: 2022-04-05 14:18:48 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 5a64f1bd0f..988465523d 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -62,8 +62,8 @@ static struct tasklet vtd_fault_tasklet; static int setup_hwdom_device(u8 devfn, struct pci_dev *); static void setup_hwdom_rmrr(struct domain *d); -static int domain_iommu_domid(struct domain *d, - struct vtd_iommu *iommu) +static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, + bool warn) { unsigned long nr_dom, i; @@ -71,16 +71,16 @@ static int domain_iommu_domid(struct domain *d, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) return i; i = find_next_bit(iommu->domid_bitmap, nr_dom, i+1); } - if ( !d->is_dying ) + if ( warn ) dprintk(XENLOG_ERR VTDPREFIX, - "Cannot get valid iommu %u domid: %pd\n", - iommu->index, d); + "No valid iommu %u domid for Dom%d\n", + iommu->index, domid); return -1; } @@ -88,8 +88,7 @@ static int domain_iommu_domid(struct domain *d, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 static int context_set_domain_id(struct context_entry *context, - struct domain *d, - struct vtd_iommu *iommu) + domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; @@ -100,7 +99,7 @@ static int context_set_domain_id(struct context_entry *context, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) { found = 1; break; @@ -116,7 +115,7 @@ static int context_set_domain_id(struct context_entry *context, dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: no free domain ids\n"); return -EFAULT; } - iommu->domid_map[i] = d->domain_id; + iommu->domid_map[i] = domid; } set_bit(i, iommu->domid_bitmap); @@ -125,9 +124,9 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) +static void cleanup_domid_map(domid_t domid, struct vtd_iommu *iommu) { - int iommu_domid = domain_iommu_domid(domain, iommu); + int iommu_domid = get_iommu_did(domid, iommu, false); if ( iommu_domid >= 0 ) { @@ -167,7 +166,7 @@ static bool any_pdev_behind_iommu(const struct domain *d, * If no other devices under the same iommu owned by this domain, * clear iommu in iommu_bitmap and clear domain_id in domid_bitmap. */ -static void check_cleanup_domid_map(struct domain *d, +static void check_cleanup_domid_map(const struct domain *d, const struct pci_dev *exclude, struct vtd_iommu *iommu) { @@ -183,7 +182,7 @@ static void check_cleanup_domid_map(struct domain *d, if ( !found ) { clear_bit(iommu->index, dom_iommu(d)->arch.vtd.iommu_bitmap); - cleanup_domid_map(d, iommu); + cleanup_domid_map(d->domain_id, iommu); } } @@ -683,7 +682,7 @@ static int __must_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, continue; flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - iommu_domid= domain_iommu_domid(d, iommu); + iommu_domid = get_iommu_did(d->domain_id, iommu, !d->is_dying); if ( iommu_domid == -1 ) continue; @@ -1459,7 +1458,7 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); } - if ( context_set_domain_id(&lctxt, domain, iommu) ) + if ( context_set_domain_id(&lctxt, domid, iommu) ) { unlock: spin_unlock(&iommu->lock); @@ -1785,7 +1784,7 @@ int domain_context_unmap_one( context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid= domain_iommu_domid(domain, iommu); + iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); if ( iommu_domid == -1 ) { spin_unlock(&iommu->lock); @@ -1953,7 +1952,7 @@ static void iommu_domain_teardown(struct domain *d) ASSERT(!hd->arch.vtd.pgd_maddr); for_each_drhd_unit ( drhd ) - cleanup_domid_map(d, drhd->iommu); + cleanup_domid_map(d->domain_id, drhd->iommu); XFREE(hd->arch.vtd.iommu_bitmap); } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:56:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:56:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299025.509335 (Exim 4.92) (envelope-from ) id 1nbijn-0004ik-GH; Tue, 05 Apr 2022 12:56:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299025.509335; Tue, 05 Apr 2022 12:56:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijn-0004ic-Cm; Tue, 05 Apr 2022 12:56:47 +0000 Received: by outflank-mailman (input) for mailman id 299025; Tue, 05 Apr 2022 12:56:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijl-0004iP-Mq for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijl-0000qj-M3 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbijl-00030R-LM for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=e8vxbqaoZONE3CO7e0T34R9N/zvUa2o9yb4TCoYhsJ4=; b=bx5wDuludkbCW3YoVrW5wuf4Fd UoOySbNERgvO0wXCmNv3gA1HPjsrr3I2W5TnKgt9p6oetx5cDwDKNB22Ez/C1+V75G2arTGLs+6RG 2Axnr22ey4VHuGsxh8HZAiPZtJDe93O84+Yto+p2QqNY9j6EbDhd9diZi12eNzPs9wP0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] IOMMU/x86: maintain a per-device pseudo domain ID Message-Id: Date: Tue, 05 Apr 2022 12:56:45 +0000 commit 3e65372436fb6bbfdc59e4175d4a41b398000e0a Author: Jan Beulich AuthorDate: Tue Apr 5 14:48:29 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:48:29 2022 +0200 IOMMU/x86: maintain a per-device pseudo domain ID In order to subsequently enable per-device quarantine page tables, we'll need domain-ID-like identifiers to be inserted in the respective device (AMD) or context (Intel) table entries alongside the per-device page table root addresses. Make use of "real" domain IDs occupying only half of the value range coverable by domid_t. Note that in VT-d's iommu_alloc() I didn't want to introduce new memory leaks in case of error, but existing ones don't get plugged - that'll be the subject of a later change. The VT-d changes are slightly asymmetric, but this way we can avoid assigning pseudo domain IDs to devices which would never be mapped while still avoiding to add a new parameter to domain_context_unmap(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 97af062b89d52c0ecf7af254b53345c97d438e33 master date: 2022-04-05 14:19:10 +0200 --- xen/drivers/passthrough/amd/iommu.h | 1 + xen/drivers/passthrough/amd/iommu_detect.c | 8 +++ xen/drivers/passthrough/amd/pci_amd_iommu.c | 22 +++++++- xen/drivers/passthrough/pci.c | 11 ++-- xen/drivers/passthrough/vtd/iommu.c | 82 +++++++++++++++++++++++------ xen/drivers/passthrough/vtd/iommu.h | 1 + xen/drivers/passthrough/x86/iommu.c | 52 ++++++++++++++++++ xen/include/asm-x86/iommu.h | 4 ++ xen/include/asm-x86/pci.h | 8 ++- 9 files changed, 168 insertions(+), 21 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 2e1bd85e7c..5ae86cdec8 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -96,6 +96,7 @@ struct amd_iommu { struct ring_buffer cmd_buffer; struct ring_buffer event_log; struct ring_buffer ppr_log; + unsigned long *domid_map; int exclusion_enable; int exclusion_allow_all; diff --git a/xen/drivers/passthrough/amd/iommu_detect.c b/xen/drivers/passthrough/amd/iommu_detect.c index f52e7b90e1..58bc6d01b3 100644 --- a/xen/drivers/passthrough/amd/iommu_detect.c +++ b/xen/drivers/passthrough/amd/iommu_detect.c @@ -223,6 +223,11 @@ int __init amd_iommu_detect_one_acpi( if ( rt ) goto out; + iommu->domid_map = iommu_init_domid(); + rt = -ENOMEM; + if ( !iommu->domid_map ) + goto out; + rt = pci_ro_device(iommu->seg, bus, PCI_DEVFN(dev, func)); if ( rt ) printk(XENLOG_ERR "Could not mark config space of %pp read-only (%d)\n", @@ -233,7 +238,10 @@ int __init amd_iommu_detect_one_acpi( out: if ( rt ) + { + xfree(iommu->domid_map); xfree(iommu); + } return rt; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index ac6a0ed199..f170a69a45 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -539,6 +539,8 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) struct amd_iommu *iommu; u16 bdf; struct ivrs_mappings *ivrs_mappings; + bool fresh_domid = false; + int ret; if ( !pdev->domain ) return -EINVAL; @@ -606,7 +608,22 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) AMD_IOMMU_WARN("%pd: unity mapping failed for %pp\n", pdev->domain, &pdev->sbdf); - return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = iommu_alloc_domid(iommu->domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + fresh_domid = true; + } + + ret = amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( ret && fresh_domid ) + { + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + + return ret; } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) @@ -638,6 +655,9 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) AMD_IOMMU_WARN("%pd: unity unmapping failed for %pp\n", pdev->domain, &pdev->sbdf); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + if ( amd_iommu_perdev_intremap && ivrs_mappings[bdf].dte_requestor_id == bdf && ivrs_mappings[bdf].intremap_table ) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 0d8ab2e716..dd1c0ea329 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1271,9 +1271,14 @@ static int _dump_pci_devices(struct pci_seg *pseg, void *arg) list_for_each_entry ( pdev, &pseg->alldevs_list, alldevs_list ) { - printk("%pp - %pd - node %-3d", - &pdev->sbdf, pdev->domain, - (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); + printk("%pp - ", &pdev->sbdf); +#ifdef CONFIG_X86 + if ( pdev->domain == dom_io ) + printk("DomIO:%x", pdev->arch.pseudo_domid); + else +#endif + printk("%pd", pdev->domain); + printk(" - node %-3d", (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); pdev_dump_msi(pdev); printk("\n"); } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 988465523d..a38fc1a64f 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -1215,7 +1216,7 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { struct vtd_iommu *iommu; unsigned long sagaw, nr_dom; - int agaw; + int agaw, rc; iommu = xzalloc(struct vtd_iommu); if ( iommu == NULL ) @@ -1301,7 +1302,16 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) if ( !iommu->domid_map ) return -ENOMEM; + iommu->pseudo_domid_map = iommu_init_domid(); + rc = -ENOMEM; + if ( !iommu->pseudo_domid_map ) + goto free; + return 0; + + free: + iommu_free(drhd); + return rc; } void __init iommu_free(struct acpi_drhd_unit *drhd) @@ -1324,6 +1334,7 @@ void __init iommu_free(struct acpi_drhd_unit *drhd) xfree(iommu->domid_bitmap); xfree(iommu->domid_map); + xfree(iommu->pseudo_domid_map); if ( iommu->msi.irq >= 0 ) destroy_irq(iommu->msi.irq); @@ -1593,8 +1604,8 @@ int domain_context_mapping_one( return rc ?: pdev && prev_dom; } -static int domain_context_unmap(struct domain *d, uint8_t devfn, - struct pci_dev *pdev); +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *d, uint8_t devfn, struct pci_dev *pdev); static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) @@ -1602,6 +1613,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); const struct acpi_rmrr_unit *rmrr; paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; + domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1660,6 +1672,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !drhd ) return -ENODEV; + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1677,6 +1697,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !drhd ) return -ENODEV; + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1750,6 +1778,13 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && devfn == pdev->devfn ) pci_vtd_quirk(pdev); + if ( ret && drhd && orig_domid == DOMID_INVALID ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return ret; } @@ -1835,8 +1870,10 @@ int domain_context_unmap_one( return rc; } -static int domain_context_unmap(struct domain *domain, u8 devfn, - struct pci_dev *pdev) +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *domain, + uint8_t devfn, + struct pci_dev *pdev) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); struct vtd_iommu *iommu = drhd ? drhd->iommu : NULL; @@ -1850,16 +1887,16 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:Hostbridge: skip %pp unmap\n", domain, &PCI_SBDF3(seg, bus, devfn)); - return is_hardware_domain(domain) ? 0 : -EPERM; + return ERR_PTR(is_hardware_domain(domain) ? 0 : -EPERM); case DEV_TYPE_PCIe_BRIDGE: case DEV_TYPE_PCIe2PCI_BRIDGE: case DEV_TYPE_LEGACY_PCI_BRIDGE: - return 0; + return ERR_PTR(0); case DEV_TYPE_PCIe_ENDPOINT: if ( !iommu ) - return -ENODEV; + return ERR_PTR(-ENODEV); if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", @@ -1873,7 +1910,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, case DEV_TYPE_PCI: if ( !iommu ) - return -ENODEV; + return ERR_PTR(-ENODEV); if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", @@ -1920,14 +1957,14 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, default: dprintk(XENLOG_ERR VTDPREFIX, "%pd:unknown(%u): %pp\n", domain, pdev->type, &PCI_SBDF3(seg, bus, devfn)); - return -EINVAL; + return ERR_PTR(-EINVAL); } if ( !ret && pdev->devfn == devfn && !QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) check_cleanup_domid_map(domain, pdev, iommu); - return ret; + return drhd; } static void iommu_clear_root_pgtable(struct domain *d) @@ -2154,16 +2191,17 @@ static int intel_iommu_enable_device(struct pci_dev *pdev) static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { + const struct acpi_drhd_unit *drhd; struct acpi_rmrr_unit *rmrr; u16 bdf; - int ret, i; + unsigned int i; if ( !pdev->domain ) return -EINVAL; - ret = domain_context_unmap(pdev->domain, devfn, pdev); - if ( ret ) - return ret; + drhd = domain_context_unmap(pdev->domain, devfn, pdev); + if ( IS_ERR(drhd) ) + return PTR_ERR(drhd); for_each_rmrr_device ( rmrr, bdf, i ) { @@ -2180,6 +2218,13 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + if ( drhd ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return 0; } @@ -2556,7 +2601,12 @@ static int reassign_device_ownership( } } else - ret = domain_context_unmap(source, devfn, pdev); + { + const struct acpi_drhd_unit *drhd; + + drhd = domain_context_unmap(source, devfn, pdev); + ret = IS_ERR(drhd) ? PTR_ERR(drhd) : 0; + } if ( ret ) { if ( !has_arch_pdevs(target) ) diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 2e4d39cc61..025895c7d0 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -508,6 +508,7 @@ struct vtd_iommu { } flush; struct list_head ats_devices; + unsigned long *pseudo_domid_map; /* "pseudo" domain id bitmap */ unsigned long *domid_bitmap; /* domain id bitmap */ u16 *domid_map; /* domain id mapping array */ uint32_t version; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 295d853003..a36a6bd4b2 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -387,6 +387,58 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) return; } +void arch_pci_init_pdev(struct pci_dev *pdev) +{ + pdev->arch.pseudo_domid = DOMID_INVALID; +} + +unsigned long *__init iommu_init_domid(void) +{ + if ( !iommu_quarantine ) + return ZERO_BLOCK_PTR; + + BUILD_BUG_ON(DOMID_MASK * 2U >= UINT16_MAX); + + return xzalloc_array(unsigned long, + BITS_TO_LONGS(UINT16_MAX - DOMID_MASK)); +} + +domid_t iommu_alloc_domid(unsigned long *map) +{ + /* + * This is used uniformly across all IOMMUs, such that on typical + * systems we wouldn't re-use the same ID very quickly (perhaps never). + */ + static unsigned int start; + unsigned int idx = find_next_zero_bit(map, UINT16_MAX - DOMID_MASK, start); + + ASSERT(pcidevs_locked()); + + if ( idx >= UINT16_MAX - DOMID_MASK ) + idx = find_first_zero_bit(map, UINT16_MAX - DOMID_MASK); + if ( idx >= UINT16_MAX - DOMID_MASK ) + return DOMID_INVALID; + + __set_bit(idx, map); + + start = idx + 1; + + return idx | (DOMID_MASK + 1); +} + +void iommu_free_domid(domid_t domid, unsigned long *map) +{ + ASSERT(pcidevs_locked()); + + if ( domid == DOMID_INVALID ) + return; + + ASSERT(domid > DOMID_MASK); + + if ( !__test_and_clear_bit(domid & DOMID_MASK, map) ) + BUG(); +} + int iommu_free_pgtables(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index cb794fe1ef..7d6dc5186a 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -141,6 +141,10 @@ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, iommu_vcall(ops, sync_cache, addr, size); \ }) +unsigned long *iommu_init_domid(void); +domid_t iommu_alloc_domid(unsigned long *map); +void iommu_free_domid(domid_t domid, unsigned long *map); + int __must_check iommu_free_pgtables(struct domain *d); struct domain_iommu; struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index 443f25347d..f944017128 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -13,6 +13,12 @@ struct arch_pci_dev { vmask_t used_vectors; + /* + * These fields are (de)initialized under pcidevs-lock. Other uses of + * them don't race (de)initialization and hence don't strictly need any + * locking. + */ + domid_t pseudo_domid; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, @@ -36,6 +42,6 @@ static always_inline bool is_pci_passthrough_enabled(void) return true; } -static inline void arch_pci_init_pdev(struct pci_dev *pdev) {} +void arch_pci_init_pdev(struct pci_dev *pdev); #endif /* __X86_PCI_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:56:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:56:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299026.509338 (Exim 4.92) (envelope-from ) id 1nbijx-0004m0-IT; Tue, 05 Apr 2022 12:56:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299026.509338; Tue, 05 Apr 2022 12:56:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijx-0004lt-Fg; Tue, 05 Apr 2022 12:56:57 +0000 Received: by outflank-mailman (input) for mailman id 299026; Tue, 05 Apr 2022 12:56:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijv-0004lc-Pv for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbijv-0000qz-P7 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbijv-00031K-OR for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:56:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nAH86M+4Lw0YRNzgJar2byxL7wJNgnS1iJ/sYQUaRFE=; b=ycO7WDAP+3x7W9Sv5MWtlyeSC8 QODz4qJUYVX8F4KZmE6/2s495CmevBv9lpwOxzWquzNzBFodVFdEeyPBsIR0EZVt8tpSmOnfrTZwH LUkIYhL10nORl1AgdrI/mSTGWGA9stuMvz2/goi1mKy1OSEFrPC3BxAaj1jYNoS33qe0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] IOMMU/x86: drop TLB flushes from quarantine_init() hooks Message-Id: Date: Tue, 05 Apr 2022 12:56:55 +0000 commit c9578db9fa509881ef485aa907e80714745870de Author: Jan Beulich AuthorDate: Tue Apr 5 14:48:58 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:48:58 2022 +0200 IOMMU/x86: drop TLB flushes from quarantine_init() hooks The page tables just created aren't hooked up yet anywhere, so there's nothing that could be present in any TLB, and hence nothing to flush. Dropping this flush is, at least on the VT-d side, a prereq to per- device domain ID use when quarantining devices, as dom_io isn't going to be assigned a DID anymore: The warning in get_iommu_did() would trigger. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 54c5cef49239e2f27ec3b3fc8804bf57aa4bf46d master date: 2022-04-05 14:19:42 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 2 -- xen/drivers/passthrough/vtd/iommu.c | 3 --- 2 files changed, 5 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index cfa5371148..e36595f289 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -654,8 +654,6 @@ int __init amd_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - amd_iommu_flush_all_pages(d); - /* Pages leaked in failure case */ return level ? -ENOMEM : 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index a38fc1a64f..37339aa044 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2975,9 +2975,6 @@ static int __init intel_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - if ( !rc ) - rc = iommu_flush_iotlb_all(d); - /* Pages may be leaked in failure case */ return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:57:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:57:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299027.509341 (Exim 4.92) (envelope-from ) id 1nbik7-0004pN-K2; Tue, 05 Apr 2022 12:57:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299027.509341; Tue, 05 Apr 2022 12:57:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbik7-0004op-HC; Tue, 05 Apr 2022 12:57:07 +0000 Received: by outflank-mailman (input) for mailman id 299027; Tue, 05 Apr 2022 12:57:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbik5-0004oa-T4 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:57:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbik5-0000rc-SE for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:57:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbik5-00032I-RO for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:57:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sYOT+CtusQ2SFshFWkGB02/D2xePNOlg30KahHeNI7M=; b=YbI4yeXNv0f66iodU2J6O0zhi5 uN/oxJn0pMT5MgAwk0hUaiKZpLJ1xS9kAJkpL6vkEsm3SMLuQkyUwH7FVJX7Zuc5YL0Ot3WslIyIN v/tP0OsiFxBtv+4mT7mOvgBhmqg9lv3DIlGXh8UV1Wa/VbOEu2+jQO7pdF3NVY3b4eLE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] AMD/IOMMU: abstract maximum number of page table levels Message-Id: Date: Tue, 05 Apr 2022 12:57:05 +0000 commit a0dac7ab173ddb1dc64fc24cc67d3cbee219eb95 Author: Jan Beulich AuthorDate: Tue Apr 5 14:49:23 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:49:23 2022 +0200 AMD/IOMMU: abstract maximum number of page table levels We will want to use the constant elsewhere. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: a038b514c1e970a8dc32229cbd31f6769ee61ad5 master date: 2022-04-05 14:20:04 +0200 --- xen/drivers/passthrough/amd/iommu-defs.h | 1 + xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/amd/iommu-defs.h b/xen/drivers/passthrough/amd/iommu-defs.h index 774234dfd2..8a17697ea7 100644 --- a/xen/drivers/passthrough/amd/iommu-defs.h +++ b/xen/drivers/passthrough/amd/iommu-defs.h @@ -106,6 +106,7 @@ struct amd_iommu_dte { bool tv:1; unsigned int :5; unsigned int had:2; +#define IOMMU_MAX_PT_LEVELS 6 unsigned int paging_mode:3; uint64_t pt_root:40; bool ppr:1; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index f170a69a45..6092a2932b 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -337,7 +337,7 @@ int amd_iommu_alloc_root(struct domain *d) return 0; } -unsigned int __read_mostly amd_iommu_max_paging_mode = 6; +unsigned int __read_mostly amd_iommu_max_paging_mode = IOMMU_MAX_PT_LEVELS; int __read_mostly amd_iommu_min_paging_mode = 1; static int amd_iommu_domain_init(struct domain *d) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 12:57:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 12:57:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299028.509346 (Exim 4.92) (envelope-from ) id 1nbikH-0004sH-MB; Tue, 05 Apr 2022 12:57:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299028.509346; Tue, 05 Apr 2022 12:57:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbikH-0004s9-Ip; Tue, 05 Apr 2022 12:57:17 +0000 Received: by outflank-mailman (input) for mailman id 299028; Tue, 05 Apr 2022 12:57:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbikG-0004rw-09 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:57:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbikF-0000ru-Vd for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:57:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbikF-00034k-Uv for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 12:57:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=170ieszEYZ1ua8EJ/WHz8773N6+3NHseoTr0HjzxEPw=; b=tyRiDJD5zDpfgMY+o07r2yE4+T DagAZywfSB9/ngQnaJ5l376DNhQ1Pk4Gzs5D6wrmwQXRge/8GszdiD+InsqMUbepnB5Ba8chB0efp B5YtcyhjahJ2qtZeUnkibYfAdWuSLsy5hr4Edk6tVJRX8HVNsX64g2l+EufqcUovb9xQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] IOMMU/x86: use per-device page tables for quarantining Message-Id: Date: Tue, 05 Apr 2022 12:57:15 +0000 commit 54e37f44a219a987189c566e15ccad7af0bcc4ed Author: Jan Beulich AuthorDate: Tue Apr 5 14:49:40 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:49:40 2022 +0200 IOMMU/x86: use per-device page tables for quarantining Devices with RMRRs / unity mapped regions, due to it being unspecified how/when these memory regions may be accessed, may not be left disconnected from the mappings of these regions (as long as it's not certain that the device has been fully quiesced). Hence even the page tables used when quarantining such devices need to have mappings of those regions. This implies installing page tables in the first place even when not in scratch-page quarantining mode. This is CVE-2022-26361 / part of XSA-400. While for the purpose here it would be sufficient to have devices with RMRRs / unity mapped regions use per-device page tables, extend this to all devices (in scratch-page quarantining mode). This allows the leaf pages to be mapped r/w, thus covering also memory writes (rather than just reads) issued by non-quiescent devices. Set up quarantine page tables as late as possible, yet early enough to not encounter failure during de-assign. This means setup generally happens in assign_device(), while (for now) the one in deassign_device() is there mainly to be on the safe side. As to the removal of QUARANTINE_SKIP() from domain_context_unmap_one(): I think this was never really needed there, as the function explicitly deals with finding a non-present context entry. Leaving it there would require propagating pgd_maddr into the function (like was done by "VT-d: prepare for per-device quarantine page tables" for domain_context_mapping_one()). In VT-d's DID allocation function don't require the IOMMU lock to be held anymore: All involved code paths hold pcidevs_lock, so this way we avoid the need to acquire the IOMMU lock around the new call to context_set_domain_id(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 14dd241aad8af447680ac73e8579990e2c09c1e7 master date: 2022-04-05 14:24:18 +0200 --- xen/drivers/passthrough/amd/iommu.h | 3 +- xen/drivers/passthrough/amd/iommu_map.c | 156 ++++++++++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 43 +++-- xen/drivers/passthrough/iommu.c | 19 ++- xen/drivers/passthrough/pci.c | 20 ++- xen/drivers/passthrough/vtd/iommu.c | 253 +++++++++++++++++++--------- xen/drivers/passthrough/vtd/iommu.h | 2 +- xen/include/asm-x86/pci.h | 13 ++ xen/include/xen/iommu.h | 3 +- 9 files changed, 363 insertions(+), 149 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 5ae86cdec8..3c702eb517 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -237,7 +237,8 @@ int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); int iov_adjust_irq_affinities(void); -int amd_iommu_quarantine_init(struct domain *d); +int amd_iommu_quarantine_init(struct pci_dev *pdev, bool scratch_page); +void amd_iommu_quarantine_teardown(struct pci_dev *pdev); /* mapping functions */ int __must_check amd_iommu_map_page(struct domain *d, dfn_t dfn, diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index e36595f289..cf6f01b633 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -598,64 +598,138 @@ int amd_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt) return 0; } -int __init amd_iommu_quarantine_init(struct domain *d) +static int fill_qpt(union amd_iommu_pte *this, unsigned int level, + struct page_info *pgs[IOMMU_MAX_PT_LEVELS]) { - struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_PER_TABLE_SIZE; ++i ) + { + union amd_iommu_pte *pte = &this[i], *next; + + if ( !pte->pr ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = iommu_alloc_pgtable(hd); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + if ( level ) + { + next = __map_domain_page(pgs[level]); + rc = fill_qpt(next, level - 1, pgs); + unmap_domain_page(next); + } + } + + /* + * PDEs are essentially a subset of PTEs, so this function + * is fine to use even at the leaf. + */ + set_iommu_pde_present(pte, mfn_x(page_to_mfn(pgs[level])), level, + true, true); + } + else if ( level && pte->next_level ) + { + next = map_domain_page(_mfn(pte->mfn)); + rc = fill_qpt(next, level - 1, pgs); + unmap_domain_page(next); + } + } + + return rc; +} + +int amd_iommu_quarantine_init(struct pci_dev *pdev, bool scratch_page) +{ + struct domain_iommu *hd = dom_iommu(dom_io); unsigned long end_gfn = 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT); unsigned int level = amd_iommu_get_paging_mode(end_gfn); - union amd_iommu_pte *table; + unsigned int req_id = get_dma_requestor_id(pdev->seg, pdev->sbdf.bdf); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + int rc; + + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.amd.root_table); + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + + if ( !scratch_page && !ivrs_mappings[req_id].unity_map ) + return 0; + + ASSERT(pdev->arch.pseudo_domid != DOMID_INVALID); - if ( hd->arch.amd.root_table ) + if ( pdev->arch.amd.root_table ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + pdev->arch.amd.root_table = iommu_alloc_pgtable(hd); + if ( !pdev->arch.amd.root_table ) + return -ENOMEM; - hd->arch.amd.root_table = iommu_alloc_pgtable(hd); - if ( !hd->arch.amd.root_table ) - goto out; + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.amd.root_table = pdev->arch.amd.root_table; + + rc = amd_iommu_reserve_domain_unity_map(dom_io, + ivrs_mappings[req_id].unity_map, + 0); - table = __map_domain_page(hd->arch.amd.root_table); - while ( level ) + iommu_identity_map_teardown(dom_io); + hd->arch.amd.root_table = NULL; + + if ( rc ) + AMD_IOMMU_WARN("%pp: quarantine unity mapping failed\n", &pdev->sbdf); + else if ( scratch_page ) { - struct page_info *pg; - unsigned int i; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = iommu_alloc_pgtable(hd); - if ( !pg ) - break; - - for ( i = 0; i < PTE_PER_TABLE_SIZE; i++ ) - { - union amd_iommu_pte *pde = &table[i]; + union amd_iommu_pte *root; + struct page_info *pgs[IOMMU_MAX_PT_LEVELS] = {}; - /* - * PDEs are essentially a subset of PTEs, so this function - * is fine to use even at the leaf. - */ - set_iommu_pde_present(pde, mfn_x(page_to_mfn(pg)), level - 1, - false, true); - } + spin_lock(&hd->arch.mapping_lock); - unmap_domain_page(table); - table = __map_domain_page(pg); - level--; + root = __map_domain_page(pdev->arch.amd.root_table); + rc = fill_qpt(root, level - 1, pgs); + unmap_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_domain_page(table); - out: - spin_unlock(&hd->arch.mapping_lock); + page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); + + if ( rc ) + amd_iommu_quarantine_teardown(pdev); + + return rc; +} + +void amd_iommu_quarantine_teardown(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.amd.root_table ) + return; - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + page_list_move(&hd->arch.pgtables.list, &pdev->arch.pgtables_list); + while ( iommu_free_pgtables(dom_io) == -ERESTART ) + /* nothing */; + pdev->arch.amd.root_table = NULL; } /* diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 6092a2932b..4792b34bc2 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -26,7 +26,7 @@ #include "../ats.h" /* dom_io is used as a sentinel for quarantined devices */ -#define QUARANTINE_SKIP(d) ((d) == dom_io && !dom_iommu(d)->arch.amd.root_table) +#define QUARANTINE_SKIP(d, p) ((d) == dom_io && !(p)->arch.amd.root_table) static bool_t __read_mostly init_done; @@ -125,8 +125,10 @@ static int __must_check amd_iommu_setup_domain_device( u8 bus = pdev->bus; struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; + const struct page_info *root_pg; + domid_t domid; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, pdev) ) return 0; BUG_ON(!hd->arch.amd.paging_mode || !iommu->dev_table.buffer); @@ -147,14 +149,25 @@ static int __must_check amd_iommu_setup_domain_device( dte = &table[req_id]; ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + if ( domain != dom_io ) + { + root_pg = hd->arch.amd.root_table; + domid = domain->domain_id; + } + else + { + root_pg = pdev->arch.amd.root_table; + domid = pdev->arch.pseudo_domid; + } + spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { /* bind DTE to domain page-tables */ rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.amd.paging_mode, sr_flags); if ( rc ) { ASSERT(rc < 0); @@ -181,7 +194,7 @@ static int __must_check amd_iommu_setup_domain_device( amd_iommu_flush_device(iommu, req_id); } - else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.amd.root_table)) ) + else if ( dte->pt_root != mfn_x(page_to_mfn(root_pg)) ) { /* * Strictly speaking if the device is the only one with this requestor @@ -194,8 +207,8 @@ static int __must_check amd_iommu_setup_domain_device( rc = -EOPNOTSUPP; else rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.amd.paging_mode, sr_flags); if ( rc < 0 ) { spin_unlock_irqrestore(&iommu->lock, flags); @@ -214,6 +227,7 @@ static int __must_check amd_iommu_setup_domain_device( * intended anyway. */ !pdev->domain->is_dying && + pdev->domain != dom_io && (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || pdev->phantom_stride) ) AMD_IOMMU_WARN(" %pp: reassignment may cause %pd data corruption\n", @@ -246,9 +260,8 @@ static int __must_check amd_iommu_setup_domain_device( AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " "root table = %#"PRIx64", " "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode); + req_id, pdev->type, page_to_maddr(root_pg), + domid, hd->arch.amd.paging_mode); ASSERT(pcidevs_locked()); @@ -327,7 +340,7 @@ int amd_iommu_alloc_root(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - if ( unlikely(!hd->arch.amd.root_table) ) + if ( unlikely(!hd->arch.amd.root_table) && d != dom_io ) { hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) @@ -391,7 +404,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, int req_id; u8 bus = pdev->bus; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, pdev) ) return; ASSERT(pcidevs_locked()); @@ -430,7 +443,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, AMD_IOMMU_DEBUG("Disable: device id = %#x, " "domain = %d, paging mode = %d\n", - req_id, domain->domain_id, + req_id, dte->domain_id, dom_iommu(domain)->arch.amd.paging_mode); } else @@ -453,7 +466,7 @@ static int reassign_device(struct domain *source, struct domain *target, return -ENODEV; } - if ( !QUARANTINE_SKIP(target) ) + if ( !QUARANTINE_SKIP(target, pdev) ) { rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); if ( rc ) @@ -655,6 +668,8 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) AMD_IOMMU_WARN("%pd: unity unmapping failed for %pp\n", pdev->domain, &pdev->sbdf); + amd_iommu_quarantine_teardown(pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); pdev->arch.pseudo_domid = DOMID_INVALID; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 6334370109..caaba62c88 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -443,21 +443,22 @@ int iommu_iotlb_flush_all(struct domain *d, unsigned int flush_flags) return rc; } -static int __init iommu_quarantine_init(void) +int iommu_quarantine_dev_init(device_t *dev) { const struct domain_iommu *hd = dom_iommu(dom_io); - int rc; - dom_io->options |= XEN_DOMCTL_CDF_iommu; + if ( !iommu_quarantine || !hd->platform_ops->quarantine_init ) + return 0; - rc = iommu_domain_init(dom_io, 0); - if ( rc || iommu_quarantine < IOMMU_quarantine_scratch_page ) - return rc; + return iommu_call(hd->platform_ops, quarantine_init, + dev, iommu_quarantine == IOMMU_quarantine_scratch_page); +} - if ( !hd->platform_ops->quarantine_init ) - return 0; +static int __init iommu_quarantine_init(void) +{ + dom_io->options |= XEN_DOMCTL_CDF_iommu; - return hd->platform_ops->quarantine_init(dom_io); + return iommu_domain_init(dom_io, 0); } int __init iommu_setup(void) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index dd1c0ea329..395958698e 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -852,9 +852,16 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus, return -ENODEV; /* De-assignment from dom_io should de-quarantine the device */ - target = ((pdev->quarantine || iommu_quarantine) && - pdev->domain != dom_io) ? - dom_io : hardware_domain; + if ( (pdev->quarantine || iommu_quarantine) && pdev->domain != dom_io ) + { + ret = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( ret ) + return ret; + + target = dom_io; + } + else + target = hardware_domain; while ( pdev->phantom_stride ) { @@ -1424,6 +1431,13 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) if ( rc ) goto done; + if ( pdev->domain != dom_io ) + { + rc = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( rc ) + goto done; + } + pdev->fault.count = 0; if ( (rc = hd->platform_ops->assign_device(d, devfn, pci_to_dev(pdev), flag)) ) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 37339aa044..22242ab208 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -45,6 +45,11 @@ /* dom_io is used as a sentinel for quarantined devices */ #define QUARANTINE_SKIP(d, pgd_maddr) ((d) == dom_io && !(pgd_maddr)) +#define DEVICE_DOMID(d, pdev) ((d) != dom_io ? (d)->domain_id \ + : (pdev)->arch.pseudo_domid) +#define DEVICE_PGTABLE(d, pdev) ((d) != dom_io \ + ? dom_iommu(d)->arch.vtd.pgd_maddr \ + : (pdev)->arch.vtd.pgd_maddr) /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -88,13 +93,18 @@ static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 + +/* + * This function may have "context" passed as NULL, to merely obtain a DID + * for "domid". + */ static int context_set_domain_id(struct context_entry *context, domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; - ASSERT(spin_is_locked(&iommu->lock)); + ASSERT(pcidevs_locked()); nr_dom = cap_ndoms(iommu->cap); i = find_first_bit(iommu->domid_bitmap, nr_dom); @@ -120,8 +130,13 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); - context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); - context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + + if ( context ) + { + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); + context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + } + return 0; } @@ -171,8 +186,12 @@ static void check_cleanup_domid_map(const struct domain *d, const struct pci_dev *exclude, struct vtd_iommu *iommu) { - bool found = any_pdev_behind_iommu(d, exclude, iommu); + bool found; + + if ( d == dom_io ) + return; + found = any_pdev_behind_iommu(d, exclude, iommu); /* * Hidden devices are associated with DomXEN but usable by the hardware * domain. Hence they need considering here as well. @@ -1426,7 +1445,7 @@ int domain_context_mapping_one( domid = iommu->domid_map[prev_did]; if ( domid < DOMID_FIRST_RESERVED ) prev_dom = rcu_lock_domain_by_id(domid); - else if ( domid == DOMID_IO ) + else if ( pdev ? domid == pdev->arch.pseudo_domid : domid > DOMID_MASK ) prev_dom = rcu_lock_domain(dom_io); if ( !prev_dom ) { @@ -1582,15 +1601,12 @@ int domain_context_mapping_one( { if ( !prev_dom ) ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ - { - hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, - domain->domain_id, - hd->arch.vtd.pgd_maddr, + DEVICE_DOMID(prev_dom, pdev), + DEVICE_PGTABLE(prev_dom, pdev), mode & MAP_WITH_RMRR) < 0; - } else ret = 1; @@ -1612,7 +1628,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); const struct acpi_rmrr_unit *rmrr; - paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; + paddr_t pgd_maddr = DEVICE_PGTABLE(domain, pdev); domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; @@ -1641,7 +1657,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; } - if ( domain != pdev->domain ) + if ( domain != pdev->domain && pdev->domain != dom_io ) { if ( pdev->domain->is_dying ) mode |= MAP_OWNER_DYING; @@ -1683,8 +1699,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, + ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, + DEVICE_DOMID(domain, pdev), pgd_maddr, mode); if ( ret > 0 ) ret = 0; @@ -1710,8 +1726,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, - mode); + pdev, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret < 0 ) break; prev_present = ret; @@ -1739,8 +1755,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1755,8 +1771,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret ) { @@ -1798,9 +1814,6 @@ int domain_context_unmap_one( int iommu_domid, rc, ret; bool_t flush_dev_iotlb; - if ( QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) - return 0; - ASSERT(pcidevs_locked()); spin_lock(&iommu->lock); @@ -1902,7 +1915,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1916,7 +1929,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( ret ) break; @@ -1939,18 +1952,12 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + DEVICE_DOMID(domain, pdev)); /* PCIe to PCI/PCIx bridge */ - if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); - if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - domain->domain_id); - } - else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); + if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + DEVICE_DOMID(domain, pdev)); break; @@ -1961,7 +1968,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( } if ( !ret && pdev->devfn == devfn && - !QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) + !QUARANTINE_SKIP(domain, pdev->arch.vtd.pgd_maddr) ) check_cleanup_domid_map(domain, pdev, iommu); return drhd; @@ -1994,6 +2001,26 @@ static void iommu_domain_teardown(struct domain *d) XFREE(hd->arch.vtd.iommu_bitmap); } +static void quarantine_teardown(struct pci_dev *pdev, + const struct acpi_drhd_unit *drhd) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.vtd.pgd_maddr ) + return; + + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + page_list_move(&hd->arch.pgtables.list, &pdev->arch.pgtables_list); + while ( iommu_free_pgtables(dom_io) == -ERESTART ) + /* nothing */; + pdev->arch.vtd.pgd_maddr = 0; + + if ( drhd ) + cleanup_domid_map(pdev->arch.pseudo_domid, drhd->iommu); +} + static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, unsigned int *flush_flags) @@ -2218,6 +2245,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + quarantine_teardown(pdev, drhd); + if ( drhd ) { iommu_free_domid(pdev->arch.pseudo_domid, @@ -2576,7 +2605,7 @@ static int reassign_device_ownership( { int ret; - if ( !QUARANTINE_SKIP(target, dom_iommu(target)->arch.vtd.pgd_maddr) ) + if ( !QUARANTINE_SKIP(target, pdev->arch.vtd.pgd_maddr) ) { if ( !has_arch_pdevs(target) ) vmx_pi_hooks_assign(target); @@ -2592,7 +2621,7 @@ static int reassign_device_ownership( ret = domain_context_mapping(target, devfn, pdev); if ( !ret && pdev->devfn == devfn && - !QUARANTINE_SKIP(source, dom_iommu(source)->arch.vtd.pgd_maddr) ) + !QUARANTINE_SKIP(source, pdev->arch.vtd.pgd_maddr) ) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); @@ -2913,69 +2942,135 @@ static void vtd_dump_page_tables(struct domain *d) agaw_to_level(hd->arch.vtd.agaw), 0, 0); } -static int __init intel_iommu_quarantine_init(struct domain *d) +static int fill_qpt(struct dma_pte *this, unsigned int level, + struct page_info *pgs[6]) { - struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_NUM; ++i ) + { + struct dma_pte *pte = &this[i], *next; + + if ( !dma_pte_present(*pte) ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = iommu_alloc_pgtable(hd); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + if ( level ) + { + next = map_vtd_domain_page(page_to_maddr(pgs[level])); + rc = fill_qpt(next, level - 1, pgs); + unmap_vtd_domain_page(next); + } + } + + dma_set_pte_addr(*pte, page_to_maddr(pgs[level])); + dma_set_pte_readable(*pte); + dma_set_pte_writable(*pte); + } + else if ( level && !dma_pte_superpage(*pte) ) + { + next = map_vtd_domain_page(dma_pte_addr(*pte)); + rc = fill_qpt(next, level - 1, pgs); + unmap_vtd_domain_page(next); + } + } + + return rc; +} + +static int intel_iommu_quarantine_init(struct pci_dev *pdev, bool scratch_page) +{ + struct domain_iommu *hd = dom_iommu(dom_io); struct page_info *pg; - struct dma_pte *parent; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); - int rc = 0; + const struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; + unsigned int i, bdf; + bool rmrr_found = false; + int rc; - spin_lock(&hd->arch.mapping_lock); + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.vtd.pgd_maddr); + ASSERT(page_list_empty(&hd->arch.pgtables.list)); - if ( hd->arch.vtd.pgd_maddr ) + if ( pdev->arch.vtd.pgd_maddr ) { - ASSERT_UNREACHABLE(); - goto out; + clear_domain_page(pdev->arch.leaf_mfn); + return 0; } - pg = iommu_alloc_pgtable(hd); + drhd = acpi_find_matched_drhd_unit(pdev); + if ( !drhd ) + return -ENODEV; - rc = -ENOMEM; + pg = iommu_alloc_pgtable(hd); if ( !pg ) - goto out; + return -ENOMEM; + rc = context_set_domain_id(NULL, pdev->arch.pseudo_domid, drhd->iommu); + + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ hd->arch.vtd.pgd_maddr = page_to_maddr(pg); - parent = map_vtd_domain_page(hd->arch.vtd.pgd_maddr); - while ( level ) + for_each_rmrr_device ( rmrr, bdf, i ) { - uint64_t maddr; - unsigned int offset; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = iommu_alloc_pgtable(hd); - - if ( !pg ) - goto out; + if ( rc ) + break; - maddr = page_to_maddr(pg); - for ( offset = 0; offset < PTE_NUM; offset++ ) + if ( rmrr->segment == pdev->seg && bdf == pdev->sbdf.bdf ) { - struct dma_pte *pte = &parent[offset]; + rmrr_found = true; - dma_set_pte_addr(*pte, maddr); - dma_set_pte_readable(*pte); + rc = iommu_identity_mapping(dom_io, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); + if ( rc ) + printk(XENLOG_ERR VTDPREFIX + "%pp: RMRR quarantine mapping failed\n", + &pdev->sbdf); } - iommu_sync_cache(parent, PAGE_SIZE); + } - unmap_vtd_domain_page(parent); - parent = map_vtd_domain_page(maddr); - level--; + iommu_identity_map_teardown(dom_io); + hd->arch.vtd.pgd_maddr = 0; + pdev->arch.vtd.pgd_maddr = page_to_maddr(pg); + + if ( !rc && scratch_page ) + { + struct dma_pte *root; + struct page_info *pgs[6] = {}; + + spin_lock(&hd->arch.mapping_lock); + + root = map_vtd_domain_page(pdev->arch.vtd.pgd_maddr); + rc = fill_qpt(root, level - 1, pgs); + unmap_vtd_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_vtd_domain_page(parent); - rc = 0; + page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc || (!scratch_page && !rmrr_found) ) + quarantine_teardown(pdev, drhd); - /* Pages may be leaked in failure case */ return rc; } diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 025895c7d0..f2a0f28298 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -482,7 +482,7 @@ struct vtd_iommu { u32 nr_pt_levels; u64 cap; u64 ecap; - spinlock_t lock; /* protect context, domain ids */ + spinlock_t lock; /* protect context */ spinlock_t register_lock; /* protect iommu register handling */ u64 root_maddr; /* root entry machine address */ nodeid_t node; diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index f944017128..c8e1a9ecdb 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -1,6 +1,8 @@ #ifndef __X86_PCI_H__ #define __X86_PCI_H__ +#include + #define CF8_BDF(cf8) ( ((cf8) & 0x00ffff00) >> 8) #define CF8_ADDR_LO(cf8) ( (cf8) & 0x000000fc) #define CF8_ADDR_HI(cf8) ( ((cf8) & 0x0f000000) >> 16) @@ -18,7 +20,18 @@ struct arch_pci_dev { * them don't race (de)initialization and hence don't strictly need any * locking. */ + union { + /* Subset of struct arch_iommu's fields, to be used in dom_io. */ + struct { + uint64_t pgd_maddr; + } vtd; + struct { + struct page_info *root_table; + } amd; + }; domid_t pseudo_domid; + mfn_t leaf_mfn; + struct page_list_head pgtables_list; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 6b2cdffa4a..92b2d23f0b 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -233,7 +233,7 @@ typedef int iommu_grdm_t(xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt); struct iommu_ops { int (*init)(struct domain *d); void (*hwdom_init)(struct domain *d); - int (*quarantine_init)(struct domain *d); + int (*quarantine_init)(device_t *dev, bool scratch_page); int (*add_device)(u8 devfn, device_t *dev); int (*enable_device)(device_t *dev); int (*remove_device)(u8 devfn, device_t *dev); @@ -350,6 +350,7 @@ int __must_check iommu_suspend(void); void iommu_resume(void); void iommu_crash_shutdown(void); int iommu_get_reserved_device_memory(iommu_grdm_t *, void *); +int iommu_quarantine_dev_init(device_t *dev); #ifdef CONFIG_HAS_PCI int iommu_do_pci_domctl(struct xen_domctl *, struct domain *d, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:11:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:11:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299029.509352 (Exim 4.92) (envelope-from ) id 1nbixe-0006jt-RG; Tue, 05 Apr 2022 13:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299029.509352; Tue, 05 Apr 2022 13:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbixe-0006jh-Mh; Tue, 05 Apr 2022 13:11:06 +0000 Received: by outflank-mailman (input) for mailman id 299029; Tue, 05 Apr 2022 13:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbixc-0006jO-KA for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbixc-00018K-Gr for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbixc-0004Ow-Fr for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JdTfQ7JxTZF5/LEHwzq+owhOt5uMH2kLHvfrW3Xs+ww=; b=M1RLKb7bFRCYYw2Zf8Y5LnM+LA bEsYO6q61Yt2AvKG2wSiVacMboIhsfifItehsYvFKGwkYjsgy953dh7NXJfIa0EGsihskJzi55l24 q/XUxbnRB5yMKo+luSmyXjB1oW3NhFWItYul4JcZk7h9u8RyvBqgulDuXAszV8e2N0ag=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/hap: do not switch on log dirty for VRAM tracking Message-Id: Date: Tue, 05 Apr 2022 13:11:04 +0000 commit e717e74fcdd6fedf698e9ce547f752e3be023f57 Author: Roger Pau MonnĂ© AuthorDate: Tue Apr 5 14:56:06 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:56:06 2022 +0200 x86/hap: do not switch on log dirty for VRAM tracking XEN_DMOP_track_dirty_vram possibly calls into paging_log_dirty_enable when using HAP mode, and it can interact badly with other ongoing paging domctls, as XEN_DMOP_track_dirty_vram is not holding the domctl lock. This was detected as a result of the following assert triggering when doing repeated migrations of a HAP HVM domain with a stubdom: Assertion 'd->arch.paging.log_dirty.allocs == 0' failed at paging.c:198 ----[ Xen-4.17-unstable x86_64 debug=y Not tainted ]---- CPU: 34 RIP: e008:[] arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x6 RFLAGS: 0000000000010206 CONTEXT: hypervisor (d0v23) [...] Xen call trace: [] R arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x63a [] S xsm/flask/hooks.c#domain_has_perm+0x5a/0x67 [] F paging_domctl+0x251/0xd41 [] F paging_domctl_continuation+0x19d/0x202 [] F pv_hypercall+0x150/0x2a7 [] F lstar_enter+0x12d/0x140 Such assert triggered because the stubdom used XEN_DMOP_track_dirty_vram while dom0 was in the middle of executing XEN_DOMCTL_SHADOW_OP_OFF, and so log dirty become enabled while retiring the old structures, thus leading to new entries being populated in already clear slots. Fix this by not enabling log dirty for VRAM tracking, similar to what is done when using shadow instead of HAP. Call p2m_enable_hardware_log_dirty when enabling VRAM tracking in order to get some hardware assistance if available. As a side effect the memory pressure on the p2m pool should go down if only VRAM tracking is enabled, as the dirty bitmap is no longer allocated. Note that paging_log_dirty_range (used to get the dirty bitmap for VRAM tracking) doesn't use the log dirty bitmap, and instead relies on checking whether each gfn on the range has been switched from p2m_ram_logdirty to p2m_ram_rw in order to account for dirty pages. This is CVE-2022-26356 / XSA-397. Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich master commit: 4f4db53784d912c4f409a451c36ebfd4754e0a42 master date: 2022-04-05 14:11:30 +0200 --- xen/arch/x86/mm/hap/hap.c | 11 ++++------- xen/arch/x86/mm/paging.c | 2 +- xen/include/asm-x86/paging.h | 3 --- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 73575deb0d..47a7487fa7 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -69,13 +69,6 @@ int hap_track_dirty_vram(struct domain *d, { unsigned int size = DIV_ROUND_UP(nr_frames, BITS_PER_BYTE); - if ( !paging_mode_log_dirty(d) ) - { - rc = paging_log_dirty_enable(d, false); - if ( rc ) - goto out; - } - rc = -ENOMEM; dirty_bitmap = vzalloc(size); if ( !dirty_bitmap ) @@ -107,6 +100,10 @@ int hap_track_dirty_vram(struct domain *d, paging_unlock(d); + domain_pause(d); + p2m_enable_hardware_log_dirty(d); + domain_unpause(d); + if ( oend > ostart ) p2m_change_type_range(d, ostart, oend, p2m_ram_logdirty, p2m_ram_rw); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index 8bc14df943..579d01c161 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -211,7 +211,7 @@ static int paging_free_log_dirty_bitmap(struct domain *d, int rc) return rc; } -int paging_log_dirty_enable(struct domain *d, bool log_global) +static int paging_log_dirty_enable(struct domain *d, bool log_global) { int ret; diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h index 614ac797e5..eb23652978 100644 --- a/xen/include/asm-x86/paging.h +++ b/xen/include/asm-x86/paging.h @@ -160,9 +160,6 @@ void paging_log_dirty_range(struct domain *d, unsigned long nr, uint8_t *dirty_bitmap); -/* enable log dirty */ -int paging_log_dirty_enable(struct domain *d, bool log_global); - /* log dirty initialization */ void paging_log_dirty_init(struct domain *d, const struct log_dirty_ops *ops); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299030.509355 (Exim 4.92) (envelope-from ) id 1nbixn-0006m4-RU; Tue, 05 Apr 2022 13:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299030.509355; Tue, 05 Apr 2022 13:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbixn-0006lw-O4; Tue, 05 Apr 2022 13:11:15 +0000 Received: by outflank-mailman (input) for mailman id 299030; Tue, 05 Apr 2022 13:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbixm-0006lc-LH for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbixm-00018R-KN for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbixm-0004PV-JY for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KNUGTH3D5H6AdYfVgcyJSqWxGk2HTzCS7PhDN/UijpM=; b=p4y8gPDrRqTIk4T886YNT3FVhP 7KzIeD+4fpP0/HtzQv2e+ZuBuYNyE3PLeAwp2ZdtVsamQ4cv+phEUo2NDUIsvQ0+EYKNhbTYZtClR XtOWULF08ZSTp4lDv7Adu09RW/ZwYDwCE+7gc2ykPLBDvZgffs1OecpPit4+E0X0oqm0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] VT-d: correct ordering of operations in cleanup_domid_map() Message-Id: Date: Tue, 05 Apr 2022 13:11:14 +0000 commit aafd4f1df0adfe94d4632a25904e05f0fedba5c5 Author: Jan Beulich AuthorDate: Tue Apr 5 14:56:34 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:56:34 2022 +0200 VT-d: correct ordering of operations in cleanup_domid_map() The function may be called without any locks held (leaving aside the domctl one, which we surely don't want to depend on here), so needs to play safe wrt other accesses to domid_map[] and domid_bitmap[]. This is to avoid context_set_domain_id()'s writing of domid_map[] to be reset to zero right away in the case of it racing the freeing of a DID. For the interaction with context_set_domain_id() and did_to_domain_id() see the code comment. {check_,}cleanup_domid_map() are called with pcidevs_lock held or during domain cleanup only (and pcidevs_lock is also held around context_set_domain_id()), i.e. racing calls with the same (dom, iommu) tuple cannot occur. domain_iommu_domid(), besides its use by cleanup_domid_map(), has its result used only to control flushing, and hence a stale result would only lead to a stray extra flush. This is CVE-2022-26357 / XSA-399. Fixes: b9c20c78789f ("VT-d: per-iommu domain-id") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: d9eca7bb6c6636eb87bb17b08ba7de270f47ecd0 master date: 2022-04-05 14:12:27 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 8e20d032bc..633888436f 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -149,8 +149,14 @@ static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) if ( iommu_domid >= 0 ) { + /* + * Update domid_map[] /before/ domid_bitmap[] to avoid a race with + * context_set_domain_id(), setting the slot to DOMID_INVALID for + * ->domid_map[] reads to produce a suitable value while the bit is + * still set. + */ + iommu->domid_map[iommu_domid] = DOMID_INVALID; clear_bit(iommu_domid, iommu->domid_bitmap); - iommu->domid_map[iommu_domid] = 0; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299031.509357 (Exim 4.92) (envelope-from ) id 1nbixy-0006pn-SW; Tue, 05 Apr 2022 13:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299031.509357; Tue, 05 Apr 2022 13:11:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbixy-0006pd-Pa; Tue, 05 Apr 2022 13:11:26 +0000 Received: by outflank-mailman (input) for mailman id 299031; Tue, 05 Apr 2022 13:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbixw-0006pF-Ob for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbixw-00018j-Np for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbixw-0004Q8-Ms for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2rT0xqHXU7KNN7FwowYEq/i3aQz0dzq3fTylAGS/Ht8=; b=Do774MExLF2CxW5dOsZ54Ej3hg XqcEqfd/Bb005XMLgIBxZ1Jm4zSaNeEVuhA/KUqnk7eZML5yxybNNilU600LvAZaZIK9wyi8GWzHR 4TuWR5zsO5ieWOjiYJEorwT98HgXlrnzzhhEBNoazle5UsAbu/wmXCoyxkIS8ipUOYS4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] VT-d: fix (de)assign ordering when RMRRs are in use Message-Id: Date: Tue, 05 Apr 2022 13:11:24 +0000 commit 1427c846e47b44a3833641639fe5726ae355fbde Author: Jan Beulich AuthorDate: Tue Apr 5 14:56:59 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:56:59 2022 +0200 VT-d: fix (de)assign ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully updated. Also adjust a related log message. This is CVE-2022-26358 / part of XSA-400. Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: 78a40f8b5dfa1a3aec43528663f39473d4429101 master date: 2022-04-05 14:15:33 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 56 ++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 633888436f..8e42c3114e 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2392,6 +2392,10 @@ static int reassign_device_ownership( { int ret; + ret = domain_context_unmap(source, devfn, pdev); + if ( ret ) + return ret; + /* * Devices assigned to untrusted domains (here assumed to be any domU) * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected @@ -2428,10 +2432,6 @@ static int reassign_device_ownership( } } - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; - if ( devfn == pdev->devfn && pdev->domain != dom_io ) { list_move(&pdev->domain_list, &dom_io->pdev_list); @@ -2507,9 +2507,8 @@ static int intel_iommu_assign_device( } } - ret = reassign_device_ownership(s, d, devfn, pdev); - if ( ret || d == dom_io ) - return ret; + if ( d == dom_io ) + return reassign_device_ownership(s, d, devfn, pdev); /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) @@ -2522,20 +2521,37 @@ static int intel_iommu_assign_device( rmrr->end_address, flag); if ( ret ) { - int rc; - - rc = reassign_device_ownership(d, s, devfn, pdev); printk(XENLOG_G_ERR VTDPREFIX - " cannot map reserved region (%"PRIx64",%"PRIx64"] for Dom%d (%d)\n", - rmrr->base_address, rmrr->end_address, - d->domain_id, ret); - if ( rc ) - { - printk(XENLOG_ERR VTDPREFIX - " failed to reclaim %pp from %pd (%d)\n", - &PCI_SBDF3(seg, bus, devfn), d, rc); - domain_crash(d); - } + "%pd: cannot map reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, ret); + break; + } + } + } + + if ( !ret ) + ret = reassign_device_ownership(s, d, devfn, pdev); + + /* See reassign_device_ownership() for the hwdom aspect. */ + if ( !ret || is_hardware_domain(d) ) + return ret; + + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment == seg && + PCI_BUS(bdf) == bus && + PCI_DEVFN2(bdf) == devfn ) + { + int rc = iommu_identity_mapping(d, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); + + if ( rc && rc != -ENOENT ) + { + printk(XENLOG_ERR VTDPREFIX + "%pd: cannot unmap reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, rc); + domain_crash(d); break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:11:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:11:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299032.509362 (Exim 4.92) (envelope-from ) id 1nbiy8-0006tN-US; Tue, 05 Apr 2022 13:11:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299032.509362; Tue, 05 Apr 2022 13:11:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiy8-0006tE-RI; Tue, 05 Apr 2022 13:11:36 +0000 Received: by outflank-mailman (input) for mailman id 299032; Tue, 05 Apr 2022 13:11:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiy6-0006sv-Rm for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiy6-00018y-Qw for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiy6-0004Qp-Q9 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yx6uT4I4GMvhozkQATWBLRc5R0EYLp2wDLS+CUfSOCg=; b=WhdemCZPDsOpl8cXOK5UtfH9RE ofIiBPuo92I/x7cXFn/PEYhfR0fbkdaI/noPFc4PK2YmhDn0C11/sIw3oNTYXYviVI2NVTZ09DL/e Pyb/UdVcuyYcal4CTiNKidFPIzgn77mieDqybIA3nQM4UqNZgD93WL1yDn7ZKc5Y3j+M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] VT-d: fix add/remove ordering when RMRRs are in use Message-Id: Date: Tue, 05 Apr 2022 13:11:34 +0000 commit 3d65d2fa8b496e93bb1bb4594a87d93590c6c6fe Author: Jan Beulich AuthorDate: Tue Apr 5 14:57:20 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:57:20 2022 +0200 VT-d: fix add/remove ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully cleared. Also switch to %pd in related log messages. Fixes: fa88cfadf918 ("vt-d: Map RMRR in intel_iommu_add_device() if the device has RMRR") Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 3221f270cf2eba0a22fd4f92319d664eacb92889 master date: 2022-04-05 14:16:10 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 8e42c3114e..73a356cd80 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1981,14 +1981,6 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - ret = domain_context_mapping(pdev->domain, devfn, pdev); - if ( ret ) - { - dprintk(XENLOG_ERR VTDPREFIX, "d%d: context mapping failed\n", - pdev->domain->domain_id); - return ret; - } - for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment == pdev->seg && @@ -2005,12 +1997,17 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) rmrr->base_address, rmrr->end_address, 0); if ( ret ) - dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", - pdev->domain->domain_id); + dprintk(XENLOG_ERR VTDPREFIX, "%pd: RMRR mapping failed\n", + pdev->domain); } } - return 0; + ret = domain_context_mapping(pdev->domain, devfn, pdev); + if ( ret ) + dprintk(XENLOG_ERR VTDPREFIX, "%pd: context mapping failed\n", + pdev->domain); + + return ret; } static int intel_iommu_enable_device(struct pci_dev *pdev) @@ -2032,11 +2029,15 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; - int i; + int ret, i; if ( !pdev->domain ) return -EINVAL; + ret = domain_context_unmap(pdev->domain, devfn, pdev); + if ( ret ) + return ret; + for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment != pdev->seg || @@ -2052,7 +2053,7 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } - return domain_context_unmap(pdev->domain, devfn, pdev); + return 0; } static int __hwdom_init setup_hwdom_device(u8 devfn, struct pci_dev *pdev) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:11:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:11:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299033.509365 (Exim 4.92) (envelope-from ) id 1nbiyI-0006wT-W7; Tue, 05 Apr 2022 13:11:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299033.509365; Tue, 05 Apr 2022 13:11:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiyI-0006wL-Ss; Tue, 05 Apr 2022 13:11:46 +0000 Received: by outflank-mailman (input) for mailman id 299033; Tue, 05 Apr 2022 13:11:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiyG-0006w6-VA for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiyG-000198-UJ for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiyG-0004RW-Ta for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=V/Gc09fAXK0YSos5ac4UrP7VZVqm1JI5wYitTZbeiNU=; b=Zf4BcfKSJzjcs8N2JO9daLaYqE 7g3crL+XARx+Og0RpnUJPJmpWO985EcTgzYdSPRE75Ubntq5UbV46z3+NmDZh4KJcbDmFRernMLGQ 2zfz4Dvcv6gKT4LBCSGJPnCrm8X56WPMoPnqnl1rn0DqCnr+DTAZcA5vvrzylTDLinBQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter Message-Id: Date: Tue, 05 Apr 2022 13:11:44 +0000 commit 74b8d7c04d00e3fdbd19d691b72f4369c5c362c8 Author: Jan Beulich AuthorDate: Tue Apr 5 14:57:38 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:57:38 2022 +0200 IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter This is to make more obvious that nothing outside of domain_iommu(d) actually changes or is otherwise needed by the function. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: eba09b9dd78f9e8cbaa78ef0edb301b32def2c7a master date: 2022-04-05 14:16:46 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 10 +++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 8 ++++---- xen/drivers/passthrough/x86/iommu.c | 3 +-- xen/include/asm-x86/iommu.h | 3 ++- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index fdfffe8f92..a3c563c0a8 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -184,7 +184,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, unsigned long next_table_mfn; unsigned int level; struct page_info *table; - const struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(d); table = hd->arch.amd.root_table; level = hd->arch.amd.paging_mode; @@ -220,7 +220,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, mfn = next_table_mfn; /* allocate lower level page table */ - table = iommu_alloc_pgtable(d); + table = iommu_alloc_pgtable(hd); if ( table == NULL ) { AMD_IOMMU_DEBUG("Cannot allocate I/O page table\n"); @@ -250,7 +250,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, if ( next_table_mfn == 0 ) { - table = iommu_alloc_pgtable(d); + table = iommu_alloc_pgtable(hd); if ( table == NULL ) { AMD_IOMMU_DEBUG("Cannot allocate I/O page table\n"); @@ -483,7 +483,7 @@ int __init amd_iommu_quarantine_init(struct domain *d) spin_lock(&hd->arch.mapping_lock); - hd->arch.amd.root_table = iommu_alloc_pgtable(d); + hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) goto out; @@ -498,7 +498,7 @@ int __init amd_iommu_quarantine_init(struct domain *d) * page table pages, and the resulting allocations are always * zeroed. */ - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); if ( !pg ) break; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 78dc72f5f7..882cef0957 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -208,7 +208,7 @@ int amd_iommu_alloc_root(struct domain *d) if ( unlikely(!hd->arch.amd.root_table) ) { - hd->arch.amd.root_table = iommu_alloc_pgtable(d); + hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) return -ENOMEM; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 73a356cd80..288715535c 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -327,7 +327,7 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) { struct page_info *pg; - if ( !alloc || !(pg = iommu_alloc_pgtable(domain)) ) + if ( !alloc || !(pg = iommu_alloc_pgtable(hd)) ) goto out; hd->arch.vtd.pgd_maddr = page_to_maddr(pg); @@ -347,7 +347,7 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) if ( !alloc ) break; - pg = iommu_alloc_pgtable(domain); + pg = iommu_alloc_pgtable(hd); if ( !pg ) break; @@ -2761,7 +2761,7 @@ static int __init intel_iommu_quarantine_init(struct domain *d) goto out; } - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); rc = -ENOMEM; if ( !pg ) @@ -2780,7 +2780,7 @@ static int __init intel_iommu_quarantine_init(struct domain *d) * page table pages, and the resulting allocations are always * zeroed. */ - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); if ( !pg ) goto out; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index fbc730a81c..f609dcc373 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -415,9 +415,8 @@ int iommu_free_pgtables(struct domain *d) return 0; } -struct page_info *iommu_alloc_pgtable(struct domain *d) +struct page_info *iommu_alloc_pgtable(struct domain_iommu *hd) { - struct domain_iommu *hd = dom_iommu(d); unsigned int memflags = 0; struct page_info *pg; void *p; diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index 33f11f33de..49fa67298d 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -143,7 +143,8 @@ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, }) int __must_check iommu_free_pgtables(struct domain *d); -struct page_info *__must_check iommu_alloc_pgtable(struct domain *d); +struct domain_iommu; +struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); #endif /* !__ARCH_X86_IOMMU_H__ */ /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:11:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:11:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299034.509370 (Exim 4.92) (envelope-from ) id 1nbiyS-0006zk-3L; Tue, 05 Apr 2022 13:11:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299034.509370; Tue, 05 Apr 2022 13:11:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiyS-0006zc-0K; Tue, 05 Apr 2022 13:11:56 +0000 Received: by outflank-mailman (input) for mailman id 299034; Tue, 05 Apr 2022 13:11:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiyR-0006zU-3Z for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiyR-00019N-2l for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiyR-0004SE-0W for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:11:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xr4QalSCKtFmYjCchrz5X+4xmJ2YdljJCgPpDSShg+s=; b=utIWGAYz7IKHVyDeuOZoUV1jfL r+IHokOuRSgZ4oFIn8Z8hlJksf1Xb1xC9bouKCIVLtWORCWMKknBKzRA7MMubzUiEdmZkj4fJpem2 BbXnXHwwTXcawDuKelzrpT6zUDd7ltNAajn/vabHFKyNp6eWk2Jz4l95BtCUZXbqsecc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] VT-d: drop ownership checking from domain_context_mapping_one() Message-Id: Date: Tue, 05 Apr 2022 13:11:55 +0000 commit 7bbcacec42326f54ff3fb28338b6dac7c709822b Author: Jan Beulich AuthorDate: Tue Apr 5 14:58:19 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:58:19 2022 +0200 VT-d: drop ownership checking from domain_context_mapping_one() Despite putting in quite a bit of effort it was not possible to establish why exactly this code exists (beyond possibly sanity checking). Instead of a subsequent change further complicating this logic, simply get rid of it. Take the opportunity and move the respective unmap_vtd_domain_page() out of the locked region. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: a680b8134b2d1828bbbf443a97feea66e8a85c75 master date: 2022-04-05 14:17:21 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 61 ++----------------------------------- 1 file changed, 2 insertions(+), 59 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 288715535c..2e2bb5dbbd 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -121,28 +121,6 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static int context_get_domain_id(struct context_entry *context, - struct vtd_iommu *iommu) -{ - unsigned long dom_index, nr_dom; - int domid = -1; - - if (iommu && context) - { - nr_dom = cap_ndoms(iommu->cap); - - dom_index = context_domain_id(*context); - - if ( dom_index < nr_dom && iommu->domid_map ) - domid = iommu->domid_map[dom_index]; - else - dprintk(XENLOG_DEBUG VTDPREFIX, - "dom_index %lu exceeds nr_dom %lu or iommu has no domid_map\n", - dom_index, nr_dom); - } - return domid; -} - static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) { int iommu_domid = domain_iommu_domid(domain, iommu); @@ -1404,44 +1382,9 @@ int domain_context_mapping_one( if ( context_present(*context) ) { - int res = 0; - - /* Try to get domain ownership from device structure. If that's - * not available, try to read it from the context itself. */ - if ( pdev ) - { - if ( pdev->domain != domain ) - { - printk(XENLOG_G_INFO VTDPREFIX "%pd: %pp owned by %pd", - domain, &PCI_SBDF3(seg, bus, devfn), - pdev->domain); - res = -EINVAL; - } - } - else - { - int cdomain; - cdomain = context_get_domain_id(context, iommu); - - if ( cdomain < 0 ) - { - printk(XENLOG_G_WARNING VTDPREFIX - "%pd: %pp mapped, but can't find owner\n", - domain, &PCI_SBDF3(seg, bus, devfn)); - res = -EINVAL; - } - else if ( cdomain != domain->domain_id ) - { - printk(XENLOG_G_INFO VTDPREFIX - "%pd: %pp already mapped to d%d", - domain, &PCI_SBDF3(seg, bus, devfn), cdomain); - res = -EINVAL; - } - } - - unmap_vtd_domain_page(context_entries); spin_unlock(&iommu->lock); - return res; + unmap_vtd_domain_page(context_entries); + return 0; } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:12:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:12:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299035.509374 (Exim 4.92) (envelope-from ) id 1nbiyc-00072g-4n; Tue, 05 Apr 2022 13:12:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299035.509374; Tue, 05 Apr 2022 13:12:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiyc-00072Y-1p; Tue, 05 Apr 2022 13:12:06 +0000 Received: by outflank-mailman (input) for mailman id 299035; Tue, 05 Apr 2022 13:12:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiyb-00072R-75 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiyb-0001A4-6F for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiyb-0004T4-5M for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KZPn45gRQlNOkiqElceP5/Iljbyn0TytdkKHnocqwSs=; b=dTGy0ySzLK984ITQQjWQ9lL3IE l8ZMP44aaReFrPaAf59Y3oz9W6Js5ktsvt6Xfp+8fxhzkGE0+rlDOdphkMgIG+ohV7kblQiKQHG2u y9G4vPoIckfMA0Fb0M5wxc8ihIvGnCbF5Rc1MKKEz980s4pjmJRW1vAZoH0H2cGttOho=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] VT-d: re-assign devices directly Message-Id: Date: Tue, 05 Apr 2022 13:12:05 +0000 commit d67a72c655cb884f0090e0fe4f977d0d75c6b94d Author: Jan Beulich AuthorDate: Tue Apr 5 14:58:41 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:58:41 2022 +0200 VT-d: re-assign devices directly Devices with RMRRs, due to it being unspecified how/when the specified memory regions may get accessed, may not be left disconnected from their respective mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than unmapping the old context and then mapping the new one, re-assignment needs to be done in a single step. This is CVE-2022-26359 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any RMRRs. The main difference is when it comes to updating context entries, which need to be atomic when there are RMRRs. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. The seemingly complicated choice of non-negative return values for domain_context_mapping_one() is to limit code churn: This way callers passing NULL for pdev don't need fiddling with. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 8f41e481b4852173909363b88c1ab3da747d3a05 master date: 2022-04-05 14:17:42 +0200 --- xen/drivers/passthrough/vtd/extern.h | 7 +- xen/drivers/passthrough/vtd/iommu.c | 265 +++++++++++++++++++++++++++-------- xen/drivers/passthrough/vtd/iommu.h | 8 +- xen/drivers/passthrough/vtd/quirks.c | 14 +- xen/drivers/passthrough/vtd/vtd.h | 10 +- 5 files changed, 231 insertions(+), 73 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 156177bb3f..650ae39b01 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -84,7 +84,8 @@ void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(const void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *); + uint8_t bus, uint8_t devfn, + const struct pci_dev *pdev, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, u8 bus, u8 devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); @@ -103,8 +104,8 @@ int is_igd_vt_enabled_quirk(void); void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); -int __must_check me_wifi_quirk(struct domain *domain, - u8 bus, u8 devfn, int map); +int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, + uint8_t devfn, unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 2e2bb5dbbd..72c6883cc4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -117,6 +117,7 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; return 0; } @@ -1362,15 +1363,27 @@ static void __hwdom_init intel_iommu_hwdom_init(struct domain *d) } } +/* + * This function returns + * - a negative errno value upon error, + * - zero upon success when previously the entry was non-present, or this isn't + * the "main" request for a device (pdev == NULL), or for no-op quarantining + * assignments, + * - positive (one) upon success when previously the entry was present and this + * is the "main" request for a device (pdev != NULL). + */ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *pdev) + uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, + unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); - struct context_entry *context, *context_entries; + struct context_entry *context, *context_entries, lctxt; + __uint128_t old; u64 maddr, pgd_maddr; - u16 seg = iommu->drhd->segment; + uint16_t seg = iommu->drhd->segment, prev_did = 0; + struct domain *prev_dom = NULL; int rc, ret; bool_t flush_dev_iotlb; @@ -1379,17 +1392,32 @@ int domain_context_mapping_one( maddr = bus_to_context_maddr(iommu, bus); context_entries = (struct context_entry *)map_vtd_domain_page(maddr); context = &context_entries[devfn]; + old = (lctxt = *context).full; - if ( context_present(*context) ) + if ( context_present(lctxt) ) { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return 0; + domid_t domid; + + prev_did = context_domain_id(lctxt); + domid = iommu->domid_map[prev_did]; + if ( domid < DOMID_FIRST_RESERVED ) + prev_dom = rcu_lock_domain_by_id(domid); + else if ( domid == DOMID_IO ) + prev_dom = rcu_lock_domain(dom_io); + if ( !prev_dom ) + { + spin_unlock(&iommu->lock); + unmap_vtd_domain_page(context_entries); + dprintk(XENLOG_DEBUG VTDPREFIX, + "no domain for did %u (nr_dom %u)\n", + prev_did, cap_ndoms(iommu->cap)); + return -ESRCH; + } } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) { - context_set_translation_type(*context, CONTEXT_TT_PASS_THRU); + context_set_translation_type(lctxt, CONTEXT_TT_PASS_THRU); } else { @@ -1401,36 +1429,107 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -ENOMEM; } - context_set_address_root(*context, pgd_maddr); + context_set_address_root(lctxt, pgd_maddr); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) - context_set_translation_type(*context, CONTEXT_TT_DEV_IOTLB); + context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else - context_set_translation_type(*context, CONTEXT_TT_MULTI_LEVEL); + context_set_translation_type(lctxt, CONTEXT_TT_MULTI_LEVEL); spin_unlock(&hd->arch.mapping_lock); } - if ( context_set_domain_id(context, domain, iommu) ) + if ( context_set_domain_id(&lctxt, domain, iommu) ) { + unlock: spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -EFAULT; } - context_set_address_width(*context, level_to_agaw(iommu->nr_pt_levels)); - context_set_fault_enable(*context); - context_set_present(*context); + if ( !prev_dom ) + { + context_set_address_width(lctxt, level_to_agaw(iommu->nr_pt_levels)); + context_set_fault_enable(lctxt); + context_set_present(lctxt); + } + else if ( prev_dom == domain ) + { + ASSERT(lctxt.full == context->full); + rc = !!pdev; + goto unlock; + } + else + { + ASSERT(context_address_width(lctxt) == + level_to_agaw(iommu->nr_pt_levels)); + ASSERT(!context_fault_disable(lctxt)); + } + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(context, &old, &lctxt.full); + + /* + * Hardware does not update the context entry behind our backs, + * so the return value should match "old". + */ + if ( res != old ) + { + if ( pdev ) + check_cleanup_domid_map(domain, pdev, iommu); + printk(XENLOG_ERR + "%pp: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + rc = -EILSEQ; + goto unlock; + } + } + else if ( !prev_dom || !(mode & MAP_WITH_RMRR) ) + { + context_clear_present(*context); + iommu_sync_cache(context, sizeof(*context)); + + write_atomic(&context->hi, lctxt.hi); + /* No barrier should be needed between these two. */ + write_atomic(&context->lo, lctxt.lo); + } + else /* Best effort, updating DID last. */ + { + /* + * By non-atomically updating the context entry's DID field last, + * during a short window in time TLB entries with the old domain ID + * but the new page tables may be inserted. This could affect I/O + * of other devices using this same (old) domain ID. Such updating + * therefore is not a problem if this was the only device associated + * with the old domain ID. Diverting I/O of any of a dying domain's + * devices to the quarantine page tables is intended anyway. + */ + if ( !(mode & (MAP_OWNER_DYING | MAP_SINGLE_DEVICE)) ) + printk(XENLOG_WARNING VTDPREFIX + " %pp: reassignment may cause %pd data corruption\n", + &PCI_SBDF3(seg, bus, devfn), prev_dom); + + write_atomic(&context->lo, lctxt.lo); + /* No barrier should be needed between these two. */ + write_atomic(&context->hi, lctxt.hi); + } + iommu_sync_cache(context, sizeof(struct context_entry)); spin_unlock(&iommu->lock); - /* Context entry was previously non-present (with domid 0). */ - rc = iommu_flush_context_device(iommu, 0, PCI_BDF2(bus, devfn), - DMA_CCMD_MASK_NOBIT, 1); + rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF2(bus, devfn), + DMA_CCMD_MASK_NOBIT, !prev_dom); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - ret = iommu_flush_iotlb_dsi(iommu, 0, 1, flush_dev_iotlb); + ret = iommu_flush_iotlb_dsi(iommu, prev_did, !prev_dom, flush_dev_iotlb); /* * The current logic for returns: @@ -1451,17 +1550,26 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, MAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, mode); if ( rc ) { - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + if ( !prev_dom ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); + else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + mode & MAP_WITH_RMRR) < 0; + else + ret = 1; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); } - return rc; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + + return rc ?: pdev && prev_dom; } static int domain_context_unmap(struct domain *d, uint8_t devfn, @@ -1471,8 +1579,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; int ret = 0; - uint16_t seg = pdev->seg; + unsigned int i, mode = 0; + uint16_t seg = pdev->seg, bdf; uint8_t bus = pdev->bus, secbus; drhd = acpi_find_matched_drhd_unit(pdev); @@ -1492,8 +1602,29 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, ASSERT(pcidevs_locked()); + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment != pdev->seg || bdf != pdev->sbdf.bdf ) + continue; + + mode |= MAP_WITH_RMRR; + break; + } + + if ( domain != pdev->domain ) + { + if ( pdev->domain->is_dying ) + mode |= MAP_OWNER_DYING; + else if ( drhd && + !any_pdev_behind_iommu(pdev->domain, pdev, drhd->iommu) && + !pdev->phantom_stride ) + mode |= MAP_SINGLE_DEVICE; + } + switch ( pdev->type ) { + bool prev_present; + case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "%pd:Hostbridge: skip %pp map\n", @@ -1512,7 +1643,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); + pdev, mode); + if ( ret > 0 ) + ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) enable_ats_device(pdev, &drhd->iommu->ats_devices); @@ -1524,9 +1657,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); - if ( ret ) + pdev, mode); + if ( ret < 0 ) break; + prev_present = ret; if ( (ret = find_upstream_bridge(seg, &bus, &devfn, &secbus)) < 1 ) { @@ -1534,6 +1668,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; ret = -ENXIO; } + /* + * Strictly speaking if the device is the only one behind this bridge + * and the only one with this (secbus,0,0) tuple, it could be allowed + * to be re-assigned regardless of RMRR presence. But let's deal with + * that case only if it is actually found in the wild. + */ + else if ( prev_present && (mode & MAP_WITH_RMRR) && + domain != pdev->domain ) + ret = -EOPNOTSUPP; /* * Mapping a bridge should, if anything, pass the struct pci_dev of @@ -1542,7 +1685,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL); + NULL, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1557,10 +1700,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL); + NULL, mode); if ( ret ) - domain_context_unmap(domain, devfn, pdev); + { + if ( !prev_present ) + domain_context_unmap(domain, devfn, pdev); + else if ( pdev->domain != domain ) /* Avoid infinite recursion. */ + domain_context_mapping(pdev->domain, devfn, pdev); + } break; @@ -2336,9 +2484,8 @@ static int reassign_device_ownership( { int ret; - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_assign(target); /* * Devices assigned to untrusted domains (here assumed to be any domU) @@ -2348,6 +2495,31 @@ static int reassign_device_ownership( if ( (target != hardware_domain) && !iommu_intremap ) untrusted_msi = true; + ret = domain_context_mapping(target, devfn, pdev); + if ( ret ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_deassign(target); + return ret; + } + + if ( pdev->devfn == devfn ) + { + const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + + if ( drhd ) + check_cleanup_domid_map(source, pdev, drhd->iommu); + } + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + + if ( !has_arch_pdevs(source) ) + vmx_pi_hooks_deassign(source); + /* * If the device belongs to the hardware domain, and it has RMRR, don't * remove it from the hardware domain, because BIOS may use RMRR at @@ -2376,34 +2548,7 @@ static int reassign_device_ownership( } } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - if ( !has_arch_pdevs(source) ) - vmx_pi_hooks_deassign(source); - - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_assign(target); - - ret = domain_context_mapping(target, devfn, pdev); - if ( ret ) - { - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_deassign(target); - - return ret; - } - - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - - return ret; + return 0; } static int intel_iommu_assign_device( diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 32b39c606a..503b07ffb7 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -202,8 +202,12 @@ struct root_entry { do {(root).val |= ((value) & PAGE_MASK_4K);} while(0) struct context_entry { - u64 lo; - u64 hi; + union { + struct { + uint64_t lo, hi; + }; + __uint128_t full; + }; }; #define ROOT_ENTRY_NR (PAGE_SIZE_4K/sizeof(struct root_entry)) #define context_present(c) ((c).lo & 1) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 2ad76a0ae7..a99e54b76d 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -344,7 +344,8 @@ void __init platform_quirks_init(void) */ static int __must_check map_me_phantom_function(struct domain *domain, - u32 dev, int map) + unsigned int dev, + unsigned int mode) { struct acpi_drhd_unit *drhd; struct pci_dev *pdev; @@ -355,9 +356,9 @@ static int __must_check map_me_phantom_function(struct domain *domain, drhd = acpi_find_matched_drhd_unit(pdev); /* map or unmap ME phantom function */ - if ( map ) + if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL); + PCI_DEVFN(dev, 7), NULL, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, PCI_DEVFN(dev, 7)); @@ -365,7 +366,8 @@ static int __must_check map_me_phantom_function(struct domain *domain, return rc; } -int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) +int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, + unsigned int mode) { u32 id; int rc = 0; @@ -389,7 +391,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, map); + rc = map_me_phantom_function(domain, 3, mode); break; default: break; @@ -415,7 +417,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, map); + rc = map_me_phantom_function(domain, 22, mode); break; default: break; diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index bb8889f350..e4ab242fee 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -22,8 +22,14 @@ #include -#define MAP_ME_PHANTOM_FUNC 1 -#define UNMAP_ME_PHANTOM_FUNC 0 +/* + * Values for domain_context_mapping_one()'s and me_wifi_quirk()'s "mode" + * parameters. + */ +#define MAP_WITH_RMRR (1u << 0) +#define MAP_OWNER_DYING (1u << 1) +#define MAP_SINGLE_DEVICE (1u << 2) +#define UNMAP_ME_PHANTOM_FUNC (1u << 3) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:12:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:12:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299036.509378 (Exim 4.92) (envelope-from ) id 1nbiym-00075Y-6c; Tue, 05 Apr 2022 13:12:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299036.509378; Tue, 05 Apr 2022 13:12:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiym-00075P-3M; Tue, 05 Apr 2022 13:12:16 +0000 Received: by outflank-mailman (input) for mailman id 299036; Tue, 05 Apr 2022 13:12:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiyl-00075F-AZ for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiyl-0001AR-9f for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiyl-0004V7-8y for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oWj+b9tYhXBmRZEF6klPhQ4CLkdn1uDodk5mCv64vd0=; b=HATfnR5gOx8FTxqOI6e+nlNaMF RKO3ZLNwCvN1a2dI5ERRutD53DRaofCsgDtfPE0IH1kpXyqhgx8oVYrDPRaNiMduxNgZcoK5I+em2 +9j7GJJSjEAa/jmeBqljpSIFEZd6P7643KBhzuWyMymExUIa1Nm4CwkkKUpYL42c53Eo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] AMD/IOMMU: re-assign devices directly Message-Id: Date: Tue, 05 Apr 2022 13:12:15 +0000 commit 754cabadc9eba62241d2bcde6df9cd65208f51f2 Author: Jan Beulich AuthorDate: Tue Apr 5 14:58:59 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:58:59 2022 +0200 AMD/IOMMU: re-assign devices directly Devices with unity map ranges, due to it being unspecified how/when these memory ranges may get accessed, may not be left disconnected from their unity mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than tearing down the old root page table pointer and then establishing the new one, re-assignment needs to be done in a single step. This is CVE-2022-26360 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any unity map ranges. The main difference is when it comes to updating DTEs, which need to be atomic when there are unity mappings. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© master commit: 1fa6e9aa36233fe9c29a204fcb2697e985b8345f master date: 2022-04-05 14:18:04 +0200 --- xen/drivers/passthrough/amd/iommu.h | 10 +- xen/drivers/passthrough/amd/iommu_map.c | 67 ++++++++++- xen/drivers/passthrough/amd/pci_amd_iommu.c | 179 ++++++++++++++++++++-------- 3 files changed, 199 insertions(+), 57 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 61374b6de4..0723dce196 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -247,9 +247,13 @@ void amd_iommu_set_intremap_table(struct amd_iommu_dte *dte, const void *ptr, const struct amd_iommu *iommu, bool valid); -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid); +#define SET_ROOT_VALID (1u << 0) +#define SET_ROOT_WITH_UNITY_MAP (1u << 1) +int __must_check amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, + uint16_t domain_id, + uint8_t paging_mode, + unsigned int flags); void iommu_dte_add_device_entry(struct amd_iommu_dte *dte, const struct ivrs_mappings *ivrs_dev); diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index a3c563c0a8..d50510bed0 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -114,10 +114,69 @@ static unsigned int set_iommu_ptes_present(unsigned long pt_mfn, return flush_flags; } -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid) +/* + * This function returns + * - -errno for errors, + * - 0 for a successful update, atomic when necessary + * - 1 for a successful but non-atomic update, which may need to be warned + * about by the caller. + */ +int amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, uint16_t domain_id, + uint8_t paging_mode, unsigned int flags) { + bool valid = flags & SET_ROOT_VALID; + + if ( dte->v && dte->tv && + (cpu_has_cx16 || (flags & SET_ROOT_WITH_UNITY_MAP)) ) + { + union { + struct amd_iommu_dte dte; + uint64_t raw64[4]; + __uint128_t raw128[2]; + } ldte = { .dte = *dte }; + __uint128_t old = ldte.raw128[0]; + int ret = 0; + + ldte.dte.domain_id = domain_id; + ldte.dte.pt_root = paddr_to_pfn(root_ptr); + ldte.dte.iw = true; + ldte.dte.ir = true; + ldte.dte.paging_mode = paging_mode; + ldte.dte.v = valid; + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(dte, &old, &ldte.raw128[0]); + + /* + * Hardware does not update the DTE behind our backs, so the + * return value should match "old". + */ + if ( res != old ) + { + printk(XENLOG_ERR + "Dom%d: unexpected DTE %016lx_%016lx (expected %016lx_%016lx)\n", + domain_id, + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + ret = -EILSEQ; + } + } + else /* Best effort, updating domain_id last. */ + { + uint64_t *ptr = (void *)dte; + + write_atomic(ptr + 0, ldte.raw64[0]); + /* No barrier should be needed between these two. */ + write_atomic(ptr + 1, ldte.raw64[1]); + + ret = 1; + } + + return ret; + } + if ( valid || dte->v ) { dte->tv = false; @@ -132,6 +191,8 @@ void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, smp_wmb(); dte->tv = true; dte->v = valid; + + return 0; } void amd_iommu_set_intremap_table( diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 882cef0957..583ae5a810 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -81,41 +81,82 @@ int get_dma_requestor_id(uint16_t seg, uint16_t bdf) return req_id; } -static void amd_iommu_setup_domain_device( +static int __must_check allocate_domain_resources(struct domain *d) +{ + struct domain_iommu *hd = dom_iommu(d); + int rc; + + spin_lock(&hd->arch.mapping_lock); + rc = amd_iommu_alloc_root(d); + spin_unlock(&hd->arch.mapping_lock); + + return rc; +} + +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct amd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + if ( pdev == exclude ) + continue; + + if ( find_iommu_for_device(pdev->seg, pdev->sbdf.bdf) == iommu ) + return true; + } + + return false; +} + +static int __must_check amd_iommu_setup_domain_device( struct domain *domain, struct amd_iommu *iommu, uint8_t devfn, struct pci_dev *pdev) { struct amd_iommu_dte *table, *dte; unsigned long flags; - int req_id, valid = 1; + unsigned int req_id, sr_flags; + int rc; u8 bus = pdev->bus; const struct domain_iommu *hd = dom_iommu(domain); + const struct ivrs_mappings *ivrs_dev; + + BUG_ON(!hd->arch.amd.paging_mode || !iommu->dev_table.buffer); - BUG_ON( !hd->arch.amd.root_table || - !hd->arch.amd.paging_mode || - !iommu->dev_table.buffer ); + rc = allocate_domain_resources(domain); + if ( rc ) + return rc; - if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) - valid = 0; + req_id = get_dma_requestor_id(iommu->seg, pdev->sbdf.bdf); + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + sr_flags = (iommu_hwdom_passthrough && is_hardware_domain(domain) + ? 0 : SET_ROOT_VALID) + | (ivrs_dev->unity_map ? SET_ROOT_WITH_UNITY_MAP : 0); /* get device-table entry */ req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); table = iommu->dev_table.buffer; dte = &table[req_id]; + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { - const struct ivrs_mappings *ivrs_dev; - /* bind DTE to domain page-tables */ - amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, valid); + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + if ( rc ) + { + ASSERT(rc < 0); + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } /* Undo what amd_iommu_disable_domain_device() may have done. */ - ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; if ( dte->it_root ) { dte->int_ctl = IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED; @@ -130,17 +171,73 @@ static void amd_iommu_setup_domain_device( dte->i = ats_enabled; amd_iommu_flush_device(iommu, req_id); + } + else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.amd.root_table)) ) + { + /* + * Strictly speaking if the device is the only one with this requestor + * ID, it could be allowed to be re-assigned regardless of unity map + * presence. But let's deal with that case only if it is actually + * found in the wild. + */ + if ( req_id != PCI_BDF2(bus, devfn) && + (sr_flags & SET_ROOT_WITH_UNITY_MAP) ) + rc = -EOPNOTSUPP; + else + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + if ( rc < 0 ) + { + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } + if ( rc && + domain != pdev->domain && + /* + * By non-atomically updating the DTE's domain ID field last, + * during a short window in time TLB entries with the old domain + * ID but the new page tables may have been inserted. This could + * affect I/O of other devices using this same (old) domain ID. + * Such updating therefore is not a problem if this was the only + * device associated with the old domain ID. Diverting I/O of any + * of a dying domain's devices to the quarantine page tables is + * intended anyway. + */ + !pdev->domain->is_dying && + (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || + pdev->phantom_stride) ) + printk(" %pp: reassignment may cause %pd data corruption\n", + &PCI_SBDF3(pdev->seg, bus, devfn), pdev->domain); + + /* + * Check remaining settings are still in place from an earlier call + * here. They're all independent of the domain, so should not have + * changed. + */ + if ( dte->it_root ) + ASSERT(dte->int_ctl == IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED); + ASSERT(dte->iv == iommu_intremap); + ASSERT(dte->ex == ivrs_dev->dte_allow_exclusion); + ASSERT(dte->sys_mgt == MASK_EXTR(ivrs_dev->device_flags, + ACPI_IVHD_SYSTEM_MGMT)); - AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " - "root table = %#"PRIx64", " - "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode); + if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && + iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) + ASSERT(dte->i == ats_enabled); + + amd_iommu_flush_device(iommu, req_id); } spin_unlock_irqrestore(&iommu->lock, flags); + AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " + "root table = %#"PRIx64", " + "domain = %d, paging mode = %d\n", + req_id, pdev->type, + page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode); + ASSERT(pcidevs_locked()); if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && @@ -151,6 +248,8 @@ static void amd_iommu_setup_domain_device( amd_iommu_flush_iotlb(devfn, pdev, INV_IOMMU_ALL_PAGES_ADDRESS, 0); } + + return 0; } int __init acpi_ivrs_init(void) @@ -216,18 +315,6 @@ int amd_iommu_alloc_root(struct domain *d) return 0; } -static int __must_check allocate_domain_resources(struct domain *d) -{ - struct domain_iommu *hd = dom_iommu(d); - int rc; - - spin_lock(&hd->arch.mapping_lock); - rc = amd_iommu_alloc_root(d); - spin_unlock(&hd->arch.mapping_lock); - - return rc; -} - int __read_mostly amd_iommu_min_paging_mode = 1; static int amd_iommu_domain_init(struct domain *d) @@ -340,7 +427,15 @@ static int reassign_device(struct domain *source, struct domain *target, return -ENODEV; } - amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); + if ( rc ) + return rc; + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } /* * If the device belongs to the hardware domain, and it has a unity mapping, @@ -356,26 +451,9 @@ static int reassign_device(struct domain *source, struct domain *target, return rc; } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - rc = allocate_domain_resources(target); - if ( rc ) - return rc; - - amd_iommu_setup_domain_device(target, iommu, devfn, pdev); AMD_IOMMU_DEBUG("Re-assign %pp from dom%d to dom%d\n", &pdev->sbdf, source->domain_id, target->domain_id); - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - return 0; } @@ -490,8 +568,7 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) spin_unlock_irqrestore(&iommu->lock, flags); } - amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); - return 0; + return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:12:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:12:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299037.509382 (Exim 4.92) (envelope-from ) id 1nbiyw-00079E-9s; Tue, 05 Apr 2022 13:12:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299037.509382; Tue, 05 Apr 2022 13:12:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiyw-000794-6N; Tue, 05 Apr 2022 13:12:26 +0000 Received: by outflank-mailman (input) for mailman id 299037; Tue, 05 Apr 2022 13:12:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiyv-00078s-Dz for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiyv-0001Ab-DB for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiyv-0004WJ-CH for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1jpW2yWSvJ+E5QbGUXaHZmrBOsdMlO/Eihe0EequmSI=; b=nUBxErpT6rZa/UrG7l8tqckdAM wD78AJun05HFMxYWfYih0WjLx2CHQSbK0Zj4TMn0K1at2YKuol3NLH+E41bLIFrKN1BUWGocc7HnY e4UtuVjuJzfjKprZtHD6cJGCYupAA+2cTvHdVEuL12VzDvftA/TtXBuYdCYKEbOb4MiY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] VT-d: prepare for per-device quarantine page tables (part I) Message-Id: Date: Tue, 05 Apr 2022 13:12:25 +0000 commit 067f9ddc179544fb6df048f2411b938a4430b9fb Author: Jan Beulich AuthorDate: Tue Apr 5 14:59:22 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:59:22 2022 +0200 VT-d: prepare for per-device quarantine page tables (part I) Arrange for domain ID and page table root to be passed around, the latter in particular to domain_pgd_maddr() such that taking it from the per-domain fields can be overridden. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: eb19326a328d49a6a4dc3930391b340f3bcd8948 master date: 2022-04-05 14:18:26 +0200 --- xen/drivers/passthrough/vtd/extern.h | 8 +++-- xen/drivers/passthrough/vtd/iommu.c | 62 ++++++++++++++++++++++++------------ xen/drivers/passthrough/vtd/quirks.c | 13 +++++--- 3 files changed, 54 insertions(+), 29 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 650ae39b01..9a11278b98 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -85,9 +85,10 @@ void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(const void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, - const struct pci_dev *pdev, unsigned int mode); + const struct pci_dev *pdev, domid_t domid, + paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn); + uint8_t bus, uint8_t devfn, domid_t domid); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); @@ -105,7 +106,8 @@ void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, - uint8_t devfn, unsigned int mode); + uint8_t devfn, domid_t domid, paddr_t pgd_maddr, + unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 72c6883cc4..4e07f3565f 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -355,15 +355,17 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) return pte_maddr; } -static uint64_t domain_pgd_maddr(struct domain *d, unsigned int nr_pt_levels) +static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, + unsigned int nr_pt_levels) { struct domain_iommu *hd = dom_iommu(d); - uint64_t pgd_maddr; unsigned int agaw; ASSERT(spin_is_locked(&hd->arch.mapping_lock)); - if ( iommu_use_hap_pt(d) ) + if ( pgd_maddr ) + /* nothing */; + else if ( iommu_use_hap_pt(d) ) { pagetable_t pgt = p2m_get_pagetable(p2m_get_hostp2m(d)); @@ -1376,12 +1378,12 @@ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); struct context_entry *context, *context_entries, lctxt; __uint128_t old; - u64 maddr, pgd_maddr; + uint64_t maddr; uint16_t seg = iommu->drhd->segment, prev_did = 0; struct domain *prev_dom = NULL; int rc, ret; @@ -1421,10 +1423,12 @@ int domain_context_mapping_one( } else { + paddr_t root; + spin_lock(&hd->arch.mapping_lock); - pgd_maddr = domain_pgd_maddr(domain, iommu->nr_pt_levels); - if ( !pgd_maddr ) + root = domain_pgd_maddr(domain, pgd_maddr, iommu->nr_pt_levels); + if ( !root ) { spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); @@ -1434,7 +1438,7 @@ int domain_context_mapping_one( return -ENOMEM; } - context_set_address_root(lctxt, pgd_maddr); + context_set_address_root(lctxt, root); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else @@ -1550,15 +1554,21 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, mode); + rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); if ( rc ) { if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + { + hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + domain->domain_id, + hd->arch.vtd.pgd_maddr, mode & MAP_WITH_RMRR) < 0; + } else ret = 1; @@ -1580,6 +1590,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; + paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1643,7 +1654,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret > 0 ) ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) @@ -1657,7 +1669,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret < 0 ) break; prev_present = ret; @@ -1685,7 +1698,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1700,7 +1714,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); if ( ret ) { @@ -1728,7 +1743,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn) + uint8_t bus, uint8_t devfn, domid_t domid) { struct context_entry *context, *context_entries; u64 maddr; @@ -1786,7 +1801,7 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1837,7 +1852,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1847,7 +1863,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( ret ) break; @@ -1873,12 +1890,15 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, /* PCIe to PCI/PCIx bridge */ if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0); + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + domain->domain_id); } else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index a99e54b76d..b51b2bd1c5 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -345,6 +345,8 @@ void __init platform_quirks_init(void) static int __must_check map_me_phantom_function(struct domain *domain, unsigned int dev, + domid_t domid, + paddr_t pgd_maddr, unsigned int mode) { struct acpi_drhd_unit *drhd; @@ -358,16 +360,17 @@ static int __must_check map_me_phantom_function(struct domain *domain, /* map or unmap ME phantom function */ if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL, mode); + PCI_DEVFN(dev, 7), NULL, + domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7)); + PCI_DEVFN(dev, 7), domid); return rc; } int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { u32 id; int rc = 0; @@ -391,7 +394,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, mode); + rc = map_me_phantom_function(domain, 3, domid, pgd_maddr, mode); break; default: break; @@ -417,7 +420,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, mode); + rc = map_me_phantom_function(domain, 22, domid, pgd_maddr, mode); break; default: break; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:12:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:12:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299038.509385 (Exim 4.92) (envelope-from ) id 1nbiz6-0007C6-Ax; Tue, 05 Apr 2022 13:12:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299038.509385; Tue, 05 Apr 2022 13:12:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiz6-0007Bw-7v; Tue, 05 Apr 2022 13:12:36 +0000 Received: by outflank-mailman (input) for mailman id 299038; Tue, 05 Apr 2022 13:12:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiz5-0007Bo-Ih for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiz5-0001Ai-Hn for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbiz5-0004Ww-Fk for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BUz1HqFDkL5qJwirxPU6M8kCbg7gDguOFxzd8+2HHMs=; b=oEgOOC+NoPFLSj0Y4WFIT5icH5 IlPe5jLeUtioY6i8TBHGv/WR55UgpZDv+u31s0kGPekdkribLlUnzxryD1RoRitrsiF78O5JxLHA9 gCr8Gou6bKBhSzAzs14AuKp5JTME0nfbaWUsp7WH+y8QuuAjJLVj82JlXGpc165l+os8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] VT-d: prepare for per-device quarantine page tables (part II) Message-Id: Date: Tue, 05 Apr 2022 13:12:35 +0000 commit ffb18f98e1734c8a7a8250285cf30216928d2a38 Author: Jan Beulich AuthorDate: Tue Apr 5 14:59:43 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:59:43 2022 +0200 VT-d: prepare for per-device quarantine page tables (part II) Replace the passing of struct domain * by domid_t in preparation of per-device quarantine page tables also requiring per-device pseudo domain IDs, which aren't going to be associated with any struct domain instances. No functional change intended (except for slightly adjusted log message text). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 7131163c4806e3c7de24873164d1a003d2a27dee master date: 2022-04-05 14:18:48 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 4e07f3565f..ad81d8ebf7 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -59,8 +59,8 @@ static struct tasklet vtd_fault_tasklet; static int setup_hwdom_device(u8 devfn, struct pci_dev *); static void setup_hwdom_rmrr(struct domain *d); -static int domain_iommu_domid(struct domain *d, - struct vtd_iommu *iommu) +static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, + bool warn) { unsigned long nr_dom, i; @@ -68,16 +68,16 @@ static int domain_iommu_domid(struct domain *d, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) return i; i = find_next_bit(iommu->domid_bitmap, nr_dom, i+1); } - if ( !d->is_dying ) + if ( warn ) dprintk(XENLOG_ERR VTDPREFIX, - "Cannot get valid iommu %u domid: %pd\n", - iommu->index, d); + "No valid iommu %u domid for Dom%d\n", + iommu->index, domid); return -1; } @@ -85,8 +85,7 @@ static int domain_iommu_domid(struct domain *d, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 static int context_set_domain_id(struct context_entry *context, - struct domain *d, - struct vtd_iommu *iommu) + domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; @@ -97,7 +96,7 @@ static int context_set_domain_id(struct context_entry *context, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) { found = 1; break; @@ -113,7 +112,7 @@ static int context_set_domain_id(struct context_entry *context, dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: no free domain ids\n"); return -EFAULT; } - iommu->domid_map[i] = d->domain_id; + iommu->domid_map[i] = domid; } set_bit(i, iommu->domid_bitmap); @@ -122,9 +121,9 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) +static void cleanup_domid_map(domid_t domid, struct vtd_iommu *iommu) { - int iommu_domid = domain_iommu_domid(domain, iommu); + int iommu_domid = get_iommu_did(domid, iommu, false); if ( iommu_domid >= 0 ) { @@ -180,7 +179,7 @@ static void check_cleanup_domid_map(struct domain *d, if ( !found ) { clear_bit(iommu->index, &dom_iommu(d)->arch.vtd.iommu_bitmap); - cleanup_domid_map(d, iommu); + cleanup_domid_map(d->domain_id, iommu); } } @@ -687,7 +686,7 @@ static int __must_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, continue; flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - iommu_domid= domain_iommu_domid(d, iommu); + iommu_domid = get_iommu_did(d->domain_id, iommu, !d->is_dying); if ( iommu_domid == -1 ) continue; @@ -1447,7 +1446,7 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); } - if ( context_set_domain_id(&lctxt, domain, iommu) ) + if ( context_set_domain_id(&lctxt, domid, iommu) ) { unlock: spin_unlock(&iommu->lock); @@ -1768,7 +1767,7 @@ int domain_context_unmap_one( context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid= domain_iommu_domid(domain, iommu); + iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); if ( iommu_domid == -1 ) { spin_unlock(&iommu->lock); @@ -1938,7 +1937,7 @@ static void iommu_domain_teardown(struct domain *d) ASSERT(!hd->arch.vtd.pgd_maddr); for_each_drhd_unit ( drhd ) - cleanup_domid_map(d, drhd->iommu); + cleanup_domid_map(d->domain_id, drhd->iommu); } static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:12:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:12:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299039.509390 (Exim 4.92) (envelope-from ) id 1nbizG-0007F8-CJ; Tue, 05 Apr 2022 13:12:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299039.509390; Tue, 05 Apr 2022 13:12:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbizG-0007F0-9O; Tue, 05 Apr 2022 13:12:46 +0000 Received: by outflank-mailman (input) for mailman id 299039; Tue, 05 Apr 2022 13:12:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbizF-0007Es-MM for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbizF-0001As-LW for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbizF-0004Xy-Km for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZuKWSggD7PhNowP3TayYw8O3jeMP4oaXUrnTEDxcq5Q=; b=fxU14dN1uZEw1K84fZ/fAlFM2z i96IehW1AsgPau1W1R0z7T8kuypn3Q6WKzUeGEaVtvccQfCWgGbfq8p0vvmVDxkmpNhQs+zmk8Y3b Sosp28g8C/QOtWS69JR24qpFw/ZOIY2qAqF2NSvhLQeShh/BK1WRottz3NjtNb6For6U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] IOMMU/x86: maintain a per-device pseudo domain ID Message-Id: Date: Tue, 05 Apr 2022 13:12:45 +0000 commit 46cfaece2fceea9b357607cc45b709fd2b256d95 Author: Jan Beulich AuthorDate: Tue Apr 5 15:00:05 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:00:05 2022 +0200 IOMMU/x86: maintain a per-device pseudo domain ID In order to subsequently enable per-device quarantine page tables, we'll need domain-ID-like identifiers to be inserted in the respective device (AMD) or context (Intel) table entries alongside the per-device page table root addresses. Make use of "real" domain IDs occupying only half of the value range coverable by domid_t. Note that in VT-d's iommu_alloc() I didn't want to introduce new memory leaks in case of error, but existing ones don't get plugged - that'll be the subject of a later change. The VT-d changes are slightly asymmetric, but this way we can avoid assigning pseudo domain IDs to devices which would never be mapped while still avoiding to add a new parameter to domain_context_unmap(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 97af062b89d52c0ecf7af254b53345c97d438e33 master date: 2022-04-05 14:19:10 +0200 --- xen/drivers/passthrough/amd/iommu.h | 1 + xen/drivers/passthrough/amd/iommu_detect.c | 8 ++++ xen/drivers/passthrough/amd/pci_amd_iommu.c | 22 ++++++++- xen/drivers/passthrough/pci.c | 9 +++- xen/drivers/passthrough/vtd/iommu.c | 69 ++++++++++++++++++++++++----- xen/drivers/passthrough/vtd/iommu.h | 1 + xen/drivers/passthrough/x86/iommu.c | 47 ++++++++++++++++++++ xen/include/asm-x86/iommu.h | 4 ++ xen/include/asm-x86/pci.h | 6 +++ 9 files changed, 152 insertions(+), 15 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 0723dce196..e4d13f6ef5 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -96,6 +96,7 @@ struct amd_iommu { struct ring_buffer cmd_buffer; struct ring_buffer event_log; struct ring_buffer ppr_log; + unsigned long *domid_map; int exclusion_enable; int exclusion_allow_all; diff --git a/xen/drivers/passthrough/amd/iommu_detect.c b/xen/drivers/passthrough/amd/iommu_detect.c index d05bc6a5bb..b56127d41c 100644 --- a/xen/drivers/passthrough/amd/iommu_detect.c +++ b/xen/drivers/passthrough/amd/iommu_detect.c @@ -180,6 +180,11 @@ int __init amd_iommu_detect_one_acpi( if ( rt ) goto out; + iommu->domid_map = iommu_init_domid(); + rt = -ENOMEM; + if ( !iommu->domid_map ) + goto out; + rt = pci_ro_device(iommu->seg, bus, PCI_DEVFN(dev, func)); if ( rt ) printk(XENLOG_ERR "Could not mark config space of %pp read-only (%d)\n", @@ -190,7 +195,10 @@ int __init amd_iommu_detect_one_acpi( out: if ( rt ) + { + xfree(iommu->domid_map); xfree(iommu); + } return rt; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 583ae5a810..3f7587b2ce 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -508,6 +508,8 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) struct amd_iommu *iommu; u16 bdf; struct ivrs_mappings *ivrs_mappings; + bool fresh_domid = false; + int ret; if ( !pdev->domain ) return -EINVAL; @@ -568,7 +570,22 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) spin_unlock_irqrestore(&iommu->lock, flags); } - return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = iommu_alloc_domid(iommu->domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + fresh_domid = true; + } + + ret = amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( ret && fresh_domid ) + { + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + + return ret; } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) @@ -591,6 +608,9 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, devfn); if ( amd_iommu_perdev_intremap && diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index e2c022aeea..1353e30747 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -327,6 +327,7 @@ static struct pci_dev *alloc_pdev(struct pci_seg *pseg, u8 bus, u8 devfn) *((u8*) &pdev->bus) = bus; *((u8*) &pdev->devfn) = devfn; pdev->domain = NULL; + pdev->arch.pseudo_domid = DOMID_INVALID; INIT_LIST_HEAD(&pdev->msi_list); pos = pci_find_cap_offset(pseg->nr, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), @@ -1276,8 +1277,12 @@ static int _dump_pci_devices(struct pci_seg *pseg, void *arg) list_for_each_entry ( pdev, &pseg->alldevs_list, alldevs_list ) { - printk("%pp - %pd - node %-3d - MSIs < ", - &pdev->sbdf, pdev->domain, + printk("%pp - ", &pdev->sbdf); + if ( pdev->domain == dom_io ) + printk("DomIO:%x", pdev->arch.pseudo_domid); + else + printk("%pd", pdev->domain); + printk(" - node %-3d - MSIs < ", (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); list_for_each_entry ( msi, &pdev->msi_list, list ) printk("%d ", msi->irq); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index ad81d8ebf7..e362604726 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -1204,7 +1205,7 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { struct vtd_iommu *iommu; unsigned long sagaw, nr_dom; - int agaw; + int agaw, rc; if ( nr_iommus >= MAX_IOMMUS ) { @@ -1297,7 +1298,16 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) if ( !iommu->domid_map ) return -ENOMEM; + iommu->pseudo_domid_map = iommu_init_domid(); + rc = -ENOMEM; + if ( !iommu->pseudo_domid_map ) + goto free; + return 0; + + free: + iommu_free(drhd); + return rc; } void __init iommu_free(struct acpi_drhd_unit *drhd) @@ -1320,6 +1330,7 @@ void __init iommu_free(struct acpi_drhd_unit *drhd) xfree(iommu->domid_bitmap); xfree(iommu->domid_map); + xfree(iommu->pseudo_domid_map); if ( iommu->msi.irq >= 0 ) destroy_irq(iommu->msi.irq); @@ -1581,8 +1592,8 @@ int domain_context_mapping_one( return rc ?: pdev && prev_dom; } -static int domain_context_unmap(struct domain *d, uint8_t devfn, - struct pci_dev *pdev); +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *d, uint8_t devfn, struct pci_dev *pdev); static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) @@ -1590,6 +1601,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; + domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1649,6 +1661,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCIe_ENDPOINT: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1663,6 +1683,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCI: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1736,6 +1764,13 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && devfn == pdev->devfn ) pci_vtd_quirk(pdev); + if ( ret && drhd && orig_domid == DOMID_INVALID ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return ret; } @@ -1818,8 +1853,10 @@ int domain_context_unmap_one( return rc; } -static int domain_context_unmap(struct domain *domain, u8 devfn, - struct pci_dev *pdev) +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *domain, + uint8_t devfn, + struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -1829,7 +1866,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) - return -ENODEV; + return ERR_PTR(-ENODEV); iommu = drhd->iommu; switch ( pdev->type ) @@ -1839,7 +1876,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, printk(VTDPREFIX "%pd:Hostbridge: skip %pp unmap\n", domain, &PCI_SBDF3(seg, bus, devfn)); if ( !is_hardware_domain(domain) ) - return -EPERM; + return ERR_PTR(-EPERM); goto out; case DEV_TYPE_PCIe_BRIDGE: @@ -1912,7 +1949,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, check_cleanup_domid_map(domain, pdev, iommu); out: - return ret; + return ret ? ERR_PTR(ret) : drhd; } static void iommu_clear_root_pgtable(struct domain *d) @@ -2137,16 +2174,17 @@ static int intel_iommu_enable_device(struct pci_dev *pdev) static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { + const struct acpi_drhd_unit *drhd; struct acpi_rmrr_unit *rmrr; u16 bdf; - int ret, i; + unsigned int i; if ( !pdev->domain ) return -EINVAL; - ret = domain_context_unmap(pdev->domain, devfn, pdev); - if ( ret ) - return ret; + drhd = domain_context_unmap(pdev->domain, devfn, pdev); + if ( IS_ERR(drhd) ) + return PTR_ERR(drhd); for_each_rmrr_device ( rmrr, bdf, i ) { @@ -2163,6 +2201,13 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + if ( drhd ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 503b07ffb7..be44fc017f 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -535,6 +535,7 @@ struct vtd_iommu { } flush; struct list_head ats_devices; + unsigned long *pseudo_domid_map; /* "pseudo" domain id bitmap */ unsigned long *domid_bitmap; /* domain id bitmap */ u16 *domid_map; /* domain id mapping array */ uint32_t version; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index f609dcc373..edb2d9bd64 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -386,6 +386,53 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) return; } +unsigned long *__init iommu_init_domid(void) +{ + if ( !iommu_quarantine ) + return ZERO_BLOCK_PTR; + + BUILD_BUG_ON(DOMID_MASK * 2U >= UINT16_MAX); + + return xzalloc_array(unsigned long, + BITS_TO_LONGS(UINT16_MAX - DOMID_MASK)); +} + +domid_t iommu_alloc_domid(unsigned long *map) +{ + /* + * This is used uniformly across all IOMMUs, such that on typical + * systems we wouldn't re-use the same ID very quickly (perhaps never). + */ + static unsigned int start; + unsigned int idx = find_next_zero_bit(map, UINT16_MAX - DOMID_MASK, start); + + ASSERT(pcidevs_locked()); + + if ( idx >= UINT16_MAX - DOMID_MASK ) + idx = find_first_zero_bit(map, UINT16_MAX - DOMID_MASK); + if ( idx >= UINT16_MAX - DOMID_MASK ) + return DOMID_INVALID; + + __set_bit(idx, map); + + start = idx + 1; + + return idx | (DOMID_MASK + 1); +} + +void iommu_free_domid(domid_t domid, unsigned long *map) +{ + ASSERT(pcidevs_locked()); + + if ( domid == DOMID_INVALID ) + return; + + ASSERT(domid > DOMID_MASK); + + if ( !__test_and_clear_bit(domid & DOMID_MASK, map) ) + BUG(); +} + int iommu_free_pgtables(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index 49fa67298d..8175b5ec6d 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -142,6 +142,10 @@ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, iommu_vcall(ops, sync_cache, addr, size); \ }) +unsigned long *iommu_init_domid(void); +domid_t iommu_alloc_domid(unsigned long *map); +void iommu_free_domid(domid_t domid, unsigned long *map); + int __must_check iommu_free_pgtables(struct domain *d); struct domain_iommu; struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index cc05045e9c..70ed48e309 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -15,6 +15,12 @@ struct arch_pci_dev { vmask_t used_vectors; + /* + * These fields are (de)initialized under pcidevs-lock. Other uses of + * them don't race (de)initialization and hence don't strictly need any + * locking. + */ + domid_t pseudo_domid; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:12:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:12:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299041.509395 (Exim 4.92) (envelope-from ) id 1nbizQ-0007IW-Fa; Tue, 05 Apr 2022 13:12:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299041.509395; Tue, 05 Apr 2022 13:12:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbizQ-0007IN-CL; Tue, 05 Apr 2022 13:12:56 +0000 Received: by outflank-mailman (input) for mailman id 299041; Tue, 05 Apr 2022 13:12:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbizP-0007ID-Ph for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbizP-0001Aw-Ot for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbizP-0004Yf-O5 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:12:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=62KQVcZgAta0eFFtJyNfO9eg8gJgaWP+0Mt34nz2F6A=; b=FsFMCr4ntvvs2PIl54hCrUogQT 4JNpK7Wc7gRJJx953OLuPr0l0jEHPEpSsZwr/WZvOEQEsuz9PQHDs897yOJNd6OlyffnWnadzSd0P 7953lBrfl21PG/pgqF+mrMslDGHxAeCas+mO63Sx5poid8/WW/qN2/qwmI7DQFNiWEak=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] IOMMU/x86: drop TLB flushes from quarantine_init() hooks Message-Id: Date: Tue, 05 Apr 2022 13:12:55 +0000 commit 0bd3ff2551325d7ee0d1e957095e1439d39d207d Author: Jan Beulich AuthorDate: Tue Apr 5 15:00:36 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:00:36 2022 +0200 IOMMU/x86: drop TLB flushes from quarantine_init() hooks The page tables just created aren't hooked up yet anywhere, so there's nothing that could be present in any TLB, and hence nothing to flush. Dropping this flush is, at least on the VT-d side, a prereq to per- device domain ID use when quarantining devices, as dom_io isn't going to be assigned a DID anymore: The warning in get_iommu_did() would trigger. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 54c5cef49239e2f27ec3b3fc8804bf57aa4bf46d master date: 2022-04-05 14:19:42 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 2 -- xen/drivers/passthrough/vtd/iommu.c | 3 --- 2 files changed, 5 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index d50510bed0..8746b00e87 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -584,8 +584,6 @@ int __init amd_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - amd_iommu_flush_all_pages(d); - /* Pages leaked in failure case */ return level ? -ENOMEM : 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index e362604726..e7851f61e2 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2958,9 +2958,6 @@ static int __init intel_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - if ( !rc ) - rc = iommu_flush_iotlb_all(d); - /* Pages may be leaked in failure case */ return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:13:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:13:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299042.509398 (Exim 4.92) (envelope-from ) id 1nbiza-0007LQ-Gj; Tue, 05 Apr 2022 13:13:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299042.509398; Tue, 05 Apr 2022 13:13:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbiza-0007LI-Dq; Tue, 05 Apr 2022 13:13:06 +0000 Received: by outflank-mailman (input) for mailman id 299042; Tue, 05 Apr 2022 13:13:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbizZ-0007LA-Sv for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:13:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbizZ-0001Bb-SD for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:13:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbizZ-0004a3-RP for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:13:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oVR+yFyWcFalP2HuMJmeefb3nMN1UC96IPLx1ZLZI54=; b=v7MIDyRaROzaE+bVXMnqHAtZkL wqVGBUWwgEKC5a8msYMJM/P/fnEOzQ/FlE7JXl3COyJC9O/72Vi7TJnxuCf+mzzPSfBz+nSvqQKWb JmOpvf91o/UEULJ71/wwtqL3m2RqG7BY/GX+uBR5G2UxZYLZyB8hbPnQjPYtY+olul0E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] AMD/IOMMU: abstract maximum number of page table levels Message-Id: Date: Tue, 05 Apr 2022 13:13:05 +0000 commit ed84ea00e0e53c5fb9776034ef43d3048cae8362 Author: Jan Beulich AuthorDate: Tue Apr 5 15:00:55 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:00:55 2022 +0200 AMD/IOMMU: abstract maximum number of page table levels We will want to use the constant elsewhere. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: a038b514c1e970a8dc32229cbd31f6769ee61ad5 master date: 2022-04-05 14:20:04 +0200 --- xen/drivers/passthrough/amd/iommu-defs.h | 1 + xen/drivers/passthrough/amd/iommu.h | 2 +- xen/drivers/passthrough/amd/iommu_map.c | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu-defs.h b/xen/drivers/passthrough/amd/iommu-defs.h index 0c97db2a32..8810e497b9 100644 --- a/xen/drivers/passthrough/amd/iommu-defs.h +++ b/xen/drivers/passthrough/amd/iommu-defs.h @@ -106,6 +106,7 @@ struct amd_iommu_dte { bool tv:1; unsigned int :5; unsigned int had:2; +#define IOMMU_MAX_PT_LEVELS 6 unsigned int paging_mode:3; uint64_t pt_root:40; bool ppr:1; diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index e4d13f6ef5..b64ef0bf70 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -358,7 +358,7 @@ static inline int amd_iommu_get_paging_mode(unsigned long max_frames) while ( max_frames > PTE_PER_TABLE_SIZE ) { max_frames = PTE_PER_TABLE_ALIGN(max_frames) >> PTE_PER_TABLE_SHIFT; - if ( ++level > 6 ) + if ( ++level > IOMMU_MAX_PT_LEVELS ) return -ENOMEM; } diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 8746b00e87..93e4ea2826 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -250,7 +250,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, table = hd->arch.amd.root_table; level = hd->arch.amd.paging_mode; - BUG_ON( table == NULL || level < 1 || level > 6 ); + BUG_ON( table == NULL || level < 1 || level > IOMMU_MAX_PT_LEVELS ); /* * A frame number past what the current page tables can represent can't -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:13:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:13:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299043.509401 (Exim 4.92) (envelope-from ) id 1nbizl-0007OG-In; Tue, 05 Apr 2022 13:13:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299043.509401; Tue, 05 Apr 2022 13:13:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbizl-0007O7-FZ; Tue, 05 Apr 2022 13:13:17 +0000 Received: by outflank-mailman (input) for mailman id 299043; Tue, 05 Apr 2022 13:13:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbizk-0007Nv-0y for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:13:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbizk-0001Bi-04 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:13:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbizj-0004bG-VX for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:13:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BQuartvCV+65p859iBlJ2LPg/BsdTX1mcVWywZKSS4E=; b=DDAU1n8oAEaUk/fg9w8k19pN0U oTq3yMKt6lAL0mJpoRXSRV707MIAjeunJjRs0+pA0ZOiulpBexgqp65jr1M8MOVzkhwpErLeiyqI2 g8cksYVYP4XZVPsz8RxRMtxT+NRFqq/5K7yWB72u7KZqDWYdZ5N133vYI9GAjxGC2h4s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] IOMMU/x86: use per-device page tables for quarantining Message-Id: Date: Tue, 05 Apr 2022 13:13:15 +0000 commit aaa61028803a64e72f1026f9608dfa34d0c255ec Author: Jan Beulich AuthorDate: Tue Apr 5 15:01:17 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:01:17 2022 +0200 IOMMU/x86: use per-device page tables for quarantining Devices with RMRRs / unity mapped regions, due to it being unspecified how/when these memory regions may be accessed, may not be left disconnected from the mappings of these regions (as long as it's not certain that the device has been fully quiesced). Hence even the page tables used when quarantining such devices need to have mappings of those regions. This implies installing page tables in the first place even when not in scratch-page quarantining mode. This is CVE-2022-26361 / part of XSA-400. While for the purpose here it would be sufficient to have devices with RMRRs / unity mapped regions use per-device page tables, extend this to all devices (in scratch-page quarantining mode). This allows the leaf pages to be mapped r/w, thus covering also memory writes (rather than just reads) issued by non-quiescent devices. Set up quarantine page tables as late as possible, yet early enough to not encounter failure during de-assign. This means setup generally happens in assign_device(), while (for now) the one in deassign_device() is there mainly to be on the safe side. As to the removal of QUARANTINE_SKIP() from domain_context_unmap_one(): I think this was never really needed there, as the function explicitly deals with finding a non-present context entry. Leaving it there would require propagating pgd_maddr into the function (like was done by "VT-d: prepare for per-device quarantine page tables" for domain_context_mapping_one()). In VT-d's DID allocation function don't require the IOMMU lock to be held anymore: All involved code paths hold pcidevs_lock, so this way we avoid the need to acquire the IOMMU lock around the new call to context_set_domain_id(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 14dd241aad8af447680ac73e8579990e2c09c1e7 master date: 2022-04-05 14:24:18 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/amd/iommu.h | 3 +- xen/drivers/passthrough/amd/iommu_map.c | 153 ++++++++++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 35 ++-- xen/drivers/passthrough/iommu.c | 18 +- xen/drivers/passthrough/pci.c | 20 ++- xen/drivers/passthrough/vtd/iommu.c | 245 +++++++++++++++++++--------- xen/drivers/passthrough/vtd/iommu.h | 2 +- xen/include/asm-x86/pci.h | 13 ++ xen/include/xen/iommu.h | 3 +- 10 files changed, 354 insertions(+), 140 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index b96244e422..85681dee26 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1468,7 +1468,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int ret; - if ( !paging_mode_translate(p2m->domain) ) + if ( !paging_mode_translate(d) ) { if ( !is_iommu_enabled(d) ) return 0; diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index b64ef0bf70..0d9d976faa 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -223,7 +223,8 @@ int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); int iov_adjust_irq_affinities(void); -int amd_iommu_quarantine_init(struct domain *d); +int amd_iommu_quarantine_init(struct pci_dev *pdev); +void amd_iommu_quarantine_teardown(struct pci_dev *pdev); /* mapping functions */ int __must_check amd_iommu_map_page(struct domain *d, dfn_t dfn, diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 93e4ea2826..b4c1824491 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -528,64 +528,135 @@ int amd_iommu_reserve_domain_unity_unmap(struct domain *d, return rc; } -int __init amd_iommu_quarantine_init(struct domain *d) +static int fill_qpt(union amd_iommu_pte *this, unsigned int level, + struct page_info *pgs[IOMMU_MAX_PT_LEVELS]) { - struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_PER_TABLE_SIZE; ++i ) + { + union amd_iommu_pte *pte = &this[i], *next; + + if ( !pte->pr ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = iommu_alloc_pgtable(hd); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + if ( level ) + { + next = __map_domain_page(pgs[level]); + rc = fill_qpt(next, level - 1, pgs); + unmap_domain_page(next); + } + } + + /* + * PDEs are essentially a subset of PTEs, so this function + * is fine to use even at the leaf. + */ + set_iommu_pde_present(pte, mfn_x(page_to_mfn(pgs[level])), level, + true, true); + } + else if ( level && pte->next_level ) + { + next = map_domain_page(_mfn(pte->mfn)); + rc = fill_qpt(next, level - 1, pgs); + unmap_domain_page(next); + } + } + + return rc; +} + +int amd_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); unsigned long end_gfn = 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT); unsigned int level = amd_iommu_get_paging_mode(end_gfn); - union amd_iommu_pte *table; + unsigned int req_id = get_dma_requestor_id(pdev->seg, pdev->sbdf.bdf); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + int rc; + + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.amd.root_table); + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + + ASSERT(pdev->arch.pseudo_domid != DOMID_INVALID); - if ( hd->arch.amd.root_table ) + if ( pdev->arch.amd.root_table ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + pdev->arch.amd.root_table = iommu_alloc_pgtable(hd); + if ( !pdev->arch.amd.root_table ) + return -ENOMEM; - hd->arch.amd.root_table = iommu_alloc_pgtable(hd); - if ( !hd->arch.amd.root_table ) - goto out; + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.amd.root_table = pdev->arch.amd.root_table; + + rc = amd_iommu_reserve_domain_unity_map(dom_io, + ivrs_mappings[req_id].unity_map, + 0); - table = __map_domain_page(hd->arch.amd.root_table); - while ( level ) + iommu_identity_map_teardown(dom_io); + hd->arch.amd.root_table = NULL; + + if ( rc ) + printk("%pp: quarantine unity mapping failed\n", &pdev->sbdf); + else { - struct page_info *pg; - unsigned int i; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = iommu_alloc_pgtable(hd); - if ( !pg ) - break; - - for ( i = 0; i < PTE_PER_TABLE_SIZE; i++ ) - { - union amd_iommu_pte *pde = &table[i]; + union amd_iommu_pte *root; + struct page_info *pgs[IOMMU_MAX_PT_LEVELS] = {}; - /* - * PDEs are essentially a subset of PTEs, so this function - * is fine to use even at the leaf. - */ - set_iommu_pde_present(pde, mfn_x(page_to_mfn(pg)), level - 1, - false, true); - } + spin_lock(&hd->arch.mapping_lock); - unmap_domain_page(table); - table = __map_domain_page(pg); - level--; + root = __map_domain_page(pdev->arch.amd.root_table); + rc = fill_qpt(root, level - 1, pgs); + unmap_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_domain_page(table); - out: - spin_unlock(&hd->arch.mapping_lock); + page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); + + if ( rc ) + amd_iommu_quarantine_teardown(pdev); + + return rc; +} + +void amd_iommu_quarantine_teardown(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.amd.root_table ) + return; - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + page_list_move(&hd->arch.pgtables.list, &pdev->arch.pgtables_list); + while ( iommu_free_pgtables(dom_io) == -ERESTART ) + /* nothing */; + pdev->arch.amd.root_table = NULL; } /* diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 3f7587b2ce..e804fdc34f 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -122,6 +122,8 @@ static int __must_check amd_iommu_setup_domain_device( u8 bus = pdev->bus; const struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; + const struct page_info *root_pg; + domid_t domid; BUG_ON(!hd->arch.amd.paging_mode || !iommu->dev_table.buffer); @@ -141,14 +143,25 @@ static int __must_check amd_iommu_setup_domain_device( dte = &table[req_id]; ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + if ( domain != dom_io ) + { + root_pg = hd->arch.amd.root_table; + domid = domain->domain_id; + } + else + { + root_pg = pdev->arch.amd.root_table; + domid = pdev->arch.pseudo_domid; + } + spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { /* bind DTE to domain page-tables */ rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.amd.paging_mode, sr_flags); if ( rc ) { ASSERT(rc < 0); @@ -172,7 +185,7 @@ static int __must_check amd_iommu_setup_domain_device( amd_iommu_flush_device(iommu, req_id); } - else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.amd.root_table)) ) + else if ( dte->pt_root != mfn_x(page_to_mfn(root_pg)) ) { /* * Strictly speaking if the device is the only one with this requestor @@ -185,8 +198,8 @@ static int __must_check amd_iommu_setup_domain_device( rc = -EOPNOTSUPP; else rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.amd.paging_mode, sr_flags); if ( rc < 0 ) { spin_unlock_irqrestore(&iommu->lock, flags); @@ -205,6 +218,7 @@ static int __must_check amd_iommu_setup_domain_device( * intended anyway. */ !pdev->domain->is_dying && + pdev->domain != dom_io && (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || pdev->phantom_stride) ) printk(" %pp: reassignment may cause %pd data corruption\n", @@ -234,9 +248,8 @@ static int __must_check amd_iommu_setup_domain_device( AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " "root table = %#"PRIx64", " "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode); + req_id, pdev->type, page_to_maddr(root_pg), + domid, hd->arch.amd.paging_mode); ASSERT(pcidevs_locked()); @@ -305,7 +318,7 @@ int amd_iommu_alloc_root(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - if ( unlikely(!hd->arch.amd.root_table) ) + if ( unlikely(!hd->arch.amd.root_table) && d != dom_io ) { hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) @@ -396,7 +409,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, AMD_IOMMU_DEBUG("Disable: device id = %#x, " "domain = %d, paging mode = %d\n", - req_id, domain->domain_id, + req_id, dte->domain_id, dom_iommu(domain)->arch.amd.paging_mode); } spin_unlock_irqrestore(&iommu->lock, flags); @@ -608,6 +621,8 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + amd_iommu_quarantine_teardown(pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); pdev->arch.pseudo_domid = DOMID_INVALID; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 879d238bcd..98c6550a36 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -424,21 +424,21 @@ int iommu_iotlb_flush_all(struct domain *d, unsigned int flush_flags) return rc; } -static int __init iommu_quarantine_init(void) +int iommu_quarantine_dev_init(device_t *dev) { const struct domain_iommu *hd = dom_iommu(dom_io); - int rc; - dom_io->options |= XEN_DOMCTL_CDF_iommu; + if ( !iommu_quarantine || !hd->platform_ops->quarantine_init ) + return 0; - rc = iommu_domain_init(dom_io, 0); - if ( rc ) - return rc; + return iommu_call(hd->platform_ops, quarantine_init, dev); +} - if ( !hd->platform_ops->quarantine_init ) - return 0; +static int __init iommu_quarantine_init(void) +{ + dom_io->options |= XEN_DOMCTL_CDF_iommu; - return hd->platform_ops->quarantine_init(dom_io); + return iommu_domain_init(dom_io, 0); } int __init iommu_setup(void) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 1353e30747..37c2d5b1d1 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -858,9 +858,16 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus, return -ENODEV; /* De-assignment from dom_io should de-quarantine the device */ - target = ((pdev->quarantine || iommu_quarantine) && - pdev->domain != dom_io) ? - dom_io : hardware_domain; + if ( (pdev->quarantine || iommu_quarantine) && pdev->domain != dom_io ) + { + ret = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( ret ) + return ret; + + target = dom_io; + } + else + target = hardware_domain; while ( pdev->phantom_stride ) { @@ -1441,6 +1448,13 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) msixtbl_init(d); } + if ( pdev->domain != dom_io ) + { + rc = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( rc ) + goto done; + } + pdev->fault.count = 0; if ( (rc = hd->platform_ops->assign_device(d, devfn, pci_to_dev(pdev), flag)) ) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index e7851f61e2..c1ae66c8ef 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -43,6 +43,12 @@ #include "vtd.h" #include "../ats.h" +#define DEVICE_DOMID(d, pdev) ((d) != dom_io ? (d)->domain_id \ + : (pdev)->arch.pseudo_domid) +#define DEVICE_PGTABLE(d, pdev) ((d) != dom_io \ + ? dom_iommu(d)->arch.vtd.pgd_maddr \ + : (pdev)->arch.vtd.pgd_maddr) + /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -85,13 +91,18 @@ static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 + +/* + * This function may have "context" passed as NULL, to merely obtain a DID + * for "domid". + */ static int context_set_domain_id(struct context_entry *context, domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; - ASSERT(spin_is_locked(&iommu->lock)); + ASSERT(pcidevs_locked()); nr_dom = cap_ndoms(iommu->cap); i = find_first_bit(iommu->domid_bitmap, nr_dom); @@ -117,8 +128,13 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); - context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); - context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + + if ( context ) + { + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); + context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + } + return 0; } @@ -168,8 +184,12 @@ static void check_cleanup_domid_map(struct domain *d, const struct pci_dev *exclude, struct vtd_iommu *iommu) { - bool found = any_pdev_behind_iommu(d, exclude, iommu); + bool found; + + if ( d == dom_io ) + return; + found = any_pdev_behind_iommu(d, exclude, iommu); /* * Hidden devices are associated with DomXEN but usable by the hardware * domain. Hence they need considering here as well. @@ -1414,7 +1434,7 @@ int domain_context_mapping_one( domid = iommu->domid_map[prev_did]; if ( domid < DOMID_FIRST_RESERVED ) prev_dom = rcu_lock_domain_by_id(domid); - else if ( domid == DOMID_IO ) + else if ( pdev ? domid == pdev->arch.pseudo_domid : domid > DOMID_MASK ) prev_dom = rcu_lock_domain(dom_io); if ( !prev_dom ) { @@ -1570,15 +1590,12 @@ int domain_context_mapping_one( { if ( !prev_dom ) ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ - { - hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, - domain->domain_id, - hd->arch.vtd.pgd_maddr, + DEVICE_DOMID(prev_dom, pdev), + DEVICE_PGTABLE(prev_dom, pdev), mode & MAP_WITH_RMRR) < 0; - } else ret = 1; @@ -1600,7 +1617,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; - paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; + paddr_t pgd_maddr = DEVICE_PGTABLE(domain, pdev); domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; @@ -1633,7 +1650,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; } - if ( domain != pdev->domain ) + if ( domain != pdev->domain && pdev->domain != dom_io ) { if ( pdev->domain->is_dying ) mode |= MAP_OWNER_DYING; @@ -1672,8 +1689,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, + ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, + DEVICE_DOMID(domain, pdev), pgd_maddr, mode); if ( ret > 0 ) ret = 0; @@ -1696,8 +1713,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, - mode); + pdev, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret < 0 ) break; prev_present = ret; @@ -1725,8 +1742,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1741,8 +1758,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret ) { @@ -1889,7 +1906,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1900,7 +1917,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( ret ) break; @@ -1923,18 +1940,12 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + DEVICE_DOMID(domain, pdev)); /* PCIe to PCI/PCIx bridge */ - if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); - if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - domain->domain_id); - } - else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); + if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + DEVICE_DOMID(domain, pdev)); break; @@ -1977,6 +1988,26 @@ static void iommu_domain_teardown(struct domain *d) cleanup_domid_map(d->domain_id, drhd->iommu); } +static void quarantine_teardown(struct pci_dev *pdev, + const struct acpi_drhd_unit *drhd) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.vtd.pgd_maddr ) + return; + + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + page_list_move(&hd->arch.pgtables.list, &pdev->arch.pgtables_list); + while ( iommu_free_pgtables(dom_io) == -ERESTART ) + /* nothing */; + pdev->arch.vtd.pgd_maddr = 0; + + if ( drhd ) + cleanup_domid_map(pdev->arch.pseudo_domid, drhd->iommu); +} + static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, unsigned int *flush_flags) @@ -2201,6 +2232,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + quarantine_teardown(pdev, drhd); + if ( drhd ) { iommu_free_domid(pdev->arch.pseudo_domid, @@ -2896,69 +2929,135 @@ static void vtd_dump_page_tables(struct domain *d) agaw_to_level(hd->arch.vtd.agaw), 0, 0); } -static int __init intel_iommu_quarantine_init(struct domain *d) +static int fill_qpt(struct dma_pte *this, unsigned int level, + struct page_info *pgs[6]) { - struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_NUM; ++i ) + { + struct dma_pte *pte = &this[i], *next; + + if ( !dma_pte_present(*pte) ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = iommu_alloc_pgtable(hd); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + if ( level ) + { + next = map_vtd_domain_page(page_to_maddr(pgs[level])); + rc = fill_qpt(next, level - 1, pgs); + unmap_vtd_domain_page(next); + } + } + + dma_set_pte_addr(*pte, page_to_maddr(pgs[level])); + dma_set_pte_readable(*pte); + dma_set_pte_writable(*pte); + } + else if ( level && !dma_pte_superpage(*pte) ) + { + next = map_vtd_domain_page(dma_pte_addr(*pte)); + rc = fill_qpt(next, level - 1, pgs); + unmap_vtd_domain_page(next); + } + } + + return rc; +} + +static int intel_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); struct page_info *pg; - struct dma_pte *parent; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); - int rc = 0; + const struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; + unsigned int i, bdf; + bool rmrr_found = false; + int rc; - spin_lock(&hd->arch.mapping_lock); + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.vtd.pgd_maddr); + ASSERT(page_list_empty(&hd->arch.pgtables.list)); - if ( hd->arch.vtd.pgd_maddr ) + if ( pdev->arch.vtd.pgd_maddr ) { - ASSERT_UNREACHABLE(); - goto out; + clear_domain_page(pdev->arch.leaf_mfn); + return 0; } - pg = iommu_alloc_pgtable(hd); + drhd = acpi_find_matched_drhd_unit(pdev); + if ( !drhd ) + return -ENODEV; - rc = -ENOMEM; + pg = iommu_alloc_pgtable(hd); if ( !pg ) - goto out; + return -ENOMEM; + rc = context_set_domain_id(NULL, pdev->arch.pseudo_domid, drhd->iommu); + + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ hd->arch.vtd.pgd_maddr = page_to_maddr(pg); - parent = map_vtd_domain_page(hd->arch.vtd.pgd_maddr); - while ( level ) + for_each_rmrr_device ( rmrr, bdf, i ) { - uint64_t maddr; - unsigned int offset; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = iommu_alloc_pgtable(hd); - - if ( !pg ) - goto out; + if ( rc ) + break; - maddr = page_to_maddr(pg); - for ( offset = 0; offset < PTE_NUM; offset++ ) + if ( rmrr->segment == pdev->seg && bdf == pdev->sbdf.bdf ) { - struct dma_pte *pte = &parent[offset]; + rmrr_found = true; - dma_set_pte_addr(*pte, maddr); - dma_set_pte_readable(*pte); + rc = iommu_identity_mapping(dom_io, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); + if ( rc ) + printk(XENLOG_ERR VTDPREFIX + "%pp: RMRR quarantine mapping failed\n", + &pdev->sbdf); } - iommu_sync_cache(parent, PAGE_SIZE); + } - unmap_vtd_domain_page(parent); - parent = map_vtd_domain_page(maddr); - level--; + iommu_identity_map_teardown(dom_io); + hd->arch.vtd.pgd_maddr = 0; + pdev->arch.vtd.pgd_maddr = page_to_maddr(pg); + + if ( !rc ) + { + struct dma_pte *root; + struct page_info *pgs[6] = {}; + + spin_lock(&hd->arch.mapping_lock); + + root = map_vtd_domain_page(pdev->arch.vtd.pgd_maddr); + rc = fill_qpt(root, level - 1, pgs); + unmap_vtd_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_vtd_domain_page(parent); - rc = 0; + page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc ) + quarantine_teardown(pdev, drhd); - /* Pages may be leaked in failure case */ return rc; } diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index be44fc017f..c67adb9b41 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -509,7 +509,7 @@ struct vtd_iommu { u32 nr_pt_levels; u64 cap; u64 ecap; - spinlock_t lock; /* protect context, domain ids */ + spinlock_t lock; /* protect context */ spinlock_t register_lock; /* protect iommu register handling */ u64 root_maddr; /* root entry machine address */ nodeid_t node; diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index 70ed48e309..0c79acb1ed 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -1,6 +1,8 @@ #ifndef __X86_PCI_H__ #define __X86_PCI_H__ +#include + #define CF8_BDF(cf8) ( ((cf8) & 0x00ffff00) >> 8) #define CF8_ADDR_LO(cf8) ( (cf8) & 0x000000fc) #define CF8_ADDR_HI(cf8) ( ((cf8) & 0x0f000000) >> 16) @@ -20,7 +22,18 @@ struct arch_pci_dev { * them don't race (de)initialization and hence don't strictly need any * locking. */ + union { + /* Subset of struct arch_iommu's fields, to be used in dom_io. */ + struct { + uint64_t pgd_maddr; + } vtd; + struct { + struct page_info *root_table; + } amd; + }; domid_t pseudo_domid; + mfn_t leaf_mfn; + struct page_list_head pgtables_list; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index d59ed7cbad..cd79374a14 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -234,7 +234,7 @@ typedef int iommu_grdm_t(xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt); struct iommu_ops { int (*init)(struct domain *d); void (*hwdom_init)(struct domain *d); - int (*quarantine_init)(struct domain *d); + int (*quarantine_init)(device_t *dev); int (*add_device)(u8 devfn, device_t *dev); int (*enable_device)(device_t *dev); int (*remove_device)(u8 devfn, device_t *dev); @@ -352,6 +352,7 @@ int __must_check iommu_suspend(void); void iommu_resume(void); void iommu_crash_shutdown(void); int iommu_get_reserved_device_memory(iommu_grdm_t *, void *); +int iommu_quarantine_dev_init(device_t *dev); #ifdef CONFIG_HAS_PCI int iommu_do_pci_domctl(struct xen_domctl *, struct domain *d, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:22:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:22:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299053.509428 (Exim 4.92) (envelope-from ) id 1nbj8I-00014U-KN; Tue, 05 Apr 2022 13:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299053.509428; Tue, 05 Apr 2022 13:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8I-00014M-HN; Tue, 05 Apr 2022 13:22:06 +0000 Received: by outflank-mailman (input) for mailman id 299053; Tue, 05 Apr 2022 13:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8G-00014G-Mj for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8G-0001M6-Kz for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbj8G-0005VS-Jx for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nvagwjZaIR+Mn9Aw6yXVKKBxbGY2OeqW1KPkKOpdfMo=; b=Ipai5HAjBdR6W1jCD7mFx9Ieuo d6hJdGHcKPnj4QbHLxMlCUX8AhpBtwXGKDhNoTTERQvQlnN4xuSfAw4S13vGQUoNzkyPtpi8JY42/ kc1Hn85Cmz284z5nb3dbAm+9zYZfd5kNvbSbDR/wgYhYKcj1hbYZ2u1Yz3mmddMYLIuQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/hap: do not switch on log dirty for VRAM tracking Message-Id: Date: Tue, 05 Apr 2022 13:22:04 +0000 commit abfa80967be95479ab53c8abc6194713b4f0ee0e Author: Roger Pau MonnĂ© AuthorDate: Tue Apr 5 15:08:40 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:08:40 2022 +0200 x86/hap: do not switch on log dirty for VRAM tracking XEN_DMOP_track_dirty_vram possibly calls into paging_log_dirty_enable when using HAP mode, and it can interact badly with other ongoing paging domctls, as XEN_DMOP_track_dirty_vram is not holding the domctl lock. This was detected as a result of the following assert triggering when doing repeated migrations of a HAP HVM domain with a stubdom: Assertion 'd->arch.paging.log_dirty.allocs == 0' failed at paging.c:198 ----[ Xen-4.17-unstable x86_64 debug=y Not tainted ]---- CPU: 34 RIP: e008:[] arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x6 RFLAGS: 0000000000010206 CONTEXT: hypervisor (d0v23) [...] Xen call trace: [] R arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x63a [] S xsm/flask/hooks.c#domain_has_perm+0x5a/0x67 [] F paging_domctl+0x251/0xd41 [] F paging_domctl_continuation+0x19d/0x202 [] F pv_hypercall+0x150/0x2a7 [] F lstar_enter+0x12d/0x140 Such assert triggered because the stubdom used XEN_DMOP_track_dirty_vram while dom0 was in the middle of executing XEN_DOMCTL_SHADOW_OP_OFF, and so log dirty become enabled while retiring the old structures, thus leading to new entries being populated in already clear slots. Fix this by not enabling log dirty for VRAM tracking, similar to what is done when using shadow instead of HAP. Call p2m_enable_hardware_log_dirty when enabling VRAM tracking in order to get some hardware assistance if available. As a side effect the memory pressure on the p2m pool should go down if only VRAM tracking is enabled, as the dirty bitmap is no longer allocated. Note that paging_log_dirty_range (used to get the dirty bitmap for VRAM tracking) doesn't use the log dirty bitmap, and instead relies on checking whether each gfn on the range has been switched from p2m_ram_logdirty to p2m_ram_rw in order to account for dirty pages. This is CVE-2022-26356 / XSA-397. Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich master commit: 4f4db53784d912c4f409a451c36ebfd4754e0a42 master date: 2022-04-05 14:11:30 +0200 --- xen/arch/x86/mm/hap/hap.c | 11 ++++------- xen/arch/x86/mm/paging.c | 2 +- xen/include/asm-x86/paging.h | 3 --- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 7f84d0c6ea..1349de01d4 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -69,13 +69,6 @@ int hap_track_dirty_vram(struct domain *d, { int size = (nr + BITS_PER_BYTE - 1) / BITS_PER_BYTE; - if ( !paging_mode_log_dirty(d) ) - { - rc = paging_log_dirty_enable(d, false); - if ( rc ) - goto out; - } - rc = -ENOMEM; dirty_bitmap = vzalloc(size); if ( !dirty_bitmap ) @@ -107,6 +100,10 @@ int hap_track_dirty_vram(struct domain *d, paging_unlock(d); + domain_pause(d); + p2m_enable_hardware_log_dirty(d); + domain_unpause(d); + if ( oend > ostart ) p2m_change_type_range(d, ostart, oend, p2m_ram_logdirty, p2m_ram_rw); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index 7c265fb5f3..7662db1ad4 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -209,7 +209,7 @@ static int paging_free_log_dirty_bitmap(struct domain *d, int rc) return rc; } -int paging_log_dirty_enable(struct domain *d, bool log_global) +static int paging_log_dirty_enable(struct domain *d, bool log_global) { int ret; diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h index abb9a7e75c..2ca6325c5f 100644 --- a/xen/include/asm-x86/paging.h +++ b/xen/include/asm-x86/paging.h @@ -160,9 +160,6 @@ void paging_log_dirty_range(struct domain *d, unsigned long nr, uint8_t *dirty_bitmap); -/* enable log dirty */ -int paging_log_dirty_enable(struct domain *d, bool log_global); - /* log dirty initialization */ void paging_log_dirty_init(struct domain *d, const struct log_dirty_ops *ops); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:22:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:22:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299054.509432 (Exim 4.92) (envelope-from ) id 1nbj8S-00016k-Ls; Tue, 05 Apr 2022 13:22:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299054.509432; Tue, 05 Apr 2022 13:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8S-00016c-Iy; Tue, 05 Apr 2022 13:22:16 +0000 Received: by outflank-mailman (input) for mailman id 299054; Tue, 05 Apr 2022 13:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8Q-00016O-Oz for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8Q-0001MN-OD for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbj8Q-0005Xd-NI for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xlNaRTN+/fUtDekmeeVUIxCzemHg8gcVIDFte4bOfPM=; b=EC1ixf/86PUR80DsVfn5cQOaf3 esYRNoUB4z0W/3OK1FZkMZfGMIFkf2RpAVP92mQY7oXaBU/XtIhnID27AsUSXZz5CclrTQaubvkYq eNv0yiIMH5LJvVWsJOrvoSKMJirYBNhkkDyEidNe4PjbY9F1jRB0D097XudBBZMAxCRw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] VT-d: correct ordering of operations in cleanup_domid_map() Message-Id: Date: Tue, 05 Apr 2022 13:22:14 +0000 commit 9d7046b644b1fff443b5e12ba4d5676ec3708cb8 Author: Jan Beulich AuthorDate: Tue Apr 5 15:09:28 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:09:28 2022 +0200 VT-d: correct ordering of operations in cleanup_domid_map() The function may be called without any locks held (leaving aside the domctl one, which we surely don't want to depend on here), so needs to play safe wrt other accesses to domid_map[] and domid_bitmap[]. This is to avoid context_set_domain_id()'s writing of domid_map[] to be reset to zero right away in the case of it racing the freeing of a DID. For the interaction with context_set_domain_id() and did_to_domain_id() see the code comment. {check_,}cleanup_domid_map() are called with pcidevs_lock held or during domain cleanup only (and pcidevs_lock is also held around context_set_domain_id()), i.e. racing calls with the same (dom, iommu) tuple cannot occur. domain_iommu_domid(), besides its use by cleanup_domid_map(), has its result used only to control flushing, and hence a stale result would only lead to a stray extra flush. This is CVE-2022-26357 / XSA-399. Fixes: b9c20c78789f ("VT-d: per-iommu domain-id") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: d9eca7bb6c6636eb87bb17b08ba7de270f47ecd0 master date: 2022-04-05 14:12:27 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index ce3e511ef7..ea1c4cb67b 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -148,8 +148,14 @@ static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) if ( iommu_domid >= 0 ) { + /* + * Update domid_map[] /before/ domid_bitmap[] to avoid a race with + * context_set_domain_id(), setting the slot to DOMID_INVALID for + * ->domid_map[] reads to produce a suitable value while the bit is + * still set. + */ + iommu->domid_map[iommu_domid] = DOMID_INVALID; clear_bit(iommu_domid, iommu->domid_bitmap); - iommu->domid_map[iommu_domid] = 0; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:22:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:22:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299055.509436 (Exim 4.92) (envelope-from ) id 1nbj8c-00019T-NO; Tue, 05 Apr 2022 13:22:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299055.509436; Tue, 05 Apr 2022 13:22:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8c-00019L-KZ; Tue, 05 Apr 2022 13:22:26 +0000 Received: by outflank-mailman (input) for mailman id 299055; Tue, 05 Apr 2022 13:22:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8a-000192-SM for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8a-0001MX-RQ for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbj8a-0005YT-Qa for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=u/MS8js0n5K+DP8yot6kstsnghR/e4jI1imhvjsz17U=; b=IOFISx+sYXnT2rxNUTTmG++lMK DyiXIISWrw53ENNSilxiaakWM70iAfRQOCxgbBWlru1WR1f6k3/B9vJKtTA6zF3SPEwoBq8eobDSX CqoSsQ8QJxt9v2hyTu2yl5CkALIZjryqzrF8fto+7MpOWdxfhkVpzCnwEDJULSUUzXN0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] VT-d: fix (de)assign ordering when RMRRs are in use Message-Id: Date: Tue, 05 Apr 2022 13:22:24 +0000 commit b382b7d2ff7a92ccafe741f05fdc630d87ef7062 Author: Jan Beulich AuthorDate: Tue Apr 5 15:09:48 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:09:48 2022 +0200 VT-d: fix (de)assign ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully updated. Also adjust a related log message. This is CVE-2022-26358 / part of XSA-400. Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: 78a40f8b5dfa1a3aec43528663f39473d4429101 master date: 2022-04-05 14:15:33 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 56 ++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index ea1c4cb67b..1bf33f0177 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2411,6 +2411,10 @@ static int reassign_device_ownership( { int ret; + ret = domain_context_unmap(source, devfn, pdev); + if ( ret ) + return ret; + /* * Devices assigned to untrusted domains (here assumed to be any domU) * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected @@ -2447,10 +2451,6 @@ static int reassign_device_ownership( } } - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; - if ( devfn == pdev->devfn && pdev->domain != dom_io ) { list_move(&pdev->domain_list, &dom_io->pdev_list); @@ -2527,9 +2527,8 @@ static int intel_iommu_assign_device( } } - ret = reassign_device_ownership(s, d, devfn, pdev); - if ( ret || d == dom_io ) - return ret; + if ( d == dom_io ) + return reassign_device_ownership(s, d, devfn, pdev); /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) @@ -2542,20 +2541,37 @@ static int intel_iommu_assign_device( rmrr->end_address, flag); if ( ret ) { - int rc; - - rc = reassign_device_ownership(d, s, devfn, pdev); printk(XENLOG_G_ERR VTDPREFIX - " cannot map reserved region (%"PRIx64",%"PRIx64"] for Dom%d (%d)\n", - rmrr->base_address, rmrr->end_address, - d->domain_id, ret); - if ( rc ) - { - printk(XENLOG_ERR VTDPREFIX - " failed to reclaim %04x:%02x:%02x.%u from %pd (%d)\n", - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), d, rc); - domain_crash(d); - } + "%pd: cannot map reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, ret); + break; + } + } + } + + if ( !ret ) + ret = reassign_device_ownership(s, d, devfn, pdev); + + /* See reassign_device_ownership() for the hwdom aspect. */ + if ( !ret || is_hardware_domain(d) ) + return ret; + + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment == seg && + PCI_BUS(bdf) == bus && + PCI_DEVFN2(bdf) == devfn ) + { + int rc = iommu_identity_mapping(d, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); + + if ( rc && rc != -ENOENT ) + { + printk(XENLOG_ERR VTDPREFIX + "%pd: cannot unmap reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, rc); + domain_crash(d); break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:22:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:22:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299056.509440 (Exim 4.92) (envelope-from ) id 1nbj8m-0001Cc-P3; Tue, 05 Apr 2022 13:22:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299056.509440; Tue, 05 Apr 2022 13:22:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8m-0001CU-M2; Tue, 05 Apr 2022 13:22:36 +0000 Received: by outflank-mailman (input) for mailman id 299056; Tue, 05 Apr 2022 13:22:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8k-0001C9-VM for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8k-0001Mh-UX for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbj8k-0005Z6-Tk for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vZrfUtcfDES9aCmiXDVLb0RWcvPkwBzo3MBi4sDq8GA=; b=T+fSxm4b2nIFntx+SWUsNzRoNu zBVaBwnUNWS3Efarx56vI9SDjkxck9G8Z0HMS7gmLqwRUCw3PHGzgelcQXZno/06ZKWv2WlTHJEfl hiTsaudIp85RTPRY/HbfRhIZ+ZQUqWz3IYE3oOWwOU1OsxUee58ugCRw8Pwyk+COXkAI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] VT-d: fix add/remove ordering when RMRRs are in use Message-Id: Date: Tue, 05 Apr 2022 13:22:34 +0000 commit 419a09377dd4e442d163b63404f6bc64a57a3603 Author: Jan Beulich AuthorDate: Tue Apr 5 15:10:10 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:10:10 2022 +0200 VT-d: fix add/remove ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully cleared. Also switch to %pd in related log messages. Fixes: fa88cfadf918 ("vt-d: Map RMRR in intel_iommu_add_device() if the device has RMRR") Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 3221f270cf2eba0a22fd4f92319d664eacb92889 master date: 2022-04-05 14:16:10 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 1bf33f0177..c4c94c41f7 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2000,14 +2000,6 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - ret = domain_context_mapping(pdev->domain, devfn, pdev); - if ( ret ) - { - dprintk(XENLOG_ERR VTDPREFIX, "d%d: context mapping failed\n", - pdev->domain->domain_id); - return ret; - } - for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment == pdev->seg && @@ -2024,12 +2016,17 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) rmrr->base_address, rmrr->end_address, 0); if ( ret ) - dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", - pdev->domain->domain_id); + dprintk(XENLOG_ERR VTDPREFIX, "%pd: RMRR mapping failed\n", + pdev->domain); } } - return 0; + ret = domain_context_mapping(pdev->domain, devfn, pdev); + if ( ret ) + dprintk(XENLOG_ERR VTDPREFIX, "%pd: context mapping failed\n", + pdev->domain); + + return ret; } static int intel_iommu_enable_device(struct pci_dev *pdev) @@ -2051,11 +2048,15 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; - int i; + int ret, i; if ( !pdev->domain ) return -EINVAL; + ret = domain_context_unmap(pdev->domain, devfn, pdev); + if ( ret ) + return ret; + for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment != pdev->seg || @@ -2071,7 +2072,7 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } - return domain_context_unmap(pdev->domain, devfn, pdev); + return 0; } static int __hwdom_init setup_hwdom_device(u8 devfn, struct pci_dev *pdev) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:22:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:22:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299057.509444 (Exim 4.92) (envelope-from ) id 1nbj8w-0001Fp-QM; Tue, 05 Apr 2022 13:22:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299057.509444; Tue, 05 Apr 2022 13:22:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8w-0001Fi-NX; Tue, 05 Apr 2022 13:22:46 +0000 Received: by outflank-mailman (input) for mailman id 299057; Tue, 05 Apr 2022 13:22:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8v-0001FW-2G for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj8v-0001Mr-1R for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbj8v-0005Zl-0e for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0DVIQ9kvBbA6EYLmvJXUa6fFO11x33pmZ4DGmepHnZE=; b=QaJ24PPVhXGFMP7Yhr8Rha0nfr kAkT/505MKKeWDtN3XeESu4b/lcmG73ZgEQbJXN934W4cAeVjaxlM9C1jX5ou9WhbdJNr8PuyiTfL 0TPNv+YOvdjNZ7gu9u8AT9G9EZg6470hqIWjv9geWrDzhoNdLHutGKM2bH7JprDqsaJY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] VT-d: drop ownership checking from domain_context_mapping_one() Message-Id: Date: Tue, 05 Apr 2022 13:22:45 +0000 commit bff4c690b2229e02bbd3fc1b1a53ce3ca189f218 Author: Jan Beulich AuthorDate: Tue Apr 5 15:12:11 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:12:11 2022 +0200 VT-d: drop ownership checking from domain_context_mapping_one() Despite putting in quite a bit of effort it was not possible to establish why exactly this code exists (beyond possibly sanity checking). Instead of a subsequent change further complicating this logic, simply get rid of it. Take the opportunity and move the respective unmap_vtd_domain_page() out of the locked region. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: a680b8134b2d1828bbbf443a97feea66e8a85c75 master date: 2022-04-05 14:17:21 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 64 ++----------------------------------- 1 file changed, 2 insertions(+), 62 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index c4c94c41f7..52601303fa 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -120,28 +120,6 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static int context_get_domain_id(struct context_entry *context, - struct vtd_iommu *iommu) -{ - unsigned long dom_index, nr_dom; - int domid = -1; - - if (iommu && context) - { - nr_dom = cap_ndoms(iommu->cap); - - dom_index = context_domain_id(*context); - - if ( dom_index < nr_dom && iommu->domid_map ) - domid = iommu->domid_map[dom_index]; - else - dprintk(XENLOG_DEBUG VTDPREFIX, - "dom_index %lu exceeds nr_dom %lu or iommu has no domid_map\n", - dom_index, nr_dom); - } - return domid; -} - static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) { int iommu_domid = domain_iommu_domid(domain, iommu); @@ -1395,47 +1373,9 @@ int domain_context_mapping_one( if ( context_present(*context) ) { - int res = 0; - - /* Try to get domain ownership from device structure. If that's - * not available, try to read it from the context itself. */ - if ( pdev ) - { - if ( pdev->domain != domain ) - { - printk(XENLOG_G_INFO VTDPREFIX - "%pd: %04x:%02x:%02x.%u owned by %pd\n", - domain, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), - pdev->domain); - res = -EINVAL; - } - } - else - { - int cdomain; - cdomain = context_get_domain_id(context, iommu); - - if ( cdomain < 0 ) - { - printk(XENLOG_G_WARNING VTDPREFIX - "%pd: %04x:%02x:%02x.%u mapped, but can't find owner\n", - domain, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - res = -EINVAL; - } - else if ( cdomain != domain->domain_id ) - { - printk(XENLOG_G_INFO VTDPREFIX - "%pd: %04x:%02x:%02x.%u already mapped to d%d\n", - domain, - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), - cdomain); - res = -EINVAL; - } - } - - unmap_vtd_domain_page(context_entries); spin_unlock(&iommu->lock); - return res; + unmap_vtd_domain_page(context_entries); + return 0; } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:22:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:22:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299058.509448 (Exim 4.92) (envelope-from ) id 1nbj96-0001Ib-SV; Tue, 05 Apr 2022 13:22:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299058.509448; Tue, 05 Apr 2022 13:22:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj96-0001IT-P7; Tue, 05 Apr 2022 13:22:56 +0000 Received: by outflank-mailman (input) for mailman id 299058; Tue, 05 Apr 2022 13:22:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj95-0001IJ-5j for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj95-0001N2-4u for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbj95-0005ab-3x for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:22:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PlrmXDemNtqVqFDh/zc2Hp7dDHPFn6G2qsr2yK97ccQ=; b=D/MGpvbCDqbb35ABBHiemZ1Flx CO9SCfaEhBUY+l5rlVjJZOxors8qnu8QCJ/A7sIbJjvZNNs3mN/aR3jwbO+6KRWDJ7U4r/Cr4MAPv tInR0iO08Q037ihK5t1M6Czyc9380S5aorpYkX4bp1TuGP5e0+hmcAAY19nsPFpMynNE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] VT-d: re-assign devices directly Message-Id: Date: Tue, 05 Apr 2022 13:22:55 +0000 commit 8a9a21b1add6d96cffd028f2546b1c31f2e98210 Author: Jan Beulich AuthorDate: Tue Apr 5 15:12:28 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:12:28 2022 +0200 VT-d: re-assign devices directly Devices with RMRRs, due to it being unspecified how/when the specified memory regions may get accessed, may not be left disconnected from their respective mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than unmapping the old context and then mapping the new one, re-assignment needs to be done in a single step. This is CVE-2022-26359 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any RMRRs. The main difference is when it comes to updating context entries, which need to be atomic when there are RMRRs. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. The seemingly complicated choice of non-negative return values for domain_context_mapping_one() is to limit code churn: This way callers passing NULL for pdev don't need fiddling with. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 8f41e481b4852173909363b88c1ab3da747d3a05 master date: 2022-04-05 14:17:42 +0200 --- xen/drivers/passthrough/vtd/extern.h | 7 +- xen/drivers/passthrough/vtd/iommu.c | 267 +++++++++++++++++++++++++++-------- xen/drivers/passthrough/vtd/iommu.h | 8 +- xen/drivers/passthrough/vtd/quirks.c | 14 +- xen/drivers/passthrough/vtd/vtd.h | 10 +- 5 files changed, 232 insertions(+), 74 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 1cac22a02f..f51f8aae0d 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -85,7 +85,8 @@ void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *); + uint8_t bus, uint8_t devfn, + const struct pci_dev *pdev, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, u8 bus, u8 devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); @@ -105,8 +106,8 @@ int is_igd_vt_enabled_quirk(void); void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); -int __must_check me_wifi_quirk(struct domain *domain, - u8 bus, u8 devfn, int map); +int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, + uint8_t devfn, unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 52601303fa..a4a1c5141b 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -116,6 +116,7 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; return 0; } @@ -1353,15 +1354,27 @@ static void __hwdom_init intel_iommu_hwdom_init(struct domain *d) } } +/* + * This function returns + * - a negative errno value upon error, + * - zero upon success when previously the entry was non-present, or this isn't + * the "main" request for a device (pdev == NULL), or for no-op quarantining + * assignments, + * - positive (one) upon success when previously the entry was present and this + * is the "main" request for a device (pdev != NULL). + */ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *pdev) + uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, + unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); - struct context_entry *context, *context_entries; + struct context_entry *context, *context_entries, lctxt; + __uint128_t old; u64 maddr, pgd_maddr; - u16 seg = iommu->drhd->segment; + uint16_t seg = iommu->drhd->segment, prev_did = 0; + struct domain *prev_dom = NULL; int agaw, rc, ret; bool_t flush_dev_iotlb; @@ -1370,17 +1383,32 @@ int domain_context_mapping_one( maddr = bus_to_context_maddr(iommu, bus); context_entries = (struct context_entry *)map_vtd_domain_page(maddr); context = &context_entries[devfn]; + old = (lctxt = *context).full; - if ( context_present(*context) ) + if ( context_present(lctxt) ) { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return 0; + domid_t domid; + + prev_did = context_domain_id(lctxt); + domid = iommu->domid_map[prev_did]; + if ( domid < DOMID_FIRST_RESERVED ) + prev_dom = rcu_lock_domain_by_id(domid); + else if ( domid == DOMID_IO ) + prev_dom = rcu_lock_domain(dom_io); + if ( !prev_dom ) + { + spin_unlock(&iommu->lock); + unmap_vtd_domain_page(context_entries); + dprintk(XENLOG_DEBUG VTDPREFIX, + "no domain for did %u (nr_dom %u)\n", + prev_did, cap_ndoms(iommu->cap)); + return -ESRCH; + } } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) { - context_set_translation_type(*context, CONTEXT_TT_PASS_THRU); + context_set_translation_type(lctxt, CONTEXT_TT_PASS_THRU); agaw = level_to_agaw(iommu->nr_pt_levels); } else @@ -1397,6 +1425,8 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -ENOMEM; } } @@ -1414,33 +1444,102 @@ int domain_context_mapping_one( goto nomem; } - context_set_address_root(*context, pgd_maddr); + context_set_address_root(lctxt, pgd_maddr); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) - context_set_translation_type(*context, CONTEXT_TT_DEV_IOTLB); + context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else - context_set_translation_type(*context, CONTEXT_TT_MULTI_LEVEL); + context_set_translation_type(lctxt, CONTEXT_TT_MULTI_LEVEL); spin_unlock(&hd->arch.mapping_lock); } - if ( context_set_domain_id(context, domain, iommu) ) + rc = context_set_domain_id(&lctxt, domain, iommu); + if ( rc ) { + unlock: spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); - return -EFAULT; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + return rc; + } + + if ( !prev_dom ) + { + context_set_address_width(lctxt, agaw); + context_set_fault_enable(lctxt); + context_set_present(lctxt); + } + else if ( prev_dom == domain ) + { + ASSERT(lctxt.full == context->full); + rc = !!pdev; + goto unlock; + } + else + { + ASSERT(context_address_width(lctxt) == agaw); + ASSERT(!context_fault_disable(lctxt)); + } + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(context, &old, &lctxt.full); + + /* + * Hardware does not update the context entry behind our backs, + * so the return value should match "old". + */ + if ( res != old ) + { + if ( pdev ) + check_cleanup_domid_map(domain, pdev, iommu); + printk(XENLOG_ERR + "%04x:%02x:%02x.%u: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", + pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + rc = -EILSEQ; + goto unlock; + } + } + else if ( !prev_dom || !(mode & MAP_WITH_RMRR) ) + { + context_clear_present(*context); + iommu_sync_cache(context, sizeof(*context)); + + write_atomic(&context->hi, lctxt.hi); + /* No barrier should be needed between these two. */ + write_atomic(&context->lo, lctxt.lo); + } + else /* Best effort, updating DID last. */ + { + /* + * By non-atomically updating the context entry's DID field last, + * during a short window in time TLB entries with the old domain ID + * but the new page tables may be inserted. This could affect I/O + * of other devices using this same (old) domain ID. Such updating + * therefore is not a problem if this was the only device associated + * with the old domain ID. Diverting I/O of any of a dying domain's + * devices to the quarantine page tables is intended anyway. + */ + if ( !(mode & (MAP_OWNER_DYING | MAP_SINGLE_DEVICE)) ) + printk(XENLOG_WARNING VTDPREFIX + " %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", + seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), prev_dom); + + write_atomic(&context->lo, lctxt.lo); + /* No barrier should be needed between these two. */ + write_atomic(&context->hi, lctxt.hi); } - context_set_address_width(*context, agaw); - context_set_fault_enable(*context); - context_set_present(*context); iommu_sync_cache(context, sizeof(struct context_entry)); spin_unlock(&iommu->lock); - /* Context entry was previously non-present (with domid 0). */ - rc = iommu_flush_context_device(iommu, 0, PCI_BDF2(bus, devfn), - DMA_CCMD_MASK_NOBIT, 1); + rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF2(bus, devfn), + DMA_CCMD_MASK_NOBIT, !prev_dom); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - ret = iommu_flush_iotlb_dsi(iommu, 0, 1, flush_dev_iotlb); + ret = iommu_flush_iotlb_dsi(iommu, prev_did, !prev_dom, flush_dev_iotlb); /* * The current logic for returns: @@ -1461,17 +1560,26 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, MAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, mode); if ( rc ) { - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + if ( !prev_dom ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); + else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + mode & MAP_WITH_RMRR) < 0; + else + ret = 1; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); } - return rc; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + + return rc ?: pdev && prev_dom; } static int domain_context_unmap(struct domain *d, uint8_t devfn, @@ -1481,8 +1589,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; int ret = 0; - uint16_t seg = pdev->seg; + unsigned int i, mode = 0; + uint16_t seg = pdev->seg, bdf; uint8_t bus = pdev->bus, secbus; drhd = acpi_find_matched_drhd_unit(pdev); @@ -1502,8 +1612,29 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, ASSERT(pcidevs_locked()); + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment != pdev->seg || bdf != pdev->sbdf.bdf ) + continue; + + mode |= MAP_WITH_RMRR; + break; + } + + if ( domain != pdev->domain ) + { + if ( pdev->domain->is_dying ) + mode |= MAP_OWNER_DYING; + else if ( drhd && + !any_pdev_behind_iommu(pdev->domain, pdev, drhd->iommu) && + !pdev->phantom_stride ) + mode |= MAP_SINGLE_DEVICE; + } + switch ( pdev->type ) { + bool prev_present; + case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "d%d:Hostbridge: skip %04x:%02x:%02x.%u map\n", @@ -1524,7 +1655,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); + pdev, mode); + if ( ret > 0 ) + ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) enable_ats_device(pdev, &drhd->iommu->ats_devices); @@ -1537,9 +1670,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); - if ( ret ) + pdev, mode); + if ( ret < 0 ) break; + prev_present = ret; if ( (ret = find_upstream_bridge(seg, &bus, &devfn, &secbus)) < 1 ) { @@ -1547,6 +1681,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; ret = -ENXIO; } + /* + * Strictly speaking if the device is the only one behind this bridge + * and the only one with this (secbus,0,0) tuple, it could be allowed + * to be re-assigned regardless of RMRR presence. But let's deal with + * that case only if it is actually found in the wild. + */ + else if ( prev_present && (mode & MAP_WITH_RMRR) && + domain != pdev->domain ) + ret = -EOPNOTSUPP; /* * Mapping a bridge should, if anything, pass the struct pci_dev of @@ -1555,7 +1698,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL); + NULL, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1570,10 +1713,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL); + NULL, mode); if ( ret ) - domain_context_unmap(domain, devfn, pdev); + { + if ( !prev_present ) + domain_context_unmap(domain, devfn, pdev); + else if ( pdev->domain != domain ) /* Avoid infinite recursion. */ + domain_context_mapping(pdev->domain, devfn, pdev); + } break; @@ -2352,9 +2500,8 @@ static int reassign_device_ownership( { int ret; - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_assign(target); /* * Devices assigned to untrusted domains (here assumed to be any domU) @@ -2364,6 +2511,31 @@ static int reassign_device_ownership( if ( (target != hardware_domain) && !iommu_intremap ) untrusted_msi = true; + ret = domain_context_mapping(target, devfn, pdev); + if ( ret ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_deassign(target); + return ret; + } + + if ( pdev->devfn == devfn ) + { + const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + + if ( drhd ) + check_cleanup_domid_map(source, pdev, drhd->iommu); + } + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + + if ( !has_arch_pdevs(source) ) + vmx_pi_hooks_deassign(source); + /* * If the device belongs to the hardware domain, and it has RMRR, don't * remove it from the hardware domain, because BIOS may use RMRR at @@ -2392,34 +2564,7 @@ static int reassign_device_ownership( } } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - if ( !has_arch_pdevs(source) ) - vmx_pi_hooks_deassign(source); - - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_assign(target); - - ret = domain_context_mapping(target, devfn, pdev); - if ( ret ) - { - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_deassign(target); - - return ret; - } - - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - - return ret; + return 0; } static int intel_iommu_assign_device( diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 32b39c606a..503b07ffb7 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -202,8 +202,12 @@ struct root_entry { do {(root).val |= ((value) & PAGE_MASK_4K);} while(0) struct context_entry { - u64 lo; - u64 hi; + union { + struct { + uint64_t lo, hi; + }; + __uint128_t full; + }; }; #define ROOT_ENTRY_NR (PAGE_SIZE_4K/sizeof(struct root_entry)) #define context_present(c) ((c).lo & 1) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 1de2578378..7323e0f702 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -344,7 +344,8 @@ void __init platform_quirks_init(void) */ static int __must_check map_me_phantom_function(struct domain *domain, - u32 dev, int map) + unsigned int dev, + unsigned int mode) { struct acpi_drhd_unit *drhd; struct pci_dev *pdev; @@ -355,9 +356,9 @@ static int __must_check map_me_phantom_function(struct domain *domain, drhd = acpi_find_matched_drhd_unit(pdev); /* map or unmap ME phantom function */ - if ( map ) + if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL); + PCI_DEVFN(dev, 7), NULL, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, PCI_DEVFN(dev, 7)); @@ -365,7 +366,8 @@ static int __must_check map_me_phantom_function(struct domain *domain, return rc; } -int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) +int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, + unsigned int mode) { u32 id; int rc = 0; @@ -389,7 +391,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, map); + rc = map_me_phantom_function(domain, 3, mode); break; default: break; @@ -415,7 +417,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, map); + rc = map_me_phantom_function(domain, 22, mode); break; default: break; diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index bb8889f350..e4ab242fee 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -22,8 +22,14 @@ #include -#define MAP_ME_PHANTOM_FUNC 1 -#define UNMAP_ME_PHANTOM_FUNC 0 +/* + * Values for domain_context_mapping_one()'s and me_wifi_quirk()'s "mode" + * parameters. + */ +#define MAP_WITH_RMRR (1u << 0) +#define MAP_OWNER_DYING (1u << 1) +#define MAP_SINGLE_DEVICE (1u << 2) +#define UNMAP_ME_PHANTOM_FUNC (1u << 3) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:23:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:23:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299059.509452 (Exim 4.92) (envelope-from ) id 1nbj9G-0001Lr-VU; Tue, 05 Apr 2022 13:23:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299059.509452; Tue, 05 Apr 2022 13:23:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9G-0001Lh-SJ; Tue, 05 Apr 2022 13:23:06 +0000 Received: by outflank-mailman (input) for mailman id 299059; Tue, 05 Apr 2022 13:23:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9F-0001LT-9C for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9F-0001Ni-8K for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbj9F-0005bk-7S for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZX1tohTiHdoKnGoQQ7ewZyPU3Fb/SIP0YoNmiqhYVzg=; b=h1JyMzgn3oM+o060Tpw9uJH8nJ eHjVEyvpfl+YLSpyA0pRalIpqO2K0ArE+xoeOm/yl+MR6YVrxxl2C50Tk7aimoRC5GieSI4vEFW3U P3uE/2MG/vfoXUWF+ULbLMBj1JeGIJzEYqEs3+y5haMw/7SkYXoUPU+n0DSHgeur1VMU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] AMD/IOMMU: re-assign devices directly Message-Id: Date: Tue, 05 Apr 2022 13:23:05 +0000 commit 037d360f578eb71c522af6550085e3df56d4fd30 Author: Jan Beulich AuthorDate: Tue Apr 5 15:12:46 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:12:46 2022 +0200 AMD/IOMMU: re-assign devices directly Devices with unity map ranges, due to it being unspecified how/when these memory ranges may get accessed, may not be left disconnected from their unity mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than tearing down the old root page table pointer and then establishing the new one, re-assignment needs to be done in a single step. This is CVE-2022-26360 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any unity map ranges. The main difference is when it comes to updating DTEs, which need to be atomic when there are unity mappings. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© master commit: 1fa6e9aa36233fe9c29a204fcb2697e985b8345f master date: 2022-04-05 14:18:04 +0200 --- xen/drivers/passthrough/amd/iommu.h | 10 +- xen/drivers/passthrough/amd/iommu_map.c | 67 ++++++++++- xen/drivers/passthrough/amd/pci_amd_iommu.c | 180 ++++++++++++++++++++-------- 3 files changed, 200 insertions(+), 57 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index fc4fd051b8..b1194ca92f 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -247,9 +247,13 @@ void amd_iommu_set_intremap_table(struct amd_iommu_dte *dte, const void *ptr, const struct amd_iommu *iommu, bool valid); -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid); +#define SET_ROOT_VALID (1u << 0) +#define SET_ROOT_WITH_UNITY_MAP (1u << 1) +int __must_check amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, + uint16_t domain_id, + uint8_t paging_mode, + unsigned int flags); void iommu_dte_add_device_entry(struct amd_iommu_dte *dte, const struct ivrs_mappings *ivrs_dev); void iommu_dte_set_guest_cr3(struct amd_iommu_dte *dte, uint16_t dom_id, diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 90c6e8b93e..d10dd1ac8e 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -99,10 +99,69 @@ static unsigned int set_iommu_pte_present(unsigned long pt_mfn, return flush_flags; } -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid) +/* + * This function returns + * - -errno for errors, + * - 0 for a successful update, atomic when necessary + * - 1 for a successful but non-atomic update, which may need to be warned + * about by the caller. + */ +int amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, uint16_t domain_id, + uint8_t paging_mode, unsigned int flags) { + bool valid = flags & SET_ROOT_VALID; + + if ( dte->v && dte->tv && + (cpu_has_cx16 || (flags & SET_ROOT_WITH_UNITY_MAP)) ) + { + union { + struct amd_iommu_dte dte; + uint64_t raw64[4]; + __uint128_t raw128[2]; + } ldte = { .dte = *dte }; + __uint128_t old = ldte.raw128[0]; + int ret = 0; + + ldte.dte.domain_id = domain_id; + ldte.dte.pt_root = paddr_to_pfn(root_ptr); + ldte.dte.iw = true; + ldte.dte.ir = true; + ldte.dte.paging_mode = paging_mode; + ldte.dte.v = valid; + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(dte, &old, &ldte.raw128[0]); + + /* + * Hardware does not update the DTE behind our backs, so the + * return value should match "old". + */ + if ( res != old ) + { + printk(XENLOG_ERR + "Dom%d: unexpected DTE %016lx_%016lx (expected %016lx_%016lx)\n", + domain_id, + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + ret = -EILSEQ; + } + } + else /* Best effort, updating domain_id last. */ + { + uint64_t *ptr = (void *)dte; + + write_atomic(ptr + 0, ldte.raw64[0]); + /* No barrier should be needed between these two. */ + write_atomic(ptr + 1, ldte.raw64[1]); + + ret = 1; + } + + return ret; + } + if ( valid || dte->v ) { dte->tv = false; @@ -117,6 +176,8 @@ void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, smp_wmb(); dte->tv = true; dte->v = valid; + + return 0; } void amd_iommu_set_intremap_table( diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 627ed79508..e87abbeb74 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -82,40 +82,81 @@ int get_dma_requestor_id(uint16_t seg, uint16_t bdf) return req_id; } -static void amd_iommu_setup_domain_device( +static int __must_check allocate_domain_resources(struct domain_iommu *hd) +{ + int rc; + + spin_lock(&hd->arch.mapping_lock); + rc = amd_iommu_alloc_root(hd); + spin_unlock(&hd->arch.mapping_lock); + + return rc; +} + +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct amd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + if ( pdev == exclude ) + continue; + + if ( find_iommu_for_device(pdev->seg, pdev->sbdf.bdf) == iommu ) + return true; + } + + return false; +} + +static int __must_check amd_iommu_setup_domain_device( struct domain *domain, struct amd_iommu *iommu, uint8_t devfn, struct pci_dev *pdev) { struct amd_iommu_dte *table, *dte; unsigned long flags; - int req_id, valid = 1; + unsigned int req_id, sr_flags; + int rc; u8 bus = pdev->bus; - const struct domain_iommu *hd = dom_iommu(domain); + struct domain_iommu *hd = dom_iommu(domain); + const struct ivrs_mappings *ivrs_dev; + + BUG_ON(!hd->arch.paging_mode || !iommu->dev_table.buffer); - BUG_ON( !hd->arch.root_table || !hd->arch.paging_mode || - !iommu->dev_table.buffer ); + rc = allocate_domain_resources(hd); + if ( rc ) + return rc; - if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) - valid = 0; + req_id = get_dma_requestor_id(iommu->seg, pdev->sbdf.bdf); + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + sr_flags = (iommu_hwdom_passthrough && is_hardware_domain(domain) + ? 0 : SET_ROOT_VALID) + | (ivrs_dev->unity_map ? SET_ROOT_WITH_UNITY_MAP : 0); /* get device-table entry */ req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); table = iommu->dev_table.buffer; dte = &table[req_id]; + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { - const struct ivrs_mappings *ivrs_dev; - /* bind DTE to domain page-tables */ - amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), domain->domain_id, - hd->arch.paging_mode, valid); + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode, sr_flags); + if ( rc ) + { + ASSERT(rc < 0); + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } /* Undo what amd_iommu_disable_domain_device() may have done. */ - ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; if ( dte->it_root ) { dte->int_ctl = IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED; @@ -130,17 +171,74 @@ static void amd_iommu_setup_domain_device( dte->i = ats_enabled; amd_iommu_flush_device(iommu, req_id); + } + else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.root_table)) ) + { + /* + * Strictly speaking if the device is the only one with this requestor + * ID, it could be allowed to be re-assigned regardless of unity map + * presence. But let's deal with that case only if it is actually + * found in the wild. + */ + if ( req_id != PCI_BDF2(bus, devfn) && + (sr_flags & SET_ROOT_WITH_UNITY_MAP) ) + rc = -EOPNOTSUPP; + else + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode, sr_flags); + if ( rc < 0 ) + { + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } + if ( rc && + domain != pdev->domain && + /* + * By non-atomically updating the DTE's domain ID field last, + * during a short window in time TLB entries with the old domain + * ID but the new page tables may have been inserted. This could + * affect I/O of other devices using this same (old) domain ID. + * Such updating therefore is not a problem if this was the only + * device associated with the old domain ID. Diverting I/O of any + * of a dying domain's devices to the quarantine page tables is + * intended anyway. + */ + !pdev->domain->is_dying && + (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || + pdev->phantom_stride) ) + printk(" %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", + pdev->seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + pdev->domain); + + /* + * Check remaining settings are still in place from an earlier call + * here. They're all independent of the domain, so should not have + * changed. + */ + if ( dte->it_root ) + ASSERT(dte->int_ctl == IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED); + ASSERT(dte->iv == iommu_intremap); + ASSERT(dte->ex == ivrs_dev->dte_allow_exclusion); + ASSERT(dte->sys_mgt == MASK_EXTR(ivrs_dev->device_flags, + ACPI_IVHD_SYSTEM_MGMT)); - AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " - "root table = %#"PRIx64", " - "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode); + if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && + iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) + ASSERT(dte->i == ats_enabled); + + amd_iommu_flush_device(iommu, req_id); } spin_unlock_irqrestore(&iommu->lock, flags); + AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " + "root table = %#"PRIx64", " + "domain = %d, paging mode = %d\n", + req_id, pdev->type, + page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode); + ASSERT(pcidevs_locked()); if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && @@ -151,6 +249,8 @@ static void amd_iommu_setup_domain_device( amd_iommu_flush_iotlb(devfn, pdev, INV_IOMMU_ALL_PAGES_ADDRESS, 0); } + + return 0; } int __init acpi_ivrs_init(void) @@ -214,17 +314,6 @@ int amd_iommu_alloc_root(struct domain_iommu *hd) return 0; } -static int __must_check allocate_domain_resources(struct domain_iommu *hd) -{ - int rc; - - spin_lock(&hd->arch.mapping_lock); - rc = amd_iommu_alloc_root(hd); - spin_unlock(&hd->arch.mapping_lock); - - return rc; -} - int __read_mostly amd_iommu_min_paging_mode = 1; static int amd_iommu_domain_init(struct domain *d) @@ -324,7 +413,6 @@ static int reassign_device(struct domain *source, struct domain *target, { struct amd_iommu *iommu; int bdf, rc; - struct domain_iommu *t = dom_iommu(target); const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); @@ -338,7 +426,15 @@ static int reassign_device(struct domain *source, struct domain *target, return -ENODEV; } - amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); + if ( rc ) + return rc; + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } /* * If the device belongs to the hardware domain, and it has a unity mapping, @@ -354,27 +450,10 @@ static int reassign_device(struct domain *source, struct domain *target, return rc; } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - rc = allocate_domain_resources(t); - if ( rc ) - return rc; - - amd_iommu_setup_domain_device(target, iommu, devfn, pdev); AMD_IOMMU_DEBUG("Re-assign %04x:%02x:%02x.%u from dom%d to dom%d\n", pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - return 0; } @@ -538,8 +617,7 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) spin_unlock_irqrestore(&iommu->lock, flags); } - amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); - return 0; + return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:23:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:23:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299060.509455 (Exim 4.92) (envelope-from ) id 1nbj9R-0001OX-1F; Tue, 05 Apr 2022 13:23:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299060.509455; Tue, 05 Apr 2022 13:23:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9Q-0001OP-U6; Tue, 05 Apr 2022 13:23:16 +0000 Received: by outflank-mailman (input) for mailman id 299060; Tue, 05 Apr 2022 13:23:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9P-0001OH-CQ for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9P-0001Ns-BW for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbj9P-0005cP-Ar for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GN/z7+VzdOjnQbzanOEYMFIHdSj2JNPqd3dC3CyF6Zs=; b=q3XLM1Zv/7EyWDrOdNFq5w/bGS FH/OIsE+qYSU7FekK1+aggkWiuDtCcyep3SuvRFzmu4qnjgXnptMoaKN/srqnYKsaz8rIZmjoLwAk 5xTZHwkX7DEB1qu9UMfFmI8QjDNDi4gpm7WNHBtZQeya914Ekp+fxGMUS2nWuCmvE4+0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] VT-d: prepare for per-device quarantine page tables (part I) Message-Id: Date: Tue, 05 Apr 2022 13:23:15 +0000 commit 680517b6e376729497cbbaf5664fef6b67ebee71 Author: Jan Beulich AuthorDate: Tue Apr 5 15:13:02 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:13:02 2022 +0200 VT-d: prepare for per-device quarantine page tables (part I) Arrange for domain ID and page table root to be passed around, the latter in particular to domain_pgd_maddr() such that taking it from the per-domain fields can be overridden. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: eb19326a328d49a6a4dc3930391b340f3bcd8948 master date: 2022-04-05 14:18:26 +0200 --- xen/drivers/passthrough/vtd/extern.h | 8 +++-- xen/drivers/passthrough/vtd/iommu.c | 62 ++++++++++++++++++++++++------------ xen/drivers/passthrough/vtd/quirks.c | 13 +++++--- 3 files changed, 54 insertions(+), 29 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index f51f8aae0d..897dcff9ff 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -86,9 +86,10 @@ void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, - const struct pci_dev *pdev, unsigned int mode); + const struct pci_dev *pdev, domid_t domid, + paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn); + uint8_t bus, uint8_t devfn, domid_t domid); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); @@ -107,7 +108,8 @@ void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, - uint8_t devfn, unsigned int mode); + uint8_t devfn, domid_t domid, paddr_t pgd_maddr, + unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index a4a1c5141b..648573ddd9 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1367,12 +1367,12 @@ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); struct context_entry *context, *context_entries, lctxt; __uint128_t old; - u64 maddr, pgd_maddr; + uint64_t maddr; uint16_t seg = iommu->drhd->segment, prev_did = 0; struct domain *prev_dom = NULL; int agaw, rc, ret; @@ -1413,10 +1413,12 @@ int domain_context_mapping_one( } else { + paddr_t root = pgd_maddr; + spin_lock(&hd->arch.mapping_lock); /* Ensure we have pagetables allocated down to leaf PTE. */ - if ( hd->arch.pgd_maddr == 0 ) + if ( !root ) { addr_to_dma_page_maddr(domain, 0, 1); if ( hd->arch.pgd_maddr == 0 ) @@ -1429,22 +1431,24 @@ int domain_context_mapping_one( rcu_unlock_domain(prev_dom); return -ENOMEM; } + + root = hd->arch.pgd_maddr; } /* Skip top levels of page tables for 2- and 3-level DRHDs. */ - pgd_maddr = hd->arch.pgd_maddr; for ( agaw = level_to_agaw(4); agaw != level_to_agaw(iommu->nr_pt_levels); agaw-- ) { - struct dma_pte *p = map_vtd_domain_page(pgd_maddr); - pgd_maddr = dma_pte_addr(*p); + struct dma_pte *p = map_vtd_domain_page(root); + + root = dma_pte_addr(*p); unmap_vtd_domain_page(p); - if ( pgd_maddr == 0 ) + if ( !root ) goto nomem; } - context_set_address_root(lctxt, pgd_maddr); + context_set_address_root(lctxt, root); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else @@ -1560,15 +1564,21 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, mode); + rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); if ( rc ) { if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + { + hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + domain->domain_id, + hd->arch.pgd_maddr, mode & MAP_WITH_RMRR) < 0; + } else ret = 1; @@ -1590,6 +1600,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; + paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1655,7 +1666,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret > 0 ) ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) @@ -1670,7 +1682,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret < 0 ) break; prev_present = ret; @@ -1698,7 +1711,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1713,7 +1727,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); if ( ret ) { @@ -1742,7 +1757,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn) + uint8_t bus, uint8_t devfn, domid_t domid) { struct context_entry *context, *context_entries; u64 maddr; @@ -1800,7 +1815,7 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1853,7 +1868,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, printk(VTDPREFIX "d%d:PCIe: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1863,7 +1879,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( ret ) break; @@ -1889,12 +1906,15 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, /* PCIe to PCI/PCIx bridge */ if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0); + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + domain->domain_id); } else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 7323e0f702..c0deef556b 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -345,6 +345,8 @@ void __init platform_quirks_init(void) static int __must_check map_me_phantom_function(struct domain *domain, unsigned int dev, + domid_t domid, + paddr_t pgd_maddr, unsigned int mode) { struct acpi_drhd_unit *drhd; @@ -358,16 +360,17 @@ static int __must_check map_me_phantom_function(struct domain *domain, /* map or unmap ME phantom function */ if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL, mode); + PCI_DEVFN(dev, 7), NULL, + domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7)); + PCI_DEVFN(dev, 7), domid); return rc; } int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { u32 id; int rc = 0; @@ -391,7 +394,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, mode); + rc = map_me_phantom_function(domain, 3, domid, pgd_maddr, mode); break; default: break; @@ -417,7 +420,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, mode); + rc = map_me_phantom_function(domain, 22, domid, pgd_maddr, mode); break; default: break; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:23:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:23:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299061.509460 (Exim 4.92) (envelope-from ) id 1nbj9b-0001Rp-4F; Tue, 05 Apr 2022 13:23:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299061.509460; Tue, 05 Apr 2022 13:23:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9b-0001Rg-15; Tue, 05 Apr 2022 13:23:27 +0000 Received: by outflank-mailman (input) for mailman id 299061; Tue, 05 Apr 2022 13:23:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9Z-0001RV-Fn for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9Z-0001O5-F0 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbj9Z-0005cu-EC for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1G2r573u6be3/+PTGK/PKHciHz1w3/5ttjQtpu2i2JQ=; b=4NinDoMTL2o+pbkczFoDFT0Aht k5257xkzPnRV4gueUFAn4nS+Ej3qT2EwIOl6ruDQP9uAqWUZErRnI+Srvkos96ZI6YdHU+GyrbhDN 5nOId12sX5KRmwQ9OsgyjqZCklexm2qEXZVNe6s6jui2DQEqY1twWUPwKrUoW1R2qxDA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] VT-d: prepare for per-device quarantine page tables (part II) Message-Id: Date: Tue, 05 Apr 2022 13:23:25 +0000 commit 77c1cb2ae4c6b1e854dc9e41117183da9e08097e Author: Jan Beulich AuthorDate: Tue Apr 5 15:13:20 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:13:20 2022 +0200 VT-d: prepare for per-device quarantine page tables (part II) Replace the passing of struct domain * by domid_t in preparation of per-device quarantine page tables also requiring per-device pseudo domain IDs, which aren't going to be associated with any struct domain instances. No functional change intended (except for slightly adjusted log message text). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 7131163c4806e3c7de24873164d1a003d2a27dee master date: 2022-04-05 14:18:48 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 648573ddd9..82ed48b2a3 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -58,8 +58,8 @@ static struct tasklet vtd_fault_tasklet; static int setup_hwdom_device(u8 devfn, struct pci_dev *); static void setup_hwdom_rmrr(struct domain *d); -static int domain_iommu_domid(struct domain *d, - struct vtd_iommu *iommu) +static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, + bool warn) { unsigned long nr_dom, i; @@ -67,16 +67,16 @@ static int domain_iommu_domid(struct domain *d, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) return i; i = find_next_bit(iommu->domid_bitmap, nr_dom, i+1); } - if ( !d->is_dying ) + if ( warn ) dprintk(XENLOG_ERR VTDPREFIX, - "Cannot get valid iommu %u domid: %pd\n", - iommu->index, d); + "No valid iommu %u domid for Dom%d\n", + iommu->index, domid); return -1; } @@ -84,8 +84,7 @@ static int domain_iommu_domid(struct domain *d, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 static int context_set_domain_id(struct context_entry *context, - struct domain *d, - struct vtd_iommu *iommu) + domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; @@ -96,7 +95,7 @@ static int context_set_domain_id(struct context_entry *context, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) { found = 1; break; @@ -112,7 +111,7 @@ static int context_set_domain_id(struct context_entry *context, dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: no free domain ids\n"); return -EFAULT; } - iommu->domid_map[i] = d->domain_id; + iommu->domid_map[i] = domid; } set_bit(i, iommu->domid_bitmap); @@ -121,9 +120,9 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) +static void cleanup_domid_map(domid_t domid, struct vtd_iommu *iommu) { - int iommu_domid = domain_iommu_domid(domain, iommu); + int iommu_domid = get_iommu_did(domid, iommu, false); if ( iommu_domid >= 0 ) { @@ -179,7 +178,7 @@ static void check_cleanup_domid_map(struct domain *d, if ( !found ) { clear_bit(iommu->index, &dom_iommu(d)->arch.iommu_bitmap); - cleanup_domid_map(d, iommu); + cleanup_domid_map(d->domain_id, iommu); } } @@ -636,7 +635,7 @@ static int __must_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, continue; flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - iommu_domid= domain_iommu_domid(d, iommu); + iommu_domid = get_iommu_did(d->domain_id, iommu, !d->is_dying); if ( iommu_domid == -1 ) continue; @@ -1457,7 +1456,7 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); } - rc = context_set_domain_id(&lctxt, domain, iommu); + rc = context_set_domain_id(&lctxt, domid, iommu); if ( rc ) { unlock: @@ -1782,7 +1781,7 @@ int domain_context_unmap_one( context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid= domain_iommu_domid(domain, iommu); + iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); if ( iommu_domid == -1 ) { spin_unlock(&iommu->lock); @@ -1954,7 +1953,7 @@ static void iommu_domain_teardown(struct domain *d) spin_unlock(&hd->arch.mapping_lock); for_each_drhd_unit ( drhd ) - cleanup_domid_map(d, drhd->iommu); + cleanup_domid_map(d->domain_id, drhd->iommu); } static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:23:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:23:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299062.509464 (Exim 4.92) (envelope-from ) id 1nbj9k-0001UY-5c; Tue, 05 Apr 2022 13:23:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299062.509464; Tue, 05 Apr 2022 13:23:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9k-0001UQ-2h; Tue, 05 Apr 2022 13:23:36 +0000 Received: by outflank-mailman (input) for mailman id 299062; Tue, 05 Apr 2022 13:23:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9j-0001UI-JO for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9j-0001OF-IW for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbj9j-0005dg-Hb for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XBLgYG42jh/wJLRGTNBi/IVPe8Qb9ttb/Y56DfoXKhE=; b=tYPq1eV/m9NtZfITekAYdeEmVF vwA0qnVSi+mUzckZVyDdLWmFf+yGz9N83Tzb0ZuQ9Ewp1XGvGy6xZ/xcOUNmTL5YHeiEGxaI/3Me0 G55wuUt87slJzfkHU5RXpei6eRQ8UA745M9FwyUS+GKMTIYVL7Tp5Ppx5ndlVplT/hIM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] IOMMU/x86: maintain a per-device pseudo domain ID Message-Id: Date: Tue, 05 Apr 2022 13:23:35 +0000 commit 27b89fdd092907af40d1945ea7b05db398d39565 Author: Jan Beulich AuthorDate: Tue Apr 5 15:13:43 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:13:43 2022 +0200 IOMMU/x86: maintain a per-device pseudo domain ID In order to subsequently enable per-device quarantine page tables, we'll need domain-ID-like identifiers to be inserted in the respective device (AMD) or context (Intel) table entries alongside the per-device page table root addresses. Make use of "real" domain IDs occupying only half of the value range coverable by domid_t. Note that in VT-d's iommu_alloc() I didn't want to introduce new memory leaks in case of error, but existing ones don't get plugged - that'll be the subject of a later change. The VT-d changes are slightly asymmetric, but this way we can avoid assigning pseudo domain IDs to devices which would never be mapped while still avoiding to add a new parameter to domain_context_unmap(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 97af062b89d52c0ecf7af254b53345c97d438e33 master date: 2022-04-05 14:19:10 +0200 --- xen/drivers/passthrough/amd/iommu.h | 1 + xen/drivers/passthrough/amd/iommu_detect.c | 8 ++++ xen/drivers/passthrough/amd/pci_amd_iommu.c | 22 ++++++++- xen/drivers/passthrough/pci.c | 11 +++-- xen/drivers/passthrough/vtd/iommu.c | 69 ++++++++++++++++++++++++----- xen/drivers/passthrough/vtd/iommu.h | 1 + xen/drivers/passthrough/x86/iommu.c | 47 ++++++++++++++++++++ xen/include/asm-x86/iommu.h | 4 ++ xen/include/asm-x86/pci.h | 6 +++ 9 files changed, 153 insertions(+), 16 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index b1194ca92f..79c6a5b5b0 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -96,6 +96,7 @@ struct amd_iommu { struct ring_buffer cmd_buffer; struct ring_buffer event_log; struct ring_buffer ppr_log; + unsigned long *domid_map; int exclusion_enable; int exclusion_allow_all; diff --git a/xen/drivers/passthrough/amd/iommu_detect.c b/xen/drivers/passthrough/amd/iommu_detect.c index 8312bb4b6f..a5fa647a18 100644 --- a/xen/drivers/passthrough/amd/iommu_detect.c +++ b/xen/drivers/passthrough/amd/iommu_detect.c @@ -180,6 +180,11 @@ int __init amd_iommu_detect_one_acpi( if ( rt ) goto out; + iommu->domid_map = iommu_init_domid(); + rt = -ENOMEM; + if ( !iommu->domid_map ) + goto out; + rt = pci_ro_device(iommu->seg, bus, PCI_DEVFN(dev, func)); if ( rt ) printk(XENLOG_ERR @@ -191,7 +196,10 @@ int __init amd_iommu_detect_one_acpi( out: if ( rt ) + { + xfree(iommu->domid_map); xfree(iommu); + } return rt; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index e87abbeb74..bd5f61fc3f 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -554,6 +554,8 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) struct amd_iommu *iommu; u16 bdf; struct ivrs_mappings *ivrs_mappings; + bool fresh_domid = false; + int ret; if ( !pdev->domain ) return -EINVAL; @@ -617,7 +619,22 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) spin_unlock_irqrestore(&iommu->lock, flags); } - return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = iommu_alloc_domid(iommu->domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + fresh_domid = true; + } + + ret = amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( ret && fresh_domid ) + { + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + + return ret; } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) @@ -642,6 +659,9 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, devfn); if ( amd_iommu_perdev_intremap && diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index f15af59764..0dfe30e38a 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -339,6 +339,7 @@ static struct pci_dev *alloc_pdev(struct pci_seg *pseg, u8 bus, u8 devfn) *((u8*) &pdev->bus) = bus; *((u8*) &pdev->devfn) = devfn; pdev->domain = NULL; + pdev->arch.pseudo_domid = DOMID_INVALID; INIT_LIST_HEAD(&pdev->msi_list); pos = pci_find_cap_offset(pseg->nr, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), @@ -1349,9 +1350,13 @@ static int _dump_pci_devices(struct pci_seg *pseg, void *arg) list_for_each_entry ( pdev, &pseg->alldevs_list, alldevs_list ) { - printk("%04x:%02x:%02x.%u - %pd - node %-3d - MSIs < ", - pseg->nr, pdev->bus, - PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn), pdev->domain, + printk("%04x:%02x:%02x.%u - ", pseg->nr, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); + if ( pdev->domain == dom_io ) + printk("DomIO:%x", pdev->arch.pseudo_domid); + else + printk("%pd", pdev->domain); + printk(" - node %-3d - MSIs < ", (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); list_for_each_entry ( msi, &pdev->msi_list, list ) printk("%d ", msi->irq); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 82ed48b2a3..52e9ec38e6 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -1195,7 +1196,7 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { struct vtd_iommu *iommu; unsigned long sagaw, nr_dom; - int agaw; + int agaw, rc; if ( nr_iommus >= MAX_IOMMUS ) { @@ -1288,7 +1289,16 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) if ( !iommu->domid_map ) return -ENOMEM; + iommu->pseudo_domid_map = iommu_init_domid(); + rc = -ENOMEM; + if ( !iommu->pseudo_domid_map ) + goto free; + return 0; + + free: + iommu_free(drhd); + return rc; } void __init iommu_free(struct acpi_drhd_unit *drhd) @@ -1311,6 +1321,7 @@ void __init iommu_free(struct acpi_drhd_unit *drhd) xfree(iommu->domid_bitmap); xfree(iommu->domid_map); + xfree(iommu->pseudo_domid_map); if ( iommu->msi.irq >= 0 ) destroy_irq(iommu->msi.irq); @@ -1591,8 +1602,8 @@ int domain_context_mapping_one( return rc ?: pdev && prev_dom; } -static int domain_context_unmap(struct domain *d, uint8_t devfn, - struct pci_dev *pdev); +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *d, uint8_t devfn, struct pci_dev *pdev); static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) @@ -1600,6 +1611,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; + domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1660,6 +1672,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCIe_ENDPOINT: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "d%d:PCIe: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, @@ -1675,6 +1695,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCI: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, @@ -1750,6 +1778,13 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && devfn == pdev->devfn ) pci_vtd_quirk(pdev); + if ( ret && drhd && orig_domid == DOMID_INVALID ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return ret; } @@ -1832,8 +1867,10 @@ int domain_context_unmap_one( return rc; } -static int domain_context_unmap(struct domain *domain, u8 devfn, - struct pci_dev *pdev) +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *domain, + uint8_t devfn, + struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -1843,7 +1880,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) - return -ENODEV; + return ERR_PTR(-ENODEV); iommu = drhd->iommu; switch ( pdev->type ) @@ -1854,7 +1891,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); if ( !is_hardware_domain(domain) ) - return -EPERM; + return ERR_PTR(-EPERM); goto out; case DEV_TYPE_PCIe_BRIDGE: @@ -1929,7 +1966,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, check_cleanup_domid_map(domain, pdev, iommu); out: - return ret; + return ret ? ERR_PTR(ret) : drhd; } static void iommu_domain_teardown(struct domain *d) @@ -2153,16 +2190,17 @@ static int intel_iommu_enable_device(struct pci_dev *pdev) static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { + const struct acpi_drhd_unit *drhd; struct acpi_rmrr_unit *rmrr; u16 bdf; - int ret, i; + unsigned int i; if ( !pdev->domain ) return -EINVAL; - ret = domain_context_unmap(pdev->domain, devfn, pdev); - if ( ret ) - return ret; + drhd = domain_context_unmap(pdev->domain, devfn, pdev); + if ( IS_ERR(drhd) ) + return PTR_ERR(drhd); for_each_rmrr_device ( rmrr, bdf, i ) { @@ -2179,6 +2217,13 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + if ( drhd ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 503b07ffb7..be44fc017f 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -535,6 +535,7 @@ struct vtd_iommu { } flush; struct list_head ats_devices; + unsigned long *pseudo_domid_map; /* "pseudo" domain id bitmap */ unsigned long *domid_bitmap; /* domain id bitmap */ u16 *domid_map; /* domain id mapping array */ uint32_t version; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 2db74e5a54..bf18f2f3a5 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -375,6 +375,53 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) return; } +unsigned long *__init iommu_init_domid(void) +{ + if ( !iommu_quarantine ) + return ZERO_BLOCK_PTR; + + BUILD_BUG_ON(DOMID_MASK * 2U >= UINT16_MAX); + + return xzalloc_array(unsigned long, + BITS_TO_LONGS(UINT16_MAX - DOMID_MASK)); +} + +domid_t iommu_alloc_domid(unsigned long *map) +{ + /* + * This is used uniformly across all IOMMUs, such that on typical + * systems we wouldn't re-use the same ID very quickly (perhaps never). + */ + static unsigned int start; + unsigned int idx = find_next_zero_bit(map, UINT16_MAX - DOMID_MASK, start); + + ASSERT(pcidevs_locked()); + + if ( idx >= UINT16_MAX - DOMID_MASK ) + idx = find_first_zero_bit(map, UINT16_MAX - DOMID_MASK); + if ( idx >= UINT16_MAX - DOMID_MASK ) + return DOMID_INVALID; + + __set_bit(idx, map); + + start = idx + 1; + + return idx | (DOMID_MASK + 1); +} + +void iommu_free_domid(domid_t domid, unsigned long *map) +{ + ASSERT(pcidevs_locked()); + + if ( domid == DOMID_INVALID ) + return; + + ASSERT(domid > DOMID_MASK); + + if ( !__test_and_clear_bit(domid & DOMID_MASK, map) ) + BUG(); +} + /* * Local variables: * mode: C diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index aaf9455b8e..389417d198 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -130,6 +130,10 @@ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, iommu_vcall(ops, sync_cache, addr, size); \ }) +unsigned long *iommu_init_domid(void); +domid_t iommu_alloc_domid(unsigned long *map); +void iommu_free_domid(domid_t domid, unsigned long *map); + #endif /* !__ARCH_X86_IOMMU_H__ */ /* * Local variables: diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index cc05045e9c..70ed48e309 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -15,6 +15,12 @@ struct arch_pci_dev { vmask_t used_vectors; + /* + * These fields are (de)initialized under pcidevs-lock. Other uses of + * them don't race (de)initialization and hence don't strictly need any + * locking. + */ + domid_t pseudo_domid; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:23:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:23:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299063.509467 (Exim 4.92) (envelope-from ) id 1nbj9u-0001Xm-6w; Tue, 05 Apr 2022 13:23:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299063.509467; Tue, 05 Apr 2022 13:23:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9u-0001Xe-4D; Tue, 05 Apr 2022 13:23:46 +0000 Received: by outflank-mailman (input) for mailman id 299063; Tue, 05 Apr 2022 13:23:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9t-0001XV-Mg for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbj9t-0001OJ-Lu for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbj9t-0005eR-L0 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3bJ+zZ9gkITr8JcH6FedMOQwW7ynLkF/fXiHTLTrdL0=; b=gWHq1zXvEB5lusv5pYWwPjNivN Mc2T94ZvTRu8ukqcUSs56IKqKTrIoC+29F1TLJSfkNEqbHlA1NDva/dJc+NUMZwG04FZW5lafHwII tv4dEpFwBTOVOasXJdMK+Jq7yMExplJM/dYPMv0Q1UDHXmdqp0PIfbZdKyVMNnoxh3s4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] IOMMU/x86: drop TLB flushes from quarantine_init() hooks Message-Id: Date: Tue, 05 Apr 2022 13:23:45 +0000 commit bdea7e425cbf182ebca3588792109b4e8c38bc8f Author: Jan Beulich AuthorDate: Tue Apr 5 15:14:15 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:14:15 2022 +0200 IOMMU/x86: drop TLB flushes from quarantine_init() hooks The page tables just created aren't hooked up yet anywhere, so there's nothing that could be present in any TLB, and hence nothing to flush. Dropping this flush is, at least on the VT-d side, a prereq to per- device domain ID use when quarantining devices, as dom_io isn't going to be assigned a DID anymore: The warning in get_iommu_did() would trigger. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 54c5cef49239e2f27ec3b3fc8804bf57aa4bf46d master date: 2022-04-05 14:19:42 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 2 -- xen/drivers/passthrough/vtd/iommu.c | 5 +---- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index d10dd1ac8e..eb38c9a0bf 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -585,8 +585,6 @@ int __init amd_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - amd_iommu_flush_all_pages(d); - /* Pages leaked in failure case */ return level ? -ENOMEM : 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 52e9ec38e6..322c395403 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2914,7 +2914,6 @@ static int __init intel_iommu_quarantine_init(struct domain *d) struct dma_pte *parent; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); - int rc; if ( hd->arch.pgd_maddr ) { @@ -2961,10 +2960,8 @@ static int __init intel_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - rc = iommu_flush_iotlb_all(d); - /* Pages leaked in failure case */ - return level ? -ENOMEM : rc; + return level ? -ENOMEM : 0; } const struct iommu_ops __initconstrel intel_iommu_ops = { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:23:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:23:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299064.509472 (Exim 4.92) (envelope-from ) id 1nbjA4-0001aY-8m; Tue, 05 Apr 2022 13:23:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299064.509472; Tue, 05 Apr 2022 13:23:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjA4-0001aQ-5e; Tue, 05 Apr 2022 13:23:56 +0000 Received: by outflank-mailman (input) for mailman id 299064; Tue, 05 Apr 2022 13:23:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjA3-0001aK-Pu for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjA3-0001Pv-PC for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjA3-0005fT-OH for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:23:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r6c2fW2yDvA5u25HMRu34BLP7b9X2JCfhy0z926fG2w=; b=VD0Se7EqO22+codyfwQILga91J 6qpvzsBigXwslEODyupCGLTz39tY4Ggdu3Jwf6c45jgLP6+mUX5XYke1EGCqHtkxW9B8oZNwJ9nxh btNeV+PTVSVnriNXnY3emCZvaIc89uQivzzI8tLoQ/iinlAi5ESL5M1MoQn/+jUOAl+c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] AMD/IOMMU: abstract maximum number of page table levels Message-Id: Date: Tue, 05 Apr 2022 13:23:55 +0000 commit 3e4c94da53b8943f37d458b968d582db3b5d952b Author: Jan Beulich AuthorDate: Tue Apr 5 15:14:33 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:14:33 2022 +0200 AMD/IOMMU: abstract maximum number of page table levels We will want to use the constant elsewhere. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: a038b514c1e970a8dc32229cbd31f6769ee61ad5 master date: 2022-04-05 14:20:04 +0200 --- xen/drivers/passthrough/amd/iommu-defs.h | 1 + xen/drivers/passthrough/amd/iommu.h | 2 +- xen/drivers/passthrough/amd/iommu_map.c | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu-defs.h b/xen/drivers/passthrough/amd/iommu-defs.h index 0c97db2a32..8810e497b9 100644 --- a/xen/drivers/passthrough/amd/iommu-defs.h +++ b/xen/drivers/passthrough/amd/iommu-defs.h @@ -106,6 +106,7 @@ struct amd_iommu_dte { bool tv:1; unsigned int :5; unsigned int had:2; +#define IOMMU_MAX_PT_LEVELS 6 unsigned int paging_mode:3; uint64_t pt_root:40; bool ppr:1; diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 79c6a5b5b0..1cddbb9f94 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -362,7 +362,7 @@ static inline int amd_iommu_get_paging_mode(unsigned long max_frames) while ( max_frames > PTE_PER_TABLE_SIZE ) { max_frames = PTE_PER_TABLE_ALIGN(max_frames) >> PTE_PER_TABLE_SHIFT; - if ( ++level > 6 ) + if ( ++level > IOMMU_MAX_PT_LEVELS ) return -ENOMEM; } diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index eb38c9a0bf..544c5bc2e4 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -256,7 +256,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, table = hd->arch.root_table; level = hd->arch.paging_mode; - BUG_ON( table == NULL || level < 1 || level > 6 ); + BUG_ON( table == NULL || level < 1 || level > IOMMU_MAX_PT_LEVELS ); /* * A frame number past what the current page tables can represent can't -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:24:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:24:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299065.509476 (Exim 4.92) (envelope-from ) id 1nbjAE-0001dv-BS; Tue, 05 Apr 2022 13:24:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299065.509476; Tue, 05 Apr 2022 13:24:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjAE-0001dn-8W; Tue, 05 Apr 2022 13:24:06 +0000 Received: by outflank-mailman (input) for mailman id 299065; Tue, 05 Apr 2022 13:24:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjAD-0001df-Tg for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:24:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjAD-0001Qb-Sn for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:24:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjAD-0005gR-S6 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:24:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uHl9lef/IrcjPc/v3Z6QnGBiZ0TTOZuHJviS2ezCc20=; b=o8ICFzsJFgj49X5Fvmvij8iIIs 4FeWnyX1VdnDnRFE2bc6qRx/x/s/ezrtphMzOlmGytXLrC0fVxGhszU1kyEDvHChrw6W2UQejxVOk vsmuvF39HHzyrpC2XudBZlUbS7eZ3wmhkGp7A6SuvW4ZjccgMQaPNBPbqFSPDp36LDts=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] IOMMU/x86: use per-device page tables for quarantining Message-Id: Date: Tue, 05 Apr 2022 13:24:05 +0000 commit faed81ff3940b377a981af37a89161bddcacdaf5 Author: Jan Beulich AuthorDate: Tue Apr 5 15:14:50 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:14:50 2022 +0200 IOMMU/x86: use per-device page tables for quarantining Devices with RMRRs / unity mapped regions, due to it being unspecified how/when these memory regions may be accessed, may not be left disconnected from the mappings of these regions (as long as it's not certain that the device has been fully quiesced). Hence even the page tables used when quarantining such devices need to have mappings of those regions. This implies installing page tables in the first place even when not in scratch-page quarantining mode. This is CVE-2022-26361 / part of XSA-400. While for the purpose here it would be sufficient to have devices with RMRRs / unity mapped regions use per-device page tables, extend this to all devices (in scratch-page quarantining mode). This allows the leaf pages to be mapped r/w, thus covering also memory writes (rather than just reads) issued by non-quiescent devices. Set up quarantine page tables as late as possible, yet early enough to not encounter failure during de-assign. This means setup generally happens in assign_device(), while (for now) the one in deassign_device() is there mainly to be on the safe side. In VT-d's DID allocation function don't require the IOMMU lock to be held anymore: All involved code paths hold pcidevs_lock, so this way we avoid the need to acquire the IOMMU lock around the new call to context_set_domain_id(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 14dd241aad8af447680ac73e8579990e2c09c1e7 master date: 2022-04-05 14:24:18 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/amd/iommu.h | 3 +- xen/drivers/passthrough/amd/iommu_map.c | 155 ++++++++++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 35 ++-- xen/drivers/passthrough/iommu.c | 18 +- xen/drivers/passthrough/pci.c | 20 ++- xen/drivers/passthrough/vtd/iommu.c | 247 ++++++++++++++++++++-------- xen/drivers/passthrough/vtd/iommu.h | 2 +- xen/include/asm-x86/pci.h | 13 ++ xen/include/xen/iommu.h | 3 +- 10 files changed, 363 insertions(+), 135 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index ee0f2f6a09..be5e9c031a 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1455,7 +1455,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int ret; - if ( !paging_mode_translate(p2m->domain) ) + if ( !paging_mode_translate(d) ) { if ( !is_iommu_enabled(d) ) return 0; diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 1cddbb9f94..6f011bd68f 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -223,7 +223,8 @@ int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); int iov_adjust_irq_affinities(void); -int amd_iommu_quarantine_init(struct domain *d); +int amd_iommu_quarantine_init(struct pci_dev *pdev); +void amd_iommu_quarantine_teardown(struct pci_dev *pdev); /* mapping functions */ int __must_check amd_iommu_map_page(struct domain *d, dfn_t dfn, diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 544c5bc2e4..8a39999192 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -529,64 +529,137 @@ int amd_iommu_reserve_domain_unity_unmap(struct domain *d, return rc; } -int __init amd_iommu_quarantine_init(struct domain *d) +static int fill_qpt(union amd_iommu_pte *this, unsigned int level, + struct page_info *pgs[IOMMU_MAX_PT_LEVELS], + struct pci_dev *pdev) { - struct domain_iommu *hd = dom_iommu(d); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_PER_TABLE_SIZE; ++i ) + { + union amd_iommu_pte *pte = &this[i], *next; + + if ( !pte->pr ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = alloc_amd_iommu_pgtable(); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + page_list_add(pgs[level], &pdev->arch.pgtables_list); + + if ( level ) + { + next = __map_domain_page(pgs[level]); + rc = fill_qpt(next, level - 1, pgs, pdev); + unmap_domain_page(next); + } + } + + /* + * PDEs are essentially a subset of PTEs, so this function + * is fine to use even at the leaf. + */ + set_iommu_pde_present(pte, mfn_x(page_to_mfn(pgs[level])), level, + true, true); + } + else if ( level && pte->next_level ) + { + page_list_add(mfn_to_page(_mfn(pte->mfn)), + &pdev->arch.pgtables_list); + next = map_domain_page(_mfn(pte->mfn)); + rc = fill_qpt(next, level - 1, pgs, pdev); + unmap_domain_page(next); + } + } + + return rc; +} + +int amd_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); unsigned long end_gfn = 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT); unsigned int level = amd_iommu_get_paging_mode(end_gfn); - union amd_iommu_pte *table; + unsigned int req_id = get_dma_requestor_id(pdev->seg, pdev->sbdf.bdf); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + int rc; + + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.root_table); - if ( hd->arch.root_table ) + ASSERT(pdev->arch.pseudo_domid != DOMID_INVALID); + + if ( pdev->arch.amd.root_table ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + pdev->arch.amd.root_table = alloc_amd_iommu_pgtable(); + if ( !pdev->arch.amd.root_table ) + return -ENOMEM; - hd->arch.root_table = alloc_amd_iommu_pgtable(); - if ( !hd->arch.root_table ) - goto out; + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.root_table = pdev->arch.amd.root_table; + + rc = amd_iommu_reserve_domain_unity_map(dom_io, + ivrs_mappings[req_id].unity_map, + 0); - table = __map_domain_page(hd->arch.root_table); - while ( level ) + iommu_identity_map_teardown(dom_io); + hd->arch.root_table = NULL; + + if ( rc ) + printk("%04x:%02x:%02x.%u: quarantine unity mapping failed\n", + pdev->seg, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); + else { - struct page_info *pg; - unsigned int i; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = alloc_amd_iommu_pgtable(); - if ( !pg ) - break; - - for ( i = 0; i < PTE_PER_TABLE_SIZE; i++ ) - { - union amd_iommu_pte *pde = &table[i]; + union amd_iommu_pte *root; + struct page_info *pgs[IOMMU_MAX_PT_LEVELS] = {}; - /* - * PDEs are essentially a subset of PTEs, so this function - * is fine to use even at the leaf. - */ - set_iommu_pde_present(pde, mfn_x(page_to_mfn(pg)), level - 1, - false, true); - } + spin_lock(&hd->arch.mapping_lock); - unmap_domain_page(table); - table = __map_domain_page(pg); - level--; + root = __map_domain_page(pdev->arch.amd.root_table); + rc = fill_qpt(root, level - 1, pgs, pdev); + unmap_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_domain_page(table); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc ) + amd_iommu_quarantine_teardown(pdev); + + return rc; +} + +void amd_iommu_quarantine_teardown(struct pci_dev *pdev) +{ + struct page_info *pg; + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.amd.root_table ) + return; + + while ( (pg = page_list_remove_head(&pdev->arch.pgtables_list)) ) + free_amd_iommu_pgtable(pg); - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + pdev->arch.amd.root_table = NULL; } /* diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index bd5f61fc3f..4cee9227df 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -122,6 +122,8 @@ static int __must_check amd_iommu_setup_domain_device( u8 bus = pdev->bus; struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; + const struct page_info *root_pg; + domid_t domid; BUG_ON(!hd->arch.paging_mode || !iommu->dev_table.buffer); @@ -141,14 +143,25 @@ static int __must_check amd_iommu_setup_domain_device( dte = &table[req_id]; ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + if ( domain != dom_io ) + { + root_pg = hd->arch.root_table; + domid = domain->domain_id; + } + else + { + root_pg = pdev->arch.amd.root_table; + domid = pdev->arch.pseudo_domid; + } + spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { /* bind DTE to domain page-tables */ rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.paging_mode, sr_flags); if ( rc ) { ASSERT(rc < 0); @@ -172,7 +185,7 @@ static int __must_check amd_iommu_setup_domain_device( amd_iommu_flush_device(iommu, req_id); } - else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.root_table)) ) + else if ( dte->pt_root != mfn_x(page_to_mfn(root_pg)) ) { /* * Strictly speaking if the device is the only one with this requestor @@ -185,8 +198,8 @@ static int __must_check amd_iommu_setup_domain_device( rc = -EOPNOTSUPP; else rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.paging_mode, sr_flags); if ( rc < 0 ) { spin_unlock_irqrestore(&iommu->lock, flags); @@ -205,6 +218,7 @@ static int __must_check amd_iommu_setup_domain_device( * intended anyway. */ !pdev->domain->is_dying && + pdev->domain != dom_io && (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || pdev->phantom_stride) ) printk(" %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", @@ -235,9 +249,8 @@ static int __must_check amd_iommu_setup_domain_device( AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " "root table = %#"PRIx64", " "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode); + req_id, pdev->type, page_to_maddr(root_pg), + domid, hd->arch.paging_mode); ASSERT(pcidevs_locked()); @@ -304,7 +317,7 @@ static int iov_enable_xt(void) int amd_iommu_alloc_root(struct domain_iommu *hd) { - if ( unlikely(!hd->arch.root_table) ) + if ( unlikely(!hd->arch.root_table) && hd != dom_iommu(dom_io) ) { hd->arch.root_table = alloc_amd_iommu_pgtable(); if ( !hd->arch.root_table ) @@ -395,7 +408,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, AMD_IOMMU_DEBUG("Disable: device id = %#x, " "domain = %d, paging mode = %d\n", - req_id, domain->domain_id, + req_id, dte->domain_id, dom_iommu(domain)->arch.paging_mode); } spin_unlock_irqrestore(&iommu->lock, flags); @@ -659,6 +672,8 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + amd_iommu_quarantine_teardown(pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); pdev->arch.pseudo_domid = DOMID_INVALID; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 75eef853f4..d44e7c970b 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -447,21 +447,21 @@ int iommu_iotlb_flush_all(struct domain *d, unsigned int flush_flags) return rc; } -static int __init iommu_quarantine_init(void) +int iommu_quarantine_dev_init(device_t *dev) { const struct domain_iommu *hd = dom_iommu(dom_io); - int rc; - dom_io->options |= XEN_DOMCTL_CDF_iommu; + if ( !iommu_quarantine || !hd->platform_ops->quarantine_init ) + return 0; - rc = iommu_domain_init(dom_io, 0); - if ( rc ) - return rc; + return iommu_call(hd->platform_ops, quarantine_init, dev); +} - if ( !hd->platform_ops->quarantine_init ) - return 0; +static int __init iommu_quarantine_init(void) +{ + dom_io->options |= XEN_DOMCTL_CDF_iommu; - return hd->platform_ops->quarantine_init(dom_io); + return iommu_domain_init(dom_io, 0); } int __init iommu_setup(void) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 0dfe30e38a..cdcb030843 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -929,9 +929,16 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus, return -ENODEV; /* De-assignment from dom_io should de-quarantine the device */ - target = ((pdev->quarantine || iommu_quarantine) && - pdev->domain != dom_io) ? - dom_io : hardware_domain; + if ( (pdev->quarantine || iommu_quarantine) && pdev->domain != dom_io ) + { + ret = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( ret ) + return ret; + + target = dom_io; + } + else + target = hardware_domain; while ( pdev->phantom_stride ) { @@ -1528,6 +1535,13 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) msixtbl_init(d); } + if ( pdev->domain != dom_io ) + { + rc = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( rc ) + goto done; + } + pdev->fault.count = 0; if ( (rc = hd->platform_ops->assign_device(d, devfn, pci_to_dev(pdev), flag)) ) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 322c395403..391a815d30 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -43,6 +43,12 @@ #include "vtd.h" #include "../ats.h" +#define DEVICE_DOMID(d, pdev) ((d) != dom_io ? (d)->domain_id \ + : (pdev)->arch.pseudo_domid) +#define DEVICE_PGTABLE(d, pdev) ((d) != dom_io \ + ? dom_iommu(d)->arch.pgd_maddr \ + : (pdev)->arch.vtd.pgd_maddr) + /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -84,13 +90,18 @@ static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 + +/* + * This function may have "context" passed as NULL, to merely obtain a DID + * for "domid". + */ static int context_set_domain_id(struct context_entry *context, domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; - ASSERT(spin_is_locked(&iommu->lock)); + ASSERT(pcidevs_locked()); nr_dom = cap_ndoms(iommu->cap); i = find_first_bit(iommu->domid_bitmap, nr_dom); @@ -116,8 +127,13 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); - context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); - context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + + if ( context ) + { + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); + context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + } + return 0; } @@ -167,8 +183,12 @@ static void check_cleanup_domid_map(struct domain *d, const struct pci_dev *exclude, struct vtd_iommu *iommu) { - bool found = any_pdev_behind_iommu(d, exclude, iommu); + bool found; + + if ( d == dom_io ) + return; + found = any_pdev_behind_iommu(d, exclude, iommu); /* * Hidden devices are associated with DomXEN but usable by the hardware * domain. Hence they need considering here as well. @@ -1403,7 +1423,7 @@ int domain_context_mapping_one( domid = iommu->domid_map[prev_did]; if ( domid < DOMID_FIRST_RESERVED ) prev_dom = rcu_lock_domain_by_id(domid); - else if ( domid == DOMID_IO ) + else if ( pdev ? domid == pdev->arch.pseudo_domid : domid > DOMID_MASK ) prev_dom = rcu_lock_domain(dom_io); if ( !prev_dom ) { @@ -1580,15 +1600,12 @@ int domain_context_mapping_one( { if ( !prev_dom ) ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ - { - hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, - domain->domain_id, - hd->arch.pgd_maddr, + DEVICE_DOMID(prev_dom, pdev), + DEVICE_PGTABLE(prev_dom, pdev), mode & MAP_WITH_RMRR) < 0; - } else ret = 1; @@ -1610,7 +1627,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; - paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; + paddr_t pgd_maddr = DEVICE_PGTABLE(domain, pdev); domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; @@ -1643,7 +1660,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; } - if ( domain != pdev->domain ) + if ( domain != pdev->domain && pdev->domain != dom_io ) { if ( pdev->domain->is_dying ) mode |= MAP_OWNER_DYING; @@ -1684,8 +1701,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "d%d:PCIe: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, + ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, + DEVICE_DOMID(domain, pdev), pgd_maddr, mode); if ( ret > 0 ) ret = 0; @@ -1709,8 +1726,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, - mode); + pdev, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret < 0 ) break; prev_present = ret; @@ -1738,8 +1755,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1754,8 +1771,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret ) { @@ -1905,7 +1922,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1916,7 +1933,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( ret ) break; @@ -1939,18 +1956,12 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + DEVICE_DOMID(domain, pdev)); /* PCIe to PCI/PCIx bridge */ - if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); - if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - domain->domain_id); - } - else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); + if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + DEVICE_DOMID(domain, pdev)); break; @@ -1993,6 +2004,25 @@ static void iommu_domain_teardown(struct domain *d) cleanup_domid_map(d->domain_id, drhd->iommu); } +static void quarantine_teardown(struct pci_dev *pdev, + const struct acpi_drhd_unit *drhd) +{ + struct page_info *pg; + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.vtd.pgd_maddr ) + return; + + while ( (pg = page_list_remove_head(&pdev->arch.pgtables_list)) ) + free_domheap_page(pg); + + pdev->arch.vtd.pgd_maddr = 0; + + if ( drhd ) + cleanup_domid_map(pdev->arch.pseudo_domid, drhd->iommu); +} + static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, unsigned int *flush_flags) @@ -2217,6 +2247,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + quarantine_teardown(pdev, drhd); + if ( drhd ) { iommu_free_domid(pdev->arch.pseudo_domid, @@ -2908,60 +2940,139 @@ static void vtd_dump_p2m_table(struct domain *d) vtd_dump_p2m_table_level(hd->arch.pgd_maddr, agaw_to_level(hd->arch.agaw), 0, 0); } -static int __init intel_iommu_quarantine_init(struct domain *d) +static int fill_qpt(struct dma_pte *this, unsigned int level, + paddr_t maddrs[6], struct pci_dev *pdev) { - struct domain_iommu *hd = dom_iommu(d); - struct dma_pte *parent; + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_NUM; ++i ) + { + struct dma_pte *pte = &this[i], *next; + + if ( !dma_pte_present(*pte) ) + { + if ( !maddrs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + maddrs[level] = alloc_pgtable_maddr(1, hd->node); + if ( !maddrs[level] ) + { + rc = -ENOMEM; + break; + } + + page_list_add(maddr_to_page(maddrs[level]), + &pdev->arch.pgtables_list); + + if ( level ) + { + next = map_vtd_domain_page(maddrs[level]); + rc = fill_qpt(next, level - 1, maddrs, pdev); + unmap_vtd_domain_page(next); + } + } + + dma_set_pte_addr(*pte, maddrs[level]); + dma_set_pte_readable(*pte); + dma_set_pte_writable(*pte); + } + else if ( level && !dma_pte_superpage(*pte) ) + { + page_list_add(maddr_to_page(dma_pte_addr(*pte)), + &pdev->arch.pgtables_list); + next = map_vtd_domain_page(dma_pte_addr(*pte)); + rc = fill_qpt(next, level - 1, maddrs, pdev); + unmap_vtd_domain_page(next); + } + } + + return rc; +} + +static int intel_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + paddr_t maddr; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); + const struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; + unsigned int i, bdf; + bool rmrr_found = false; + int rc; - if ( hd->arch.pgd_maddr ) + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.pgd_maddr); + + if ( pdev->arch.vtd.pgd_maddr ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + drhd = acpi_find_matched_drhd_unit(pdev); + if ( !drhd ) + return -ENODEV; - hd->arch.pgd_maddr = alloc_pgtable_maddr(1, hd->node); - if ( !hd->arch.pgd_maddr ) - goto out; + maddr = alloc_pgtable_maddr(1, hd->node); + if ( !maddr ) + return -ENOMEM; - parent = map_vtd_domain_page(hd->arch.pgd_maddr); - while ( level ) - { - uint64_t maddr; - unsigned int offset; + rc = context_set_domain_id(NULL, pdev->arch.pseudo_domid, drhd->iommu); - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - maddr = alloc_pgtable_maddr(1, hd->node); - if ( !maddr ) + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.pgd_maddr = maddr; + + for_each_rmrr_device ( rmrr, bdf, i ) + { + if ( rc ) break; - for ( offset = 0; offset < PTE_NUM; offset++ ) + if ( rmrr->segment == pdev->seg && bdf == pdev->sbdf.bdf ) { - struct dma_pte *pte = &parent[offset]; + rmrr_found = true; - dma_set_pte_addr(*pte, maddr); - dma_set_pte_readable(*pte); + rc = iommu_identity_mapping(dom_io, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); + if ( rc ) + printk(XENLOG_ERR VTDPREFIX + "%04x:%02x:%02x.%u: RMRR quarantine mapping failed\n", + pdev->seg, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); } - iommu_sync_cache(parent, PAGE_SIZE); + } - unmap_vtd_domain_page(parent); - parent = map_vtd_domain_page(maddr); - level--; + iommu_identity_map_teardown(dom_io); + hd->arch.pgd_maddr = 0; + pdev->arch.vtd.pgd_maddr = maddr; + + if ( !rc ) + { + struct dma_pte *root; + paddr_t maddrs[6] = {}; + + spin_lock(&hd->arch.mapping_lock); + + root = map_vtd_domain_page(maddr); + rc = fill_qpt(root, level - 1, maddrs, pdev); + unmap_vtd_domain_page(root); + + pdev->arch.leaf_mfn = maddr_to_mfn(maddrs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_vtd_domain_page(parent); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc ) + quarantine_teardown(pdev, drhd); - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + return rc; } const struct iommu_ops __initconstrel intel_iommu_ops = { diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index be44fc017f..c67adb9b41 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -509,7 +509,7 @@ struct vtd_iommu { u32 nr_pt_levels; u64 cap; u64 ecap; - spinlock_t lock; /* protect context, domain ids */ + spinlock_t lock; /* protect context */ spinlock_t register_lock; /* protect iommu register handling */ u64 root_maddr; /* root entry machine address */ nodeid_t node; diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index 70ed48e309..0c79acb1ed 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -1,6 +1,8 @@ #ifndef __X86_PCI_H__ #define __X86_PCI_H__ +#include + #define CF8_BDF(cf8) ( ((cf8) & 0x00ffff00) >> 8) #define CF8_ADDR_LO(cf8) ( (cf8) & 0x000000fc) #define CF8_ADDR_HI(cf8) ( ((cf8) & 0x0f000000) >> 16) @@ -20,7 +22,18 @@ struct arch_pci_dev { * them don't race (de)initialization and hence don't strictly need any * locking. */ + union { + /* Subset of struct arch_iommu's fields, to be used in dom_io. */ + struct { + uint64_t pgd_maddr; + } vtd; + struct { + struct page_info *root_table; + } amd; + }; domid_t pseudo_domid; + mfn_t leaf_mfn; + struct page_list_head pgtables_list; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 3272874958..a80910ad46 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -236,7 +236,7 @@ typedef int iommu_grdm_t(xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt); struct iommu_ops { int (*init)(struct domain *d); void (*hwdom_init)(struct domain *d); - int (*quarantine_init)(struct domain *d); + int (*quarantine_init)(device_t *dev); int (*add_device)(u8 devfn, device_t *dev); int (*enable_device)(device_t *dev); int (*remove_device)(u8 devfn, device_t *dev); @@ -356,6 +356,7 @@ int __must_check iommu_suspend(void); void iommu_resume(void); void iommu_crash_shutdown(void); int iommu_get_reserved_device_memory(iommu_grdm_t *, void *); +int iommu_quarantine_dev_init(device_t *dev); void iommu_share_p2m_table(struct domain *d); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:33:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299074.509491 (Exim 4.92) (envelope-from ) id 1nbjIw-0003Cf-Al; Tue, 05 Apr 2022 13:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299074.509491; Tue, 05 Apr 2022 13:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjIw-0003CX-7s; Tue, 05 Apr 2022 13:33:06 +0000 Received: by outflank-mailman (input) for mailman id 299074; Tue, 05 Apr 2022 13:33:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjIv-0003CR-4a for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjIv-0001YR-3Q for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjIv-0006Pw-2W for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rUzcNxhrSteYQl154pMg45CjQDMw3jPjg6GPW1pd+l4=; b=zOt0W5UWGJNBaAfMrwY+XdBEJ9 z9AtUPz6xtHh8sfa8bMmGNX+Z+ficMGlboXjV5EbSnWmZJSDxa1QDu+tuCpUuBdOeMiFsVuc1U+iX 2xE757xgsBQMzSplpxr6nMqix5HCdOrWjtobI9VK9m1YuPmEuWo68SL+JnYZPDuOlm2Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] VT-d: split domid map cleanup check into a function Message-Id: Date: Tue, 05 Apr 2022 13:33:05 +0000 commit 8ed46cc1ef14fb8463cc847d82cbd2491054547a Author: Jan Beulich AuthorDate: Tue Apr 5 15:19:40 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:19:40 2022 +0200 VT-d: split domid map cleanup check into a function This logic will want invoking from elsewhere. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 9fdc10abe9457e4c9879a266f82372cb08e88ffb master date: 2021-11-24 11:06:20 +0100 --- xen/drivers/passthrough/vtd/iommu.c | 70 +++++++++++++++++++++++++------------ 1 file changed, 47 insertions(+), 23 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index af8b9ca0e4..234a4fbae5 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -147,6 +147,51 @@ static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) } } +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct vtd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + const struct acpi_drhd_unit *drhd; + + if ( pdev == exclude ) + continue; + + drhd = acpi_find_matched_drhd_unit(pdev); + if ( drhd && drhd->iommu == iommu ) + return true; + } + + return false; +} + +/* + * If no other devices under the same iommu owned by this domain, + * clear iommu in iommu_bitmap and clear domain_id in domid_bitmap. + */ +static void check_cleanup_domid_map(struct domain *d, + const struct pci_dev *exclude, + struct vtd_iommu *iommu) +{ + bool found = any_pdev_behind_iommu(d, exclude, iommu); + + /* + * Hidden devices are associated with DomXEN but usable by the hardware + * domain. Hence they need considering here as well. + */ + if ( !found && is_hardware_domain(d) ) + found = any_pdev_behind_iommu(dom_xen, exclude, iommu); + + if ( !found ) + { + clear_bit(iommu->index, &dom_iommu(d)->arch.iommu_bitmap); + cleanup_domid_map(d, iommu); + } +} + static int iommus_incoherent; static void sync_cache(const void *addr, unsigned int size) @@ -1679,7 +1724,6 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, struct vtd_iommu *iommu; int ret = 0; u8 seg = pdev->seg, bus = pdev->bus, tmp_bus, tmp_devfn, secbus; - int found = 0; drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) @@ -1763,28 +1807,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( ret ) goto out; - /* - * if no other devices under the same iommu owned by this domain, - * clear iommu in iommu_bitmap and clear domain_id in domid_bitmp - */ - for_each_pdev ( domain, pdev ) - { - if ( pdev->seg == seg && pdev->bus == bus && pdev->devfn == devfn ) - continue; - - drhd = acpi_find_matched_drhd_unit(pdev); - if ( drhd && drhd->iommu == iommu ) - { - found = 1; - break; - } - } - - if ( found == 0 ) - { - clear_bit(iommu->index, &dom_iommu(domain)->arch.iommu_bitmap); - cleanup_domid_map(domain, iommu); - } + if ( !ret ) + check_cleanup_domid_map(domain, pdev, iommu); out: return ret; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:33:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:33:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299075.509495 (Exim 4.92) (envelope-from ) id 1nbjJ6-0003Ef-CT; Tue, 05 Apr 2022 13:33:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299075.509495; Tue, 05 Apr 2022 13:33:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJ6-0003EX-9U; Tue, 05 Apr 2022 13:33:16 +0000 Received: by outflank-mailman (input) for mailman id 299075; Tue, 05 Apr 2022 13:33:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJ5-0003EL-7m for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJ5-0001Yc-6v for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjJ5-0006QZ-5u for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uZJLPrbg1JYiALXC5k8bgA+waOLXKQe9EW3y1HIlpmQ=; b=ZnOf+HYQcPJnOmeJQoewHXzl1c vqGy1g/t8GS0clCgJ6Mg+8/ScrMw4kaerfB25z/DhJGOiPRW/nyT/xBe0HPr4+YxBOZsGq/fg9jPs SkXvTEPtzVTC81sqtuU3+RIBEXKNMWSWXhnYL6iru1fYRYs88wbTehAjK5nPU2t9bXvc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/hap: do not switch on log dirty for VRAM tracking Message-Id: Date: Tue, 05 Apr 2022 13:33:15 +0000 commit 2ce2aec8c148a0a291eae2a0631802e0ffb42133 Author: Roger Pau MonnĂ© AuthorDate: Tue Apr 5 15:20:10 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:20:10 2022 +0200 x86/hap: do not switch on log dirty for VRAM tracking XEN_DMOP_track_dirty_vram possibly calls into paging_log_dirty_enable when using HAP mode, and it can interact badly with other ongoing paging domctls, as XEN_DMOP_track_dirty_vram is not holding the domctl lock. This was detected as a result of the following assert triggering when doing repeated migrations of a HAP HVM domain with a stubdom: Assertion 'd->arch.paging.log_dirty.allocs == 0' failed at paging.c:198 ----[ Xen-4.17-unstable x86_64 debug=y Not tainted ]---- CPU: 34 RIP: e008:[] arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x6 RFLAGS: 0000000000010206 CONTEXT: hypervisor (d0v23) [...] Xen call trace: [] R arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x63a [] S xsm/flask/hooks.c#domain_has_perm+0x5a/0x67 [] F paging_domctl+0x251/0xd41 [] F paging_domctl_continuation+0x19d/0x202 [] F pv_hypercall+0x150/0x2a7 [] F lstar_enter+0x12d/0x140 Such assert triggered because the stubdom used XEN_DMOP_track_dirty_vram while dom0 was in the middle of executing XEN_DOMCTL_SHADOW_OP_OFF, and so log dirty become enabled while retiring the old structures, thus leading to new entries being populated in already clear slots. Fix this by not enabling log dirty for VRAM tracking, similar to what is done when using shadow instead of HAP. Call p2m_enable_hardware_log_dirty when enabling VRAM tracking in order to get some hardware assistance if available. As a side effect the memory pressure on the p2m pool should go down if only VRAM tracking is enabled, as the dirty bitmap is no longer allocated. Note that paging_log_dirty_range (used to get the dirty bitmap for VRAM tracking) doesn't use the log dirty bitmap, and instead relies on checking whether each gfn on the range has been switched from p2m_ram_logdirty to p2m_ram_rw in order to account for dirty pages. This is CVE-2022-26356 / XSA-397. Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich master commit: 4f4db53784d912c4f409a451c36ebfd4754e0a42 master date: 2022-04-05 14:11:30 +0200 --- xen/arch/x86/mm/hap/hap.c | 11 ++++------- xen/arch/x86/mm/paging.c | 2 +- xen/include/asm-x86/paging.h | 3 --- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 3d93f3451c..9aac006d65 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -69,13 +69,6 @@ int hap_track_dirty_vram(struct domain *d, { int size = (nr + BITS_PER_BYTE - 1) / BITS_PER_BYTE; - if ( !paging_mode_log_dirty(d) ) - { - rc = paging_log_dirty_enable(d, false); - if ( rc ) - goto out; - } - rc = -ENOMEM; dirty_bitmap = vzalloc(size); if ( !dirty_bitmap ) @@ -107,6 +100,10 @@ int hap_track_dirty_vram(struct domain *d, paging_unlock(d); + domain_pause(d); + p2m_enable_hardware_log_dirty(d); + domain_unpause(d); + if ( oend > ostart ) p2m_change_type_range(d, ostart, oend, p2m_ram_logdirty, p2m_ram_rw); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index 469bb76429..8596e52458 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -209,7 +209,7 @@ static int paging_free_log_dirty_bitmap(struct domain *d, int rc) return rc; } -int paging_log_dirty_enable(struct domain *d, bool log_global) +static int paging_log_dirty_enable(struct domain *d, bool log_global) { int ret; diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h index 7544f73121..a16929eaa7 100644 --- a/xen/include/asm-x86/paging.h +++ b/xen/include/asm-x86/paging.h @@ -156,9 +156,6 @@ void paging_log_dirty_range(struct domain *d, unsigned long nr, uint8_t *dirty_bitmap); -/* enable log dirty */ -int paging_log_dirty_enable(struct domain *d, bool log_global); - /* log dirty initialization */ void paging_log_dirty_init(struct domain *d, const struct log_dirty_ops *ops); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:33:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:33:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299076.509498 (Exim 4.92) (envelope-from ) id 1nbjJG-0003HV-E8; Tue, 05 Apr 2022 13:33:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299076.509498; Tue, 05 Apr 2022 13:33:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJG-0003HN-B1; Tue, 05 Apr 2022 13:33:26 +0000 Received: by outflank-mailman (input) for mailman id 299076; Tue, 05 Apr 2022 13:33:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJF-0003HB-B7 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJF-0001Ym-AG for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjJF-0006RP-9I for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OwlcNKwpblNLUnPAtmxHxrgU1ISxxMdy51ie/zJX8eY=; b=SRm56yBtzrFmMS5yZKNImqosx/ AF45bPoTD8BGk6kyE9mEcEyu4dbDisY2mq5T2C9sZqkmxEHBZ3IFXBwS11QCM6y9I6Q9kE+zYZZy2 9hV42D6b4gTy9RqvrKkSWrJx+4bnve7xD79tesU6Hb5Fil58j+WPxdfQaAW85sssGoHE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] VT-d: correct ordering of operations in cleanup_domid_map() Message-Id: Date: Tue, 05 Apr 2022 13:33:25 +0000 commit 920e93df4e16c03811665e459c414feced6bc9b6 Author: Jan Beulich AuthorDate: Tue Apr 5 15:20:42 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:20:42 2022 +0200 VT-d: correct ordering of operations in cleanup_domid_map() The function may be called without any locks held (leaving aside the domctl one, which we surely don't want to depend on here), so needs to play safe wrt other accesses to domid_map[] and domid_bitmap[]. This is to avoid context_set_domain_id()'s writing of domid_map[] to be reset to zero right away in the case of it racing the freeing of a DID. For the interaction with context_set_domain_id() and did_to_domain_id() see the code comment. {check_,}cleanup_domid_map() are called with pcidevs_lock held or during domain cleanup only (and pcidevs_lock is also held around context_set_domain_id()), i.e. racing calls with the same (dom, iommu) tuple cannot occur. domain_iommu_domid(), besides its use by cleanup_domid_map(), has its result used only to control flushing, and hence a stale result would only lead to a stray extra flush. This is CVE-2022-26357 / XSA-399. Fixes: b9c20c78789f ("VT-d: per-iommu domain-id") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: d9eca7bb6c6636eb87bb17b08ba7de270f47ecd0 master date: 2022-04-05 14:12:27 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 234a4fbae5..68f9a524b8 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -142,8 +142,14 @@ static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) if ( iommu_domid >= 0 ) { + /* + * Update domid_map[] /before/ domid_bitmap[] to avoid a race with + * context_set_domain_id(), setting the slot to DOMID_INVALID for + * ->domid_map[] reads to produce a suitable value while the bit is + * still set. + */ + iommu->domid_map[iommu_domid] = DOMID_INVALID; clear_bit(iommu_domid, iommu->domid_bitmap); - iommu->domid_map[iommu_domid] = 0; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:33:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:33:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299077.509503 (Exim 4.92) (envelope-from ) id 1nbjJQ-0003Kr-FY; Tue, 05 Apr 2022 13:33:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299077.509503; Tue, 05 Apr 2022 13:33:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJQ-0003Kj-CX; Tue, 05 Apr 2022 13:33:36 +0000 Received: by outflank-mailman (input) for mailman id 299077; Tue, 05 Apr 2022 13:33:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJP-0003KZ-Ee for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJP-0001Yx-Di for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjJP-0006Rx-Ca for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hUUyl4Y9gFWFIUNjecIHpcAHzZa6bu88d3U8fGPyOL0=; b=DjJU2WVAYVl4GIFq9IaJ90koe6 UfQ45de7dKAgO0YZdZRQQHq95ZNUWDL4++uBs+XezldjHT51V4b3ZIQAs1c944FL95UN6q1PXWlRz 9af+/DKMJVX3EBPf6rnp3tfGHlzQ+gAULBJw/PbUVJxAzbOZHvlpikjxfeYK/YXBjFIQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] VT-d: fix (de)assign ordering when RMRRs are in use Message-Id: Date: Tue, 05 Apr 2022 13:33:35 +0000 commit 650b888c8a0a03d796632597e6adfd0075f13954 Author: Jan Beulich AuthorDate: Tue Apr 5 15:21:21 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:21:21 2022 +0200 VT-d: fix (de)assign ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully updated. Also adjust a related log message. This is CVE-2022-26358 / part of XSA-400. Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: 78a40f8b5dfa1a3aec43528663f39473d4429101 master date: 2022-04-05 14:15:33 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 56 ++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 68f9a524b8..50e21bf1d9 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2392,6 +2392,10 @@ static int reassign_device_ownership( { int ret; + ret = domain_context_unmap(source, devfn, pdev); + if ( ret ) + return ret; + /* * Devices assigned to untrusted domains (here assumed to be any domU) * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected @@ -2428,10 +2432,6 @@ static int reassign_device_ownership( } } - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; - if ( devfn == pdev->devfn && pdev->domain != dom_io ) { list_move(&pdev->domain_list, &dom_io->pdev_list); @@ -2508,9 +2508,8 @@ static int intel_iommu_assign_device( } } - ret = reassign_device_ownership(s, d, devfn, pdev); - if ( ret || d == dom_io ) - return ret; + if ( d == dom_io ) + return reassign_device_ownership(s, d, devfn, pdev); /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) @@ -2523,20 +2522,37 @@ static int intel_iommu_assign_device( rmrr->end_address, flag); if ( ret ) { - int rc; - - rc = reassign_device_ownership(d, s, devfn, pdev); printk(XENLOG_G_ERR VTDPREFIX - " cannot map reserved region (%"PRIx64",%"PRIx64"] for Dom%d (%d)\n", - rmrr->base_address, rmrr->end_address, - d->domain_id, ret); - if ( rc ) - { - printk(XENLOG_ERR VTDPREFIX - " failed to reclaim %04x:%02x:%02x.%u from %pd (%d)\n", - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), d, rc); - domain_crash(d); - } + "%pd: cannot map reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, ret); + break; + } + } + } + + if ( !ret ) + ret = reassign_device_ownership(s, d, devfn, pdev); + + /* See reassign_device_ownership() for the hwdom aspect. */ + if ( !ret || is_hardware_domain(d) ) + return ret; + + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment == seg && + PCI_BUS(bdf) == bus && + PCI_DEVFN2(bdf) == devfn ) + { + int rc = iommu_identity_mapping(d, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); + + if ( rc && rc != -ENOENT ) + { + printk(XENLOG_ERR VTDPREFIX + "%pd: cannot unmap reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, rc); + domain_crash(d); break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:33:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:33:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299079.509506 (Exim 4.92) (envelope-from ) id 1nbjJa-0003OB-Gz; Tue, 05 Apr 2022 13:33:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299079.509506; Tue, 05 Apr 2022 13:33:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJa-0003O3-E3; Tue, 05 Apr 2022 13:33:46 +0000 Received: by outflank-mailman (input) for mailman id 299079; Tue, 05 Apr 2022 13:33:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJZ-0003Nv-HY for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJZ-0001Z7-Gj for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjJZ-0006Sz-Fy for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6k9hRk6C6HDpk8DCGIQKPbbueHtJAiho8ORFFLJ3R/4=; b=VFHHQCmxhZHY3kjXJ8FKIwzLx1 nr8se7oRznRVRgdB8hcGaPHNwp3nrJfszSyRcUEOdNtxW0FL+wq+1X4Ca3GM7/Mk8J2rTqdqJCVMr guxHBzuQ6ebXzfKu7qKtwCUZd/WqFlWZxZekpID1NQr91FjnXLZhvzNw/FMyIaae9HAE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] VT-d: fix add/remove ordering when RMRRs are in use Message-Id: Date: Tue, 05 Apr 2022 13:33:45 +0000 commit 81918cead1a5c2c3fb6648b078501af81f520849 Author: Jan Beulich AuthorDate: Tue Apr 5 15:22:31 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:22:31 2022 +0200 VT-d: fix add/remove ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully cleared. Also switch to %pd in related log messages. Fixes: fa88cfadf918 ("vt-d: Map RMRR in intel_iommu_add_device() if the device has RMRR") Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 3221f270cf2eba0a22fd4f92319d664eacb92889 master date: 2022-04-05 14:16:10 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 50e21bf1d9..f7d40414ef 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1993,14 +1993,6 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - ret = domain_context_mapping(pdev->domain, devfn, pdev); - if ( ret ) - { - dprintk(XENLOG_ERR VTDPREFIX, "d%d: context mapping failed\n", - pdev->domain->domain_id); - return ret; - } - for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment == pdev->seg && @@ -2017,12 +2009,17 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) rmrr->base_address, rmrr->end_address, 0); if ( ret ) - dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", - pdev->domain->domain_id); + dprintk(XENLOG_ERR VTDPREFIX, "%pd: RMRR mapping failed\n", + pdev->domain); } } - return 0; + ret = domain_context_mapping(pdev->domain, devfn, pdev); + if ( ret ) + dprintk(XENLOG_ERR VTDPREFIX, "%pd: context mapping failed\n", + pdev->domain); + + return ret; } static int intel_iommu_enable_device(struct pci_dev *pdev) @@ -2044,11 +2041,15 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; - int i; + int ret, i; if ( !pdev->domain ) return -EINVAL; + ret = domain_context_unmap(pdev->domain, devfn, pdev); + if ( ret ) + return ret; + for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment != pdev->seg || @@ -2064,7 +2065,7 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } - return domain_context_unmap(pdev->domain, devfn, pdev); + return 0; } static int __hwdom_init setup_hwdom_device(u8 devfn, struct pci_dev *pdev) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:33:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:33:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299080.509511 (Exim 4.92) (envelope-from ) id 1nbjJk-0003Qx-Iu; Tue, 05 Apr 2022 13:33:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299080.509511; Tue, 05 Apr 2022 13:33:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJk-0003Qp-Fa; Tue, 05 Apr 2022 13:33:56 +0000 Received: by outflank-mailman (input) for mailman id 299080; Tue, 05 Apr 2022 13:33:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJj-0003Qi-Kn for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJj-0001ap-Jw for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjJj-0006Tp-JA for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:33:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8oDVNGXe5pkNjLoEYYc0tEAVDmpbsG/+Hix1ap5pD0Q=; b=KbZHUisPWP5Dp+SMBPC3ldmGCI Q8lLbrJL10kX5MZ/2ct5OQMoS3SBFKv3wR9QGjNbhTmUQk0xwJ/4bT4hIJ/l0iskmCEObCiWPScwo 4fyToXiUBlIZfduxpwWTcyXRkuDGuGzlmQNjwPffDcvSAJUaWR8w5Qk7gNC5HMbulx1g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] VT-d: drop ownership checking from domain_context_mapping_one() Message-Id: Date: Tue, 05 Apr 2022 13:33:55 +0000 commit 33c13654cb6d7d2a5731614f55aace4866c93d97 Author: Jan Beulich AuthorDate: Tue Apr 5 15:23:26 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:23:26 2022 +0200 VT-d: drop ownership checking from domain_context_mapping_one() Despite putting in quite a bit of effort it was not possible to establish why exactly this code exists (beyond possibly sanity checking). Instead of a subsequent change further complicating this logic, simply get rid of it. Take the opportunity and move the respective unmap_vtd_domain_page() out of the locked region. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: a680b8134b2d1828bbbf443a97feea66e8a85c75 master date: 2022-04-05 14:17:21 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 66 ++----------------------------------- 1 file changed, 2 insertions(+), 64 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index f7d40414ef..b729ae173a 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -114,28 +114,6 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static int context_get_domain_id(struct context_entry *context, - struct vtd_iommu *iommu) -{ - unsigned long dom_index, nr_dom; - int domid = -1; - - if (iommu && context) - { - nr_dom = cap_ndoms(iommu->cap); - - dom_index = context_domain_id(*context); - - if ( dom_index < nr_dom && iommu->domid_map ) - domid = iommu->domid_map[dom_index]; - else - dprintk(XENLOG_DEBUG VTDPREFIX, - "dom_index %lu exceeds nr_dom %lu or iommu has no domid_map\n", - dom_index, nr_dom); - } - return domid; -} - static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) { int iommu_domid = domain_iommu_domid(domain, iommu); @@ -1392,49 +1370,9 @@ int domain_context_mapping_one( if ( context_present(*context) ) { - int res = 0; - - /* Try to get domain ownership from device structure. If that's - * not available, try to read it from the context itself. */ - if ( pdev ) - { - if ( pdev->domain != domain ) - { - printk(XENLOG_G_INFO VTDPREFIX - "d%d: %04x:%02x:%02x.%u owned by d%d!", - domain->domain_id, - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), - pdev->domain ? pdev->domain->domain_id : -1); - res = -EINVAL; - } - } - else - { - int cdomain; - cdomain = context_get_domain_id(context, iommu); - - if ( cdomain < 0 ) - { - printk(XENLOG_G_WARNING VTDPREFIX - "d%d: %04x:%02x:%02x.%u mapped, but can't find owner!\n", - domain->domain_id, - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - res = -EINVAL; - } - else if ( cdomain != domain->domain_id ) - { - printk(XENLOG_G_INFO VTDPREFIX - "d%d: %04x:%02x:%02x.%u already mapped to d%d!", - domain->domain_id, - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), - cdomain); - res = -EINVAL; - } - } - - unmap_vtd_domain_page(context_entries); spin_unlock(&iommu->lock); - return res; + unmap_vtd_domain_page(context_entries); + return 0; } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:34:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:34:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299081.509515 (Exim 4.92) (envelope-from ) id 1nbjJu-0003UF-Lz; Tue, 05 Apr 2022 13:34:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299081.509515; Tue, 05 Apr 2022 13:34:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJu-0003U7-J7; Tue, 05 Apr 2022 13:34:06 +0000 Received: by outflank-mailman (input) for mailman id 299081; Tue, 05 Apr 2022 13:34:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJt-0003Ty-Nv for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjJt-0001bx-My for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjJt-0006V0-ML for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+2NeIJg/P66Gj9LA7qNaq5fQtLcD77knAv91ga/wW38=; b=eNqZj/qyzILMMsHiA7zNQee5MN EZlOnYzCcQpv3UB+14ehc8OP9x1jllbJXjFvI/W0wN0Fo9KZJmEMhllKHARk9jmMf7OSkvTRQL/UU slcrxFHNQRzPSODIQUuJq899qbHQnYh+BL9GHPX8fKeCnZXkyEepj1e5C+muZ6qGXuOc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] VT-d: re-assign devices directly Message-Id: Date: Tue, 05 Apr 2022 13:34:05 +0000 commit 235aa158e0f71ee2bf20155ce6b0b429acf59d37 Author: Jan Beulich AuthorDate: Tue Apr 5 15:23:57 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:23:57 2022 +0200 VT-d: re-assign devices directly Devices with RMRRs, due to it being unspecified how/when the specified memory regions may get accessed, may not be left disconnected from their respective mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than unmapping the old context and then mapping the new one, re-assignment needs to be done in a single step. This is CVE-2022-26359 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any RMRRs. The main difference is when it comes to updating context entries, which need to be atomic when there are RMRRs. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. The seemingly complicated choice of non-negative return values for domain_context_mapping_one() is to limit code churn: This way callers passing NULL for pdev don't need fiddling with. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 8f41e481b4852173909363b88c1ab3da747d3a05 master date: 2022-04-05 14:17:42 +0200 --- xen/drivers/passthrough/vtd/extern.h | 7 +- xen/drivers/passthrough/vtd/iommu.c | 268 +++++++++++++++++++++++++++-------- xen/drivers/passthrough/vtd/iommu.h | 8 +- xen/drivers/passthrough/vtd/quirks.c | 14 +- xen/drivers/passthrough/vtd/vtd.h | 10 +- 5 files changed, 233 insertions(+), 74 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 1cac22a02f..f51f8aae0d 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -85,7 +85,8 @@ void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *); + uint8_t bus, uint8_t devfn, + const struct pci_dev *pdev, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, u8 bus, u8 devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); @@ -105,8 +106,8 @@ int is_igd_vt_enabled_quirk(void); void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); -int __must_check me_wifi_quirk(struct domain *domain, - u8 bus, u8 devfn, int map); +int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, + uint8_t devfn, unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index b729ae173a..17deda92d8 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -110,6 +110,7 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; return 0; } @@ -1350,15 +1351,27 @@ static void __hwdom_init intel_iommu_hwdom_init(struct domain *d) } } +/* + * This function returns + * - a negative errno value upon error, + * - zero upon success when previously the entry was non-present, or this isn't + * the "main" request for a device (pdev == NULL), or for no-op quarantining + * assignments, + * - positive (one) upon success when previously the entry was present and this + * is the "main" request for a device (pdev != NULL). + */ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *pdev) + uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, + unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); - struct context_entry *context, *context_entries; + struct context_entry *context, *context_entries, lctxt; + __uint128_t old; u64 maddr, pgd_maddr; - u16 seg = iommu->drhd->segment; + uint16_t seg = iommu->drhd->segment, prev_did = 0; + struct domain *prev_dom = NULL; int agaw, rc, ret; bool_t flush_dev_iotlb; @@ -1367,17 +1380,32 @@ int domain_context_mapping_one( maddr = bus_to_context_maddr(iommu, bus); context_entries = (struct context_entry *)map_vtd_domain_page(maddr); context = &context_entries[devfn]; + old = (lctxt = *context).full; - if ( context_present(*context) ) + if ( context_present(lctxt) ) { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return 0; + domid_t domid; + + prev_did = context_domain_id(lctxt); + domid = iommu->domid_map[prev_did]; + if ( domid < DOMID_FIRST_RESERVED ) + prev_dom = rcu_lock_domain_by_id(domid); + else if ( domid == DOMID_IO ) + prev_dom = rcu_lock_domain(dom_io); + if ( !prev_dom ) + { + spin_unlock(&iommu->lock); + unmap_vtd_domain_page(context_entries); + dprintk(XENLOG_DEBUG VTDPREFIX, + "no domain for did %u (nr_dom %u)\n", + prev_did, cap_ndoms(iommu->cap)); + return -ESRCH; + } } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) { - context_set_translation_type(*context, CONTEXT_TT_PASS_THRU); + context_set_translation_type(lctxt, CONTEXT_TT_PASS_THRU); agaw = level_to_agaw(iommu->nr_pt_levels); } else @@ -1394,6 +1422,8 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -ENOMEM; } } @@ -1411,33 +1441,102 @@ int domain_context_mapping_one( goto nomem; } - context_set_address_root(*context, pgd_maddr); + context_set_address_root(lctxt, pgd_maddr); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) - context_set_translation_type(*context, CONTEXT_TT_DEV_IOTLB); + context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else - context_set_translation_type(*context, CONTEXT_TT_MULTI_LEVEL); + context_set_translation_type(lctxt, CONTEXT_TT_MULTI_LEVEL); spin_unlock(&hd->arch.mapping_lock); } - if ( context_set_domain_id(context, domain, iommu) ) + rc = context_set_domain_id(&lctxt, domain, iommu); + if ( rc ) { + unlock: spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); - return -EFAULT; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + return rc; + } + + if ( !prev_dom ) + { + context_set_address_width(lctxt, agaw); + context_set_fault_enable(lctxt); + context_set_present(lctxt); + } + else if ( prev_dom == domain ) + { + ASSERT(lctxt.full == context->full); + rc = !!pdev; + goto unlock; + } + else + { + ASSERT(context_address_width(lctxt) == agaw); + ASSERT(!context_fault_disable(lctxt)); + } + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(context, &old, &lctxt.full); + + /* + * Hardware does not update the context entry behind our backs, + * so the return value should match "old". + */ + if ( res != old ) + { + if ( pdev ) + check_cleanup_domid_map(domain, pdev, iommu); + printk(XENLOG_ERR + "%04x:%02x:%02x.%u: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", + pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + rc = -EILSEQ; + goto unlock; + } + } + else if ( !prev_dom || !(mode & MAP_WITH_RMRR) ) + { + context_clear_present(*context); + iommu_sync_cache(context, sizeof(*context)); + + write_atomic(&context->hi, lctxt.hi); + /* No barrier should be needed between these two. */ + write_atomic(&context->lo, lctxt.lo); + } + else /* Best effort, updating DID last. */ + { + /* + * By non-atomically updating the context entry's DID field last, + * during a short window in time TLB entries with the old domain ID + * but the new page tables may be inserted. This could affect I/O + * of other devices using this same (old) domain ID. Such updating + * therefore is not a problem if this was the only device associated + * with the old domain ID. Diverting I/O of any of a dying domain's + * devices to the quarantine page tables is intended anyway. + */ + if ( !(mode & (MAP_OWNER_DYING | MAP_SINGLE_DEVICE)) ) + printk(XENLOG_WARNING VTDPREFIX + " %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", + seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), prev_dom); + + write_atomic(&context->lo, lctxt.lo); + /* No barrier should be needed between these two. */ + write_atomic(&context->hi, lctxt.hi); } - context_set_address_width(*context, agaw); - context_set_fault_enable(*context); - context_set_present(*context); iommu_sync_cache(context, sizeof(struct context_entry)); spin_unlock(&iommu->lock); - /* Context entry was previously non-present (with domid 0). */ - rc = iommu_flush_context_device(iommu, 0, PCI_BDF2(bus, devfn), - DMA_CCMD_MASK_NOBIT, 1); + rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF2(bus, devfn), + DMA_CCMD_MASK_NOBIT, !prev_dom); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - ret = iommu_flush_iotlb_dsi(iommu, 0, 1, flush_dev_iotlb); + ret = iommu_flush_iotlb_dsi(iommu, prev_did, !prev_dom, flush_dev_iotlb); /* * The current logic for returns: @@ -1458,12 +1557,21 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, MAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, mode); if ( rc ) - domain_context_unmap_one(domain, iommu, bus, devfn); + { + if ( !prev_dom ) + domain_context_unmap_one(domain, iommu, bus, devfn); + else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + mode & MAP_WITH_RMRR); + } - return rc; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + + return rc ?: pdev && prev_dom; } static int domain_context_unmap(struct domain *d, uint8_t devfn, @@ -1473,8 +1581,11 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; int ret = 0; - u8 seg = pdev->seg, bus = pdev->bus, secbus; + unsigned int i, mode = 0; + uint16_t seg = pdev->seg, bdf; + uint8_t bus = pdev->bus, secbus; drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) @@ -1493,8 +1604,29 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, ASSERT(pcidevs_locked()); + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment != pdev->seg || bdf != pdev->sbdf.bdf ) + continue; + + mode |= MAP_WITH_RMRR; + break; + } + + if ( domain != pdev->domain ) + { + if ( pdev->domain->is_dying ) + mode |= MAP_OWNER_DYING; + else if ( drhd && + !any_pdev_behind_iommu(pdev->domain, pdev, drhd->iommu) && + !pdev->phantom_stride ) + mode |= MAP_SINGLE_DEVICE; + } + switch ( pdev->type ) { + bool prev_present; + case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "d%d:Hostbridge: skip %04x:%02x:%02x.%u map\n", @@ -1515,7 +1647,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); + pdev, mode); + if ( ret > 0 ) + ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) enable_ats_device(pdev, &drhd->iommu->ats_devices); @@ -1528,9 +1662,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); - if ( ret ) + pdev, mode); + if ( ret < 0 ) break; + prev_present = ret; if ( (ret = find_upstream_bridge(seg, &bus, &devfn, &secbus)) < 1 ) { @@ -1538,6 +1673,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; ret = -ENXIO; } + /* + * Strictly speaking if the device is the only one behind this bridge + * and the only one with this (secbus,0,0) tuple, it could be allowed + * to be re-assigned regardless of RMRR presence. But let's deal with + * that case only if it is actually found in the wild. + */ + else if ( prev_present && (mode & MAP_WITH_RMRR) && + domain != pdev->domain ) + ret = -EOPNOTSUPP; /* * Mapping a bridge should, if anything, pass the struct pci_dev of @@ -1546,7 +1690,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL); + NULL, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1561,10 +1705,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL); + NULL, mode); if ( ret ) - domain_context_unmap(domain, devfn, pdev); + { + if ( !prev_present ) + domain_context_unmap(domain, devfn, pdev); + else if ( pdev->domain != domain ) /* Avoid infinite recursion. */ + domain_context_mapping(pdev->domain, devfn, pdev); + } break; @@ -2331,9 +2480,8 @@ static int reassign_device_ownership( { int ret; - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_assign(target); /* * Devices assigned to untrusted domains (here assumed to be any domU) @@ -2343,6 +2491,31 @@ static int reassign_device_ownership( if ( (target != hardware_domain) && !iommu_intremap ) untrusted_msi = true; + ret = domain_context_mapping(target, devfn, pdev); + if ( ret ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_deassign(target); + return ret; + } + + if ( pdev->devfn == devfn ) + { + const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + + if ( drhd ) + check_cleanup_domid_map(source, pdev, drhd->iommu); + } + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + + if ( !has_arch_pdevs(source) ) + vmx_pi_hooks_deassign(source); + /* * If the device belongs to the hardware domain, and it has RMRR, don't * remove it from the hardware domain, because BIOS may use RMRR at @@ -2371,34 +2544,7 @@ static int reassign_device_ownership( } } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - if ( !has_arch_pdevs(source) ) - vmx_pi_hooks_deassign(source); - - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_assign(target); - - ret = domain_context_mapping(target, devfn, pdev); - if ( ret ) - { - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_deassign(target); - - return ret; - } - - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - - return ret; + return 0; } static int intel_iommu_assign_device( diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 32b39c606a..503b07ffb7 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -202,8 +202,12 @@ struct root_entry { do {(root).val |= ((value) & PAGE_MASK_4K);} while(0) struct context_entry { - u64 lo; - u64 hi; + union { + struct { + uint64_t lo, hi; + }; + __uint128_t full; + }; }; #define ROOT_ENTRY_NR (PAGE_SIZE_4K/sizeof(struct root_entry)) #define context_present(c) ((c).lo & 1) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 435e449ca3..99e159b4e9 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -343,7 +343,8 @@ void __init platform_quirks_init(void) */ static int __must_check map_me_phantom_function(struct domain *domain, - u32 dev, int map) + unsigned int dev, + unsigned int mode) { struct acpi_drhd_unit *drhd; struct pci_dev *pdev; @@ -354,9 +355,9 @@ static int __must_check map_me_phantom_function(struct domain *domain, drhd = acpi_find_matched_drhd_unit(pdev); /* map or unmap ME phantom function */ - if ( map ) + if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL); + PCI_DEVFN(dev, 7), NULL, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, PCI_DEVFN(dev, 7)); @@ -364,7 +365,8 @@ static int __must_check map_me_phantom_function(struct domain *domain, return rc; } -int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) +int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, + unsigned int mode) { u32 id; int rc = 0; @@ -388,7 +390,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, map); + rc = map_me_phantom_function(domain, 3, mode); break; default: break; @@ -414,7 +416,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, map); + rc = map_me_phantom_function(domain, 22, mode); break; default: break; diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index bb8889f350..e4ab242fee 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -22,8 +22,14 @@ #include -#define MAP_ME_PHANTOM_FUNC 1 -#define UNMAP_ME_PHANTOM_FUNC 0 +/* + * Values for domain_context_mapping_one()'s and me_wifi_quirk()'s "mode" + * parameters. + */ +#define MAP_WITH_RMRR (1u << 0) +#define MAP_OWNER_DYING (1u << 1) +#define MAP_SINGLE_DEVICE (1u << 2) +#define UNMAP_ME_PHANTOM_FUNC (1u << 3) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:34:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:34:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299082.509520 (Exim 4.92) (envelope-from ) id 1nbjK4-0003Wx-OV; Tue, 05 Apr 2022 13:34:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299082.509520; Tue, 05 Apr 2022 13:34:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjK4-0003Wq-Kt; Tue, 05 Apr 2022 13:34:16 +0000 Received: by outflank-mailman (input) for mailman id 299082; Tue, 05 Apr 2022 13:34:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjK3-0003Wk-R1 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjK3-0001c8-Q8 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjK3-0006WN-PJ for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4U313ttilRfz0a7D/ewEvLj0BOV6eGFxyqAWuCc3gJE=; b=TRS2n5rjSgQdaV+Ib89BnEZzuQ GTPqx1Fj6xaHY+TTOBsO8hGlJw2rQWDe/UrcMKccVBuPhc7DHAEZ+lirfxtyJ20dDcyY4nc0gTy7f pVBSgKDN1RQSvSHsz+2dT5KX5+ajdlff5NnpRlaQO7g87RirDfEULGm3xGMdUZ74MzxU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] AMD/IOMMU: re-assign devices directly Message-Id: Date: Tue, 05 Apr 2022 13:34:15 +0000 commit 73e25ecaef14d4df521235b6dbe5ceaaa3f02e8a Author: Jan Beulich AuthorDate: Tue Apr 5 15:24:23 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:24:23 2022 +0200 AMD/IOMMU: re-assign devices directly Devices with unity map ranges, due to it being unspecified how/when these memory ranges may get accessed, may not be left disconnected from their unity mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than tearing down the old root page table pointer and then establishing the new one, re-assignment needs to be done in a single step. This is CVE-2022-26360 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any unity map ranges. The main difference is when it comes to updating DTEs, which need to be atomic when there are unity mappings. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© master commit: 1fa6e9aa36233fe9c29a204fcb2697e985b8345f master date: 2022-04-05 14:18:04 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 67 +++++++++- xen/drivers/passthrough/amd/pci_amd_iommu.c | 180 ++++++++++++++++++-------- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 10 +- 3 files changed, 200 insertions(+), 57 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index ac30cac05b..45559f9678 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -103,10 +103,69 @@ static unsigned int set_iommu_pte_present(unsigned long pt_mfn, return flush_flags; } -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid) +/* + * This function returns + * - -errno for errors, + * - 0 for a successful update, atomic when necessary + * - 1 for a successful but non-atomic update, which may need to be warned + * about by the caller. + */ +int amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, uint16_t domain_id, + uint8_t paging_mode, unsigned int flags) { + bool valid = flags & SET_ROOT_VALID; + + if ( dte->v && dte->tv && + (cpu_has_cx16 || (flags & SET_ROOT_WITH_UNITY_MAP)) ) + { + union { + struct amd_iommu_dte dte; + uint64_t raw64[4]; + __uint128_t raw128[2]; + } ldte = { .dte = *dte }; + __uint128_t old = ldte.raw128[0]; + int ret = 0; + + ldte.dte.domain_id = domain_id; + ldte.dte.pt_root = paddr_to_pfn(root_ptr); + ldte.dte.iw = true; + ldte.dte.ir = true; + ldte.dte.paging_mode = paging_mode; + ldte.dte.v = valid; + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(dte, &old, &ldte.raw128[0]); + + /* + * Hardware does not update the DTE behind our backs, so the + * return value should match "old". + */ + if ( res != old ) + { + printk(XENLOG_ERR + "Dom%d: unexpected DTE %016lx_%016lx (expected %016lx_%016lx)\n", + domain_id, + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + ret = -EILSEQ; + } + } + else /* Best effort, updating domain_id last. */ + { + uint64_t *ptr = (void *)dte; + + write_atomic(ptr + 0, ldte.raw64[0]); + /* No barrier should be needed between these two. */ + write_atomic(ptr + 1, ldte.raw64[1]); + + ret = 1; + } + + return ret; + } + if ( valid || dte->v ) { dte->tv = false; @@ -121,6 +180,8 @@ void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, smp_wmb(); dte->tv = true; dte->v = valid; + + return 0; } void amd_iommu_set_intremap_table( diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index beafb0171d..14483e85ae 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -85,40 +85,81 @@ int get_dma_requestor_id(uint16_t seg, uint16_t bdf) return req_id; } -static void amd_iommu_setup_domain_device( +static int __must_check allocate_domain_resources(struct domain_iommu *hd) +{ + int rc; + + spin_lock(&hd->arch.mapping_lock); + rc = amd_iommu_alloc_root(hd); + spin_unlock(&hd->arch.mapping_lock); + + return rc; +} + +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct amd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + if ( pdev == exclude ) + continue; + + if ( find_iommu_for_device(pdev->seg, pdev->sbdf.bdf) == iommu ) + return true; + } + + return false; +} + +static int __must_check amd_iommu_setup_domain_device( struct domain *domain, struct amd_iommu *iommu, uint8_t devfn, struct pci_dev *pdev) { struct amd_iommu_dte *table, *dte; unsigned long flags; - int req_id, valid = 1; + unsigned int req_id, sr_flags; + int rc; u8 bus = pdev->bus; - const struct domain_iommu *hd = dom_iommu(domain); + struct domain_iommu *hd = dom_iommu(domain); + const struct ivrs_mappings *ivrs_dev; + + BUG_ON(!hd->arch.paging_mode || !iommu->dev_table.buffer); - BUG_ON( !hd->arch.root_table || !hd->arch.paging_mode || - !iommu->dev_table.buffer ); + rc = allocate_domain_resources(hd); + if ( rc ) + return rc; - if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) - valid = 0; + req_id = get_dma_requestor_id(iommu->seg, pdev->sbdf.bdf); + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + sr_flags = (iommu_hwdom_passthrough && is_hardware_domain(domain) + ? 0 : SET_ROOT_VALID) + | (ivrs_dev->unity_map ? SET_ROOT_WITH_UNITY_MAP : 0); /* get device-table entry */ req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); table = iommu->dev_table.buffer; dte = &table[req_id]; + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { - const struct ivrs_mappings *ivrs_dev; - /* bind DTE to domain page-tables */ - amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), domain->domain_id, - hd->arch.paging_mode, valid); + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode, sr_flags); + if ( rc ) + { + ASSERT(rc < 0); + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } /* Undo what amd_iommu_disable_domain_device() may have done. */ - ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; if ( dte->it_root ) { dte->int_ctl = IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED; @@ -133,17 +174,74 @@ static void amd_iommu_setup_domain_device( dte->i = ats_enabled; amd_iommu_flush_device(iommu, req_id); + } + else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.root_table)) ) + { + /* + * Strictly speaking if the device is the only one with this requestor + * ID, it could be allowed to be re-assigned regardless of unity map + * presence. But let's deal with that case only if it is actually + * found in the wild. + */ + if ( req_id != PCI_BDF2(bus, devfn) && + (sr_flags & SET_ROOT_WITH_UNITY_MAP) ) + rc = -EOPNOTSUPP; + else + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode, sr_flags); + if ( rc < 0 ) + { + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } + if ( rc && + domain != pdev->domain && + /* + * By non-atomically updating the DTE's domain ID field last, + * during a short window in time TLB entries with the old domain + * ID but the new page tables may have been inserted. This could + * affect I/O of other devices using this same (old) domain ID. + * Such updating therefore is not a problem if this was the only + * device associated with the old domain ID. Diverting I/O of any + * of a dying domain's devices to the quarantine page tables is + * intended anyway. + */ + !pdev->domain->is_dying && + (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || + pdev->phantom_stride) ) + printk(" %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", + pdev->seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + pdev->domain); + + /* + * Check remaining settings are still in place from an earlier call + * here. They're all independent of the domain, so should not have + * changed. + */ + if ( dte->it_root ) + ASSERT(dte->int_ctl == IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED); + ASSERT(dte->iv == iommu_intremap); + ASSERT(dte->ex == ivrs_dev->dte_allow_exclusion); + ASSERT(dte->sys_mgt == MASK_EXTR(ivrs_dev->device_flags, + ACPI_IVHD_SYSTEM_MGMT)); - AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " - "root table = %#"PRIx64", " - "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode); + if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && + iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) + ASSERT(dte->i == ats_enabled); + + amd_iommu_flush_device(iommu, req_id); } spin_unlock_irqrestore(&iommu->lock, flags); + AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " + "root table = %#"PRIx64", " + "domain = %d, paging mode = %d\n", + req_id, pdev->type, + page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode); + ASSERT(pcidevs_locked()); if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && @@ -154,6 +252,8 @@ static void amd_iommu_setup_domain_device( amd_iommu_flush_iotlb(devfn, pdev, INV_IOMMU_ALL_PAGES_ADDRESS, 0); } + + return 0; } int __init acpi_ivrs_init(void) @@ -223,17 +323,6 @@ int amd_iommu_alloc_root(struct domain_iommu *hd) return 0; } -static int __must_check allocate_domain_resources(struct domain_iommu *hd) -{ - int rc; - - spin_lock(&hd->arch.mapping_lock); - rc = amd_iommu_alloc_root(hd); - spin_unlock(&hd->arch.mapping_lock); - - return rc; -} - int __read_mostly amd_iommu_min_paging_mode = 1; static int amd_iommu_domain_init(struct domain *d) @@ -333,7 +422,6 @@ static int reassign_device(struct domain *source, struct domain *target, { struct amd_iommu *iommu; int bdf, rc; - struct domain_iommu *t = dom_iommu(target); const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); @@ -347,7 +435,15 @@ static int reassign_device(struct domain *source, struct domain *target, return -ENODEV; } - amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); + if ( rc ) + return rc; + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } /* * If the device belongs to the hardware domain, and it has a unity mapping, @@ -363,27 +459,10 @@ static int reassign_device(struct domain *source, struct domain *target, return rc; } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - rc = allocate_domain_resources(t); - if ( rc ) - return rc; - - amd_iommu_setup_domain_device(target, iommu, devfn, pdev); AMD_IOMMU_DEBUG("Re-assign %04x:%02x:%02x.%u from dom%d to dom%d\n", pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - return 0; } @@ -547,8 +626,7 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) spin_unlock_irqrestore(&iommu->lock, flags); } - amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); - return 0; + return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 3983293540..52c889ade0 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -79,9 +79,13 @@ void amd_iommu_set_intremap_table(struct amd_iommu_dte *dte, const void *ptr, const struct amd_iommu *iommu, bool valid); -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid); +#define SET_ROOT_VALID (1u << 0) +#define SET_ROOT_WITH_UNITY_MAP (1u << 1) +int __must_check amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, + uint16_t domain_id, + uint8_t paging_mode, + unsigned int flags); void iommu_dte_add_device_entry(struct amd_iommu_dte *dte, const struct ivrs_mappings *ivrs_dev); void iommu_dte_set_guest_cr3(struct amd_iommu_dte *dte, uint16_t dom_id, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:34:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:34:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299083.509523 (Exim 4.92) (envelope-from ) id 1nbjKF-0003aK-Re; Tue, 05 Apr 2022 13:34:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299083.509523; Tue, 05 Apr 2022 13:34:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKF-0003aC-OR; Tue, 05 Apr 2022 13:34:27 +0000 Received: by outflank-mailman (input) for mailman id 299083; Tue, 05 Apr 2022 13:34:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKD-0003Zz-UH for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKD-0001cM-TV for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjKD-0006XY-Se for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TNWJzaChPhpxkpIU+OuXLzBlbwf44b7waKk71euTWgM=; b=ZueDie7ZoUVvOa4xhOg8XM90Xx onSU6jovsCKA6ka/3GcUiB7b2rKBzpwcPSDu6Oc64ndFoquGp9/9Y8FSVkw1OMuWgOWdffDrMLINE i+yyPA5skpNj4Rf1pIDSg9AlROZftME1b0Zs21uY9mI4TjjU7pc25LE0wbb6Bv1RM7Xc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] VT-d: prepare for per-device quarantine page tables (part I) Message-Id: Date: Tue, 05 Apr 2022 13:34:25 +0000 commit 92acf6b23154d65066ec4702fdca5cf232856d90 Author: Jan Beulich AuthorDate: Tue Apr 5 15:24:54 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:24:54 2022 +0200 VT-d: prepare for per-device quarantine page tables (part I) Arrange for domain ID and page table root to be passed around, the latter in particular to domain_pgd_maddr() such that taking it from the per-domain fields can be overridden. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: eb19326a328d49a6a4dc3930391b340f3bcd8948 master date: 2022-04-05 14:18:26 +0200 --- xen/drivers/passthrough/vtd/extern.h | 8 +++-- xen/drivers/passthrough/vtd/iommu.c | 62 ++++++++++++++++++++++++------------ xen/drivers/passthrough/vtd/quirks.c | 13 +++++--- 3 files changed, 54 insertions(+), 29 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index f51f8aae0d..897dcff9ff 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -86,9 +86,10 @@ void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, - const struct pci_dev *pdev, unsigned int mode); + const struct pci_dev *pdev, domid_t domid, + paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn); + uint8_t bus, uint8_t devfn, domid_t domid); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); @@ -107,7 +108,8 @@ void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, - uint8_t devfn, unsigned int mode); + uint8_t devfn, domid_t domid, paddr_t pgd_maddr, + unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 17deda92d8..ac2c73e32a 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1364,12 +1364,12 @@ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); struct context_entry *context, *context_entries, lctxt; __uint128_t old; - u64 maddr, pgd_maddr; + uint64_t maddr; uint16_t seg = iommu->drhd->segment, prev_did = 0; struct domain *prev_dom = NULL; int agaw, rc, ret; @@ -1410,10 +1410,12 @@ int domain_context_mapping_one( } else { + paddr_t root = pgd_maddr; + spin_lock(&hd->arch.mapping_lock); /* Ensure we have pagetables allocated down to leaf PTE. */ - if ( hd->arch.pgd_maddr == 0 ) + if ( !root ) { addr_to_dma_page_maddr(domain, 0, 1); if ( hd->arch.pgd_maddr == 0 ) @@ -1426,22 +1428,24 @@ int domain_context_mapping_one( rcu_unlock_domain(prev_dom); return -ENOMEM; } + + root = hd->arch.pgd_maddr; } /* Skip top levels of page tables for 2- and 3-level DRHDs. */ - pgd_maddr = hd->arch.pgd_maddr; for ( agaw = level_to_agaw(4); agaw != level_to_agaw(iommu->nr_pt_levels); agaw-- ) { - struct dma_pte *p = map_vtd_domain_page(pgd_maddr); - pgd_maddr = dma_pte_addr(*p); + struct dma_pte *p = map_vtd_domain_page(root); + + root = dma_pte_addr(*p); unmap_vtd_domain_page(p); - if ( pgd_maddr == 0 ) + if ( !root ) goto nomem; } - context_set_address_root(lctxt, pgd_maddr); + context_set_address_root(lctxt, root); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else @@ -1557,15 +1561,21 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, mode); + rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); if ( rc ) { if ( !prev_dom ) - domain_context_unmap_one(domain, iommu, bus, devfn); + domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + { + hd = dom_iommu(prev_dom); domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + domain->domain_id, + hd->arch.pgd_maddr, mode & MAP_WITH_RMRR); + } } if ( prev_dom ) @@ -1582,6 +1592,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; + paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1647,7 +1658,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret > 0 ) ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) @@ -1662,7 +1674,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret < 0 ) break; prev_present = ret; @@ -1690,7 +1703,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1705,7 +1719,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); if ( ret ) { @@ -1734,7 +1749,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn) + uint8_t bus, uint8_t devfn, domid_t domid) { struct context_entry *context, *context_entries; u64 maddr; @@ -1792,7 +1807,7 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1844,7 +1859,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, printk(VTDPREFIX "d%d:PCIe: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1854,7 +1870,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( ret ) break; @@ -1880,12 +1897,15 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, /* PCIe to PCI/PCIx bridge */ if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0); + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + domain->domain_id); } else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 99e159b4e9..4d54c21136 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -344,6 +344,8 @@ void __init platform_quirks_init(void) static int __must_check map_me_phantom_function(struct domain *domain, unsigned int dev, + domid_t domid, + paddr_t pgd_maddr, unsigned int mode) { struct acpi_drhd_unit *drhd; @@ -357,16 +359,17 @@ static int __must_check map_me_phantom_function(struct domain *domain, /* map or unmap ME phantom function */ if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL, mode); + PCI_DEVFN(dev, 7), NULL, + domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7)); + PCI_DEVFN(dev, 7), domid); return rc; } int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { u32 id; int rc = 0; @@ -390,7 +393,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, mode); + rc = map_me_phantom_function(domain, 3, domid, pgd_maddr, mode); break; default: break; @@ -416,7 +419,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, mode); + rc = map_me_phantom_function(domain, 22, domid, pgd_maddr, mode); break; default: break; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:34:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:34:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299084.509527 (Exim 4.92) (envelope-from ) id 1nbjKP-0003d7-Sn; Tue, 05 Apr 2022 13:34:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299084.509527; Tue, 05 Apr 2022 13:34:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKP-0003cz-Q1; Tue, 05 Apr 2022 13:34:37 +0000 Received: by outflank-mailman (input) for mailman id 299084; Tue, 05 Apr 2022 13:34:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKO-0003cn-1O for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKO-0001cW-0V for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjKN-0006Yq-Vw for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=C6VArtebV4gi594ejJ4SrfODFgtLXTaW9cALeHbnNXI=; b=4JEcTspUfUule/C37F41IbfZxs UHV6jDgolOHxgZ31BmAY5k+zKEW1Mux0I/sFCtRR1A4gpLH0hgMotecQI9ajQ8fSn3sDIZaVKXBkP KUUiTsRXaeHcU5Hvbtcyv1DDA5/vwwH1ANODTMrz7r4FmC6KUE4MLc7gCD5QK2BdP08M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] VT-d: prepare for per-device quarantine page tables (part II) Message-Id: Date: Tue, 05 Apr 2022 13:34:35 +0000 commit ab37463eec5724036059d7df027ca13d66368211 Author: Jan Beulich AuthorDate: Tue Apr 5 15:25:26 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:25:26 2022 +0200 VT-d: prepare for per-device quarantine page tables (part II) Replace the passing of struct domain * by domid_t in preparation of per-device quarantine page tables also requiring per-device pseudo domain IDs, which aren't going to be associated with any struct domain instances. No functional change intended (except for slightly adjusted log message text). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 7131163c4806e3c7de24873164d1a003d2a27dee master date: 2022-04-05 14:18:48 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index ac2c73e32a..6388d97d26 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -52,8 +52,8 @@ static struct tasklet vtd_fault_tasklet; static int setup_hwdom_device(u8 devfn, struct pci_dev *); static void setup_hwdom_rmrr(struct domain *d); -static int domain_iommu_domid(struct domain *d, - struct vtd_iommu *iommu) +static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, + bool warn) { unsigned long nr_dom, i; @@ -61,16 +61,16 @@ static int domain_iommu_domid(struct domain *d, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) return i; i = find_next_bit(iommu->domid_bitmap, nr_dom, i+1); } - if ( !d->is_dying ) + if ( warn ) dprintk(XENLOG_ERR VTDPREFIX, - "Cannot get valid iommu %u domid: %pd\n", - iommu->index, d); + "No valid iommu %u domid for Dom%d\n", + iommu->index, domid); return -1; } @@ -78,8 +78,7 @@ static int domain_iommu_domid(struct domain *d, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 static int context_set_domain_id(struct context_entry *context, - struct domain *d, - struct vtd_iommu *iommu) + domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; @@ -90,7 +89,7 @@ static int context_set_domain_id(struct context_entry *context, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) { found = 1; break; @@ -106,7 +105,7 @@ static int context_set_domain_id(struct context_entry *context, dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: no free domain ids\n"); return -EFAULT; } - iommu->domid_map[i] = d->domain_id; + iommu->domid_map[i] = domid; } set_bit(i, iommu->domid_bitmap); @@ -115,9 +114,9 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) +static void cleanup_domid_map(domid_t domid, struct vtd_iommu *iommu) { - int iommu_domid = domain_iommu_domid(domain, iommu); + int iommu_domid = get_iommu_did(domid, iommu, false); if ( iommu_domid >= 0 ) { @@ -173,7 +172,7 @@ static void check_cleanup_domid_map(struct domain *d, if ( !found ) { clear_bit(iommu->index, &dom_iommu(d)->arch.iommu_bitmap); - cleanup_domid_map(d, iommu); + cleanup_domid_map(d->domain_id, iommu); } } @@ -630,7 +629,7 @@ static int __must_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, continue; flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - iommu_domid= domain_iommu_domid(d, iommu); + iommu_domid = get_iommu_did(d->domain_id, iommu, !d->is_dying); if ( iommu_domid == -1 ) continue; @@ -1454,7 +1453,7 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); } - rc = context_set_domain_id(&lctxt, domain, iommu); + rc = context_set_domain_id(&lctxt, domid, iommu); if ( rc ) { unlock: @@ -1774,7 +1773,7 @@ int domain_context_unmap_one( context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid= domain_iommu_domid(domain, iommu); + iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); if ( iommu_domid == -1 ) { spin_unlock(&iommu->lock); @@ -1948,7 +1947,7 @@ static void iommu_domain_teardown(struct domain *d) spin_unlock(&hd->arch.mapping_lock); for_each_drhd_unit ( drhd ) - cleanup_domid_map(d, drhd->iommu); + cleanup_domid_map(d->domain_id, drhd->iommu); } static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:34:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:34:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299085.509531 (Exim 4.92) (envelope-from ) id 1nbjKZ-0003gB-V0; Tue, 05 Apr 2022 13:34:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299085.509531; Tue, 05 Apr 2022 13:34:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKZ-0003g3-RU; Tue, 05 Apr 2022 13:34:47 +0000 Received: by outflank-mailman (input) for mailman id 299085; Tue, 05 Apr 2022 13:34:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKY-0003fj-4o for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKY-0001cj-3x for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjKY-0006a9-3D for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/Rh77ogm83tHHgV/ja8kVm6pnRv94F/XzNFA5fBQAwc=; b=IBUSGQ2bQDVs5k1eshvK7EChzD rUNpsISxTC9t7WL8F0+JDd9p6lpeZeTxDFR8mPbwfHjTpIcPNviXHGP7HHaPEMFfYPIXg4s94Q8y/ +BWV3rcjT8zMc6+qZkBRHx6ZoW5dCN+qOxq5VO8bWHA2nJwyXgHIq0DVwlt3tDNkHz0U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] IOMMU/x86: maintain a per-device pseudo domain ID Message-Id: Date: Tue, 05 Apr 2022 13:34:46 +0000 commit 7cfe3570b1c0b4b19317145fbe4c776f09768fd5 Author: Jan Beulich AuthorDate: Tue Apr 5 15:25:54 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:25:54 2022 +0200 IOMMU/x86: maintain a per-device pseudo domain ID In order to subsequently enable per-device quarantine page tables, we'll need domain-ID-like identifiers to be inserted in the respective device (AMD) or context (Intel) table entries alongside the per-device page table root addresses. Make use of "real" domain IDs occupying only half of the value range coverable by domid_t. Note that in VT-d's iommu_alloc() I didn't want to introduce new memory leaks in case of error, but existing ones don't get plugged - that'll be the subject of a later change. The VT-d changes are slightly asymmetric, but this way we can avoid assigning pseudo domain IDs to devices which would never be mapped while still avoiding to add a new parameter to domain_context_unmap(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 97af062b89d52c0ecf7af254b53345c97d438e33 master date: 2022-04-05 14:19:10 +0200 --- xen/drivers/passthrough/amd/iommu_detect.c | 8 ++++ xen/drivers/passthrough/amd/pci_amd_iommu.c | 22 ++++++++- xen/drivers/passthrough/pci.c | 11 +++-- xen/drivers/passthrough/vtd/iommu.c | 69 ++++++++++++++++++++++++----- xen/drivers/passthrough/vtd/iommu.h | 1 + xen/drivers/passthrough/x86/iommu.c | 47 ++++++++++++++++++++ xen/include/asm-x86/amd-iommu.h | 1 + xen/include/asm-x86/iommu.h | 4 ++ xen/include/asm-x86/pci.h | 6 +++ xen/include/public/xen.h | 3 ++ 10 files changed, 156 insertions(+), 16 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_detect.c b/xen/drivers/passthrough/amd/iommu_detect.c index d782e66eee..0df10f25b0 100644 --- a/xen/drivers/passthrough/amd/iommu_detect.c +++ b/xen/drivers/passthrough/amd/iommu_detect.c @@ -183,6 +183,11 @@ int __init amd_iommu_detect_one_acpi( if ( rt ) goto out; + iommu->domid_map = iommu_init_domid(); + rt = -ENOMEM; + if ( !iommu->domid_map ) + goto out; + rt = pci_ro_device(iommu->seg, bus, PCI_DEVFN(dev, func)); if ( rt ) printk(XENLOG_ERR @@ -194,7 +199,10 @@ int __init amd_iommu_detect_one_acpi( out: if ( rt ) + { + xfree(iommu->domid_map); xfree(iommu); + } return rt; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 14483e85ae..b07091e71e 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -563,6 +563,8 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) struct amd_iommu *iommu; u16 bdf; struct ivrs_mappings *ivrs_mappings; + bool fresh_domid = false; + int ret; if ( !pdev->domain ) return -EINVAL; @@ -626,7 +628,22 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) spin_unlock_irqrestore(&iommu->lock, flags); } - return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = iommu_alloc_domid(iommu->domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + fresh_domid = true; + } + + ret = amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( ret && fresh_domid ) + { + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + + return ret; } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) @@ -651,6 +668,9 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, devfn); if ( amd_iommu_perdev_intremap && diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 32510351cf..97e42261eb 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -338,6 +338,7 @@ static struct pci_dev *alloc_pdev(struct pci_seg *pseg, u8 bus, u8 devfn) *((u8*) &pdev->bus) = bus; *((u8*) &pdev->devfn) = devfn; pdev->domain = NULL; + pdev->arch.pseudo_domid = DOMID_INVALID; INIT_LIST_HEAD(&pdev->msi_list); pos = pci_find_cap_offset(pseg->nr, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), @@ -1353,9 +1354,13 @@ static int _dump_pci_devices(struct pci_seg *pseg, void *arg) list_for_each_entry ( pdev, &pseg->alldevs_list, alldevs_list ) { - printk("%04x:%02x:%02x.%u - %pd - node %-3d - MSIs < ", - pseg->nr, pdev->bus, - PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn), pdev->domain, + printk("%04x:%02x:%02x.%u - ", pseg->nr, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); + if ( pdev->domain == dom_io ) + printk("DomIO:%x", pdev->arch.pseudo_domid); + else + printk("%pd", pdev->domain); + printk(" - node %-3d - MSIs < ", (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); list_for_each_entry ( msi, &pdev->msi_list, list ) printk("%d ", msi->irq); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 6388d97d26..fc89f3e4c5 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -1192,7 +1193,7 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { struct vtd_iommu *iommu; unsigned long sagaw, nr_dom; - int agaw; + int agaw, rc; if ( nr_iommus >= MAX_IOMMUS ) { @@ -1285,7 +1286,16 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) if ( !iommu->domid_map ) return -ENOMEM; + iommu->pseudo_domid_map = iommu_init_domid(); + rc = -ENOMEM; + if ( !iommu->pseudo_domid_map ) + goto free; + return 0; + + free: + iommu_free(drhd); + return rc; } void __init iommu_free(struct acpi_drhd_unit *drhd) @@ -1308,6 +1318,7 @@ void __init iommu_free(struct acpi_drhd_unit *drhd) xfree(iommu->domid_bitmap); xfree(iommu->domid_map); + xfree(iommu->pseudo_domid_map); if ( iommu->msi.irq >= 0 ) destroy_irq(iommu->msi.irq); @@ -1583,8 +1594,8 @@ int domain_context_mapping_one( return rc ?: pdev && prev_dom; } -static int domain_context_unmap(struct domain *d, uint8_t devfn, - struct pci_dev *pdev); +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *d, uint8_t devfn, struct pci_dev *pdev); static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) @@ -1592,6 +1603,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; + domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1652,6 +1664,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCIe_ENDPOINT: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "d%d:PCIe: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, @@ -1667,6 +1687,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCI: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, @@ -1742,6 +1770,13 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && devfn == pdev->devfn ) pci_vtd_quirk(pdev); + if ( ret && drhd && orig_domid == DOMID_INVALID ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return ret; } @@ -1824,8 +1859,10 @@ int domain_context_unmap_one( return rc; } -static int domain_context_unmap(struct domain *domain, u8 devfn, - struct pci_dev *pdev) +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *domain, + uint8_t devfn, + struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -1834,7 +1871,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) - return -ENODEV; + return ERR_PTR(-ENODEV); iommu = drhd->iommu; switch ( pdev->type ) @@ -1845,7 +1882,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); if ( !is_hardware_domain(domain) ) - return -EPERM; + return ERR_PTR(-EPERM); goto out; case DEV_TYPE_PCIe_BRIDGE: @@ -1923,7 +1960,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, check_cleanup_domid_map(domain, pdev, iommu); out: - return ret; + return ret ? ERR_PTR(ret) : drhd; } static void iommu_domain_teardown(struct domain *d) @@ -2145,16 +2182,17 @@ static int intel_iommu_enable_device(struct pci_dev *pdev) static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { + const struct acpi_drhd_unit *drhd; struct acpi_rmrr_unit *rmrr; u16 bdf; - int ret, i; + unsigned int i; if ( !pdev->domain ) return -EINVAL; - ret = domain_context_unmap(pdev->domain, devfn, pdev); - if ( ret ) - return ret; + drhd = domain_context_unmap(pdev->domain, devfn, pdev); + if ( IS_ERR(drhd) ) + return PTR_ERR(drhd); for_each_rmrr_device ( rmrr, bdf, i ) { @@ -2171,6 +2209,13 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + if ( drhd ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 503b07ffb7..be44fc017f 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -535,6 +535,7 @@ struct vtd_iommu { } flush; struct list_head ats_devices; + unsigned long *pseudo_domid_map; /* "pseudo" domain id bitmap */ unsigned long *domid_bitmap; /* domain id bitmap */ u16 *domid_map; /* domain id mapping array */ uint32_t version; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 818d28f770..f900bff60b 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -346,6 +346,53 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) return; } +unsigned long *__init iommu_init_domid(void) +{ + if ( !iommu_quarantine ) + return ZERO_BLOCK_PTR; + + BUILD_BUG_ON(DOMID_MASK * 2U >= UINT16_MAX); + + return xzalloc_array(unsigned long, + BITS_TO_LONGS(UINT16_MAX - DOMID_MASK)); +} + +domid_t iommu_alloc_domid(unsigned long *map) +{ + /* + * This is used uniformly across all IOMMUs, such that on typical + * systems we wouldn't re-use the same ID very quickly (perhaps never). + */ + static unsigned int start; + unsigned int idx = find_next_zero_bit(map, UINT16_MAX - DOMID_MASK, start); + + ASSERT(pcidevs_locked()); + + if ( idx >= UINT16_MAX - DOMID_MASK ) + idx = find_first_zero_bit(map, UINT16_MAX - DOMID_MASK); + if ( idx >= UINT16_MAX - DOMID_MASK ) + return DOMID_INVALID; + + __set_bit(idx, map); + + start = idx + 1; + + return idx | (DOMID_MASK + 1); +} + +void iommu_free_domid(domid_t domid, unsigned long *map) +{ + ASSERT(pcidevs_locked()); + + if ( domid == DOMID_INVALID ) + return; + + ASSERT(domid > DOMID_MASK); + + if ( !__test_and_clear_bit(domid & DOMID_MASK, map) ) + BUG(); +} + /* * Local variables: * mode: C diff --git a/xen/include/asm-x86/amd-iommu.h b/xen/include/asm-x86/amd-iommu.h index 829e1b1755..452ce97c02 100644 --- a/xen/include/asm-x86/amd-iommu.h +++ b/xen/include/asm-x86/amd-iommu.h @@ -94,6 +94,7 @@ struct amd_iommu { struct ring_buffer cmd_buffer; struct ring_buffer event_log; struct ring_buffer ppr_log; + unsigned long *domid_map; int exclusion_enable; int exclusion_allow_all; diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index aaf9455b8e..389417d198 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -130,6 +130,10 @@ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, iommu_vcall(ops, sync_cache, addr, size); \ }) +unsigned long *iommu_init_domid(void); +domid_t iommu_alloc_domid(unsigned long *map); +void iommu_free_domid(domid_t domid, unsigned long *map); + #endif /* !__ARCH_X86_IOMMU_H__ */ /* * Local variables: diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index cc05045e9c..70ed48e309 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -15,6 +15,12 @@ struct arch_pci_dev { vmask_t used_vectors; + /* + * These fields are (de)initialized under pcidevs-lock. Other uses of + * them don't race (de)initialization and hence don't strictly need any + * locking. + */ + domid_t pseudo_domid; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index d2198dffad..75b1619d0d 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -614,6 +614,9 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t); /* Idle domain. */ #define DOMID_IDLE xen_mk_uint(0x7FFF) +/* Mask for valid domain id values */ +#define DOMID_MASK xen_mk_uint(0x7FFF) + #ifndef __ASSEMBLY__ typedef uint16_t domid_t; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:34:58 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:34:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299087.509535 (Exim 4.92) (envelope-from ) id 1nbjKk-0003jU-1b; Tue, 05 Apr 2022 13:34:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299087.509535; Tue, 05 Apr 2022 13:34:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKj-0003jM-Uq; Tue, 05 Apr 2022 13:34:57 +0000 Received: by outflank-mailman (input) for mailman id 299087; Tue, 05 Apr 2022 13:34:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKi-0003jD-7r for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKi-0001d0-78 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjKi-0006bI-6W for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:34:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aWPQcCarquLrgtIl6CR35+4A0W54UpmuqyRC7B7nhrc=; b=DEkjq6t7IwpSoVIEDx10+itVzZ spX8Pju7B1wBvwatqUQ7DWcfcIo1oakevA5s0Lwx1KglnLOkrHEFOXHkHQ9XPCrarI6+SiKZqMPKO LQ2F7QkoTE0Em5X8SCD6BBD9bENatxKKFNS27a8cJadR2gtERXp4FPHnozfwjUuL9XSU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] IOMMU/x86: drop TLB flushes from quarantine_init() hooks Message-Id: Date: Tue, 05 Apr 2022 13:34:56 +0000 commit e6d6b5ba030a8d2d81bf902e4bc2a8530b3576ae Author: Jan Beulich AuthorDate: Tue Apr 5 15:26:41 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:26:41 2022 +0200 IOMMU/x86: drop TLB flushes from quarantine_init() hooks The page tables just created aren't hooked up yet anywhere, so there's nothing that could be present in any TLB, and hence nothing to flush. Dropping this flush is, at least on the VT-d side, a prereq to per- device domain ID use when quarantining devices, as dom_io isn't going to be assigned a DID anymore: The warning in get_iommu_did() would trigger. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 54c5cef49239e2f27ec3b3fc8804bf57aa4bf46d master date: 2022-04-05 14:19:42 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 2 -- xen/drivers/passthrough/vtd/iommu.c | 5 +---- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 45559f9678..3c7cd7ed9e 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -595,8 +595,6 @@ int __init amd_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - amd_iommu_flush_all_pages(d); - /* Pages leaked in failure case */ return level ? -ENOMEM : 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index fc89f3e4c5..e5c50429d2 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2894,7 +2894,6 @@ static int __init intel_iommu_quarantine_init(struct domain *d) struct dma_pte *parent; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); - int rc; if ( hd->arch.pgd_maddr ) { @@ -2941,10 +2940,8 @@ static int __init intel_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - rc = iommu_flush_iotlb_all(d); - /* Pages leaked in failure case */ - return level ? -ENOMEM : rc; + return level ? -ENOMEM : 0; } const struct iommu_ops __initconstrel intel_iommu_ops = { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:35:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:35:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299088.509539 (Exim 4.92) (envelope-from ) id 1nbjKu-0003mU-3Q; Tue, 05 Apr 2022 13:35:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299088.509539; Tue, 05 Apr 2022 13:35:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKu-0003mG-01; Tue, 05 Apr 2022 13:35:08 +0000 Received: by outflank-mailman (input) for mailman id 299088; Tue, 05 Apr 2022 13:35:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKs-0003m1-Ar for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:35:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjKs-0001dd-A9 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:35:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjKs-0006cS-9R for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:35:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3OFczNZJBNpZL8fDt42LuwjZ/bJt+FRPcYDaptD1oH8=; b=4uX8OU/HNAdQgGAbhpInsuEDfn +pEffrZejHxWodzDZif7DRhxjvLpIdT2ns7ZyqBWErgNAhPbhMgQpwUBUPPUXOcA2Xk92NVkrNVty xYK5qkaGIXj6FdKSBr5XnAccE5MB9+vq7dqfuPDeWxsH9L2bzmTRuPAtj1QPRJpJJRzs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] AMD/IOMMU: abstract maximum number of page table levels Message-Id: Date: Tue, 05 Apr 2022 13:35:06 +0000 commit 454d5351a93d2438778630843cf3e77da0772167 Author: Jan Beulich AuthorDate: Tue Apr 5 15:27:09 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:27:09 2022 +0200 AMD/IOMMU: abstract maximum number of page table levels We will want to use the constant elsewhere. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: a038b514c1e970a8dc32229cbd31f6769ee61ad5 master date: 2022-04-05 14:20:04 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 2 +- xen/include/asm-x86/hvm/svm/amd-iommu-defs.h | 1 + xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 3c7cd7ed9e..db396dd1d4 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -260,7 +260,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, table = hd->arch.root_table; level = hd->arch.paging_mode; - BUG_ON( table == NULL || level < 1 || level > 6 ); + BUG_ON( table == NULL || level < 1 || level > IOMMU_MAX_PT_LEVELS ); /* * A frame number past what the current page tables can represent can't diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h b/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h index a54d6e9fc6..c46247cb24 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h @@ -110,6 +110,7 @@ struct amd_iommu_dte { bool tv:1; unsigned int :5; unsigned int had:2; +#define IOMMU_MAX_PT_LEVELS 6 unsigned int paging_mode:3; uint64_t pt_root:40; bool ppr:1; diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 52c889ade0..2a3bc47ab5 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -193,7 +193,7 @@ static inline int amd_iommu_get_paging_mode(unsigned long max_frames) while ( max_frames > PTE_PER_TABLE_SIZE ) { max_frames = PTE_PER_TABLE_ALIGN(max_frames) >> PTE_PER_TABLE_SHIFT; - if ( ++level > 6 ) + if ( ++level > IOMMU_MAX_PT_LEVELS ) return -ENOMEM; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:35:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:35:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299089.509542 (Exim 4.92) (envelope-from ) id 1nbjL4-0003pG-5c; Tue, 05 Apr 2022 13:35:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299089.509542; Tue, 05 Apr 2022 13:35:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjL4-0003p9-1e; Tue, 05 Apr 2022 13:35:18 +0000 Received: by outflank-mailman (input) for mailman id 299089; Tue, 05 Apr 2022 13:35:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjL2-0003p0-ET for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:35:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjL2-0001dh-Dg for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:35:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjL2-0006dN-Cz for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:35:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/rqBk26HXhLi2d6Cp+mxlthrGjppkd/vSuGm+1FVZTc=; b=S1X4phBNioe9a6wQftFm/EBqO2 1g4Ly7G+0NTCWYPj6/zgy1TeELBF5nH4OMaA9dil3Y0JeKFvswP7+eoOxIXbuqGdLh9QMk/5nclWw QJgOoJ/gwxXIkpWJi/HTy5aYAqNub1PbOW4aaJmKaTpnY9lf651vp16SaRJkJofBKPtY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] IOMMU/x86: use per-device page tables for quarantining Message-Id: Date: Tue, 05 Apr 2022 13:35:16 +0000 commit 169a2834ef5d723091f187a5d6493ae77825757a Author: Jan Beulich AuthorDate: Tue Apr 5 15:27:36 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:27:36 2022 +0200 IOMMU/x86: use per-device page tables for quarantining Devices with RMRRs / unity mapped regions, due to it being unspecified how/when these memory regions may be accessed, may not be left disconnected from the mappings of these regions (as long as it's not certain that the device has been fully quiesced). Hence even the page tables used when quarantining such devices need to have mappings of those regions. This implies installing page tables in the first place even when not in scratch-page quarantining mode. This is CVE-2022-26361 / part of XSA-400. While for the purpose here it would be sufficient to have devices with RMRRs / unity mapped regions use per-device page tables, extend this to all devices (in scratch-page quarantining mode). This allows the leaf pages to be mapped r/w, thus covering also memory writes (rather than just reads) issued by non-quiescent devices. Set up quarantine page tables as late as possible, yet early enough to not encounter failure during de-assign. This means setup generally happens in assign_device(), while (for now) the one in deassign_device() is there mainly to be on the safe side. In VT-d's DID allocation function don't require the IOMMU lock to be held anymore: All involved code paths hold pcidevs_lock, so this way we avoid the need to acquire the IOMMU lock around the new call to context_set_domain_id(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 14dd241aad8af447680ac73e8579990e2c09c1e7 master date: 2022-04-05 14:24:18 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/amd/iommu_map.c | 155 +++++++++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 35 ++-- xen/drivers/passthrough/iommu.c | 18 +- xen/drivers/passthrough/pci.c | 20 ++- xen/drivers/passthrough/vtd/iommu.c | 247 +++++++++++++++++++------- xen/drivers/passthrough/vtd/iommu.h | 2 +- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 3 +- xen/include/asm-x86/pci.h | 13 ++ xen/include/xen/iommu.h | 3 +- 10 files changed, 363 insertions(+), 135 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index a6bfda010a..91f7b7760c 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1453,7 +1453,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int ret; - if ( !paging_mode_translate(p2m->domain) ) + if ( !paging_mode_translate(d) ) { if ( !is_iommu_enabled(d) ) return 0; diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index db396dd1d4..8b7d5b7c7b 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -539,64 +539,137 @@ int amd_iommu_reserve_domain_unity_unmap(struct domain *d, return rc; } -int __init amd_iommu_quarantine_init(struct domain *d) +static int fill_qpt(union amd_iommu_pte *this, unsigned int level, + struct page_info *pgs[IOMMU_MAX_PT_LEVELS], + struct pci_dev *pdev) { - struct domain_iommu *hd = dom_iommu(d); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_PER_TABLE_SIZE; ++i ) + { + union amd_iommu_pte *pte = &this[i], *next; + + if ( !pte->pr ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = alloc_amd_iommu_pgtable(); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + page_list_add(pgs[level], &pdev->arch.pgtables_list); + + if ( level ) + { + next = __map_domain_page(pgs[level]); + rc = fill_qpt(next, level - 1, pgs, pdev); + unmap_domain_page(next); + } + } + + /* + * PDEs are essentially a subset of PTEs, so this function + * is fine to use even at the leaf. + */ + set_iommu_pde_present(pte, mfn_x(page_to_mfn(pgs[level])), level, + true, true); + } + else if ( level && pte->next_level ) + { + page_list_add(mfn_to_page(_mfn(pte->mfn)), + &pdev->arch.pgtables_list); + next = map_domain_page(_mfn(pte->mfn)); + rc = fill_qpt(next, level - 1, pgs, pdev); + unmap_domain_page(next); + } + } + + return rc; +} + +int amd_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); unsigned long end_gfn = 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT); unsigned int level = amd_iommu_get_paging_mode(end_gfn); - union amd_iommu_pte *table; + unsigned int req_id = get_dma_requestor_id(pdev->seg, pdev->sbdf.bdf); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + int rc; + + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.root_table); - if ( hd->arch.root_table ) + ASSERT(pdev->arch.pseudo_domid != DOMID_INVALID); + + if ( pdev->arch.amd.root_table ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + pdev->arch.amd.root_table = alloc_amd_iommu_pgtable(); + if ( !pdev->arch.amd.root_table ) + return -ENOMEM; - hd->arch.root_table = alloc_amd_iommu_pgtable(); - if ( !hd->arch.root_table ) - goto out; + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.root_table = pdev->arch.amd.root_table; + + rc = amd_iommu_reserve_domain_unity_map(dom_io, + ivrs_mappings[req_id].unity_map, + 0); - table = __map_domain_page(hd->arch.root_table); - while ( level ) + iommu_identity_map_teardown(dom_io); + hd->arch.root_table = NULL; + + if ( rc ) + printk("%04x:%02x:%02x.%u: quarantine unity mapping failed\n", + pdev->seg, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); + else { - struct page_info *pg; - unsigned int i; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = alloc_amd_iommu_pgtable(); - if ( !pg ) - break; - - for ( i = 0; i < PTE_PER_TABLE_SIZE; i++ ) - { - union amd_iommu_pte *pde = &table[i]; + union amd_iommu_pte *root; + struct page_info *pgs[IOMMU_MAX_PT_LEVELS] = {}; - /* - * PDEs are essentially a subset of PTEs, so this function - * is fine to use even at the leaf. - */ - set_iommu_pde_present(pde, mfn_x(page_to_mfn(pg)), level - 1, - false, true); - } + spin_lock(&hd->arch.mapping_lock); - unmap_domain_page(table); - table = __map_domain_page(pg); - level--; + root = __map_domain_page(pdev->arch.amd.root_table); + rc = fill_qpt(root, level - 1, pgs, pdev); + unmap_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_domain_page(table); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc ) + amd_iommu_quarantine_teardown(pdev); + + return rc; +} + +void amd_iommu_quarantine_teardown(struct pci_dev *pdev) +{ + struct page_info *pg; + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.amd.root_table ) + return; + + while ( (pg = page_list_remove_head(&pdev->arch.pgtables_list)) ) + free_amd_iommu_pgtable(pg); - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + pdev->arch.amd.root_table = NULL; } /* diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index b07091e71e..e5c02ca710 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -125,6 +125,8 @@ static int __must_check amd_iommu_setup_domain_device( u8 bus = pdev->bus; struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; + const struct page_info *root_pg; + domid_t domid; BUG_ON(!hd->arch.paging_mode || !iommu->dev_table.buffer); @@ -144,14 +146,25 @@ static int __must_check amd_iommu_setup_domain_device( dte = &table[req_id]; ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + if ( domain != dom_io ) + { + root_pg = hd->arch.root_table; + domid = domain->domain_id; + } + else + { + root_pg = pdev->arch.amd.root_table; + domid = pdev->arch.pseudo_domid; + } + spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { /* bind DTE to domain page-tables */ rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.paging_mode, sr_flags); if ( rc ) { ASSERT(rc < 0); @@ -175,7 +188,7 @@ static int __must_check amd_iommu_setup_domain_device( amd_iommu_flush_device(iommu, req_id); } - else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.root_table)) ) + else if ( dte->pt_root != mfn_x(page_to_mfn(root_pg)) ) { /* * Strictly speaking if the device is the only one with this requestor @@ -188,8 +201,8 @@ static int __must_check amd_iommu_setup_domain_device( rc = -EOPNOTSUPP; else rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.paging_mode, sr_flags); if ( rc < 0 ) { spin_unlock_irqrestore(&iommu->lock, flags); @@ -208,6 +221,7 @@ static int __must_check amd_iommu_setup_domain_device( * intended anyway. */ !pdev->domain->is_dying && + pdev->domain != dom_io && (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || pdev->phantom_stride) ) printk(" %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", @@ -238,9 +252,8 @@ static int __must_check amd_iommu_setup_domain_device( AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " "root table = %#"PRIx64", " "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode); + req_id, pdev->type, page_to_maddr(root_pg), + domid, hd->arch.paging_mode); ASSERT(pcidevs_locked()); @@ -313,7 +326,7 @@ static int iov_enable_xt(void) int amd_iommu_alloc_root(struct domain_iommu *hd) { - if ( unlikely(!hd->arch.root_table) ) + if ( unlikely(!hd->arch.root_table) && hd != dom_iommu(dom_io) ) { hd->arch.root_table = alloc_amd_iommu_pgtable(); if ( !hd->arch.root_table ) @@ -404,7 +417,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, AMD_IOMMU_DEBUG("Disable: device id = %#x, " "domain = %d, paging mode = %d\n", - req_id, domain->domain_id, + req_id, dte->domain_id, dom_iommu(domain)->arch.paging_mode); } spin_unlock_irqrestore(&iommu->lock, flags); @@ -668,6 +681,8 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + amd_iommu_quarantine_teardown(pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); pdev->arch.pseudo_domid = DOMID_INVALID; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 93d4377978..9aef696d90 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -450,21 +450,21 @@ int iommu_iotlb_flush_all(struct domain *d, unsigned int flush_flags) return rc; } -static int __init iommu_quarantine_init(void) +int iommu_quarantine_dev_init(device_t *dev) { const struct domain_iommu *hd = dom_iommu(dom_io); - int rc; - dom_io->options |= XEN_DOMCTL_CDF_iommu; + if ( !iommu_quarantine || !hd->platform_ops->quarantine_init ) + return 0; - rc = iommu_domain_init(dom_io, 0); - if ( rc ) - return rc; + return iommu_call(hd->platform_ops, quarantine_init, dev); +} - if ( !hd->platform_ops->quarantine_init ) - return 0; +static int __init iommu_quarantine_init(void) +{ + dom_io->options |= XEN_DOMCTL_CDF_iommu; - return hd->platform_ops->quarantine_init(dom_io); + return iommu_domain_init(dom_io, 0); } int __init iommu_setup(void) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 97e42261eb..1a1a387458 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -929,9 +929,16 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus, return -ENODEV; /* De-assignment from dom_io should de-quarantine the device */ - target = ((pdev->quarantine || iommu_quarantine) && - pdev->domain != dom_io) ? - dom_io : hardware_domain; + if ( (pdev->quarantine || iommu_quarantine) && pdev->domain != dom_io ) + { + ret = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( ret ) + return ret; + + target = dom_io; + } + else + target = hardware_domain; while ( pdev->phantom_stride ) { @@ -1547,6 +1554,13 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) msixtbl_init(d); } + if ( pdev->domain != dom_io ) + { + rc = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( rc ) + goto done; + } + pdev->fault.count = 0; if ( (rc = hd->platform_ops->assign_device(d, devfn, pci_to_dev(pdev), flag)) ) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index e5c50429d2..6571b5dde4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -43,6 +43,12 @@ #include "vtd.h" #include "../ats.h" +#define DEVICE_DOMID(d, pdev) ((d) != dom_io ? (d)->domain_id \ + : (pdev)->arch.pseudo_domid) +#define DEVICE_PGTABLE(d, pdev) ((d) != dom_io \ + ? dom_iommu(d)->arch.pgd_maddr \ + : (pdev)->arch.vtd.pgd_maddr) + /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -78,13 +84,18 @@ static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 + +/* + * This function may have "context" passed as NULL, to merely obtain a DID + * for "domid". + */ static int context_set_domain_id(struct context_entry *context, domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; - ASSERT(spin_is_locked(&iommu->lock)); + ASSERT(pcidevs_locked()); nr_dom = cap_ndoms(iommu->cap); i = find_first_bit(iommu->domid_bitmap, nr_dom); @@ -110,8 +121,13 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); - context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); - context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + + if ( context ) + { + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); + context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + } + return 0; } @@ -161,8 +177,12 @@ static void check_cleanup_domid_map(struct domain *d, const struct pci_dev *exclude, struct vtd_iommu *iommu) { - bool found = any_pdev_behind_iommu(d, exclude, iommu); + bool found; + + if ( d == dom_io ) + return; + found = any_pdev_behind_iommu(d, exclude, iommu); /* * Hidden devices are associated with DomXEN but usable by the hardware * domain. Hence they need considering here as well. @@ -1400,7 +1420,7 @@ int domain_context_mapping_one( domid = iommu->domid_map[prev_did]; if ( domid < DOMID_FIRST_RESERVED ) prev_dom = rcu_lock_domain_by_id(domid); - else if ( domid == DOMID_IO ) + else if ( pdev ? domid == pdev->arch.pseudo_domid : domid > DOMID_MASK ) prev_dom = rcu_lock_domain(dom_io); if ( !prev_dom ) { @@ -1577,15 +1597,12 @@ int domain_context_mapping_one( { if ( !prev_dom ) domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ - { - hd = dom_iommu(prev_dom); domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, - domain->domain_id, - hd->arch.pgd_maddr, + DEVICE_DOMID(prev_dom, pdev), + DEVICE_PGTABLE(prev_dom, pdev), mode & MAP_WITH_RMRR); - } } if ( prev_dom ) @@ -1602,7 +1619,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; - paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; + paddr_t pgd_maddr = DEVICE_PGTABLE(domain, pdev); domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; @@ -1635,7 +1652,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; } - if ( domain != pdev->domain ) + if ( domain != pdev->domain && pdev->domain != dom_io ) { if ( pdev->domain->is_dying ) mode |= MAP_OWNER_DYING; @@ -1676,8 +1693,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "d%d:PCIe: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, + ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, + DEVICE_DOMID(domain, pdev), pgd_maddr, mode); if ( ret > 0 ) ret = 0; @@ -1701,8 +1718,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, - mode); + pdev, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret < 0 ) break; prev_present = ret; @@ -1730,8 +1747,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1746,8 +1763,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret ) { @@ -1896,7 +1913,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1907,7 +1924,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( ret ) break; @@ -1930,18 +1947,12 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + DEVICE_DOMID(domain, pdev)); /* PCIe to PCI/PCIx bridge */ - if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); - if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - domain->domain_id); - } - else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); + if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + DEVICE_DOMID(domain, pdev)); break; @@ -1987,6 +1998,25 @@ static void iommu_domain_teardown(struct domain *d) cleanup_domid_map(d->domain_id, drhd->iommu); } +static void quarantine_teardown(struct pci_dev *pdev, + const struct acpi_drhd_unit *drhd) +{ + struct page_info *pg; + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.vtd.pgd_maddr ) + return; + + while ( (pg = page_list_remove_head(&pdev->arch.pgtables_list)) ) + free_domheap_page(pg); + + pdev->arch.vtd.pgd_maddr = 0; + + if ( drhd ) + cleanup_domid_map(pdev->arch.pseudo_domid, drhd->iommu); +} + static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, unsigned int *flush_flags) @@ -2209,6 +2239,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + quarantine_teardown(pdev, drhd); + if ( drhd ) { iommu_free_domid(pdev->arch.pseudo_domid, @@ -2888,60 +2920,139 @@ static void vtd_dump_p2m_table(struct domain *d) vtd_dump_p2m_table_level(hd->arch.pgd_maddr, agaw_to_level(hd->arch.agaw), 0, 0); } -static int __init intel_iommu_quarantine_init(struct domain *d) +static int fill_qpt(struct dma_pte *this, unsigned int level, + paddr_t maddrs[6], struct pci_dev *pdev) { - struct domain_iommu *hd = dom_iommu(d); - struct dma_pte *parent; + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_NUM; ++i ) + { + struct dma_pte *pte = &this[i], *next; + + if ( !dma_pte_present(*pte) ) + { + if ( !maddrs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + maddrs[level] = alloc_pgtable_maddr(1, hd->node); + if ( !maddrs[level] ) + { + rc = -ENOMEM; + break; + } + + page_list_add(maddr_to_page(maddrs[level]), + &pdev->arch.pgtables_list); + + if ( level ) + { + next = map_vtd_domain_page(maddrs[level]); + rc = fill_qpt(next, level - 1, maddrs, pdev); + unmap_vtd_domain_page(next); + } + } + + dma_set_pte_addr(*pte, maddrs[level]); + dma_set_pte_readable(*pte); + dma_set_pte_writable(*pte); + } + else if ( level && !dma_pte_superpage(*pte) ) + { + page_list_add(maddr_to_page(dma_pte_addr(*pte)), + &pdev->arch.pgtables_list); + next = map_vtd_domain_page(dma_pte_addr(*pte)); + rc = fill_qpt(next, level - 1, maddrs, pdev); + unmap_vtd_domain_page(next); + } + } + + return rc; +} + +static int intel_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + paddr_t maddr; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); + const struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; + unsigned int i, bdf; + bool rmrr_found = false; + int rc; - if ( hd->arch.pgd_maddr ) + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.pgd_maddr); + + if ( pdev->arch.vtd.pgd_maddr ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + drhd = acpi_find_matched_drhd_unit(pdev); + if ( !drhd ) + return -ENODEV; - hd->arch.pgd_maddr = alloc_pgtable_maddr(1, hd->node); - if ( !hd->arch.pgd_maddr ) - goto out; + maddr = alloc_pgtable_maddr(1, hd->node); + if ( !maddr ) + return -ENOMEM; - parent = map_vtd_domain_page(hd->arch.pgd_maddr); - while ( level ) - { - uint64_t maddr; - unsigned int offset; + rc = context_set_domain_id(NULL, pdev->arch.pseudo_domid, drhd->iommu); - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - maddr = alloc_pgtable_maddr(1, hd->node); - if ( !maddr ) + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.pgd_maddr = maddr; + + for_each_rmrr_device ( rmrr, bdf, i ) + { + if ( rc ) break; - for ( offset = 0; offset < PTE_NUM; offset++ ) + if ( rmrr->segment == pdev->seg && bdf == pdev->sbdf.bdf ) { - struct dma_pte *pte = &parent[offset]; + rmrr_found = true; - dma_set_pte_addr(*pte, maddr); - dma_set_pte_readable(*pte); + rc = iommu_identity_mapping(dom_io, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); + if ( rc ) + printk(XENLOG_ERR VTDPREFIX + "%04x:%02x:%02x.%u: RMRR quarantine mapping failed\n", + pdev->seg, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); } - iommu_sync_cache(parent, PAGE_SIZE); + } - unmap_vtd_domain_page(parent); - parent = map_vtd_domain_page(maddr); - level--; + iommu_identity_map_teardown(dom_io); + hd->arch.pgd_maddr = 0; + pdev->arch.vtd.pgd_maddr = maddr; + + if ( !rc ) + { + struct dma_pte *root; + paddr_t maddrs[6] = {}; + + spin_lock(&hd->arch.mapping_lock); + + root = map_vtd_domain_page(maddr); + rc = fill_qpt(root, level - 1, maddrs, pdev); + unmap_vtd_domain_page(root); + + pdev->arch.leaf_mfn = maddr_to_mfn(maddrs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_vtd_domain_page(parent); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc ) + quarantine_teardown(pdev, drhd); - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + return rc; } const struct iommu_ops __initconstrel intel_iommu_ops = { diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index be44fc017f..c67adb9b41 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -509,7 +509,7 @@ struct vtd_iommu { u32 nr_pt_levels; u64 cap; u64 ecap; - spinlock_t lock; /* protect context, domain ids */ + spinlock_t lock; /* protect context */ spinlock_t register_lock; /* protect iommu register handling */ u64 root_maddr; /* root entry machine address */ nodeid_t node; diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 2a3bc47ab5..961182ac0f 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -54,7 +54,8 @@ int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); int iov_adjust_irq_affinities(void); -int amd_iommu_quarantine_init(struct domain *d); +int amd_iommu_quarantine_init(struct pci_dev *pdev); +void amd_iommu_quarantine_teardown(struct pci_dev *pdev); /* mapping functions */ int __must_check amd_iommu_map_page(struct domain *d, dfn_t dfn, diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index 70ed48e309..0c79acb1ed 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -1,6 +1,8 @@ #ifndef __X86_PCI_H__ #define __X86_PCI_H__ +#include + #define CF8_BDF(cf8) ( ((cf8) & 0x00ffff00) >> 8) #define CF8_ADDR_LO(cf8) ( (cf8) & 0x000000fc) #define CF8_ADDR_HI(cf8) ( ((cf8) & 0x0f000000) >> 16) @@ -20,7 +22,18 @@ struct arch_pci_dev { * them don't race (de)initialization and hence don't strictly need any * locking. */ + union { + /* Subset of struct arch_iommu's fields, to be used in dom_io. */ + struct { + uint64_t pgd_maddr; + } vtd; + struct { + struct page_info *root_table; + } amd; + }; domid_t pseudo_domid; + mfn_t leaf_mfn; + struct page_list_head pgtables_list; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 041a7cf5e5..c94579fe92 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -211,7 +211,7 @@ typedef int iommu_grdm_t(xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt); struct iommu_ops { int (*init)(struct domain *d); void (*hwdom_init)(struct domain *d); - int (*quarantine_init)(struct domain *d); + int (*quarantine_init)(device_t *dev); int (*add_device)(u8 devfn, device_t *dev); int (*enable_device)(device_t *dev); int (*remove_device)(u8 devfn, device_t *dev); @@ -331,6 +331,7 @@ int __must_check iommu_suspend(void); void iommu_resume(void); void iommu_crash_shutdown(void); int iommu_get_reserved_device_memory(iommu_grdm_t *, void *); +int iommu_quarantine_dev_init(device_t *dev); void iommu_share_p2m_table(struct domain *d); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:44:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:44:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299090.509547 (Exim 4.92) (envelope-from ) id 1nbjTZ-0004pM-OS; Tue, 05 Apr 2022 13:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299090.509547; Tue, 05 Apr 2022 13:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjTZ-0004ol-LJ; Tue, 05 Apr 2022 13:44:05 +0000 Received: by outflank-mailman (input) for mailman id 299090; Tue, 05 Apr 2022 13:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjTY-0004of-Fo for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjTY-0001nw-8f for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjTY-0007V8-7X for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PZkiaV8GC5/0otxspi+wJ/vWmXvAY3QBWotYsx4LYrY=; b=A5xmRAF8XeAJWl7qhQMgcwHsZM fRyDbA7ctg1hDjdAkJtumRGWGbXlAKHx6HMZPMUyN/o/kOtbqI499fnXfKtwtzG9I/VvGHYxfvMYw E3nNjIZZXhTxEfc8vC8SuvFrrJ+a40c9nYpISF/knA/h2jFote2zbMu1kZyQQ9OHsB+s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] x86/hap: do not switch on log dirty for VRAM tracking Message-Id: Date: Tue, 05 Apr 2022 13:44:04 +0000 commit af4a5eca8f8774b4b3e6c684ca416368e90ce453 Author: Roger Pau MonnĂ© AuthorDate: Tue Apr 5 15:33:53 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:33:53 2022 +0200 x86/hap: do not switch on log dirty for VRAM tracking XEN_DMOP_track_dirty_vram possibly calls into paging_log_dirty_enable when using HAP mode, and it can interact badly with other ongoing paging domctls, as XEN_DMOP_track_dirty_vram is not holding the domctl lock. This was detected as a result of the following assert triggering when doing repeated migrations of a HAP HVM domain with a stubdom: Assertion 'd->arch.paging.log_dirty.allocs == 0' failed at paging.c:198 ----[ Xen-4.17-unstable x86_64 debug=y Not tainted ]---- CPU: 34 RIP: e008:[] arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x6 RFLAGS: 0000000000010206 CONTEXT: hypervisor (d0v23) [...] Xen call trace: [] R arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x63a [] S xsm/flask/hooks.c#domain_has_perm+0x5a/0x67 [] F paging_domctl+0x251/0xd41 [] F paging_domctl_continuation+0x19d/0x202 [] F pv_hypercall+0x150/0x2a7 [] F lstar_enter+0x12d/0x140 Such assert triggered because the stubdom used XEN_DMOP_track_dirty_vram while dom0 was in the middle of executing XEN_DOMCTL_SHADOW_OP_OFF, and so log dirty become enabled while retiring the old structures, thus leading to new entries being populated in already clear slots. Fix this by not enabling log dirty for VRAM tracking, similar to what is done when using shadow instead of HAP. Call p2m_enable_hardware_log_dirty when enabling VRAM tracking in order to get some hardware assistance if available. As a side effect the memory pressure on the p2m pool should go down if only VRAM tracking is enabled, as the dirty bitmap is no longer allocated. Note that paging_log_dirty_range (used to get the dirty bitmap for VRAM tracking) doesn't use the log dirty bitmap, and instead relies on checking whether each gfn on the range has been switched from p2m_ram_logdirty to p2m_ram_rw in order to account for dirty pages. This is CVE-2022-26356 / XSA-397. Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich master commit: 4f4db53784d912c4f409a451c36ebfd4754e0a42 master date: 2022-04-05 14:11:30 +0200 --- xen/arch/x86/mm/hap/hap.c | 11 ++++------- xen/arch/x86/mm/paging.c | 2 +- xen/include/asm-x86/paging.h | 3 --- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 412a442b6a..9aac006d65 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -69,13 +69,6 @@ int hap_track_dirty_vram(struct domain *d, { int size = (nr + BITS_PER_BYTE - 1) / BITS_PER_BYTE; - if ( !paging_mode_log_dirty(d) ) - { - rc = paging_log_dirty_enable(d, 0); - if ( rc ) - goto out; - } - rc = -ENOMEM; dirty_bitmap = vzalloc(size); if ( !dirty_bitmap ) @@ -107,6 +100,10 @@ int hap_track_dirty_vram(struct domain *d, paging_unlock(d); + domain_pause(d); + p2m_enable_hardware_log_dirty(d); + domain_unpause(d); + if ( oend > ostart ) p2m_change_type_range(d, ostart, oend, p2m_ram_logdirty, p2m_ram_rw); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index 21db3eceb6..eac6f6a6cc 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -209,7 +209,7 @@ static int paging_free_log_dirty_bitmap(struct domain *d, int rc) return rc; } -int paging_log_dirty_enable(struct domain *d, bool_t log_global) +static int paging_log_dirty_enable(struct domain *d, bool_t log_global) { int ret; diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h index 18a7eaeca4..cb6d9e9146 100644 --- a/xen/include/asm-x86/paging.h +++ b/xen/include/asm-x86/paging.h @@ -144,9 +144,6 @@ void paging_log_dirty_range(struct domain *d, unsigned long nr, uint8_t *dirty_bitmap); -/* enable log dirty */ -int paging_log_dirty_enable(struct domain *d, bool_t log_global); - /* log dirty initialization */ void paging_log_dirty_init(struct domain *d, const struct log_dirty_ops *ops); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:44:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299091.509551 (Exim 4.92) (envelope-from ) id 1nbjTj-0004rL-Ph; Tue, 05 Apr 2022 13:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299091.509551; Tue, 05 Apr 2022 13:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjTj-0004rD-Ms; Tue, 05 Apr 2022 13:44:15 +0000 Received: by outflank-mailman (input) for mailman id 299091; Tue, 05 Apr 2022 13:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjTi-0004r3-E3 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjTi-0001o7-DB for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjTi-0007W4-By for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2rhaMfg8OdNweAeeK12iULTgnsDE2IuSYhYrBx0iDGk=; b=goXuK0lT7dYXndtWiiXjsSqdch 9nlWB6/ClafqAiqpecfZOlhF0TUyysb0jfYs9mrfHVgKxIurT8OgLSJgRMPSDYsV9llJLQTsJiJPa j3eyo8yqtH4Sy+FShD25aeqM5UxL5oFJtYdIlK6B7VSx/YNzbO5v3M9u/dicoPzT5ic0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] VT-d: correct ordering of operations in cleanup_domid_map() Message-Id: Date: Tue, 05 Apr 2022 13:44:14 +0000 commit 7615e24837074daab396dc2a9718a0a2191dc136 Author: Jan Beulich AuthorDate: Tue Apr 5 15:35:44 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:35:44 2022 +0200 VT-d: correct ordering of operations in cleanup_domid_map() The function may be called without any locks held (leaving aside the domctl one, which we surely don't want to depend on here), so needs to play safe wrt other accesses to domid_map[] and domid_bitmap[]. This is to avoid context_set_domain_id()'s writing of domid_map[] to be reset to zero right away in the case of it racing the freeing of a DID. For the interaction with context_set_domain_id() and did_to_domain_id() see the code comment. {check_,}cleanup_domid_map() are called with pcidevs_lock held or during domain cleanup only (and pcidevs_lock is also held around context_set_domain_id()), i.e. racing calls with the same (dom, iommu) tuple cannot occur. domain_iommu_domid(), besides its use by cleanup_domid_map(), has its result used only to control flushing, and hence a stale result would only lead to a stray extra flush. This is CVE-2022-26357 / XSA-399. Fixes: b9c20c78789f ("VT-d: per-iommu domain-id") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: d9eca7bb6c6636eb87bb17b08ba7de270f47ecd0 master date: 2022-04-05 14:12:27 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index d8393d31d8..e7ba56e809 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1770,8 +1770,14 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, goto out; } + /* + * Update domid_map[] /before/ domid_bitmap[] to avoid a race with + * context_set_domain_id(), setting the slot to DOMID_INVALID for + * ->domid_map[] reads to produce a suitable value while the bit is + * still set. + */ + iommu->domid_map[iommu_domid] = DOMID_INVALID; clear_bit(iommu_domid, iommu->domid_bitmap); - iommu->domid_map[iommu_domid] = 0; } out: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:44:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:44:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299092.509555 (Exim 4.92) (envelope-from ) id 1nbjTt-0004ui-RC; Tue, 05 Apr 2022 13:44:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299092.509555; Tue, 05 Apr 2022 13:44:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjTt-0004ua-ON; Tue, 05 Apr 2022 13:44:25 +0000 Received: by outflank-mailman (input) for mailman id 299092; Tue, 05 Apr 2022 13:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjTs-0004uI-Hi for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjTs-0001oL-Gp for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjTs-0007X2-Fh for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zwd7shgCmw3u4YLeK9g9NiwaVyAQxwVzT8dcX3yuVBQ=; b=6WXez+Vvz6npSN3oBQ6js2CxZX kP3OsneAdsYPkzk/H3M3V64jTM105bpP7qTW28uVw5EXld6gMHRWPsdRz1/C0kktTCPeSnXc/7yGk RpkyhkXJ+ddAcArpy9Fx6EMKy+Zk0CGBJh80STR6htpG0o1lIOM279/wm9CGkJ35TigQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] VT-d: split domid map cleanup check into a function Message-Id: Date: Tue, 05 Apr 2022 13:44:24 +0000 commit 5f3027e00666c248e8a25015b8e202cd321890ab Author: Jan Beulich AuthorDate: Tue Apr 5 15:36:09 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:36:09 2022 +0200 VT-d: split domid map cleanup check into a function This logic will want invoking from elsewhere. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 9fdc10abe9457e4c9879a266f82372cb08e88ffb master date: 2021-11-24 11:06:20 +0100 --- xen/drivers/passthrough/vtd/iommu.c | 104 ++++++++++++++++++++++-------------- 1 file changed, 64 insertions(+), 40 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index e7ba56e809..410dc216b2 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -152,6 +152,68 @@ static void __init free_intel_iommu(struct intel_iommu *intel) xfree(intel); } +static void cleanup_domid_map(struct domain *domain, struct iommu *iommu) +{ + int iommu_domid = domain_iommu_domid(domain, iommu); + + if ( iommu_domid >= 0 ) + { + /* + * Update domid_map[] /before/ domid_bitmap[] to avoid a race with + * context_set_domain_id(), setting the slot to DOMID_INVALID for + * ->domid_map[] reads to produce a suitable value while the bit is + * still set. + */ + iommu->domid_map[iommu_domid] = DOMID_INVALID; + clear_bit(iommu_domid, iommu->domid_bitmap); + } +} + +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + const struct acpi_drhd_unit *drhd; + + if ( pdev == exclude ) + continue; + + drhd = acpi_find_matched_drhd_unit(pdev); + if ( drhd && drhd->iommu == iommu ) + return true; + } + + return false; +} + +/* + * If no other devices under the same iommu owned by this domain, + * clear iommu in iommu_bitmap and clear domain_id in domid_bitmap. + */ +static void check_cleanup_domid_map(struct domain *d, + const struct pci_dev *exclude, + struct iommu *iommu) +{ + bool found = any_pdev_behind_iommu(d, exclude, iommu); + + /* + * Hidden devices are associated with DomXEN but usable by the hardware + * domain. Hence they need considering here as well. + */ + if ( !found && is_hardware_domain(d) ) + found = any_pdev_behind_iommu(dom_xen, exclude, iommu); + + if ( !found ) + { + clear_bit(iommu->index, &dom_iommu(d)->arch.iommu_bitmap); + cleanup_domid_map(d, iommu); + } +} + static int iommus_incoherent; static void sync_cache(const void *addr, unsigned int size) @@ -1671,7 +1733,6 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, struct iommu *iommu; int ret = 0; u8 seg = pdev->seg, bus = pdev->bus, tmp_bus, tmp_devfn, secbus; - int found = 0; drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) @@ -1740,45 +1801,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, goto out; } - /* - * if no other devices under the same iommu owned by this domain, - * clear iommu in iommu_bitmap and clear domain_id in domid_bitmp - */ - for_each_pdev ( domain, pdev ) - { - if ( pdev->seg == seg && pdev->bus == bus && pdev->devfn == devfn ) - continue; - - drhd = acpi_find_matched_drhd_unit(pdev); - if ( drhd && drhd->iommu == iommu ) - { - found = 1; - break; - } - } - - if ( found == 0 ) - { - int iommu_domid; - - clear_bit(iommu->index, &dom_iommu(domain)->arch.iommu_bitmap); - - iommu_domid = domain_iommu_domid(domain, iommu); - if ( iommu_domid == -1 ) - { - ret = -EINVAL; - goto out; - } - - /* - * Update domid_map[] /before/ domid_bitmap[] to avoid a race with - * context_set_domain_id(), setting the slot to DOMID_INVALID for - * ->domid_map[] reads to produce a suitable value while the bit is - * still set. - */ - iommu->domid_map[iommu_domid] = DOMID_INVALID; - clear_bit(iommu_domid, iommu->domid_bitmap); - } + if ( !ret ) + check_cleanup_domid_map(domain, pdev, iommu); out: return ret; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:44:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:44:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299093.509558 (Exim 4.92) (envelope-from ) id 1nbjU3-0004xV-Sb; Tue, 05 Apr 2022 13:44:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299093.509558; Tue, 05 Apr 2022 13:44:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjU3-0004xN-Pp; Tue, 05 Apr 2022 13:44:35 +0000 Received: by outflank-mailman (input) for mailman id 299093; Tue, 05 Apr 2022 13:44:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjU2-0004xA-Kw for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjU2-0001oW-K5 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjU2-0007Xj-JG for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=v1gL8b9dLbxef28aI8/zMgwe7OCs9ezLbAYygI505Ds=; b=OVLkcVdZn7lnLDBZIxA3x7qwUS END6MfYATPDEZ26+HxQGIbBtQcoZD0tnduztpVpwOTowY2OfO2mx1U12/TJjtkKrgwSrjQ1iJZ3J4 nO5Wl3TTrA3kFXONqgpxDY3PHDvoRht25CvpUPwAUn8Am3ItkL7f6BDXH3ITArhNz8pQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] VT-d: fix (de)assign ordering when RMRRs are in use Message-Id: Date: Tue, 05 Apr 2022 13:44:34 +0000 commit 7b0d89d547d4a7428133d837ef2e69ad474fa3e7 Author: Jan Beulich AuthorDate: Tue Apr 5 15:36:36 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:36:36 2022 +0200 VT-d: fix (de)assign ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully updated. Also adjust a related log message. This is CVE-2022-26358 / part of XSA-400. Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: 78a40f8b5dfa1a3aec43528663f39473d4429101 master date: 2022-04-05 14:15:33 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 56 ++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 410dc216b2..1f04f0b4cf 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2352,6 +2352,10 @@ static int reassign_device_ownership( { int ret; + ret = domain_context_unmap(source, devfn, pdev); + if ( ret ) + return ret; + /* * Devices assigned to untrusted domains (here assumed to be any domU) * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected @@ -2388,10 +2392,6 @@ static int reassign_device_ownership( } } - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; - if ( devfn == pdev->devfn && pdev->domain != dom_io ) { list_move(&pdev->domain_list, &dom_io->arch.pdev_list); @@ -2468,9 +2468,8 @@ static int intel_iommu_assign_device( } } - ret = reassign_device_ownership(s, d, devfn, pdev); - if ( ret || d == dom_io ) - return ret; + if ( d == dom_io ) + return reassign_device_ownership(s, d, devfn, pdev); /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) @@ -2483,20 +2482,37 @@ static int intel_iommu_assign_device( rmrr->end_address, flag); if ( ret ) { - int rc; - - rc = reassign_device_ownership(d, s, devfn, pdev); printk(XENLOG_G_ERR VTDPREFIX - " cannot map reserved region (%"PRIx64",%"PRIx64"] for Dom%d (%d)\n", - rmrr->base_address, rmrr->end_address, - d->domain_id, ret); - if ( rc ) - { - printk(XENLOG_ERR VTDPREFIX - " failed to reclaim %04x:%02x:%02x.%u from %pd (%d)\n", - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), d, rc); - domain_crash(d); - } + "%pd: cannot map reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, ret); + break; + } + } + } + + if ( !ret ) + ret = reassign_device_ownership(s, d, devfn, pdev); + + /* See reassign_device_ownership() for the hwdom aspect. */ + if ( !ret || is_hardware_domain(d) ) + return ret; + + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment == seg && + PCI_BUS(bdf) == bus && + PCI_DEVFN2(bdf) == devfn ) + { + int rc = iommu_identity_mapping(d, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); + + if ( rc && rc != -ENOENT ) + { + printk(XENLOG_ERR VTDPREFIX + "%pd: cannot unmap reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, rc); + domain_crash(d); break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:44:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:44:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299094.509563 (Exim 4.92) (envelope-from ) id 1nbjUE-00050c-UB; Tue, 05 Apr 2022 13:44:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299094.509563; Tue, 05 Apr 2022 13:44:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUE-00050U-RH; Tue, 05 Apr 2022 13:44:46 +0000 Received: by outflank-mailman (input) for mailman id 299094; Tue, 05 Apr 2022 13:44:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUC-00050K-O3 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUC-0001og-NF for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjUC-0007Z8-ML for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YGQckB3NWQ7aprfWscxxbATeMxsLK6DTVbQGPXFXEfo=; b=ebI2zpYPiXMBUXy+d0aSReq/FL zKBo2B/LPEW57CYEgN/paTxyTUh3Ie1NG0AcADicB2hnMfxS5VGbv3M0gjLY/8pkb+X4Njzb39lh3 XUB9hmFofeGT5eBR3ztNarZ7zjo23hdlsBCoeROSN+HMSm+vXz0gPP8Pqf073WEbQH/8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] VT-d: fix add/remove ordering when RMRRs are in use Message-Id: Date: Tue, 05 Apr 2022 13:44:44 +0000 commit fd9759001e30675b0e9a7d40b1532822281337f7 Author: Jan Beulich AuthorDate: Tue Apr 5 15:37:00 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:37:00 2022 +0200 VT-d: fix add/remove ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully cleared. Also switch to %pd in related log messages. Fixes: fa88cfadf918 ("vt-d: Map RMRR in intel_iommu_add_device() if the device has RMRR") Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 3221f270cf2eba0a22fd4f92319d664eacb92889 master date: 2022-04-05 14:16:10 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 1f04f0b4cf..86cdd60886 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1985,14 +1985,6 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - ret = domain_context_mapping(pdev->domain, devfn, pdev); - if ( ret ) - { - dprintk(XENLOG_ERR VTDPREFIX, "d%d: context mapping failed\n", - pdev->domain->domain_id); - return ret; - } - for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment == pdev->seg && @@ -2009,12 +2001,17 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) rmrr->base_address, rmrr->end_address, 0); if ( ret ) - dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", - pdev->domain->domain_id); + dprintk(XENLOG_ERR VTDPREFIX, "%pd: RMRR mapping failed\n", + pdev->domain); } } - return 0; + ret = domain_context_mapping(pdev->domain, devfn, pdev); + if ( ret ) + dprintk(XENLOG_ERR VTDPREFIX, "%pd: context mapping failed\n", + pdev->domain); + + return ret; } static int intel_iommu_enable_device(struct pci_dev *pdev) @@ -2036,11 +2033,15 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; - int i; + int ret, i; if ( !pdev->domain ) return -EINVAL; + ret = domain_context_unmap(pdev->domain, devfn, pdev); + if ( ret ) + return ret; + for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment != pdev->seg || @@ -2056,7 +2057,7 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } - return domain_context_unmap(pdev->domain, devfn, pdev); + return 0; } static int __hwdom_init setup_hwdom_device(u8 devfn, struct pci_dev *pdev) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:44:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:44:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299095.509569 (Exim 4.92) (envelope-from ) id 1nbjUP-00053U-2V; Tue, 05 Apr 2022 13:44:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299095.509569; Tue, 05 Apr 2022 13:44:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUO-00053M-U1; Tue, 05 Apr 2022 13:44:56 +0000 Received: by outflank-mailman (input) for mailman id 299095; Tue, 05 Apr 2022 13:44:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUM-000537-RG for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUM-0001ot-QM for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjUM-0007Zp-Pb for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:44:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uoOvxB/qlCvzlEg3CXxZ5pmrHSkk7+7JFoTWGOuXZ+s=; b=xNb9yEnVNI8G6M+s6RJS4e+LxN 66pI+J3W13KfyfmkXm5tnrznpHzQGITdYf1JrEGZn1IxKmZ5tHx70HKjgKVj4D9oYG7VqIbmZGvCF egQUIcltEr4DcqsWoQ+vveNy5LG/YZ2FF2XZEgHwCpP733WIsFRpxVT3Xy5UfPX9/trk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] VT-d: drop ownership checking from domain_context_mapping_one() Message-Id: Date: Tue, 05 Apr 2022 13:44:54 +0000 commit 243ed3a1b690b81d16ccab07d9bcbc480f73e102 Author: Jan Beulich AuthorDate: Tue Apr 5 15:37:26 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:37:26 2022 +0200 VT-d: drop ownership checking from domain_context_mapping_one() Despite putting in quite a bit of effort it was not possible to establish why exactly this code exists (beyond possibly sanity checking). Instead of a subsequent change further complicating this logic, simply get rid of it. Take the opportunity and move the respective unmap_vtd_domain_page() out of the locked region. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: a680b8134b2d1828bbbf443a97feea66e8a85c75 master date: 2022-04-05 14:17:21 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 66 ++----------------------------------- 1 file changed, 2 insertions(+), 64 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 86cdd60886..d046b9a7dd 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -112,28 +112,6 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static int context_get_domain_id(struct context_entry *context, - struct iommu *iommu) -{ - unsigned long dom_index, nr_dom; - int domid = -1; - - if (iommu && context) - { - nr_dom = cap_ndoms(iommu->cap); - - dom_index = context_domain_id(*context); - - if ( dom_index < nr_dom && iommu->domid_map ) - domid = iommu->domid_map[dom_index]; - else - dprintk(XENLOG_DEBUG VTDPREFIX, - "dom_index %lu exceeds nr_dom %lu or iommu has no domid_map\n", - dom_index, nr_dom); - } - return domid; -} - static struct intel_iommu *__init alloc_intel_iommu(void) { struct intel_iommu *intel; @@ -1433,49 +1411,9 @@ int domain_context_mapping_one( if ( context_present(*context) ) { - int res = 0; - - /* Try to get domain ownership from device structure. If that's - * not available, try to read it from the context itself. */ - if ( pdev ) - { - if ( pdev->domain != domain ) - { - printk(XENLOG_G_INFO VTDPREFIX - "d%d: %04x:%02x:%02x.%u owned by d%d!", - domain->domain_id, - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), - pdev->domain ? pdev->domain->domain_id : -1); - res = -EINVAL; - } - } - else - { - int cdomain; - cdomain = context_get_domain_id(context, iommu); - - if ( cdomain < 0 ) - { - printk(XENLOG_G_WARNING VTDPREFIX - "d%d: %04x:%02x:%02x.%u mapped, but can't find owner!\n", - domain->domain_id, - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - res = -EINVAL; - } - else if ( cdomain != domain->domain_id ) - { - printk(XENLOG_G_INFO VTDPREFIX - "d%d: %04x:%02x:%02x.%u already mapped to d%d!", - domain->domain_id, - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), - cdomain); - res = -EINVAL; - } - } - - unmap_vtd_domain_page(context_entries); spin_unlock(&iommu->lock); - return res; + unmap_vtd_domain_page(context_entries); + return 0; } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:45:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:45:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299096.509571 (Exim 4.92) (envelope-from ) id 1nbjUY-00056h-3O; Tue, 05 Apr 2022 13:45:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299096.509571; Tue, 05 Apr 2022 13:45:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUY-00056Z-0V; Tue, 05 Apr 2022 13:45:06 +0000 Received: by outflank-mailman (input) for mailman id 299096; Tue, 05 Apr 2022 13:45:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUW-00056Q-UN for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUW-0001pj-TY for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjUW-0007af-Sm for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rXNWJ4P4e2X7UtgzGNBdrfPEYtpbrbuTrBtEKFLXGq8=; b=V+TiPBaGCvhbSgOiWBPikF56hY kv3CxiPx+G055/Fb1urM4jjp9Je6gtbn+vOFtKhunvI0WkgV1IBK4LnZrLSGWOI7/x2j1y0AkQOnB rTtyBUAw9lFU5Qz3Xz5sMagzMm8b8YCPEClQPX2pWP4Ge4RhHFfi35N3s8fWeW4CBMFM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] VT-d: re-assign devices directly Message-Id: Date: Tue, 05 Apr 2022 13:45:04 +0000 commit 18479bf16d62b232830ad7247ebb50e598319db3 Author: Jan Beulich AuthorDate: Tue Apr 5 15:37:50 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:37:50 2022 +0200 VT-d: re-assign devices directly Devices with RMRRs, due to it being unspecified how/when the specified memory regions may get accessed, may not be left disconnected from their respective mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than unmapping the old context and then mapping the new one, re-assignment needs to be done in a single step. This is CVE-2022-26359 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any RMRRs. The main difference is when it comes to updating context entries, which need to be atomic when there are RMRRs. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. The seemingly complicated choice of non-negative return values for domain_context_mapping_one() is to limit code churn: This way callers passing NULL for pdev don't need fiddling with. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 8f41e481b4852173909363b88c1ab3da747d3a05 master date: 2022-04-05 14:17:42 +0200 --- xen/drivers/passthrough/vtd/extern.h | 7 +- xen/drivers/passthrough/vtd/iommu.c | 279 +++++++++++++++++++++++++++-------- xen/drivers/passthrough/vtd/iommu.h | 8 +- xen/drivers/passthrough/vtd/quirks.c | 14 +- xen/drivers/passthrough/vtd/vtd.h | 10 +- 5 files changed, 245 insertions(+), 73 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 97181757ac..e6bd26cc65 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -71,7 +71,8 @@ void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(void *va); int domain_context_mapping_one(struct domain *domain, struct iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *); + uint8_t bus, uint8_t devfn, + const struct pci_dev *pdev, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct iommu *iommu, u8 bus, u8 devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); @@ -91,8 +92,8 @@ int is_igd_vt_enabled_quirk(void); void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct iommu* iommu); void vtd_ops_postamble_quirk(struct iommu* iommu); -int __must_check me_wifi_quirk(struct domain *domain, - u8 bus, u8 devfn, int map); +int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, + uint8_t devfn, unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index d046b9a7dd..cd5c5e66b1 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -108,6 +108,7 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; return 0; } @@ -1391,15 +1392,27 @@ static void __hwdom_init intel_iommu_hwdom_init(struct domain *d) } } +/* + * This function returns + * - a negative errno value upon error, + * - zero upon success when previously the entry was non-present, or this isn't + * the "main" request for a device (pdev == NULL), or for no-op quarantining + * assignments, + * - positive (one) upon success when previously the entry was present and this + * is the "main" request for a device (pdev != NULL). + */ int domain_context_mapping_one( struct domain *domain, struct iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *pdev) + uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, + unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); - struct context_entry *context, *context_entries; + struct context_entry *context, *context_entries, lctxt; + __uint128_t old; u64 maddr, pgd_maddr; - u16 seg = iommu->intel->drhd->segment; + uint16_t seg = iommu->intel->drhd->segment, prev_did = 0; + struct domain *prev_dom = NULL; int agaw, rc, ret; bool_t flush_dev_iotlb; @@ -1408,17 +1421,32 @@ int domain_context_mapping_one( maddr = bus_to_context_maddr(iommu, bus); context_entries = (struct context_entry *)map_vtd_domain_page(maddr); context = &context_entries[devfn]; + old = (lctxt = *context).full; - if ( context_present(*context) ) + if ( context_present(lctxt) ) { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return 0; + domid_t domid; + + prev_did = context_domain_id(lctxt); + domid = iommu->domid_map[prev_did]; + if ( domid < DOMID_FIRST_RESERVED ) + prev_dom = rcu_lock_domain_by_id(domid); + else if ( domid == DOMID_IO ) + prev_dom = rcu_lock_domain(dom_io); + if ( !prev_dom ) + { + spin_unlock(&iommu->lock); + unmap_vtd_domain_page(context_entries); + dprintk(XENLOG_DEBUG VTDPREFIX, + "no domain for did %u (nr_dom %u)\n", + prev_did, cap_ndoms(iommu->cap)); + return -ESRCH; + } } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) { - context_set_translation_type(*context, CONTEXT_TT_PASS_THRU); + context_set_translation_type(lctxt, CONTEXT_TT_PASS_THRU); agaw = level_to_agaw(iommu->nr_pt_levels); } else @@ -1435,6 +1463,8 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -ENOMEM; } } @@ -1452,33 +1482,102 @@ int domain_context_mapping_one( goto nomem; } - context_set_address_root(*context, pgd_maddr); + context_set_address_root(lctxt, pgd_maddr); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) - context_set_translation_type(*context, CONTEXT_TT_DEV_IOTLB); + context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else - context_set_translation_type(*context, CONTEXT_TT_MULTI_LEVEL); + context_set_translation_type(lctxt, CONTEXT_TT_MULTI_LEVEL); spin_unlock(&hd->arch.mapping_lock); } - if ( context_set_domain_id(context, domain, iommu) ) + rc = context_set_domain_id(&lctxt, domain, iommu); + if ( rc ) { + unlock: spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); - return -EFAULT; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + return rc; + } + + if ( !prev_dom ) + { + context_set_address_width(lctxt, agaw); + context_set_fault_enable(lctxt); + context_set_present(lctxt); + } + else if ( prev_dom == domain ) + { + ASSERT(lctxt.full == context->full); + rc = !!pdev; + goto unlock; + } + else + { + ASSERT(context_address_width(lctxt) == agaw); + ASSERT(!context_fault_disable(lctxt)); + } + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(context, &old, &lctxt.full); + + /* + * Hardware does not update the context entry behind our backs, + * so the return value should match "old". + */ + if ( res != old ) + { + if ( pdev ) + check_cleanup_domid_map(domain, pdev, iommu); + printk(XENLOG_ERR + "%04x:%02x:%02x.%u: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", + pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + rc = -EILSEQ; + goto unlock; + } + } + else if ( !prev_dom || !(mode & MAP_WITH_RMRR) ) + { + context_clear_present(*context); + iommu_sync_cache(context, sizeof(*context)); + + write_atomic(&context->hi, lctxt.hi); + /* No barrier should be needed between these two. */ + write_atomic(&context->lo, lctxt.lo); + } + else /* Best effort, updating DID last. */ + { + /* + * By non-atomically updating the context entry's DID field last, + * during a short window in time TLB entries with the old domain ID + * but the new page tables may be inserted. This could affect I/O + * of other devices using this same (old) domain ID. Such updating + * therefore is not a problem if this was the only device associated + * with the old domain ID. Diverting I/O of any of a dying domain's + * devices to the quarantine page tables is intended anyway. + */ + if ( !(mode & (MAP_OWNER_DYING | MAP_SINGLE_DEVICE)) ) + printk(XENLOG_WARNING VTDPREFIX + " %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", + seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), prev_dom); + + write_atomic(&context->lo, lctxt.lo); + /* No barrier should be needed between these two. */ + write_atomic(&context->hi, lctxt.hi); } - context_set_address_width(*context, agaw); - context_set_fault_enable(*context); - context_set_present(*context); iommu_sync_cache(context, sizeof(struct context_entry)); spin_unlock(&iommu->lock); - /* Context entry was previously non-present (with domid 0). */ - rc = iommu_flush_context_device(iommu, 0, PCI_BDF2(bus, devfn), - DMA_CCMD_MASK_NOBIT, 1); + rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF2(bus, devfn), + DMA_CCMD_MASK_NOBIT, !prev_dom); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - ret = iommu_flush_iotlb_dsi(iommu, 0, 1, flush_dev_iotlb); + ret = iommu_flush_iotlb_dsi(iommu, prev_did, !prev_dom, flush_dev_iotlb); /* * The current logic for returns: @@ -1499,17 +1598,35 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, MAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, mode); - return rc; + if ( rc ) + { + if ( !prev_dom ) + domain_context_unmap_one(domain, iommu, bus, devfn); + else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + mode & MAP_WITH_RMRR); + } + + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + + return rc ?: pdev && prev_dom; } +static int domain_context_unmap(struct domain *d, uint8_t devfn, + struct pci_dev *pdev); + static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; int ret = 0; - u8 seg = pdev->seg, bus = pdev->bus, secbus; + unsigned int i, mode = 0; + uint16_t seg = pdev->seg, bdf; + uint8_t bus = pdev->bus, secbus; drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) @@ -1517,8 +1634,30 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, ASSERT(pcidevs_locked()); + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment != pdev->seg || + bdf != PCI_BDF2(pdev->bus, pdev->devfn) ) + continue; + + mode |= MAP_WITH_RMRR; + break; + } + + if ( domain != pdev->domain ) + { + if ( pdev->domain->is_dying ) + mode |= MAP_OWNER_DYING; + else if ( drhd && + !any_pdev_behind_iommu(pdev->domain, pdev, drhd->iommu) && + !pdev->phantom_stride ) + mode |= MAP_SINGLE_DEVICE; + } + switch ( pdev->type ) { + bool prev_present; + case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "d%d:Hostbridge: skip %04x:%02x:%02x.%u map\n", @@ -1539,7 +1678,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); + pdev, mode); + if ( ret > 0 ) + ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) enable_ats_device(pdev, &drhd->iommu->ats_devices); @@ -1552,20 +1693,33 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); - if ( ret ) + pdev, mode); + if ( ret < 0 ) break; + prev_present = ret; + ret = 0; if ( find_upstream_bridge(seg, &bus, &devfn, &secbus) < 1 ) break; + /* + * Strictly speaking if the device is the only one behind this bridge + * and the only one with this (secbus,0,0) tuple, it could be allowed + * to be re-assigned regardless of RMRR presence. But let's deal with + * that case only if it is actually found in the wild. + */ + if ( prev_present && (mode & MAP_WITH_RMRR) && + domain != pdev->domain ) + ret = -EOPNOTSUPP; + /* * Mapping a bridge should, if anything, pass the struct pci_dev of * that bridge. Since bridges don't normally get assigned to guests, * their owner would be the wrong one. Pass NULL instead. */ - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL); + if ( ret >= 0 ) + ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, + NULL, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1580,7 +1734,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL); + NULL, mode); + + if ( ret ) + { + if ( !prev_present ) + domain_context_unmap(domain, devfn, pdev); + else if ( pdev->domain != domain ) /* Avoid infinite recursion. */ + domain_context_mapping(pdev->domain, devfn, pdev); + } break; @@ -2291,9 +2453,8 @@ static int reassign_device_ownership( { int ret; - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_assign(target); /* * Devices assigned to untrusted domains (here assumed to be any domU) @@ -2303,6 +2464,31 @@ static int reassign_device_ownership( if ( (target != hardware_domain) && !iommu_intremap ) untrusted_msi = true; + ret = domain_context_mapping(target, devfn, pdev); + if ( ret ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_deassign(target); + return ret; + } + + if ( pdev->devfn == devfn ) + { + const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + + if ( drhd ) + check_cleanup_domid_map(source, pdev, drhd->iommu); + } + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->arch.pdev_list); + pdev->domain = target; + } + + if ( !has_arch_pdevs(source) ) + vmx_pi_hooks_deassign(source); + /* * If the device belongs to the hardware domain, and it has RMRR, don't * remove it from the hardware domain, because BIOS may use RMRR at @@ -2331,34 +2517,7 @@ static int reassign_device_ownership( } } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->arch.pdev_list); - pdev->domain = dom_io; - } - - if ( !has_arch_pdevs(source) ) - vmx_pi_hooks_deassign(source); - - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_assign(target); - - ret = domain_context_mapping(target, devfn, pdev); - if ( ret ) - { - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_deassign(target); - - return ret; - } - - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->arch.pdev_list); - pdev->domain = target; - } - - return ret; + return 0; } static int intel_iommu_assign_device( diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 3fa6a4ff13..fce03a9f4a 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -201,8 +201,12 @@ struct root_entry { do {(root).val |= ((value) & PAGE_MASK_4K);} while(0) struct context_entry { - u64 lo; - u64 hi; + union { + struct { + uint64_t lo, hi; + }; + __uint128_t full; + }; }; #define ROOT_ENTRY_NR (PAGE_SIZE_4K/sizeof(struct root_entry)) #define context_present(c) ((c).lo & 1) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index b02688e316..68e8ecd09d 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -330,7 +330,8 @@ void __init platform_quirks_init(void) */ static int __must_check map_me_phantom_function(struct domain *domain, - u32 dev, int map) + unsigned int dev, + unsigned int mode) { struct acpi_drhd_unit *drhd; struct pci_dev *pdev; @@ -341,9 +342,9 @@ static int __must_check map_me_phantom_function(struct domain *domain, drhd = acpi_find_matched_drhd_unit(pdev); /* map or unmap ME phantom function */ - if ( map ) + if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL); + PCI_DEVFN(dev, 7), NULL, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, PCI_DEVFN(dev, 7)); @@ -351,7 +352,8 @@ static int __must_check map_me_phantom_function(struct domain *domain, return rc; } -int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) +int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, + unsigned int mode) { u32 id; int rc = 0; @@ -375,7 +377,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, map); + rc = map_me_phantom_function(domain, 3, mode); break; default: break; @@ -401,7 +403,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, map); + rc = map_me_phantom_function(domain, 22, mode); break; default: break; diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index bb8889f350..e4ab242fee 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -22,8 +22,14 @@ #include -#define MAP_ME_PHANTOM_FUNC 1 -#define UNMAP_ME_PHANTOM_FUNC 0 +/* + * Values for domain_context_mapping_one()'s and me_wifi_quirk()'s "mode" + * parameters. + */ +#define MAP_WITH_RMRR (1u << 0) +#define MAP_OWNER_DYING (1u << 1) +#define MAP_SINGLE_DEVICE (1u << 2) +#define UNMAP_ME_PHANTOM_FUNC (1u << 3) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:45:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:45:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299098.509575 (Exim 4.92) (envelope-from ) id 1nbjUi-00059b-5s; Tue, 05 Apr 2022 13:45:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299098.509575; Tue, 05 Apr 2022 13:45:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUi-00059S-21; Tue, 05 Apr 2022 13:45:16 +0000 Received: by outflank-mailman (input) for mailman id 299098; Tue, 05 Apr 2022 13:45:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUh-00059K-1E for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUh-0001pu-0P for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjUg-0007bh-W4 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Sl57ARFD4XcLPjl5alpEfaUhHXrmSqvBpO4+4M6k6do=; b=EN0WN3HdyJKEA+r/Qf7n2OofqE VpHHuwbYYnnEBDR5GwDV4m5xookhaYLeAEKi+IO/NWZsecwInbhfE/SW1/tHAo0uJJWZ5LAg+/Kmh NTXHSBAlrie+3zqfxfRr4sudzswjvpq1HQ1VqQn8XA/JWxz9ZKIy5GYqxztkm4R4JUms=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] AMD/IOMMU: re-assign devices directly Message-Id: Date: Tue, 05 Apr 2022 13:45:14 +0000 commit 1a250caadb837748e4a797019fc3cb0f790c9bab Author: Jan Beulich AuthorDate: Tue Apr 5 15:38:19 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:38:19 2022 +0200 AMD/IOMMU: re-assign devices directly Devices with unity map ranges, due to it being unspecified how/when these memory ranges may get accessed, may not be left disconnected from their unity mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than tearing down the old root page table pointer and then establishing the new one, re-assignment needs to be done in a single step. This is CVE-2022-26360 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any unity map ranges. The main difference is when it comes to updating DTEs, which need to be atomic when there are unity mappings. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© master commit: 1fa6e9aa36233fe9c29a204fcb2697e985b8345f master date: 2022-04-05 14:18:04 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 116 ++++++++++++++++- xen/drivers/passthrough/amd/pci_amd_iommu.c | 173 ++++++++++++++++++-------- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 8 +- 3 files changed, 239 insertions(+), 58 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index a5492da9fb..2986ae5fc9 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -158,12 +158,105 @@ static unsigned int set_iommu_pte_present(unsigned long pt_mfn, return flush_flags; } -void amd_iommu_set_root_page_table(uint32_t *dte, uint64_t root_ptr, - uint16_t domain_id, uint8_t paging_mode, - uint8_t valid) +/* + * This function returns + * - -errno for errors, + * - 0 for a successful update, atomic when necessary + * - 1 for a successful but non-atomic update, which may need to be warned + * about by the caller. + */ +int amd_iommu_set_root_page_table(uint32_t *dte, uint64_t root_ptr, + uint16_t domain_id, uint8_t paging_mode, + unsigned int flags) { + bool valid = flags & SET_ROOT_VALID; uint32_t addr_hi, addr_lo, entry, dte0 = dte[0]; + addr_lo = root_ptr & DMA_32BIT_MASK; + addr_hi = root_ptr >> 32; + + if ( get_field_from_reg_u32(dte0, IOMMU_DEV_TABLE_VALID_MASK, + IOMMU_DEV_TABLE_VALID_SHIFT) && + get_field_from_reg_u32(dte0, IOMMU_DEV_TABLE_TRANSLATION_VALID_MASK, + IOMMU_DEV_TABLE_TRANSLATION_VALID_SHIFT) && + (cpu_has_cx16 || (flags & SET_ROOT_WITH_UNITY_MAP)) ) + { + union { + uint32_t dte[4]; + uint64_t raw64[2]; + __uint128_t raw128; + } ldte; + __uint128_t old; + int ret = 0; + + memcpy(ldte.dte, dte, sizeof(ldte)); + old = ldte.raw128; + + set_field_in_reg_u32(domain_id, ldte.dte[2], + IOMMU_DEV_TABLE_DOMAIN_ID_MASK, + IOMMU_DEV_TABLE_DOMAIN_ID_SHIFT, &ldte.dte[2]); + + set_field_in_reg_u32(addr_hi, ldte.dte[1], + IOMMU_DEV_TABLE_PAGE_TABLE_PTR_HIGH_MASK, + IOMMU_DEV_TABLE_PAGE_TABLE_PTR_HIGH_SHIFT, + &ldte.dte[1]); + set_field_in_reg_u32(IOMMU_CONTROL_ENABLED, ldte.dte[1], + IOMMU_DEV_TABLE_IO_WRITE_PERMISSION_MASK, + IOMMU_DEV_TABLE_IO_WRITE_PERMISSION_SHIFT, + &ldte.dte[1]); + set_field_in_reg_u32(IOMMU_CONTROL_ENABLED, ldte.dte[1], + IOMMU_DEV_TABLE_IO_READ_PERMISSION_MASK, + IOMMU_DEV_TABLE_IO_READ_PERMISSION_SHIFT, + &ldte.dte[1]); + + set_field_in_reg_u32(addr_lo >> PAGE_SHIFT, ldte.dte[0], + IOMMU_DEV_TABLE_PAGE_TABLE_PTR_LOW_MASK, + IOMMU_DEV_TABLE_PAGE_TABLE_PTR_LOW_SHIFT, + &ldte.dte[0]); + set_field_in_reg_u32(paging_mode, ldte.dte[0], + IOMMU_DEV_TABLE_PAGING_MODE_MASK, + IOMMU_DEV_TABLE_PAGING_MODE_SHIFT, &ldte.dte[0]); + set_field_in_reg_u32(IOMMU_CONTROL_ENABLED, ldte.dte[0], + IOMMU_DEV_TABLE_TRANSLATION_VALID_MASK, + IOMMU_DEV_TABLE_TRANSLATION_VALID_SHIFT, + &ldte.dte[0]); + set_field_in_reg_u32(valid ? IOMMU_CONTROL_ENABLED + : IOMMU_CONTROL_DISABLED, + ldte.dte[0], IOMMU_DEV_TABLE_VALID_MASK, + IOMMU_DEV_TABLE_VALID_SHIFT, &ldte.dte[0]); + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(dte, &old, &ldte.raw128); + + /* + * Hardware does not update the DTE behind our backs, so the + * return value should match "old". + */ + if ( res != old ) + { + printk(XENLOG_ERR + "Dom%d: unexpected DTE %016lx_%016lx (expected %016lx_%016lx)\n", + domain_id, + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + ret = -EILSEQ; + } + } + else /* Best effort, updating domain_id last. */ + { + uint64_t *ptr = (void *)dte; + + write_atomic(ptr + 0, ldte.raw64[0]); + /* No barrier should be needed between these two. */ + write_atomic(ptr + 1, ldte.raw64[1]); + + ret = 1; + } + + return ret; + } + if ( valid || get_field_from_reg_u32(dte0, IOMMU_DEV_TABLE_VALID_MASK, IOMMU_DEV_TABLE_VALID_SHIFT) ) @@ -183,9 +276,6 @@ void amd_iommu_set_root_page_table(uint32_t *dte, uint64_t root_ptr, IOMMU_DEV_TABLE_DOMAIN_ID_SHIFT, &entry); dte[2] = entry; - addr_lo = root_ptr & DMA_32BIT_MASK; - addr_hi = root_ptr >> 32; - set_field_in_reg_u32(addr_hi, 0, IOMMU_DEV_TABLE_PAGE_TABLE_PTR_HIGH_MASK, IOMMU_DEV_TABLE_PAGE_TABLE_PTR_HIGH_SHIFT, &entry); @@ -212,6 +302,20 @@ void amd_iommu_set_root_page_table(uint32_t *dte, uint64_t root_ptr, IOMMU_DEV_TABLE_VALID_MASK, IOMMU_DEV_TABLE_VALID_SHIFT, &entry); write_atomic(&dte[0], entry); + + return 0; +} + +paddr_t amd_iommu_get_root_page_table(const uint32_t *dte) +{ + uint32_t lo = get_field_from_reg_u32( + dte[0], IOMMU_DEV_TABLE_PAGE_TABLE_PTR_LOW_MASK, + IOMMU_DEV_TABLE_PAGE_TABLE_PTR_LOW_SHIFT); + uint32_t hi = get_field_from_reg_u32( + dte[1], IOMMU_DEV_TABLE_PAGE_TABLE_PTR_HIGH_MASK, + IOMMU_DEV_TABLE_PAGE_TABLE_PTR_HIGH_SHIFT); + + return ((paddr_t)hi << 32) | (lo << PAGE_SHIFT); } void iommu_dte_set_iotlb(uint32_t *dte, uint8_t i) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index e9153a5271..3cbb2e9b61 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -109,22 +109,60 @@ static void disable_translation(u32 *dte) dte[0] = entry; } -static void amd_iommu_setup_domain_device( +static int __must_check allocate_domain_resources(struct domain_iommu *hd) +{ + int rc; + + spin_lock(&hd->arch.mapping_lock); + rc = amd_iommu_alloc_root(hd); + spin_unlock(&hd->arch.mapping_lock); + + return rc; +} + +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct amd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + if ( pdev == exclude ) + continue; + + if ( find_iommu_for_device(pdev->seg, + PCI_BDF2(pdev->bus, pdev->devfn)) == iommu ) + return true; + } + + return false; +} + +static int __must_check amd_iommu_setup_domain_device( struct domain *domain, struct amd_iommu *iommu, u8 devfn, struct pci_dev *pdev) { - void *dte; + uint32_t *dte; unsigned long flags; - int req_id, valid = 1; - int dte_i = 0; + unsigned int req_id, sr_flags; + int dte_i = 0, rc; u8 bus = pdev->bus; - const struct domain_iommu *hd = dom_iommu(domain); + struct domain_iommu *hd = dom_iommu(domain); + const struct ivrs_mappings *ivrs_dev; + + BUG_ON(!hd->arch.paging_mode || !iommu->dev_table.buffer); - BUG_ON( !hd->arch.root_table || !hd->arch.paging_mode || - !iommu->dev_table.buffer ); + rc = allocate_domain_resources(hd); + if ( rc ) + return rc; - if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) - valid = 0; + req_id = get_dma_requestor_id(iommu->seg, + PCI_BDF2(pdev->bus, pdev->devfn)); + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + sr_flags = (iommu_hwdom_passthrough && is_hardware_domain(domain) + ? 0 : SET_ROOT_VALID) + | (ivrs_dev->unity_map ? SET_ROOT_WITH_UNITY_MAP : 0); if ( ats_enabled ) dte_i = 1; @@ -132,32 +170,87 @@ static void amd_iommu_setup_domain_device( /* get device-table entry */ req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); dte = iommu->dev_table.buffer + (req_id * IOMMU_DEV_TABLE_ENTRY_SIZE); + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; spin_lock_irqsave(&iommu->lock, flags); if ( !is_translation_valid((u32 *)dte) ) { /* bind DTE to domain page-tables */ - amd_iommu_set_root_page_table( - (u32 *)dte, page_to_maddr(hd->arch.root_table), domain->domain_id, - hd->arch.paging_mode, valid); + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode, sr_flags); + if ( rc ) + { + ASSERT(rc < 0); + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) iommu_dte_set_iotlb((u32 *)dte, dte_i); amd_iommu_flush_device(iommu, req_id); + } + else if ( amd_iommu_get_root_page_table(dte) != + page_to_maddr(hd->arch.root_table) ) + { + /* + * Strictly speaking if the device is the only one with this requestor + * ID, it could be allowed to be re-assigned regardless of unity map + * presence. But let's deal with that case only if it is actually + * found in the wild. + */ + if ( req_id != PCI_BDF2(bus, devfn) && + (sr_flags & SET_ROOT_WITH_UNITY_MAP) ) + rc = -EOPNOTSUPP; + else + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode, sr_flags); + if ( rc < 0 ) + { + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } + if ( rc && + domain != pdev->domain && + /* + * By non-atomically updating the DTE's domain ID field last, + * during a short window in time TLB entries with the old domain + * ID but the new page tables may have been inserted. This could + * affect I/O of other devices using this same (old) domain ID. + * Such updating therefore is not a problem if this was the only + * device associated with the old domain ID. Diverting I/O of any + * of a dying domain's devices to the quarantine page tables is + * intended anyway. + */ + !pdev->domain->is_dying && + (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || + pdev->phantom_stride) ) + printk(" %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", + pdev->seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + pdev->domain); - AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " - "root table = %#"PRIx64", " - "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode); + if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && + iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) + ASSERT(get_field_from_reg_u32( + dte[3], IOMMU_DEV_TABLE_IOTLB_SUPPORT_MASK, + IOMMU_DEV_TABLE_IOTLB_SUPPORT_SHIFT) == dte_i); + + amd_iommu_flush_device(iommu, req_id); } spin_unlock_irqrestore(&iommu->lock, flags); + AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " + "root table = %#"PRIx64", " + "domain = %d, paging mode = %d\n", + req_id, pdev->type, + page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode); + ASSERT(pcidevs_locked()); if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && @@ -168,6 +261,8 @@ static void amd_iommu_setup_domain_device( amd_iommu_flush_iotlb(devfn, pdev, INV_IOMMU_ALL_PAGES_ADDRESS, 0); } + + return 0; } int __init amd_iov_detect(void) @@ -211,17 +306,6 @@ int amd_iommu_alloc_root(struct domain_iommu *hd) return 0; } -static int __must_check allocate_domain_resources(struct domain_iommu *hd) -{ - int rc; - - spin_lock(&hd->arch.mapping_lock); - rc = amd_iommu_alloc_root(hd); - spin_unlock(&hd->arch.mapping_lock); - - return rc; -} - int __read_mostly amd_iommu_min_paging_mode = 1; static int amd_iommu_domain_init(struct domain *d) @@ -310,7 +394,6 @@ static int reassign_device(struct domain *source, struct domain *target, { struct amd_iommu *iommu; int bdf, rc; - struct domain_iommu *t = dom_iommu(target); const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); @@ -324,7 +407,15 @@ static int reassign_device(struct domain *source, struct domain *target, return -ENODEV; } - amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); + if ( rc ) + return rc; + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->arch.pdev_list); + pdev->domain = target; + } /* * If the device belongs to the hardware domain, and it has a unity mapping, @@ -340,27 +431,10 @@ static int reassign_device(struct domain *source, struct domain *target, return rc; } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->arch.pdev_list); - pdev->domain = dom_io; - } - - rc = allocate_domain_resources(t); - if ( rc ) - return rc; - - amd_iommu_setup_domain_device(target, iommu, devfn, pdev); AMD_IOMMU_DEBUG("Re-assign %04x:%02x:%02x.%u from dom%d to dom%d\n", pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->arch.pdev_list); - pdev->domain = target; - } - return 0; } @@ -491,8 +565,7 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) return -ENODEV; } - amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); - return 0; + return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 6c83810fc3..a3211ccdfb 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -78,8 +78,12 @@ void amd_iommu_share_p2m(struct domain *d); int get_dma_requestor_id(u16 seg, u16 bdf); void amd_iommu_set_intremap_table( u32 *dte, u64 intremap_ptr, u8 int_valid); -void amd_iommu_set_root_page_table( - u32 *dte, u64 root_ptr, u16 domain_id, u8 paging_mode, u8 valid); +#define SET_ROOT_VALID (1u << 0) +#define SET_ROOT_WITH_UNITY_MAP (1u << 1) +int __must_check amd_iommu_set_root_page_table( + uint32_t *dte, uint64_t root_ptr, uint16_t domain_id, uint8_t paging_mode, + unsigned int flags); +paddr_t amd_iommu_get_root_page_table(const uint32_t *dte); void iommu_dte_set_iotlb(u32 *dte, u8 i); void iommu_dte_add_device_entry(u32 *dte, struct ivrs_mappings *ivrs_dev); void iommu_dte_set_guest_cr3(u32 *dte, u16 dom_id, u64 gcr3, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:45:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:45:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299099.509578 (Exim 4.92) (envelope-from ) id 1nbjUs-0005Cq-8O; Tue, 05 Apr 2022 13:45:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299099.509578; Tue, 05 Apr 2022 13:45:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUs-0005Ci-5c; Tue, 05 Apr 2022 13:45:26 +0000 Received: by outflank-mailman (input) for mailman id 299099; Tue, 05 Apr 2022 13:45:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUr-0005CY-4d for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjUr-0001q9-3n for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjUr-0007cK-2t for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qoLvxo7PkH7W37QgpwsYKA72U63Q0n0b7/LGnAxVdDI=; b=2DGjkxJLdiklrS58+92AEJUFvE LfaUEkUoU4u59Rw/P2cqHwMhtdLUut0Ouh0GQr3uj/TAjUPIDbdYP/09sOe7IGbB16CQ+j1HBEPqR /mf1MRCygwpZgQpRtaxV6OG+HQQJOpPb/+Cu3c77ls04F5ihCm9njtsrmfv2UkgmFk1M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] VT-d: prepare for per-device quarantine page tables (part I) Message-Id: Date: Tue, 05 Apr 2022 13:45:25 +0000 commit 644a6669c18164ee46fc2da67252e7ac52be5db6 Author: Jan Beulich AuthorDate: Tue Apr 5 15:39:04 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:39:04 2022 +0200 VT-d: prepare for per-device quarantine page tables (part I) Arrange for domain ID and page table root to be passed around, the latter in particular to domain_pgd_maddr() such that taking it from the per-domain fields can be overridden. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: eb19326a328d49a6a4dc3930391b340f3bcd8948 master date: 2022-04-05 14:18:26 +0200 --- xen/drivers/passthrough/vtd/extern.h | 8 +++-- xen/drivers/passthrough/vtd/iommu.c | 62 ++++++++++++++++++++++++------------ xen/drivers/passthrough/vtd/quirks.c | 13 +++++--- 3 files changed, 54 insertions(+), 29 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index e6bd26cc65..e45650eba0 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -72,9 +72,10 @@ void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(void *va); int domain_context_mapping_one(struct domain *domain, struct iommu *iommu, uint8_t bus, uint8_t devfn, - const struct pci_dev *pdev, unsigned int mode); + const struct pci_dev *pdev, domid_t domid, + paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct iommu *iommu, - u8 bus, u8 devfn); + uint8_t bus, uint8_t devfn, domid_t domid); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); @@ -93,7 +94,8 @@ void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct iommu* iommu); void vtd_ops_postamble_quirk(struct iommu* iommu); int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, - uint8_t devfn, unsigned int mode); + uint8_t devfn, domid_t domid, paddr_t pgd_maddr, + unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index cd5c5e66b1..47a1c9c29f 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1405,12 +1405,12 @@ int domain_context_mapping_one( struct domain *domain, struct iommu *iommu, uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); struct context_entry *context, *context_entries, lctxt; __uint128_t old; - u64 maddr, pgd_maddr; + uint64_t maddr; uint16_t seg = iommu->intel->drhd->segment, prev_did = 0; struct domain *prev_dom = NULL; int agaw, rc, ret; @@ -1451,10 +1451,12 @@ int domain_context_mapping_one( } else { + paddr_t root = pgd_maddr; + spin_lock(&hd->arch.mapping_lock); /* Ensure we have pagetables allocated down to leaf PTE. */ - if ( hd->arch.pgd_maddr == 0 ) + if ( !root ) { addr_to_dma_page_maddr(domain, 0, 1); if ( hd->arch.pgd_maddr == 0 ) @@ -1467,22 +1469,24 @@ int domain_context_mapping_one( rcu_unlock_domain(prev_dom); return -ENOMEM; } + + root = hd->arch.pgd_maddr; } /* Skip top levels of page tables for 2- and 3-level DRHDs. */ - pgd_maddr = hd->arch.pgd_maddr; for ( agaw = level_to_agaw(4); agaw != level_to_agaw(iommu->nr_pt_levels); agaw-- ) { - struct dma_pte *p = map_vtd_domain_page(pgd_maddr); - pgd_maddr = dma_pte_addr(*p); + struct dma_pte *p = map_vtd_domain_page(root); + + root = dma_pte_addr(*p); unmap_vtd_domain_page(p); - if ( pgd_maddr == 0 ) + if ( !root ) goto nomem; } - context_set_address_root(lctxt, pgd_maddr); + context_set_address_root(lctxt, root); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else @@ -1598,15 +1602,21 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, mode); + rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); if ( rc ) { if ( !prev_dom ) - domain_context_unmap_one(domain, iommu, bus, devfn); + domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + { + hd = dom_iommu(prev_dom); domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + domain->domain_id, + hd->arch.pgd_maddr, mode & MAP_WITH_RMRR); + } } if ( prev_dom ) @@ -1623,6 +1633,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; + paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1678,7 +1689,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret > 0 ) ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) @@ -1693,7 +1705,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret < 0 ) break; prev_present = ret; @@ -1719,7 +1732,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1734,7 +1748,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); if ( ret ) { @@ -1763,7 +1778,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct iommu *iommu, - u8 bus, u8 devfn) + uint8_t bus, uint8_t devfn, domid_t domid) { struct context_entry *context, *context_entries; u64 maddr; @@ -1821,7 +1836,7 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->intel->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); return rc; } @@ -1860,7 +1875,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, printk(VTDPREFIX "d%d:PCIe: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1870,7 +1886,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( ret ) break; @@ -1882,14 +1899,17 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, /* PCIe to PCI/PCIx bridge */ if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); if ( ret ) return ret; - ret = domain_context_unmap_one(domain, iommu, secbus, 0); + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + domain->domain_id); } else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 68e8ecd09d..5373930c0f 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -331,6 +331,8 @@ void __init platform_quirks_init(void) static int __must_check map_me_phantom_function(struct domain *domain, unsigned int dev, + domid_t domid, + paddr_t pgd_maddr, unsigned int mode) { struct acpi_drhd_unit *drhd; @@ -344,16 +346,17 @@ static int __must_check map_me_phantom_function(struct domain *domain, /* map or unmap ME phantom function */ if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL, mode); + PCI_DEVFN(dev, 7), NULL, + domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7)); + PCI_DEVFN(dev, 7), domid); return rc; } int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { u32 id; int rc = 0; @@ -377,7 +380,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, mode); + rc = map_me_phantom_function(domain, 3, domid, pgd_maddr, mode); break; default: break; @@ -403,7 +406,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, mode); + rc = map_me_phantom_function(domain, 22, domid, pgd_maddr, mode); break; default: break; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:45:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:45:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299100.509584 (Exim 4.92) (envelope-from ) id 1nbjV2-0005Fj-AQ; Tue, 05 Apr 2022 13:45:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299100.509584; Tue, 05 Apr 2022 13:45:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjV2-0005FZ-78; Tue, 05 Apr 2022 13:45:36 +0000 Received: by outflank-mailman (input) for mailman id 299100; Tue, 05 Apr 2022 13:45:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjV1-0005FP-7u for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjV1-0001qJ-72 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjV1-0007dH-6K for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bRN2DooiVW4bE3E8Gz4pW66LflkxZuN14fKCbzrZGuA=; b=FNpZ3BxY+yvB5IZD6pm97leyZy wxG0z4PpsC4UwJf2wwaaLENvQbm/nIuR6Z6zq2F+n28RbQjWUxsGl53GzvpUV71qI7WJbI07Js1i/ 2kdoZR4wjVFlrAaxCthvLWM5UsLHkAqxPKpUorNX9omGbolELo91GBfJ9EXFKSJyzCcM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] VT-d: prepare for per-device quarantine page tables (part II) Message-Id: Date: Tue, 05 Apr 2022 13:45:35 +0000 commit e3be966b9cc9143ca6ec6bb7df0c4cb7a6fd317a Author: Jan Beulich AuthorDate: Tue Apr 5 15:39:43 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:39:43 2022 +0200 VT-d: prepare for per-device quarantine page tables (part II) Replace the passing of struct domain * by domid_t in preparation of per-device quarantine page tables also requiring per-device pseudo domain IDs, which aren't going to be associated with any struct domain instances. No functional change intended (except for slightly adjusted log message text). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 7131163c4806e3c7de24873164d1a003d2a27dee master date: 2022-04-05 14:18:48 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 47a1c9c29f..88ef84336e 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -52,8 +52,8 @@ static struct tasklet vtd_fault_tasklet; static int setup_hwdom_device(u8 devfn, struct pci_dev *); static void setup_hwdom_rmrr(struct domain *d); -static int domain_iommu_domid(struct domain *d, - struct iommu *iommu) +static int get_iommu_did(domid_t domid, const struct iommu *iommu, + bool warn) { unsigned long nr_dom, i; @@ -61,23 +61,24 @@ static int domain_iommu_domid(struct domain *d, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) return i; i = find_next_bit(iommu->domid_bitmap, nr_dom, i+1); } - dprintk(XENLOG_ERR VTDPREFIX, - "Cannot get valid iommu domid: domid=%d iommu->index=%d\n", - d->domain_id, iommu->index); + if ( warn ) + dprintk(XENLOG_ERR VTDPREFIX, + "No valid iommu %u domid for Dom%d\n", + iommu->index, domid); + return -1; } #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 static int context_set_domain_id(struct context_entry *context, - struct domain *d, - struct iommu *iommu) + domid_t domid, struct iommu *iommu) { unsigned long nr_dom, i; int found = 0; @@ -88,7 +89,7 @@ static int context_set_domain_id(struct context_entry *context, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) { found = 1; break; @@ -104,7 +105,7 @@ static int context_set_domain_id(struct context_entry *context, dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: no free domain ids\n"); return -EFAULT; } - iommu->domid_map[i] = d->domain_id; + iommu->domid_map[i] = domid; } set_bit(i, iommu->domid_bitmap); @@ -131,9 +132,9 @@ static void __init free_intel_iommu(struct intel_iommu *intel) xfree(intel); } -static void cleanup_domid_map(struct domain *domain, struct iommu *iommu) +static void cleanup_domid_map(domid_t domid, struct iommu *iommu) { - int iommu_domid = domain_iommu_domid(domain, iommu); + int iommu_domid = get_iommu_did(domid, iommu, false); if ( iommu_domid >= 0 ) { @@ -189,7 +190,7 @@ static void check_cleanup_domid_map(struct domain *d, if ( !found ) { clear_bit(iommu->index, &dom_iommu(d)->arch.iommu_bitmap); - cleanup_domid_map(d, iommu); + cleanup_domid_map(d->domain_id, iommu); } } @@ -670,7 +671,7 @@ static int __must_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, continue; flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - iommu_domid= domain_iommu_domid(d, iommu); + iommu_domid = get_iommu_did(d->domain_id, iommu, !d->is_dying); if ( iommu_domid == -1 ) continue; @@ -1495,7 +1496,7 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); } - rc = context_set_domain_id(&lctxt, domain, iommu); + rc = context_set_domain_id(&lctxt, domid, iommu); if ( rc ) { unlock: @@ -1803,7 +1804,7 @@ int domain_context_unmap_one( context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid= domain_iommu_domid(domain, iommu); + iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); if ( iommu_domid == -1 ) { spin_unlock(&iommu->lock); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:45:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:45:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299101.509587 (Exim 4.92) (envelope-from ) id 1nbjVC-0005KI-Bs; Tue, 05 Apr 2022 13:45:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299101.509587; Tue, 05 Apr 2022 13:45:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjVC-0005KA-8b; Tue, 05 Apr 2022 13:45:46 +0000 Received: by outflank-mailman (input) for mailman id 299101; Tue, 05 Apr 2022 13:45:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjVB-0005K2-BS for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjVB-0001qT-AZ for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjVB-0007eM-9h for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r/hRO1Ui3RLCHVALn2evnRRUZq6/GNbMyrooCVrXhXo=; b=lfMUEs09BVDISOw2TaMw/4xF7F mOqCjb0n1+h+bzYGPcov/Cre37S5SM7iqOfArxtp6EmYy6Qp/yxN6NjMnM4TZQCYIPL0Kjue8j7DW dalWg7tYbVca8JGyPpH+JcXtIyHGmD3JLHFlMcJ1q9pqDXD7UgUt1y7rsy0vwHeojQmE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] IOMMU/x86: maintain a per-device pseudo domain ID Message-Id: Date: Tue, 05 Apr 2022 13:45:45 +0000 commit 5776043ebb54345ded7530051e2a4377b3875cc2 Author: Jan Beulich AuthorDate: Tue Apr 5 15:40:21 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:40:21 2022 +0200 IOMMU/x86: maintain a per-device pseudo domain ID In order to subsequently enable per-device quarantine page tables, we'll need domain-ID-like identifiers to be inserted in the respective device (AMD) or context (Intel) table entries alongside the per-device page table root addresses. Make use of "real" domain IDs occupying only half of the value range coverable by domid_t. Note that in VT-d's iommu_alloc() I didn't want to introduce new memory leaks in case of error, but existing ones don't get plugged - that'll be the subject of a later change. The VT-d changes are slightly asymmetric, but this way we can avoid assigning pseudo domain IDs to devices which would never be mapped while still avoiding to add a new parameter to domain_context_unmap(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 97af062b89d52c0ecf7af254b53345c97d438e33 master date: 2022-04-05 14:19:10 +0200 --- xen/drivers/passthrough/amd/iommu_detect.c | 8 +++ xen/drivers/passthrough/amd/pci_amd_iommu.c | 23 ++++++++- xen/drivers/passthrough/pci.c | 12 +++-- xen/drivers/passthrough/vtd/iommu.c | 77 ++++++++++++++++++++++------- xen/drivers/passthrough/vtd/iommu.h | 1 + xen/drivers/passthrough/x86/iommu.c | 47 ++++++++++++++++++ xen/include/asm-x86/amd-iommu.h | 1 + xen/include/asm-x86/iommu.h | 4 ++ xen/include/asm-x86/pci.h | 6 +++ xen/include/public/xen.h | 3 ++ 10 files changed, 160 insertions(+), 22 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_detect.c b/xen/drivers/passthrough/amd/iommu_detect.c index 3c5d4de1a3..43c35037bc 100644 --- a/xen/drivers/passthrough/amd/iommu_detect.c +++ b/xen/drivers/passthrough/amd/iommu_detect.c @@ -150,6 +150,11 @@ int __init amd_iommu_detect_one_acpi( if ( rt ) goto out; + iommu->domid_map = iommu_init_domid(); + rt = -ENOMEM; + if ( !iommu->domid_map ) + goto out; + rt = pci_ro_device(iommu->seg, bus, PCI_DEVFN(dev, func)); if ( rt ) printk(XENLOG_ERR @@ -161,7 +166,10 @@ int __init amd_iommu_detect_one_acpi( out: if ( rt ) + { + xfree(iommu->domid_map); xfree(iommu); + } return rt; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 3cbb2e9b61..301a8f1229 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -541,6 +541,8 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct amd_iommu *iommu; u16 bdf; + bool fresh_domid = false; + int ret; if ( !pdev->domain ) return -EINVAL; @@ -565,7 +567,22 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) return -ENODEV; } - return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = iommu_alloc_domid(iommu->domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + fresh_domid = true; + } + + ret = amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( ret && fresh_domid ) + { + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + + return ret; } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) @@ -587,6 +604,10 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) } amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + return 0; } diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 6b87febc3d..f4d9777b52 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -343,6 +343,7 @@ static struct pci_dev *alloc_pdev(struct pci_seg *pseg, u8 bus, u8 devfn) *((u8*) &pdev->bus) = bus; *((u8*) &pdev->devfn) = devfn; pdev->domain = NULL; + pdev->arch.pseudo_domid = DOMID_INVALID; INIT_LIST_HEAD(&pdev->msi_list); if ( pci_find_cap_offset(pseg->nr, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), @@ -1311,10 +1312,13 @@ static int _dump_pci_devices(struct pci_seg *pseg, void *arg) list_for_each_entry ( pdev, &pseg->alldevs_list, alldevs_list ) { - printk("%04x:%02x:%02x.%u - dom %-3d - node %-3d - MSIs < ", - pseg->nr, pdev->bus, - PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn), - pdev->domain ? pdev->domain->domain_id : -1, + printk("%04x:%02x:%02x.%u - ", pseg->nr, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); + if ( pdev->domain == dom_io ) + printk("DomIO:%x", pdev->arch.pseudo_domid); + else if ( pdev->domain ) + printk("Dom%d", pdev->domain->domain_id); + printk(" - node %-3d - MSIs < ", (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); list_for_each_entry ( msi, &pdev->msi_list, list ) printk("%d ", msi->irq); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 88ef84336e..7c09ef77ed 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -1234,7 +1235,7 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { struct iommu *iommu; unsigned long sagaw, nr_dom; - int agaw; + int agaw, rc; if ( nr_iommus > MAX_IOMMUS ) { @@ -1324,10 +1325,19 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) if ( !iommu->domid_map ) return -ENOMEM ; + iommu->pseudo_domid_map = iommu_init_domid(); + rc = -ENOMEM; + if ( !iommu->pseudo_domid_map ) + goto free; + spin_lock_init(&iommu->lock); spin_lock_init(&iommu->register_lock); return 0; + + free: + iommu_free(drhd); + return rc; } void __init iommu_free(struct acpi_drhd_unit *drhd) @@ -1350,6 +1360,7 @@ void __init iommu_free(struct acpi_drhd_unit *drhd) xfree(iommu->domid_bitmap); xfree(iommu->domid_map); + xfree(iommu->pseudo_domid_map); free_intel_iommu(iommu->intel); if ( iommu->msi.irq >= 0 ) @@ -1626,8 +1637,8 @@ int domain_context_mapping_one( return rc ?: pdev && prev_dom; } -static int domain_context_unmap(struct domain *d, uint8_t devfn, - struct pci_dev *pdev); +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *d, uint8_t devfn, struct pci_dev *pdev); static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) @@ -1635,6 +1646,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; + domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1685,6 +1697,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCIe_ENDPOINT: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "d%d:PCIe: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, @@ -1700,6 +1720,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCI: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, @@ -1773,6 +1801,13 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && devfn == pdev->devfn ) pci_vtd_quirk(pdev); + if ( ret && drhd && orig_domid == DOMID_INVALID ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return ret; } @@ -1842,8 +1877,10 @@ int domain_context_unmap_one( return rc; } -static int domain_context_unmap(struct domain *domain, u8 devfn, - struct pci_dev *pdev) +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *domain, + uint8_t devfn, + struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; struct iommu *iommu; @@ -1852,7 +1889,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) - return -ENODEV; + return ERR_PTR(-ENODEV); iommu = drhd->iommu; switch ( pdev->type ) @@ -1863,7 +1900,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); if ( !is_hardware_domain(domain) ) - return -EPERM; + return ERR_PTR(-EPERM); goto out; case DEV_TYPE_PCIe_BRIDGE: @@ -1902,11 +1939,9 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, { ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, domain->domain_id); - if ( ret ) - return ret; - - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - domain->domain_id); + if ( !ret ) + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + domain->domain_id); } else /* Legacy PCI bridge */ ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, @@ -1926,7 +1961,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, check_cleanup_domid_map(domain, pdev, iommu); out: - return ret; + return ret ? ERR_PTR(ret) : drhd; } static void iommu_domain_teardown(struct domain *d) @@ -2152,16 +2187,17 @@ static int intel_iommu_enable_device(struct pci_dev *pdev) static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { + const struct acpi_drhd_unit *drhd; struct acpi_rmrr_unit *rmrr; u16 bdf; - int ret, i; + unsigned int i; if ( !pdev->domain ) return -EINVAL; - ret = domain_context_unmap(pdev->domain, devfn, pdev); - if ( ret ) - return ret; + drhd = domain_context_unmap(pdev->domain, devfn, pdev); + if ( IS_ERR(drhd) ) + return PTR_ERR(drhd); for_each_rmrr_device ( rmrr, bdf, i ) { @@ -2178,6 +2214,13 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + if ( drhd ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index fce03a9f4a..e8346e29b6 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -541,6 +541,7 @@ struct iommu { struct msi_desc msi; struct intel_iommu *intel; struct list_head ats_devices; + unsigned long *pseudo_domid_map; /* "pseudo" domain id bitmap */ unsigned long *domid_bitmap; /* domain id bitmap */ u16 *domid_map; /* domain id mapping array */ }; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 519353f81a..bee2028de2 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -373,6 +373,53 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) return; } +unsigned long *__init iommu_init_domid(void) +{ + if ( !iommu_quarantine ) + return ZERO_BLOCK_PTR; + + BUILD_BUG_ON(DOMID_MASK * 2U >= UINT16_MAX); + + return xzalloc_array(unsigned long, + BITS_TO_LONGS(UINT16_MAX - DOMID_MASK)); +} + +domid_t iommu_alloc_domid(unsigned long *map) +{ + /* + * This is used uniformly across all IOMMUs, such that on typical + * systems we wouldn't re-use the same ID very quickly (perhaps never). + */ + static unsigned int start; + unsigned int idx = find_next_zero_bit(map, UINT16_MAX - DOMID_MASK, start); + + ASSERT(pcidevs_locked()); + + if ( idx >= UINT16_MAX - DOMID_MASK ) + idx = find_first_zero_bit(map, UINT16_MAX - DOMID_MASK); + if ( idx >= UINT16_MAX - DOMID_MASK ) + return DOMID_INVALID; + + __set_bit(idx, map); + + start = idx + 1; + + return idx | (DOMID_MASK + 1); +} + +void iommu_free_domid(domid_t domid, unsigned long *map) +{ + ASSERT(pcidevs_locked()); + + if ( domid == DOMID_INVALID ) + return; + + ASSERT(domid > DOMID_MASK); + + if ( !__test_and_clear_bit(domid & DOMID_MASK, map) ) + BUG(); +} + /* * Local variables: * mode: C diff --git a/xen/include/asm-x86/amd-iommu.h b/xen/include/asm-x86/amd-iommu.h index 1bba272379..ab2c0983f7 100644 --- a/xen/include/asm-x86/amd-iommu.h +++ b/xen/include/asm-x86/amd-iommu.h @@ -97,6 +97,7 @@ struct amd_iommu { struct ring_buffer cmd_buffer; struct ring_buffer event_log; struct ring_buffer ppr_log; + unsigned long *domid_map; int exclusion_enable; int exclusion_allow_all; diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index b8d2951b12..bab00f6ae4 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -112,6 +112,10 @@ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, ops->sync_cache(addr, size); \ }) +unsigned long *iommu_init_domid(void); +domid_t iommu_alloc_domid(unsigned long *map); +void iommu_free_domid(domid_t domid, unsigned long *map); + #endif /* !__ARCH_X86_IOMMU_H__ */ /* * Local variables: diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index cc05045e9c..70ed48e309 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -15,6 +15,12 @@ struct arch_pci_dev { vmask_t used_vectors; + /* + * These fields are (de)initialized under pcidevs-lock. Other uses of + * them don't race (de)initialization and hence don't strictly need any + * locking. + */ + domid_t pseudo_domid; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index 0d395404b0..88182d4004 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -584,6 +584,9 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t); /* Idle domain. */ #define DOMID_IDLE xen_mk_uint(0x7FFF) +/* Mask for valid domain id values */ +#define DOMID_MASK xen_mk_uint(0x7FFF) + #ifndef __ASSEMBLY__ typedef uint16_t domid_t; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:45:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:45:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299102.509591 (Exim 4.92) (envelope-from ) id 1nbjVM-0005NS-FX; Tue, 05 Apr 2022 13:45:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299102.509591; Tue, 05 Apr 2022 13:45:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjVM-0005NK-CE; Tue, 05 Apr 2022 13:45:56 +0000 Received: by outflank-mailman (input) for mailman id 299102; Tue, 05 Apr 2022 13:45:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjVL-0005NE-EJ for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjVL-0001qm-DZ for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjVL-0007fQ-Cw for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:45:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/gvX6EIrehRPDpcGlokcdoKRukcE9bspz5aZIFYvGsM=; b=uqNs0cGy9IVxhfH3yNIru9wilu s2UqeQenDO8d0Css6P1f4US/vljWZB33LB8lkqjyeG6+/4lgZCi3UhQngqMx2zX3MjrcGzLDow6gv S1RCXLa8Efreo6Brw99sU98KHzewWV1z0BqUfoMYwUEI0NFDn5Cj0yXIs49Scz9S7jMI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] IOMMU/x86: drop TLB flushes from quarantine_init() hooks Message-Id: Date: Tue, 05 Apr 2022 13:45:55 +0000 commit d15a9c9a05d5a33a323f6584d91bc693fd3c0338 Author: Jan Beulich AuthorDate: Tue Apr 5 15:41:05 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:41:05 2022 +0200 IOMMU/x86: drop TLB flushes from quarantine_init() hooks The page tables just created aren't hooked up yet anywhere, so there's nothing that could be present in any TLB, and hence nothing to flush. Dropping this flush is, at least on the VT-d side, a prereq to per- device domain ID use when quarantining devices, as dom_io isn't going to be assigned a DID anymore: The warning in get_iommu_did() would trigger. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 54c5cef49239e2f27ec3b3fc8804bf57aa4bf46d master date: 2022-04-05 14:19:42 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 2 -- xen/drivers/passthrough/vtd/iommu.c | 5 +---- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 2986ae5fc9..0b619e235e 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -840,8 +840,6 @@ int __init amd_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - amd_iommu_flush_all_pages(d); - /* Pages leaked in failure case */ return level ? -ENOMEM : 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 7c09ef77ed..b0918643b3 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2858,7 +2858,6 @@ static int __init intel_iommu_quarantine_init(struct domain *d) struct dma_pte *parent; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); - int rc; if ( hd->arch.pgd_maddr ) { @@ -2905,10 +2904,8 @@ static int __init intel_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - rc = iommu_flush_iotlb_all(d); - /* Pages leaked in failure case */ - return level ? -ENOMEM : rc; + return level ? -ENOMEM : 0; } const struct iommu_ops __initconstrel intel_iommu_ops = { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:46:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:46:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299103.509595 (Exim 4.92) (envelope-from ) id 1nbjVW-0005QP-H9; Tue, 05 Apr 2022 13:46:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299103.509595; Tue, 05 Apr 2022 13:46:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjVW-0005QH-Dj; Tue, 05 Apr 2022 13:46:06 +0000 Received: by outflank-mailman (input) for mailman id 299103; Tue, 05 Apr 2022 13:46:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjVV-0005Q7-H6 for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:46:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjVV-0001rT-GM for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:46:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjVV-0007gy-Fm for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:46:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yZIcXNAEdd8Bjn7h982YM2TvDP58Hiyyxu22EPKEXOo=; b=Vv8EwclhiKuLkzmnKrBVlwRfMf 1SMntBmrVGuJGtHOYJRzsqVI1BwkkGEpaSyiytfcb8SmvDUCtvtUzLU9Etb3oB30gPvTQdeepOtCM Hjju7P0SQA2IK3PG2m8ZHlG8BMfLGwwj5QMKHgxq2HOtyju+YwkfUgk4VgPvWvRSMSyw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] AMD/IOMMU: abstract maximum number of page table levels Message-Id: Date: Tue, 05 Apr 2022 13:46:05 +0000 commit 0af8d2dfc39f5841b5ccc2298487d5e2d3035145 Author: Jan Beulich AuthorDate: Tue Apr 5 15:42:01 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:42:01 2022 +0200 AMD/IOMMU: abstract maximum number of page table levels We will want to use the constant elsewhere. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: a038b514c1e970a8dc32229cbd31f6769ee61ad5 master date: 2022-04-05 14:20:04 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 2 +- xen/include/asm-x86/hvm/svm/amd-iommu-defs.h | 2 ++ xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 0b619e235e..62bcfc5af7 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -477,7 +477,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, table = hd->arch.root_table; level = hd->arch.paging_mode; - BUG_ON( table == NULL || level < 1 || level > 6 ); + BUG_ON( table == NULL || level < 1 || level > IOMMU_MAX_PT_LEVELS ); /* * A frame number past what the current page tables can represent can't diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h b/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h index d9ec20cc90..ee3380c131 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h @@ -114,6 +114,8 @@ #define IOMMU_DEV_TABLE_PAGE_TABLE_PTR_LOW_MASK 0xFFFFF000 #define IOMMU_DEV_TABLE_PAGE_TABLE_PTR_LOW_SHIFT 12 +#define IOMMU_MAX_PT_LEVELS 6 + /* DeviceTable Entry[63:32] */ #define IOMMU_DEV_TABLE_GV_SHIFT 23 #define IOMMU_DEV_TABLE_GV_MASK 0x800000 diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index a3211ccdfb..35b7d9eb23 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -185,7 +185,7 @@ static inline int amd_iommu_get_paging_mode(unsigned long max_frames) while ( max_frames > PTE_PER_TABLE_SIZE ) { max_frames = PTE_PER_TABLE_ALIGN(max_frames) >> PTE_PER_TABLE_SHIFT; - if ( ++level > 6 ) + if ( ++level > IOMMU_MAX_PT_LEVELS ) return -ENOMEM; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Apr 05 13:46:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Apr 2022 13:46:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299104.509599 (Exim 4.92) (envelope-from ) id 1nbjVg-0005TF-Ig; Tue, 05 Apr 2022 13:46:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299104.509599; Tue, 05 Apr 2022 13:46:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjVg-0005T8-FI; Tue, 05 Apr 2022 13:46:16 +0000 Received: by outflank-mailman (input) for mailman id 299104; Tue, 05 Apr 2022 13:46:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjVf-0005T0-Kj for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:46:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbjVf-0001re-Ju for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:46:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbjVf-0007hq-JE for xen-changelog@lists.xenproject.org; Tue, 05 Apr 2022 13:46:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gpaJP2Wflhu1f3RPuA9yLAOu3XyGI4WE9ui1dXPUa/U=; b=HsNwmRB0UuJ3mNiLxelvoXgS0B F1Us3FgQMTJnGR0wJxcpj2f2MEcSOzhrBhfzkeGrULUPdJeoIOupg73NSjBdI1h3iVW0RzUhYhlCD YBWL+s9sn9e8tz+Gb9NeL17StPLC99H5G4OlzfbSPGXf+WomKm6bMUG88NKLjbVvfFfE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] IOMMU/x86: use per-device page tables for quarantining Message-Id: Date: Tue, 05 Apr 2022 13:46:15 +0000 commit c633ec9451e76015c409bd5119ffcb0f2e61fe8b Author: Jan Beulich AuthorDate: Tue Apr 5 15:42:45 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:42:45 2022 +0200 IOMMU/x86: use per-device page tables for quarantining Devices with RMRRs / unity mapped regions, due to it being unspecified how/when these memory regions may be accessed, may not be left disconnected from the mappings of these regions (as long as it's not certain that the device has been fully quiesced). Hence even the page tables used when quarantining such devices need to have mappings of those regions. This implies installing page tables in the first place even when not in scratch-page quarantining mode. This is CVE-2022-26361 / part of XSA-400. While for the purpose here it would be sufficient to have devices with RMRRs / unity mapped regions use per-device page tables, extend this to all devices (in scratch-page quarantining mode). This allows the leaf pages to be mapped r/w, thus covering also memory writes (rather than just reads) issued by non-quiescent devices. Set up quarantine page tables as late as possible, yet early enough to not encounter failure during de-assign. This means setup generally happens in assign_device(), while (for now) the one in deassign_device() is there mainly to be on the safe side. In VT-d's DID allocation function don't require the IOMMU lock to be held anymore: All involved code paths hold pcidevs_lock, so this way we avoid the need to acquire the IOMMU lock around the new call to context_set_domain_id(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 14dd241aad8af447680ac73e8579990e2c09c1e7 master date: 2022-04-05 14:24:18 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/amd/iommu_map.c | 168 +++++++++++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 39 ++-- xen/drivers/passthrough/iommu.c | 16 +- xen/drivers/passthrough/pci.c | 20 ++- xen/drivers/passthrough/vtd/iommu.c | 247 +++++++++++++++++++------- xen/drivers/passthrough/vtd/iommu.h | 2 +- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 3 +- xen/include/asm-x86/pci.h | 13 ++ xen/include/xen/iommu.h | 3 +- 10 files changed, 378 insertions(+), 135 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 266b6a0416..c7bf160be9 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1424,7 +1424,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int ret; - if ( !paging_mode_translate(p2m->domain) ) + if ( !paging_mode_translate(d) ) { if ( !has_iommu_pt(d) ) return 0; diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 62bcfc5af7..9bdf9e25e4 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -784,64 +784,150 @@ void amd_iommu_share_p2m(struct domain *d) } } -int __init amd_iommu_quarantine_init(struct domain *d) +static int fill_qpt(uint64_t *this, unsigned int level, + struct page_info *pgs[IOMMU_MAX_PT_LEVELS], + struct pci_dev *pdev) { - struct domain_iommu *hd = dom_iommu(d); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_PER_TABLE_SIZE; ++i ) + { + uint32_t *pte = (uint32_t *)&this[i]; + uint64_t *next; + + if ( !get_field_from_reg_u32(pte[0], IOMMU_PTE_PRESENT_MASK, + IOMMU_PTE_PRESENT_SHIFT) ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = alloc_amd_iommu_pgtable(); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + page_list_add(pgs[level], &pdev->arch.pgtables_list); + + if ( level ) + { + next = __map_domain_page(pgs[level]); + rc = fill_qpt(next, level - 1, pgs, pdev); + unmap_domain_page(next); + } + } + + /* + * PDEs are essentially a subset of PTEs, so this function + * is fine to use even at the leaf. + */ + set_iommu_pde_present(pte, mfn_x(page_to_mfn(pgs[level])), level, + true, true); + } + else if ( level && + get_field_from_reg_u32(pte[0], + IOMMU_PDE_NEXT_LEVEL_MASK, + IOMMU_PDE_NEXT_LEVEL_SHIFT) ) + { + paddr_t addr_hi = get_field_from_reg_u32(pte[1], + IOMMU_PTE_ADDR_HIGH_MASK, + IOMMU_PTE_ADDR_HIGH_SHIFT); + paddr_t addr_lo = get_field_from_reg_u32(pte[0], + IOMMU_PTE_ADDR_LOW_MASK, + IOMMU_PTE_ADDR_LOW_SHIFT); + unsigned long mfn = (addr_hi << (32 - PAGE_SHIFT)) | addr_lo; + + page_list_add(mfn_to_page(_mfn(mfn)), &pdev->arch.pgtables_list); + next = map_domain_page(_mfn(mfn)); + rc = fill_qpt(next, level - 1, pgs, pdev); + unmap_domain_page(next); + } + } + + return rc; +} + +int amd_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); unsigned long end_gfn = 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT); unsigned int level = amd_iommu_get_paging_mode(end_gfn); - uint64_t *table; + unsigned int req_id = get_dma_requestor_id(pdev->seg, + PCI_BDF2(pdev->bus, pdev->devfn)); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + int rc; - if ( hd->arch.root_table ) + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.root_table); + + ASSERT(pdev->arch.pseudo_domid != DOMID_INVALID); + + if ( pdev->arch.amd.root_table ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + pdev->arch.amd.root_table = alloc_amd_iommu_pgtable(); + if ( !pdev->arch.amd.root_table ) + return -ENOMEM; - hd->arch.root_table = alloc_amd_iommu_pgtable(); - if ( !hd->arch.root_table ) - goto out; + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.root_table = pdev->arch.amd.root_table; - table = __map_domain_page(hd->arch.root_table); - while ( level ) + rc = amd_iommu_reserve_domain_unity_map(dom_io, + ivrs_mappings[req_id].unity_map, + 0); + + iommu_identity_map_teardown(dom_io); + hd->arch.root_table = NULL; + + if ( rc ) + printk("%04x:%02x:%02x.%u: quarantine unity mapping failed\n", + pdev->seg, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); + else { - struct page_info *pg; - unsigned int i; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = alloc_amd_iommu_pgtable(); - if ( !pg ) - break; - - for ( i = 0; i < PTE_PER_TABLE_SIZE; i++ ) - { - uint32_t *pde = (uint32_t *)&table[i]; + uint64_t *root; + struct page_info *pgs[IOMMU_MAX_PT_LEVELS] = {}; - /* - * PDEs are essentially a subset of PTEs, so this function - * is fine to use even at the leaf. - */ - set_iommu_pde_present(pde, mfn_x(page_to_mfn(pg)), level - 1, - false, true); - } + spin_lock(&hd->arch.mapping_lock); - unmap_domain_page(table); - table = __map_domain_page(pg); - level--; + root = __map_domain_page(pdev->arch.amd.root_table); + rc = fill_qpt(root, level - 1, pgs, pdev); + unmap_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_domain_page(table); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc ) + amd_iommu_quarantine_teardown(pdev); + + return rc; +} + +void amd_iommu_quarantine_teardown(struct pci_dev *pdev) +{ + struct page_info *pg; + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.amd.root_table ) + return; + + while ( (pg = page_list_remove_head(&pdev->arch.pgtables_list)) ) + free_amd_iommu_pgtable(pg); - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + pdev->arch.amd.root_table = NULL; } /* diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 301a8f1229..567472e48d 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -150,6 +150,8 @@ static int __must_check amd_iommu_setup_domain_device( u8 bus = pdev->bus; struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; + const struct page_info *root_pg; + domid_t domid; BUG_ON(!hd->arch.paging_mode || !iommu->dev_table.buffer); @@ -172,14 +174,25 @@ static int __must_check amd_iommu_setup_domain_device( dte = iommu->dev_table.buffer + (req_id * IOMMU_DEV_TABLE_ENTRY_SIZE); ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + if ( domain != dom_io ) + { + root_pg = hd->arch.root_table; + domid = domain->domain_id; + } + else + { + root_pg = pdev->arch.amd.root_table; + domid = pdev->arch.pseudo_domid; + } + spin_lock_irqsave(&iommu->lock, flags); if ( !is_translation_valid((u32 *)dte) ) { /* bind DTE to domain page-tables */ rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.paging_mode, sr_flags); if ( rc ) { ASSERT(rc < 0); @@ -193,8 +206,7 @@ static int __must_check amd_iommu_setup_domain_device( amd_iommu_flush_device(iommu, req_id); } - else if ( amd_iommu_get_root_page_table(dte) != - page_to_maddr(hd->arch.root_table) ) + else if ( amd_iommu_get_root_page_table(dte) != page_to_maddr(root_pg) ) { /* * Strictly speaking if the device is the only one with this requestor @@ -207,8 +219,8 @@ static int __must_check amd_iommu_setup_domain_device( rc = -EOPNOTSUPP; else rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.paging_mode, sr_flags); if ( rc < 0 ) { spin_unlock_irqrestore(&iommu->lock, flags); @@ -227,6 +239,7 @@ static int __must_check amd_iommu_setup_domain_device( * intended anyway. */ !pdev->domain->is_dying && + pdev->domain != dom_io && (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || pdev->phantom_stride) ) printk(" %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", @@ -247,9 +260,8 @@ static int __must_check amd_iommu_setup_domain_device( AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " "root table = %#"PRIx64", " "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode); + req_id, pdev->type, page_to_maddr(root_pg), + domid, hd->arch.paging_mode); ASSERT(pcidevs_locked()); @@ -296,7 +308,7 @@ int __init amd_iov_detect(void) int amd_iommu_alloc_root(struct domain_iommu *hd) { - if ( unlikely(!hd->arch.root_table) ) + if ( unlikely(!hd->arch.root_table) && hd != dom_iommu(dom_io) ) { hd->arch.root_table = alloc_amd_iommu_pgtable(); if ( !hd->arch.root_table ) @@ -376,7 +388,10 @@ void amd_iommu_disable_domain_device(struct domain *domain, AMD_IOMMU_DEBUG("Disable: device id = %#x, " "domain = %d, paging mode = %d\n", - req_id, domain->domain_id, + req_id, + get_field_from_reg_u32(((uint32_t *)dte)[2], + IOMMU_DEV_TABLE_DOMAIN_ID_MASK, + IOMMU_DEV_TABLE_DOMAIN_ID_SHIFT), dom_iommu(domain)->arch.paging_mode); } spin_unlock_irqrestore(&iommu->lock, flags); @@ -605,6 +620,8 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + amd_iommu_quarantine_teardown(pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); pdev->arch.pseudo_domid = DOMID_INVALID; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index a747bfb946..f8af06c0fd 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -497,19 +497,19 @@ int iommu_iotlb_flush_all(struct domain *d, unsigned int flush_flags) return rc; } -static int __init iommu_quarantine_init(void) +int iommu_quarantine_dev_init(device_t *dev) { const struct domain_iommu *hd = dom_iommu(dom_io); - int rc; - rc = iommu_domain_init(dom_io); - if ( rc ) - return rc; - - if ( !hd->platform_ops->quarantine_init ) + if ( !iommu_quarantine || !hd->platform_ops->quarantine_init ) return 0; - return hd->platform_ops->quarantine_init(dom_io); + return hd->platform_ops->quarantine_init(dev); +} + +static int __init iommu_quarantine_init(void) +{ + return iommu_domain_init(dom_io); } int __init iommu_setup(void) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index f4d9777b52..768b900830 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1512,6 +1512,13 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) msixtbl_init(d); } + if ( pdev->domain != dom_io ) + { + rc = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( rc ) + goto done; + } + pdev->fault.count = 0; if ( (rc = hd->platform_ops->assign_device(d, devfn, pci_to_dev(pdev), flag)) ) @@ -1558,9 +1565,16 @@ int deassign_device(struct domain *d, u16 seg, u8 bus, u8 devfn) return -ENODEV; /* De-assignment from dom_io should de-quarantine the device */ - target = ((pdev->quarantine || iommu_quarantine) && - pdev->domain != dom_io) ? - dom_io : hardware_domain; + if ( (pdev->quarantine || iommu_quarantine) && pdev->domain != dom_io ) + { + ret = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( ret ) + return ret; + + target = dom_io; + } + else + target = hardware_domain; while ( pdev->phantom_stride ) { diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index b0918643b3..5ca1d02981 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -43,6 +43,12 @@ #include "vtd.h" #include "../ats.h" +#define DEVICE_DOMID(d, pdev) ((d) != dom_io ? (d)->domain_id \ + : (pdev)->arch.pseudo_domid) +#define DEVICE_PGTABLE(d, pdev) ((d) != dom_io \ + ? dom_iommu(d)->arch.pgd_maddr \ + : (pdev)->arch.vtd.pgd_maddr) + /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -78,13 +84,18 @@ static int get_iommu_did(domid_t domid, const struct iommu *iommu, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 + +/* + * This function may have "context" passed as NULL, to merely obtain a DID + * for "domid". + */ static int context_set_domain_id(struct context_entry *context, domid_t domid, struct iommu *iommu) { unsigned long nr_dom, i; int found = 0; - ASSERT(spin_is_locked(&iommu->lock)); + ASSERT(pcidevs_locked()); nr_dom = cap_ndoms(iommu->cap); i = find_first_bit(iommu->domid_bitmap, nr_dom); @@ -110,8 +121,13 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); - context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); - context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + + if ( context ) + { + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); + context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + } + return 0; } @@ -179,8 +195,12 @@ static void check_cleanup_domid_map(struct domain *d, const struct pci_dev *exclude, struct iommu *iommu) { - bool found = any_pdev_behind_iommu(d, exclude, iommu); + bool found; + if ( d == dom_io ) + return; + + found = any_pdev_behind_iommu(d, exclude, iommu); /* * Hidden devices are associated with DomXEN but usable by the hardware * domain. Hence they need considering here as well. @@ -1443,7 +1463,7 @@ int domain_context_mapping_one( domid = iommu->domid_map[prev_did]; if ( domid < DOMID_FIRST_RESERVED ) prev_dom = rcu_lock_domain_by_id(domid); - else if ( domid == DOMID_IO ) + else if ( pdev ? domid == pdev->arch.pseudo_domid : domid > DOMID_MASK ) prev_dom = rcu_lock_domain(dom_io); if ( !prev_dom ) { @@ -1620,15 +1640,12 @@ int domain_context_mapping_one( { if ( !prev_dom ) domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ - { - hd = dom_iommu(prev_dom); domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, - domain->domain_id, - hd->arch.pgd_maddr, + DEVICE_DOMID(prev_dom, pdev), + DEVICE_PGTABLE(prev_dom, pdev), mode & MAP_WITH_RMRR); - } } if ( prev_dom ) @@ -1645,7 +1662,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; - paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; + paddr_t pgd_maddr = DEVICE_PGTABLE(domain, pdev); domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; @@ -1668,7 +1685,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; } - if ( domain != pdev->domain ) + if ( domain != pdev->domain && pdev->domain != dom_io ) { if ( pdev->domain->is_dying ) mode |= MAP_OWNER_DYING; @@ -1709,8 +1726,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "d%d:PCIe: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, + ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, + DEVICE_DOMID(domain, pdev), pgd_maddr, mode); if ( ret > 0 ) ret = 0; @@ -1734,8 +1751,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, - mode); + pdev, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret < 0 ) break; prev_present = ret; @@ -1761,8 +1778,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1777,8 +1794,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret ) { @@ -1914,7 +1931,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1925,7 +1942,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( ret ) break; @@ -1934,18 +1951,12 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( find_upstream_bridge(seg, &tmp_bus, &tmp_devfn, &secbus) < 1 ) break; + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + DEVICE_DOMID(domain, pdev)); /* PCIe to PCI/PCIx bridge */ - if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); - if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - domain->domain_id); - } - else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); + if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + DEVICE_DOMID(domain, pdev)); break; @@ -1992,6 +2003,25 @@ static void iommu_domain_teardown(struct domain *d) spin_unlock(&hd->arch.mapping_lock); } +static void quarantine_teardown(struct pci_dev *pdev, + const struct acpi_drhd_unit *drhd) +{ + struct page_info *pg; + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.vtd.pgd_maddr ) + return; + + while ( (pg = page_list_remove_head(&pdev->arch.pgtables_list)) ) + free_domheap_page(pg); + + pdev->arch.vtd.pgd_maddr = 0; + + if ( drhd ) + cleanup_domid_map(pdev->arch.pseudo_domid, drhd->iommu); +} + static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, unsigned int *flush_flags) @@ -2214,6 +2244,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + quarantine_teardown(pdev, drhd); + if ( drhd ) { iommu_free_domid(pdev->arch.pseudo_domid, @@ -2852,60 +2884,139 @@ static void vtd_dump_p2m_table(struct domain *d) vtd_dump_p2m_table_level(hd->arch.pgd_maddr, agaw_to_level(hd->arch.agaw), 0, 0); } -static int __init intel_iommu_quarantine_init(struct domain *d) +static int fill_qpt(struct dma_pte *this, unsigned int level, + paddr_t maddrs[6], struct pci_dev *pdev) { - struct domain_iommu *hd = dom_iommu(d); - struct dma_pte *parent; + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_NUM; ++i ) + { + struct dma_pte *pte = &this[i], *next; + + if ( !dma_pte_present(*pte) ) + { + if ( !maddrs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + maddrs[level] = alloc_pgtable_maddr(NULL, 1); + if ( !maddrs[level] ) + { + rc = -ENOMEM; + break; + } + + page_list_add(maddr_to_page(maddrs[level]), + &pdev->arch.pgtables_list); + + if ( level ) + { + next = map_vtd_domain_page(maddrs[level]); + rc = fill_qpt(next, level - 1, maddrs, pdev); + unmap_vtd_domain_page(next); + } + } + + dma_set_pte_addr(*pte, maddrs[level]); + dma_set_pte_readable(*pte); + dma_set_pte_writable(*pte); + } + else if ( level && !dma_pte_superpage(*pte) ) + { + page_list_add(maddr_to_page(dma_pte_addr(*pte)), + &pdev->arch.pgtables_list); + next = map_vtd_domain_page(dma_pte_addr(*pte)); + rc = fill_qpt(next, level - 1, maddrs, pdev); + unmap_vtd_domain_page(next); + } + } + + return rc; +} + +static int intel_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + paddr_t maddr; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); + const struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; + unsigned int i, bdf; + bool rmrr_found = false; + int rc; - if ( hd->arch.pgd_maddr ) + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.pgd_maddr); + + if ( pdev->arch.vtd.pgd_maddr ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + drhd = acpi_find_matched_drhd_unit(pdev); + if ( !drhd ) + return -ENODEV; - hd->arch.pgd_maddr = alloc_pgtable_maddr(NULL, 1); - if ( !hd->arch.pgd_maddr ) - goto out; + maddr = alloc_pgtable_maddr(NULL, 1); + if ( !maddr ) + return -ENOMEM; - parent = map_vtd_domain_page(hd->arch.pgd_maddr); - while ( level ) - { - uint64_t maddr; - unsigned int offset; + rc = context_set_domain_id(NULL, pdev->arch.pseudo_domid, drhd->iommu); - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - maddr = alloc_pgtable_maddr(NULL, 1); - if ( !maddr ) + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.pgd_maddr = maddr; + + for_each_rmrr_device ( rmrr, bdf, i ) + { + if ( rc ) break; - for ( offset = 0; offset < PTE_NUM; offset++ ) + if ( rmrr->segment == pdev->seg && + bdf == PCI_BDF2(pdev->bus, pdev->devfn) ) { - struct dma_pte *pte = &parent[offset]; + rmrr_found = true; - dma_set_pte_addr(*pte, maddr); - dma_set_pte_readable(*pte); + rc = iommu_identity_mapping(dom_io, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); + if ( rc ) + printk(XENLOG_ERR VTDPREFIX + "%04x:%02x:%02x.%u: RMRR quarantine mapping failed\n", + pdev->seg, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); } - iommu_sync_cache(parent, PAGE_SIZE); + } - unmap_vtd_domain_page(parent); - parent = map_vtd_domain_page(maddr); - level--; + iommu_identity_map_teardown(dom_io); + hd->arch.pgd_maddr = 0; + pdev->arch.vtd.pgd_maddr = maddr; + + if ( !rc ) + { + struct dma_pte *root; + paddr_t maddrs[6] = {}; + + spin_lock(&hd->arch.mapping_lock); + + root = map_vtd_domain_page(maddr); + rc = fill_qpt(root, level - 1, maddrs, pdev); + unmap_vtd_domain_page(root); + + pdev->arch.leaf_mfn = maddr_to_mfn(maddrs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_vtd_domain_page(parent); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc ) + quarantine_teardown(pdev, drhd); - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + return rc; } const struct iommu_ops __initconstrel intel_iommu_ops = { diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index e8346e29b6..4fecb9802c 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -535,7 +535,7 @@ struct iommu { u32 nr_pt_levels; u64 cap; u64 ecap; - spinlock_t lock; /* protect context, domain ids */ + spinlock_t lock; /* protect context */ spinlock_t register_lock; /* protect iommu register handling */ u64 root_maddr; /* root entry machine address */ struct msi_desc msi; diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 35b7d9eb23..453d8047e1 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -51,7 +51,8 @@ void get_iommu_features(struct amd_iommu *iommu); int amd_iommu_init(void); int amd_iommu_update_ivrs_mapping_acpi(void); -int amd_iommu_quarantine_init(struct domain *d); +int amd_iommu_quarantine_init(struct pci_dev *pdev); +void amd_iommu_quarantine_teardown(struct pci_dev *pdev); /* mapping functions */ int __must_check amd_iommu_map_page(struct domain *d, dfn_t dfn, diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index 70ed48e309..0c79acb1ed 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -1,6 +1,8 @@ #ifndef __X86_PCI_H__ #define __X86_PCI_H__ +#include + #define CF8_BDF(cf8) ( ((cf8) & 0x00ffff00) >> 8) #define CF8_ADDR_LO(cf8) ( (cf8) & 0x000000fc) #define CF8_ADDR_HI(cf8) ( ((cf8) & 0x0f000000) >> 16) @@ -20,7 +22,18 @@ struct arch_pci_dev { * them don't race (de)initialization and hence don't strictly need any * locking. */ + union { + /* Subset of struct arch_iommu's fields, to be used in dom_io. */ + struct { + uint64_t pgd_maddr; + } vtd; + struct { + struct page_info *root_table; + } amd; + }; domid_t pseudo_domid; + mfn_t leaf_mfn; + struct page_list_head pgtables_list; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 262679485d..e2b6ca4e1f 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -189,7 +189,7 @@ typedef int iommu_grdm_t(xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt); struct iommu_ops { int (*init)(struct domain *d); void (*hwdom_init)(struct domain *d); - int (*quarantine_init)(struct domain *d); + int (*quarantine_init)(device_t *dev); int (*add_device)(u8 devfn, device_t *dev); int (*enable_device)(device_t *dev); int (*remove_device)(u8 devfn, device_t *dev); @@ -277,6 +277,7 @@ int __must_check iommu_suspend(void); void iommu_resume(void); void iommu_crash_shutdown(void); int iommu_get_reserved_device_memory(iommu_grdm_t *, void *); +int iommu_quarantine_dev_init(device_t *dev); void iommu_share_p2m_table(struct domain *d); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 02:33:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 02:33:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299443.510146 (Exim 4.92) (envelope-from ) id 1nbvTk-0000zW-4c; Wed, 06 Apr 2022 02:33:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299443.510146; Wed, 06 Apr 2022 02:33:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvTk-0000zO-1e; Wed, 06 Apr 2022 02:33:04 +0000 Received: by outflank-mailman (input) for mailman id 299443; Wed, 06 Apr 2022 02:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvTi-0000zI-7K for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvTi-0000Vf-48 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbvTi-0003Cg-3J for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pt0EOjfUZYQnWPehMqOB0oIb5EW1Xr7PChb8IBKv7sY=; b=TJBumaA616R0+wb8qFRfupfB2/ D8WIpoMHkO1GL2HeiuKNtEU9rt3x0M9zzw2EU868uO+ppKx3Banw3hElR+cwuFycQwaYG4svNjJ2M u5TjiaMnVSG+XD/C39duwd9/Ck1eXIjwalBmrxgS3E9C5nwjyJMWXvterMh4lvOshCLE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/hap: do not switch on log dirty for VRAM tracking Message-Id: Date: Wed, 06 Apr 2022 02:33:02 +0000 commit e717e74fcdd6fedf698e9ce547f752e3be023f57 Author: Roger Pau MonnĂ© AuthorDate: Tue Apr 5 14:56:06 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:56:06 2022 +0200 x86/hap: do not switch on log dirty for VRAM tracking XEN_DMOP_track_dirty_vram possibly calls into paging_log_dirty_enable when using HAP mode, and it can interact badly with other ongoing paging domctls, as XEN_DMOP_track_dirty_vram is not holding the domctl lock. This was detected as a result of the following assert triggering when doing repeated migrations of a HAP HVM domain with a stubdom: Assertion 'd->arch.paging.log_dirty.allocs == 0' failed at paging.c:198 ----[ Xen-4.17-unstable x86_64 debug=y Not tainted ]---- CPU: 34 RIP: e008:[] arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x6 RFLAGS: 0000000000010206 CONTEXT: hypervisor (d0v23) [...] Xen call trace: [] R arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x63a [] S xsm/flask/hooks.c#domain_has_perm+0x5a/0x67 [] F paging_domctl+0x251/0xd41 [] F paging_domctl_continuation+0x19d/0x202 [] F pv_hypercall+0x150/0x2a7 [] F lstar_enter+0x12d/0x140 Such assert triggered because the stubdom used XEN_DMOP_track_dirty_vram while dom0 was in the middle of executing XEN_DOMCTL_SHADOW_OP_OFF, and so log dirty become enabled while retiring the old structures, thus leading to new entries being populated in already clear slots. Fix this by not enabling log dirty for VRAM tracking, similar to what is done when using shadow instead of HAP. Call p2m_enable_hardware_log_dirty when enabling VRAM tracking in order to get some hardware assistance if available. As a side effect the memory pressure on the p2m pool should go down if only VRAM tracking is enabled, as the dirty bitmap is no longer allocated. Note that paging_log_dirty_range (used to get the dirty bitmap for VRAM tracking) doesn't use the log dirty bitmap, and instead relies on checking whether each gfn on the range has been switched from p2m_ram_logdirty to p2m_ram_rw in order to account for dirty pages. This is CVE-2022-26356 / XSA-397. Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich master commit: 4f4db53784d912c4f409a451c36ebfd4754e0a42 master date: 2022-04-05 14:11:30 +0200 --- xen/arch/x86/mm/hap/hap.c | 11 ++++------- xen/arch/x86/mm/paging.c | 2 +- xen/include/asm-x86/paging.h | 3 --- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 73575deb0d..47a7487fa7 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -69,13 +69,6 @@ int hap_track_dirty_vram(struct domain *d, { unsigned int size = DIV_ROUND_UP(nr_frames, BITS_PER_BYTE); - if ( !paging_mode_log_dirty(d) ) - { - rc = paging_log_dirty_enable(d, false); - if ( rc ) - goto out; - } - rc = -ENOMEM; dirty_bitmap = vzalloc(size); if ( !dirty_bitmap ) @@ -107,6 +100,10 @@ int hap_track_dirty_vram(struct domain *d, paging_unlock(d); + domain_pause(d); + p2m_enable_hardware_log_dirty(d); + domain_unpause(d); + if ( oend > ostart ) p2m_change_type_range(d, ostart, oend, p2m_ram_logdirty, p2m_ram_rw); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index 8bc14df943..579d01c161 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -211,7 +211,7 @@ static int paging_free_log_dirty_bitmap(struct domain *d, int rc) return rc; } -int paging_log_dirty_enable(struct domain *d, bool log_global) +static int paging_log_dirty_enable(struct domain *d, bool log_global) { int ret; diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h index 614ac797e5..eb23652978 100644 --- a/xen/include/asm-x86/paging.h +++ b/xen/include/asm-x86/paging.h @@ -160,9 +160,6 @@ void paging_log_dirty_range(struct domain *d, unsigned long nr, uint8_t *dirty_bitmap); -/* enable log dirty */ -int paging_log_dirty_enable(struct domain *d, bool log_global); - /* log dirty initialization */ void paging_log_dirty_init(struct domain *d, const struct log_dirty_ops *ops); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 02:33:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 02:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299444.510149 (Exim 4.92) (envelope-from ) id 1nbvTt-00011S-6A; Wed, 06 Apr 2022 02:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299444.510149; Wed, 06 Apr 2022 02:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvTt-00011K-39; Wed, 06 Apr 2022 02:33:13 +0000 Received: by outflank-mailman (input) for mailman id 299444; Wed, 06 Apr 2022 02:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvTs-00011A-8X for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvTs-0000W8-7g for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbvTs-0003DS-6l for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rX2vhPfS236/pKfCj/M+C5xP6QDDuGkdOTHXT+3oS6M=; b=gyHMzOhafXVye8Tut7+F5M6xib G3BCMObNRnPGtlwzhlduO19J2FXA6a8SXSP62qDRa8+RG5rmI7WVJaCKy/wLrMuzuRDl4ojhYUcEp PzQsmGQucFF8zgEtm3dDcb5FOTWlupsW1CbSWO8L5BinUhLOSxZhtnCcIM3N3heWAHq8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] VT-d: correct ordering of operations in cleanup_domid_map() Message-Id: Date: Wed, 06 Apr 2022 02:33:12 +0000 commit aafd4f1df0adfe94d4632a25904e05f0fedba5c5 Author: Jan Beulich AuthorDate: Tue Apr 5 14:56:34 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:56:34 2022 +0200 VT-d: correct ordering of operations in cleanup_domid_map() The function may be called without any locks held (leaving aside the domctl one, which we surely don't want to depend on here), so needs to play safe wrt other accesses to domid_map[] and domid_bitmap[]. This is to avoid context_set_domain_id()'s writing of domid_map[] to be reset to zero right away in the case of it racing the freeing of a DID. For the interaction with context_set_domain_id() and did_to_domain_id() see the code comment. {check_,}cleanup_domid_map() are called with pcidevs_lock held or during domain cleanup only (and pcidevs_lock is also held around context_set_domain_id()), i.e. racing calls with the same (dom, iommu) tuple cannot occur. domain_iommu_domid(), besides its use by cleanup_domid_map(), has its result used only to control flushing, and hence a stale result would only lead to a stray extra flush. This is CVE-2022-26357 / XSA-399. Fixes: b9c20c78789f ("VT-d: per-iommu domain-id") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: d9eca7bb6c6636eb87bb17b08ba7de270f47ecd0 master date: 2022-04-05 14:12:27 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 8e20d032bc..633888436f 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -149,8 +149,14 @@ static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) if ( iommu_domid >= 0 ) { + /* + * Update domid_map[] /before/ domid_bitmap[] to avoid a race with + * context_set_domain_id(), setting the slot to DOMID_INVALID for + * ->domid_map[] reads to produce a suitable value while the bit is + * still set. + */ + iommu->domid_map[iommu_domid] = DOMID_INVALID; clear_bit(iommu_domid, iommu->domid_bitmap); - iommu->domid_map[iommu_domid] = 0; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 02:33:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 02:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299445.510154 (Exim 4.92) (envelope-from ) id 1nbvU3-00014i-7t; Wed, 06 Apr 2022 02:33:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299445.510154; Wed, 06 Apr 2022 02:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvU3-00014Y-4k; Wed, 06 Apr 2022 02:33:23 +0000 Received: by outflank-mailman (input) for mailman id 299445; Wed, 06 Apr 2022 02:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvU2-00014C-Bm for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvU2-0000WJ-Aw for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbvU2-0003Dv-A2 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xLIzWmxhZezXFCs4WmOvA5MR9a+GF3G1Ue2GPVyrV10=; b=3t8zMi+QOZxlHd+/MaKjOpiQGl 9UAvNxyyHzakge3LfBYkII97vPXxc6vojgLqDWviiyo3cnpZfw8oEBJr6ZxiYKvSt9TOzeTqr/T1m UgMnsl2Z7h308qfzQzw12YuLb89t++R9tw7Qn6j55JuTLUqVq+fUawWqjjgbfB0+cfPk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] VT-d: fix (de)assign ordering when RMRRs are in use Message-Id: Date: Wed, 06 Apr 2022 02:33:22 +0000 commit 1427c846e47b44a3833641639fe5726ae355fbde Author: Jan Beulich AuthorDate: Tue Apr 5 14:56:59 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:56:59 2022 +0200 VT-d: fix (de)assign ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully updated. Also adjust a related log message. This is CVE-2022-26358 / part of XSA-400. Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: 78a40f8b5dfa1a3aec43528663f39473d4429101 master date: 2022-04-05 14:15:33 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 56 ++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 633888436f..8e42c3114e 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2392,6 +2392,10 @@ static int reassign_device_ownership( { int ret; + ret = domain_context_unmap(source, devfn, pdev); + if ( ret ) + return ret; + /* * Devices assigned to untrusted domains (here assumed to be any domU) * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected @@ -2428,10 +2432,6 @@ static int reassign_device_ownership( } } - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; - if ( devfn == pdev->devfn && pdev->domain != dom_io ) { list_move(&pdev->domain_list, &dom_io->pdev_list); @@ -2507,9 +2507,8 @@ static int intel_iommu_assign_device( } } - ret = reassign_device_ownership(s, d, devfn, pdev); - if ( ret || d == dom_io ) - return ret; + if ( d == dom_io ) + return reassign_device_ownership(s, d, devfn, pdev); /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) @@ -2522,20 +2521,37 @@ static int intel_iommu_assign_device( rmrr->end_address, flag); if ( ret ) { - int rc; - - rc = reassign_device_ownership(d, s, devfn, pdev); printk(XENLOG_G_ERR VTDPREFIX - " cannot map reserved region (%"PRIx64",%"PRIx64"] for Dom%d (%d)\n", - rmrr->base_address, rmrr->end_address, - d->domain_id, ret); - if ( rc ) - { - printk(XENLOG_ERR VTDPREFIX - " failed to reclaim %pp from %pd (%d)\n", - &PCI_SBDF3(seg, bus, devfn), d, rc); - domain_crash(d); - } + "%pd: cannot map reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, ret); + break; + } + } + } + + if ( !ret ) + ret = reassign_device_ownership(s, d, devfn, pdev); + + /* See reassign_device_ownership() for the hwdom aspect. */ + if ( !ret || is_hardware_domain(d) ) + return ret; + + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment == seg && + PCI_BUS(bdf) == bus && + PCI_DEVFN2(bdf) == devfn ) + { + int rc = iommu_identity_mapping(d, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); + + if ( rc && rc != -ENOENT ) + { + printk(XENLOG_ERR VTDPREFIX + "%pd: cannot unmap reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, rc); + domain_crash(d); break; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 02:33:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 02:33:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299446.510158 (Exim 4.92) (envelope-from ) id 1nbvUD-00017l-9B; Wed, 06 Apr 2022 02:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299446.510158; Wed, 06 Apr 2022 02:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUD-00017d-6P; Wed, 06 Apr 2022 02:33:33 +0000 Received: by outflank-mailman (input) for mailman id 299446; Wed, 06 Apr 2022 02:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUC-00017V-En for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUC-0000WW-E0 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbvUC-0003EZ-DB for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dOwbbOvfXKPgXF12ugVAyH7TCHYQ3S6tG1oF0pRderw=; b=GoJ+lVYF6l4/0M/odRsnvIpARh AytqDJvRXFfzaF88lDNc6pPU5lvQoVnMAuTyfB+OZygvSRK65z14ERsLCdzp9/B1bdJuWlqwV+Ks/ t8mjbCP0DBx7+uwZ1D4hsxrsQQwA3cZjRJfXZpN1557BsDHB68qd3NFmfrh5LzElIzQE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] VT-d: fix add/remove ordering when RMRRs are in use Message-Id: Date: Wed, 06 Apr 2022 02:33:32 +0000 commit 3d65d2fa8b496e93bb1bb4594a87d93590c6c6fe Author: Jan Beulich AuthorDate: Tue Apr 5 14:57:20 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:57:20 2022 +0200 VT-d: fix add/remove ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully cleared. Also switch to %pd in related log messages. Fixes: fa88cfadf918 ("vt-d: Map RMRR in intel_iommu_add_device() if the device has RMRR") Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 3221f270cf2eba0a22fd4f92319d664eacb92889 master date: 2022-04-05 14:16:10 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 8e42c3114e..73a356cd80 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1981,14 +1981,6 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - ret = domain_context_mapping(pdev->domain, devfn, pdev); - if ( ret ) - { - dprintk(XENLOG_ERR VTDPREFIX, "d%d: context mapping failed\n", - pdev->domain->domain_id); - return ret; - } - for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment == pdev->seg && @@ -2005,12 +1997,17 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) rmrr->base_address, rmrr->end_address, 0); if ( ret ) - dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", - pdev->domain->domain_id); + dprintk(XENLOG_ERR VTDPREFIX, "%pd: RMRR mapping failed\n", + pdev->domain); } } - return 0; + ret = domain_context_mapping(pdev->domain, devfn, pdev); + if ( ret ) + dprintk(XENLOG_ERR VTDPREFIX, "%pd: context mapping failed\n", + pdev->domain); + + return ret; } static int intel_iommu_enable_device(struct pci_dev *pdev) @@ -2032,11 +2029,15 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; - int i; + int ret, i; if ( !pdev->domain ) return -EINVAL; + ret = domain_context_unmap(pdev->domain, devfn, pdev); + if ( ret ) + return ret; + for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment != pdev->seg || @@ -2052,7 +2053,7 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } - return domain_context_unmap(pdev->domain, devfn, pdev); + return 0; } static int __hwdom_init setup_hwdom_device(u8 devfn, struct pci_dev *pdev) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 02:33:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 02:33:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299447.510161 (Exim 4.92) (envelope-from ) id 1nbvUN-0001AQ-Ax; Wed, 06 Apr 2022 02:33:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299447.510161; Wed, 06 Apr 2022 02:33:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUN-0001AI-7q; Wed, 06 Apr 2022 02:33:43 +0000 Received: by outflank-mailman (input) for mailman id 299447; Wed, 06 Apr 2022 02:33:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUM-0001A9-IA for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUM-0000Wg-HD for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbvUM-0003FA-GP for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wwNiGOMF+0yg1PEvV3L2R+93tNt7aiDzRbyOALxDcMw=; b=W9XoG2lSk9T/J6XNz+du3m3MCa +ocjiGUr6ONCDrvI/sunb81ZP6IqbUECPdbwJ27qmOCup4fzilk4S5S3XOoyCh4j8h1OC+1Kw75Kl bwIyvP8/ifVTPT4QptPpnezqoM6kbl++lA0MdzWKtbY0wQwNh3ANGQoeQHlRRgnazN/Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter Message-Id: Date: Wed, 06 Apr 2022 02:33:42 +0000 commit 74b8d7c04d00e3fdbd19d691b72f4369c5c362c8 Author: Jan Beulich AuthorDate: Tue Apr 5 14:57:38 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:57:38 2022 +0200 IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter This is to make more obvious that nothing outside of domain_iommu(d) actually changes or is otherwise needed by the function. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: eba09b9dd78f9e8cbaa78ef0edb301b32def2c7a master date: 2022-04-05 14:16:46 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 10 +++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 8 ++++---- xen/drivers/passthrough/x86/iommu.c | 3 +-- xen/include/asm-x86/iommu.h | 3 ++- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index fdfffe8f92..a3c563c0a8 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -184,7 +184,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, unsigned long next_table_mfn; unsigned int level; struct page_info *table; - const struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(d); table = hd->arch.amd.root_table; level = hd->arch.amd.paging_mode; @@ -220,7 +220,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, mfn = next_table_mfn; /* allocate lower level page table */ - table = iommu_alloc_pgtable(d); + table = iommu_alloc_pgtable(hd); if ( table == NULL ) { AMD_IOMMU_DEBUG("Cannot allocate I/O page table\n"); @@ -250,7 +250,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, if ( next_table_mfn == 0 ) { - table = iommu_alloc_pgtable(d); + table = iommu_alloc_pgtable(hd); if ( table == NULL ) { AMD_IOMMU_DEBUG("Cannot allocate I/O page table\n"); @@ -483,7 +483,7 @@ int __init amd_iommu_quarantine_init(struct domain *d) spin_lock(&hd->arch.mapping_lock); - hd->arch.amd.root_table = iommu_alloc_pgtable(d); + hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) goto out; @@ -498,7 +498,7 @@ int __init amd_iommu_quarantine_init(struct domain *d) * page table pages, and the resulting allocations are always * zeroed. */ - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); if ( !pg ) break; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 78dc72f5f7..882cef0957 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -208,7 +208,7 @@ int amd_iommu_alloc_root(struct domain *d) if ( unlikely(!hd->arch.amd.root_table) ) { - hd->arch.amd.root_table = iommu_alloc_pgtable(d); + hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) return -ENOMEM; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 73a356cd80..288715535c 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -327,7 +327,7 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) { struct page_info *pg; - if ( !alloc || !(pg = iommu_alloc_pgtable(domain)) ) + if ( !alloc || !(pg = iommu_alloc_pgtable(hd)) ) goto out; hd->arch.vtd.pgd_maddr = page_to_maddr(pg); @@ -347,7 +347,7 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) if ( !alloc ) break; - pg = iommu_alloc_pgtable(domain); + pg = iommu_alloc_pgtable(hd); if ( !pg ) break; @@ -2761,7 +2761,7 @@ static int __init intel_iommu_quarantine_init(struct domain *d) goto out; } - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); rc = -ENOMEM; if ( !pg ) @@ -2780,7 +2780,7 @@ static int __init intel_iommu_quarantine_init(struct domain *d) * page table pages, and the resulting allocations are always * zeroed. */ - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); if ( !pg ) goto out; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index fbc730a81c..f609dcc373 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -415,9 +415,8 @@ int iommu_free_pgtables(struct domain *d) return 0; } -struct page_info *iommu_alloc_pgtable(struct domain *d) +struct page_info *iommu_alloc_pgtable(struct domain_iommu *hd) { - struct domain_iommu *hd = dom_iommu(d); unsigned int memflags = 0; struct page_info *pg; void *p; diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index 33f11f33de..49fa67298d 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -143,7 +143,8 @@ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, }) int __must_check iommu_free_pgtables(struct domain *d); -struct page_info *__must_check iommu_alloc_pgtable(struct domain *d); +struct domain_iommu; +struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); #endif /* !__ARCH_X86_IOMMU_H__ */ /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 02:33:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 02:33:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299448.510166 (Exim 4.92) (envelope-from ) id 1nbvUX-0001E7-EK; Wed, 06 Apr 2022 02:33:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299448.510166; Wed, 06 Apr 2022 02:33:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUX-0001Dz-BE; Wed, 06 Apr 2022 02:33:53 +0000 Received: by outflank-mailman (input) for mailman id 299448; Wed, 06 Apr 2022 02:33:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUW-0001Dl-LK for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUW-0000Wt-KP for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbvUW-0003Fl-Jc for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:33:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=86OdL5SXNFWzOPtpcRG6WVh+wRp/JoqzzhUM1fq+lAw=; b=gcZoxaoeUHRa4BejOW1w3GVRME fCLsO1PJNXHIzcNNMzfYnhnNjvfTAqVB+jFkoOkG530C2+8vj+KfdypKX4Tuwyi9YO4BsyG5ba9gd 8PMJczZRsVAqooVm1JOlnWmUMhy6TtEDrbu/mfej8tQfh6Bk+6Yb0nv7ZI4s0h7EAcBI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] VT-d: drop ownership checking from domain_context_mapping_one() Message-Id: Date: Wed, 06 Apr 2022 02:33:52 +0000 commit 7bbcacec42326f54ff3fb28338b6dac7c709822b Author: Jan Beulich AuthorDate: Tue Apr 5 14:58:19 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:58:19 2022 +0200 VT-d: drop ownership checking from domain_context_mapping_one() Despite putting in quite a bit of effort it was not possible to establish why exactly this code exists (beyond possibly sanity checking). Instead of a subsequent change further complicating this logic, simply get rid of it. Take the opportunity and move the respective unmap_vtd_domain_page() out of the locked region. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: a680b8134b2d1828bbbf443a97feea66e8a85c75 master date: 2022-04-05 14:17:21 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 61 ++----------------------------------- 1 file changed, 2 insertions(+), 59 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 288715535c..2e2bb5dbbd 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -121,28 +121,6 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static int context_get_domain_id(struct context_entry *context, - struct vtd_iommu *iommu) -{ - unsigned long dom_index, nr_dom; - int domid = -1; - - if (iommu && context) - { - nr_dom = cap_ndoms(iommu->cap); - - dom_index = context_domain_id(*context); - - if ( dom_index < nr_dom && iommu->domid_map ) - domid = iommu->domid_map[dom_index]; - else - dprintk(XENLOG_DEBUG VTDPREFIX, - "dom_index %lu exceeds nr_dom %lu or iommu has no domid_map\n", - dom_index, nr_dom); - } - return domid; -} - static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) { int iommu_domid = domain_iommu_domid(domain, iommu); @@ -1404,44 +1382,9 @@ int domain_context_mapping_one( if ( context_present(*context) ) { - int res = 0; - - /* Try to get domain ownership from device structure. If that's - * not available, try to read it from the context itself. */ - if ( pdev ) - { - if ( pdev->domain != domain ) - { - printk(XENLOG_G_INFO VTDPREFIX "%pd: %pp owned by %pd", - domain, &PCI_SBDF3(seg, bus, devfn), - pdev->domain); - res = -EINVAL; - } - } - else - { - int cdomain; - cdomain = context_get_domain_id(context, iommu); - - if ( cdomain < 0 ) - { - printk(XENLOG_G_WARNING VTDPREFIX - "%pd: %pp mapped, but can't find owner\n", - domain, &PCI_SBDF3(seg, bus, devfn)); - res = -EINVAL; - } - else if ( cdomain != domain->domain_id ) - { - printk(XENLOG_G_INFO VTDPREFIX - "%pd: %pp already mapped to d%d", - domain, &PCI_SBDF3(seg, bus, devfn), cdomain); - res = -EINVAL; - } - } - - unmap_vtd_domain_page(context_entries); spin_unlock(&iommu->lock); - return res; + unmap_vtd_domain_page(context_entries); + return 0; } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 02:34:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 02:34:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299449.510170 (Exim 4.92) (envelope-from ) id 1nbvUh-0001Gt-Fj; Wed, 06 Apr 2022 02:34:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299449.510170; Wed, 06 Apr 2022 02:34:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUh-0001Gl-Cn; Wed, 06 Apr 2022 02:34:03 +0000 Received: by outflank-mailman (input) for mailman id 299449; Wed, 06 Apr 2022 02:34:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUg-0001GY-Ou for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUg-0000XG-Nw for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbvUg-0003Gk-Mv for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=J15KJbKGGEufeEj0uuNgcFtkWD5ZLjB0b0Tnh65M1Uc=; b=yduR0jlwl9hVVXDMVJ7PbifsTL MrCVji03xat7Kxlt9IyXiHefVwrOxfW+9fX9aOtEIqDiQX2H1NiF2iUAcNIHPWE9pP7KvwERIpI5d qP1XPUYVvy+MKNwTalitHOERLoaS5kxzJSquSnvywc2uLmOmlwCMPDfOdopPLOaqVHBE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] VT-d: re-assign devices directly Message-Id: Date: Wed, 06 Apr 2022 02:34:02 +0000 commit d67a72c655cb884f0090e0fe4f977d0d75c6b94d Author: Jan Beulich AuthorDate: Tue Apr 5 14:58:41 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:58:41 2022 +0200 VT-d: re-assign devices directly Devices with RMRRs, due to it being unspecified how/when the specified memory regions may get accessed, may not be left disconnected from their respective mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than unmapping the old context and then mapping the new one, re-assignment needs to be done in a single step. This is CVE-2022-26359 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any RMRRs. The main difference is when it comes to updating context entries, which need to be atomic when there are RMRRs. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. The seemingly complicated choice of non-negative return values for domain_context_mapping_one() is to limit code churn: This way callers passing NULL for pdev don't need fiddling with. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 8f41e481b4852173909363b88c1ab3da747d3a05 master date: 2022-04-05 14:17:42 +0200 --- xen/drivers/passthrough/vtd/extern.h | 7 +- xen/drivers/passthrough/vtd/iommu.c | 265 +++++++++++++++++++++++++++-------- xen/drivers/passthrough/vtd/iommu.h | 8 +- xen/drivers/passthrough/vtd/quirks.c | 14 +- xen/drivers/passthrough/vtd/vtd.h | 10 +- 5 files changed, 231 insertions(+), 73 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 156177bb3f..650ae39b01 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -84,7 +84,8 @@ void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(const void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *); + uint8_t bus, uint8_t devfn, + const struct pci_dev *pdev, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, u8 bus, u8 devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); @@ -103,8 +104,8 @@ int is_igd_vt_enabled_quirk(void); void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); -int __must_check me_wifi_quirk(struct domain *domain, - u8 bus, u8 devfn, int map); +int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, + uint8_t devfn, unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 2e2bb5dbbd..72c6883cc4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -117,6 +117,7 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; return 0; } @@ -1362,15 +1363,27 @@ static void __hwdom_init intel_iommu_hwdom_init(struct domain *d) } } +/* + * This function returns + * - a negative errno value upon error, + * - zero upon success when previously the entry was non-present, or this isn't + * the "main" request for a device (pdev == NULL), or for no-op quarantining + * assignments, + * - positive (one) upon success when previously the entry was present and this + * is the "main" request for a device (pdev != NULL). + */ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *pdev) + uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, + unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); - struct context_entry *context, *context_entries; + struct context_entry *context, *context_entries, lctxt; + __uint128_t old; u64 maddr, pgd_maddr; - u16 seg = iommu->drhd->segment; + uint16_t seg = iommu->drhd->segment, prev_did = 0; + struct domain *prev_dom = NULL; int rc, ret; bool_t flush_dev_iotlb; @@ -1379,17 +1392,32 @@ int domain_context_mapping_one( maddr = bus_to_context_maddr(iommu, bus); context_entries = (struct context_entry *)map_vtd_domain_page(maddr); context = &context_entries[devfn]; + old = (lctxt = *context).full; - if ( context_present(*context) ) + if ( context_present(lctxt) ) { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return 0; + domid_t domid; + + prev_did = context_domain_id(lctxt); + domid = iommu->domid_map[prev_did]; + if ( domid < DOMID_FIRST_RESERVED ) + prev_dom = rcu_lock_domain_by_id(domid); + else if ( domid == DOMID_IO ) + prev_dom = rcu_lock_domain(dom_io); + if ( !prev_dom ) + { + spin_unlock(&iommu->lock); + unmap_vtd_domain_page(context_entries); + dprintk(XENLOG_DEBUG VTDPREFIX, + "no domain for did %u (nr_dom %u)\n", + prev_did, cap_ndoms(iommu->cap)); + return -ESRCH; + } } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) { - context_set_translation_type(*context, CONTEXT_TT_PASS_THRU); + context_set_translation_type(lctxt, CONTEXT_TT_PASS_THRU); } else { @@ -1401,36 +1429,107 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -ENOMEM; } - context_set_address_root(*context, pgd_maddr); + context_set_address_root(lctxt, pgd_maddr); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) - context_set_translation_type(*context, CONTEXT_TT_DEV_IOTLB); + context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else - context_set_translation_type(*context, CONTEXT_TT_MULTI_LEVEL); + context_set_translation_type(lctxt, CONTEXT_TT_MULTI_LEVEL); spin_unlock(&hd->arch.mapping_lock); } - if ( context_set_domain_id(context, domain, iommu) ) + if ( context_set_domain_id(&lctxt, domain, iommu) ) { + unlock: spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -EFAULT; } - context_set_address_width(*context, level_to_agaw(iommu->nr_pt_levels)); - context_set_fault_enable(*context); - context_set_present(*context); + if ( !prev_dom ) + { + context_set_address_width(lctxt, level_to_agaw(iommu->nr_pt_levels)); + context_set_fault_enable(lctxt); + context_set_present(lctxt); + } + else if ( prev_dom == domain ) + { + ASSERT(lctxt.full == context->full); + rc = !!pdev; + goto unlock; + } + else + { + ASSERT(context_address_width(lctxt) == + level_to_agaw(iommu->nr_pt_levels)); + ASSERT(!context_fault_disable(lctxt)); + } + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(context, &old, &lctxt.full); + + /* + * Hardware does not update the context entry behind our backs, + * so the return value should match "old". + */ + if ( res != old ) + { + if ( pdev ) + check_cleanup_domid_map(domain, pdev, iommu); + printk(XENLOG_ERR + "%pp: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + rc = -EILSEQ; + goto unlock; + } + } + else if ( !prev_dom || !(mode & MAP_WITH_RMRR) ) + { + context_clear_present(*context); + iommu_sync_cache(context, sizeof(*context)); + + write_atomic(&context->hi, lctxt.hi); + /* No barrier should be needed between these two. */ + write_atomic(&context->lo, lctxt.lo); + } + else /* Best effort, updating DID last. */ + { + /* + * By non-atomically updating the context entry's DID field last, + * during a short window in time TLB entries with the old domain ID + * but the new page tables may be inserted. This could affect I/O + * of other devices using this same (old) domain ID. Such updating + * therefore is not a problem if this was the only device associated + * with the old domain ID. Diverting I/O of any of a dying domain's + * devices to the quarantine page tables is intended anyway. + */ + if ( !(mode & (MAP_OWNER_DYING | MAP_SINGLE_DEVICE)) ) + printk(XENLOG_WARNING VTDPREFIX + " %pp: reassignment may cause %pd data corruption\n", + &PCI_SBDF3(seg, bus, devfn), prev_dom); + + write_atomic(&context->lo, lctxt.lo); + /* No barrier should be needed between these two. */ + write_atomic(&context->hi, lctxt.hi); + } + iommu_sync_cache(context, sizeof(struct context_entry)); spin_unlock(&iommu->lock); - /* Context entry was previously non-present (with domid 0). */ - rc = iommu_flush_context_device(iommu, 0, PCI_BDF2(bus, devfn), - DMA_CCMD_MASK_NOBIT, 1); + rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF2(bus, devfn), + DMA_CCMD_MASK_NOBIT, !prev_dom); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - ret = iommu_flush_iotlb_dsi(iommu, 0, 1, flush_dev_iotlb); + ret = iommu_flush_iotlb_dsi(iommu, prev_did, !prev_dom, flush_dev_iotlb); /* * The current logic for returns: @@ -1451,17 +1550,26 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, MAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, mode); if ( rc ) { - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + if ( !prev_dom ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); + else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + mode & MAP_WITH_RMRR) < 0; + else + ret = 1; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); } - return rc; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + + return rc ?: pdev && prev_dom; } static int domain_context_unmap(struct domain *d, uint8_t devfn, @@ -1471,8 +1579,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; int ret = 0; - uint16_t seg = pdev->seg; + unsigned int i, mode = 0; + uint16_t seg = pdev->seg, bdf; uint8_t bus = pdev->bus, secbus; drhd = acpi_find_matched_drhd_unit(pdev); @@ -1492,8 +1602,29 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, ASSERT(pcidevs_locked()); + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment != pdev->seg || bdf != pdev->sbdf.bdf ) + continue; + + mode |= MAP_WITH_RMRR; + break; + } + + if ( domain != pdev->domain ) + { + if ( pdev->domain->is_dying ) + mode |= MAP_OWNER_DYING; + else if ( drhd && + !any_pdev_behind_iommu(pdev->domain, pdev, drhd->iommu) && + !pdev->phantom_stride ) + mode |= MAP_SINGLE_DEVICE; + } + switch ( pdev->type ) { + bool prev_present; + case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "%pd:Hostbridge: skip %pp map\n", @@ -1512,7 +1643,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); + pdev, mode); + if ( ret > 0 ) + ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) enable_ats_device(pdev, &drhd->iommu->ats_devices); @@ -1524,9 +1657,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); - if ( ret ) + pdev, mode); + if ( ret < 0 ) break; + prev_present = ret; if ( (ret = find_upstream_bridge(seg, &bus, &devfn, &secbus)) < 1 ) { @@ -1534,6 +1668,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; ret = -ENXIO; } + /* + * Strictly speaking if the device is the only one behind this bridge + * and the only one with this (secbus,0,0) tuple, it could be allowed + * to be re-assigned regardless of RMRR presence. But let's deal with + * that case only if it is actually found in the wild. + */ + else if ( prev_present && (mode & MAP_WITH_RMRR) && + domain != pdev->domain ) + ret = -EOPNOTSUPP; /* * Mapping a bridge should, if anything, pass the struct pci_dev of @@ -1542,7 +1685,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL); + NULL, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1557,10 +1700,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL); + NULL, mode); if ( ret ) - domain_context_unmap(domain, devfn, pdev); + { + if ( !prev_present ) + domain_context_unmap(domain, devfn, pdev); + else if ( pdev->domain != domain ) /* Avoid infinite recursion. */ + domain_context_mapping(pdev->domain, devfn, pdev); + } break; @@ -2336,9 +2484,8 @@ static int reassign_device_ownership( { int ret; - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_assign(target); /* * Devices assigned to untrusted domains (here assumed to be any domU) @@ -2348,6 +2495,31 @@ static int reassign_device_ownership( if ( (target != hardware_domain) && !iommu_intremap ) untrusted_msi = true; + ret = domain_context_mapping(target, devfn, pdev); + if ( ret ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_deassign(target); + return ret; + } + + if ( pdev->devfn == devfn ) + { + const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + + if ( drhd ) + check_cleanup_domid_map(source, pdev, drhd->iommu); + } + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + + if ( !has_arch_pdevs(source) ) + vmx_pi_hooks_deassign(source); + /* * If the device belongs to the hardware domain, and it has RMRR, don't * remove it from the hardware domain, because BIOS may use RMRR at @@ -2376,34 +2548,7 @@ static int reassign_device_ownership( } } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - if ( !has_arch_pdevs(source) ) - vmx_pi_hooks_deassign(source); - - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_assign(target); - - ret = domain_context_mapping(target, devfn, pdev); - if ( ret ) - { - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_deassign(target); - - return ret; - } - - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - - return ret; + return 0; } static int intel_iommu_assign_device( diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 32b39c606a..503b07ffb7 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -202,8 +202,12 @@ struct root_entry { do {(root).val |= ((value) & PAGE_MASK_4K);} while(0) struct context_entry { - u64 lo; - u64 hi; + union { + struct { + uint64_t lo, hi; + }; + __uint128_t full; + }; }; #define ROOT_ENTRY_NR (PAGE_SIZE_4K/sizeof(struct root_entry)) #define context_present(c) ((c).lo & 1) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 2ad76a0ae7..a99e54b76d 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -344,7 +344,8 @@ void __init platform_quirks_init(void) */ static int __must_check map_me_phantom_function(struct domain *domain, - u32 dev, int map) + unsigned int dev, + unsigned int mode) { struct acpi_drhd_unit *drhd; struct pci_dev *pdev; @@ -355,9 +356,9 @@ static int __must_check map_me_phantom_function(struct domain *domain, drhd = acpi_find_matched_drhd_unit(pdev); /* map or unmap ME phantom function */ - if ( map ) + if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL); + PCI_DEVFN(dev, 7), NULL, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, PCI_DEVFN(dev, 7)); @@ -365,7 +366,8 @@ static int __must_check map_me_phantom_function(struct domain *domain, return rc; } -int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) +int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, + unsigned int mode) { u32 id; int rc = 0; @@ -389,7 +391,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, map); + rc = map_me_phantom_function(domain, 3, mode); break; default: break; @@ -415,7 +417,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, map); + rc = map_me_phantom_function(domain, 22, mode); break; default: break; diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index bb8889f350..e4ab242fee 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -22,8 +22,14 @@ #include -#define MAP_ME_PHANTOM_FUNC 1 -#define UNMAP_ME_PHANTOM_FUNC 0 +/* + * Values for domain_context_mapping_one()'s and me_wifi_quirk()'s "mode" + * parameters. + */ +#define MAP_WITH_RMRR (1u << 0) +#define MAP_OWNER_DYING (1u << 1) +#define MAP_SINGLE_DEVICE (1u << 2) +#define UNMAP_ME_PHANTOM_FUNC (1u << 3) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 02:34:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 02:34:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299450.510174 (Exim 4.92) (envelope-from ) id 1nbvUr-0001JX-HS; Wed, 06 Apr 2022 02:34:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299450.510174; Wed, 06 Apr 2022 02:34:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUr-0001JN-EV; Wed, 06 Apr 2022 02:34:13 +0000 Received: by outflank-mailman (input) for mailman id 299450; Wed, 06 Apr 2022 02:34:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUq-0001J5-SA for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvUq-0000Xj-RE for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbvUq-0003Hh-QO for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rqWdeT2TloiP530WOBFimhs0NXmUiRTtCIv1gkxKBeY=; b=i4cKxOxB0ciyTnDS68cRMDjhOJ yNdxcZ8ZQZHMVR5cQVdhXW/vqzH1SMI3jJtJojSxshmnWO+z1y7khLcs2YWj1E5CUTMNZ+/oKCSBh qS49Xv4ZlO4DtiRPUujxxVcsNAf+mQKFASVO4jthqBJx79KGkbZBw/m7SE13H7TPipxE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] AMD/IOMMU: re-assign devices directly Message-Id: Date: Wed, 06 Apr 2022 02:34:12 +0000 commit 754cabadc9eba62241d2bcde6df9cd65208f51f2 Author: Jan Beulich AuthorDate: Tue Apr 5 14:58:59 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:58:59 2022 +0200 AMD/IOMMU: re-assign devices directly Devices with unity map ranges, due to it being unspecified how/when these memory ranges may get accessed, may not be left disconnected from their unity mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than tearing down the old root page table pointer and then establishing the new one, re-assignment needs to be done in a single step. This is CVE-2022-26360 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any unity map ranges. The main difference is when it comes to updating DTEs, which need to be atomic when there are unity mappings. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© master commit: 1fa6e9aa36233fe9c29a204fcb2697e985b8345f master date: 2022-04-05 14:18:04 +0200 --- xen/drivers/passthrough/amd/iommu.h | 10 +- xen/drivers/passthrough/amd/iommu_map.c | 67 ++++++++++- xen/drivers/passthrough/amd/pci_amd_iommu.c | 179 ++++++++++++++++++++-------- 3 files changed, 199 insertions(+), 57 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 61374b6de4..0723dce196 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -247,9 +247,13 @@ void amd_iommu_set_intremap_table(struct amd_iommu_dte *dte, const void *ptr, const struct amd_iommu *iommu, bool valid); -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid); +#define SET_ROOT_VALID (1u << 0) +#define SET_ROOT_WITH_UNITY_MAP (1u << 1) +int __must_check amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, + uint16_t domain_id, + uint8_t paging_mode, + unsigned int flags); void iommu_dte_add_device_entry(struct amd_iommu_dte *dte, const struct ivrs_mappings *ivrs_dev); diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index a3c563c0a8..d50510bed0 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -114,10 +114,69 @@ static unsigned int set_iommu_ptes_present(unsigned long pt_mfn, return flush_flags; } -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid) +/* + * This function returns + * - -errno for errors, + * - 0 for a successful update, atomic when necessary + * - 1 for a successful but non-atomic update, which may need to be warned + * about by the caller. + */ +int amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, uint16_t domain_id, + uint8_t paging_mode, unsigned int flags) { + bool valid = flags & SET_ROOT_VALID; + + if ( dte->v && dte->tv && + (cpu_has_cx16 || (flags & SET_ROOT_WITH_UNITY_MAP)) ) + { + union { + struct amd_iommu_dte dte; + uint64_t raw64[4]; + __uint128_t raw128[2]; + } ldte = { .dte = *dte }; + __uint128_t old = ldte.raw128[0]; + int ret = 0; + + ldte.dte.domain_id = domain_id; + ldte.dte.pt_root = paddr_to_pfn(root_ptr); + ldte.dte.iw = true; + ldte.dte.ir = true; + ldte.dte.paging_mode = paging_mode; + ldte.dte.v = valid; + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(dte, &old, &ldte.raw128[0]); + + /* + * Hardware does not update the DTE behind our backs, so the + * return value should match "old". + */ + if ( res != old ) + { + printk(XENLOG_ERR + "Dom%d: unexpected DTE %016lx_%016lx (expected %016lx_%016lx)\n", + domain_id, + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + ret = -EILSEQ; + } + } + else /* Best effort, updating domain_id last. */ + { + uint64_t *ptr = (void *)dte; + + write_atomic(ptr + 0, ldte.raw64[0]); + /* No barrier should be needed between these two. */ + write_atomic(ptr + 1, ldte.raw64[1]); + + ret = 1; + } + + return ret; + } + if ( valid || dte->v ) { dte->tv = false; @@ -132,6 +191,8 @@ void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, smp_wmb(); dte->tv = true; dte->v = valid; + + return 0; } void amd_iommu_set_intremap_table( diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 882cef0957..583ae5a810 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -81,41 +81,82 @@ int get_dma_requestor_id(uint16_t seg, uint16_t bdf) return req_id; } -static void amd_iommu_setup_domain_device( +static int __must_check allocate_domain_resources(struct domain *d) +{ + struct domain_iommu *hd = dom_iommu(d); + int rc; + + spin_lock(&hd->arch.mapping_lock); + rc = amd_iommu_alloc_root(d); + spin_unlock(&hd->arch.mapping_lock); + + return rc; +} + +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct amd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + if ( pdev == exclude ) + continue; + + if ( find_iommu_for_device(pdev->seg, pdev->sbdf.bdf) == iommu ) + return true; + } + + return false; +} + +static int __must_check amd_iommu_setup_domain_device( struct domain *domain, struct amd_iommu *iommu, uint8_t devfn, struct pci_dev *pdev) { struct amd_iommu_dte *table, *dte; unsigned long flags; - int req_id, valid = 1; + unsigned int req_id, sr_flags; + int rc; u8 bus = pdev->bus; const struct domain_iommu *hd = dom_iommu(domain); + const struct ivrs_mappings *ivrs_dev; + + BUG_ON(!hd->arch.amd.paging_mode || !iommu->dev_table.buffer); - BUG_ON( !hd->arch.amd.root_table || - !hd->arch.amd.paging_mode || - !iommu->dev_table.buffer ); + rc = allocate_domain_resources(domain); + if ( rc ) + return rc; - if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) - valid = 0; + req_id = get_dma_requestor_id(iommu->seg, pdev->sbdf.bdf); + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + sr_flags = (iommu_hwdom_passthrough && is_hardware_domain(domain) + ? 0 : SET_ROOT_VALID) + | (ivrs_dev->unity_map ? SET_ROOT_WITH_UNITY_MAP : 0); /* get device-table entry */ req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); table = iommu->dev_table.buffer; dte = &table[req_id]; + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { - const struct ivrs_mappings *ivrs_dev; - /* bind DTE to domain page-tables */ - amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, valid); + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + if ( rc ) + { + ASSERT(rc < 0); + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } /* Undo what amd_iommu_disable_domain_device() may have done. */ - ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; if ( dte->it_root ) { dte->int_ctl = IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED; @@ -130,17 +171,73 @@ static void amd_iommu_setup_domain_device( dte->i = ats_enabled; amd_iommu_flush_device(iommu, req_id); + } + else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.amd.root_table)) ) + { + /* + * Strictly speaking if the device is the only one with this requestor + * ID, it could be allowed to be re-assigned regardless of unity map + * presence. But let's deal with that case only if it is actually + * found in the wild. + */ + if ( req_id != PCI_BDF2(bus, devfn) && + (sr_flags & SET_ROOT_WITH_UNITY_MAP) ) + rc = -EOPNOTSUPP; + else + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + if ( rc < 0 ) + { + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } + if ( rc && + domain != pdev->domain && + /* + * By non-atomically updating the DTE's domain ID field last, + * during a short window in time TLB entries with the old domain + * ID but the new page tables may have been inserted. This could + * affect I/O of other devices using this same (old) domain ID. + * Such updating therefore is not a problem if this was the only + * device associated with the old domain ID. Diverting I/O of any + * of a dying domain's devices to the quarantine page tables is + * intended anyway. + */ + !pdev->domain->is_dying && + (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || + pdev->phantom_stride) ) + printk(" %pp: reassignment may cause %pd data corruption\n", + &PCI_SBDF3(pdev->seg, bus, devfn), pdev->domain); + + /* + * Check remaining settings are still in place from an earlier call + * here. They're all independent of the domain, so should not have + * changed. + */ + if ( dte->it_root ) + ASSERT(dte->int_ctl == IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED); + ASSERT(dte->iv == iommu_intremap); + ASSERT(dte->ex == ivrs_dev->dte_allow_exclusion); + ASSERT(dte->sys_mgt == MASK_EXTR(ivrs_dev->device_flags, + ACPI_IVHD_SYSTEM_MGMT)); - AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " - "root table = %#"PRIx64", " - "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode); + if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && + iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) + ASSERT(dte->i == ats_enabled); + + amd_iommu_flush_device(iommu, req_id); } spin_unlock_irqrestore(&iommu->lock, flags); + AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " + "root table = %#"PRIx64", " + "domain = %d, paging mode = %d\n", + req_id, pdev->type, + page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode); + ASSERT(pcidevs_locked()); if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && @@ -151,6 +248,8 @@ static void amd_iommu_setup_domain_device( amd_iommu_flush_iotlb(devfn, pdev, INV_IOMMU_ALL_PAGES_ADDRESS, 0); } + + return 0; } int __init acpi_ivrs_init(void) @@ -216,18 +315,6 @@ int amd_iommu_alloc_root(struct domain *d) return 0; } -static int __must_check allocate_domain_resources(struct domain *d) -{ - struct domain_iommu *hd = dom_iommu(d); - int rc; - - spin_lock(&hd->arch.mapping_lock); - rc = amd_iommu_alloc_root(d); - spin_unlock(&hd->arch.mapping_lock); - - return rc; -} - int __read_mostly amd_iommu_min_paging_mode = 1; static int amd_iommu_domain_init(struct domain *d) @@ -340,7 +427,15 @@ static int reassign_device(struct domain *source, struct domain *target, return -ENODEV; } - amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); + if ( rc ) + return rc; + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } /* * If the device belongs to the hardware domain, and it has a unity mapping, @@ -356,26 +451,9 @@ static int reassign_device(struct domain *source, struct domain *target, return rc; } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - rc = allocate_domain_resources(target); - if ( rc ) - return rc; - - amd_iommu_setup_domain_device(target, iommu, devfn, pdev); AMD_IOMMU_DEBUG("Re-assign %pp from dom%d to dom%d\n", &pdev->sbdf, source->domain_id, target->domain_id); - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - return 0; } @@ -490,8 +568,7 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) spin_unlock_irqrestore(&iommu->lock, flags); } - amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); - return 0; + return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 02:34:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 02:34:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299451.510177 (Exim 4.92) (envelope-from ) id 1nbvV1-0001Mt-KW; Wed, 06 Apr 2022 02:34:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299451.510177; Wed, 06 Apr 2022 02:34:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvV1-0001Ml-Ha; Wed, 06 Apr 2022 02:34:23 +0000 Received: by outflank-mailman (input) for mailman id 299451; Wed, 06 Apr 2022 02:34:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvV0-0001Mb-VG for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvV0-0000Xv-UW for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbvV0-0003IX-Tk for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=y4t7OF1nGF3l2BmHBHiSt8yV/s8SnOTd4bZdqd7jmHQ=; b=lyojnZbFCIAwyS8YRVxWFx6MZq G36jfUrI2xhL6UjrKMfZbVjp5hIYapsrGHvjg4X5qHiB0a5BaqpNnZmdbZxGFH6jVeTK5Shtixx1l VyVsm88+S353oxfnKs49rkcn5LWs9Zg+CYrGw/txKiS5/KMDBcFrAQeuryJd+JB3sGQs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] VT-d: prepare for per-device quarantine page tables (part I) Message-Id: Date: Wed, 06 Apr 2022 02:34:22 +0000 commit 067f9ddc179544fb6df048f2411b938a4430b9fb Author: Jan Beulich AuthorDate: Tue Apr 5 14:59:22 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:59:22 2022 +0200 VT-d: prepare for per-device quarantine page tables (part I) Arrange for domain ID and page table root to be passed around, the latter in particular to domain_pgd_maddr() such that taking it from the per-domain fields can be overridden. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: eb19326a328d49a6a4dc3930391b340f3bcd8948 master date: 2022-04-05 14:18:26 +0200 --- xen/drivers/passthrough/vtd/extern.h | 8 +++-- xen/drivers/passthrough/vtd/iommu.c | 62 ++++++++++++++++++++++++------------ xen/drivers/passthrough/vtd/quirks.c | 13 +++++--- 3 files changed, 54 insertions(+), 29 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 650ae39b01..9a11278b98 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -85,9 +85,10 @@ void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(const void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, - const struct pci_dev *pdev, unsigned int mode); + const struct pci_dev *pdev, domid_t domid, + paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn); + uint8_t bus, uint8_t devfn, domid_t domid); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); @@ -105,7 +106,8 @@ void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, - uint8_t devfn, unsigned int mode); + uint8_t devfn, domid_t domid, paddr_t pgd_maddr, + unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 72c6883cc4..4e07f3565f 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -355,15 +355,17 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) return pte_maddr; } -static uint64_t domain_pgd_maddr(struct domain *d, unsigned int nr_pt_levels) +static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, + unsigned int nr_pt_levels) { struct domain_iommu *hd = dom_iommu(d); - uint64_t pgd_maddr; unsigned int agaw; ASSERT(spin_is_locked(&hd->arch.mapping_lock)); - if ( iommu_use_hap_pt(d) ) + if ( pgd_maddr ) + /* nothing */; + else if ( iommu_use_hap_pt(d) ) { pagetable_t pgt = p2m_get_pagetable(p2m_get_hostp2m(d)); @@ -1376,12 +1378,12 @@ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); struct context_entry *context, *context_entries, lctxt; __uint128_t old; - u64 maddr, pgd_maddr; + uint64_t maddr; uint16_t seg = iommu->drhd->segment, prev_did = 0; struct domain *prev_dom = NULL; int rc, ret; @@ -1421,10 +1423,12 @@ int domain_context_mapping_one( } else { + paddr_t root; + spin_lock(&hd->arch.mapping_lock); - pgd_maddr = domain_pgd_maddr(domain, iommu->nr_pt_levels); - if ( !pgd_maddr ) + root = domain_pgd_maddr(domain, pgd_maddr, iommu->nr_pt_levels); + if ( !root ) { spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); @@ -1434,7 +1438,7 @@ int domain_context_mapping_one( return -ENOMEM; } - context_set_address_root(lctxt, pgd_maddr); + context_set_address_root(lctxt, root); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else @@ -1550,15 +1554,21 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, mode); + rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); if ( rc ) { if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + { + hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + domain->domain_id, + hd->arch.vtd.pgd_maddr, mode & MAP_WITH_RMRR) < 0; + } else ret = 1; @@ -1580,6 +1590,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; + paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1643,7 +1654,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret > 0 ) ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) @@ -1657,7 +1669,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret < 0 ) break; prev_present = ret; @@ -1685,7 +1698,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1700,7 +1714,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); if ( ret ) { @@ -1728,7 +1743,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn) + uint8_t bus, uint8_t devfn, domid_t domid) { struct context_entry *context, *context_entries; u64 maddr; @@ -1786,7 +1801,7 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1837,7 +1852,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1847,7 +1863,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( ret ) break; @@ -1873,12 +1890,15 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, /* PCIe to PCI/PCIx bridge */ if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0); + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + domain->domain_id); } else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index a99e54b76d..b51b2bd1c5 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -345,6 +345,8 @@ void __init platform_quirks_init(void) static int __must_check map_me_phantom_function(struct domain *domain, unsigned int dev, + domid_t domid, + paddr_t pgd_maddr, unsigned int mode) { struct acpi_drhd_unit *drhd; @@ -358,16 +360,17 @@ static int __must_check map_me_phantom_function(struct domain *domain, /* map or unmap ME phantom function */ if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL, mode); + PCI_DEVFN(dev, 7), NULL, + domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7)); + PCI_DEVFN(dev, 7), domid); return rc; } int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { u32 id; int rc = 0; @@ -391,7 +394,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, mode); + rc = map_me_phantom_function(domain, 3, domid, pgd_maddr, mode); break; default: break; @@ -417,7 +420,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, mode); + rc = map_me_phantom_function(domain, 22, domid, pgd_maddr, mode); break; default: break; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 02:34:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 02:34:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299452.510182 (Exim 4.92) (envelope-from ) id 1nbvVB-0001Ph-MB; Wed, 06 Apr 2022 02:34:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299452.510182; Wed, 06 Apr 2022 02:34:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVB-0001PZ-J8; Wed, 06 Apr 2022 02:34:33 +0000 Received: by outflank-mailman (input) for mailman id 299452; Wed, 06 Apr 2022 02:34:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVB-0001PT-2R for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVB-0000Y7-1d for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbvVB-0003JS-0q for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GUpXDsVcsTP1fSTN95TTA7bxijkJS6NB1mZKkY7SkIY=; b=UJZZFENZNtq7wejZ4oVpm3dQ29 KSIp5OMtSugBsQ2KZTMt3zCu2LHz14kwGMZyJL+a5ItBJHvSTJFWm2rzeztkJ6Cm8Nm2Riv7VOWst 9jPY57lYSWSf0pRhXW3Z7+gQoRyPuvWz4amXLjBH14UDVTg7Ui5CxFzPsqgpXp6Ws490=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] VT-d: prepare for per-device quarantine page tables (part II) Message-Id: Date: Wed, 06 Apr 2022 02:34:33 +0000 commit ffb18f98e1734c8a7a8250285cf30216928d2a38 Author: Jan Beulich AuthorDate: Tue Apr 5 14:59:43 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:59:43 2022 +0200 VT-d: prepare for per-device quarantine page tables (part II) Replace the passing of struct domain * by domid_t in preparation of per-device quarantine page tables also requiring per-device pseudo domain IDs, which aren't going to be associated with any struct domain instances. No functional change intended (except for slightly adjusted log message text). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 7131163c4806e3c7de24873164d1a003d2a27dee master date: 2022-04-05 14:18:48 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 4e07f3565f..ad81d8ebf7 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -59,8 +59,8 @@ static struct tasklet vtd_fault_tasklet; static int setup_hwdom_device(u8 devfn, struct pci_dev *); static void setup_hwdom_rmrr(struct domain *d); -static int domain_iommu_domid(struct domain *d, - struct vtd_iommu *iommu) +static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, + bool warn) { unsigned long nr_dom, i; @@ -68,16 +68,16 @@ static int domain_iommu_domid(struct domain *d, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) return i; i = find_next_bit(iommu->domid_bitmap, nr_dom, i+1); } - if ( !d->is_dying ) + if ( warn ) dprintk(XENLOG_ERR VTDPREFIX, - "Cannot get valid iommu %u domid: %pd\n", - iommu->index, d); + "No valid iommu %u domid for Dom%d\n", + iommu->index, domid); return -1; } @@ -85,8 +85,7 @@ static int domain_iommu_domid(struct domain *d, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 static int context_set_domain_id(struct context_entry *context, - struct domain *d, - struct vtd_iommu *iommu) + domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; @@ -97,7 +96,7 @@ static int context_set_domain_id(struct context_entry *context, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) { found = 1; break; @@ -113,7 +112,7 @@ static int context_set_domain_id(struct context_entry *context, dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: no free domain ids\n"); return -EFAULT; } - iommu->domid_map[i] = d->domain_id; + iommu->domid_map[i] = domid; } set_bit(i, iommu->domid_bitmap); @@ -122,9 +121,9 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) +static void cleanup_domid_map(domid_t domid, struct vtd_iommu *iommu) { - int iommu_domid = domain_iommu_domid(domain, iommu); + int iommu_domid = get_iommu_did(domid, iommu, false); if ( iommu_domid >= 0 ) { @@ -180,7 +179,7 @@ static void check_cleanup_domid_map(struct domain *d, if ( !found ) { clear_bit(iommu->index, &dom_iommu(d)->arch.vtd.iommu_bitmap); - cleanup_domid_map(d, iommu); + cleanup_domid_map(d->domain_id, iommu); } } @@ -687,7 +686,7 @@ static int __must_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, continue; flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - iommu_domid= domain_iommu_domid(d, iommu); + iommu_domid = get_iommu_did(d->domain_id, iommu, !d->is_dying); if ( iommu_domid == -1 ) continue; @@ -1447,7 +1446,7 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); } - if ( context_set_domain_id(&lctxt, domain, iommu) ) + if ( context_set_domain_id(&lctxt, domid, iommu) ) { unlock: spin_unlock(&iommu->lock); @@ -1768,7 +1767,7 @@ int domain_context_unmap_one( context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid= domain_iommu_domid(domain, iommu); + iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); if ( iommu_domid == -1 ) { spin_unlock(&iommu->lock); @@ -1938,7 +1937,7 @@ static void iommu_domain_teardown(struct domain *d) ASSERT(!hd->arch.vtd.pgd_maddr); for_each_drhd_unit ( drhd ) - cleanup_domid_map(d, drhd->iommu); + cleanup_domid_map(d->domain_id, drhd->iommu); } static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 02:34:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 02:34:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299453.510186 (Exim 4.92) (envelope-from ) id 1nbvVM-0001SZ-O6; Wed, 06 Apr 2022 02:34:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299453.510186; Wed, 06 Apr 2022 02:34:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVM-0001SR-Kp; Wed, 06 Apr 2022 02:34:44 +0000 Received: by outflank-mailman (input) for mailman id 299453; Wed, 06 Apr 2022 02:34:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVL-0001SG-62 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVL-0000YH-57 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbvVL-0003KX-4Q for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bxISexe7ObS/SYU7IRleBSc8QOTWm7vowvqTUKObYc8=; b=3jPeu3/tjdb6IreUDt8U30QIaq QiI94nyEGN+fcLLgnZzu2JImlpbdlgyF8/2rrMgJbkRHuNViT70fdO2vdwKfQqdyla+0T5RNL8hzH GNvquJ/CHRjx7lWkhHk+eNHLEtCrRVkI69MUc74VJbzhN5dm2GpTpjPXTb7JencDL0DU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] IOMMU/x86: maintain a per-device pseudo domain ID Message-Id: Date: Wed, 06 Apr 2022 02:34:43 +0000 commit 46cfaece2fceea9b357607cc45b709fd2b256d95 Author: Jan Beulich AuthorDate: Tue Apr 5 15:00:05 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:00:05 2022 +0200 IOMMU/x86: maintain a per-device pseudo domain ID In order to subsequently enable per-device quarantine page tables, we'll need domain-ID-like identifiers to be inserted in the respective device (AMD) or context (Intel) table entries alongside the per-device page table root addresses. Make use of "real" domain IDs occupying only half of the value range coverable by domid_t. Note that in VT-d's iommu_alloc() I didn't want to introduce new memory leaks in case of error, but existing ones don't get plugged - that'll be the subject of a later change. The VT-d changes are slightly asymmetric, but this way we can avoid assigning pseudo domain IDs to devices which would never be mapped while still avoiding to add a new parameter to domain_context_unmap(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 97af062b89d52c0ecf7af254b53345c97d438e33 master date: 2022-04-05 14:19:10 +0200 --- xen/drivers/passthrough/amd/iommu.h | 1 + xen/drivers/passthrough/amd/iommu_detect.c | 8 ++++ xen/drivers/passthrough/amd/pci_amd_iommu.c | 22 ++++++++- xen/drivers/passthrough/pci.c | 9 +++- xen/drivers/passthrough/vtd/iommu.c | 69 ++++++++++++++++++++++++----- xen/drivers/passthrough/vtd/iommu.h | 1 + xen/drivers/passthrough/x86/iommu.c | 47 ++++++++++++++++++++ xen/include/asm-x86/iommu.h | 4 ++ xen/include/asm-x86/pci.h | 6 +++ 9 files changed, 152 insertions(+), 15 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 0723dce196..e4d13f6ef5 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -96,6 +96,7 @@ struct amd_iommu { struct ring_buffer cmd_buffer; struct ring_buffer event_log; struct ring_buffer ppr_log; + unsigned long *domid_map; int exclusion_enable; int exclusion_allow_all; diff --git a/xen/drivers/passthrough/amd/iommu_detect.c b/xen/drivers/passthrough/amd/iommu_detect.c index d05bc6a5bb..b56127d41c 100644 --- a/xen/drivers/passthrough/amd/iommu_detect.c +++ b/xen/drivers/passthrough/amd/iommu_detect.c @@ -180,6 +180,11 @@ int __init amd_iommu_detect_one_acpi( if ( rt ) goto out; + iommu->domid_map = iommu_init_domid(); + rt = -ENOMEM; + if ( !iommu->domid_map ) + goto out; + rt = pci_ro_device(iommu->seg, bus, PCI_DEVFN(dev, func)); if ( rt ) printk(XENLOG_ERR "Could not mark config space of %pp read-only (%d)\n", @@ -190,7 +195,10 @@ int __init amd_iommu_detect_one_acpi( out: if ( rt ) + { + xfree(iommu->domid_map); xfree(iommu); + } return rt; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 583ae5a810..3f7587b2ce 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -508,6 +508,8 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) struct amd_iommu *iommu; u16 bdf; struct ivrs_mappings *ivrs_mappings; + bool fresh_domid = false; + int ret; if ( !pdev->domain ) return -EINVAL; @@ -568,7 +570,22 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) spin_unlock_irqrestore(&iommu->lock, flags); } - return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = iommu_alloc_domid(iommu->domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + fresh_domid = true; + } + + ret = amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( ret && fresh_domid ) + { + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + + return ret; } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) @@ -591,6 +608,9 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, devfn); if ( amd_iommu_perdev_intremap && diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index e2c022aeea..1353e30747 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -327,6 +327,7 @@ static struct pci_dev *alloc_pdev(struct pci_seg *pseg, u8 bus, u8 devfn) *((u8*) &pdev->bus) = bus; *((u8*) &pdev->devfn) = devfn; pdev->domain = NULL; + pdev->arch.pseudo_domid = DOMID_INVALID; INIT_LIST_HEAD(&pdev->msi_list); pos = pci_find_cap_offset(pseg->nr, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), @@ -1276,8 +1277,12 @@ static int _dump_pci_devices(struct pci_seg *pseg, void *arg) list_for_each_entry ( pdev, &pseg->alldevs_list, alldevs_list ) { - printk("%pp - %pd - node %-3d - MSIs < ", - &pdev->sbdf, pdev->domain, + printk("%pp - ", &pdev->sbdf); + if ( pdev->domain == dom_io ) + printk("DomIO:%x", pdev->arch.pseudo_domid); + else + printk("%pd", pdev->domain); + printk(" - node %-3d - MSIs < ", (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); list_for_each_entry ( msi, &pdev->msi_list, list ) printk("%d ", msi->irq); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index ad81d8ebf7..e362604726 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -1204,7 +1205,7 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { struct vtd_iommu *iommu; unsigned long sagaw, nr_dom; - int agaw; + int agaw, rc; if ( nr_iommus >= MAX_IOMMUS ) { @@ -1297,7 +1298,16 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) if ( !iommu->domid_map ) return -ENOMEM; + iommu->pseudo_domid_map = iommu_init_domid(); + rc = -ENOMEM; + if ( !iommu->pseudo_domid_map ) + goto free; + return 0; + + free: + iommu_free(drhd); + return rc; } void __init iommu_free(struct acpi_drhd_unit *drhd) @@ -1320,6 +1330,7 @@ void __init iommu_free(struct acpi_drhd_unit *drhd) xfree(iommu->domid_bitmap); xfree(iommu->domid_map); + xfree(iommu->pseudo_domid_map); if ( iommu->msi.irq >= 0 ) destroy_irq(iommu->msi.irq); @@ -1581,8 +1592,8 @@ int domain_context_mapping_one( return rc ?: pdev && prev_dom; } -static int domain_context_unmap(struct domain *d, uint8_t devfn, - struct pci_dev *pdev); +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *d, uint8_t devfn, struct pci_dev *pdev); static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) @@ -1590,6 +1601,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; + domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1649,6 +1661,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCIe_ENDPOINT: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1663,6 +1683,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCI: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1736,6 +1764,13 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && devfn == pdev->devfn ) pci_vtd_quirk(pdev); + if ( ret && drhd && orig_domid == DOMID_INVALID ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return ret; } @@ -1818,8 +1853,10 @@ int domain_context_unmap_one( return rc; } -static int domain_context_unmap(struct domain *domain, u8 devfn, - struct pci_dev *pdev) +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *domain, + uint8_t devfn, + struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -1829,7 +1866,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) - return -ENODEV; + return ERR_PTR(-ENODEV); iommu = drhd->iommu; switch ( pdev->type ) @@ -1839,7 +1876,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, printk(VTDPREFIX "%pd:Hostbridge: skip %pp unmap\n", domain, &PCI_SBDF3(seg, bus, devfn)); if ( !is_hardware_domain(domain) ) - return -EPERM; + return ERR_PTR(-EPERM); goto out; case DEV_TYPE_PCIe_BRIDGE: @@ -1912,7 +1949,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, check_cleanup_domid_map(domain, pdev, iommu); out: - return ret; + return ret ? ERR_PTR(ret) : drhd; } static void iommu_clear_root_pgtable(struct domain *d) @@ -2137,16 +2174,17 @@ static int intel_iommu_enable_device(struct pci_dev *pdev) static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { + const struct acpi_drhd_unit *drhd; struct acpi_rmrr_unit *rmrr; u16 bdf; - int ret, i; + unsigned int i; if ( !pdev->domain ) return -EINVAL; - ret = domain_context_unmap(pdev->domain, devfn, pdev); - if ( ret ) - return ret; + drhd = domain_context_unmap(pdev->domain, devfn, pdev); + if ( IS_ERR(drhd) ) + return PTR_ERR(drhd); for_each_rmrr_device ( rmrr, bdf, i ) { @@ -2163,6 +2201,13 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + if ( drhd ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 503b07ffb7..be44fc017f 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -535,6 +535,7 @@ struct vtd_iommu { } flush; struct list_head ats_devices; + unsigned long *pseudo_domid_map; /* "pseudo" domain id bitmap */ unsigned long *domid_bitmap; /* domain id bitmap */ u16 *domid_map; /* domain id mapping array */ uint32_t version; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index f609dcc373..edb2d9bd64 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -386,6 +386,53 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) return; } +unsigned long *__init iommu_init_domid(void) +{ + if ( !iommu_quarantine ) + return ZERO_BLOCK_PTR; + + BUILD_BUG_ON(DOMID_MASK * 2U >= UINT16_MAX); + + return xzalloc_array(unsigned long, + BITS_TO_LONGS(UINT16_MAX - DOMID_MASK)); +} + +domid_t iommu_alloc_domid(unsigned long *map) +{ + /* + * This is used uniformly across all IOMMUs, such that on typical + * systems we wouldn't re-use the same ID very quickly (perhaps never). + */ + static unsigned int start; + unsigned int idx = find_next_zero_bit(map, UINT16_MAX - DOMID_MASK, start); + + ASSERT(pcidevs_locked()); + + if ( idx >= UINT16_MAX - DOMID_MASK ) + idx = find_first_zero_bit(map, UINT16_MAX - DOMID_MASK); + if ( idx >= UINT16_MAX - DOMID_MASK ) + return DOMID_INVALID; + + __set_bit(idx, map); + + start = idx + 1; + + return idx | (DOMID_MASK + 1); +} + +void iommu_free_domid(domid_t domid, unsigned long *map) +{ + ASSERT(pcidevs_locked()); + + if ( domid == DOMID_INVALID ) + return; + + ASSERT(domid > DOMID_MASK); + + if ( !__test_and_clear_bit(domid & DOMID_MASK, map) ) + BUG(); +} + int iommu_free_pgtables(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index 49fa67298d..8175b5ec6d 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -142,6 +142,10 @@ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, iommu_vcall(ops, sync_cache, addr, size); \ }) +unsigned long *iommu_init_domid(void); +domid_t iommu_alloc_domid(unsigned long *map); +void iommu_free_domid(domid_t domid, unsigned long *map); + int __must_check iommu_free_pgtables(struct domain *d); struct domain_iommu; struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index cc05045e9c..70ed48e309 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -15,6 +15,12 @@ struct arch_pci_dev { vmask_t used_vectors; + /* + * These fields are (de)initialized under pcidevs-lock. Other uses of + * them don't race (de)initialization and hence don't strictly need any + * locking. + */ + domid_t pseudo_domid; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 02:34:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 02:34:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299454.510190 (Exim 4.92) (envelope-from ) id 1nbvVW-0001Vy-Qg; Wed, 06 Apr 2022 02:34:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299454.510190; Wed, 06 Apr 2022 02:34:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVW-0001Vq-Nh; Wed, 06 Apr 2022 02:34:54 +0000 Received: by outflank-mailman (input) for mailman id 299454; Wed, 06 Apr 2022 02:34:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVV-0001VS-97 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVV-0000Zt-8G for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbvVV-0003Lk-7d for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:34:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vqeDeETXr4LfLu5xu2ToR3F7CbWivWLgWSQuqRJodxM=; b=nVj/4wsMjOntSHWv6v9O566ftj Ela+btZxeue2Bo4Uwz3W++BBUQuG7sJtFngZ/hh3vt2pF9brM/D7Tlv0FMQGLD1fPG+0LdNiow2n1 wXt0ORRn19yHpwOy4idXWlAlg5EINkoGAottFHifupv+f7SN1ZTcsK4UHkIBfYnT1JKY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] IOMMU/x86: drop TLB flushes from quarantine_init() hooks Message-Id: Date: Wed, 06 Apr 2022 02:34:53 +0000 commit 0bd3ff2551325d7ee0d1e957095e1439d39d207d Author: Jan Beulich AuthorDate: Tue Apr 5 15:00:36 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:00:36 2022 +0200 IOMMU/x86: drop TLB flushes from quarantine_init() hooks The page tables just created aren't hooked up yet anywhere, so there's nothing that could be present in any TLB, and hence nothing to flush. Dropping this flush is, at least on the VT-d side, a prereq to per- device domain ID use when quarantining devices, as dom_io isn't going to be assigned a DID anymore: The warning in get_iommu_did() would trigger. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 54c5cef49239e2f27ec3b3fc8804bf57aa4bf46d master date: 2022-04-05 14:19:42 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 2 -- xen/drivers/passthrough/vtd/iommu.c | 3 --- 2 files changed, 5 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index d50510bed0..8746b00e87 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -584,8 +584,6 @@ int __init amd_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - amd_iommu_flush_all_pages(d); - /* Pages leaked in failure case */ return level ? -ENOMEM : 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index e362604726..e7851f61e2 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2958,9 +2958,6 @@ static int __init intel_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - if ( !rc ) - rc = iommu_flush_iotlb_all(d); - /* Pages may be leaked in failure case */ return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 02:35:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 02:35:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299455.510195 (Exim 4.92) (envelope-from ) id 1nbvVg-0001Yv-Se; Wed, 06 Apr 2022 02:35:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299455.510195; Wed, 06 Apr 2022 02:35:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVg-0001Yn-PL; Wed, 06 Apr 2022 02:35:04 +0000 Received: by outflank-mailman (input) for mailman id 299455; Wed, 06 Apr 2022 02:35:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVf-0001YZ-C6 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:35:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVf-0000aA-BN for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:35:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbvVf-0003Mw-Ag for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:35:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5rnAb9fX7/9px3l4JAJrqfNkxCwgBMrmuMp63fsGgDY=; b=UeLHArRRYIY3v0Ko231L6nsSZ4 eJKzhC53EHT2C+JXcA+pVBk1J/FurjFZCfS6tBLiKu6kDOJo0+fR1pK0hBLRq6Al3WbjZK39F16lK thNuaUsGmAMsRWgbZSJ+hjJ3DjuNH9fLkHW5RTuZk7mhX6zT+hSwYMbD13uQK/q3ckEk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] AMD/IOMMU: abstract maximum number of page table levels Message-Id: Date: Wed, 06 Apr 2022 02:35:03 +0000 commit ed84ea00e0e53c5fb9776034ef43d3048cae8362 Author: Jan Beulich AuthorDate: Tue Apr 5 15:00:55 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:00:55 2022 +0200 AMD/IOMMU: abstract maximum number of page table levels We will want to use the constant elsewhere. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: a038b514c1e970a8dc32229cbd31f6769ee61ad5 master date: 2022-04-05 14:20:04 +0200 --- xen/drivers/passthrough/amd/iommu-defs.h | 1 + xen/drivers/passthrough/amd/iommu.h | 2 +- xen/drivers/passthrough/amd/iommu_map.c | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu-defs.h b/xen/drivers/passthrough/amd/iommu-defs.h index 0c97db2a32..8810e497b9 100644 --- a/xen/drivers/passthrough/amd/iommu-defs.h +++ b/xen/drivers/passthrough/amd/iommu-defs.h @@ -106,6 +106,7 @@ struct amd_iommu_dte { bool tv:1; unsigned int :5; unsigned int had:2; +#define IOMMU_MAX_PT_LEVELS 6 unsigned int paging_mode:3; uint64_t pt_root:40; bool ppr:1; diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index e4d13f6ef5..b64ef0bf70 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -358,7 +358,7 @@ static inline int amd_iommu_get_paging_mode(unsigned long max_frames) while ( max_frames > PTE_PER_TABLE_SIZE ) { max_frames = PTE_PER_TABLE_ALIGN(max_frames) >> PTE_PER_TABLE_SHIFT; - if ( ++level > 6 ) + if ( ++level > IOMMU_MAX_PT_LEVELS ) return -ENOMEM; } diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 8746b00e87..93e4ea2826 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -250,7 +250,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, table = hd->arch.amd.root_table; level = hd->arch.amd.paging_mode; - BUG_ON( table == NULL || level < 1 || level > 6 ); + BUG_ON( table == NULL || level < 1 || level > IOMMU_MAX_PT_LEVELS ); /* * A frame number past what the current page tables can represent can't -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 02:35:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 02:35:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299456.510198 (Exim 4.92) (envelope-from ) id 1nbvVq-0001bl-U5; Wed, 06 Apr 2022 02:35:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299456.510198; Wed, 06 Apr 2022 02:35:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVq-0001bd-Qy; Wed, 06 Apr 2022 02:35:14 +0000 Received: by outflank-mailman (input) for mailman id 299456; Wed, 06 Apr 2022 02:35:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVp-0001bR-G1 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:35:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbvVp-0000aU-FD for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:35:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbvVp-0003Nr-ED for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 02:35:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=l8huMitUM7zKYz1VYJXrV1sf5nf6cxw9bOWZzKC40mU=; b=6lVELshmSiYqUliqf9wApNceE7 0JXJQuUOmu+ov4IteJWYgToukK5awwDxpdAFnLrj8/339qhbL3HHkq0XvUE4PvGqBY57rjgSNGdug 8jvweFKVzbRVPAkXMa/TmDhVGrGRNvbId9+TIhgp1t5Xwt5cifvpJN+A5XzeW7R83+bI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] IOMMU/x86: use per-device page tables for quarantining Message-Id: Date: Wed, 06 Apr 2022 02:35:13 +0000 commit aaa61028803a64e72f1026f9608dfa34d0c255ec Author: Jan Beulich AuthorDate: Tue Apr 5 15:01:17 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:01:17 2022 +0200 IOMMU/x86: use per-device page tables for quarantining Devices with RMRRs / unity mapped regions, due to it being unspecified how/when these memory regions may be accessed, may not be left disconnected from the mappings of these regions (as long as it's not certain that the device has been fully quiesced). Hence even the page tables used when quarantining such devices need to have mappings of those regions. This implies installing page tables in the first place even when not in scratch-page quarantining mode. This is CVE-2022-26361 / part of XSA-400. While for the purpose here it would be sufficient to have devices with RMRRs / unity mapped regions use per-device page tables, extend this to all devices (in scratch-page quarantining mode). This allows the leaf pages to be mapped r/w, thus covering also memory writes (rather than just reads) issued by non-quiescent devices. Set up quarantine page tables as late as possible, yet early enough to not encounter failure during de-assign. This means setup generally happens in assign_device(), while (for now) the one in deassign_device() is there mainly to be on the safe side. As to the removal of QUARANTINE_SKIP() from domain_context_unmap_one(): I think this was never really needed there, as the function explicitly deals with finding a non-present context entry. Leaving it there would require propagating pgd_maddr into the function (like was done by "VT-d: prepare for per-device quarantine page tables" for domain_context_mapping_one()). In VT-d's DID allocation function don't require the IOMMU lock to be held anymore: All involved code paths hold pcidevs_lock, so this way we avoid the need to acquire the IOMMU lock around the new call to context_set_domain_id(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 14dd241aad8af447680ac73e8579990e2c09c1e7 master date: 2022-04-05 14:24:18 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/amd/iommu.h | 3 +- xen/drivers/passthrough/amd/iommu_map.c | 153 ++++++++++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 35 ++-- xen/drivers/passthrough/iommu.c | 18 +- xen/drivers/passthrough/pci.c | 20 ++- xen/drivers/passthrough/vtd/iommu.c | 245 +++++++++++++++++++--------- xen/drivers/passthrough/vtd/iommu.h | 2 +- xen/include/asm-x86/pci.h | 13 ++ xen/include/xen/iommu.h | 3 +- 10 files changed, 354 insertions(+), 140 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index b96244e422..85681dee26 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1468,7 +1468,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int ret; - if ( !paging_mode_translate(p2m->domain) ) + if ( !paging_mode_translate(d) ) { if ( !is_iommu_enabled(d) ) return 0; diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index b64ef0bf70..0d9d976faa 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -223,7 +223,8 @@ int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); int iov_adjust_irq_affinities(void); -int amd_iommu_quarantine_init(struct domain *d); +int amd_iommu_quarantine_init(struct pci_dev *pdev); +void amd_iommu_quarantine_teardown(struct pci_dev *pdev); /* mapping functions */ int __must_check amd_iommu_map_page(struct domain *d, dfn_t dfn, diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 93e4ea2826..b4c1824491 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -528,64 +528,135 @@ int amd_iommu_reserve_domain_unity_unmap(struct domain *d, return rc; } -int __init amd_iommu_quarantine_init(struct domain *d) +static int fill_qpt(union amd_iommu_pte *this, unsigned int level, + struct page_info *pgs[IOMMU_MAX_PT_LEVELS]) { - struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_PER_TABLE_SIZE; ++i ) + { + union amd_iommu_pte *pte = &this[i], *next; + + if ( !pte->pr ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = iommu_alloc_pgtable(hd); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + if ( level ) + { + next = __map_domain_page(pgs[level]); + rc = fill_qpt(next, level - 1, pgs); + unmap_domain_page(next); + } + } + + /* + * PDEs are essentially a subset of PTEs, so this function + * is fine to use even at the leaf. + */ + set_iommu_pde_present(pte, mfn_x(page_to_mfn(pgs[level])), level, + true, true); + } + else if ( level && pte->next_level ) + { + next = map_domain_page(_mfn(pte->mfn)); + rc = fill_qpt(next, level - 1, pgs); + unmap_domain_page(next); + } + } + + return rc; +} + +int amd_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); unsigned long end_gfn = 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT); unsigned int level = amd_iommu_get_paging_mode(end_gfn); - union amd_iommu_pte *table; + unsigned int req_id = get_dma_requestor_id(pdev->seg, pdev->sbdf.bdf); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + int rc; + + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.amd.root_table); + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + + ASSERT(pdev->arch.pseudo_domid != DOMID_INVALID); - if ( hd->arch.amd.root_table ) + if ( pdev->arch.amd.root_table ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + pdev->arch.amd.root_table = iommu_alloc_pgtable(hd); + if ( !pdev->arch.amd.root_table ) + return -ENOMEM; - hd->arch.amd.root_table = iommu_alloc_pgtable(hd); - if ( !hd->arch.amd.root_table ) - goto out; + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.amd.root_table = pdev->arch.amd.root_table; + + rc = amd_iommu_reserve_domain_unity_map(dom_io, + ivrs_mappings[req_id].unity_map, + 0); - table = __map_domain_page(hd->arch.amd.root_table); - while ( level ) + iommu_identity_map_teardown(dom_io); + hd->arch.amd.root_table = NULL; + + if ( rc ) + printk("%pp: quarantine unity mapping failed\n", &pdev->sbdf); + else { - struct page_info *pg; - unsigned int i; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = iommu_alloc_pgtable(hd); - if ( !pg ) - break; - - for ( i = 0; i < PTE_PER_TABLE_SIZE; i++ ) - { - union amd_iommu_pte *pde = &table[i]; + union amd_iommu_pte *root; + struct page_info *pgs[IOMMU_MAX_PT_LEVELS] = {}; - /* - * PDEs are essentially a subset of PTEs, so this function - * is fine to use even at the leaf. - */ - set_iommu_pde_present(pde, mfn_x(page_to_mfn(pg)), level - 1, - false, true); - } + spin_lock(&hd->arch.mapping_lock); - unmap_domain_page(table); - table = __map_domain_page(pg); - level--; + root = __map_domain_page(pdev->arch.amd.root_table); + rc = fill_qpt(root, level - 1, pgs); + unmap_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_domain_page(table); - out: - spin_unlock(&hd->arch.mapping_lock); + page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); + + if ( rc ) + amd_iommu_quarantine_teardown(pdev); + + return rc; +} + +void amd_iommu_quarantine_teardown(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.amd.root_table ) + return; - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + page_list_move(&hd->arch.pgtables.list, &pdev->arch.pgtables_list); + while ( iommu_free_pgtables(dom_io) == -ERESTART ) + /* nothing */; + pdev->arch.amd.root_table = NULL; } /* diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 3f7587b2ce..e804fdc34f 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -122,6 +122,8 @@ static int __must_check amd_iommu_setup_domain_device( u8 bus = pdev->bus; const struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; + const struct page_info *root_pg; + domid_t domid; BUG_ON(!hd->arch.amd.paging_mode || !iommu->dev_table.buffer); @@ -141,14 +143,25 @@ static int __must_check amd_iommu_setup_domain_device( dte = &table[req_id]; ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + if ( domain != dom_io ) + { + root_pg = hd->arch.amd.root_table; + domid = domain->domain_id; + } + else + { + root_pg = pdev->arch.amd.root_table; + domid = pdev->arch.pseudo_domid; + } + spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { /* bind DTE to domain page-tables */ rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.amd.paging_mode, sr_flags); if ( rc ) { ASSERT(rc < 0); @@ -172,7 +185,7 @@ static int __must_check amd_iommu_setup_domain_device( amd_iommu_flush_device(iommu, req_id); } - else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.amd.root_table)) ) + else if ( dte->pt_root != mfn_x(page_to_mfn(root_pg)) ) { /* * Strictly speaking if the device is the only one with this requestor @@ -185,8 +198,8 @@ static int __must_check amd_iommu_setup_domain_device( rc = -EOPNOTSUPP; else rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.amd.paging_mode, sr_flags); if ( rc < 0 ) { spin_unlock_irqrestore(&iommu->lock, flags); @@ -205,6 +218,7 @@ static int __must_check amd_iommu_setup_domain_device( * intended anyway. */ !pdev->domain->is_dying && + pdev->domain != dom_io && (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || pdev->phantom_stride) ) printk(" %pp: reassignment may cause %pd data corruption\n", @@ -234,9 +248,8 @@ static int __must_check amd_iommu_setup_domain_device( AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " "root table = %#"PRIx64", " "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode); + req_id, pdev->type, page_to_maddr(root_pg), + domid, hd->arch.amd.paging_mode); ASSERT(pcidevs_locked()); @@ -305,7 +318,7 @@ int amd_iommu_alloc_root(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - if ( unlikely(!hd->arch.amd.root_table) ) + if ( unlikely(!hd->arch.amd.root_table) && d != dom_io ) { hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) @@ -396,7 +409,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, AMD_IOMMU_DEBUG("Disable: device id = %#x, " "domain = %d, paging mode = %d\n", - req_id, domain->domain_id, + req_id, dte->domain_id, dom_iommu(domain)->arch.amd.paging_mode); } spin_unlock_irqrestore(&iommu->lock, flags); @@ -608,6 +621,8 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + amd_iommu_quarantine_teardown(pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); pdev->arch.pseudo_domid = DOMID_INVALID; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 879d238bcd..98c6550a36 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -424,21 +424,21 @@ int iommu_iotlb_flush_all(struct domain *d, unsigned int flush_flags) return rc; } -static int __init iommu_quarantine_init(void) +int iommu_quarantine_dev_init(device_t *dev) { const struct domain_iommu *hd = dom_iommu(dom_io); - int rc; - dom_io->options |= XEN_DOMCTL_CDF_iommu; + if ( !iommu_quarantine || !hd->platform_ops->quarantine_init ) + return 0; - rc = iommu_domain_init(dom_io, 0); - if ( rc ) - return rc; + return iommu_call(hd->platform_ops, quarantine_init, dev); +} - if ( !hd->platform_ops->quarantine_init ) - return 0; +static int __init iommu_quarantine_init(void) +{ + dom_io->options |= XEN_DOMCTL_CDF_iommu; - return hd->platform_ops->quarantine_init(dom_io); + return iommu_domain_init(dom_io, 0); } int __init iommu_setup(void) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 1353e30747..37c2d5b1d1 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -858,9 +858,16 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus, return -ENODEV; /* De-assignment from dom_io should de-quarantine the device */ - target = ((pdev->quarantine || iommu_quarantine) && - pdev->domain != dom_io) ? - dom_io : hardware_domain; + if ( (pdev->quarantine || iommu_quarantine) && pdev->domain != dom_io ) + { + ret = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( ret ) + return ret; + + target = dom_io; + } + else + target = hardware_domain; while ( pdev->phantom_stride ) { @@ -1441,6 +1448,13 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) msixtbl_init(d); } + if ( pdev->domain != dom_io ) + { + rc = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( rc ) + goto done; + } + pdev->fault.count = 0; if ( (rc = hd->platform_ops->assign_device(d, devfn, pci_to_dev(pdev), flag)) ) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index e7851f61e2..c1ae66c8ef 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -43,6 +43,12 @@ #include "vtd.h" #include "../ats.h" +#define DEVICE_DOMID(d, pdev) ((d) != dom_io ? (d)->domain_id \ + : (pdev)->arch.pseudo_domid) +#define DEVICE_PGTABLE(d, pdev) ((d) != dom_io \ + ? dom_iommu(d)->arch.vtd.pgd_maddr \ + : (pdev)->arch.vtd.pgd_maddr) + /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -85,13 +91,18 @@ static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 + +/* + * This function may have "context" passed as NULL, to merely obtain a DID + * for "domid". + */ static int context_set_domain_id(struct context_entry *context, domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; - ASSERT(spin_is_locked(&iommu->lock)); + ASSERT(pcidevs_locked()); nr_dom = cap_ndoms(iommu->cap); i = find_first_bit(iommu->domid_bitmap, nr_dom); @@ -117,8 +128,13 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); - context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); - context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + + if ( context ) + { + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); + context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + } + return 0; } @@ -168,8 +184,12 @@ static void check_cleanup_domid_map(struct domain *d, const struct pci_dev *exclude, struct vtd_iommu *iommu) { - bool found = any_pdev_behind_iommu(d, exclude, iommu); + bool found; + + if ( d == dom_io ) + return; + found = any_pdev_behind_iommu(d, exclude, iommu); /* * Hidden devices are associated with DomXEN but usable by the hardware * domain. Hence they need considering here as well. @@ -1414,7 +1434,7 @@ int domain_context_mapping_one( domid = iommu->domid_map[prev_did]; if ( domid < DOMID_FIRST_RESERVED ) prev_dom = rcu_lock_domain_by_id(domid); - else if ( domid == DOMID_IO ) + else if ( pdev ? domid == pdev->arch.pseudo_domid : domid > DOMID_MASK ) prev_dom = rcu_lock_domain(dom_io); if ( !prev_dom ) { @@ -1570,15 +1590,12 @@ int domain_context_mapping_one( { if ( !prev_dom ) ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ - { - hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, - domain->domain_id, - hd->arch.vtd.pgd_maddr, + DEVICE_DOMID(prev_dom, pdev), + DEVICE_PGTABLE(prev_dom, pdev), mode & MAP_WITH_RMRR) < 0; - } else ret = 1; @@ -1600,7 +1617,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; - paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; + paddr_t pgd_maddr = DEVICE_PGTABLE(domain, pdev); domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; @@ -1633,7 +1650,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; } - if ( domain != pdev->domain ) + if ( domain != pdev->domain && pdev->domain != dom_io ) { if ( pdev->domain->is_dying ) mode |= MAP_OWNER_DYING; @@ -1672,8 +1689,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, + ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, + DEVICE_DOMID(domain, pdev), pgd_maddr, mode); if ( ret > 0 ) ret = 0; @@ -1696,8 +1713,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, - mode); + pdev, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret < 0 ) break; prev_present = ret; @@ -1725,8 +1742,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1741,8 +1758,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret ) { @@ -1889,7 +1906,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1900,7 +1917,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( ret ) break; @@ -1923,18 +1940,12 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + DEVICE_DOMID(domain, pdev)); /* PCIe to PCI/PCIx bridge */ - if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); - if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - domain->domain_id); - } - else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); + if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + DEVICE_DOMID(domain, pdev)); break; @@ -1977,6 +1988,26 @@ static void iommu_domain_teardown(struct domain *d) cleanup_domid_map(d->domain_id, drhd->iommu); } +static void quarantine_teardown(struct pci_dev *pdev, + const struct acpi_drhd_unit *drhd) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.vtd.pgd_maddr ) + return; + + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + page_list_move(&hd->arch.pgtables.list, &pdev->arch.pgtables_list); + while ( iommu_free_pgtables(dom_io) == -ERESTART ) + /* nothing */; + pdev->arch.vtd.pgd_maddr = 0; + + if ( drhd ) + cleanup_domid_map(pdev->arch.pseudo_domid, drhd->iommu); +} + static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, unsigned int *flush_flags) @@ -2201,6 +2232,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + quarantine_teardown(pdev, drhd); + if ( drhd ) { iommu_free_domid(pdev->arch.pseudo_domid, @@ -2896,69 +2929,135 @@ static void vtd_dump_page_tables(struct domain *d) agaw_to_level(hd->arch.vtd.agaw), 0, 0); } -static int __init intel_iommu_quarantine_init(struct domain *d) +static int fill_qpt(struct dma_pte *this, unsigned int level, + struct page_info *pgs[6]) { - struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_NUM; ++i ) + { + struct dma_pte *pte = &this[i], *next; + + if ( !dma_pte_present(*pte) ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = iommu_alloc_pgtable(hd); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + if ( level ) + { + next = map_vtd_domain_page(page_to_maddr(pgs[level])); + rc = fill_qpt(next, level - 1, pgs); + unmap_vtd_domain_page(next); + } + } + + dma_set_pte_addr(*pte, page_to_maddr(pgs[level])); + dma_set_pte_readable(*pte); + dma_set_pte_writable(*pte); + } + else if ( level && !dma_pte_superpage(*pte) ) + { + next = map_vtd_domain_page(dma_pte_addr(*pte)); + rc = fill_qpt(next, level - 1, pgs); + unmap_vtd_domain_page(next); + } + } + + return rc; +} + +static int intel_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); struct page_info *pg; - struct dma_pte *parent; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); - int rc = 0; + const struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; + unsigned int i, bdf; + bool rmrr_found = false; + int rc; - spin_lock(&hd->arch.mapping_lock); + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.vtd.pgd_maddr); + ASSERT(page_list_empty(&hd->arch.pgtables.list)); - if ( hd->arch.vtd.pgd_maddr ) + if ( pdev->arch.vtd.pgd_maddr ) { - ASSERT_UNREACHABLE(); - goto out; + clear_domain_page(pdev->arch.leaf_mfn); + return 0; } - pg = iommu_alloc_pgtable(hd); + drhd = acpi_find_matched_drhd_unit(pdev); + if ( !drhd ) + return -ENODEV; - rc = -ENOMEM; + pg = iommu_alloc_pgtable(hd); if ( !pg ) - goto out; + return -ENOMEM; + rc = context_set_domain_id(NULL, pdev->arch.pseudo_domid, drhd->iommu); + + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ hd->arch.vtd.pgd_maddr = page_to_maddr(pg); - parent = map_vtd_domain_page(hd->arch.vtd.pgd_maddr); - while ( level ) + for_each_rmrr_device ( rmrr, bdf, i ) { - uint64_t maddr; - unsigned int offset; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = iommu_alloc_pgtable(hd); - - if ( !pg ) - goto out; + if ( rc ) + break; - maddr = page_to_maddr(pg); - for ( offset = 0; offset < PTE_NUM; offset++ ) + if ( rmrr->segment == pdev->seg && bdf == pdev->sbdf.bdf ) { - struct dma_pte *pte = &parent[offset]; + rmrr_found = true; - dma_set_pte_addr(*pte, maddr); - dma_set_pte_readable(*pte); + rc = iommu_identity_mapping(dom_io, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); + if ( rc ) + printk(XENLOG_ERR VTDPREFIX + "%pp: RMRR quarantine mapping failed\n", + &pdev->sbdf); } - iommu_sync_cache(parent, PAGE_SIZE); + } - unmap_vtd_domain_page(parent); - parent = map_vtd_domain_page(maddr); - level--; + iommu_identity_map_teardown(dom_io); + hd->arch.vtd.pgd_maddr = 0; + pdev->arch.vtd.pgd_maddr = page_to_maddr(pg); + + if ( !rc ) + { + struct dma_pte *root; + struct page_info *pgs[6] = {}; + + spin_lock(&hd->arch.mapping_lock); + + root = map_vtd_domain_page(pdev->arch.vtd.pgd_maddr); + rc = fill_qpt(root, level - 1, pgs); + unmap_vtd_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_vtd_domain_page(parent); - rc = 0; + page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc ) + quarantine_teardown(pdev, drhd); - /* Pages may be leaked in failure case */ return rc; } diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index be44fc017f..c67adb9b41 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -509,7 +509,7 @@ struct vtd_iommu { u32 nr_pt_levels; u64 cap; u64 ecap; - spinlock_t lock; /* protect context, domain ids */ + spinlock_t lock; /* protect context */ spinlock_t register_lock; /* protect iommu register handling */ u64 root_maddr; /* root entry machine address */ nodeid_t node; diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index 70ed48e309..0c79acb1ed 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -1,6 +1,8 @@ #ifndef __X86_PCI_H__ #define __X86_PCI_H__ +#include + #define CF8_BDF(cf8) ( ((cf8) & 0x00ffff00) >> 8) #define CF8_ADDR_LO(cf8) ( (cf8) & 0x000000fc) #define CF8_ADDR_HI(cf8) ( ((cf8) & 0x0f000000) >> 16) @@ -20,7 +22,18 @@ struct arch_pci_dev { * them don't race (de)initialization and hence don't strictly need any * locking. */ + union { + /* Subset of struct arch_iommu's fields, to be used in dom_io. */ + struct { + uint64_t pgd_maddr; + } vtd; + struct { + struct page_info *root_table; + } amd; + }; domid_t pseudo_domid; + mfn_t leaf_mfn; + struct page_list_head pgtables_list; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index d59ed7cbad..cd79374a14 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -234,7 +234,7 @@ typedef int iommu_grdm_t(xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt); struct iommu_ops { int (*init)(struct domain *d); void (*hwdom_init)(struct domain *d); - int (*quarantine_init)(struct domain *d); + int (*quarantine_init)(device_t *dev); int (*add_device)(u8 devfn, device_t *dev); int (*enable_device)(device_t *dev); int (*remove_device)(u8 devfn, device_t *dev); @@ -352,6 +352,7 @@ int __must_check iommu_suspend(void); void iommu_resume(void); void iommu_crash_shutdown(void); int iommu_get_reserved_device_memory(iommu_grdm_t *, void *); +int iommu_quarantine_dev_init(device_t *dev); #ifdef CONFIG_HAS_PCI int iommu_do_pci_domctl(struct xen_domctl *, struct domain *d, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 05:33:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 05:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299475.510230 (Exim 4.92) (envelope-from ) id 1nbyHv-0003dT-Tt; Wed, 06 Apr 2022 05:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299475.510230; Wed, 06 Apr 2022 05:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyHv-0003dL-Qp; Wed, 06 Apr 2022 05:33:03 +0000 Received: by outflank-mailman (input) for mailman id 299475; Wed, 06 Apr 2022 05:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyHu-0003dF-H0 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyHu-00046p-FI for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyHu-00055F-EH for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0wPEFWzQVmvdol9VmaWa47CEPUCeorm9GcaL+XA44J0=; b=HAhkT5XMbFjtdXRqCdIm5C0wL4 QKONDA3LmdNan2XvYdO+PJEzk6ZOtvB10O5qeDt9h9DACGxoPHPbgsUxI7hQURRPyJFMiSbNSVpM5 AKAP8fYV2BdRrVaDUVD2OAIa+Na0FfJQur8nCNP6TCkC7Sb4HtKdWcxQ5sFHMW+POJ3E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] VT-d: split domid map cleanup check into a function Message-Id: Date: Wed, 06 Apr 2022 05:33:02 +0000 commit 8ed46cc1ef14fb8463cc847d82cbd2491054547a Author: Jan Beulich AuthorDate: Tue Apr 5 15:19:40 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:19:40 2022 +0200 VT-d: split domid map cleanup check into a function This logic will want invoking from elsewhere. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 9fdc10abe9457e4c9879a266f82372cb08e88ffb master date: 2021-11-24 11:06:20 +0100 --- xen/drivers/passthrough/vtd/iommu.c | 70 +++++++++++++++++++++++++------------ 1 file changed, 47 insertions(+), 23 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index af8b9ca0e4..234a4fbae5 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -147,6 +147,51 @@ static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) } } +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct vtd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + const struct acpi_drhd_unit *drhd; + + if ( pdev == exclude ) + continue; + + drhd = acpi_find_matched_drhd_unit(pdev); + if ( drhd && drhd->iommu == iommu ) + return true; + } + + return false; +} + +/* + * If no other devices under the same iommu owned by this domain, + * clear iommu in iommu_bitmap and clear domain_id in domid_bitmap. + */ +static void check_cleanup_domid_map(struct domain *d, + const struct pci_dev *exclude, + struct vtd_iommu *iommu) +{ + bool found = any_pdev_behind_iommu(d, exclude, iommu); + + /* + * Hidden devices are associated with DomXEN but usable by the hardware + * domain. Hence they need considering here as well. + */ + if ( !found && is_hardware_domain(d) ) + found = any_pdev_behind_iommu(dom_xen, exclude, iommu); + + if ( !found ) + { + clear_bit(iommu->index, &dom_iommu(d)->arch.iommu_bitmap); + cleanup_domid_map(d, iommu); + } +} + static int iommus_incoherent; static void sync_cache(const void *addr, unsigned int size) @@ -1679,7 +1724,6 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, struct vtd_iommu *iommu; int ret = 0; u8 seg = pdev->seg, bus = pdev->bus, tmp_bus, tmp_devfn, secbus; - int found = 0; drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) @@ -1763,28 +1807,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( ret ) goto out; - /* - * if no other devices under the same iommu owned by this domain, - * clear iommu in iommu_bitmap and clear domain_id in domid_bitmp - */ - for_each_pdev ( domain, pdev ) - { - if ( pdev->seg == seg && pdev->bus == bus && pdev->devfn == devfn ) - continue; - - drhd = acpi_find_matched_drhd_unit(pdev); - if ( drhd && drhd->iommu == iommu ) - { - found = 1; - break; - } - } - - if ( found == 0 ) - { - clear_bit(iommu->index, &dom_iommu(domain)->arch.iommu_bitmap); - cleanup_domid_map(domain, iommu); - } + if ( !ret ) + check_cleanup_domid_map(domain, pdev, iommu); out: return ret; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 05:33:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 05:33:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299476.510234 (Exim 4.92) (envelope-from ) id 1nbyI5-0003fN-V8; Wed, 06 Apr 2022 05:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299476.510234; Wed, 06 Apr 2022 05:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyI5-0003fF-SH; Wed, 06 Apr 2022 05:33:13 +0000 Received: by outflank-mailman (input) for mailman id 299476; Wed, 06 Apr 2022 05:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyI4-0003f0-JP for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyI4-00046t-IX for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyI4-00055n-Hh for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=z9dgBxQ3UinRtnPDbLJ9uc4q1UX+lBsMtoYOMxUyW9o=; b=2H8gX7yZZ+0fnl3MxMuuu7cIc7 EBqIIlNk+rvqi4+lL5FGxmRgXuD6V/Lhgi+Knd4xvjB8DlrvL8vGLehPTwlNaCQRDhRcMRwkFulc8 5Ci2b0gSjsM7PiCavqhJrga8kn7HMsB6CWnZPKSSFp+Z8BaeAC8Q48jivMruFESxQf3I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/hap: do not switch on log dirty for VRAM tracking Message-Id: Date: Wed, 06 Apr 2022 05:33:12 +0000 commit 2ce2aec8c148a0a291eae2a0631802e0ffb42133 Author: Roger Pau MonnĂ© AuthorDate: Tue Apr 5 15:20:10 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:20:10 2022 +0200 x86/hap: do not switch on log dirty for VRAM tracking XEN_DMOP_track_dirty_vram possibly calls into paging_log_dirty_enable when using HAP mode, and it can interact badly with other ongoing paging domctls, as XEN_DMOP_track_dirty_vram is not holding the domctl lock. This was detected as a result of the following assert triggering when doing repeated migrations of a HAP HVM domain with a stubdom: Assertion 'd->arch.paging.log_dirty.allocs == 0' failed at paging.c:198 ----[ Xen-4.17-unstable x86_64 debug=y Not tainted ]---- CPU: 34 RIP: e008:[] arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x6 RFLAGS: 0000000000010206 CONTEXT: hypervisor (d0v23) [...] Xen call trace: [] R arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x63a [] S xsm/flask/hooks.c#domain_has_perm+0x5a/0x67 [] F paging_domctl+0x251/0xd41 [] F paging_domctl_continuation+0x19d/0x202 [] F pv_hypercall+0x150/0x2a7 [] F lstar_enter+0x12d/0x140 Such assert triggered because the stubdom used XEN_DMOP_track_dirty_vram while dom0 was in the middle of executing XEN_DOMCTL_SHADOW_OP_OFF, and so log dirty become enabled while retiring the old structures, thus leading to new entries being populated in already clear slots. Fix this by not enabling log dirty for VRAM tracking, similar to what is done when using shadow instead of HAP. Call p2m_enable_hardware_log_dirty when enabling VRAM tracking in order to get some hardware assistance if available. As a side effect the memory pressure on the p2m pool should go down if only VRAM tracking is enabled, as the dirty bitmap is no longer allocated. Note that paging_log_dirty_range (used to get the dirty bitmap for VRAM tracking) doesn't use the log dirty bitmap, and instead relies on checking whether each gfn on the range has been switched from p2m_ram_logdirty to p2m_ram_rw in order to account for dirty pages. This is CVE-2022-26356 / XSA-397. Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich master commit: 4f4db53784d912c4f409a451c36ebfd4754e0a42 master date: 2022-04-05 14:11:30 +0200 --- xen/arch/x86/mm/hap/hap.c | 11 ++++------- xen/arch/x86/mm/paging.c | 2 +- xen/include/asm-x86/paging.h | 3 --- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 3d93f3451c..9aac006d65 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -69,13 +69,6 @@ int hap_track_dirty_vram(struct domain *d, { int size = (nr + BITS_PER_BYTE - 1) / BITS_PER_BYTE; - if ( !paging_mode_log_dirty(d) ) - { - rc = paging_log_dirty_enable(d, false); - if ( rc ) - goto out; - } - rc = -ENOMEM; dirty_bitmap = vzalloc(size); if ( !dirty_bitmap ) @@ -107,6 +100,10 @@ int hap_track_dirty_vram(struct domain *d, paging_unlock(d); + domain_pause(d); + p2m_enable_hardware_log_dirty(d); + domain_unpause(d); + if ( oend > ostart ) p2m_change_type_range(d, ostart, oend, p2m_ram_logdirty, p2m_ram_rw); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index 469bb76429..8596e52458 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -209,7 +209,7 @@ static int paging_free_log_dirty_bitmap(struct domain *d, int rc) return rc; } -int paging_log_dirty_enable(struct domain *d, bool log_global) +static int paging_log_dirty_enable(struct domain *d, bool log_global) { int ret; diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h index 7544f73121..a16929eaa7 100644 --- a/xen/include/asm-x86/paging.h +++ b/xen/include/asm-x86/paging.h @@ -156,9 +156,6 @@ void paging_log_dirty_range(struct domain *d, unsigned long nr, uint8_t *dirty_bitmap); -/* enable log dirty */ -int paging_log_dirty_enable(struct domain *d, bool log_global); - /* log dirty initialization */ void paging_log_dirty_init(struct domain *d, const struct log_dirty_ops *ops); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 05:33:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 05:33:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299477.510238 (Exim 4.92) (envelope-from ) id 1nbyIG-0003jJ-0I; Wed, 06 Apr 2022 05:33:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299477.510238; Wed, 06 Apr 2022 05:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIF-0003jB-Tl; Wed, 06 Apr 2022 05:33:23 +0000 Received: by outflank-mailman (input) for mailman id 299477; Wed, 06 Apr 2022 05:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIE-0003iq-MW for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIE-00047T-Ld for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyIE-00056G-Ku for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sQiC1RY4k0OlZxZN4c1vgvuMvn2A+uU9yD7Ehh9LcsQ=; b=PWVo8qgdnYjdyoxOvaEp2XQ9la MXVuI+PTgXHwcAApXHUxjue9THXXivBbo/MK8Puu2uFXlPs2KycmE7DnUOPNps8uZH0ETOipexC/F DHoKuFQ8qU6HAp7GKqCh2R6zzQMZorCXMb22+15fnyMyStTcAh87jgVIkGZZWvVRfH4s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] VT-d: correct ordering of operations in cleanup_domid_map() Message-Id: Date: Wed, 06 Apr 2022 05:33:22 +0000 commit 920e93df4e16c03811665e459c414feced6bc9b6 Author: Jan Beulich AuthorDate: Tue Apr 5 15:20:42 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:20:42 2022 +0200 VT-d: correct ordering of operations in cleanup_domid_map() The function may be called without any locks held (leaving aside the domctl one, which we surely don't want to depend on here), so needs to play safe wrt other accesses to domid_map[] and domid_bitmap[]. This is to avoid context_set_domain_id()'s writing of domid_map[] to be reset to zero right away in the case of it racing the freeing of a DID. For the interaction with context_set_domain_id() and did_to_domain_id() see the code comment. {check_,}cleanup_domid_map() are called with pcidevs_lock held or during domain cleanup only (and pcidevs_lock is also held around context_set_domain_id()), i.e. racing calls with the same (dom, iommu) tuple cannot occur. domain_iommu_domid(), besides its use by cleanup_domid_map(), has its result used only to control flushing, and hence a stale result would only lead to a stray extra flush. This is CVE-2022-26357 / XSA-399. Fixes: b9c20c78789f ("VT-d: per-iommu domain-id") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: d9eca7bb6c6636eb87bb17b08ba7de270f47ecd0 master date: 2022-04-05 14:12:27 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 234a4fbae5..68f9a524b8 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -142,8 +142,14 @@ static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) if ( iommu_domid >= 0 ) { + /* + * Update domid_map[] /before/ domid_bitmap[] to avoid a race with + * context_set_domain_id(), setting the slot to DOMID_INVALID for + * ->domid_map[] reads to produce a suitable value while the bit is + * still set. + */ + iommu->domid_map[iommu_domid] = DOMID_INVALID; clear_bit(iommu_domid, iommu->domid_bitmap); - iommu->domid_map[iommu_domid] = 0; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 05:33:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 05:33:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299478.510242 (Exim 4.92) (envelope-from ) id 1nbyIQ-0003m4-1z; Wed, 06 Apr 2022 05:33:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299478.510242; Wed, 06 Apr 2022 05:33:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIP-0003lw-V9; Wed, 06 Apr 2022 05:33:33 +0000 Received: by outflank-mailman (input) for mailman id 299478; Wed, 06 Apr 2022 05:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIO-0003lf-Pj for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIO-00047d-Os for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyIO-00056h-Nz for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ay42JlqtXa+j6zpVFZKhYdw2evuQaKkdFAhPSvc7yj4=; b=BznEW+G8uG/yn850e4sP93DAo2 Gjd+Bfxuht/xzz1SnG4Sc4SQwBh8h3/H0gHOcsDLxtJfal+S0LIolHCDOSp2oWOUACxsa9aYlfzZR OR8KqOYlFIqqhfUxfCe7E2hqJZtHpj2x9QFj09ECSsaLSG9W65dtXHeBAJSgUsqicDvg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] VT-d: fix (de)assign ordering when RMRRs are in use Message-Id: Date: Wed, 06 Apr 2022 05:33:32 +0000 commit 650b888c8a0a03d796632597e6adfd0075f13954 Author: Jan Beulich AuthorDate: Tue Apr 5 15:21:21 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:21:21 2022 +0200 VT-d: fix (de)assign ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully updated. Also adjust a related log message. This is CVE-2022-26358 / part of XSA-400. Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: 78a40f8b5dfa1a3aec43528663f39473d4429101 master date: 2022-04-05 14:15:33 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 56 ++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 68f9a524b8..50e21bf1d9 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2392,6 +2392,10 @@ static int reassign_device_ownership( { int ret; + ret = domain_context_unmap(source, devfn, pdev); + if ( ret ) + return ret; + /* * Devices assigned to untrusted domains (here assumed to be any domU) * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected @@ -2428,10 +2432,6 @@ static int reassign_device_ownership( } } - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; - if ( devfn == pdev->devfn && pdev->domain != dom_io ) { list_move(&pdev->domain_list, &dom_io->pdev_list); @@ -2508,9 +2508,8 @@ static int intel_iommu_assign_device( } } - ret = reassign_device_ownership(s, d, devfn, pdev); - if ( ret || d == dom_io ) - return ret; + if ( d == dom_io ) + return reassign_device_ownership(s, d, devfn, pdev); /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) @@ -2523,20 +2522,37 @@ static int intel_iommu_assign_device( rmrr->end_address, flag); if ( ret ) { - int rc; - - rc = reassign_device_ownership(d, s, devfn, pdev); printk(XENLOG_G_ERR VTDPREFIX - " cannot map reserved region (%"PRIx64",%"PRIx64"] for Dom%d (%d)\n", - rmrr->base_address, rmrr->end_address, - d->domain_id, ret); - if ( rc ) - { - printk(XENLOG_ERR VTDPREFIX - " failed to reclaim %04x:%02x:%02x.%u from %pd (%d)\n", - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), d, rc); - domain_crash(d); - } + "%pd: cannot map reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, ret); + break; + } + } + } + + if ( !ret ) + ret = reassign_device_ownership(s, d, devfn, pdev); + + /* See reassign_device_ownership() for the hwdom aspect. */ + if ( !ret || is_hardware_domain(d) ) + return ret; + + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment == seg && + PCI_BUS(bdf) == bus && + PCI_DEVFN2(bdf) == devfn ) + { + int rc = iommu_identity_mapping(d, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); + + if ( rc && rc != -ENOENT ) + { + printk(XENLOG_ERR VTDPREFIX + "%pd: cannot unmap reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, rc); + domain_crash(d); break; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 05:33:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 05:33:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299479.510246 (Exim 4.92) (envelope-from ) id 1nbyIa-0003pI-3d; Wed, 06 Apr 2022 05:33:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299479.510246; Wed, 06 Apr 2022 05:33:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIa-0003pA-0b; Wed, 06 Apr 2022 05:33:44 +0000 Received: by outflank-mailman (input) for mailman id 299479; Wed, 06 Apr 2022 05:33:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIY-0003or-Sx for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIY-00047q-S8 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyIY-00057A-RE for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NLO6pPe4s25EOeVKKj+2YCnasu5PYTULaLtuVaJTDR4=; b=QsbkaCLxNh6Aheu8phUOaJtqjr 6Hrhdu/Lul9LaoqHdsAfi592xE8UJja6EtK46MQUorEzZY8HS5Ihofj6xh6WWrg8tcrWB1pe6cXqD F8eADW+UwDGcIMcgcT0lGy1XWcdVVtXxyr7kLlNdCWwVneWLtmY5FyFqjHIZzudIK5PY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] VT-d: fix add/remove ordering when RMRRs are in use Message-Id: Date: Wed, 06 Apr 2022 05:33:42 +0000 commit 81918cead1a5c2c3fb6648b078501af81f520849 Author: Jan Beulich AuthorDate: Tue Apr 5 15:22:31 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:22:31 2022 +0200 VT-d: fix add/remove ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully cleared. Also switch to %pd in related log messages. Fixes: fa88cfadf918 ("vt-d: Map RMRR in intel_iommu_add_device() if the device has RMRR") Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 3221f270cf2eba0a22fd4f92319d664eacb92889 master date: 2022-04-05 14:16:10 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 50e21bf1d9..f7d40414ef 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1993,14 +1993,6 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - ret = domain_context_mapping(pdev->domain, devfn, pdev); - if ( ret ) - { - dprintk(XENLOG_ERR VTDPREFIX, "d%d: context mapping failed\n", - pdev->domain->domain_id); - return ret; - } - for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment == pdev->seg && @@ -2017,12 +2009,17 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) rmrr->base_address, rmrr->end_address, 0); if ( ret ) - dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", - pdev->domain->domain_id); + dprintk(XENLOG_ERR VTDPREFIX, "%pd: RMRR mapping failed\n", + pdev->domain); } } - return 0; + ret = domain_context_mapping(pdev->domain, devfn, pdev); + if ( ret ) + dprintk(XENLOG_ERR VTDPREFIX, "%pd: context mapping failed\n", + pdev->domain); + + return ret; } static int intel_iommu_enable_device(struct pci_dev *pdev) @@ -2044,11 +2041,15 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; - int i; + int ret, i; if ( !pdev->domain ) return -EINVAL; + ret = domain_context_unmap(pdev->domain, devfn, pdev); + if ( ret ) + return ret; + for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment != pdev->seg || @@ -2064,7 +2065,7 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } - return domain_context_unmap(pdev->domain, devfn, pdev); + return 0; } static int __hwdom_init setup_hwdom_device(u8 devfn, struct pci_dev *pdev) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 05:33:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 05:33:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299480.510250 (Exim 4.92) (envelope-from ) id 1nbyIk-0003sP-54; Wed, 06 Apr 2022 05:33:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299480.510250; Wed, 06 Apr 2022 05:33:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIk-0003sH-2A; Wed, 06 Apr 2022 05:33:54 +0000 Received: by outflank-mailman (input) for mailman id 299480; Wed, 06 Apr 2022 05:33:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIi-0003s2-W1 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIi-000486-VG for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyIi-00057h-UW for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:33:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/QlO+BWM+6R4PEWlAlrat4vgoCJEEkRsrUowCiG3ffI=; b=WeOC0dX5A6g655/tQdIE0s8ud3 YHygbNsGTBt/TxygVfA3EMhGtPaLh4K+1YfexDE8/VFWZMQNcd5ADa4BgjL7ji5oobAHlSyXfrRMn i/yGPRZhXycom40cAGJeM7YERdgy4GlZeYtGWw8d6Bdar4HYU5wRbRAsJmqFBPXqydpo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] VT-d: drop ownership checking from domain_context_mapping_one() Message-Id: Date: Wed, 06 Apr 2022 05:33:52 +0000 commit 33c13654cb6d7d2a5731614f55aace4866c93d97 Author: Jan Beulich AuthorDate: Tue Apr 5 15:23:26 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:23:26 2022 +0200 VT-d: drop ownership checking from domain_context_mapping_one() Despite putting in quite a bit of effort it was not possible to establish why exactly this code exists (beyond possibly sanity checking). Instead of a subsequent change further complicating this logic, simply get rid of it. Take the opportunity and move the respective unmap_vtd_domain_page() out of the locked region. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: a680b8134b2d1828bbbf443a97feea66e8a85c75 master date: 2022-04-05 14:17:21 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 66 ++----------------------------------- 1 file changed, 2 insertions(+), 64 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index f7d40414ef..b729ae173a 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -114,28 +114,6 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static int context_get_domain_id(struct context_entry *context, - struct vtd_iommu *iommu) -{ - unsigned long dom_index, nr_dom; - int domid = -1; - - if (iommu && context) - { - nr_dom = cap_ndoms(iommu->cap); - - dom_index = context_domain_id(*context); - - if ( dom_index < nr_dom && iommu->domid_map ) - domid = iommu->domid_map[dom_index]; - else - dprintk(XENLOG_DEBUG VTDPREFIX, - "dom_index %lu exceeds nr_dom %lu or iommu has no domid_map\n", - dom_index, nr_dom); - } - return domid; -} - static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) { int iommu_domid = domain_iommu_domid(domain, iommu); @@ -1392,49 +1370,9 @@ int domain_context_mapping_one( if ( context_present(*context) ) { - int res = 0; - - /* Try to get domain ownership from device structure. If that's - * not available, try to read it from the context itself. */ - if ( pdev ) - { - if ( pdev->domain != domain ) - { - printk(XENLOG_G_INFO VTDPREFIX - "d%d: %04x:%02x:%02x.%u owned by d%d!", - domain->domain_id, - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), - pdev->domain ? pdev->domain->domain_id : -1); - res = -EINVAL; - } - } - else - { - int cdomain; - cdomain = context_get_domain_id(context, iommu); - - if ( cdomain < 0 ) - { - printk(XENLOG_G_WARNING VTDPREFIX - "d%d: %04x:%02x:%02x.%u mapped, but can't find owner!\n", - domain->domain_id, - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - res = -EINVAL; - } - else if ( cdomain != domain->domain_id ) - { - printk(XENLOG_G_INFO VTDPREFIX - "d%d: %04x:%02x:%02x.%u already mapped to d%d!", - domain->domain_id, - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), - cdomain); - res = -EINVAL; - } - } - - unmap_vtd_domain_page(context_entries); spin_unlock(&iommu->lock); - return res; + unmap_vtd_domain_page(context_entries); + return 0; } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 05:34:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 05:34:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299481.510253 (Exim 4.92) (envelope-from ) id 1nbyIu-0003vf-8L; Wed, 06 Apr 2022 05:34:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299481.510253; Wed, 06 Apr 2022 05:34:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIu-0003vW-56; Wed, 06 Apr 2022 05:34:04 +0000 Received: by outflank-mailman (input) for mailman id 299481; Wed, 06 Apr 2022 05:34:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIt-0003vG-3K for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyIt-00048N-2V for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyIt-00058Z-1f for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bj6qWEUT9zKJN5gGU2ZJTsjnCJEMBgUqRo/psGYNF8o=; b=rJeIwiUXB9kOnvkyzWLjFme2ad NsrdhrNObgRP8W9dhWry6s0NJ+u7/HiKHgXfVL63fJhM43HeiJrCDIbFUr6OPFx0GbMy8J/VNuj+E QjGIY9CJWd1S2acAx5wN3tPm+s80JY8QEwSPW6861YBsz75A31Ke3rUY5b6ttCnhXJLw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] VT-d: re-assign devices directly Message-Id: Date: Wed, 06 Apr 2022 05:34:03 +0000 commit 235aa158e0f71ee2bf20155ce6b0b429acf59d37 Author: Jan Beulich AuthorDate: Tue Apr 5 15:23:57 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:23:57 2022 +0200 VT-d: re-assign devices directly Devices with RMRRs, due to it being unspecified how/when the specified memory regions may get accessed, may not be left disconnected from their respective mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than unmapping the old context and then mapping the new one, re-assignment needs to be done in a single step. This is CVE-2022-26359 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any RMRRs. The main difference is when it comes to updating context entries, which need to be atomic when there are RMRRs. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. The seemingly complicated choice of non-negative return values for domain_context_mapping_one() is to limit code churn: This way callers passing NULL for pdev don't need fiddling with. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 8f41e481b4852173909363b88c1ab3da747d3a05 master date: 2022-04-05 14:17:42 +0200 --- xen/drivers/passthrough/vtd/extern.h | 7 +- xen/drivers/passthrough/vtd/iommu.c | 268 +++++++++++++++++++++++++++-------- xen/drivers/passthrough/vtd/iommu.h | 8 +- xen/drivers/passthrough/vtd/quirks.c | 14 +- xen/drivers/passthrough/vtd/vtd.h | 10 +- 5 files changed, 233 insertions(+), 74 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 1cac22a02f..f51f8aae0d 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -85,7 +85,8 @@ void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *); + uint8_t bus, uint8_t devfn, + const struct pci_dev *pdev, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, u8 bus, u8 devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); @@ -105,8 +106,8 @@ int is_igd_vt_enabled_quirk(void); void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); -int __must_check me_wifi_quirk(struct domain *domain, - u8 bus, u8 devfn, int map); +int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, + uint8_t devfn, unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index b729ae173a..17deda92d8 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -110,6 +110,7 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; return 0; } @@ -1350,15 +1351,27 @@ static void __hwdom_init intel_iommu_hwdom_init(struct domain *d) } } +/* + * This function returns + * - a negative errno value upon error, + * - zero upon success when previously the entry was non-present, or this isn't + * the "main" request for a device (pdev == NULL), or for no-op quarantining + * assignments, + * - positive (one) upon success when previously the entry was present and this + * is the "main" request for a device (pdev != NULL). + */ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *pdev) + uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, + unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); - struct context_entry *context, *context_entries; + struct context_entry *context, *context_entries, lctxt; + __uint128_t old; u64 maddr, pgd_maddr; - u16 seg = iommu->drhd->segment; + uint16_t seg = iommu->drhd->segment, prev_did = 0; + struct domain *prev_dom = NULL; int agaw, rc, ret; bool_t flush_dev_iotlb; @@ -1367,17 +1380,32 @@ int domain_context_mapping_one( maddr = bus_to_context_maddr(iommu, bus); context_entries = (struct context_entry *)map_vtd_domain_page(maddr); context = &context_entries[devfn]; + old = (lctxt = *context).full; - if ( context_present(*context) ) + if ( context_present(lctxt) ) { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return 0; + domid_t domid; + + prev_did = context_domain_id(lctxt); + domid = iommu->domid_map[prev_did]; + if ( domid < DOMID_FIRST_RESERVED ) + prev_dom = rcu_lock_domain_by_id(domid); + else if ( domid == DOMID_IO ) + prev_dom = rcu_lock_domain(dom_io); + if ( !prev_dom ) + { + spin_unlock(&iommu->lock); + unmap_vtd_domain_page(context_entries); + dprintk(XENLOG_DEBUG VTDPREFIX, + "no domain for did %u (nr_dom %u)\n", + prev_did, cap_ndoms(iommu->cap)); + return -ESRCH; + } } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) { - context_set_translation_type(*context, CONTEXT_TT_PASS_THRU); + context_set_translation_type(lctxt, CONTEXT_TT_PASS_THRU); agaw = level_to_agaw(iommu->nr_pt_levels); } else @@ -1394,6 +1422,8 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -ENOMEM; } } @@ -1411,33 +1441,102 @@ int domain_context_mapping_one( goto nomem; } - context_set_address_root(*context, pgd_maddr); + context_set_address_root(lctxt, pgd_maddr); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) - context_set_translation_type(*context, CONTEXT_TT_DEV_IOTLB); + context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else - context_set_translation_type(*context, CONTEXT_TT_MULTI_LEVEL); + context_set_translation_type(lctxt, CONTEXT_TT_MULTI_LEVEL); spin_unlock(&hd->arch.mapping_lock); } - if ( context_set_domain_id(context, domain, iommu) ) + rc = context_set_domain_id(&lctxt, domain, iommu); + if ( rc ) { + unlock: spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); - return -EFAULT; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + return rc; + } + + if ( !prev_dom ) + { + context_set_address_width(lctxt, agaw); + context_set_fault_enable(lctxt); + context_set_present(lctxt); + } + else if ( prev_dom == domain ) + { + ASSERT(lctxt.full == context->full); + rc = !!pdev; + goto unlock; + } + else + { + ASSERT(context_address_width(lctxt) == agaw); + ASSERT(!context_fault_disable(lctxt)); + } + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(context, &old, &lctxt.full); + + /* + * Hardware does not update the context entry behind our backs, + * so the return value should match "old". + */ + if ( res != old ) + { + if ( pdev ) + check_cleanup_domid_map(domain, pdev, iommu); + printk(XENLOG_ERR + "%04x:%02x:%02x.%u: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", + pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + rc = -EILSEQ; + goto unlock; + } + } + else if ( !prev_dom || !(mode & MAP_WITH_RMRR) ) + { + context_clear_present(*context); + iommu_sync_cache(context, sizeof(*context)); + + write_atomic(&context->hi, lctxt.hi); + /* No barrier should be needed between these two. */ + write_atomic(&context->lo, lctxt.lo); + } + else /* Best effort, updating DID last. */ + { + /* + * By non-atomically updating the context entry's DID field last, + * during a short window in time TLB entries with the old domain ID + * but the new page tables may be inserted. This could affect I/O + * of other devices using this same (old) domain ID. Such updating + * therefore is not a problem if this was the only device associated + * with the old domain ID. Diverting I/O of any of a dying domain's + * devices to the quarantine page tables is intended anyway. + */ + if ( !(mode & (MAP_OWNER_DYING | MAP_SINGLE_DEVICE)) ) + printk(XENLOG_WARNING VTDPREFIX + " %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", + seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), prev_dom); + + write_atomic(&context->lo, lctxt.lo); + /* No barrier should be needed between these two. */ + write_atomic(&context->hi, lctxt.hi); } - context_set_address_width(*context, agaw); - context_set_fault_enable(*context); - context_set_present(*context); iommu_sync_cache(context, sizeof(struct context_entry)); spin_unlock(&iommu->lock); - /* Context entry was previously non-present (with domid 0). */ - rc = iommu_flush_context_device(iommu, 0, PCI_BDF2(bus, devfn), - DMA_CCMD_MASK_NOBIT, 1); + rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF2(bus, devfn), + DMA_CCMD_MASK_NOBIT, !prev_dom); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - ret = iommu_flush_iotlb_dsi(iommu, 0, 1, flush_dev_iotlb); + ret = iommu_flush_iotlb_dsi(iommu, prev_did, !prev_dom, flush_dev_iotlb); /* * The current logic for returns: @@ -1458,12 +1557,21 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, MAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, mode); if ( rc ) - domain_context_unmap_one(domain, iommu, bus, devfn); + { + if ( !prev_dom ) + domain_context_unmap_one(domain, iommu, bus, devfn); + else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + mode & MAP_WITH_RMRR); + } - return rc; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + + return rc ?: pdev && prev_dom; } static int domain_context_unmap(struct domain *d, uint8_t devfn, @@ -1473,8 +1581,11 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; int ret = 0; - u8 seg = pdev->seg, bus = pdev->bus, secbus; + unsigned int i, mode = 0; + uint16_t seg = pdev->seg, bdf; + uint8_t bus = pdev->bus, secbus; drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) @@ -1493,8 +1604,29 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, ASSERT(pcidevs_locked()); + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment != pdev->seg || bdf != pdev->sbdf.bdf ) + continue; + + mode |= MAP_WITH_RMRR; + break; + } + + if ( domain != pdev->domain ) + { + if ( pdev->domain->is_dying ) + mode |= MAP_OWNER_DYING; + else if ( drhd && + !any_pdev_behind_iommu(pdev->domain, pdev, drhd->iommu) && + !pdev->phantom_stride ) + mode |= MAP_SINGLE_DEVICE; + } + switch ( pdev->type ) { + bool prev_present; + case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "d%d:Hostbridge: skip %04x:%02x:%02x.%u map\n", @@ -1515,7 +1647,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); + pdev, mode); + if ( ret > 0 ) + ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) enable_ats_device(pdev, &drhd->iommu->ats_devices); @@ -1528,9 +1662,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); - if ( ret ) + pdev, mode); + if ( ret < 0 ) break; + prev_present = ret; if ( (ret = find_upstream_bridge(seg, &bus, &devfn, &secbus)) < 1 ) { @@ -1538,6 +1673,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; ret = -ENXIO; } + /* + * Strictly speaking if the device is the only one behind this bridge + * and the only one with this (secbus,0,0) tuple, it could be allowed + * to be re-assigned regardless of RMRR presence. But let's deal with + * that case only if it is actually found in the wild. + */ + else if ( prev_present && (mode & MAP_WITH_RMRR) && + domain != pdev->domain ) + ret = -EOPNOTSUPP; /* * Mapping a bridge should, if anything, pass the struct pci_dev of @@ -1546,7 +1690,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL); + NULL, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1561,10 +1705,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL); + NULL, mode); if ( ret ) - domain_context_unmap(domain, devfn, pdev); + { + if ( !prev_present ) + domain_context_unmap(domain, devfn, pdev); + else if ( pdev->domain != domain ) /* Avoid infinite recursion. */ + domain_context_mapping(pdev->domain, devfn, pdev); + } break; @@ -2331,9 +2480,8 @@ static int reassign_device_ownership( { int ret; - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_assign(target); /* * Devices assigned to untrusted domains (here assumed to be any domU) @@ -2343,6 +2491,31 @@ static int reassign_device_ownership( if ( (target != hardware_domain) && !iommu_intremap ) untrusted_msi = true; + ret = domain_context_mapping(target, devfn, pdev); + if ( ret ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_deassign(target); + return ret; + } + + if ( pdev->devfn == devfn ) + { + const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + + if ( drhd ) + check_cleanup_domid_map(source, pdev, drhd->iommu); + } + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + + if ( !has_arch_pdevs(source) ) + vmx_pi_hooks_deassign(source); + /* * If the device belongs to the hardware domain, and it has RMRR, don't * remove it from the hardware domain, because BIOS may use RMRR at @@ -2371,34 +2544,7 @@ static int reassign_device_ownership( } } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - if ( !has_arch_pdevs(source) ) - vmx_pi_hooks_deassign(source); - - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_assign(target); - - ret = domain_context_mapping(target, devfn, pdev); - if ( ret ) - { - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_deassign(target); - - return ret; - } - - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - - return ret; + return 0; } static int intel_iommu_assign_device( diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 32b39c606a..503b07ffb7 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -202,8 +202,12 @@ struct root_entry { do {(root).val |= ((value) & PAGE_MASK_4K);} while(0) struct context_entry { - u64 lo; - u64 hi; + union { + struct { + uint64_t lo, hi; + }; + __uint128_t full; + }; }; #define ROOT_ENTRY_NR (PAGE_SIZE_4K/sizeof(struct root_entry)) #define context_present(c) ((c).lo & 1) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 435e449ca3..99e159b4e9 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -343,7 +343,8 @@ void __init platform_quirks_init(void) */ static int __must_check map_me_phantom_function(struct domain *domain, - u32 dev, int map) + unsigned int dev, + unsigned int mode) { struct acpi_drhd_unit *drhd; struct pci_dev *pdev; @@ -354,9 +355,9 @@ static int __must_check map_me_phantom_function(struct domain *domain, drhd = acpi_find_matched_drhd_unit(pdev); /* map or unmap ME phantom function */ - if ( map ) + if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL); + PCI_DEVFN(dev, 7), NULL, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, PCI_DEVFN(dev, 7)); @@ -364,7 +365,8 @@ static int __must_check map_me_phantom_function(struct domain *domain, return rc; } -int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) +int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, + unsigned int mode) { u32 id; int rc = 0; @@ -388,7 +390,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, map); + rc = map_me_phantom_function(domain, 3, mode); break; default: break; @@ -414,7 +416,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, map); + rc = map_me_phantom_function(domain, 22, mode); break; default: break; diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index bb8889f350..e4ab242fee 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -22,8 +22,14 @@ #include -#define MAP_ME_PHANTOM_FUNC 1 -#define UNMAP_ME_PHANTOM_FUNC 0 +/* + * Values for domain_context_mapping_one()'s and me_wifi_quirk()'s "mode" + * parameters. + */ +#define MAP_WITH_RMRR (1u << 0) +#define MAP_OWNER_DYING (1u << 1) +#define MAP_SINGLE_DEVICE (1u << 2) +#define UNMAP_ME_PHANTOM_FUNC (1u << 3) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 05:34:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 05:34:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299482.510260 (Exim 4.92) (envelope-from ) id 1nbyJ4-0003yA-Aa; Wed, 06 Apr 2022 05:34:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299482.510260; Wed, 06 Apr 2022 05:34:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJ4-0003xv-6u; Wed, 06 Apr 2022 05:34:14 +0000 Received: by outflank-mailman (input) for mailman id 299482; Wed, 06 Apr 2022 05:34:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJ3-0003xl-6Y for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJ3-00048R-5i for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyJ3-00059W-4v for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PLKTHZE91JqAkFHpRNbEVPgXZmTKnXtbMq9/NSQDzTc=; b=ScQ5obQ/DnDtTHUEn84JhtOFIA 1DPQ7fp/JPuMB+7V+dXkTFTftDfQRG1RpbVzGCf8blJ+7HMNXoR53SIorCRUctR0DgAEI2A1Nvk9s jeD5HspXV1v3DvCPvpIWxap+oK/aF9/2oprw6akowUhKPa92QraZPpUMANm+Gz7boC0w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] AMD/IOMMU: re-assign devices directly Message-Id: Date: Wed, 06 Apr 2022 05:34:13 +0000 commit 73e25ecaef14d4df521235b6dbe5ceaaa3f02e8a Author: Jan Beulich AuthorDate: Tue Apr 5 15:24:23 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:24:23 2022 +0200 AMD/IOMMU: re-assign devices directly Devices with unity map ranges, due to it being unspecified how/when these memory ranges may get accessed, may not be left disconnected from their unity mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than tearing down the old root page table pointer and then establishing the new one, re-assignment needs to be done in a single step. This is CVE-2022-26360 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any unity map ranges. The main difference is when it comes to updating DTEs, which need to be atomic when there are unity mappings. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© master commit: 1fa6e9aa36233fe9c29a204fcb2697e985b8345f master date: 2022-04-05 14:18:04 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 67 +++++++++- xen/drivers/passthrough/amd/pci_amd_iommu.c | 180 ++++++++++++++++++-------- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 10 +- 3 files changed, 200 insertions(+), 57 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index ac30cac05b..45559f9678 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -103,10 +103,69 @@ static unsigned int set_iommu_pte_present(unsigned long pt_mfn, return flush_flags; } -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid) +/* + * This function returns + * - -errno for errors, + * - 0 for a successful update, atomic when necessary + * - 1 for a successful but non-atomic update, which may need to be warned + * about by the caller. + */ +int amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, uint16_t domain_id, + uint8_t paging_mode, unsigned int flags) { + bool valid = flags & SET_ROOT_VALID; + + if ( dte->v && dte->tv && + (cpu_has_cx16 || (flags & SET_ROOT_WITH_UNITY_MAP)) ) + { + union { + struct amd_iommu_dte dte; + uint64_t raw64[4]; + __uint128_t raw128[2]; + } ldte = { .dte = *dte }; + __uint128_t old = ldte.raw128[0]; + int ret = 0; + + ldte.dte.domain_id = domain_id; + ldte.dte.pt_root = paddr_to_pfn(root_ptr); + ldte.dte.iw = true; + ldte.dte.ir = true; + ldte.dte.paging_mode = paging_mode; + ldte.dte.v = valid; + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(dte, &old, &ldte.raw128[0]); + + /* + * Hardware does not update the DTE behind our backs, so the + * return value should match "old". + */ + if ( res != old ) + { + printk(XENLOG_ERR + "Dom%d: unexpected DTE %016lx_%016lx (expected %016lx_%016lx)\n", + domain_id, + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + ret = -EILSEQ; + } + } + else /* Best effort, updating domain_id last. */ + { + uint64_t *ptr = (void *)dte; + + write_atomic(ptr + 0, ldte.raw64[0]); + /* No barrier should be needed between these two. */ + write_atomic(ptr + 1, ldte.raw64[1]); + + ret = 1; + } + + return ret; + } + if ( valid || dte->v ) { dte->tv = false; @@ -121,6 +180,8 @@ void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, smp_wmb(); dte->tv = true; dte->v = valid; + + return 0; } void amd_iommu_set_intremap_table( diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index beafb0171d..14483e85ae 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -85,40 +85,81 @@ int get_dma_requestor_id(uint16_t seg, uint16_t bdf) return req_id; } -static void amd_iommu_setup_domain_device( +static int __must_check allocate_domain_resources(struct domain_iommu *hd) +{ + int rc; + + spin_lock(&hd->arch.mapping_lock); + rc = amd_iommu_alloc_root(hd); + spin_unlock(&hd->arch.mapping_lock); + + return rc; +} + +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct amd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + if ( pdev == exclude ) + continue; + + if ( find_iommu_for_device(pdev->seg, pdev->sbdf.bdf) == iommu ) + return true; + } + + return false; +} + +static int __must_check amd_iommu_setup_domain_device( struct domain *domain, struct amd_iommu *iommu, uint8_t devfn, struct pci_dev *pdev) { struct amd_iommu_dte *table, *dte; unsigned long flags; - int req_id, valid = 1; + unsigned int req_id, sr_flags; + int rc; u8 bus = pdev->bus; - const struct domain_iommu *hd = dom_iommu(domain); + struct domain_iommu *hd = dom_iommu(domain); + const struct ivrs_mappings *ivrs_dev; + + BUG_ON(!hd->arch.paging_mode || !iommu->dev_table.buffer); - BUG_ON( !hd->arch.root_table || !hd->arch.paging_mode || - !iommu->dev_table.buffer ); + rc = allocate_domain_resources(hd); + if ( rc ) + return rc; - if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) - valid = 0; + req_id = get_dma_requestor_id(iommu->seg, pdev->sbdf.bdf); + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + sr_flags = (iommu_hwdom_passthrough && is_hardware_domain(domain) + ? 0 : SET_ROOT_VALID) + | (ivrs_dev->unity_map ? SET_ROOT_WITH_UNITY_MAP : 0); /* get device-table entry */ req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); table = iommu->dev_table.buffer; dte = &table[req_id]; + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { - const struct ivrs_mappings *ivrs_dev; - /* bind DTE to domain page-tables */ - amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), domain->domain_id, - hd->arch.paging_mode, valid); + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode, sr_flags); + if ( rc ) + { + ASSERT(rc < 0); + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } /* Undo what amd_iommu_disable_domain_device() may have done. */ - ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; if ( dte->it_root ) { dte->int_ctl = IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED; @@ -133,17 +174,74 @@ static void amd_iommu_setup_domain_device( dte->i = ats_enabled; amd_iommu_flush_device(iommu, req_id); + } + else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.root_table)) ) + { + /* + * Strictly speaking if the device is the only one with this requestor + * ID, it could be allowed to be re-assigned regardless of unity map + * presence. But let's deal with that case only if it is actually + * found in the wild. + */ + if ( req_id != PCI_BDF2(bus, devfn) && + (sr_flags & SET_ROOT_WITH_UNITY_MAP) ) + rc = -EOPNOTSUPP; + else + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode, sr_flags); + if ( rc < 0 ) + { + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } + if ( rc && + domain != pdev->domain && + /* + * By non-atomically updating the DTE's domain ID field last, + * during a short window in time TLB entries with the old domain + * ID but the new page tables may have been inserted. This could + * affect I/O of other devices using this same (old) domain ID. + * Such updating therefore is not a problem if this was the only + * device associated with the old domain ID. Diverting I/O of any + * of a dying domain's devices to the quarantine page tables is + * intended anyway. + */ + !pdev->domain->is_dying && + (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || + pdev->phantom_stride) ) + printk(" %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", + pdev->seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + pdev->domain); + + /* + * Check remaining settings are still in place from an earlier call + * here. They're all independent of the domain, so should not have + * changed. + */ + if ( dte->it_root ) + ASSERT(dte->int_ctl == IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED); + ASSERT(dte->iv == iommu_intremap); + ASSERT(dte->ex == ivrs_dev->dte_allow_exclusion); + ASSERT(dte->sys_mgt == MASK_EXTR(ivrs_dev->device_flags, + ACPI_IVHD_SYSTEM_MGMT)); - AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " - "root table = %#"PRIx64", " - "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode); + if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && + iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) + ASSERT(dte->i == ats_enabled); + + amd_iommu_flush_device(iommu, req_id); } spin_unlock_irqrestore(&iommu->lock, flags); + AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " + "root table = %#"PRIx64", " + "domain = %d, paging mode = %d\n", + req_id, pdev->type, + page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode); + ASSERT(pcidevs_locked()); if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && @@ -154,6 +252,8 @@ static void amd_iommu_setup_domain_device( amd_iommu_flush_iotlb(devfn, pdev, INV_IOMMU_ALL_PAGES_ADDRESS, 0); } + + return 0; } int __init acpi_ivrs_init(void) @@ -223,17 +323,6 @@ int amd_iommu_alloc_root(struct domain_iommu *hd) return 0; } -static int __must_check allocate_domain_resources(struct domain_iommu *hd) -{ - int rc; - - spin_lock(&hd->arch.mapping_lock); - rc = amd_iommu_alloc_root(hd); - spin_unlock(&hd->arch.mapping_lock); - - return rc; -} - int __read_mostly amd_iommu_min_paging_mode = 1; static int amd_iommu_domain_init(struct domain *d) @@ -333,7 +422,6 @@ static int reassign_device(struct domain *source, struct domain *target, { struct amd_iommu *iommu; int bdf, rc; - struct domain_iommu *t = dom_iommu(target); const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); @@ -347,7 +435,15 @@ static int reassign_device(struct domain *source, struct domain *target, return -ENODEV; } - amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); + if ( rc ) + return rc; + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } /* * If the device belongs to the hardware domain, and it has a unity mapping, @@ -363,27 +459,10 @@ static int reassign_device(struct domain *source, struct domain *target, return rc; } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - rc = allocate_domain_resources(t); - if ( rc ) - return rc; - - amd_iommu_setup_domain_device(target, iommu, devfn, pdev); AMD_IOMMU_DEBUG("Re-assign %04x:%02x:%02x.%u from dom%d to dom%d\n", pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - return 0; } @@ -547,8 +626,7 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) spin_unlock_irqrestore(&iommu->lock, flags); } - amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); - return 0; + return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 3983293540..52c889ade0 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -79,9 +79,13 @@ void amd_iommu_set_intremap_table(struct amd_iommu_dte *dte, const void *ptr, const struct amd_iommu *iommu, bool valid); -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid); +#define SET_ROOT_VALID (1u << 0) +#define SET_ROOT_WITH_UNITY_MAP (1u << 1) +int __must_check amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, + uint16_t domain_id, + uint8_t paging_mode, + unsigned int flags); void iommu_dte_add_device_entry(struct amd_iommu_dte *dte, const struct ivrs_mappings *ivrs_dev); void iommu_dte_set_guest_cr3(struct amd_iommu_dte *dte, uint16_t dom_id, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 05:34:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 05:34:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299483.510264 (Exim 4.92) (envelope-from ) id 1nbyJE-00041J-DR; Wed, 06 Apr 2022 05:34:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299483.510264; Wed, 06 Apr 2022 05:34:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJE-00041B-9o; Wed, 06 Apr 2022 05:34:24 +0000 Received: by outflank-mailman (input) for mailman id 299483; Wed, 06 Apr 2022 05:34:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJD-000411-9s for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJD-00048x-91 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyJD-0005AN-8E for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VFqA3FwUtU7ZAjtxGmSWFvMUsXDpxjcZuEgRw4MfeT8=; b=xnNP9bsRClWZn6TtWbWcZW13xp z/VOhNzDYXkepqg2Fia0Tsn50/1tXbhunsKskv7JDDCvW3dcylSeIQP6pfvr4PpI/y9Oj1002b8s5 PoiKIIyc8uNesH77pcEEa0oD8qu1XCMbkR2br2gnmmPSGZHmvE44jSwVjFO0Y2BJ6uk4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] VT-d: prepare for per-device quarantine page tables (part I) Message-Id: Date: Wed, 06 Apr 2022 05:34:23 +0000 commit 92acf6b23154d65066ec4702fdca5cf232856d90 Author: Jan Beulich AuthorDate: Tue Apr 5 15:24:54 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:24:54 2022 +0200 VT-d: prepare for per-device quarantine page tables (part I) Arrange for domain ID and page table root to be passed around, the latter in particular to domain_pgd_maddr() such that taking it from the per-domain fields can be overridden. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: eb19326a328d49a6a4dc3930391b340f3bcd8948 master date: 2022-04-05 14:18:26 +0200 --- xen/drivers/passthrough/vtd/extern.h | 8 +++-- xen/drivers/passthrough/vtd/iommu.c | 62 ++++++++++++++++++++++++------------ xen/drivers/passthrough/vtd/quirks.c | 13 +++++--- 3 files changed, 54 insertions(+), 29 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index f51f8aae0d..897dcff9ff 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -86,9 +86,10 @@ void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, - const struct pci_dev *pdev, unsigned int mode); + const struct pci_dev *pdev, domid_t domid, + paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn); + uint8_t bus, uint8_t devfn, domid_t domid); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); @@ -107,7 +108,8 @@ void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, - uint8_t devfn, unsigned int mode); + uint8_t devfn, domid_t domid, paddr_t pgd_maddr, + unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 17deda92d8..ac2c73e32a 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1364,12 +1364,12 @@ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); struct context_entry *context, *context_entries, lctxt; __uint128_t old; - u64 maddr, pgd_maddr; + uint64_t maddr; uint16_t seg = iommu->drhd->segment, prev_did = 0; struct domain *prev_dom = NULL; int agaw, rc, ret; @@ -1410,10 +1410,12 @@ int domain_context_mapping_one( } else { + paddr_t root = pgd_maddr; + spin_lock(&hd->arch.mapping_lock); /* Ensure we have pagetables allocated down to leaf PTE. */ - if ( hd->arch.pgd_maddr == 0 ) + if ( !root ) { addr_to_dma_page_maddr(domain, 0, 1); if ( hd->arch.pgd_maddr == 0 ) @@ -1426,22 +1428,24 @@ int domain_context_mapping_one( rcu_unlock_domain(prev_dom); return -ENOMEM; } + + root = hd->arch.pgd_maddr; } /* Skip top levels of page tables for 2- and 3-level DRHDs. */ - pgd_maddr = hd->arch.pgd_maddr; for ( agaw = level_to_agaw(4); agaw != level_to_agaw(iommu->nr_pt_levels); agaw-- ) { - struct dma_pte *p = map_vtd_domain_page(pgd_maddr); - pgd_maddr = dma_pte_addr(*p); + struct dma_pte *p = map_vtd_domain_page(root); + + root = dma_pte_addr(*p); unmap_vtd_domain_page(p); - if ( pgd_maddr == 0 ) + if ( !root ) goto nomem; } - context_set_address_root(lctxt, pgd_maddr); + context_set_address_root(lctxt, root); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else @@ -1557,15 +1561,21 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, mode); + rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); if ( rc ) { if ( !prev_dom ) - domain_context_unmap_one(domain, iommu, bus, devfn); + domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + { + hd = dom_iommu(prev_dom); domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + domain->domain_id, + hd->arch.pgd_maddr, mode & MAP_WITH_RMRR); + } } if ( prev_dom ) @@ -1582,6 +1592,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; + paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1647,7 +1658,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret > 0 ) ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) @@ -1662,7 +1674,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret < 0 ) break; prev_present = ret; @@ -1690,7 +1703,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1705,7 +1719,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); if ( ret ) { @@ -1734,7 +1749,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn) + uint8_t bus, uint8_t devfn, domid_t domid) { struct context_entry *context, *context_entries; u64 maddr; @@ -1792,7 +1807,7 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1844,7 +1859,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, printk(VTDPREFIX "d%d:PCIe: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1854,7 +1870,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( ret ) break; @@ -1880,12 +1897,15 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, /* PCIe to PCI/PCIx bridge */ if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0); + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + domain->domain_id); } else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 99e159b4e9..4d54c21136 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -344,6 +344,8 @@ void __init platform_quirks_init(void) static int __must_check map_me_phantom_function(struct domain *domain, unsigned int dev, + domid_t domid, + paddr_t pgd_maddr, unsigned int mode) { struct acpi_drhd_unit *drhd; @@ -357,16 +359,17 @@ static int __must_check map_me_phantom_function(struct domain *domain, /* map or unmap ME phantom function */ if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL, mode); + PCI_DEVFN(dev, 7), NULL, + domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7)); + PCI_DEVFN(dev, 7), domid); return rc; } int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { u32 id; int rc = 0; @@ -390,7 +393,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, mode); + rc = map_me_phantom_function(domain, 3, domid, pgd_maddr, mode); break; default: break; @@ -416,7 +419,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, mode); + rc = map_me_phantom_function(domain, 22, domid, pgd_maddr, mode); break; default: break; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 05:34:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 05:34:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299484.510267 (Exim 4.92) (envelope-from ) id 1nbyJO-00044W-F4; Wed, 06 Apr 2022 05:34:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299484.510267; Wed, 06 Apr 2022 05:34:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJO-00044M-BO; Wed, 06 Apr 2022 05:34:34 +0000 Received: by outflank-mailman (input) for mailman id 299484; Wed, 06 Apr 2022 05:34:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJN-000441-DH for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJN-000493-CS for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyJN-0005B9-BT for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=L3EZrrreuGsO5i4FlmC5O5GWpXuQ9lePDZuU8ucBG/o=; b=0tZXSeCIPYO6sjEOI+oM6IT/vS Cadf+ol0TbJhmeNib+9TWWrxWgBRcq+saMOI8a0aFTq4EZeq32SiMuZBjpIQ1yBW9SAQPEMHW2n15 0j0UATzMZTx3wbTeQb8iDQKNf54ISnAWrhBzy8Pfn5cV428CzR7r1Cxf/b3SsYbdh75s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] VT-d: prepare for per-device quarantine page tables (part II) Message-Id: Date: Wed, 06 Apr 2022 05:34:33 +0000 commit ab37463eec5724036059d7df027ca13d66368211 Author: Jan Beulich AuthorDate: Tue Apr 5 15:25:26 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:25:26 2022 +0200 VT-d: prepare for per-device quarantine page tables (part II) Replace the passing of struct domain * by domid_t in preparation of per-device quarantine page tables also requiring per-device pseudo domain IDs, which aren't going to be associated with any struct domain instances. No functional change intended (except for slightly adjusted log message text). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 7131163c4806e3c7de24873164d1a003d2a27dee master date: 2022-04-05 14:18:48 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index ac2c73e32a..6388d97d26 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -52,8 +52,8 @@ static struct tasklet vtd_fault_tasklet; static int setup_hwdom_device(u8 devfn, struct pci_dev *); static void setup_hwdom_rmrr(struct domain *d); -static int domain_iommu_domid(struct domain *d, - struct vtd_iommu *iommu) +static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, + bool warn) { unsigned long nr_dom, i; @@ -61,16 +61,16 @@ static int domain_iommu_domid(struct domain *d, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) return i; i = find_next_bit(iommu->domid_bitmap, nr_dom, i+1); } - if ( !d->is_dying ) + if ( warn ) dprintk(XENLOG_ERR VTDPREFIX, - "Cannot get valid iommu %u domid: %pd\n", - iommu->index, d); + "No valid iommu %u domid for Dom%d\n", + iommu->index, domid); return -1; } @@ -78,8 +78,7 @@ static int domain_iommu_domid(struct domain *d, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 static int context_set_domain_id(struct context_entry *context, - struct domain *d, - struct vtd_iommu *iommu) + domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; @@ -90,7 +89,7 @@ static int context_set_domain_id(struct context_entry *context, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) { found = 1; break; @@ -106,7 +105,7 @@ static int context_set_domain_id(struct context_entry *context, dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: no free domain ids\n"); return -EFAULT; } - iommu->domid_map[i] = d->domain_id; + iommu->domid_map[i] = domid; } set_bit(i, iommu->domid_bitmap); @@ -115,9 +114,9 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) +static void cleanup_domid_map(domid_t domid, struct vtd_iommu *iommu) { - int iommu_domid = domain_iommu_domid(domain, iommu); + int iommu_domid = get_iommu_did(domid, iommu, false); if ( iommu_domid >= 0 ) { @@ -173,7 +172,7 @@ static void check_cleanup_domid_map(struct domain *d, if ( !found ) { clear_bit(iommu->index, &dom_iommu(d)->arch.iommu_bitmap); - cleanup_domid_map(d, iommu); + cleanup_domid_map(d->domain_id, iommu); } } @@ -630,7 +629,7 @@ static int __must_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, continue; flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - iommu_domid= domain_iommu_domid(d, iommu); + iommu_domid = get_iommu_did(d->domain_id, iommu, !d->is_dying); if ( iommu_domid == -1 ) continue; @@ -1454,7 +1453,7 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); } - rc = context_set_domain_id(&lctxt, domain, iommu); + rc = context_set_domain_id(&lctxt, domid, iommu); if ( rc ) { unlock: @@ -1774,7 +1773,7 @@ int domain_context_unmap_one( context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid= domain_iommu_domid(domain, iommu); + iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); if ( iommu_domid == -1 ) { spin_unlock(&iommu->lock); @@ -1948,7 +1947,7 @@ static void iommu_domain_teardown(struct domain *d) spin_unlock(&hd->arch.mapping_lock); for_each_drhd_unit ( drhd ) - cleanup_domid_map(d, drhd->iommu); + cleanup_domid_map(d->domain_id, drhd->iommu); } static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 05:34:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 05:34:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299485.510270 (Exim 4.92) (envelope-from ) id 1nbyJY-00047K-Fv; Wed, 06 Apr 2022 05:34:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299485.510270; Wed, 06 Apr 2022 05:34:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJY-00047B-Ct; Wed, 06 Apr 2022 05:34:44 +0000 Received: by outflank-mailman (input) for mailman id 299485; Wed, 06 Apr 2022 05:34:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJX-00046x-Go for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJX-000497-G0 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyJX-0005C6-FG for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+14Asziat5eYGtQs/4zO2CpD0xRy+blTGG0uQ1r67Mg=; b=yo1ul6OVlRcs/xpY3/GrZSroHP /o77WEeAv+QAQa0Dk9cP7hXJKiL/Zpu2p66aAWx1gfdADmrc9LjBxqoZlDZUDU+fRVTBW3rFZ2drh 5EZzUN1/ruf4VscRT4Xkp1sXrMWJ5bv9vRPxiWZA4hP6ps5NL8kWxHnS3KoAauSTUJ/4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] IOMMU/x86: maintain a per-device pseudo domain ID Message-Id: Date: Wed, 06 Apr 2022 05:34:43 +0000 commit 7cfe3570b1c0b4b19317145fbe4c776f09768fd5 Author: Jan Beulich AuthorDate: Tue Apr 5 15:25:54 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:25:54 2022 +0200 IOMMU/x86: maintain a per-device pseudo domain ID In order to subsequently enable per-device quarantine page tables, we'll need domain-ID-like identifiers to be inserted in the respective device (AMD) or context (Intel) table entries alongside the per-device page table root addresses. Make use of "real" domain IDs occupying only half of the value range coverable by domid_t. Note that in VT-d's iommu_alloc() I didn't want to introduce new memory leaks in case of error, but existing ones don't get plugged - that'll be the subject of a later change. The VT-d changes are slightly asymmetric, but this way we can avoid assigning pseudo domain IDs to devices which would never be mapped while still avoiding to add a new parameter to domain_context_unmap(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 97af062b89d52c0ecf7af254b53345c97d438e33 master date: 2022-04-05 14:19:10 +0200 --- xen/drivers/passthrough/amd/iommu_detect.c | 8 ++++ xen/drivers/passthrough/amd/pci_amd_iommu.c | 22 ++++++++- xen/drivers/passthrough/pci.c | 11 +++-- xen/drivers/passthrough/vtd/iommu.c | 69 ++++++++++++++++++++++++----- xen/drivers/passthrough/vtd/iommu.h | 1 + xen/drivers/passthrough/x86/iommu.c | 47 ++++++++++++++++++++ xen/include/asm-x86/amd-iommu.h | 1 + xen/include/asm-x86/iommu.h | 4 ++ xen/include/asm-x86/pci.h | 6 +++ xen/include/public/xen.h | 3 ++ 10 files changed, 156 insertions(+), 16 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_detect.c b/xen/drivers/passthrough/amd/iommu_detect.c index d782e66eee..0df10f25b0 100644 --- a/xen/drivers/passthrough/amd/iommu_detect.c +++ b/xen/drivers/passthrough/amd/iommu_detect.c @@ -183,6 +183,11 @@ int __init amd_iommu_detect_one_acpi( if ( rt ) goto out; + iommu->domid_map = iommu_init_domid(); + rt = -ENOMEM; + if ( !iommu->domid_map ) + goto out; + rt = pci_ro_device(iommu->seg, bus, PCI_DEVFN(dev, func)); if ( rt ) printk(XENLOG_ERR @@ -194,7 +199,10 @@ int __init amd_iommu_detect_one_acpi( out: if ( rt ) + { + xfree(iommu->domid_map); xfree(iommu); + } return rt; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 14483e85ae..b07091e71e 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -563,6 +563,8 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) struct amd_iommu *iommu; u16 bdf; struct ivrs_mappings *ivrs_mappings; + bool fresh_domid = false; + int ret; if ( !pdev->domain ) return -EINVAL; @@ -626,7 +628,22 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) spin_unlock_irqrestore(&iommu->lock, flags); } - return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = iommu_alloc_domid(iommu->domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + fresh_domid = true; + } + + ret = amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( ret && fresh_domid ) + { + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + + return ret; } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) @@ -651,6 +668,9 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, devfn); if ( amd_iommu_perdev_intremap && diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 32510351cf..97e42261eb 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -338,6 +338,7 @@ static struct pci_dev *alloc_pdev(struct pci_seg *pseg, u8 bus, u8 devfn) *((u8*) &pdev->bus) = bus; *((u8*) &pdev->devfn) = devfn; pdev->domain = NULL; + pdev->arch.pseudo_domid = DOMID_INVALID; INIT_LIST_HEAD(&pdev->msi_list); pos = pci_find_cap_offset(pseg->nr, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), @@ -1353,9 +1354,13 @@ static int _dump_pci_devices(struct pci_seg *pseg, void *arg) list_for_each_entry ( pdev, &pseg->alldevs_list, alldevs_list ) { - printk("%04x:%02x:%02x.%u - %pd - node %-3d - MSIs < ", - pseg->nr, pdev->bus, - PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn), pdev->domain, + printk("%04x:%02x:%02x.%u - ", pseg->nr, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); + if ( pdev->domain == dom_io ) + printk("DomIO:%x", pdev->arch.pseudo_domid); + else + printk("%pd", pdev->domain); + printk(" - node %-3d - MSIs < ", (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); list_for_each_entry ( msi, &pdev->msi_list, list ) printk("%d ", msi->irq); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 6388d97d26..fc89f3e4c5 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -1192,7 +1193,7 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { struct vtd_iommu *iommu; unsigned long sagaw, nr_dom; - int agaw; + int agaw, rc; if ( nr_iommus >= MAX_IOMMUS ) { @@ -1285,7 +1286,16 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) if ( !iommu->domid_map ) return -ENOMEM; + iommu->pseudo_domid_map = iommu_init_domid(); + rc = -ENOMEM; + if ( !iommu->pseudo_domid_map ) + goto free; + return 0; + + free: + iommu_free(drhd); + return rc; } void __init iommu_free(struct acpi_drhd_unit *drhd) @@ -1308,6 +1318,7 @@ void __init iommu_free(struct acpi_drhd_unit *drhd) xfree(iommu->domid_bitmap); xfree(iommu->domid_map); + xfree(iommu->pseudo_domid_map); if ( iommu->msi.irq >= 0 ) destroy_irq(iommu->msi.irq); @@ -1583,8 +1594,8 @@ int domain_context_mapping_one( return rc ?: pdev && prev_dom; } -static int domain_context_unmap(struct domain *d, uint8_t devfn, - struct pci_dev *pdev); +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *d, uint8_t devfn, struct pci_dev *pdev); static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) @@ -1592,6 +1603,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; + domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1652,6 +1664,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCIe_ENDPOINT: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "d%d:PCIe: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, @@ -1667,6 +1687,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCI: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, @@ -1742,6 +1770,13 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && devfn == pdev->devfn ) pci_vtd_quirk(pdev); + if ( ret && drhd && orig_domid == DOMID_INVALID ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return ret; } @@ -1824,8 +1859,10 @@ int domain_context_unmap_one( return rc; } -static int domain_context_unmap(struct domain *domain, u8 devfn, - struct pci_dev *pdev) +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *domain, + uint8_t devfn, + struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -1834,7 +1871,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) - return -ENODEV; + return ERR_PTR(-ENODEV); iommu = drhd->iommu; switch ( pdev->type ) @@ -1845,7 +1882,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); if ( !is_hardware_domain(domain) ) - return -EPERM; + return ERR_PTR(-EPERM); goto out; case DEV_TYPE_PCIe_BRIDGE: @@ -1923,7 +1960,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, check_cleanup_domid_map(domain, pdev, iommu); out: - return ret; + return ret ? ERR_PTR(ret) : drhd; } static void iommu_domain_teardown(struct domain *d) @@ -2145,16 +2182,17 @@ static int intel_iommu_enable_device(struct pci_dev *pdev) static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { + const struct acpi_drhd_unit *drhd; struct acpi_rmrr_unit *rmrr; u16 bdf; - int ret, i; + unsigned int i; if ( !pdev->domain ) return -EINVAL; - ret = domain_context_unmap(pdev->domain, devfn, pdev); - if ( ret ) - return ret; + drhd = domain_context_unmap(pdev->domain, devfn, pdev); + if ( IS_ERR(drhd) ) + return PTR_ERR(drhd); for_each_rmrr_device ( rmrr, bdf, i ) { @@ -2171,6 +2209,13 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + if ( drhd ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 503b07ffb7..be44fc017f 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -535,6 +535,7 @@ struct vtd_iommu { } flush; struct list_head ats_devices; + unsigned long *pseudo_domid_map; /* "pseudo" domain id bitmap */ unsigned long *domid_bitmap; /* domain id bitmap */ u16 *domid_map; /* domain id mapping array */ uint32_t version; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 818d28f770..f900bff60b 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -346,6 +346,53 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) return; } +unsigned long *__init iommu_init_domid(void) +{ + if ( !iommu_quarantine ) + return ZERO_BLOCK_PTR; + + BUILD_BUG_ON(DOMID_MASK * 2U >= UINT16_MAX); + + return xzalloc_array(unsigned long, + BITS_TO_LONGS(UINT16_MAX - DOMID_MASK)); +} + +domid_t iommu_alloc_domid(unsigned long *map) +{ + /* + * This is used uniformly across all IOMMUs, such that on typical + * systems we wouldn't re-use the same ID very quickly (perhaps never). + */ + static unsigned int start; + unsigned int idx = find_next_zero_bit(map, UINT16_MAX - DOMID_MASK, start); + + ASSERT(pcidevs_locked()); + + if ( idx >= UINT16_MAX - DOMID_MASK ) + idx = find_first_zero_bit(map, UINT16_MAX - DOMID_MASK); + if ( idx >= UINT16_MAX - DOMID_MASK ) + return DOMID_INVALID; + + __set_bit(idx, map); + + start = idx + 1; + + return idx | (DOMID_MASK + 1); +} + +void iommu_free_domid(domid_t domid, unsigned long *map) +{ + ASSERT(pcidevs_locked()); + + if ( domid == DOMID_INVALID ) + return; + + ASSERT(domid > DOMID_MASK); + + if ( !__test_and_clear_bit(domid & DOMID_MASK, map) ) + BUG(); +} + /* * Local variables: * mode: C diff --git a/xen/include/asm-x86/amd-iommu.h b/xen/include/asm-x86/amd-iommu.h index 829e1b1755..452ce97c02 100644 --- a/xen/include/asm-x86/amd-iommu.h +++ b/xen/include/asm-x86/amd-iommu.h @@ -94,6 +94,7 @@ struct amd_iommu { struct ring_buffer cmd_buffer; struct ring_buffer event_log; struct ring_buffer ppr_log; + unsigned long *domid_map; int exclusion_enable; int exclusion_allow_all; diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index aaf9455b8e..389417d198 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -130,6 +130,10 @@ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, iommu_vcall(ops, sync_cache, addr, size); \ }) +unsigned long *iommu_init_domid(void); +domid_t iommu_alloc_domid(unsigned long *map); +void iommu_free_domid(domid_t domid, unsigned long *map); + #endif /* !__ARCH_X86_IOMMU_H__ */ /* * Local variables: diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index cc05045e9c..70ed48e309 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -15,6 +15,12 @@ struct arch_pci_dev { vmask_t used_vectors; + /* + * These fields are (de)initialized under pcidevs-lock. Other uses of + * them don't race (de)initialization and hence don't strictly need any + * locking. + */ + domid_t pseudo_domid; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index d2198dffad..75b1619d0d 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -614,6 +614,9 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t); /* Idle domain. */ #define DOMID_IDLE xen_mk_uint(0x7FFF) +/* Mask for valid domain id values */ +#define DOMID_MASK xen_mk_uint(0x7FFF) + #ifndef __ASSEMBLY__ typedef uint16_t domid_t; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 05:34:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 05:34:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299486.510273 (Exim 4.92) (envelope-from ) id 1nbyJi-0004Aq-Ix; Wed, 06 Apr 2022 05:34:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299486.510273; Wed, 06 Apr 2022 05:34:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJi-0004Ai-Fx; Wed, 06 Apr 2022 05:34:54 +0000 Received: by outflank-mailman (input) for mailman id 299486; Wed, 06 Apr 2022 05:34:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJh-0004AW-K9 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJh-00049K-JJ for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyJh-0005D4-Il for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:34:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ulo8jBGVZK3+vyKHDL7J1oJrbONRjKhQn3TcoFSLkaw=; b=uCASxl+ISsH5rmErW5urTOIawQ 9npp7cL7C6cdB9QUZcT92nkmMrNKwiJg96wnhr01NdWcN90r42ok/2ekXm8Y/hvec4YjTMv1nNOjG cG3We9X6qzbsMfuorPpGpLftvzBeLq/3E4K7AA9eIafDDe4zDra3/mr3/7FnPShMe2vo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] IOMMU/x86: drop TLB flushes from quarantine_init() hooks Message-Id: Date: Wed, 06 Apr 2022 05:34:53 +0000 commit e6d6b5ba030a8d2d81bf902e4bc2a8530b3576ae Author: Jan Beulich AuthorDate: Tue Apr 5 15:26:41 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:26:41 2022 +0200 IOMMU/x86: drop TLB flushes from quarantine_init() hooks The page tables just created aren't hooked up yet anywhere, so there's nothing that could be present in any TLB, and hence nothing to flush. Dropping this flush is, at least on the VT-d side, a prereq to per- device domain ID use when quarantining devices, as dom_io isn't going to be assigned a DID anymore: The warning in get_iommu_did() would trigger. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 54c5cef49239e2f27ec3b3fc8804bf57aa4bf46d master date: 2022-04-05 14:19:42 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 2 -- xen/drivers/passthrough/vtd/iommu.c | 5 +---- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 45559f9678..3c7cd7ed9e 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -595,8 +595,6 @@ int __init amd_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - amd_iommu_flush_all_pages(d); - /* Pages leaked in failure case */ return level ? -ENOMEM : 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index fc89f3e4c5..e5c50429d2 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2894,7 +2894,6 @@ static int __init intel_iommu_quarantine_init(struct domain *d) struct dma_pte *parent; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); - int rc; if ( hd->arch.pgd_maddr ) { @@ -2941,10 +2940,8 @@ static int __init intel_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - rc = iommu_flush_iotlb_all(d); - /* Pages leaked in failure case */ - return level ? -ENOMEM : rc; + return level ? -ENOMEM : 0; } const struct iommu_ops __initconstrel intel_iommu_ops = { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 05:35:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 05:35:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299487.510278 (Exim 4.92) (envelope-from ) id 1nbyJs-0004Dn-KR; Wed, 06 Apr 2022 05:35:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299487.510278; Wed, 06 Apr 2022 05:35:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJs-0004Df-HR; Wed, 06 Apr 2022 05:35:04 +0000 Received: by outflank-mailman (input) for mailman id 299487; Wed, 06 Apr 2022 05:35:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJr-0004DW-N3 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:35:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyJr-0004AM-MG for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:35:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyJr-0005EA-Lh for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:35:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xdOUU34RLiVjDSJhs2gWPLEM2mbxKZJQhJy+eQRq5T4=; b=57L6+NxynV2qIA5+P/T/KzeZBH +GUij4B58NxCmzLNENDsU5jo0E3H1vg4PsBDh4N2lP4U3PyxddWW+/Ff5OuVMGEmofuU+0ie6HRog oPPmhgfjoUZND8MrhUZpgwYaslfSqRLKsSIplN4eTAFoFcykOFgZ7cOFnhn96eEZywMk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] AMD/IOMMU: abstract maximum number of page table levels Message-Id: Date: Wed, 06 Apr 2022 05:35:03 +0000 commit 454d5351a93d2438778630843cf3e77da0772167 Author: Jan Beulich AuthorDate: Tue Apr 5 15:27:09 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:27:09 2022 +0200 AMD/IOMMU: abstract maximum number of page table levels We will want to use the constant elsewhere. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: a038b514c1e970a8dc32229cbd31f6769ee61ad5 master date: 2022-04-05 14:20:04 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 2 +- xen/include/asm-x86/hvm/svm/amd-iommu-defs.h | 1 + xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 3c7cd7ed9e..db396dd1d4 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -260,7 +260,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, table = hd->arch.root_table; level = hd->arch.paging_mode; - BUG_ON( table == NULL || level < 1 || level > 6 ); + BUG_ON( table == NULL || level < 1 || level > IOMMU_MAX_PT_LEVELS ); /* * A frame number past what the current page tables can represent can't diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h b/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h index a54d6e9fc6..c46247cb24 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h @@ -110,6 +110,7 @@ struct amd_iommu_dte { bool tv:1; unsigned int :5; unsigned int had:2; +#define IOMMU_MAX_PT_LEVELS 6 unsigned int paging_mode:3; uint64_t pt_root:40; bool ppr:1; diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 52c889ade0..2a3bc47ab5 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -193,7 +193,7 @@ static inline int amd_iommu_get_paging_mode(unsigned long max_frames) while ( max_frames > PTE_PER_TABLE_SIZE ) { max_frames = PTE_PER_TABLE_ALIGN(max_frames) >> PTE_PER_TABLE_SHIFT; - if ( ++level > 6 ) + if ( ++level > IOMMU_MAX_PT_LEVELS ) return -ENOMEM; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 05:35:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 05:35:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299488.510282 (Exim 4.92) (envelope-from ) id 1nbyK2-0004Gd-Ma; Wed, 06 Apr 2022 05:35:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299488.510282; Wed, 06 Apr 2022 05:35:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyK2-0004GV-J2; Wed, 06 Apr 2022 05:35:14 +0000 Received: by outflank-mailman (input) for mailman id 299488; Wed, 06 Apr 2022 05:35:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyK1-0004GO-Qq for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:35:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyK1-0004BQ-Q1 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:35:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyK1-0005F3-PH for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 05:35:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1BckjwBjoVV7dTpRHurdse3jsHxFv7QrMJ4PYw4cKrw=; b=S3NPUlqoYx4UilCFyEC6Da6o5o 8wUuSkfgF5aCZaUffnpolbF3y33A7xKFVoeTicjD9bqLmqsHEvv7cAG6hIW5KtpcyVXMvdY7t0awz q0/fiKr5fFl9M5OlByn+tTRUN7rbjlPEKitxLnL32+6dC2JnTPJ41e3o6h6QersRnHy4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] IOMMU/x86: use per-device page tables for quarantining Message-Id: Date: Wed, 06 Apr 2022 05:35:13 +0000 commit 169a2834ef5d723091f187a5d6493ae77825757a Author: Jan Beulich AuthorDate: Tue Apr 5 15:27:36 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:27:36 2022 +0200 IOMMU/x86: use per-device page tables for quarantining Devices with RMRRs / unity mapped regions, due to it being unspecified how/when these memory regions may be accessed, may not be left disconnected from the mappings of these regions (as long as it's not certain that the device has been fully quiesced). Hence even the page tables used when quarantining such devices need to have mappings of those regions. This implies installing page tables in the first place even when not in scratch-page quarantining mode. This is CVE-2022-26361 / part of XSA-400. While for the purpose here it would be sufficient to have devices with RMRRs / unity mapped regions use per-device page tables, extend this to all devices (in scratch-page quarantining mode). This allows the leaf pages to be mapped r/w, thus covering also memory writes (rather than just reads) issued by non-quiescent devices. Set up quarantine page tables as late as possible, yet early enough to not encounter failure during de-assign. This means setup generally happens in assign_device(), while (for now) the one in deassign_device() is there mainly to be on the safe side. In VT-d's DID allocation function don't require the IOMMU lock to be held anymore: All involved code paths hold pcidevs_lock, so this way we avoid the need to acquire the IOMMU lock around the new call to context_set_domain_id(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 14dd241aad8af447680ac73e8579990e2c09c1e7 master date: 2022-04-05 14:24:18 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/amd/iommu_map.c | 155 +++++++++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 35 ++-- xen/drivers/passthrough/iommu.c | 18 +- xen/drivers/passthrough/pci.c | 20 ++- xen/drivers/passthrough/vtd/iommu.c | 247 +++++++++++++++++++------- xen/drivers/passthrough/vtd/iommu.h | 2 +- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 3 +- xen/include/asm-x86/pci.h | 13 ++ xen/include/xen/iommu.h | 3 +- 10 files changed, 363 insertions(+), 135 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index a6bfda010a..91f7b7760c 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1453,7 +1453,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int ret; - if ( !paging_mode_translate(p2m->domain) ) + if ( !paging_mode_translate(d) ) { if ( !is_iommu_enabled(d) ) return 0; diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index db396dd1d4..8b7d5b7c7b 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -539,64 +539,137 @@ int amd_iommu_reserve_domain_unity_unmap(struct domain *d, return rc; } -int __init amd_iommu_quarantine_init(struct domain *d) +static int fill_qpt(union amd_iommu_pte *this, unsigned int level, + struct page_info *pgs[IOMMU_MAX_PT_LEVELS], + struct pci_dev *pdev) { - struct domain_iommu *hd = dom_iommu(d); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_PER_TABLE_SIZE; ++i ) + { + union amd_iommu_pte *pte = &this[i], *next; + + if ( !pte->pr ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = alloc_amd_iommu_pgtable(); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + page_list_add(pgs[level], &pdev->arch.pgtables_list); + + if ( level ) + { + next = __map_domain_page(pgs[level]); + rc = fill_qpt(next, level - 1, pgs, pdev); + unmap_domain_page(next); + } + } + + /* + * PDEs are essentially a subset of PTEs, so this function + * is fine to use even at the leaf. + */ + set_iommu_pde_present(pte, mfn_x(page_to_mfn(pgs[level])), level, + true, true); + } + else if ( level && pte->next_level ) + { + page_list_add(mfn_to_page(_mfn(pte->mfn)), + &pdev->arch.pgtables_list); + next = map_domain_page(_mfn(pte->mfn)); + rc = fill_qpt(next, level - 1, pgs, pdev); + unmap_domain_page(next); + } + } + + return rc; +} + +int amd_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); unsigned long end_gfn = 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT); unsigned int level = amd_iommu_get_paging_mode(end_gfn); - union amd_iommu_pte *table; + unsigned int req_id = get_dma_requestor_id(pdev->seg, pdev->sbdf.bdf); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + int rc; + + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.root_table); - if ( hd->arch.root_table ) + ASSERT(pdev->arch.pseudo_domid != DOMID_INVALID); + + if ( pdev->arch.amd.root_table ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + pdev->arch.amd.root_table = alloc_amd_iommu_pgtable(); + if ( !pdev->arch.amd.root_table ) + return -ENOMEM; - hd->arch.root_table = alloc_amd_iommu_pgtable(); - if ( !hd->arch.root_table ) - goto out; + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.root_table = pdev->arch.amd.root_table; + + rc = amd_iommu_reserve_domain_unity_map(dom_io, + ivrs_mappings[req_id].unity_map, + 0); - table = __map_domain_page(hd->arch.root_table); - while ( level ) + iommu_identity_map_teardown(dom_io); + hd->arch.root_table = NULL; + + if ( rc ) + printk("%04x:%02x:%02x.%u: quarantine unity mapping failed\n", + pdev->seg, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); + else { - struct page_info *pg; - unsigned int i; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = alloc_amd_iommu_pgtable(); - if ( !pg ) - break; - - for ( i = 0; i < PTE_PER_TABLE_SIZE; i++ ) - { - union amd_iommu_pte *pde = &table[i]; + union amd_iommu_pte *root; + struct page_info *pgs[IOMMU_MAX_PT_LEVELS] = {}; - /* - * PDEs are essentially a subset of PTEs, so this function - * is fine to use even at the leaf. - */ - set_iommu_pde_present(pde, mfn_x(page_to_mfn(pg)), level - 1, - false, true); - } + spin_lock(&hd->arch.mapping_lock); - unmap_domain_page(table); - table = __map_domain_page(pg); - level--; + root = __map_domain_page(pdev->arch.amd.root_table); + rc = fill_qpt(root, level - 1, pgs, pdev); + unmap_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_domain_page(table); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc ) + amd_iommu_quarantine_teardown(pdev); + + return rc; +} + +void amd_iommu_quarantine_teardown(struct pci_dev *pdev) +{ + struct page_info *pg; + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.amd.root_table ) + return; + + while ( (pg = page_list_remove_head(&pdev->arch.pgtables_list)) ) + free_amd_iommu_pgtable(pg); - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + pdev->arch.amd.root_table = NULL; } /* diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index b07091e71e..e5c02ca710 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -125,6 +125,8 @@ static int __must_check amd_iommu_setup_domain_device( u8 bus = pdev->bus; struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; + const struct page_info *root_pg; + domid_t domid; BUG_ON(!hd->arch.paging_mode || !iommu->dev_table.buffer); @@ -144,14 +146,25 @@ static int __must_check amd_iommu_setup_domain_device( dte = &table[req_id]; ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + if ( domain != dom_io ) + { + root_pg = hd->arch.root_table; + domid = domain->domain_id; + } + else + { + root_pg = pdev->arch.amd.root_table; + domid = pdev->arch.pseudo_domid; + } + spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { /* bind DTE to domain page-tables */ rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.paging_mode, sr_flags); if ( rc ) { ASSERT(rc < 0); @@ -175,7 +188,7 @@ static int __must_check amd_iommu_setup_domain_device( amd_iommu_flush_device(iommu, req_id); } - else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.root_table)) ) + else if ( dte->pt_root != mfn_x(page_to_mfn(root_pg)) ) { /* * Strictly speaking if the device is the only one with this requestor @@ -188,8 +201,8 @@ static int __must_check amd_iommu_setup_domain_device( rc = -EOPNOTSUPP; else rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.paging_mode, sr_flags); if ( rc < 0 ) { spin_unlock_irqrestore(&iommu->lock, flags); @@ -208,6 +221,7 @@ static int __must_check amd_iommu_setup_domain_device( * intended anyway. */ !pdev->domain->is_dying && + pdev->domain != dom_io && (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || pdev->phantom_stride) ) printk(" %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", @@ -238,9 +252,8 @@ static int __must_check amd_iommu_setup_domain_device( AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " "root table = %#"PRIx64", " "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode); + req_id, pdev->type, page_to_maddr(root_pg), + domid, hd->arch.paging_mode); ASSERT(pcidevs_locked()); @@ -313,7 +326,7 @@ static int iov_enable_xt(void) int amd_iommu_alloc_root(struct domain_iommu *hd) { - if ( unlikely(!hd->arch.root_table) ) + if ( unlikely(!hd->arch.root_table) && hd != dom_iommu(dom_io) ) { hd->arch.root_table = alloc_amd_iommu_pgtable(); if ( !hd->arch.root_table ) @@ -404,7 +417,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, AMD_IOMMU_DEBUG("Disable: device id = %#x, " "domain = %d, paging mode = %d\n", - req_id, domain->domain_id, + req_id, dte->domain_id, dom_iommu(domain)->arch.paging_mode); } spin_unlock_irqrestore(&iommu->lock, flags); @@ -668,6 +681,8 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + amd_iommu_quarantine_teardown(pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); pdev->arch.pseudo_domid = DOMID_INVALID; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 93d4377978..9aef696d90 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -450,21 +450,21 @@ int iommu_iotlb_flush_all(struct domain *d, unsigned int flush_flags) return rc; } -static int __init iommu_quarantine_init(void) +int iommu_quarantine_dev_init(device_t *dev) { const struct domain_iommu *hd = dom_iommu(dom_io); - int rc; - dom_io->options |= XEN_DOMCTL_CDF_iommu; + if ( !iommu_quarantine || !hd->platform_ops->quarantine_init ) + return 0; - rc = iommu_domain_init(dom_io, 0); - if ( rc ) - return rc; + return iommu_call(hd->platform_ops, quarantine_init, dev); +} - if ( !hd->platform_ops->quarantine_init ) - return 0; +static int __init iommu_quarantine_init(void) +{ + dom_io->options |= XEN_DOMCTL_CDF_iommu; - return hd->platform_ops->quarantine_init(dom_io); + return iommu_domain_init(dom_io, 0); } int __init iommu_setup(void) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 97e42261eb..1a1a387458 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -929,9 +929,16 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus, return -ENODEV; /* De-assignment from dom_io should de-quarantine the device */ - target = ((pdev->quarantine || iommu_quarantine) && - pdev->domain != dom_io) ? - dom_io : hardware_domain; + if ( (pdev->quarantine || iommu_quarantine) && pdev->domain != dom_io ) + { + ret = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( ret ) + return ret; + + target = dom_io; + } + else + target = hardware_domain; while ( pdev->phantom_stride ) { @@ -1547,6 +1554,13 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) msixtbl_init(d); } + if ( pdev->domain != dom_io ) + { + rc = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( rc ) + goto done; + } + pdev->fault.count = 0; if ( (rc = hd->platform_ops->assign_device(d, devfn, pci_to_dev(pdev), flag)) ) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index e5c50429d2..6571b5dde4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -43,6 +43,12 @@ #include "vtd.h" #include "../ats.h" +#define DEVICE_DOMID(d, pdev) ((d) != dom_io ? (d)->domain_id \ + : (pdev)->arch.pseudo_domid) +#define DEVICE_PGTABLE(d, pdev) ((d) != dom_io \ + ? dom_iommu(d)->arch.pgd_maddr \ + : (pdev)->arch.vtd.pgd_maddr) + /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -78,13 +84,18 @@ static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 + +/* + * This function may have "context" passed as NULL, to merely obtain a DID + * for "domid". + */ static int context_set_domain_id(struct context_entry *context, domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; - ASSERT(spin_is_locked(&iommu->lock)); + ASSERT(pcidevs_locked()); nr_dom = cap_ndoms(iommu->cap); i = find_first_bit(iommu->domid_bitmap, nr_dom); @@ -110,8 +121,13 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); - context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); - context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + + if ( context ) + { + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); + context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + } + return 0; } @@ -161,8 +177,12 @@ static void check_cleanup_domid_map(struct domain *d, const struct pci_dev *exclude, struct vtd_iommu *iommu) { - bool found = any_pdev_behind_iommu(d, exclude, iommu); + bool found; + + if ( d == dom_io ) + return; + found = any_pdev_behind_iommu(d, exclude, iommu); /* * Hidden devices are associated with DomXEN but usable by the hardware * domain. Hence they need considering here as well. @@ -1400,7 +1420,7 @@ int domain_context_mapping_one( domid = iommu->domid_map[prev_did]; if ( domid < DOMID_FIRST_RESERVED ) prev_dom = rcu_lock_domain_by_id(domid); - else if ( domid == DOMID_IO ) + else if ( pdev ? domid == pdev->arch.pseudo_domid : domid > DOMID_MASK ) prev_dom = rcu_lock_domain(dom_io); if ( !prev_dom ) { @@ -1577,15 +1597,12 @@ int domain_context_mapping_one( { if ( !prev_dom ) domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ - { - hd = dom_iommu(prev_dom); domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, - domain->domain_id, - hd->arch.pgd_maddr, + DEVICE_DOMID(prev_dom, pdev), + DEVICE_PGTABLE(prev_dom, pdev), mode & MAP_WITH_RMRR); - } } if ( prev_dom ) @@ -1602,7 +1619,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; - paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; + paddr_t pgd_maddr = DEVICE_PGTABLE(domain, pdev); domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; @@ -1635,7 +1652,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; } - if ( domain != pdev->domain ) + if ( domain != pdev->domain && pdev->domain != dom_io ) { if ( pdev->domain->is_dying ) mode |= MAP_OWNER_DYING; @@ -1676,8 +1693,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "d%d:PCIe: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, + ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, + DEVICE_DOMID(domain, pdev), pgd_maddr, mode); if ( ret > 0 ) ret = 0; @@ -1701,8 +1718,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, - mode); + pdev, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret < 0 ) break; prev_present = ret; @@ -1730,8 +1747,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1746,8 +1763,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret ) { @@ -1896,7 +1913,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1907,7 +1924,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( ret ) break; @@ -1930,18 +1947,12 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + DEVICE_DOMID(domain, pdev)); /* PCIe to PCI/PCIx bridge */ - if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); - if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - domain->domain_id); - } - else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); + if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + DEVICE_DOMID(domain, pdev)); break; @@ -1987,6 +1998,25 @@ static void iommu_domain_teardown(struct domain *d) cleanup_domid_map(d->domain_id, drhd->iommu); } +static void quarantine_teardown(struct pci_dev *pdev, + const struct acpi_drhd_unit *drhd) +{ + struct page_info *pg; + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.vtd.pgd_maddr ) + return; + + while ( (pg = page_list_remove_head(&pdev->arch.pgtables_list)) ) + free_domheap_page(pg); + + pdev->arch.vtd.pgd_maddr = 0; + + if ( drhd ) + cleanup_domid_map(pdev->arch.pseudo_domid, drhd->iommu); +} + static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, unsigned int *flush_flags) @@ -2209,6 +2239,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + quarantine_teardown(pdev, drhd); + if ( drhd ) { iommu_free_domid(pdev->arch.pseudo_domid, @@ -2888,60 +2920,139 @@ static void vtd_dump_p2m_table(struct domain *d) vtd_dump_p2m_table_level(hd->arch.pgd_maddr, agaw_to_level(hd->arch.agaw), 0, 0); } -static int __init intel_iommu_quarantine_init(struct domain *d) +static int fill_qpt(struct dma_pte *this, unsigned int level, + paddr_t maddrs[6], struct pci_dev *pdev) { - struct domain_iommu *hd = dom_iommu(d); - struct dma_pte *parent; + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_NUM; ++i ) + { + struct dma_pte *pte = &this[i], *next; + + if ( !dma_pte_present(*pte) ) + { + if ( !maddrs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + maddrs[level] = alloc_pgtable_maddr(1, hd->node); + if ( !maddrs[level] ) + { + rc = -ENOMEM; + break; + } + + page_list_add(maddr_to_page(maddrs[level]), + &pdev->arch.pgtables_list); + + if ( level ) + { + next = map_vtd_domain_page(maddrs[level]); + rc = fill_qpt(next, level - 1, maddrs, pdev); + unmap_vtd_domain_page(next); + } + } + + dma_set_pte_addr(*pte, maddrs[level]); + dma_set_pte_readable(*pte); + dma_set_pte_writable(*pte); + } + else if ( level && !dma_pte_superpage(*pte) ) + { + page_list_add(maddr_to_page(dma_pte_addr(*pte)), + &pdev->arch.pgtables_list); + next = map_vtd_domain_page(dma_pte_addr(*pte)); + rc = fill_qpt(next, level - 1, maddrs, pdev); + unmap_vtd_domain_page(next); + } + } + + return rc; +} + +static int intel_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + paddr_t maddr; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); + const struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; + unsigned int i, bdf; + bool rmrr_found = false; + int rc; - if ( hd->arch.pgd_maddr ) + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.pgd_maddr); + + if ( pdev->arch.vtd.pgd_maddr ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + drhd = acpi_find_matched_drhd_unit(pdev); + if ( !drhd ) + return -ENODEV; - hd->arch.pgd_maddr = alloc_pgtable_maddr(1, hd->node); - if ( !hd->arch.pgd_maddr ) - goto out; + maddr = alloc_pgtable_maddr(1, hd->node); + if ( !maddr ) + return -ENOMEM; - parent = map_vtd_domain_page(hd->arch.pgd_maddr); - while ( level ) - { - uint64_t maddr; - unsigned int offset; + rc = context_set_domain_id(NULL, pdev->arch.pseudo_domid, drhd->iommu); - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - maddr = alloc_pgtable_maddr(1, hd->node); - if ( !maddr ) + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.pgd_maddr = maddr; + + for_each_rmrr_device ( rmrr, bdf, i ) + { + if ( rc ) break; - for ( offset = 0; offset < PTE_NUM; offset++ ) + if ( rmrr->segment == pdev->seg && bdf == pdev->sbdf.bdf ) { - struct dma_pte *pte = &parent[offset]; + rmrr_found = true; - dma_set_pte_addr(*pte, maddr); - dma_set_pte_readable(*pte); + rc = iommu_identity_mapping(dom_io, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); + if ( rc ) + printk(XENLOG_ERR VTDPREFIX + "%04x:%02x:%02x.%u: RMRR quarantine mapping failed\n", + pdev->seg, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); } - iommu_sync_cache(parent, PAGE_SIZE); + } - unmap_vtd_domain_page(parent); - parent = map_vtd_domain_page(maddr); - level--; + iommu_identity_map_teardown(dom_io); + hd->arch.pgd_maddr = 0; + pdev->arch.vtd.pgd_maddr = maddr; + + if ( !rc ) + { + struct dma_pte *root; + paddr_t maddrs[6] = {}; + + spin_lock(&hd->arch.mapping_lock); + + root = map_vtd_domain_page(maddr); + rc = fill_qpt(root, level - 1, maddrs, pdev); + unmap_vtd_domain_page(root); + + pdev->arch.leaf_mfn = maddr_to_mfn(maddrs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_vtd_domain_page(parent); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc ) + quarantine_teardown(pdev, drhd); - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + return rc; } const struct iommu_ops __initconstrel intel_iommu_ops = { diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index be44fc017f..c67adb9b41 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -509,7 +509,7 @@ struct vtd_iommu { u32 nr_pt_levels; u64 cap; u64 ecap; - spinlock_t lock; /* protect context, domain ids */ + spinlock_t lock; /* protect context */ spinlock_t register_lock; /* protect iommu register handling */ u64 root_maddr; /* root entry machine address */ nodeid_t node; diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 2a3bc47ab5..961182ac0f 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -54,7 +54,8 @@ int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); int iov_adjust_irq_affinities(void); -int amd_iommu_quarantine_init(struct domain *d); +int amd_iommu_quarantine_init(struct pci_dev *pdev); +void amd_iommu_quarantine_teardown(struct pci_dev *pdev); /* mapping functions */ int __must_check amd_iommu_map_page(struct domain *d, dfn_t dfn, diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index 70ed48e309..0c79acb1ed 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -1,6 +1,8 @@ #ifndef __X86_PCI_H__ #define __X86_PCI_H__ +#include + #define CF8_BDF(cf8) ( ((cf8) & 0x00ffff00) >> 8) #define CF8_ADDR_LO(cf8) ( (cf8) & 0x000000fc) #define CF8_ADDR_HI(cf8) ( ((cf8) & 0x0f000000) >> 16) @@ -20,7 +22,18 @@ struct arch_pci_dev { * them don't race (de)initialization and hence don't strictly need any * locking. */ + union { + /* Subset of struct arch_iommu's fields, to be used in dom_io. */ + struct { + uint64_t pgd_maddr; + } vtd; + struct { + struct page_info *root_table; + } amd; + }; domid_t pseudo_domid; + mfn_t leaf_mfn; + struct page_list_head pgtables_list; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 041a7cf5e5..c94579fe92 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -211,7 +211,7 @@ typedef int iommu_grdm_t(xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt); struct iommu_ops { int (*init)(struct domain *d); void (*hwdom_init)(struct domain *d); - int (*quarantine_init)(struct domain *d); + int (*quarantine_init)(device_t *dev); int (*add_device)(u8 devfn, device_t *dev); int (*enable_device)(device_t *dev); int (*remove_device)(u8 devfn, device_t *dev); @@ -331,6 +331,7 @@ int __must_check iommu_suspend(void); void iommu_resume(void); void iommu_crash_shutdown(void); int iommu_get_reserved_device_memory(iommu_grdm_t *, void *); +int iommu_quarantine_dev_init(device_t *dev); void iommu_share_p2m_table(struct domain *d); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 06:00:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 06:00:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299499.510297 (Exim 4.92) (envelope-from ) id 1nbyiE-0007q6-Tz; Wed, 06 Apr 2022 06:00:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299499.510297; Wed, 06 Apr 2022 06:00:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyiE-0007py-Qr; Wed, 06 Apr 2022 06:00:14 +0000 Received: by outflank-mailman (input) for mailman id 299499; Wed, 06 Apr 2022 06:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyi2-0007Gq-Lk for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyi2-0004hk-Fh for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyi2-0006hQ-Et for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DZMz7ErYJJSZtNDt2Ra2sXXXDUvlIj4TusQILMam4Ck=; b=eY6ElQJ2Tebj8N7qyhBDm9bJCC G58EtkG7kmzSHkmuHjOgCLBGQBpN/0EQ3z+3Px46OFfzU95wa6e68MJ+ZoEtihHfl8viSNUz6pSBh 9uD2zMysDvgK+C+hy+kyHEKozYHNJ90N7Ho7zSacjWo/k7PDLWvfh1IW29e0hKe2Cwrg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/hap: do not switch on log dirty for VRAM tracking Message-Id: Date: Wed, 06 Apr 2022 06:00:02 +0000 commit 309487036c9447fbfbc60f88667970dedf376aa4 Author: Roger Pau MonnĂ© AuthorDate: Tue Apr 5 14:43:32 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:43:32 2022 +0200 x86/hap: do not switch on log dirty for VRAM tracking XEN_DMOP_track_dirty_vram possibly calls into paging_log_dirty_enable when using HAP mode, and it can interact badly with other ongoing paging domctls, as XEN_DMOP_track_dirty_vram is not holding the domctl lock. This was detected as a result of the following assert triggering when doing repeated migrations of a HAP HVM domain with a stubdom: Assertion 'd->arch.paging.log_dirty.allocs == 0' failed at paging.c:198 ----[ Xen-4.17-unstable x86_64 debug=y Not tainted ]---- CPU: 34 RIP: e008:[] arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x6 RFLAGS: 0000000000010206 CONTEXT: hypervisor (d0v23) [...] Xen call trace: [] R arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x63a [] S xsm/flask/hooks.c#domain_has_perm+0x5a/0x67 [] F paging_domctl+0x251/0xd41 [] F paging_domctl_continuation+0x19d/0x202 [] F pv_hypercall+0x150/0x2a7 [] F lstar_enter+0x12d/0x140 Such assert triggered because the stubdom used XEN_DMOP_track_dirty_vram while dom0 was in the middle of executing XEN_DOMCTL_SHADOW_OP_OFF, and so log dirty become enabled while retiring the old structures, thus leading to new entries being populated in already clear slots. Fix this by not enabling log dirty for VRAM tracking, similar to what is done when using shadow instead of HAP. Call p2m_enable_hardware_log_dirty when enabling VRAM tracking in order to get some hardware assistance if available. As a side effect the memory pressure on the p2m pool should go down if only VRAM tracking is enabled, as the dirty bitmap is no longer allocated. Note that paging_log_dirty_range (used to get the dirty bitmap for VRAM tracking) doesn't use the log dirty bitmap, and instead relies on checking whether each gfn on the range has been switched from p2m_ram_logdirty to p2m_ram_rw in order to account for dirty pages. This is CVE-2022-26356 / XSA-397. Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich master commit: 4f4db53784d912c4f409a451c36ebfd4754e0a42 master date: 2022-04-05 14:11:30 +0200 --- xen/arch/x86/mm/hap/hap.c | 11 ++++------- xen/arch/x86/mm/paging.c | 2 +- xen/include/asm-x86/paging.h | 3 --- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 73575deb0d..47a7487fa7 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -69,13 +69,6 @@ int hap_track_dirty_vram(struct domain *d, { unsigned int size = DIV_ROUND_UP(nr_frames, BITS_PER_BYTE); - if ( !paging_mode_log_dirty(d) ) - { - rc = paging_log_dirty_enable(d, false); - if ( rc ) - goto out; - } - rc = -ENOMEM; dirty_bitmap = vzalloc(size); if ( !dirty_bitmap ) @@ -107,6 +100,10 @@ int hap_track_dirty_vram(struct domain *d, paging_unlock(d); + domain_pause(d); + p2m_enable_hardware_log_dirty(d); + domain_unpause(d); + if ( oend > ostart ) p2m_change_type_range(d, ostart, oend, p2m_ram_logdirty, p2m_ram_rw); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index dd6b2bdf6f..97ac9ccf59 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -211,7 +211,7 @@ static int paging_free_log_dirty_bitmap(struct domain *d, int rc) return rc; } -int paging_log_dirty_enable(struct domain *d, bool log_global) +static int paging_log_dirty_enable(struct domain *d, bool log_global) { int ret; diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h index 996c2cd038..27890791d8 100644 --- a/xen/include/asm-x86/paging.h +++ b/xen/include/asm-x86/paging.h @@ -162,9 +162,6 @@ void paging_log_dirty_range(struct domain *d, unsigned long nr, uint8_t *dirty_bitmap); -/* enable log dirty */ -int paging_log_dirty_enable(struct domain *d, bool log_global); - /* log dirty initialization */ void paging_log_dirty_init(struct domain *d, const struct log_dirty_ops *ops); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 06:00:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 06:00:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299500.510301 (Exim 4.92) (envelope-from ) id 1nbyiF-0007qQ-0s; Wed, 06 Apr 2022 06:00:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299500.510301; Wed, 06 Apr 2022 06:00:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyiE-0007qB-Rv; Wed, 06 Apr 2022 06:00:14 +0000 Received: by outflank-mailman (input) for mailman id 299500; Wed, 06 Apr 2022 06:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyiC-0007pm-Jv for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyiC-0004jJ-J3 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyiC-0006ip-I2 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JCy/V3GBbUbbkpUHE7gpsaC5FzDAR9BB4+Lpho8P/Lg=; b=JgeBMEj7ppYO2ECi/YNpmsTEFl SgyXiqLgc9blvsPT4YXUgq5m9oMSc3GW18xYVBurl9yNXtfXFxTzvrJadWw0wWx8ktid+iSIgt6Ue idcwbxQEDXkvaGQM2Oj829LZVT1SvTHT7qMrKUD+Ssv44uury+H0zWNbCH4hIaCUiz3c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] VT-d: correct ordering of operations in cleanup_domid_map() Message-Id: Date: Wed, 06 Apr 2022 06:00:12 +0000 commit 0e754e07b00f3ad644a3c05f85702bce8b4c0d5c Author: Jan Beulich AuthorDate: Tue Apr 5 14:43:57 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:43:57 2022 +0200 VT-d: correct ordering of operations in cleanup_domid_map() The function may be called without any locks held (leaving aside the domctl one, which we surely don't want to depend on here), so needs to play safe wrt other accesses to domid_map[] and domid_bitmap[]. This is to avoid context_set_domain_id()'s writing of domid_map[] to be reset to zero right away in the case of it racing the freeing of a DID. For the interaction with context_set_domain_id() and did_to_domain_id() see the code comment. {check_,}cleanup_domid_map() are called with pcidevs_lock held or during domain cleanup only (and pcidevs_lock is also held around context_set_domain_id()), i.e. racing calls with the same (dom, iommu) tuple cannot occur. domain_iommu_domid(), besides its use by cleanup_domid_map(), has its result used only to control flushing, and hence a stale result would only lead to a stray extra flush. This is CVE-2022-26357 / XSA-399. Fixes: b9c20c78789f ("VT-d: per-iommu domain-id") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: d9eca7bb6c6636eb87bb17b08ba7de270f47ecd0 master date: 2022-04-05 14:12:27 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index ead12db6a4..a1645d3372 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -152,8 +152,14 @@ static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) if ( iommu_domid >= 0 ) { + /* + * Update domid_map[] /before/ domid_bitmap[] to avoid a race with + * context_set_domain_id(), setting the slot to DOMID_INVALID for + * ->domid_map[] reads to produce a suitable value while the bit is + * still set. + */ + iommu->domid_map[iommu_domid] = DOMID_INVALID; clear_bit(iommu_domid, iommu->domid_bitmap); - iommu->domid_map[iommu_domid] = 0; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 06:00:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 06:00:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299501.510305 (Exim 4.92) (envelope-from ) id 1nbyiO-0007ta-0J; Wed, 06 Apr 2022 06:00:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299501.510305; Wed, 06 Apr 2022 06:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyiN-0007tO-TQ; Wed, 06 Apr 2022 06:00:23 +0000 Received: by outflank-mailman (input) for mailman id 299501; Wed, 06 Apr 2022 06:00:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyiM-0007tE-N1 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyiM-0004js-M9 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyiM-0006jW-LM for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rvKdk7+T3PNPvw477opyfbfTEv3dNW72I2HvGrMpezU=; b=wl7+hnahwmdNxgqgCNCgY5h1I5 HKinmxYl45OL+Lp1t77JAhJR4k8ZAYTZwoQ/zy2GJwBCnC0tcnnzar2ryJtvfFjsEsLI1tyQjfTak 4RxfsXKDWUwRa6PYf993grOfoS2zXSla3Onza7Q29VpwrC5FDbpw90JnKYiHAWkg8hkw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] VT-d: fix (de)assign ordering when RMRRs are in use Message-Id: Date: Wed, 06 Apr 2022 06:00:22 +0000 commit 2c0e367013f7f17753b48f2bd5ed34d85dcb8881 Author: Jan Beulich AuthorDate: Tue Apr 5 14:44:14 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:44:14 2022 +0200 VT-d: fix (de)assign ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully updated. Also adjust a related log message. This is CVE-2022-26358 / part of XSA-400. Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: 78a40f8b5dfa1a3aec43528663f39473d4429101 master date: 2022-04-05 14:15:33 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 56 ++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index a1645d3372..5e3740feb6 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2419,6 +2419,10 @@ static int reassign_device_ownership( { int ret; + ret = domain_context_unmap(source, devfn, pdev); + if ( ret ) + return ret; + /* * Devices assigned to untrusted domains (here assumed to be any domU) * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected @@ -2455,10 +2459,6 @@ static int reassign_device_ownership( } } - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; - if ( devfn == pdev->devfn && pdev->domain != dom_io ) { list_move(&pdev->domain_list, &dom_io->pdev_list); @@ -2534,9 +2534,8 @@ static int intel_iommu_assign_device( } } - ret = reassign_device_ownership(s, d, devfn, pdev); - if ( ret || d == dom_io ) - return ret; + if ( d == dom_io ) + return reassign_device_ownership(s, d, devfn, pdev); /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) @@ -2549,20 +2548,37 @@ static int intel_iommu_assign_device( rmrr->end_address, flag); if ( ret ) { - int rc; - - rc = reassign_device_ownership(d, s, devfn, pdev); printk(XENLOG_G_ERR VTDPREFIX - " cannot map reserved region (%"PRIx64",%"PRIx64"] for Dom%d (%d)\n", - rmrr->base_address, rmrr->end_address, - d->domain_id, ret); - if ( rc ) - { - printk(XENLOG_ERR VTDPREFIX - " failed to reclaim %pp from %pd (%d)\n", - &PCI_SBDF3(seg, bus, devfn), d, rc); - domain_crash(d); - } + "%pd: cannot map reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, ret); + break; + } + } + } + + if ( !ret ) + ret = reassign_device_ownership(s, d, devfn, pdev); + + /* See reassign_device_ownership() for the hwdom aspect. */ + if ( !ret || is_hardware_domain(d) ) + return ret; + + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment == seg && + PCI_BUS(bdf) == bus && + PCI_DEVFN2(bdf) == devfn ) + { + int rc = iommu_identity_mapping(d, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); + + if ( rc && rc != -ENOENT ) + { + printk(XENLOG_ERR VTDPREFIX + "%pd: cannot unmap reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, rc); + domain_crash(d); break; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 06:00:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 06:00:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299502.510309 (Exim 4.92) (envelope-from ) id 1nbyiY-0007xm-1e; Wed, 06 Apr 2022 06:00:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299502.510309; Wed, 06 Apr 2022 06:00:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyiX-0007xe-V3; Wed, 06 Apr 2022 06:00:33 +0000 Received: by outflank-mailman (input) for mailman id 299502; Wed, 06 Apr 2022 06:00:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyiW-0007xL-Q1 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyiW-0004k8-PD for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyiW-0006k9-OM for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zVbenqG/mfsLpHCpG5GRUl/q5yUmxg/G/KXY21P9pak=; b=DURo9ccXin0mAHMDoUSWY1/IMP SAFmHIi6tXeaeHAg42Y/pAV1FAyOkE93DiRGUYXdS+uErdDXEO1iuvnRoPZ4dXS7egExKZwIvjRED qOPxlREItc65oy9dkCEBE6EOYfTsE6Tw2gLctMV1wq5aW13Zsr42JvJ33Huhstcyncsk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] VT-d: fix add/remove ordering when RMRRs are in use Message-Id: Date: Wed, 06 Apr 2022 06:00:32 +0000 commit cf0dc7379b9e2aa5f4b3983d81c6e2ed9811c34f Author: Jan Beulich AuthorDate: Tue Apr 5 14:44:53 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:44:53 2022 +0200 VT-d: fix add/remove ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully cleared. Also switch to %pd in related log messages. Fixes: fa88cfadf918 ("vt-d: Map RMRR in intel_iommu_add_device() if the device has RMRR") Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 3221f270cf2eba0a22fd4f92319d664eacb92889 master date: 2022-04-05 14:16:10 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 5e3740feb6..19696a8818 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1997,14 +1997,6 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - ret = domain_context_mapping(pdev->domain, devfn, pdev); - if ( ret ) - { - dprintk(XENLOG_ERR VTDPREFIX, "d%d: context mapping failed\n", - pdev->domain->domain_id); - return ret; - } - for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment == pdev->seg && @@ -2021,12 +2013,17 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) rmrr->base_address, rmrr->end_address, 0); if ( ret ) - dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", - pdev->domain->domain_id); + dprintk(XENLOG_ERR VTDPREFIX, "%pd: RMRR mapping failed\n", + pdev->domain); } } - return 0; + ret = domain_context_mapping(pdev->domain, devfn, pdev); + if ( ret ) + dprintk(XENLOG_ERR VTDPREFIX, "%pd: context mapping failed\n", + pdev->domain); + + return ret; } static int intel_iommu_enable_device(struct pci_dev *pdev) @@ -2048,11 +2045,15 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; - int i; + int ret, i; if ( !pdev->domain ) return -EINVAL; + ret = domain_context_unmap(pdev->domain, devfn, pdev); + if ( ret ) + return ret; + for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment != pdev->seg || @@ -2068,7 +2069,7 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } - return domain_context_unmap(pdev->domain, devfn, pdev); + return 0; } static int __hwdom_init setup_hwdom_device(u8 devfn, struct pci_dev *pdev) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 06:00:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 06:00:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299503.510312 (Exim 4.92) (envelope-from ) id 1nbyij-00082Q-3S; Wed, 06 Apr 2022 06:00:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299503.510312; Wed, 06 Apr 2022 06:00:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyij-00082I-0S; Wed, 06 Apr 2022 06:00:45 +0000 Received: by outflank-mailman (input) for mailman id 299503; Wed, 06 Apr 2022 06:00:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyig-00081y-TT for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyig-0004kI-Sc for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyig-0006kj-Rj for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9beyjWt3XuInocpB/m+qKkwm8AS1MnXUnowwHFzJc28=; b=k8AcP8gczIilHwCbjo2yi41sch Yvz1unaoOX0KU0L4cTq7vvL2oaPaOFoF3vlBJXgp53HtpK/mlXeqEv/+Lc3iPVjQB3U6IhYZY/f6E 8sHUV1Y4rJyFfcaM7vwrAfS2Tj0s05A0GHi3c5yeqwLiP1ARhBziI0OK7UJYPc7oPRwc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter Message-Id: Date: Wed, 06 Apr 2022 06:00:42 +0000 commit e0bd36c36ae1088b6687da7351a035b6d9a02940 Author: Jan Beulich AuthorDate: Tue Apr 5 14:45:29 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:45:29 2022 +0200 IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter This is to make more obvious that nothing outside of domain_iommu(d) actually changes or is otherwise needed by the function. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: eba09b9dd78f9e8cbaa78ef0edb301b32def2c7a master date: 2022-04-05 14:16:46 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 10 +++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 8 ++++---- xen/drivers/passthrough/x86/iommu.c | 3 +-- xen/include/asm-x86/iommu.h | 3 ++- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index b0330157ea..8f9be319ad 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -184,7 +184,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, unsigned long next_table_mfn; unsigned int level; struct page_info *table; - const struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(d); table = hd->arch.amd.root_table; level = hd->arch.amd.paging_mode; @@ -219,7 +219,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, mfn = next_table_mfn; /* allocate lower level page table */ - table = iommu_alloc_pgtable(d); + table = iommu_alloc_pgtable(hd); if ( table == NULL ) { AMD_IOMMU_ERROR("cannot allocate I/O page table\n"); @@ -249,7 +249,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, if ( next_table_mfn == 0 ) { - table = iommu_alloc_pgtable(d); + table = iommu_alloc_pgtable(hd); if ( table == NULL ) { AMD_IOMMU_ERROR("cannot allocate I/O page table\n"); @@ -553,7 +553,7 @@ int __init amd_iommu_quarantine_init(struct domain *d) spin_lock(&hd->arch.mapping_lock); - hd->arch.amd.root_table = iommu_alloc_pgtable(d); + hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) goto out; @@ -568,7 +568,7 @@ int __init amd_iommu_quarantine_init(struct domain *d) * page table pages, and the resulting allocations are always * zeroed. */ - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); if ( !pg ) break; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 9642bba43a..31e8c5dd3d 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -242,7 +242,7 @@ int amd_iommu_alloc_root(struct domain *d) if ( unlikely(!hd->arch.amd.root_table) ) { - hd->arch.amd.root_table = iommu_alloc_pgtable(d); + hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) return -ENOMEM; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 19696a8818..1b04a261f2 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -330,7 +330,7 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) { struct page_info *pg; - if ( !alloc || !(pg = iommu_alloc_pgtable(domain)) ) + if ( !alloc || !(pg = iommu_alloc_pgtable(hd)) ) goto out; hd->arch.vtd.pgd_maddr = page_to_maddr(pg); @@ -350,7 +350,7 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) if ( !alloc ) break; - pg = iommu_alloc_pgtable(domain); + pg = iommu_alloc_pgtable(hd); if ( !pg ) break; @@ -2766,7 +2766,7 @@ static int __init intel_iommu_quarantine_init(struct domain *d) goto out; } - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); rc = -ENOMEM; if ( !pg ) @@ -2785,7 +2785,7 @@ static int __init intel_iommu_quarantine_init(struct domain *d) * page table pages, and the resulting allocations are always * zeroed. */ - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); if ( !pg ) goto out; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index b2284ae001..295d853003 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -416,9 +416,8 @@ int iommu_free_pgtables(struct domain *d) return 0; } -struct page_info *iommu_alloc_pgtable(struct domain *d) +struct page_info *iommu_alloc_pgtable(struct domain_iommu *hd) { - struct domain_iommu *hd = dom_iommu(d); unsigned int memflags = 0; struct page_info *pg; void *p; diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index de46149b40..cb794fe1ef 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -142,7 +142,8 @@ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, }) int __must_check iommu_free_pgtables(struct domain *d); -struct page_info *__must_check iommu_alloc_pgtable(struct domain *d); +struct domain_iommu; +struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); #endif /* !__ARCH_X86_IOMMU_H__ */ /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 06:00:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 06:00:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299504.510318 (Exim 4.92) (envelope-from ) id 1nbyis-00085r-6o; Wed, 06 Apr 2022 06:00:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299504.510318; Wed, 06 Apr 2022 06:00:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyis-00085j-3Y; Wed, 06 Apr 2022 06:00:54 +0000 Received: by outflank-mailman (input) for mailman id 299504; Wed, 06 Apr 2022 06:00:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyir-00085Z-0g for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyiq-0004kY-W2 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyiq-0006lF-V4 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:00:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=09SvAfLNwsTCqeDzGF1ZUUjF4UbrnhXVMX2uLuwz8xQ=; b=xMmpgHIy8O0utij7QLX8IJIYSm 640eLOm7asOIZHNdOUZfwvPaAQ9BZT8LiAelfCV4G2pmFwK0gCL8S7QUXqo+CMWIi2lYSbx+3H4mq fY4wYynNJNJt/k2bLBQPACxdTlA268yU/QiwW38H2XJsIsh0iJAHuJIi2Uf+75/LUCX4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] VT-d: drop ownership checking from domain_context_mapping_one() Message-Id: Date: Wed, 06 Apr 2022 06:00:52 +0000 commit 840920147f5a32bf329bfcfb4f205154cf43964f Author: Jan Beulich AuthorDate: Tue Apr 5 14:46:03 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:46:03 2022 +0200 VT-d: drop ownership checking from domain_context_mapping_one() Despite putting in quite a bit of effort it was not possible to establish why exactly this code exists (beyond possibly sanity checking). Instead of a subsequent change further complicating this logic, simply get rid of it. Take the opportunity and move the respective unmap_vtd_domain_page() out of the locked region. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: a680b8134b2d1828bbbf443a97feea66e8a85c75 master date: 2022-04-05 14:17:21 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 61 ++----------------------------------- 1 file changed, 2 insertions(+), 59 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 1b04a261f2..3fd96dc312 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -124,28 +124,6 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static int context_get_domain_id(struct context_entry *context, - struct vtd_iommu *iommu) -{ - unsigned long dom_index, nr_dom; - int domid = -1; - - if (iommu && context) - { - nr_dom = cap_ndoms(iommu->cap); - - dom_index = context_domain_id(*context); - - if ( dom_index < nr_dom && iommu->domid_map ) - domid = iommu->domid_map[dom_index]; - else - dprintk(XENLOG_DEBUG VTDPREFIX, - "dom_index %lu exceeds nr_dom %lu or iommu has no domid_map\n", - dom_index, nr_dom); - } - return domid; -} - static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) { int iommu_domid = domain_iommu_domid(domain, iommu); @@ -1416,44 +1394,9 @@ int domain_context_mapping_one( if ( context_present(*context) ) { - int res = 0; - - /* Try to get domain ownership from device structure. If that's - * not available, try to read it from the context itself. */ - if ( pdev ) - { - if ( pdev->domain != domain ) - { - printk(XENLOG_G_INFO VTDPREFIX "%pd: %pp owned by %pd", - domain, &PCI_SBDF3(seg, bus, devfn), - pdev->domain); - res = -EINVAL; - } - } - else - { - int cdomain; - cdomain = context_get_domain_id(context, iommu); - - if ( cdomain < 0 ) - { - printk(XENLOG_G_WARNING VTDPREFIX - "%pd: %pp mapped, but can't find owner\n", - domain, &PCI_SBDF3(seg, bus, devfn)); - res = -EINVAL; - } - else if ( cdomain != domain->domain_id ) - { - printk(XENLOG_G_INFO VTDPREFIX - "%pd: %pp already mapped to d%d", - domain, &PCI_SBDF3(seg, bus, devfn), cdomain); - res = -EINVAL; - } - } - - unmap_vtd_domain_page(context_entries); spin_unlock(&iommu->lock); - return res; + unmap_vtd_domain_page(context_entries); + return 0; } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 06:01:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 06:01:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299505.510321 (Exim 4.92) (envelope-from ) id 1nbyj2-00088c-8R; Wed, 06 Apr 2022 06:01:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299505.510321; Wed, 06 Apr 2022 06:01:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyj2-00088T-51; Wed, 06 Apr 2022 06:01:04 +0000 Received: by outflank-mailman (input) for mailman id 299505; Wed, 06 Apr 2022 06:01:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyj1-00088E-3w for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyj1-0004kv-34 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyj1-0006m6-2E for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r4iPWPFlgvcLydd6TGfTgXPRbRSUYRzmCD2lQkzTH+0=; b=nTvU+TwmXJqqBqQ7i1AlelMZiB 1mlS3mVsuGRa3O8431dwFxuA5A2pdwjqdMND7pFAh13fbOUqGYXdKE4Vo08x6Plp8TJeWsWadMi52 C7TMgWEr5dSLC+XMCv7F/0h6ffASuDcyJYxKsBQvu6UT5JZO8Mb9D3wgrY3zxHN7AjKA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] VT-d: re-assign devices directly Message-Id: Date: Wed, 06 Apr 2022 06:01:03 +0000 commit e579153bfe650d533525e46709a2ed6610303dfb Author: Jan Beulich AuthorDate: Tue Apr 5 14:46:45 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:46:45 2022 +0200 VT-d: re-assign devices directly Devices with RMRRs, due to it being unspecified how/when the specified memory regions may get accessed, may not be left disconnected from their respective mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than unmapping the old context and then mapping the new one, re-assignment needs to be done in a single step. This is CVE-2022-26359 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any RMRRs. The main difference is when it comes to updating context entries, which need to be atomic when there are RMRRs. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. The seemingly complicated choice of non-negative return values for domain_context_mapping_one() is to limit code churn: This way callers passing NULL for pdev don't need fiddling with. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 8f41e481b4852173909363b88c1ab3da747d3a05 master date: 2022-04-05 14:17:42 +0200 --- xen/drivers/passthrough/vtd/extern.h | 7 +- xen/drivers/passthrough/vtd/iommu.c | 280 +++++++++++++++++++++++++++-------- xen/drivers/passthrough/vtd/iommu.h | 8 +- xen/drivers/passthrough/vtd/quirks.c | 14 +- xen/drivers/passthrough/vtd/vtd.h | 10 +- 5 files changed, 241 insertions(+), 78 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 6fb00a25c3..d125bdba0e 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -84,7 +84,8 @@ void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(const void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *); + uint8_t bus, uint8_t devfn, + const struct pci_dev *pdev, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, u8 bus, u8 devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); @@ -104,8 +105,8 @@ bool is_azalia_tlb_enabled(const struct acpi_drhd_unit *); void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); -int __must_check me_wifi_quirk(struct domain *domain, - u8 bus, u8 devfn, int map); +int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, + uint8_t devfn, unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 3fd96dc312..bd9687be1d 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -120,6 +120,7 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; return 0; } @@ -1371,15 +1372,27 @@ static void __hwdom_init intel_iommu_hwdom_init(struct domain *d) } } +/* + * This function returns + * - a negative errno value upon error, + * - zero upon success when previously the entry was non-present, or this isn't + * the "main" request for a device (pdev == NULL), or for no-op quarantining + * assignments, + * - positive (one) upon success when previously the entry was present and this + * is the "main" request for a device (pdev != NULL). + */ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *pdev) + uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, + unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); - struct context_entry *context, *context_entries; + struct context_entry *context, *context_entries, lctxt; + __uint128_t old; u64 maddr, pgd_maddr; - u16 seg = iommu->drhd->segment; + uint16_t seg = iommu->drhd->segment, prev_did = 0; + struct domain *prev_dom = NULL; int rc, ret; bool_t flush_dev_iotlb; @@ -1391,17 +1404,32 @@ int domain_context_mapping_one( maddr = bus_to_context_maddr(iommu, bus); context_entries = (struct context_entry *)map_vtd_domain_page(maddr); context = &context_entries[devfn]; + old = (lctxt = *context).full; - if ( context_present(*context) ) + if ( context_present(lctxt) ) { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return 0; + domid_t domid; + + prev_did = context_domain_id(lctxt); + domid = iommu->domid_map[prev_did]; + if ( domid < DOMID_FIRST_RESERVED ) + prev_dom = rcu_lock_domain_by_id(domid); + else if ( domid == DOMID_IO ) + prev_dom = rcu_lock_domain(dom_io); + if ( !prev_dom ) + { + spin_unlock(&iommu->lock); + unmap_vtd_domain_page(context_entries); + dprintk(XENLOG_DEBUG VTDPREFIX, + "no domain for did %u (nr_dom %u)\n", + prev_did, cap_ndoms(iommu->cap)); + return -ESRCH; + } } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) { - context_set_translation_type(*context, CONTEXT_TT_PASS_THRU); + context_set_translation_type(lctxt, CONTEXT_TT_PASS_THRU); } else { @@ -1413,36 +1441,107 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -ENOMEM; } - context_set_address_root(*context, pgd_maddr); + context_set_address_root(lctxt, pgd_maddr); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) - context_set_translation_type(*context, CONTEXT_TT_DEV_IOTLB); + context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else - context_set_translation_type(*context, CONTEXT_TT_MULTI_LEVEL); + context_set_translation_type(lctxt, CONTEXT_TT_MULTI_LEVEL); spin_unlock(&hd->arch.mapping_lock); } - if ( context_set_domain_id(context, domain, iommu) ) + if ( context_set_domain_id(&lctxt, domain, iommu) ) { + unlock: spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -EFAULT; } - context_set_address_width(*context, level_to_agaw(iommu->nr_pt_levels)); - context_set_fault_enable(*context); - context_set_present(*context); + if ( !prev_dom ) + { + context_set_address_width(lctxt, level_to_agaw(iommu->nr_pt_levels)); + context_set_fault_enable(lctxt); + context_set_present(lctxt); + } + else if ( prev_dom == domain ) + { + ASSERT(lctxt.full == context->full); + rc = !!pdev; + goto unlock; + } + else + { + ASSERT(context_address_width(lctxt) == + level_to_agaw(iommu->nr_pt_levels)); + ASSERT(!context_fault_disable(lctxt)); + } + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(context, &old, &lctxt.full); + + /* + * Hardware does not update the context entry behind our backs, + * so the return value should match "old". + */ + if ( res != old ) + { + if ( pdev ) + check_cleanup_domid_map(domain, pdev, iommu); + printk(XENLOG_ERR + "%pp: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + rc = -EILSEQ; + goto unlock; + } + } + else if ( !prev_dom || !(mode & MAP_WITH_RMRR) ) + { + context_clear_present(*context); + iommu_sync_cache(context, sizeof(*context)); + + write_atomic(&context->hi, lctxt.hi); + /* No barrier should be needed between these two. */ + write_atomic(&context->lo, lctxt.lo); + } + else /* Best effort, updating DID last. */ + { + /* + * By non-atomically updating the context entry's DID field last, + * during a short window in time TLB entries with the old domain ID + * but the new page tables may be inserted. This could affect I/O + * of other devices using this same (old) domain ID. Such updating + * therefore is not a problem if this was the only device associated + * with the old domain ID. Diverting I/O of any of a dying domain's + * devices to the quarantine page tables is intended anyway. + */ + if ( !(mode & (MAP_OWNER_DYING | MAP_SINGLE_DEVICE)) ) + printk(XENLOG_WARNING VTDPREFIX + " %pp: reassignment may cause %pd data corruption\n", + &PCI_SBDF3(seg, bus, devfn), prev_dom); + + write_atomic(&context->lo, lctxt.lo); + /* No barrier should be needed between these two. */ + write_atomic(&context->hi, lctxt.hi); + } + iommu_sync_cache(context, sizeof(struct context_entry)); spin_unlock(&iommu->lock); - /* Context entry was previously non-present (with domid 0). */ - rc = iommu_flush_context_device(iommu, 0, PCI_BDF2(bus, devfn), - DMA_CCMD_MASK_NOBIT, 1); + rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF2(bus, devfn), + DMA_CCMD_MASK_NOBIT, !prev_dom); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - ret = iommu_flush_iotlb_dsi(iommu, 0, 1, flush_dev_iotlb); + ret = iommu_flush_iotlb_dsi(iommu, prev_did, !prev_dom, flush_dev_iotlb); /* * The current logic for returns: @@ -1463,17 +1562,26 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, MAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, mode); if ( rc ) { - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + if ( !prev_dom ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); + else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + mode & MAP_WITH_RMRR) < 0; + else + ret = 1; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); } - return rc; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + + return rc ?: pdev && prev_dom; } static int domain_context_unmap(struct domain *d, uint8_t devfn, @@ -1483,8 +1591,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + const struct acpi_rmrr_unit *rmrr; int ret = 0; - uint16_t seg = pdev->seg; + unsigned int i, mode = 0; + uint16_t seg = pdev->seg, bdf; uint8_t bus = pdev->bus, secbus; /* @@ -1500,8 +1610,29 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, ASSERT(pcidevs_locked()); + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment != pdev->seg || bdf != pdev->sbdf.bdf ) + continue; + + mode |= MAP_WITH_RMRR; + break; + } + + if ( domain != pdev->domain ) + { + if ( pdev->domain->is_dying ) + mode |= MAP_OWNER_DYING; + else if ( drhd && + !any_pdev_behind_iommu(pdev->domain, pdev, drhd->iommu) && + !pdev->phantom_stride ) + mode |= MAP_SINGLE_DEVICE; + } + switch ( pdev->type ) { + bool prev_present; + case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "%pd:Hostbridge: skip %pp map\n", @@ -1523,7 +1654,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); + pdev, mode); + if ( ret > 0 ) + ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) enable_ats_device(pdev, &drhd->iommu->ats_devices); @@ -1538,9 +1671,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); - if ( ret ) + pdev, mode); + if ( ret < 0 ) break; + prev_present = ret; if ( (ret = find_upstream_bridge(seg, &bus, &devfn, &secbus)) < 1 ) { @@ -1548,6 +1682,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; ret = -ENXIO; } + /* + * Strictly speaking if the device is the only one behind this bridge + * and the only one with this (secbus,0,0) tuple, it could be allowed + * to be re-assigned regardless of RMRR presence. But let's deal with + * that case only if it is actually found in the wild. + */ + else if ( prev_present && (mode & MAP_WITH_RMRR) && + domain != pdev->domain ) + ret = -EOPNOTSUPP; /* * Mapping a bridge should, if anything, pass the struct pci_dev of @@ -1556,7 +1699,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL); + NULL, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1571,10 +1714,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL); + NULL, mode); if ( ret ) - domain_context_unmap(domain, devfn, pdev); + { + if ( !prev_present ) + domain_context_unmap(domain, devfn, pdev); + else if ( pdev->domain != domain ) /* Avoid infinite recursion. */ + domain_context_mapping(pdev->domain, devfn, pdev); + } break; @@ -2363,17 +2511,46 @@ static int reassign_device_ownership( { int ret; - ret = domain_context_unmap(source, devfn, pdev); + if ( !QUARANTINE_SKIP(target) ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_assign(target); + + /* + * Devices assigned to untrusted domains (here assumed to be any domU) + * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected + * by the root complex unless interrupt remapping is enabled. + */ + if ( (target != hardware_domain) && !iommu_intremap ) + untrusted_msi = true; + + ret = domain_context_mapping(target, devfn, pdev); + + if ( !ret && !QUARANTINE_SKIP(source) && pdev->devfn == devfn ) + { + const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + + if ( drhd ) + check_cleanup_domid_map(source, pdev, drhd->iommu); + } + } + else + ret = domain_context_unmap(source, devfn, pdev); if ( ret ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_deassign(target); return ret; + } - /* - * Devices assigned to untrusted domains (here assumed to be any domU) - * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected - * by the root complex unless interrupt remapping is enabled. - */ - if ( (target != hardware_domain) && !iommu_intremap ) - untrusted_msi = true; + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + + if ( !has_arch_pdevs(source) ) + vmx_pi_hooks_deassign(source); /* * If the device belongs to the hardware domain, and it has RMRR, don't @@ -2403,34 +2580,7 @@ static int reassign_device_ownership( } } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - if ( !has_arch_pdevs(source) ) - vmx_pi_hooks_deassign(source); - - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_assign(target); - - ret = domain_context_mapping(target, devfn, pdev); - if ( ret ) - { - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_deassign(target); - - return ret; - } - - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - - return ret; + return 0; } static int intel_iommu_assign_device( diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index ee28ecac6d..2e4d39cc61 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -202,8 +202,12 @@ struct root_entry { do {(root).val |= ((value) & PAGE_MASK_4K);} while(0) struct context_entry { - u64 lo; - u64 hi; + union { + struct { + uint64_t lo, hi; + }; + __uint128_t full; + }; }; #define ROOT_ENTRY_NR (PAGE_SIZE_4K/sizeof(struct root_entry)) #define context_present(c) ((c).lo & 1) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 52b47dd893..90331b7dd4 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -407,7 +407,8 @@ void __init platform_quirks_init(void) */ static int __must_check map_me_phantom_function(struct domain *domain, - u32 dev, int map) + unsigned int dev, + unsigned int mode) { struct acpi_drhd_unit *drhd; struct pci_dev *pdev; @@ -418,9 +419,9 @@ static int __must_check map_me_phantom_function(struct domain *domain, drhd = acpi_find_matched_drhd_unit(pdev); /* map or unmap ME phantom function */ - if ( map ) + if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL); + PCI_DEVFN(dev, 7), NULL, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, PCI_DEVFN(dev, 7)); @@ -428,7 +429,8 @@ static int __must_check map_me_phantom_function(struct domain *domain, return rc; } -int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) +int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, + unsigned int mode) { u32 id; int rc = 0; @@ -452,7 +454,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, map); + rc = map_me_phantom_function(domain, 3, mode); break; default: break; @@ -478,7 +480,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, map); + rc = map_me_phantom_function(domain, 22, mode); break; default: break; diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index bb8889f350..e4ab242fee 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -22,8 +22,14 @@ #include -#define MAP_ME_PHANTOM_FUNC 1 -#define UNMAP_ME_PHANTOM_FUNC 0 +/* + * Values for domain_context_mapping_one()'s and me_wifi_quirk()'s "mode" + * parameters. + */ +#define MAP_WITH_RMRR (1u << 0) +#define MAP_OWNER_DYING (1u << 1) +#define MAP_SINGLE_DEVICE (1u << 2) +#define UNMAP_ME_PHANTOM_FUNC (1u << 3) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 06:01:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 06:01:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299506.510325 (Exim 4.92) (envelope-from ) id 1nbyjC-0008BO-9n; Wed, 06 Apr 2022 06:01:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299506.510325; Wed, 06 Apr 2022 06:01:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjC-0008BG-6h; Wed, 06 Apr 2022 06:01:14 +0000 Received: by outflank-mailman (input) for mailman id 299506; Wed, 06 Apr 2022 06:01:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjB-0008Ax-6r for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjB-0004l5-60 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyjB-0006md-5M for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=e7Gf0DeDE9CNCDnHiSWMhXgkEUwnCnGZxFxC5Z/t8wA=; b=PfvvCQc2bDRQlNDjaneG7ugvVD bz4LvsxsqX4S/R4vf6Out/gGR+aMT4/a8JQCkMmt6E43RitMkjxWB/5c0rc6idJuvbqcpGaatiPrR GrD779vTMsXRt+y6pMTdnO3KyHqVuyK4WXOoz0+LGYuZhtrcUfvrgJ206umOVbkePcTQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] AMD/IOMMU: re-assign devices directly Message-Id: Date: Wed, 06 Apr 2022 06:01:13 +0000 commit 81717050857b002ccd30f5476d179e3173707047 Author: Jan Beulich AuthorDate: Tue Apr 5 14:47:05 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:47:05 2022 +0200 AMD/IOMMU: re-assign devices directly Devices with unity map ranges, due to it being unspecified how/when these memory ranges may get accessed, may not be left disconnected from their unity mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than tearing down the old root page table pointer and then establishing the new one, re-assignment needs to be done in a single step. This is CVE-2022-26360 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any unity map ranges. The main difference is when it comes to updating DTEs, which need to be atomic when there are unity mappings. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© master commit: 1fa6e9aa36233fe9c29a204fcb2697e985b8345f master date: 2022-04-05 14:18:04 +0200 --- xen/drivers/passthrough/amd/iommu.h | 10 +- xen/drivers/passthrough/amd/iommu_map.c | 67 ++++++++++++- xen/drivers/passthrough/amd/pci_amd_iommu.c | 142 ++++++++++++++++++++++------ 3 files changed, 184 insertions(+), 35 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 93243424e8..2e1bd85e7c 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -262,9 +262,13 @@ void amd_iommu_set_intremap_table(struct amd_iommu_dte *dte, const void *ptr, const struct amd_iommu *iommu, bool valid); -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid); +#define SET_ROOT_VALID (1u << 0) +#define SET_ROOT_WITH_UNITY_MAP (1u << 1) +int __must_check amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, + uint16_t domain_id, + uint8_t paging_mode, + unsigned int flags); void iommu_dte_add_device_entry(struct amd_iommu_dte *dte, const struct ivrs_mappings *ivrs_dev); diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 8f9be319ad..cfa5371148 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -114,10 +114,69 @@ static unsigned int set_iommu_ptes_present(unsigned long pt_mfn, return flush_flags; } -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid) +/* + * This function returns + * - -errno for errors, + * - 0 for a successful update, atomic when necessary + * - 1 for a successful but non-atomic update, which may need to be warned + * about by the caller. + */ +int amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, uint16_t domain_id, + uint8_t paging_mode, unsigned int flags) { + bool valid = flags & SET_ROOT_VALID; + + if ( dte->v && dte->tv && + (cpu_has_cx16 || (flags & SET_ROOT_WITH_UNITY_MAP)) ) + { + union { + struct amd_iommu_dte dte; + uint64_t raw64[4]; + __uint128_t raw128[2]; + } ldte = { .dte = *dte }; + __uint128_t old = ldte.raw128[0]; + int ret = 0; + + ldte.dte.domain_id = domain_id; + ldte.dte.pt_root = paddr_to_pfn(root_ptr); + ldte.dte.iw = true; + ldte.dte.ir = true; + ldte.dte.paging_mode = paging_mode; + ldte.dte.v = valid; + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(dte, &old, &ldte.raw128[0]); + + /* + * Hardware does not update the DTE behind our backs, so the + * return value should match "old". + */ + if ( res != old ) + { + printk(XENLOG_ERR + "Dom%d: unexpected DTE %016lx_%016lx (expected %016lx_%016lx)\n", + domain_id, + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + ret = -EILSEQ; + } + } + else /* Best effort, updating domain_id last. */ + { + uint64_t *ptr = (void *)dte; + + write_atomic(ptr + 0, ldte.raw64[0]); + /* No barrier should be needed between these two. */ + write_atomic(ptr + 1, ldte.raw64[1]); + + ret = 1; + } + + return ret; + } + if ( valid || dte->v ) { dte->tv = false; @@ -132,6 +191,8 @@ void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, smp_wmb(); dte->tv = true; dte->v = valid; + + return 0; } void amd_iommu_set_intremap_table( diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 31e8c5dd3d..ac6a0ed199 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -96,13 +96,32 @@ static int __must_check allocate_domain_resources(struct domain *d) return rc; } +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct amd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + if ( pdev == exclude ) + continue; + + if ( find_iommu_for_device(pdev->seg, pdev->sbdf.bdf) == iommu ) + return true; + } + + return false; +} + static int __must_check amd_iommu_setup_domain_device( struct domain *domain, struct amd_iommu *iommu, uint8_t devfn, struct pci_dev *pdev) { struct amd_iommu_dte *table, *dte; unsigned long flags; - int req_id, valid = 1, rc; + unsigned int req_id, sr_flags; + int rc; u8 bus = pdev->bus; struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; @@ -116,8 +135,11 @@ static int __must_check amd_iommu_setup_domain_device( if ( rc ) return rc; - if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) - valid = 0; + req_id = get_dma_requestor_id(iommu->seg, pdev->sbdf.bdf); + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + sr_flags = (iommu_hwdom_passthrough && is_hardware_domain(domain) + ? 0 : SET_ROOT_VALID) + | (ivrs_dev->unity_map ? SET_ROOT_WITH_UNITY_MAP : 0); /* get device-table entry */ req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); @@ -130,9 +152,15 @@ static int __must_check amd_iommu_setup_domain_device( if ( !dte->v || !dte->tv ) { /* bind DTE to domain page-tables */ - amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, valid); + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + if ( rc ) + { + ASSERT(rc < 0); + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } /* Undo what amd_iommu_disable_domain_device() may have done. */ if ( dte->it_root ) @@ -152,17 +180,76 @@ static int __must_check amd_iommu_setup_domain_device( spin_unlock_irqrestore(&iommu->lock, flags); amd_iommu_flush_device(iommu, req_id); + } + else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.amd.root_table)) ) + { + /* + * Strictly speaking if the device is the only one with this requestor + * ID, it could be allowed to be re-assigned regardless of unity map + * presence. But let's deal with that case only if it is actually + * found in the wild. + */ + if ( req_id != PCI_BDF2(bus, devfn) && + (sr_flags & SET_ROOT_WITH_UNITY_MAP) ) + rc = -EOPNOTSUPP; + else + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + if ( rc < 0 ) + { + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } + if ( rc && + domain != pdev->domain && + /* + * By non-atomically updating the DTE's domain ID field last, + * during a short window in time TLB entries with the old domain + * ID but the new page tables may have been inserted. This could + * affect I/O of other devices using this same (old) domain ID. + * Such updating therefore is not a problem if this was the only + * device associated with the old domain ID. Diverting I/O of any + * of a dying domain's devices to the quarantine page tables is + * intended anyway. + */ + !pdev->domain->is_dying && + (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || + pdev->phantom_stride) ) + AMD_IOMMU_WARN(" %pp: reassignment may cause %pd data corruption\n", + &PCI_SBDF3(pdev->seg, bus, devfn), pdev->domain); + + /* + * Check remaining settings are still in place from an earlier call + * here. They're all independent of the domain, so should not have + * changed. + */ + if ( dte->it_root ) + ASSERT(dte->int_ctl == IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED); + ASSERT(dte->iv == iommu_intremap); + ASSERT(dte->ex == ivrs_dev->dte_allow_exclusion); + ASSERT(dte->sys_mgt == MASK_EXTR(ivrs_dev->device_flags, + ACPI_IVHD_SYSTEM_MGMT)); - AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " - "root table = %#"PRIx64", " - "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode); + if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && + !ivrs_dev->block_ats && + iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) + ASSERT(dte->i == ats_enabled); + + spin_unlock_irqrestore(&iommu->lock, flags); + + amd_iommu_flush_device(iommu, req_id); } else spin_unlock_irqrestore(&iommu->lock, flags); + AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " + "root table = %#"PRIx64", " + "domain = %d, paging mode = %d\n", + req_id, pdev->type, + page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode); + ASSERT(pcidevs_locked()); if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && @@ -366,7 +453,20 @@ static int reassign_device(struct domain *source, struct domain *target, return -ENODEV; } - amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + if ( !QUARANTINE_SKIP(target) ) + { + rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); + if ( rc ) + return rc; + } + else + amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } /* * If the device belongs to the hardware domain, and it has a unity mapping, @@ -382,25 +482,9 @@ static int reassign_device(struct domain *source, struct domain *target, return rc; } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); - if ( rc ) - return rc; - AMD_IOMMU_DEBUG("Re-assign %pp from dom%d to dom%d\n", &pdev->sbdf, source->domain_id, target->domain_id); - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 06:01:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 06:01:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299510.510341 (Exim 4.92) (envelope-from ) id 1nbyjM-0008Vn-Ma; Wed, 06 Apr 2022 06:01:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299510.510341; Wed, 06 Apr 2022 06:01:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjM-0008Vc-IP; Wed, 06 Apr 2022 06:01:24 +0000 Received: by outflank-mailman (input) for mailman id 299510; Wed, 06 Apr 2022 06:01:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjL-0008V3-AI for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjL-0004lb-9T for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyjL-0006nG-8T for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ALc793K1xyJS4zPnaLJVSNGuIUwlHVYf89h+DZSzCa8=; b=BZsf3eKX/S7OEcSEoACMdd0fVb t53Q399UJXJ83mC/i0c5gEe35di4hzyFKgr77ZUpY2JK3SmK2kRVr42HDHNkWdbPdsQ+D4INSj1bm lyce+8dFfe0eTwJ0ULo1hHea3qRJhgFgd4X6zzDQhzAmGSidI02SgOh8umQcfW5TxcT4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] VT-d: prepare for per-device quarantine page tables (part I) Message-Id: Date: Wed, 06 Apr 2022 06:01:23 +0000 commit 7e21a1b806494d6486bfe85b471d7bee7bcadc53 Author: Jan Beulich AuthorDate: Tue Apr 5 14:47:32 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:47:32 2022 +0200 VT-d: prepare for per-device quarantine page tables (part I) Arrange for domain ID and page table root to be passed around, the latter in particular to domain_pgd_maddr() such that taking it from the per-domain fields can be overridden. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: eb19326a328d49a6a4dc3930391b340f3bcd8948 master date: 2022-04-05 14:18:26 +0200 --- xen/drivers/passthrough/vtd/extern.h | 8 ++-- xen/drivers/passthrough/vtd/iommu.c | 76 +++++++++++++++++++++++------------- xen/drivers/passthrough/vtd/quirks.c | 13 +++--- 3 files changed, 62 insertions(+), 35 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index d125bdba0e..2f79b22a74 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -85,9 +85,10 @@ void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(const void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, - const struct pci_dev *pdev, unsigned int mode); + const struct pci_dev *pdev, domid_t domid, + paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn); + uint8_t bus, uint8_t devfn, domid_t domid); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); @@ -106,7 +107,8 @@ void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, - uint8_t devfn, unsigned int mode); + uint8_t devfn, domid_t domid, paddr_t pgd_maddr, + unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index bd9687be1d..5a64f1bd0f 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -43,7 +43,7 @@ #include "../ats.h" /* dom_io is used as a sentinel for quarantined devices */ -#define QUARANTINE_SKIP(d) ((d) == dom_io && !dom_iommu(d)->arch.vtd.pgd_maddr) +#define QUARANTINE_SKIP(d, pgd_maddr) ((d) == dom_io && !(pgd_maddr)) /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -358,15 +358,17 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) return pte_maddr; } -static uint64_t domain_pgd_maddr(struct domain *d, unsigned int nr_pt_levels) +static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, + unsigned int nr_pt_levels) { struct domain_iommu *hd = dom_iommu(d); - uint64_t pgd_maddr; unsigned int agaw; ASSERT(spin_is_locked(&hd->arch.mapping_lock)); - if ( iommu_use_hap_pt(d) ) + if ( pgd_maddr ) + /* nothing */; + else if ( iommu_use_hap_pt(d) ) { pagetable_t pgt = p2m_get_pagetable(p2m_get_hostp2m(d)); @@ -1385,18 +1387,18 @@ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); struct context_entry *context, *context_entries, lctxt; __uint128_t old; - u64 maddr, pgd_maddr; + uint64_t maddr; uint16_t seg = iommu->drhd->segment, prev_did = 0; struct domain *prev_dom = NULL; int rc, ret; bool_t flush_dev_iotlb; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, pgd_maddr) ) return 0; ASSERT(pcidevs_locked()); @@ -1433,10 +1435,12 @@ int domain_context_mapping_one( } else { + paddr_t root; + spin_lock(&hd->arch.mapping_lock); - pgd_maddr = domain_pgd_maddr(domain, iommu->nr_pt_levels); - if ( !pgd_maddr ) + root = domain_pgd_maddr(domain, pgd_maddr, iommu->nr_pt_levels); + if ( !root ) { spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); @@ -1446,7 +1450,7 @@ int domain_context_mapping_one( return -ENOMEM; } - context_set_address_root(lctxt, pgd_maddr); + context_set_address_root(lctxt, root); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else @@ -1562,15 +1566,21 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, mode); + rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); if ( rc ) { if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + { + hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + domain->domain_id, + hd->arch.vtd.pgd_maddr, mode & MAP_WITH_RMRR) < 0; + } else ret = 1; @@ -1592,6 +1602,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); const struct acpi_rmrr_unit *rmrr; + paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1654,7 +1665,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret > 0 ) ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) @@ -1671,7 +1683,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret < 0 ) break; prev_present = ret; @@ -1699,7 +1712,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1714,7 +1728,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); if ( ret ) { @@ -1742,14 +1757,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn) + uint8_t bus, uint8_t devfn, domid_t domid) { struct context_entry *context, *context_entries; u64 maddr; int iommu_domid, rc, ret; bool_t flush_dev_iotlb; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) return 0; ASSERT(pcidevs_locked()); @@ -1803,7 +1818,7 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1850,7 +1865,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1863,7 +1879,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( ret ) break; @@ -1889,12 +1906,15 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, /* PCIe to PCI/PCIx bridge */ if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0); + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + domain->domain_id); } else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); break; @@ -1904,7 +1924,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, return -EINVAL; } - if ( !ret && !QUARANTINE_SKIP(domain) && pdev->devfn == devfn ) + if ( !ret && pdev->devfn == devfn && + !QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) check_cleanup_domid_map(domain, pdev, iommu); return ret; @@ -2511,7 +2532,7 @@ static int reassign_device_ownership( { int ret; - if ( !QUARANTINE_SKIP(target) ) + if ( !QUARANTINE_SKIP(target, dom_iommu(target)->arch.vtd.pgd_maddr) ) { if ( !has_arch_pdevs(target) ) vmx_pi_hooks_assign(target); @@ -2526,7 +2547,8 @@ static int reassign_device_ownership( ret = domain_context_mapping(target, devfn, pdev); - if ( !ret && !QUARANTINE_SKIP(source) && pdev->devfn == devfn ) + if ( !ret && pdev->devfn == devfn && + !QUARANTINE_SKIP(source, dom_iommu(source)->arch.vtd.pgd_maddr) ) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 90331b7dd4..a1a164222c 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -408,6 +408,8 @@ void __init platform_quirks_init(void) static int __must_check map_me_phantom_function(struct domain *domain, unsigned int dev, + domid_t domid, + paddr_t pgd_maddr, unsigned int mode) { struct acpi_drhd_unit *drhd; @@ -421,16 +423,17 @@ static int __must_check map_me_phantom_function(struct domain *domain, /* map or unmap ME phantom function */ if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL, mode); + PCI_DEVFN(dev, 7), NULL, + domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7)); + PCI_DEVFN(dev, 7), domid); return rc; } int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { u32 id; int rc = 0; @@ -454,7 +457,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, mode); + rc = map_me_phantom_function(domain, 3, domid, pgd_maddr, mode); break; default: break; @@ -480,7 +483,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, mode); + rc = map_me_phantom_function(domain, 22, domid, pgd_maddr, mode); break; default: break; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 06:01:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 06:01:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299512.510344 (Exim 4.92) (envelope-from ) id 1nbyjW-0000Ar-Nf; Wed, 06 Apr 2022 06:01:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299512.510344; Wed, 06 Apr 2022 06:01:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjW-0000Ai-Ka; Wed, 06 Apr 2022 06:01:34 +0000 Received: by outflank-mailman (input) for mailman id 299512; Wed, 06 Apr 2022 06:01:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjV-00009j-DM for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjV-0004lm-CX for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyjV-0006o5-Bt for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HLtk2F5UOqiMwvDqUYU6qBsHWo4aY3k3chNpvmek5/E=; b=McOlwTXxj2YuZAebIxc29uCYbv IXLb61I6OEzNtQZBXkMMDlvRXAv/w6pSU3AqyMhlNL/oSYI+3HDKwL91+9GVeUn4C6bt6ctY/USWw QX8T9uVGD2BlNQbuJ3Y7xYUxfba9z/2OBJdo/M0aAm13/+08rYd7ZGntyBneH5VJKL8M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] VT-d: prepare for per-device quarantine page tables (part II) Message-Id: Date: Wed, 06 Apr 2022 06:01:33 +0000 commit 26293b93409bb46bcc8445379ff9f1841f7f98d2 Author: Jan Beulich AuthorDate: Tue Apr 5 14:48:09 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:48:09 2022 +0200 VT-d: prepare for per-device quarantine page tables (part II) Replace the passing of struct domain * by domid_t in preparation of per-device quarantine page tables also requiring per-device pseudo domain IDs, which aren't going to be associated with any struct domain instances. No functional change intended (except for slightly adjusted log message text). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 7131163c4806e3c7de24873164d1a003d2a27dee master date: 2022-04-05 14:18:48 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 5a64f1bd0f..988465523d 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -62,8 +62,8 @@ static struct tasklet vtd_fault_tasklet; static int setup_hwdom_device(u8 devfn, struct pci_dev *); static void setup_hwdom_rmrr(struct domain *d); -static int domain_iommu_domid(struct domain *d, - struct vtd_iommu *iommu) +static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, + bool warn) { unsigned long nr_dom, i; @@ -71,16 +71,16 @@ static int domain_iommu_domid(struct domain *d, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) return i; i = find_next_bit(iommu->domid_bitmap, nr_dom, i+1); } - if ( !d->is_dying ) + if ( warn ) dprintk(XENLOG_ERR VTDPREFIX, - "Cannot get valid iommu %u domid: %pd\n", - iommu->index, d); + "No valid iommu %u domid for Dom%d\n", + iommu->index, domid); return -1; } @@ -88,8 +88,7 @@ static int domain_iommu_domid(struct domain *d, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 static int context_set_domain_id(struct context_entry *context, - struct domain *d, - struct vtd_iommu *iommu) + domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; @@ -100,7 +99,7 @@ static int context_set_domain_id(struct context_entry *context, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) { found = 1; break; @@ -116,7 +115,7 @@ static int context_set_domain_id(struct context_entry *context, dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: no free domain ids\n"); return -EFAULT; } - iommu->domid_map[i] = d->domain_id; + iommu->domid_map[i] = domid; } set_bit(i, iommu->domid_bitmap); @@ -125,9 +124,9 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) +static void cleanup_domid_map(domid_t domid, struct vtd_iommu *iommu) { - int iommu_domid = domain_iommu_domid(domain, iommu); + int iommu_domid = get_iommu_did(domid, iommu, false); if ( iommu_domid >= 0 ) { @@ -167,7 +166,7 @@ static bool any_pdev_behind_iommu(const struct domain *d, * If no other devices under the same iommu owned by this domain, * clear iommu in iommu_bitmap and clear domain_id in domid_bitmap. */ -static void check_cleanup_domid_map(struct domain *d, +static void check_cleanup_domid_map(const struct domain *d, const struct pci_dev *exclude, struct vtd_iommu *iommu) { @@ -183,7 +182,7 @@ static void check_cleanup_domid_map(struct domain *d, if ( !found ) { clear_bit(iommu->index, dom_iommu(d)->arch.vtd.iommu_bitmap); - cleanup_domid_map(d, iommu); + cleanup_domid_map(d->domain_id, iommu); } } @@ -683,7 +682,7 @@ static int __must_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, continue; flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - iommu_domid= domain_iommu_domid(d, iommu); + iommu_domid = get_iommu_did(d->domain_id, iommu, !d->is_dying); if ( iommu_domid == -1 ) continue; @@ -1459,7 +1458,7 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); } - if ( context_set_domain_id(&lctxt, domain, iommu) ) + if ( context_set_domain_id(&lctxt, domid, iommu) ) { unlock: spin_unlock(&iommu->lock); @@ -1785,7 +1784,7 @@ int domain_context_unmap_one( context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid= domain_iommu_domid(domain, iommu); + iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); if ( iommu_domid == -1 ) { spin_unlock(&iommu->lock); @@ -1953,7 +1952,7 @@ static void iommu_domain_teardown(struct domain *d) ASSERT(!hd->arch.vtd.pgd_maddr); for_each_drhd_unit ( drhd ) - cleanup_domid_map(d, drhd->iommu); + cleanup_domid_map(d->domain_id, drhd->iommu); XFREE(hd->arch.vtd.iommu_bitmap); } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 06:01:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 06:01:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299515.510348 (Exim 4.92) (envelope-from ) id 1nbyjg-0000Km-PP; Wed, 06 Apr 2022 06:01:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299515.510348; Wed, 06 Apr 2022 06:01:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjg-0000Kg-MH; Wed, 06 Apr 2022 06:01:44 +0000 Received: by outflank-mailman (input) for mailman id 299515; Wed, 06 Apr 2022 06:01:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjf-0000JI-Go for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjf-0004lx-G2 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyjf-0006oa-FG for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+HOVFINYsMBwOzmIWmTH1xJpLB0JacZ6Cdb8apXh1vE=; b=QhhQIqV+/kCpO87YUaR72o8UVQ BxtLSQafkiMcHjaSPzzFyOY/Wtbox5y1DkCjYXsmBTmd5VmmbzJ2ciDzu/iLeJW9x2iXhKrFfmT7q dDfL3s5KK2LjTB6P1VY2OuE47X9tSb1454+ZPLNRE5Uc1X59RsXy6pzJx1xNapdomqHA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] IOMMU/x86: maintain a per-device pseudo domain ID Message-Id: Date: Wed, 06 Apr 2022 06:01:43 +0000 commit 3e65372436fb6bbfdc59e4175d4a41b398000e0a Author: Jan Beulich AuthorDate: Tue Apr 5 14:48:29 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:48:29 2022 +0200 IOMMU/x86: maintain a per-device pseudo domain ID In order to subsequently enable per-device quarantine page tables, we'll need domain-ID-like identifiers to be inserted in the respective device (AMD) or context (Intel) table entries alongside the per-device page table root addresses. Make use of "real" domain IDs occupying only half of the value range coverable by domid_t. Note that in VT-d's iommu_alloc() I didn't want to introduce new memory leaks in case of error, but existing ones don't get plugged - that'll be the subject of a later change. The VT-d changes are slightly asymmetric, but this way we can avoid assigning pseudo domain IDs to devices which would never be mapped while still avoiding to add a new parameter to domain_context_unmap(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 97af062b89d52c0ecf7af254b53345c97d438e33 master date: 2022-04-05 14:19:10 +0200 --- xen/drivers/passthrough/amd/iommu.h | 1 + xen/drivers/passthrough/amd/iommu_detect.c | 8 +++ xen/drivers/passthrough/amd/pci_amd_iommu.c | 22 +++++++- xen/drivers/passthrough/pci.c | 11 ++-- xen/drivers/passthrough/vtd/iommu.c | 82 +++++++++++++++++++++++------ xen/drivers/passthrough/vtd/iommu.h | 1 + xen/drivers/passthrough/x86/iommu.c | 52 ++++++++++++++++++ xen/include/asm-x86/iommu.h | 4 ++ xen/include/asm-x86/pci.h | 8 ++- 9 files changed, 168 insertions(+), 21 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 2e1bd85e7c..5ae86cdec8 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -96,6 +96,7 @@ struct amd_iommu { struct ring_buffer cmd_buffer; struct ring_buffer event_log; struct ring_buffer ppr_log; + unsigned long *domid_map; int exclusion_enable; int exclusion_allow_all; diff --git a/xen/drivers/passthrough/amd/iommu_detect.c b/xen/drivers/passthrough/amd/iommu_detect.c index f52e7b90e1..58bc6d01b3 100644 --- a/xen/drivers/passthrough/amd/iommu_detect.c +++ b/xen/drivers/passthrough/amd/iommu_detect.c @@ -223,6 +223,11 @@ int __init amd_iommu_detect_one_acpi( if ( rt ) goto out; + iommu->domid_map = iommu_init_domid(); + rt = -ENOMEM; + if ( !iommu->domid_map ) + goto out; + rt = pci_ro_device(iommu->seg, bus, PCI_DEVFN(dev, func)); if ( rt ) printk(XENLOG_ERR "Could not mark config space of %pp read-only (%d)\n", @@ -233,7 +238,10 @@ int __init amd_iommu_detect_one_acpi( out: if ( rt ) + { + xfree(iommu->domid_map); xfree(iommu); + } return rt; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index ac6a0ed199..f170a69a45 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -539,6 +539,8 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) struct amd_iommu *iommu; u16 bdf; struct ivrs_mappings *ivrs_mappings; + bool fresh_domid = false; + int ret; if ( !pdev->domain ) return -EINVAL; @@ -606,7 +608,22 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) AMD_IOMMU_WARN("%pd: unity mapping failed for %pp\n", pdev->domain, &pdev->sbdf); - return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = iommu_alloc_domid(iommu->domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + fresh_domid = true; + } + + ret = amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( ret && fresh_domid ) + { + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + + return ret; } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) @@ -638,6 +655,9 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) AMD_IOMMU_WARN("%pd: unity unmapping failed for %pp\n", pdev->domain, &pdev->sbdf); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + if ( amd_iommu_perdev_intremap && ivrs_mappings[bdf].dte_requestor_id == bdf && ivrs_mappings[bdf].intremap_table ) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 0d8ab2e716..dd1c0ea329 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1271,9 +1271,14 @@ static int _dump_pci_devices(struct pci_seg *pseg, void *arg) list_for_each_entry ( pdev, &pseg->alldevs_list, alldevs_list ) { - printk("%pp - %pd - node %-3d", - &pdev->sbdf, pdev->domain, - (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); + printk("%pp - ", &pdev->sbdf); +#ifdef CONFIG_X86 + if ( pdev->domain == dom_io ) + printk("DomIO:%x", pdev->arch.pseudo_domid); + else +#endif + printk("%pd", pdev->domain); + printk(" - node %-3d", (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); pdev_dump_msi(pdev); printk("\n"); } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 988465523d..a38fc1a64f 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -1215,7 +1216,7 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { struct vtd_iommu *iommu; unsigned long sagaw, nr_dom; - int agaw; + int agaw, rc; iommu = xzalloc(struct vtd_iommu); if ( iommu == NULL ) @@ -1301,7 +1302,16 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) if ( !iommu->domid_map ) return -ENOMEM; + iommu->pseudo_domid_map = iommu_init_domid(); + rc = -ENOMEM; + if ( !iommu->pseudo_domid_map ) + goto free; + return 0; + + free: + iommu_free(drhd); + return rc; } void __init iommu_free(struct acpi_drhd_unit *drhd) @@ -1324,6 +1334,7 @@ void __init iommu_free(struct acpi_drhd_unit *drhd) xfree(iommu->domid_bitmap); xfree(iommu->domid_map); + xfree(iommu->pseudo_domid_map); if ( iommu->msi.irq >= 0 ) destroy_irq(iommu->msi.irq); @@ -1593,8 +1604,8 @@ int domain_context_mapping_one( return rc ?: pdev && prev_dom; } -static int domain_context_unmap(struct domain *d, uint8_t devfn, - struct pci_dev *pdev); +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *d, uint8_t devfn, struct pci_dev *pdev); static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) @@ -1602,6 +1613,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); const struct acpi_rmrr_unit *rmrr; paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; + domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1660,6 +1672,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !drhd ) return -ENODEV; + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1677,6 +1697,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !drhd ) return -ENODEV; + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1750,6 +1778,13 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && devfn == pdev->devfn ) pci_vtd_quirk(pdev); + if ( ret && drhd && orig_domid == DOMID_INVALID ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return ret; } @@ -1835,8 +1870,10 @@ int domain_context_unmap_one( return rc; } -static int domain_context_unmap(struct domain *domain, u8 devfn, - struct pci_dev *pdev) +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *domain, + uint8_t devfn, + struct pci_dev *pdev) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); struct vtd_iommu *iommu = drhd ? drhd->iommu : NULL; @@ -1850,16 +1887,16 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:Hostbridge: skip %pp unmap\n", domain, &PCI_SBDF3(seg, bus, devfn)); - return is_hardware_domain(domain) ? 0 : -EPERM; + return ERR_PTR(is_hardware_domain(domain) ? 0 : -EPERM); case DEV_TYPE_PCIe_BRIDGE: case DEV_TYPE_PCIe2PCI_BRIDGE: case DEV_TYPE_LEGACY_PCI_BRIDGE: - return 0; + return ERR_PTR(0); case DEV_TYPE_PCIe_ENDPOINT: if ( !iommu ) - return -ENODEV; + return ERR_PTR(-ENODEV); if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", @@ -1873,7 +1910,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, case DEV_TYPE_PCI: if ( !iommu ) - return -ENODEV; + return ERR_PTR(-ENODEV); if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", @@ -1920,14 +1957,14 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, default: dprintk(XENLOG_ERR VTDPREFIX, "%pd:unknown(%u): %pp\n", domain, pdev->type, &PCI_SBDF3(seg, bus, devfn)); - return -EINVAL; + return ERR_PTR(-EINVAL); } if ( !ret && pdev->devfn == devfn && !QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) check_cleanup_domid_map(domain, pdev, iommu); - return ret; + return drhd; } static void iommu_clear_root_pgtable(struct domain *d) @@ -2154,16 +2191,17 @@ static int intel_iommu_enable_device(struct pci_dev *pdev) static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { + const struct acpi_drhd_unit *drhd; struct acpi_rmrr_unit *rmrr; u16 bdf; - int ret, i; + unsigned int i; if ( !pdev->domain ) return -EINVAL; - ret = domain_context_unmap(pdev->domain, devfn, pdev); - if ( ret ) - return ret; + drhd = domain_context_unmap(pdev->domain, devfn, pdev); + if ( IS_ERR(drhd) ) + return PTR_ERR(drhd); for_each_rmrr_device ( rmrr, bdf, i ) { @@ -2180,6 +2218,13 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + if ( drhd ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return 0; } @@ -2556,7 +2601,12 @@ static int reassign_device_ownership( } } else - ret = domain_context_unmap(source, devfn, pdev); + { + const struct acpi_drhd_unit *drhd; + + drhd = domain_context_unmap(source, devfn, pdev); + ret = IS_ERR(drhd) ? PTR_ERR(drhd) : 0; + } if ( ret ) { if ( !has_arch_pdevs(target) ) diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 2e4d39cc61..025895c7d0 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -508,6 +508,7 @@ struct vtd_iommu { } flush; struct list_head ats_devices; + unsigned long *pseudo_domid_map; /* "pseudo" domain id bitmap */ unsigned long *domid_bitmap; /* domain id bitmap */ u16 *domid_map; /* domain id mapping array */ uint32_t version; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 295d853003..a36a6bd4b2 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -387,6 +387,58 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) return; } +void arch_pci_init_pdev(struct pci_dev *pdev) +{ + pdev->arch.pseudo_domid = DOMID_INVALID; +} + +unsigned long *__init iommu_init_domid(void) +{ + if ( !iommu_quarantine ) + return ZERO_BLOCK_PTR; + + BUILD_BUG_ON(DOMID_MASK * 2U >= UINT16_MAX); + + return xzalloc_array(unsigned long, + BITS_TO_LONGS(UINT16_MAX - DOMID_MASK)); +} + +domid_t iommu_alloc_domid(unsigned long *map) +{ + /* + * This is used uniformly across all IOMMUs, such that on typical + * systems we wouldn't re-use the same ID very quickly (perhaps never). + */ + static unsigned int start; + unsigned int idx = find_next_zero_bit(map, UINT16_MAX - DOMID_MASK, start); + + ASSERT(pcidevs_locked()); + + if ( idx >= UINT16_MAX - DOMID_MASK ) + idx = find_first_zero_bit(map, UINT16_MAX - DOMID_MASK); + if ( idx >= UINT16_MAX - DOMID_MASK ) + return DOMID_INVALID; + + __set_bit(idx, map); + + start = idx + 1; + + return idx | (DOMID_MASK + 1); +} + +void iommu_free_domid(domid_t domid, unsigned long *map) +{ + ASSERT(pcidevs_locked()); + + if ( domid == DOMID_INVALID ) + return; + + ASSERT(domid > DOMID_MASK); + + if ( !__test_and_clear_bit(domid & DOMID_MASK, map) ) + BUG(); +} + int iommu_free_pgtables(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index cb794fe1ef..7d6dc5186a 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -141,6 +141,10 @@ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, iommu_vcall(ops, sync_cache, addr, size); \ }) +unsigned long *iommu_init_domid(void); +domid_t iommu_alloc_domid(unsigned long *map); +void iommu_free_domid(domid_t domid, unsigned long *map); + int __must_check iommu_free_pgtables(struct domain *d); struct domain_iommu; struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index 443f25347d..f944017128 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -13,6 +13,12 @@ struct arch_pci_dev { vmask_t used_vectors; + /* + * These fields are (de)initialized under pcidevs-lock. Other uses of + * them don't race (de)initialization and hence don't strictly need any + * locking. + */ + domid_t pseudo_domid; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, @@ -36,6 +42,6 @@ static always_inline bool is_pci_passthrough_enabled(void) return true; } -static inline void arch_pci_init_pdev(struct pci_dev *pdev) {} +void arch_pci_init_pdev(struct pci_dev *pdev); #endif /* __X86_PCI_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 06:01:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 06:01:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299516.510352 (Exim 4.92) (envelope-from ) id 1nbyjq-0000Rl-UC; Wed, 06 Apr 2022 06:01:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299516.510352; Wed, 06 Apr 2022 06:01:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjq-0000Rc-RK; Wed, 06 Apr 2022 06:01:54 +0000 Received: by outflank-mailman (input) for mailman id 299516; Wed, 06 Apr 2022 06:01:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjp-0000Q3-KF for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjp-0004m8-JJ for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyjp-0006p1-IP for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:01:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iOSrs3t8UcWHmKNh+V/5cHua7Go509mDaylE0RT55e8=; b=leZPUfuP+/d1Zp8845lhEOshjF eVfMVeCZUU1t1BSGQtj53h4+ydFGp1vB9f+eGpwBRiExZW2vToeW8BY5Q4JGk0CqQdXOg8XPaHfV1 DPprYWVR+T8w5EsHeXDWrPNdcXwIp6d9ygDBOK5bhWeiDmYJuqe+BE160PpeCocAOZlQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] IOMMU/x86: drop TLB flushes from quarantine_init() hooks Message-Id: Date: Wed, 06 Apr 2022 06:01:53 +0000 commit c9578db9fa509881ef485aa907e80714745870de Author: Jan Beulich AuthorDate: Tue Apr 5 14:48:58 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:48:58 2022 +0200 IOMMU/x86: drop TLB flushes from quarantine_init() hooks The page tables just created aren't hooked up yet anywhere, so there's nothing that could be present in any TLB, and hence nothing to flush. Dropping this flush is, at least on the VT-d side, a prereq to per- device domain ID use when quarantining devices, as dom_io isn't going to be assigned a DID anymore: The warning in get_iommu_did() would trigger. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 54c5cef49239e2f27ec3b3fc8804bf57aa4bf46d master date: 2022-04-05 14:19:42 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 2 -- xen/drivers/passthrough/vtd/iommu.c | 3 --- 2 files changed, 5 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index cfa5371148..e36595f289 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -654,8 +654,6 @@ int __init amd_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - amd_iommu_flush_all_pages(d); - /* Pages leaked in failure case */ return level ? -ENOMEM : 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index a38fc1a64f..37339aa044 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2975,9 +2975,6 @@ static int __init intel_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - if ( !rc ) - rc = iommu_flush_iotlb_all(d); - /* Pages may be leaked in failure case */ return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 06:02:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 06:02:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299518.510356 (Exim 4.92) (envelope-from ) id 1nbyk0-0000WV-W2; Wed, 06 Apr 2022 06:02:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299518.510356; Wed, 06 Apr 2022 06:02:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyk0-0000WN-T2; Wed, 06 Apr 2022 06:02:04 +0000 Received: by outflank-mailman (input) for mailman id 299518; Wed, 06 Apr 2022 06:02:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjz-0000WB-N1 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:02:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyjz-0004mZ-MA for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:02:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyjz-0006pl-LW for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:02:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XAdKni4lKJGtWtB/292k2FrjtwpLCekOa89s97CMM4A=; b=Jk/PZVRj6v62dBNjCFRQJFjqEW nBMNiW2+V0Apn4ht4Dp5T08RcTyfua+dlV40ZiZ2Ijn4gnmFZdnisl582M4r+oq0AiPqsMhBY+blT evhhd81Afrh92ekgTp1lKYc8uDSgW0pzWa4ZerViJ1Sa2+dMXHxu0VLk4ePNcRn5/ueo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] AMD/IOMMU: abstract maximum number of page table levels Message-Id: Date: Wed, 06 Apr 2022 06:02:03 +0000 commit a0dac7ab173ddb1dc64fc24cc67d3cbee219eb95 Author: Jan Beulich AuthorDate: Tue Apr 5 14:49:23 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:49:23 2022 +0200 AMD/IOMMU: abstract maximum number of page table levels We will want to use the constant elsewhere. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: a038b514c1e970a8dc32229cbd31f6769ee61ad5 master date: 2022-04-05 14:20:04 +0200 --- xen/drivers/passthrough/amd/iommu-defs.h | 1 + xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/amd/iommu-defs.h b/xen/drivers/passthrough/amd/iommu-defs.h index 774234dfd2..8a17697ea7 100644 --- a/xen/drivers/passthrough/amd/iommu-defs.h +++ b/xen/drivers/passthrough/amd/iommu-defs.h @@ -106,6 +106,7 @@ struct amd_iommu_dte { bool tv:1; unsigned int :5; unsigned int had:2; +#define IOMMU_MAX_PT_LEVELS 6 unsigned int paging_mode:3; uint64_t pt_root:40; bool ppr:1; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index f170a69a45..6092a2932b 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -337,7 +337,7 @@ int amd_iommu_alloc_root(struct domain *d) return 0; } -unsigned int __read_mostly amd_iommu_max_paging_mode = 6; +unsigned int __read_mostly amd_iommu_max_paging_mode = IOMMU_MAX_PT_LEVELS; int __read_mostly amd_iommu_min_paging_mode = 1; static int amd_iommu_domain_init(struct domain *d) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 06:02:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 06:02:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299519.510360 (Exim 4.92) (envelope-from ) id 1nbykB-0000Zt-1q; Wed, 06 Apr 2022 06:02:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299519.510360; Wed, 06 Apr 2022 06:02:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbykA-0000Zl-Ur; Wed, 06 Apr 2022 06:02:14 +0000 Received: by outflank-mailman (input) for mailman id 299519; Wed, 06 Apr 2022 06:02:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyk9-0000ZZ-Qa for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:02:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nbyk9-0004mp-Pb for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:02:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nbyk9-0006rd-Oi for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 06:02:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YVW7UABpG5y1n3uUcPnfIdnuunU/uDt2XvL8DA8/owk=; b=oeaA8TCLQimBIte31gk61Qsux4 0+sFkHyJ9NpeFfjCvnTeu2osbhXser++l8Y06SbCEanV3hQNa6m8SJ2c47XQDDxieCzKsscd9Ybjw CS/a2t0Pe5dfBNcWFf0gq2ReBrJNzvdCLQYChboQ/XIizqVKEsNR2pWmlMeUXCxXryXU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] IOMMU/x86: use per-device page tables for quarantining Message-Id: Date: Wed, 06 Apr 2022 06:02:13 +0000 commit 54e37f44a219a987189c566e15ccad7af0bcc4ed Author: Jan Beulich AuthorDate: Tue Apr 5 14:49:40 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:49:40 2022 +0200 IOMMU/x86: use per-device page tables for quarantining Devices with RMRRs / unity mapped regions, due to it being unspecified how/when these memory regions may be accessed, may not be left disconnected from the mappings of these regions (as long as it's not certain that the device has been fully quiesced). Hence even the page tables used when quarantining such devices need to have mappings of those regions. This implies installing page tables in the first place even when not in scratch-page quarantining mode. This is CVE-2022-26361 / part of XSA-400. While for the purpose here it would be sufficient to have devices with RMRRs / unity mapped regions use per-device page tables, extend this to all devices (in scratch-page quarantining mode). This allows the leaf pages to be mapped r/w, thus covering also memory writes (rather than just reads) issued by non-quiescent devices. Set up quarantine page tables as late as possible, yet early enough to not encounter failure during de-assign. This means setup generally happens in assign_device(), while (for now) the one in deassign_device() is there mainly to be on the safe side. As to the removal of QUARANTINE_SKIP() from domain_context_unmap_one(): I think this was never really needed there, as the function explicitly deals with finding a non-present context entry. Leaving it there would require propagating pgd_maddr into the function (like was done by "VT-d: prepare for per-device quarantine page tables" for domain_context_mapping_one()). In VT-d's DID allocation function don't require the IOMMU lock to be held anymore: All involved code paths hold pcidevs_lock, so this way we avoid the need to acquire the IOMMU lock around the new call to context_set_domain_id(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 14dd241aad8af447680ac73e8579990e2c09c1e7 master date: 2022-04-05 14:24:18 +0200 --- xen/drivers/passthrough/amd/iommu.h | 3 +- xen/drivers/passthrough/amd/iommu_map.c | 156 ++++++++++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 43 +++-- xen/drivers/passthrough/iommu.c | 19 ++- xen/drivers/passthrough/pci.c | 20 ++- xen/drivers/passthrough/vtd/iommu.c | 253 +++++++++++++++++++--------- xen/drivers/passthrough/vtd/iommu.h | 2 +- xen/include/asm-x86/pci.h | 13 ++ xen/include/xen/iommu.h | 3 +- 9 files changed, 363 insertions(+), 149 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 5ae86cdec8..3c702eb517 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -237,7 +237,8 @@ int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); int iov_adjust_irq_affinities(void); -int amd_iommu_quarantine_init(struct domain *d); +int amd_iommu_quarantine_init(struct pci_dev *pdev, bool scratch_page); +void amd_iommu_quarantine_teardown(struct pci_dev *pdev); /* mapping functions */ int __must_check amd_iommu_map_page(struct domain *d, dfn_t dfn, diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index e36595f289..cf6f01b633 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -598,64 +598,138 @@ int amd_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt) return 0; } -int __init amd_iommu_quarantine_init(struct domain *d) +static int fill_qpt(union amd_iommu_pte *this, unsigned int level, + struct page_info *pgs[IOMMU_MAX_PT_LEVELS]) { - struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_PER_TABLE_SIZE; ++i ) + { + union amd_iommu_pte *pte = &this[i], *next; + + if ( !pte->pr ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = iommu_alloc_pgtable(hd); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + if ( level ) + { + next = __map_domain_page(pgs[level]); + rc = fill_qpt(next, level - 1, pgs); + unmap_domain_page(next); + } + } + + /* + * PDEs are essentially a subset of PTEs, so this function + * is fine to use even at the leaf. + */ + set_iommu_pde_present(pte, mfn_x(page_to_mfn(pgs[level])), level, + true, true); + } + else if ( level && pte->next_level ) + { + next = map_domain_page(_mfn(pte->mfn)); + rc = fill_qpt(next, level - 1, pgs); + unmap_domain_page(next); + } + } + + return rc; +} + +int amd_iommu_quarantine_init(struct pci_dev *pdev, bool scratch_page) +{ + struct domain_iommu *hd = dom_iommu(dom_io); unsigned long end_gfn = 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT); unsigned int level = amd_iommu_get_paging_mode(end_gfn); - union amd_iommu_pte *table; + unsigned int req_id = get_dma_requestor_id(pdev->seg, pdev->sbdf.bdf); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + int rc; + + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.amd.root_table); + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + + if ( !scratch_page && !ivrs_mappings[req_id].unity_map ) + return 0; + + ASSERT(pdev->arch.pseudo_domid != DOMID_INVALID); - if ( hd->arch.amd.root_table ) + if ( pdev->arch.amd.root_table ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + pdev->arch.amd.root_table = iommu_alloc_pgtable(hd); + if ( !pdev->arch.amd.root_table ) + return -ENOMEM; - hd->arch.amd.root_table = iommu_alloc_pgtable(hd); - if ( !hd->arch.amd.root_table ) - goto out; + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.amd.root_table = pdev->arch.amd.root_table; + + rc = amd_iommu_reserve_domain_unity_map(dom_io, + ivrs_mappings[req_id].unity_map, + 0); - table = __map_domain_page(hd->arch.amd.root_table); - while ( level ) + iommu_identity_map_teardown(dom_io); + hd->arch.amd.root_table = NULL; + + if ( rc ) + AMD_IOMMU_WARN("%pp: quarantine unity mapping failed\n", &pdev->sbdf); + else if ( scratch_page ) { - struct page_info *pg; - unsigned int i; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = iommu_alloc_pgtable(hd); - if ( !pg ) - break; - - for ( i = 0; i < PTE_PER_TABLE_SIZE; i++ ) - { - union amd_iommu_pte *pde = &table[i]; + union amd_iommu_pte *root; + struct page_info *pgs[IOMMU_MAX_PT_LEVELS] = {}; - /* - * PDEs are essentially a subset of PTEs, so this function - * is fine to use even at the leaf. - */ - set_iommu_pde_present(pde, mfn_x(page_to_mfn(pg)), level - 1, - false, true); - } + spin_lock(&hd->arch.mapping_lock); - unmap_domain_page(table); - table = __map_domain_page(pg); - level--; + root = __map_domain_page(pdev->arch.amd.root_table); + rc = fill_qpt(root, level - 1, pgs); + unmap_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_domain_page(table); - out: - spin_unlock(&hd->arch.mapping_lock); + page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); + + if ( rc ) + amd_iommu_quarantine_teardown(pdev); + + return rc; +} + +void amd_iommu_quarantine_teardown(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.amd.root_table ) + return; - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + page_list_move(&hd->arch.pgtables.list, &pdev->arch.pgtables_list); + while ( iommu_free_pgtables(dom_io) == -ERESTART ) + /* nothing */; + pdev->arch.amd.root_table = NULL; } /* diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 6092a2932b..4792b34bc2 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -26,7 +26,7 @@ #include "../ats.h" /* dom_io is used as a sentinel for quarantined devices */ -#define QUARANTINE_SKIP(d) ((d) == dom_io && !dom_iommu(d)->arch.amd.root_table) +#define QUARANTINE_SKIP(d, p) ((d) == dom_io && !(p)->arch.amd.root_table) static bool_t __read_mostly init_done; @@ -125,8 +125,10 @@ static int __must_check amd_iommu_setup_domain_device( u8 bus = pdev->bus; struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; + const struct page_info *root_pg; + domid_t domid; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, pdev) ) return 0; BUG_ON(!hd->arch.amd.paging_mode || !iommu->dev_table.buffer); @@ -147,14 +149,25 @@ static int __must_check amd_iommu_setup_domain_device( dte = &table[req_id]; ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + if ( domain != dom_io ) + { + root_pg = hd->arch.amd.root_table; + domid = domain->domain_id; + } + else + { + root_pg = pdev->arch.amd.root_table; + domid = pdev->arch.pseudo_domid; + } + spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { /* bind DTE to domain page-tables */ rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.amd.paging_mode, sr_flags); if ( rc ) { ASSERT(rc < 0); @@ -181,7 +194,7 @@ static int __must_check amd_iommu_setup_domain_device( amd_iommu_flush_device(iommu, req_id); } - else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.amd.root_table)) ) + else if ( dte->pt_root != mfn_x(page_to_mfn(root_pg)) ) { /* * Strictly speaking if the device is the only one with this requestor @@ -194,8 +207,8 @@ static int __must_check amd_iommu_setup_domain_device( rc = -EOPNOTSUPP; else rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.amd.paging_mode, sr_flags); if ( rc < 0 ) { spin_unlock_irqrestore(&iommu->lock, flags); @@ -214,6 +227,7 @@ static int __must_check amd_iommu_setup_domain_device( * intended anyway. */ !pdev->domain->is_dying && + pdev->domain != dom_io && (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || pdev->phantom_stride) ) AMD_IOMMU_WARN(" %pp: reassignment may cause %pd data corruption\n", @@ -246,9 +260,8 @@ static int __must_check amd_iommu_setup_domain_device( AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " "root table = %#"PRIx64", " "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode); + req_id, pdev->type, page_to_maddr(root_pg), + domid, hd->arch.amd.paging_mode); ASSERT(pcidevs_locked()); @@ -327,7 +340,7 @@ int amd_iommu_alloc_root(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - if ( unlikely(!hd->arch.amd.root_table) ) + if ( unlikely(!hd->arch.amd.root_table) && d != dom_io ) { hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) @@ -391,7 +404,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, int req_id; u8 bus = pdev->bus; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, pdev) ) return; ASSERT(pcidevs_locked()); @@ -430,7 +443,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, AMD_IOMMU_DEBUG("Disable: device id = %#x, " "domain = %d, paging mode = %d\n", - req_id, domain->domain_id, + req_id, dte->domain_id, dom_iommu(domain)->arch.amd.paging_mode); } else @@ -453,7 +466,7 @@ static int reassign_device(struct domain *source, struct domain *target, return -ENODEV; } - if ( !QUARANTINE_SKIP(target) ) + if ( !QUARANTINE_SKIP(target, pdev) ) { rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); if ( rc ) @@ -655,6 +668,8 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) AMD_IOMMU_WARN("%pd: unity unmapping failed for %pp\n", pdev->domain, &pdev->sbdf); + amd_iommu_quarantine_teardown(pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); pdev->arch.pseudo_domid = DOMID_INVALID; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 6334370109..caaba62c88 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -443,21 +443,22 @@ int iommu_iotlb_flush_all(struct domain *d, unsigned int flush_flags) return rc; } -static int __init iommu_quarantine_init(void) +int iommu_quarantine_dev_init(device_t *dev) { const struct domain_iommu *hd = dom_iommu(dom_io); - int rc; - dom_io->options |= XEN_DOMCTL_CDF_iommu; + if ( !iommu_quarantine || !hd->platform_ops->quarantine_init ) + return 0; - rc = iommu_domain_init(dom_io, 0); - if ( rc || iommu_quarantine < IOMMU_quarantine_scratch_page ) - return rc; + return iommu_call(hd->platform_ops, quarantine_init, + dev, iommu_quarantine == IOMMU_quarantine_scratch_page); +} - if ( !hd->platform_ops->quarantine_init ) - return 0; +static int __init iommu_quarantine_init(void) +{ + dom_io->options |= XEN_DOMCTL_CDF_iommu; - return hd->platform_ops->quarantine_init(dom_io); + return iommu_domain_init(dom_io, 0); } int __init iommu_setup(void) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index dd1c0ea329..395958698e 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -852,9 +852,16 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus, return -ENODEV; /* De-assignment from dom_io should de-quarantine the device */ - target = ((pdev->quarantine || iommu_quarantine) && - pdev->domain != dom_io) ? - dom_io : hardware_domain; + if ( (pdev->quarantine || iommu_quarantine) && pdev->domain != dom_io ) + { + ret = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( ret ) + return ret; + + target = dom_io; + } + else + target = hardware_domain; while ( pdev->phantom_stride ) { @@ -1424,6 +1431,13 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) if ( rc ) goto done; + if ( pdev->domain != dom_io ) + { + rc = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( rc ) + goto done; + } + pdev->fault.count = 0; if ( (rc = hd->platform_ops->assign_device(d, devfn, pci_to_dev(pdev), flag)) ) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 37339aa044..22242ab208 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -45,6 +45,11 @@ /* dom_io is used as a sentinel for quarantined devices */ #define QUARANTINE_SKIP(d, pgd_maddr) ((d) == dom_io && !(pgd_maddr)) +#define DEVICE_DOMID(d, pdev) ((d) != dom_io ? (d)->domain_id \ + : (pdev)->arch.pseudo_domid) +#define DEVICE_PGTABLE(d, pdev) ((d) != dom_io \ + ? dom_iommu(d)->arch.vtd.pgd_maddr \ + : (pdev)->arch.vtd.pgd_maddr) /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -88,13 +93,18 @@ static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 + +/* + * This function may have "context" passed as NULL, to merely obtain a DID + * for "domid". + */ static int context_set_domain_id(struct context_entry *context, domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; - ASSERT(spin_is_locked(&iommu->lock)); + ASSERT(pcidevs_locked()); nr_dom = cap_ndoms(iommu->cap); i = find_first_bit(iommu->domid_bitmap, nr_dom); @@ -120,8 +130,13 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); - context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); - context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + + if ( context ) + { + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); + context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + } + return 0; } @@ -171,8 +186,12 @@ static void check_cleanup_domid_map(const struct domain *d, const struct pci_dev *exclude, struct vtd_iommu *iommu) { - bool found = any_pdev_behind_iommu(d, exclude, iommu); + bool found; + + if ( d == dom_io ) + return; + found = any_pdev_behind_iommu(d, exclude, iommu); /* * Hidden devices are associated with DomXEN but usable by the hardware * domain. Hence they need considering here as well. @@ -1426,7 +1445,7 @@ int domain_context_mapping_one( domid = iommu->domid_map[prev_did]; if ( domid < DOMID_FIRST_RESERVED ) prev_dom = rcu_lock_domain_by_id(domid); - else if ( domid == DOMID_IO ) + else if ( pdev ? domid == pdev->arch.pseudo_domid : domid > DOMID_MASK ) prev_dom = rcu_lock_domain(dom_io); if ( !prev_dom ) { @@ -1582,15 +1601,12 @@ int domain_context_mapping_one( { if ( !prev_dom ) ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ - { - hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, - domain->domain_id, - hd->arch.vtd.pgd_maddr, + DEVICE_DOMID(prev_dom, pdev), + DEVICE_PGTABLE(prev_dom, pdev), mode & MAP_WITH_RMRR) < 0; - } else ret = 1; @@ -1612,7 +1628,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); const struct acpi_rmrr_unit *rmrr; - paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; + paddr_t pgd_maddr = DEVICE_PGTABLE(domain, pdev); domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; @@ -1641,7 +1657,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; } - if ( domain != pdev->domain ) + if ( domain != pdev->domain && pdev->domain != dom_io ) { if ( pdev->domain->is_dying ) mode |= MAP_OWNER_DYING; @@ -1683,8 +1699,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, + ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, + DEVICE_DOMID(domain, pdev), pgd_maddr, mode); if ( ret > 0 ) ret = 0; @@ -1710,8 +1726,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, - mode); + pdev, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret < 0 ) break; prev_present = ret; @@ -1739,8 +1755,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1755,8 +1771,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret ) { @@ -1798,9 +1814,6 @@ int domain_context_unmap_one( int iommu_domid, rc, ret; bool_t flush_dev_iotlb; - if ( QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) - return 0; - ASSERT(pcidevs_locked()); spin_lock(&iommu->lock); @@ -1902,7 +1915,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1916,7 +1929,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( ret ) break; @@ -1939,18 +1952,12 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + DEVICE_DOMID(domain, pdev)); /* PCIe to PCI/PCIx bridge */ - if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); - if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - domain->domain_id); - } - else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); + if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + DEVICE_DOMID(domain, pdev)); break; @@ -1961,7 +1968,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( } if ( !ret && pdev->devfn == devfn && - !QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) + !QUARANTINE_SKIP(domain, pdev->arch.vtd.pgd_maddr) ) check_cleanup_domid_map(domain, pdev, iommu); return drhd; @@ -1994,6 +2001,26 @@ static void iommu_domain_teardown(struct domain *d) XFREE(hd->arch.vtd.iommu_bitmap); } +static void quarantine_teardown(struct pci_dev *pdev, + const struct acpi_drhd_unit *drhd) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.vtd.pgd_maddr ) + return; + + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + page_list_move(&hd->arch.pgtables.list, &pdev->arch.pgtables_list); + while ( iommu_free_pgtables(dom_io) == -ERESTART ) + /* nothing */; + pdev->arch.vtd.pgd_maddr = 0; + + if ( drhd ) + cleanup_domid_map(pdev->arch.pseudo_domid, drhd->iommu); +} + static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, unsigned int *flush_flags) @@ -2218,6 +2245,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + quarantine_teardown(pdev, drhd); + if ( drhd ) { iommu_free_domid(pdev->arch.pseudo_domid, @@ -2576,7 +2605,7 @@ static int reassign_device_ownership( { int ret; - if ( !QUARANTINE_SKIP(target, dom_iommu(target)->arch.vtd.pgd_maddr) ) + if ( !QUARANTINE_SKIP(target, pdev->arch.vtd.pgd_maddr) ) { if ( !has_arch_pdevs(target) ) vmx_pi_hooks_assign(target); @@ -2592,7 +2621,7 @@ static int reassign_device_ownership( ret = domain_context_mapping(target, devfn, pdev); if ( !ret && pdev->devfn == devfn && - !QUARANTINE_SKIP(source, dom_iommu(source)->arch.vtd.pgd_maddr) ) + !QUARANTINE_SKIP(source, pdev->arch.vtd.pgd_maddr) ) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); @@ -2913,69 +2942,135 @@ static void vtd_dump_page_tables(struct domain *d) agaw_to_level(hd->arch.vtd.agaw), 0, 0); } -static int __init intel_iommu_quarantine_init(struct domain *d) +static int fill_qpt(struct dma_pte *this, unsigned int level, + struct page_info *pgs[6]) { - struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_NUM; ++i ) + { + struct dma_pte *pte = &this[i], *next; + + if ( !dma_pte_present(*pte) ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = iommu_alloc_pgtable(hd); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + if ( level ) + { + next = map_vtd_domain_page(page_to_maddr(pgs[level])); + rc = fill_qpt(next, level - 1, pgs); + unmap_vtd_domain_page(next); + } + } + + dma_set_pte_addr(*pte, page_to_maddr(pgs[level])); + dma_set_pte_readable(*pte); + dma_set_pte_writable(*pte); + } + else if ( level && !dma_pte_superpage(*pte) ) + { + next = map_vtd_domain_page(dma_pte_addr(*pte)); + rc = fill_qpt(next, level - 1, pgs); + unmap_vtd_domain_page(next); + } + } + + return rc; +} + +static int intel_iommu_quarantine_init(struct pci_dev *pdev, bool scratch_page) +{ + struct domain_iommu *hd = dom_iommu(dom_io); struct page_info *pg; - struct dma_pte *parent; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); - int rc = 0; + const struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; + unsigned int i, bdf; + bool rmrr_found = false; + int rc; - spin_lock(&hd->arch.mapping_lock); + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.vtd.pgd_maddr); + ASSERT(page_list_empty(&hd->arch.pgtables.list)); - if ( hd->arch.vtd.pgd_maddr ) + if ( pdev->arch.vtd.pgd_maddr ) { - ASSERT_UNREACHABLE(); - goto out; + clear_domain_page(pdev->arch.leaf_mfn); + return 0; } - pg = iommu_alloc_pgtable(hd); + drhd = acpi_find_matched_drhd_unit(pdev); + if ( !drhd ) + return -ENODEV; - rc = -ENOMEM; + pg = iommu_alloc_pgtable(hd); if ( !pg ) - goto out; + return -ENOMEM; + rc = context_set_domain_id(NULL, pdev->arch.pseudo_domid, drhd->iommu); + + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ hd->arch.vtd.pgd_maddr = page_to_maddr(pg); - parent = map_vtd_domain_page(hd->arch.vtd.pgd_maddr); - while ( level ) + for_each_rmrr_device ( rmrr, bdf, i ) { - uint64_t maddr; - unsigned int offset; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = iommu_alloc_pgtable(hd); - - if ( !pg ) - goto out; + if ( rc ) + break; - maddr = page_to_maddr(pg); - for ( offset = 0; offset < PTE_NUM; offset++ ) + if ( rmrr->segment == pdev->seg && bdf == pdev->sbdf.bdf ) { - struct dma_pte *pte = &parent[offset]; + rmrr_found = true; - dma_set_pte_addr(*pte, maddr); - dma_set_pte_readable(*pte); + rc = iommu_identity_mapping(dom_io, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); + if ( rc ) + printk(XENLOG_ERR VTDPREFIX + "%pp: RMRR quarantine mapping failed\n", + &pdev->sbdf); } - iommu_sync_cache(parent, PAGE_SIZE); + } - unmap_vtd_domain_page(parent); - parent = map_vtd_domain_page(maddr); - level--; + iommu_identity_map_teardown(dom_io); + hd->arch.vtd.pgd_maddr = 0; + pdev->arch.vtd.pgd_maddr = page_to_maddr(pg); + + if ( !rc && scratch_page ) + { + struct dma_pte *root; + struct page_info *pgs[6] = {}; + + spin_lock(&hd->arch.mapping_lock); + + root = map_vtd_domain_page(pdev->arch.vtd.pgd_maddr); + rc = fill_qpt(root, level - 1, pgs); + unmap_vtd_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_vtd_domain_page(parent); - rc = 0; + page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc || (!scratch_page && !rmrr_found) ) + quarantine_teardown(pdev, drhd); - /* Pages may be leaked in failure case */ return rc; } diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 025895c7d0..f2a0f28298 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -482,7 +482,7 @@ struct vtd_iommu { u32 nr_pt_levels; u64 cap; u64 ecap; - spinlock_t lock; /* protect context, domain ids */ + spinlock_t lock; /* protect context */ spinlock_t register_lock; /* protect iommu register handling */ u64 root_maddr; /* root entry machine address */ nodeid_t node; diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index f944017128..c8e1a9ecdb 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -1,6 +1,8 @@ #ifndef __X86_PCI_H__ #define __X86_PCI_H__ +#include + #define CF8_BDF(cf8) ( ((cf8) & 0x00ffff00) >> 8) #define CF8_ADDR_LO(cf8) ( (cf8) & 0x000000fc) #define CF8_ADDR_HI(cf8) ( ((cf8) & 0x0f000000) >> 16) @@ -18,7 +20,18 @@ struct arch_pci_dev { * them don't race (de)initialization and hence don't strictly need any * locking. */ + union { + /* Subset of struct arch_iommu's fields, to be used in dom_io. */ + struct { + uint64_t pgd_maddr; + } vtd; + struct { + struct page_info *root_table; + } amd; + }; domid_t pseudo_domid; + mfn_t leaf_mfn; + struct page_list_head pgtables_list; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 6b2cdffa4a..92b2d23f0b 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -233,7 +233,7 @@ typedef int iommu_grdm_t(xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt); struct iommu_ops { int (*init)(struct domain *d); void (*hwdom_init)(struct domain *d); - int (*quarantine_init)(struct domain *d); + int (*quarantine_init)(device_t *dev, bool scratch_page); int (*add_device)(u8 devfn, device_t *dev); int (*enable_device)(device_t *dev); int (*remove_device)(u8 devfn, device_t *dev); @@ -350,6 +350,7 @@ int __must_check iommu_suspend(void); void iommu_resume(void); void iommu_crash_shutdown(void); int iommu_get_reserved_device_memory(iommu_grdm_t *, void *); +int iommu_quarantine_dev_init(device_t *dev); #ifdef CONFIG_HAS_PCI int iommu_do_pci_domctl(struct xen_domctl *, struct domain *d, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 08:22:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 08:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299700.510772 (Exim 4.92) (envelope-from ) id 1nc0vW-0003BM-RK; Wed, 06 Apr 2022 08:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299700.510772; Wed, 06 Apr 2022 08:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0vW-0003BE-O9; Wed, 06 Apr 2022 08:22:06 +0000 Received: by outflank-mailman (input) for mailman id 299700; Wed, 06 Apr 2022 08:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0vU-0003B8-Q8 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0vU-0007ow-OH for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc0vU-0007uw-NH for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YMvmGla7JC5PNyt6EXGdKsg88TNJ5203+6yMjkaZtMA=; b=NdtpQoLyAe1ss9NcGJ9dOqNy0J 0YszKxpTJaB6DNAobaqwR7SmT8AXkG2tg5PVPryYisml42O/tJZgE3QwQC2ZRLC+vVs3C8hlwMU/r E8bk9Hrxqjg+Nsv7oPn7so6WQZt2Cy8RGaqXR4ajL8FlHoaKvO+/aahSB85Gj4HfkDtY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] tools/libs/light: set video_mem for PVH guests Message-Id: Date: Wed, 06 Apr 2022 08:22:04 +0000 commit 38f1fb90bb8793556947cf9ec984258bf12d4096 Author: Juergen Gross AuthorDate: Wed Apr 6 10:17:36 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:17:36 2022 +0200 tools/libs/light: set video_mem for PVH guests The size of the video memory of PVH guests should be set to 0 in case no value has been specified. Doing not so will leave it to be -1, resulting in an additional 1 kB of RAM being advertised in the memory map (here the output of a PVH Mini-OS boot with 16 MB of RAM assigned): Memory map: 000000000000-0000010003ff: RAM 0000feff8000-0000feffffff: Reserved 0000fc008000-0000fc00803f: ACPI 0000fc000000-0000fc000fff: ACPI 0000fc001000-0000fc007fff: ACPI Signed-off-by: Juergen Gross Reviewed-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD master commit: 0a20a53df158eb0724ce6dcd9de70cbdad547d6f master date: 2021-12-09 16:26:29 +0000 --- tools/libs/light/libxl_create.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 2890697de8..15ed021f41 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -427,6 +427,8 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, break; case LIBXL_DOMAIN_TYPE_PVH: libxl_defbool_setdefault(&b_info->u.pvh.pvshim, false); + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 0; if (libxl_defbool_val(b_info->u.pvh.pvshim)) { if (!b_info->u.pvh.pvshim_path) b_info->u.pvh.pvshim_path = -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 08:22:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 08:22:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299701.510777 (Exim 4.92) (envelope-from ) id 1nc0vg-0003DP-Tv; Wed, 06 Apr 2022 08:22:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299701.510777; Wed, 06 Apr 2022 08:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0vg-0003DG-Pd; Wed, 06 Apr 2022 08:22:16 +0000 Received: by outflank-mailman (input) for mailman id 299701; Wed, 06 Apr 2022 08:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0ve-0003D8-SM for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0ve-0007pA-RT for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc0ve-0007xZ-Qc for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MLD8d5m3fdVpnpOhSB2/dJC1C125m+HrvuIBh9b444E=; b=3SlborJVvX8r3b6FZzGtOpmwEt A37N8Xyw623MrulNZv9EWHGkQYaiYU0NfsrZ/ByDQFMusKezZuI6JtYqWgesO2t6pImJEXTtsvNwh 7zsAv4G+a6bTDKHqQjv5X//KNi5ZQXV6eK2H2kM5GiwAviBHxM14vr7+mWeyhhcUuuAo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xl: Fix global pci options Message-Id: Date: Wed, 06 Apr 2022 08:22:14 +0000 commit 2b6badd63439f5ad774b1cad0958850c2b3975e6 Author: Jason Andryuk AuthorDate: Wed Apr 6 10:18:36 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:18:36 2022 +0200 xl: Fix global pci options commit babde47a3fed "introduce a 'passthrough' configuration option to xl.cfg..." moved the pci list parsing ahead of the global pci option parsing. This broke the global pci configuration options since they need to be set first so that looping over the pci devices assigns their values. Move the global pci options ahead of the pci list to restore their function. Fixes: babde47a3fed ("introduce a 'passthrough' configuration option to xl.cfg...") Signed-off-by: Jason Andryuk Acked-by: Anthony PERARD master commit: e45ad0b1b0bd6a43f59aaf4a6f86d88783c630e5 master date: 2022-03-31 19:48:12 +0100 --- tools/xl/xl_parse.c | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 117fcdcb2b..b98c0de378 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -1478,6 +1478,32 @@ void parse_config_data(const char *config_source, exit(1); } + /* To be reworked (automatically enabled) once the auto ballooning + * after guest starts is done (with PCI devices passed in). */ + if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { + xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); + } + + if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) + pci_msitranslate = l; + + if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) + pci_power_mgmt = l; + + if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) + pci_permissive = l; + + if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) + pci_seize = l; + + if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { + libxl_rdm_reserve rdm; + if (!xlu_rdm_parse(config, &rdm, buf)) { + b_info->u.hvm.rdm.strategy = rdm.strategy; + b_info->u.hvm.rdm.policy = rdm.policy; + } + } + if (!xlu_cfg_get_list (config, "pci", &pcis, 0, 0)) { d_config->num_pcidevs = 0; d_config->pcidevs = NULL; @@ -2338,32 +2364,6 @@ skip_vfb: } } - if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) - pci_msitranslate = l; - - if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) - pci_power_mgmt = l; - - if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) - pci_permissive = l; - - if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) - pci_seize = l; - - /* To be reworked (automatically enabled) once the auto ballooning - * after guest starts is done (with PCI devices passed in). */ - if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { - xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); - } - - if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { - libxl_rdm_reserve rdm; - if (!xlu_rdm_parse(config, &rdm, buf)) { - b_info->u.hvm.rdm.strategy = rdm.strategy; - b_info->u.hvm.rdm.policy = rdm.policy; - } - } - if (!xlu_cfg_get_list(config, "usbctrl", &usbctrls, 0, 0)) { d_config->num_usbctrls = 0; d_config->usbctrls = NULL; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 08:22:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 08:22:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299702.510779 (Exim 4.92) (envelope-from ) id 1nc0vq-0003GR-U8; Wed, 06 Apr 2022 08:22:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299702.510779; Wed, 06 Apr 2022 08:22:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0vq-0003GH-RE; Wed, 06 Apr 2022 08:22:26 +0000 Received: by outflank-mailman (input) for mailman id 299702; Wed, 06 Apr 2022 08:22:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0vo-0003G4-Vh for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0vo-0007pb-Ur for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc0vo-0007yF-Ts for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+7qThpkAaT3T/QTKSvMCdYpF8/XKEGO6hNqFhBwScGA=; b=V2zYC85aIEG0TFWPG2slJ3MTqL 7Tgrib9ZyDtJCqUtSsXkvfdzhLi+gRb4S/g1NIa5JgQsX4HCxgRK57GEBCPNjf6jijBOjG39RXJoH SFIhSZhTAPbVLFkcjMvHewP20gOnYtXDX+Lc699978+E4oIrXM45QazUpgChnuxDT9eQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] libxl: Don't segfault on soft-reset failure Message-Id: Date: Wed, 06 Apr 2022 08:22:24 +0000 commit c3cf5d0f3d173b59e09642e278f53820a52f3cef Author: Jason Andryuk AuthorDate: Wed Apr 6 10:19:33 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:19:33 2022 +0200 libxl: Don't segfault on soft-reset failure If domain_soft_reset_cb can't rename the save file, it doesn't call initiate_domain_create() and calls domcreate_complete(). Skipping initiate_domain_create() means dcs->console_wait is uninitialized and all 0s. We have: domcreate_complete() libxl__xswait_stop() libxl__ev_xswatch_deregister(). The uninitialized slotnum 0 is considered valid (-1 is the invalid sentinel), so the NULL pointer path to passed to xs_unwatch() which segfaults. libxl__ev_xswatch_deregister:watch w=0x12bc250 wpath=(null) token=0/0: deregister slotnum=0 Move dcs->console_xswait initialization into the callers of initiate_domain_create, do_domain_create() and do_domain_soft_reset(), so it is initialized along with the other dcs state. Fixes: c57e6ebd8c3e ("(lib)xl: soft reset support") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD master commit: d2ecf97f911fc00a85b34b70ca311b5d355a9756 master date: 2022-04-01 17:01:57 +0100 --- tools/libs/light/libxl_create.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 15ed021f41..885675591f 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1255,8 +1255,6 @@ static void initiate_domain_create(libxl__egc *egc, libxl_domain_config *const d_config = dcs->guest_config; libxl__domain_build_state *dbs = &dcs->build_state; - libxl__xswait_init(&dcs->console_xswait); - domid = dcs->domid; libxl__domain_build_state_init(dbs); dbs->restore = dcs->restore_fd >= 0; @@ -2072,6 +2070,7 @@ static int do_domain_create(libxl_ctx *ctx, libxl_domain_config *d_config, cdcs->dcs.callback = domain_create_cb; cdcs->dcs.domid = INVALID_DOMID; cdcs->dcs.soft_reset = false; + libxl__xswait_init(&cdcs->dcs.console_xswait); if (cdcs->dcs.restore_params.checkpointed_stream == LIBXL_CHECKPOINTED_STREAM_COLO) { @@ -2172,6 +2171,7 @@ static int do_domain_soft_reset(libxl_ctx *ctx, cdcs->dcs.domid = domid; cdcs->dcs.soft_reset = true; cdcs->dcs.callback = domain_create_cb; + libxl__xswait_init(&cdcs->dcs.console_xswait); libxl__ao_progress_gethow(&srs->cdcs.dcs.aop_console_how, aop_console_how); cdcs->domid_out = &domid_out; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 08:22:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 08:22:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299703.510783 (Exim 4.92) (envelope-from ) id 1nc0w0-0003JG-Vm; Wed, 06 Apr 2022 08:22:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299703.510783; Wed, 06 Apr 2022 08:22:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0w0-0003J8-Sg; Wed, 06 Apr 2022 08:22:36 +0000 Received: by outflank-mailman (input) for mailman id 299703; Wed, 06 Apr 2022 08:22:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0vz-0003Il-2u for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0vz-0007pn-1z for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc0vz-0007yp-13 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nfOF6VdbPOHSRSguGPLdYwQjx5yn/N1N2A2zOM8/yY0=; b=hGeFIsVvwJ7Cz7uIMPEj2EIO79 6Lk0q7/SE0vCpfmFo7fRDGZ1b5+xe5uQAV46Ls3vsYLeOChxQ3O+jZNXv9XO8U7QcQSQlmriJcZYb xdh1mVX4hre+z0Fs/xumk5dfe9o1+SueDOPzo8HeyDU6drjA7OyhdKgeVCseWwn0L4FM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] libxl: Re-scope qmp_proxy_spawn.ao usage Message-Id: Date: Wed, 06 Apr 2022 08:22:35 +0000 commit 72a5bde6912198fb2d26ef94ae9cb7ed2bb6bb43 Author: Jason Andryuk AuthorDate: Wed Apr 6 10:19:57 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:19:57 2022 +0200 libxl: Re-scope qmp_proxy_spawn.ao usage I've observed this failed assertion: libxl_event.c:2057: libxl__ao_inprogress_gc: Assertion `ao' failed. AFAICT, this is happening in qmp_proxy_spawn_outcome where sdss->qmp_proxy_spawn.ao is NULL. The out label of spawn_stub_launch_dm() calls qmp_proxy_spawn_outcome(), but it is only in the success path that sdss->qmp_proxy_spawn.ao gets set to the current ao. qmp_proxy_spawn_outcome() should instead use sdss->dm.spawn.ao, which is the already in-use ao when spawn_stub_launch_dm() is called. The same is true for spawn_qmp_proxy(). With this, move sdss->qmp_proxy_spawn.ao initialization to spawn_qmp_proxy() since its use is for libxl__spawn_spawn() and it can be initialized along with the rest of sdss->qmp_proxy_spawn. Fixes: 83c845033dc8 ("libxl: use vchan for QMP access with Linux stubdomain") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD master commit: d62a34423a1a98aefd7c30e22d2d82d198f077c8 master date: 2022-04-01 17:01:57 +0100 --- tools/libs/light/libxl_dm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 9a8ddbe188..1864ee30f0 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -2567,7 +2567,6 @@ static void spawn_stub_launch_dm(libxl__egc *egc, goto out; } - sdss->qmp_proxy_spawn.ao = ao; if (libxl__stubdomain_is_linux(&guest_config->b_info)) { spawn_qmp_proxy(egc, sdss); } else { @@ -2584,7 +2583,7 @@ out: static void spawn_qmp_proxy(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); const uint32_t guest_domid = sdss->dm.guest_domid; const uint32_t dm_domid = sdss->pvqemu.guest_domid; const char *dom_path = libxl__xs_get_dompath(gc, dm_domid); @@ -2598,6 +2597,7 @@ static void spawn_qmp_proxy(libxl__egc *egc, goto out; } + sdss->qmp_proxy_spawn.ao = ao; sdss->qmp_proxy_spawn.what = GCSPRINTF("domain %d device model qmp proxy", guest_domid); sdss->qmp_proxy_spawn.pidpath = GCSPRINTF("%s/image/qmp-proxy-pid", dom_path); sdss->qmp_proxy_spawn.xspath = DEVICE_MODEL_XS_PATH(gc, LIBXL_TOOLSTACK_DOMID, @@ -2685,7 +2685,7 @@ static void qmp_proxy_spawn_outcome(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss, int rc) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); /* * Until xenconsoled learns how to handle multiple consoles, require qemu * in dom0 to serve consoles for a stubdomain - it require at least 3 of them. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 08:22:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 08:22:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299704.510787 (Exim 4.92) (envelope-from ) id 1nc0wB-0003MK-0p; Wed, 06 Apr 2022 08:22:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299704.510787; Wed, 06 Apr 2022 08:22:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0wA-0003MC-UA; Wed, 06 Apr 2022 08:22:46 +0000 Received: by outflank-mailman (input) for mailman id 299704; Wed, 06 Apr 2022 08:22:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0w9-0003Ly-5x for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0w9-0007q3-57 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc0w9-0007zR-4F for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=cA+4Z+AqaDc2jpI6MSAe48F3YCNCf9Vc9htyqHZB6tI=; b=2w9l9FQPZpt2NO1eib/L9F5/hn +NqZegGWGlTMa6sbEbv5dY3m8fERh2h6nmU9xNI9YJlE9XaSLAha/zxp03UtZgMBTiT/vKfImGhRQ 9pTvPoXBuM44tNEPHatP6zFgwcBDIIAUYK445EJ63Kfqj9KAbQ/UYCO/5YraY4aqKPy0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] tools/firmware: force -fcf-protection=none Message-Id: Date: Wed, 06 Apr 2022 08:22:45 +0000 commit 548c443d9f1f11641bd52ea1f5c9035dcbdd6121 Author: Roger Pau MonnĂ© AuthorDate: Wed Apr 6 10:20:23 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:20:23 2022 +0200 tools/firmware: force -fcf-protection=none Do so right in firmware/Rules.mk, like it's done for other compiler flags. Fixes: 3667f7f8f7 ('x86: Introduce support for CET-IBT') Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Anthony PERARD Acked-by: Andrew Cooper master commit: 7225f6e0cd3afd48b4d61c43dd8fead0f4c92193 master date: 2022-04-04 12:30:00 +0100 --- tools/firmware/Rules.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index 9f78a7dec9..c227fe2524 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -15,6 +15,8 @@ CFLAGS += -Werror $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -ffreestanding -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 08:22:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 08:22:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299705.510791 (Exim 4.92) (envelope-from ) id 1nc0wK-0003PF-2t; Wed, 06 Apr 2022 08:22:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299705.510791; Wed, 06 Apr 2022 08:22:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0wJ-0003P7-Vj; Wed, 06 Apr 2022 08:22:55 +0000 Received: by outflank-mailman (input) for mailman id 299705; Wed, 06 Apr 2022 08:22:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0wJ-0003Oz-8n for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc0wJ-0007q7-80 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc0wJ-00080N-7J for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:22:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ea5omob6kE8x38QthEWjdSH2y3mGgYtOolfKHv3lny4=; b=yXNO8PjJvlJoLzSFJ0IEtDkf7r pWN8UX9rNMl4aXYTr1y7+5Gk9YKLdejRxqRoLusG1XVPT91KcOY5/er+8Oi1eSzJHtrWeyUbMnpZS 6P2zxVc5AcNkXOz7TS0/yE4h0QeQ257XDxNL3S9NGcvhJkHcvoXcBlwqM5etNxxFh3tQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] tools/firmware: do not add a .note.gnu.property section Message-Id: Date: Wed, 06 Apr 2022 08:22:55 +0000 commit 2c026fe1f159494b3ec05f19ddfb3d39ff901296 Author: Roger Pau MonnĂ© AuthorDate: Wed Apr 6 10:20:44 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:20:44 2022 +0200 tools/firmware: do not add a .note.gnu.property section Prevent the assembler from creating a .note.gnu.property section on the output objects, as it's not useful for firmware related binaries, and breaks the resulting rombios image. This requires modifying the cc-option Makefile macro so it can test assembler options (by replacing the usage of the -S flag with -c) and also stripping the -Wa, prefix if present when checking for the test output. Signed-off-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD Acked-by: Andrew Cooper master commit: e270af94280e6a9610705ebc1fdd1d7a9b1f8a98 master date: 2022-04-04 12:30:07 +0100 --- Config.mk | 2 +- tools/firmware/Rules.mk | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index 32b6637b4d..5c177e73de 100644 --- a/Config.mk +++ b/Config.mk @@ -91,7 +91,7 @@ PYTHON_PREFIX_ARG ?= --prefix="$(prefix)" # # Usage: cflags-y += $(call cc-option,$(CC),-march=winchip-c6,-march=i586) cc-option = $(shell if test -z "`echo 'void*p=1;' | \ - $(1) $(2) -S -o /dev/null -x c - 2>&1 | grep -- $(2) -`"; \ + $(1) $(2) -c -o /dev/null -x c - 2>&1 | grep -- $(2:-Wa$(comma)%=%) -`"; \ then echo "$(2)"; else echo "$(3)"; fi ;) # cc-option-add: Add an option to compilation flags, but only if supported. diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index c227fe2524..278cca01e4 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -17,6 +17,10 @@ $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +# Do not add the .note.gnu.property section to any of the firmware objects: it +# breaks the rombios binary and is not useful for firmware anyway. +$(call cc-option-add,CFLAGS,CC,-Wa$$(comma)-mx86-used-note=no) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -ffreestanding -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 08:33:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 08:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299710.510806 (Exim 4.92) (envelope-from ) id 1nc16A-00050Q-2B; Wed, 06 Apr 2022 08:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299710.510806; Wed, 06 Apr 2022 08:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc169-00050I-Ur; Wed, 06 Apr 2022 08:33:05 +0000 Received: by outflank-mailman (input) for mailman id 299710; Wed, 06 Apr 2022 08:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc168-00050C-LB for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc168-00080l-JP for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc168-0000Ec-IZ for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gLVcqnsy8a9VV8SmiSQo+SQSfxT9FZUd9kji5aw7RsA=; b=newK5igzrJyDpeU6WIpoYjMe6N TnxMaht2UyAuerqJ40YgqIB6i3v7OD4xiwRlKleA+/3QpER20xvQDubvvni6dELDyjsmFqbhjjpDP ryQ/qtX7eYnRf9/AzlQzO6KJxTVmF6uW41LSwGO95NZB+h/6b3Ko0rNsLSVWtcK0zjio=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] tools/libs/light: set video_mem for PVH guests Message-Id: Date: Wed, 06 Apr 2022 08:33:04 +0000 commit 3dc39cfd725c6cea989a7952b478aa675cf880f0 Author: Juergen Gross AuthorDate: Wed Apr 6 10:21:44 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:21:44 2022 +0200 tools/libs/light: set video_mem for PVH guests The size of the video memory of PVH guests should be set to 0 in case no value has been specified. Doing not so will leave it to be -1, resulting in an additional 1 kB of RAM being advertised in the memory map (here the output of a PVH Mini-OS boot with 16 MB of RAM assigned): Memory map: 000000000000-0000010003ff: RAM 0000feff8000-0000feffffff: Reserved 0000fc008000-0000fc00803f: ACPI 0000fc000000-0000fc000fff: ACPI 0000fc001000-0000fc007fff: ACPI Signed-off-by: Juergen Gross Reviewed-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD master commit: 0a20a53df158eb0724ce6dcd9de70cbdad547d6f master date: 2021-12-09 16:26:29 +0000 --- tools/libs/light/libxl_create.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 93b5093920..f3878cecc1 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -426,6 +426,8 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, break; case LIBXL_DOMAIN_TYPE_PVH: libxl_defbool_setdefault(&b_info->u.pvh.pvshim, false); + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 0; if (libxl_defbool_val(b_info->u.pvh.pvshim)) { if (!b_info->u.pvh.pvshim_path) b_info->u.pvh.pvshim_path = -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 08:33:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 08:33:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299711.510810 (Exim 4.92) (envelope-from ) id 1nc16K-00052z-4z; Wed, 06 Apr 2022 08:33:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299711.510810; Wed, 06 Apr 2022 08:33:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16K-00052p-1u; Wed, 06 Apr 2022 08:33:16 +0000 Received: by outflank-mailman (input) for mailman id 299711; Wed, 06 Apr 2022 08:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16I-00052d-PT for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16I-00080w-OZ for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc16I-0000FU-Ln for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DSd+4sa6HH3z6O/byLIwGUva5vVj99fpkLN5h5x+LwY=; b=V2AMZJ2y2cGkpHOszIoHc2wtC3 LuhLii+cPbjL3CKKOqGqgVIBSYnz6PHMHAsxgYHT9c+BmGMQkR7vJuwCO6ZQbdDR0U72purnWeelv ypjbgyUCRFS2Vj8G2XOKDLLioSfxtctC/m4rbNS25z5olMO60LhaQUs8cYcMaBxZMnKs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xl: Fix global pci options Message-Id: Date: Wed, 06 Apr 2022 08:33:14 +0000 commit 00535c8a7487a384c3a3c3fed11d58c0e6208cc0 Author: Jason Andryuk AuthorDate: Wed Apr 6 10:22:27 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:22:27 2022 +0200 xl: Fix global pci options commit babde47a3fed "introduce a 'passthrough' configuration option to xl.cfg..." moved the pci list parsing ahead of the global pci option parsing. This broke the global pci configuration options since they need to be set first so that looping over the pci devices assigns their values. Move the global pci options ahead of the pci list to restore their function. Fixes: babde47a3fed ("introduce a 'passthrough' configuration option to xl.cfg...") Signed-off-by: Jason Andryuk Acked-by: Anthony PERARD master commit: e45ad0b1b0bd6a43f59aaf4a6f86d88783c630e5 master date: 2022-03-31 19:48:12 +0100 --- tools/xl/xl_parse.c | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 9fb0791429..aba31ed4aa 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -1469,6 +1469,32 @@ void parse_config_data(const char *config_source, exit(1); } + /* To be reworked (automatically enabled) once the auto ballooning + * after guest starts is done (with PCI devices passed in). */ + if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { + xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); + } + + if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) + pci_msitranslate = l; + + if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) + pci_power_mgmt = l; + + if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) + pci_permissive = l; + + if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) + pci_seize = l; + + if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { + libxl_rdm_reserve rdm; + if (!xlu_rdm_parse(config, &rdm, buf)) { + b_info->u.hvm.rdm.strategy = rdm.strategy; + b_info->u.hvm.rdm.policy = rdm.policy; + } + } + if (!xlu_cfg_get_list (config, "pci", &pcis, 0, 0)) { d_config->num_pcidevs = 0; d_config->pcidevs = NULL; @@ -2329,32 +2355,6 @@ skip_vfb: } } - if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) - pci_msitranslate = l; - - if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) - pci_power_mgmt = l; - - if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) - pci_permissive = l; - - if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) - pci_seize = l; - - /* To be reworked (automatically enabled) once the auto ballooning - * after guest starts is done (with PCI devices passed in). */ - if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { - xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); - } - - if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { - libxl_rdm_reserve rdm; - if (!xlu_rdm_parse(config, &rdm, buf)) { - b_info->u.hvm.rdm.strategy = rdm.strategy; - b_info->u.hvm.rdm.policy = rdm.policy; - } - } - if (!xlu_cfg_get_list(config, "usbctrl", &usbctrls, 0, 0)) { d_config->num_usbctrls = 0; d_config->usbctrls = NULL; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 08:33:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 08:33:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299712.510814 (Exim 4.92) (envelope-from ) id 1nc16U-000569-6o; Wed, 06 Apr 2022 08:33:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299712.510814; Wed, 06 Apr 2022 08:33:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16U-000561-3R; Wed, 06 Apr 2022 08:33:26 +0000 Received: by outflank-mailman (input) for mailman id 299712; Wed, 06 Apr 2022 08:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16S-00055i-ST for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16S-00081M-Rc for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc16S-0000GE-Qu for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Zg3mi989XLyy75p4wS2/kLUEdGtYBqOtpjrmh1PB+g4=; b=luhZdRH6mppjt4/nZoMpdYH+Nd 0Cv5KCAuwz7EAGVRTDVX1cQnhaGDPFINB3vaJK6gohRY4YHoT5wjOsCqjehlKqbjcpkGY09cqcFol hy7b3q2Cw1ijotWMff5YNw07ZYX95XKfCxS/nMC2jS4291FVCgnBGEUQ0BX0+PVVaMiA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl: Don't segfault on soft-reset failure Message-Id: Date: Wed, 06 Apr 2022 08:33:24 +0000 commit d9b39c308da9fe7cf58941cff4b343d4b57c2ae5 Author: Jason Andryuk AuthorDate: Wed Apr 6 10:23:03 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:23:03 2022 +0200 libxl: Don't segfault on soft-reset failure If domain_soft_reset_cb can't rename the save file, it doesn't call initiate_domain_create() and calls domcreate_complete(). Skipping initiate_domain_create() means dcs->console_wait is uninitialized and all 0s. We have: domcreate_complete() libxl__xswait_stop() libxl__ev_xswatch_deregister(). The uninitialized slotnum 0 is considered valid (-1 is the invalid sentinel), so the NULL pointer path to passed to xs_unwatch() which segfaults. libxl__ev_xswatch_deregister:watch w=0x12bc250 wpath=(null) token=0/0: deregister slotnum=0 Move dcs->console_xswait initialization into the callers of initiate_domain_create, do_domain_create() and do_domain_soft_reset(), so it is initialized along with the other dcs state. Fixes: c57e6ebd8c3e ("(lib)xl: soft reset support") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD master commit: d2ecf97f911fc00a85b34b70ca311b5d355a9756 master date: 2022-04-01 17:01:57 +0100 --- tools/libs/light/libxl_create.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index f3878cecc1..2f171a190a 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1226,8 +1226,6 @@ static void initiate_domain_create(libxl__egc *egc, libxl_domain_config *const d_config = dcs->guest_config; libxl__domain_build_state *dbs = &dcs->build_state; - libxl__xswait_init(&dcs->console_xswait); - domid = dcs->domid; libxl__domain_build_state_init(dbs); dbs->restore = dcs->restore_fd >= 0; @@ -2042,6 +2040,7 @@ static int do_domain_create(libxl_ctx *ctx, libxl_domain_config *d_config, cdcs->dcs.callback = domain_create_cb; cdcs->dcs.domid = INVALID_DOMID; cdcs->dcs.soft_reset = false; + libxl__xswait_init(&cdcs->dcs.console_xswait); if (cdcs->dcs.restore_params.checkpointed_stream == LIBXL_CHECKPOINTED_STREAM_COLO) { @@ -2142,6 +2141,7 @@ static int do_domain_soft_reset(libxl_ctx *ctx, cdcs->dcs.domid = domid; cdcs->dcs.soft_reset = true; cdcs->dcs.callback = domain_create_cb; + libxl__xswait_init(&cdcs->dcs.console_xswait); libxl__ao_progress_gethow(&srs->cdcs.dcs.aop_console_how, aop_console_how); cdcs->domid_out = &domid_out; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 08:33:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 08:33:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299713.510818 (Exim 4.92) (envelope-from ) id 1nc16e-00058z-7v; Wed, 06 Apr 2022 08:33:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299713.510818; Wed, 06 Apr 2022 08:33:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16e-00058r-55; Wed, 06 Apr 2022 08:33:36 +0000 Received: by outflank-mailman (input) for mailman id 299713; Wed, 06 Apr 2022 08:33:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16c-00058h-Ve for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16c-00081X-Uj for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc16c-0000Gv-Tw for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9FwizzhUpLQgfbbvYdxHoeMk42FWoedQetuKEk8Rt6g=; b=HgEh+KCJ08n4qWrtO77aMRErQ7 W5OPgLjyToPnLld1Hx0Jn5+7fleaz9JVP2oXixSh9DVa3PTC43nvgPLr3l1L4XTNjlRLXkyeW4ny7 jrOQHlVHWlpIAhUHwOfCu5Hyd2+XBoUkz1lryJNXNQvbl0vzJOLHY9qVsVMRNkQWZZMc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl: Re-scope qmp_proxy_spawn.ao usage Message-Id: Date: Wed, 06 Apr 2022 08:33:34 +0000 commit 7b181e559a09e08ef5968c8c21dcac62e17ad7cb Author: Jason Andryuk AuthorDate: Wed Apr 6 10:23:32 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:23:32 2022 +0200 libxl: Re-scope qmp_proxy_spawn.ao usage I've observed this failed assertion: libxl_event.c:2057: libxl__ao_inprogress_gc: Assertion `ao' failed. AFAICT, this is happening in qmp_proxy_spawn_outcome where sdss->qmp_proxy_spawn.ao is NULL. The out label of spawn_stub_launch_dm() calls qmp_proxy_spawn_outcome(), but it is only in the success path that sdss->qmp_proxy_spawn.ao gets set to the current ao. qmp_proxy_spawn_outcome() should instead use sdss->dm.spawn.ao, which is the already in-use ao when spawn_stub_launch_dm() is called. The same is true for spawn_qmp_proxy(). With this, move sdss->qmp_proxy_spawn.ao initialization to spawn_qmp_proxy() since its use is for libxl__spawn_spawn() and it can be initialized along with the rest of sdss->qmp_proxy_spawn. Fixes: 83c845033dc8 ("libxl: use vchan for QMP access with Linux stubdomain") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD master commit: d62a34423a1a98aefd7c30e22d2d82d198f077c8 master date: 2022-04-01 17:01:57 +0100 --- tools/libs/light/libxl_dm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 9949632eb8..24f6e73b0a 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -2567,7 +2567,6 @@ static void spawn_stub_launch_dm(libxl__egc *egc, goto out; } - sdss->qmp_proxy_spawn.ao = ao; if (libxl__stubdomain_is_linux(&guest_config->b_info)) { spawn_qmp_proxy(egc, sdss); } else { @@ -2584,7 +2583,7 @@ out: static void spawn_qmp_proxy(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); const uint32_t guest_domid = sdss->dm.guest_domid; const uint32_t dm_domid = sdss->pvqemu.guest_domid; const char *dom_path = libxl__xs_get_dompath(gc, dm_domid); @@ -2598,6 +2597,7 @@ static void spawn_qmp_proxy(libxl__egc *egc, goto out; } + sdss->qmp_proxy_spawn.ao = ao; sdss->qmp_proxy_spawn.what = GCSPRINTF("domain %d device model qmp proxy", guest_domid); sdss->qmp_proxy_spawn.pidpath = GCSPRINTF("%s/image/qmp-proxy-pid", dom_path); sdss->qmp_proxy_spawn.xspath = DEVICE_MODEL_XS_PATH(gc, LIBXL_TOOLSTACK_DOMID, @@ -2685,7 +2685,7 @@ static void qmp_proxy_spawn_outcome(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss, int rc) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); /* * Until xenconsoled learns how to handle multiple consoles, require qemu * in dom0 to serve consoles for a stubdomain - it require at least 3 of them. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 08:33:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 08:33:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299715.510822 (Exim 4.92) (envelope-from ) id 1nc16o-0005Bu-9U; Wed, 06 Apr 2022 08:33:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299715.510822; Wed, 06 Apr 2022 08:33:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16o-0005Bm-6X; Wed, 06 Apr 2022 08:33:46 +0000 Received: by outflank-mailman (input) for mailman id 299715; Wed, 06 Apr 2022 08:33:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16n-0005BP-2L for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16n-00081h-1S for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc16n-0000HM-0b for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=edDzGeL2pEzLjQLoyauLHWyOaqwHr6HVLk9ykcGyfn8=; b=Q0amIYqxKnhxw69rGQeGItSx6f xett5um1a4JxejBGaM7VO86IVYTVVcm4ER/ZR4HK5/yxzzMeyq+6ZLtYLfkt/Bce3NBeoimNru6Ob XFJBEY/zc9vI7uu5y9GdyskImjqgWZEG/H9eZZ8MiYU2i9apxgq6JAC50LWYN4/BZ1W0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] tools/firmware: force -fcf-protection=none Message-Id: Date: Wed, 06 Apr 2022 08:33:45 +0000 commit 9fbd91a388b4b45d0330c8cb93702af6ab9ec5d2 Author: Roger Pau MonnĂ© AuthorDate: Wed Apr 6 10:23:52 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:23:52 2022 +0200 tools/firmware: force -fcf-protection=none Do so right in firmware/Rules.mk, like it's done for other compiler flags. Fixes: 3667f7f8f7 ('x86: Introduce support for CET-IBT') Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Anthony PERARD Acked-by: Andrew Cooper master commit: 7225f6e0cd3afd48b4d61c43dd8fead0f4c92193 master date: 2022-04-04 12:30:00 +0100 --- tools/firmware/Rules.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index 9f78a7dec9..c227fe2524 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -15,6 +15,8 @@ CFLAGS += -Werror $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -ffreestanding -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 08:33:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 08:33:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.299716.510826 (Exim 4.92) (envelope-from ) id 1nc16y-0005FB-Au; Wed, 06 Apr 2022 08:33:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 299716.510826; Wed, 06 Apr 2022 08:33:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16y-0005F3-7x; Wed, 06 Apr 2022 08:33:56 +0000 Received: by outflank-mailman (input) for mailman id 299716; Wed, 06 Apr 2022 08:33:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16x-0005Es-5B for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc16x-00081u-4J for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc16x-0000Hx-3X for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 08:33:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2+PhOoJJ3Fa7mhjQSyj/DCeVQ5CnSNUxeL5dM5QisHo=; b=naWU3sLjnD+79xXmMkRqo+LA2w PPyEr+9AP76fROp5mj9oOEWoXK343k1Jj/ImzPNeLsrtEbD0JDlH90gS1oh1FiP+v7XwQa++cgia+ UsycwmpFLJyCc+6Mc69bI9Si4devAAL8cOQ3MQcIonNUemS8hfg4sUvFan1k2qajuEck=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] tools/firmware: do not add a .note.gnu.property section Message-Id: Date: Wed, 06 Apr 2022 08:33:55 +0000 commit 10cd51d5bf5f2d9ebe5f36a1b428f65ff5efd115 Author: Roger Pau MonnĂ© AuthorDate: Wed Apr 6 10:24:10 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:24:10 2022 +0200 tools/firmware: do not add a .note.gnu.property section Prevent the assembler from creating a .note.gnu.property section on the output objects, as it's not useful for firmware related binaries, and breaks the resulting rombios image. This requires modifying the cc-option Makefile macro so it can test assembler options (by replacing the usage of the -S flag with -c) and also stripping the -Wa, prefix if present when checking for the test output. Signed-off-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD Acked-by: Andrew Cooper master commit: e270af94280e6a9610705ebc1fdd1d7a9b1f8a98 master date: 2022-04-04 12:30:07 +0100 --- Config.mk | 2 +- tools/firmware/Rules.mk | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index ae5eaecd62..2593e5aa78 100644 --- a/Config.mk +++ b/Config.mk @@ -91,7 +91,7 @@ PYTHON_PREFIX_ARG ?= --prefix="$(prefix)" # # Usage: cflags-y += $(call cc-option,$(CC),-march=winchip-c6,-march=i586) cc-option = $(shell if test -z "`echo 'void*p=1;' | \ - $(1) $(2) -S -o /dev/null -x c - 2>&1 | grep -- $(2) -`"; \ + $(1) $(2) -c -o /dev/null -x c - 2>&1 | grep -- $(2:-Wa$(comma)%=%) -`"; \ then echo "$(2)"; else echo "$(3)"; fi ;) # cc-option-add: Add an option to compilation flags, but only if supported. diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index c227fe2524..278cca01e4 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -17,6 +17,10 @@ $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +# Do not add the .note.gnu.property section to any of the firmware objects: it +# breaks the rombios binary and is not useful for firmware anyway. +$(call cc-option-add,CFLAGS,CC,-Wa$$(comma)-mx86-used-note=no) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -ffreestanding -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:33:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:33:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300027.511492 (Exim 4.92) (envelope-from ) id 1nc8ae-0005fy-A7; Wed, 06 Apr 2022 16:33:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300027.511492; Wed, 06 Apr 2022 16:33:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8ae-0005fr-7E; Wed, 06 Apr 2022 16:33:04 +0000 Received: by outflank-mailman (input) for mailman id 300027; Wed, 06 Apr 2022 16:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8ac-0005fk-Ju for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8ac-0000Lj-I4 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8ac-0004LJ-HG for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RZHOTOsqrhDsS0Py72gJ/KEqLi65iM7c4WbhqobaXQE=; b=WSpj8dLENA5ox5syUZbaB5H8Ms ta9seiitgBflRMu8RRKwWmWLCWGOKO8DfwX5LUdRsMgLqipbijMkcEAxBwI2ahCsJHeZMgfupyGIx eJac7NsR5V3LGHFem0cWinSwX1emPsm1x3Denqst/Y0JsfCjOs853TDAMcr4ayeKvmjE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86: Introduce support for CET-IBT Message-Id: Date: Wed, 06 Apr 2022 16:33:02 +0000 commit d220178b3cad69a4d9a6bd0ec80bca75ff701586 Author: Andrew Cooper AuthorDate: Thu Oct 21 18:38:50 2021 +0100 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86: Introduce support for CET-IBT CET Indirect Branch Tracking is a hardware feature designed to provide forward-edge control flow integrity, protecting against jump/call oriented programming. IBT requires the placement of endbr{32,64} instructions at the target of every indirect call/jmp, and every entrypoint. It is necessary to check for both compiler and assembler support, as the notrack prefix can be emitted in certain cases. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 3667f7f8f7c471e94e58cf35a95f09a0fe5c1290) Note: For backports to 4.14 thru 4.16, we are deliberately not using -mmanual-endbr as done in staging, as an intermediate approach which is not too invasive to backport. x86/cet: Force -fno-jump-tables for CET-IBT Both GCC and Clang have a (mis)feature where, even with -fcf-protection=branch, jump tables are created using a notrack jump rather than using endbr's in each case statement. This is incompatible with the safety properties we want in Xen, and enforced by not setting MSR_S_CET.NOTRACK_EN. The consequence is a fatal #CP[endbr]. -fno-jump-tables is generally active as a side effect of CONFIG_INDIRECT_THUNK (retpoline), but as of c/s 95d9ab461436 ("x86/Kconfig: introduce option to select retpoline usage"), we explicitly support turning retpoline off. Fixes: 3667f7f8f7c4 ("x86: Introduce support for CET-IBT") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9d4a44380d273de22d5753883cbf5581795ff24d) --- Config.mk | 1 - xen/arch/x86/Kconfig | 17 +++++++++++++++++ xen/arch/x86/arch.mk | 9 +++++++++ xen/arch/x86/configs/pvshim_defconfig | 1 + xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/cpufeatures.h | 1 + xen/include/asm-x86/indirect_thunk_asm.h | 6 ++++++ 7 files changed, 35 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index 1356e6e151..69ea750856 100644 --- a/Config.mk +++ b/Config.mk @@ -205,7 +205,6 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables -EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 8af5d6be80..950deaa032 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -38,6 +38,11 @@ config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) +config HAS_CC_CET_IBT + # GCC >= 9 and binutils >= 2.29 + # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 + def_bool $(cc-option,-fcf-protection=branch -mindirect-branch=thunk-extern) && $(as-instr,endbr64) + menu "Architecture Features" source "arch/Kconfig" @@ -118,6 +123,18 @@ config XEN_SHSTK When CET-SS is active, 32bit PV guests cannot be used. Backwards compatiblity can be provided via the PV Shim mechanism. +config XEN_IBT + bool "Supervisor Indirect Branch Tracking" + depends on HAS_CC_CET_IBT + default y + help + Control-flow Enforcement Technology (CET) is a set of features in + hardware designed to combat Return-oriented Programming (ROP, also + call/jump COP/JOP) attacks. Indirect Branch Tracking is one CET + feature designed to provide function pointer protection. + + This option arranges for Xen to use CET-IBT for its own protection. + config SHADOW_PAGING bool "Shadow Paging" default y diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 04e967436b..7a7ff7dd7d 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -45,6 +45,15 @@ CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch-register CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables +ifdef CONFIG_XEN_IBT +# Force -fno-jump-tables to work around +# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816 +# https://github.com/llvm/llvm-project/issues/54247 +CFLAGS += -fcf-protection=branch -fno-jump-tables +else +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +endif + # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. $(call cc-option-add,CFLAGS-stack-boundary,CC,-mpreferred-stack-boundary=3) diff --git a/xen/arch/x86/configs/pvshim_defconfig b/xen/arch/x86/configs/pvshim_defconfig index 3af48d6c06..6da7ecb595 100644 --- a/xen/arch/x86/configs/pvshim_defconfig +++ b/xen/arch/x86/configs/pvshim_defconfig @@ -10,6 +10,7 @@ CONFIG_SCHED_NULL=y # Disable features not used by the PV shim # CONFIG_HVM is not set # CONFIG_XEN_SHSTK is not set +# CONFIG_XEN_IBT is not set # CONFIG_HYPFS is not set # CONFIG_SHADOW_PAGING is not set # CONFIG_BIGMEM is not set diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 004cbdcb10..e93e72bbbd 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -149,6 +149,7 @@ #define cpu_has_lfence_dispatch boot_cpu_has(X86_FEATURE_LFENCE_DISPATCH) #define cpu_has_xen_lbr boot_cpu_has(X86_FEATURE_XEN_LBR) #define cpu_has_xen_shstk boot_cpu_has(X86_FEATURE_XEN_SHSTK) +#define cpu_has_xen_ibt boot_cpu_has(X86_FEATURE_XEN_IBT) #define cpu_has_msr_tsc_aux (cpu_has_rdtscp || cpu_has_rdpid) diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 6c8f432aee..fe2f97354f 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -39,6 +39,7 @@ XEN_CPUFEATURE(SC_VERW_PV, X86_SYNTH(23)) /* VERW used by Xen for PV */ XEN_CPUFEATURE(SC_VERW_HVM, X86_SYNTH(24)) /* VERW used by Xen for HVM */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ +XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/include/asm-x86/indirect_thunk_asm.h b/xen/include/asm-x86/indirect_thunk_asm.h index 71e6de5bf7..26874bb0d8 100644 --- a/xen/include/asm-x86/indirect_thunk_asm.h +++ b/xen/include/asm-x86/indirect_thunk_asm.h @@ -50,4 +50,10 @@ asm ( "\t.include \"asm/indirect_thunk_asm.h\"" ); INDIRECT_BRANCH jmp \arg .endm +#ifdef CONFIG_XEN_IBT +# define ENDBR64 endbr64 +#else +# define ENDBR64 +#endif + #endif -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:33:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:33:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300028.511497 (Exim 4.92) (envelope-from ) id 1nc8ao-0005hm-Ba; Wed, 06 Apr 2022 16:33:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300028.511497; Wed, 06 Apr 2022 16:33:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8ao-0005he-8j; Wed, 06 Apr 2022 16:33:14 +0000 Received: by outflank-mailman (input) for mailman id 300028; Wed, 06 Apr 2022 16:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8am-0005hR-MD for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8am-0000Ln-LJ for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8am-0004Lv-KS for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UFaTUkC9Yw3YNSR9Ywcr0QY/ibyaTGVjfVMRBJB+O94=; b=S5+hdz97YZdTcedW7pdSFZLha0 I4s1UY47Qv8Cw6e48GZsXSAxjA2bgmXiYBJz7eWfmyCtAw5QSL9Y+FR7Q7cNdVRCn2VRJb5WJVG04 Q10tdHveQhPPZMjQIJlzRuQZAmkaLwCV/ZoK239O5ihY4TAFxbJGu+PN8xkFFgrbNNhw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/setup: Read CR4 earlier in __start_xen() Message-Id: Date: Wed, 06 Apr 2022 16:33:12 +0000 commit 6c932a788cdca15494e1c9d06c7befacf1583a2a Author: Andrew Cooper AuthorDate: Mon Nov 1 10:19:57 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/setup: Read CR4 earlier in __start_xen() This is necessary for read_cr4() to function correctly. Move the EFER caching at the same time. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9851bc4939101828d2ad7634b93c0d9ccaef5b7e) --- xen/arch/x86/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index d5274f8c21..297845d691 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -851,6 +851,9 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ + rdmsrl(MSR_EFER, this_cpu(efer)); + asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -897,9 +900,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) parse_video_info(); - rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); - /* We initialise the serial devices very early so we can get debugging. */ ns16550.io_base = 0x3f8; ns16550.irq = 4; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:33:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300029.511501 (Exim 4.92) (envelope-from ) id 1nc8ax-0005kI-D7; Wed, 06 Apr 2022 16:33:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300029.511501; Wed, 06 Apr 2022 16:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8ax-0005k1-A2; Wed, 06 Apr 2022 16:33:23 +0000 Received: by outflank-mailman (input) for mailman id 300029; Wed, 06 Apr 2022 16:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8aw-0005jv-PG for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8aw-0000MO-OQ for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8aw-0004MU-Nd for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ekw0hyYjKo/50ei9wnK9DQSQTe/uj/qXvRgM0b7nntg=; b=zrd+ylAqG9X+7Rg0Le1KZnkCyZ goLqo/LtxdybULo6KlqRxczfYVo/gQYUQtVuehLzLJoEbcd+0mp7IaHOBMtvIVxNQMiNtJK69b8rY wBN95PC19YQYRRgdN4ox84y+GowNOavow0Jsc75tSh3dDOrwGE36jUnc2elde1dZcQIY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/alternatives: Clear CR4.CET when clearing CR0.WP Message-Id: Date: Wed, 06 Apr 2022 16:33:22 +0000 commit 5e7db069bde7ce50fe15e42dbd2468d294ae78db Author: Andrew Cooper AuthorDate: Mon Nov 1 10:17:59 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/alternatives: Clear CR4.CET when clearing CR0.WP This allows us to have CET active much earlier in boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 48cdc15a424f9fadad7f9aed00e7dc8ef16a2196) --- xen/arch/x86/alternative.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 004e9ede25..41415db08c 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -334,9 +334,13 @@ static int __init nmi_apply_alternatives(const struct cpu_user_regs *regs, */ if ( !(alt_done & alt_todo) ) { - unsigned long cr0; + unsigned long cr0, cr4; cr0 = read_cr0(); + cr4 = read_cr4(); + + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4 & ~X86_CR4_CET); /* Disable WP to allow patching read-only pages. */ write_cr0(cr0 & ~X86_CR0_WP); @@ -346,6 +350,9 @@ static int __init nmi_apply_alternatives(const struct cpu_user_regs *regs, write_cr0(cr0); + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4); + alt_done |= alt_todo; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:33:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:33:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300030.511505 (Exim 4.92) (envelope-from ) id 1nc8b7-0005o4-EP; Wed, 06 Apr 2022 16:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300030.511505; Wed, 06 Apr 2022 16:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8b7-0005ny-BT; Wed, 06 Apr 2022 16:33:33 +0000 Received: by outflank-mailman (input) for mailman id 300030; Wed, 06 Apr 2022 16:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8b6-0005no-SR for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8b6-0000Mb-Ra for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8b6-0004Mx-Qg for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=v/ArTfdW9ILQ4Ob/xdqlJWocd08SHxtAmGGL3cp0RhY=; b=CUYHw7IWh/rPFe0fSP34I8of4T Hvhmcb25uQGfBUwYOs0TPw4SjWr8r5P9ec3A9xh/RIFHwu8PhnMrwOYXuRDeDqnnC/hpuLVKoQah5 kRLKWkq6jWUUhfvaJenxoTefvnosNu1W4M2EXflfmqoHAshTXRcSY2d1tWdM8gDc2SaQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/traps: Rework write_stub_trampoline() to not hardcode the jmp Message-Id: Date: Wed, 06 Apr 2022 16:33:32 +0000 commit 334120359d575b35ceeb261a1c854749e440217d Author: Andrew Cooper AuthorDate: Mon Nov 1 12:36:33 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/traps: Rework write_stub_trampoline() to not hardcode the jmp For CET-IBT, we will need to optionally insert an endbr64 instruction at the start of the stub. Don't hardcode the jmp displacement assuming that it starts at byte 24 of the stub. Also add extra comments describing what is going on. The mix of %rax and %rsp is far from trivial to follow. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 809beac3e7fdfd20000386453c64a1e2a3d93075) --- xen/arch/x86/x86_64/traps.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index 93af0c5e87..9695a30050 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -271,30 +271,39 @@ static unsigned int write_stub_trampoline( unsigned char *stub, unsigned long stub_va, unsigned long stack_bottom, unsigned long target_va) { + unsigned char *p = stub; + + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ - stub[0] = 0x48; - stub[1] = 0xa3; - *(uint64_t *)&stub[2] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xa3; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp in %rax */ /* movq %rsp, %rax */ - stub[10] = 0x48; - stub[11] = 0x89; - stub[12] = 0xe0; + *p++ = 0x48; + *p++ = 0x89; + *p++ = 0xe0; + /* Switch to Xen stack */ /* movabsq $stack_bottom - 8, %rsp */ - stub[13] = 0x48; - stub[14] = 0xbc; - *(uint64_t *)&stub[15] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xbc; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp into %rsp slot */ /* pushq %rax */ - stub[23] = 0x50; + *p++ = 0x50; /* jmp target_va */ - stub[24] = 0xe9; - *(int32_t *)&stub[25] = target_va - (stub_va + 29); + *p++ = 0xe9; + *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); + p += 4; /* Round up to a multiple of 16 bytes. */ - return 32; + return ROUNDUP(p - stub, 16); } DEFINE_PER_CPU(struct stubs, stubs); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:33:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:33:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300031.511508 (Exim 4.92) (envelope-from ) id 1nc8bH-0005qp-Fu; Wed, 06 Apr 2022 16:33:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300031.511508; Wed, 06 Apr 2022 16:33:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bH-0005qh-D2; Wed, 06 Apr 2022 16:33:43 +0000 Received: by outflank-mailman (input) for mailman id 300031; Wed, 06 Apr 2022 16:33:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bG-0005qb-VV for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bG-0000Ml-Ud for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8bG-0004NS-To for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3inq4NUjg0wAnQgi+DUI0T8IjLE5tC1h59alo2xomwI=; b=thQMbY6xH6RQqxT3WkmcBjj8v5 NZz2H4bOJaYmEmpNWu5Z1nt8lxDRH2HAAFieJKXqBDELSVVasxM+khcg5FCj/It7V6MMwxOaiZnIo aY4/FmUXMnhTr0WQeXMHgy+edZzhXpsfQPmwILgVFj6MEvgaGSP0Ee+A/GRDNtSl5zkY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86: Introduce helpers/checks for endbr64 instructions Message-Id: Date: Wed, 06 Apr 2022 16:33:42 +0000 commit fbc882c026334c62432f12d31f0f987d7fd5ed1c Author: Andrew Cooper AuthorDate: Fri Nov 26 15:34:08 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86: Introduce helpers/checks for endbr64 instructions ... to prevent the optimiser creating unsafe code. See the code comment for full details. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4046ba97446e3974a4411db227263a9f11e0aeb4) Note: For the backport to 4.14 thru 4.16, we don't care for embedded endbr64 specifically, but place_endbr64() is a prerequisite for other parts of the series. --- xen/include/asm-x86/endbr.h | 55 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/xen/include/asm-x86/endbr.h b/xen/include/asm-x86/endbr.h new file mode 100644 index 0000000000..6090afeb0b --- /dev/null +++ b/xen/include/asm-x86/endbr.h @@ -0,0 +1,55 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2021-2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_ENDBR_H +#define XEN_ASM_ENDBR_H + +#include + +#define ENDBR64_LEN 4 + +/* + * In some cases we need to inspect/insert endbr64 instructions. + * + * The naive way, mem{cmp,cpy}(ptr, "\xf3\x0f\x1e\xfa", 4), optimises unsafely + * by placing 0xfa1e0ff3 in an imm32 operand, and marks a legal indirect + * branch target as far as the CPU is concerned. + * + * gen_endbr64() is written deliberately to avoid the problematic operand, and + * marked __const__ as it is safe for the optimiser to hoist/merge/etc. + */ +static inline uint32_t __attribute_const__ gen_endbr64(void) +{ + uint32_t res; + + asm ( "mov $~0xfa1e0ff3, %[res]\n\t" + "not %[res]\n\t" + : [res] "=&r" (res) ); + + return res; +} + +static inline bool is_endbr64(const void *ptr) +{ + return *(const uint32_t *)ptr == gen_endbr64(); +} + +static inline void place_endbr64(void *ptr) +{ + *(uint32_t *)ptr = gen_endbr64(); +} + +#endif /* XEN_ASM_ENDBR_H */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:33:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:33:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300032.511513 (Exim 4.92) (envelope-from ) id 1nc8bR-0005tp-HP; Wed, 06 Apr 2022 16:33:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300032.511513; Wed, 06 Apr 2022 16:33:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bR-0005th-Ea; Wed, 06 Apr 2022 16:33:53 +0000 Received: by outflank-mailman (input) for mailman id 300032; Wed, 06 Apr 2022 16:33:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bR-0005tb-2J for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bR-0000My-1W for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8bR-0004Nt-0j for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:33:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KoBrbAPAoDVbv1cFxskq8JtREDmJM1Asx9IMEfTANys=; b=sRpjSP8G5pHVdzptaG5JD9d9eH +9Bqmvm3rEHtyAwNj41J8o4r56vAsBSJjjwbK3MBlmWu7I/+M7s+U4vVJ4BFX09yS651ZwyCaw5sc YeN/bTo00crkEhLAtMLt6XPc6Xt6jhVwb7DiIYu7bwmg6OVKmhDRJwQCR+bA9pJxfZ0s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/emul: Update emulation stubs to be CET-IBT compatible Message-Id: Date: Wed, 06 Apr 2022 16:33:53 +0000 commit 56bf74df512c6feb20cecc12106b915ffc80bbbf Author: Andrew Cooper AuthorDate: Mon Nov 1 10:09:59 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/emul: Update emulation stubs to be CET-IBT compatible All indirect branches need to land on an endbr64 instruction. For stub_selftests(), use endbr64 unconditionally for simplicity. For ioport and instruction emulation, add endbr64 conditionally. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0d101568d29e8b4bfd33f20031fedec2652aa0cf) --- xen/arch/x86/extable.c | 12 +++++++----- xen/arch/x86/pv/emul-priv-op.c | 7 +++++++ xen/arch/x86/x86_emulate.c | 13 +++++++++++-- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index 70972f1085..878f9dae49 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -129,20 +129,22 @@ search_exception_table(const struct cpu_user_regs *regs) static int __init stub_selftest(void) { static const struct { - uint8_t opc[4]; + uint8_t opc[8]; uint64_t rax; union stub_exception_token res; } tests[] __initconst = { - { .opc = { 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ +#define endbr64 0xf3, 0x0f, 0x1e, 0xfa + { .opc = { endbr64, 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ .res.fields.trapnr = TRAP_invalid_op }, - { .opc = { 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ + { .opc = { endbr64, 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ .rax = 0x0123456789abcdef, .res.fields.trapnr = TRAP_gp_fault }, - { .opc = { 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ + { .opc = { endbr64, 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ .rax = 0xfedcba9876543210, .res.fields.trapnr = TRAP_stack_error }, - { .opc = { 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ + { .opc = { endbr64, 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ .res.fields.trapnr = TRAP_int3 }, +#undef endbr64 }; unsigned long addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; unsigned int i; diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 5399fe382f..6a69af46ba 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -26,6 +26,7 @@ #include #include +#include #include #include #include @@ -110,6 +111,12 @@ static io_emul_stub_t *io_emul_stub_setup(struct priv_op_ctxt *ctxt, u8 opcode, p = ctxt->io_emul_stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + APPEND_BUFF(prologue); APPEND_CALL(load_guest_gprs); diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c index 1e082e6f3b..379e889768 100644 --- a/xen/arch/x86/x86_emulate.c +++ b/xen/arch/x86/x86_emulate.c @@ -17,6 +17,7 @@ #include #include /* cpu_has_amd_erratum() */ #include +#include /* Avoid namespace pollution. */ #undef cmpxchg @@ -29,11 +30,19 @@ cpu_has_amd_erratum(¤t_cpu_data, AMD_ERRATUM_##nr) #define get_stub(stb) ({ \ + void *ptr; \ BUILD_BUG_ON(STUB_BUF_SIZE / 2 < MAX_INST_LEN + 1); \ ASSERT(!(stb).ptr); \ (stb).addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; \ - memset(((stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn)))) + \ - ((stb).addr & ~PAGE_MASK), 0xcc, STUB_BUF_SIZE / 2); \ + (stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn))) + \ + ((stb).addr & ~PAGE_MASK); \ + ptr = memset((stb).ptr, 0xcc, STUB_BUF_SIZE / 2); \ + if ( cpu_has_xen_ibt ) \ + { \ + place_endbr64(ptr); \ + ptr += 4; \ + } \ + ptr; \ }) #define put_stub(stb) ({ \ if ( (stb).ptr ) \ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:34:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:34:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300033.511517 (Exim 4.92) (envelope-from ) id 1nc8bb-0005xL-KL; Wed, 06 Apr 2022 16:34:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300033.511517; Wed, 06 Apr 2022 16:34:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bb-0005xD-HS; Wed, 06 Apr 2022 16:34:03 +0000 Received: by outflank-mailman (input) for mailman id 300033; Wed, 06 Apr 2022 16:34:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bb-0005x5-5h for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bb-0000NM-4o for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8bb-0004OZ-3w for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lt5XUP7qXxprejxcjmgpRsaJ4kDWPpOfm3VQnvaK1gY=; b=D/R7hAaMfmKdjUDusymOuGs4Fm vmo1zR51vUnfHMWey0nm5Zwyd60BiJhyVeVHqn6lvtZU2EKHjb4CNi13emtXtDIu8N3MWyo1uLCJ2 wpvBuV6cpkx2RJsLVNliipT8fyG1khbdyGH8tdJCM+jeEV4bSwC45LQ4C3Yo4DzZDSWw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Message-Id: Date: Wed, 06 Apr 2022 16:34:03 +0000 commit ae18093e2093549e83164a90dd261b94fe8555a0 Author: Andrew Cooper AuthorDate: Mon Nov 1 09:51:16 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Each of MSR_{L,C}STAR and MSR_SYSENTER_EIP need to land on an endbr64 instruction. For sysenter, this is easy. Unfortunately for syscall, the stubs are already 29 byte long with a limit of 32. endbr64 is 4 bytes. Luckily, there is a 1 byte instruction which can move from the stubs into the main handlers. Move the push %rax out of the stub and into {l,c}star_entry(), allowing room for the endbr64 instruction when appropriate. Update the comment describing the entry state. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 17d77ec62a299f4299883ec79ab10cacafd0b2f5) --- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 14 +++++++------- xen/arch/x86/x86_64/traps.c | 11 +++++++---- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 3b2136b272..f657c96ae6 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -200,9 +200,9 @@ ENTRY(cstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ + push %rax /* Guest %rsp */ CR4_PV32_RESTORE - movq 8(%rsp),%rax /* Restore %rax. */ + movq 8(%rsp), %rax /* Restore guest %rax. */ movq $FLAT_USER_SS32, 8(%rsp) /* Assume a 64bit domain. Compat handled lower. */ pushq %r11 pushq $FLAT_USER_CS32 diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 000eb9722b..c26de0ec7c 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -229,18 +229,17 @@ iret_exit_to_guest: * When entering SYSCALL from user mode: * Vector directly to the registered arch.syscall_addr. * - * Initial work is done by per-CPU trampolines. At this point %rsp has been - * initialised to point at the correct Xen stack, %rsp has been saved, and - * %rax needs to be restored from the %ss save slot. All other registers are - * still to be saved onto the stack, starting with RFLAGS, and an appropriate - * %ss must be saved into the space left by the trampoline. + * Initial work is done by per-CPU trampolines. + * - Guest %rax stored in the %ss slot + * - Guest %rsp stored in %rax + * - Xen stack loaded, pointing at the %ss slot */ ENTRY(lstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ - movq 8(%rsp),%rax /* Restore %rax. */ + push %rax /* Guest %rsp */ + movq 8(%rsp), %rax /* Restore guest %rax */ movq $FLAT_KERNEL_SS,8(%rsp) pushq %r11 pushq $FLAT_KERNEL_CS64 @@ -272,6 +271,7 @@ ENTRY(lstar_enter) jmp test_all_events ENTRY(sysenter_entry) + ENDBR64 #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index 9695a30050..957127ac4a 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -273,6 +274,12 @@ static unsigned int write_stub_trampoline( { unsigned char *p = stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ *p++ = 0x48; @@ -293,10 +300,6 @@ static unsigned int write_stub_trampoline( *(uint64_t *)p = stack_bottom - 8; p += 8; - /* Store guest %rsp into %rsp slot */ - /* pushq %rax */ - *p++ = 0x50; - /* jmp target_va */ *p++ = 0xe9; *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:34:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:34:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300035.511521 (Exim 4.92) (envelope-from ) id 1nc8bm-00060L-M7; Wed, 06 Apr 2022 16:34:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300035.511521; Wed, 06 Apr 2022 16:34:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bm-00060E-J5; Wed, 06 Apr 2022 16:34:14 +0000 Received: by outflank-mailman (input) for mailman id 300035; Wed, 06 Apr 2022 16:34:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bl-000605-8o for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bl-0000NW-82 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8bl-0004PQ-7F for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HS3h28Rhkl5+aLxg+Q1aZf+JkkYkgf8I34Qeg5reZi8=; b=bV7s6bG4fbugxM+7qD1XQC94Qp R05J5nYee01aUwhxdBCE3iXc26O8Tzx7MT7QsmVKYTaDK8PK30YtYmjZv6hjnFOq8Hl/+wBavdVfv Qhvylhk4LPj1TxpHSrDTfIAL3QzCLHi4FaWfGiwopQeWvptFZTYzDDIAceFZP8kIxC8E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/entry: Make IDT entrypoints CET-IBT compatible Message-Id: Date: Wed, 06 Apr 2022 16:34:13 +0000 commit 3e010879f3ba4d4d455b554593e9c037338508d3 Author: Andrew Cooper AuthorDate: Mon Nov 1 17:08:24 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/entry: Make IDT entrypoints CET-IBT compatible Each IDT vector needs to land on an endbr64 instruction. This is especially important for the #CP handler, which will recurse indefinitely if the endbr64 is missing, eventually escalating to #DF if guard pages are active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e702e36d1d519f4b66086650c1c47d6bac96d4b9) Also include the continue_pv_domain() change from c/s 954bb07fdb5fad which is also in entry.S --- xen/arch/x86/x86_64/compat/entry.S | 1 + xen/arch/x86/x86_64/entry.S | 31 +++++++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index f657c96ae6..b67468f7c9 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -12,6 +12,7 @@ #include ENTRY(entry_int82) + ENDBR64 ASM_CLAC pushq $0 movl $HYPERCALL_VECTOR, 4(%rsp) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index c26de0ec7c..cbf332e752 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -333,6 +333,7 @@ UNLIKELY_END(sysenter_gpf) jmp .Lbounce_exception ENTRY(int80_direct_trap) + ENDBR64 ASM_CLAC pushq $0 movl $0x80, 4(%rsp) @@ -559,6 +560,7 @@ ENTRY(dom_crash_sync_extable) /* No special register assumptions. */ ENTRY(ret_from_intr) #ifdef CONFIG_PV + ENDBR64 GET_CURRENT(bx) testb $3, UREGS_cs(%rsp) jz restore_all_xen @@ -623,6 +625,7 @@ ENTRY(common_interrupt) jmp ret_from_intr ENTRY(page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) /* No special register assumptions. */ GLOBAL(handle_exception) @@ -760,75 +763,91 @@ FATAL_exception_with_ints_disabled: BUG /* fatal_trap() shouldn't return. */ ENTRY(divide_error) + ENDBR64 pushq $0 movl $TRAP_divide_error,4(%rsp) jmp handle_exception ENTRY(coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_copro_error,4(%rsp) jmp handle_exception ENTRY(simd_coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_simd_error,4(%rsp) jmp handle_exception ENTRY(device_not_available) + ENDBR64 pushq $0 movl $TRAP_no_device,4(%rsp) jmp handle_exception ENTRY(debug) + ENDBR64 pushq $0 movl $TRAP_debug,4(%rsp) jmp handle_ist_exception ENTRY(int3) + ENDBR64 pushq $0 movl $TRAP_int3,4(%rsp) jmp handle_exception ENTRY(overflow) + ENDBR64 pushq $0 movl $TRAP_overflow,4(%rsp) jmp handle_exception ENTRY(bounds) + ENDBR64 pushq $0 movl $TRAP_bounds,4(%rsp) jmp handle_exception ENTRY(invalid_op) + ENDBR64 pushq $0 movl $TRAP_invalid_op,4(%rsp) jmp handle_exception ENTRY(invalid_TSS) + ENDBR64 movl $TRAP_invalid_tss,4(%rsp) jmp handle_exception ENTRY(segment_not_present) + ENDBR64 movl $TRAP_no_segment,4(%rsp) jmp handle_exception ENTRY(stack_segment) + ENDBR64 movl $TRAP_stack_error,4(%rsp) jmp handle_exception ENTRY(general_protection) + ENDBR64 movl $TRAP_gp_fault,4(%rsp) jmp handle_exception ENTRY(alignment_check) + ENDBR64 movl $TRAP_alignment_check,4(%rsp) jmp handle_exception ENTRY(entry_CP) + ENDBR64 movl $X86_EXC_CP, 4(%rsp) jmp handle_exception ENTRY(double_fault) + ENDBR64 movl $TRAP_double_fault,4(%rsp) /* Set AC to reduce chance of further SMAP faults */ SAVE_ALL STAC @@ -853,6 +872,7 @@ ENTRY(double_fault) .pushsection .init.text, "ax", @progbits ENTRY(early_page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) SAVE_ALL movq %rsp,%rdi @@ -861,6 +881,7 @@ ENTRY(early_page_fault) .popsection ENTRY(nmi) + ENDBR64 pushq $0 movl $TRAP_nmi,4(%rsp) handle_ist_exception: @@ -957,12 +978,14 @@ handle_ist_exception: #endif ENTRY(machine_check) + ENDBR64 pushq $0 movl $TRAP_machine_check,4(%rsp) jmp handle_ist_exception /* No op trap handler. Required for kexec crash path. */ GLOBAL(trap_nop) + ENDBR64 iretq /* Table of automatically generated entry points. One per vector. */ @@ -989,7 +1012,9 @@ autogen_stubs: /* Automatically generated stubs. */ #endif ALIGN -1: pushq $0 +1: + ENDBR64 + pushq $0 movb $vec,4(%rsp) jmp common_interrupt @@ -999,7 +1024,9 @@ autogen_stubs: /* Automatically generated stubs. */ .elseif vec == X86_EXC_CSO || vec == X86_EXC_SPV || \ vec == X86_EXC_VE || (vec > X86_EXC_CP && vec < TRAP_nr) -1: test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ +1: + ENDBR64 + test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ jz 2f /* size is 8 bytes. Check whether the processor gave us an */ pushq $0 /* error code, and insert an empty one if not. */ 2: movb $vec,4(%rsp) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:34:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:34:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300036.511525 (Exim 4.92) (envelope-from ) id 1nc8bw-00062w-NS; Wed, 06 Apr 2022 16:34:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300036.511525; Wed, 06 Apr 2022 16:34:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bw-00062p-Ke; Wed, 06 Apr 2022 16:34:24 +0000 Received: by outflank-mailman (input) for mailman id 300036; Wed, 06 Apr 2022 16:34:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bv-00062S-Bz for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8bv-0000O1-BE for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8bv-0004QH-AZ for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4d3VmYRmL8qN2xFvS6hKA7vziXmfIsp2ONe0p+ZRp3c=; b=f/dK8PeDLqgIEiIbb/de2xTR/q hmCTEAp9A3IpcYtTtsy5hik41HD0HQ7s5lO8wC5C7RFPFwXRrs88BC+PPxWDEluq2mNFAX6vSNa/w 9PsWCIuBRckPhNw4g3KkdQYTWIkTxbikcYb7lEG+7u5DUU8ISbUpVR5ka00Mw+sTYnXw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/setup: Rework MSR_S_CET handling for CET-IBT Message-Id: Date: Wed, 06 Apr 2022 16:34:23 +0000 commit 9bdbbf1b46e465adcd066a88d33d47824d2f788c Author: Andrew Cooper AuthorDate: Mon Nov 1 16:13:29 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/setup: Rework MSR_S_CET handling for CET-IBT CET-SS and CET-IBT can be independently controlled, so the configuration of MSR_S_CET can't be constant any more. Introduce xen_msr_s_cet_value(), mostly because I don't fancy writing/maintaining that logic in assembly. Use this in the 3 paths which alter MSR_S_CET when both features are potentially active. To active CET-IBT, we only need CR4.CET and MSR_S_CET.ENDBR_EN. This is common with the CET-SS setup, so reorder the operations to set up CR4 and MSR_S_CET for any nonzero result from xen_msr_s_cet_value(), and set up MSR_PL0_SSP and SSP if SHSTK_EN was also set. Adjust the crash path to disable CET-IBT too. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 311434bfc9d10615adbd340d7fb08c05cd14f4c7) --- xen/arch/x86/acpi/wakeup_prot.S | 38 +++++++++++++++++++++++--------------- xen/arch/x86/boot/x86_64.S | 30 +++++++++++++++++++----------- xen/arch/x86/crash.c | 4 ++-- xen/arch/x86/setup.c | 17 ++++++++++++++++- xen/include/asm-x86/msr-index.h | 1 + 5 files changed, 61 insertions(+), 29 deletions(-) diff --git a/xen/arch/x86/acpi/wakeup_prot.S b/xen/arch/x86/acpi/wakeup_prot.S index 15052c300f..3855ff1ddb 100644 --- a/xen/arch/x86/acpi/wakeup_prot.S +++ b/xen/arch/x86/acpi/wakeup_prot.S @@ -63,7 +63,26 @@ ENTRY(s3_resume) pushq %rax lretq 1: -#ifdef CONFIG_XEN_SHSTK +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_cet_done + + /* Set up MSR_S_CET. */ + mov $MSR_S_CET, %ecx + xor %edx, %edx + wrmsr + + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_cet_done + /* * Restoring SSP is a little complicated, because we are intercepting * an in-use shadow stack. Write a temporary token under the stack, @@ -71,14 +90,6 @@ ENTRY(s3_resume) * reset MSR_PL0_SSP to its usual value and pop the temporary token. */ mov saved_ssp(%rip), %rdi - cmpq $1, %rdi - je .L_shstk_done - - /* Set up MSR_S_CET. */ - mov $MSR_S_CET, %ecx - xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax - wrmsr /* Construct the temporary supervisor token under SSP. */ sub $8, %rdi @@ -90,10 +101,6 @@ ENTRY(s3_resume) mov %edi, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ebx - mov %rbx, %cr4 - /* Write the temporary token onto the shadow stack, and activate it. */ wrssq %rdi, (%rdi) setssbsy @@ -106,8 +113,9 @@ ENTRY(s3_resume) /* Pop the temporary token off the stack. */ mov $2, %eax incsspd %eax -.L_shstk_done: -#endif +#endif /* CONFIG_XEN_SHSTK */ +.L_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ call load_system_tables diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index d61048c583..94b1d984cf 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -30,18 +30,27 @@ ENTRY(__high_start) test %ebx,%ebx jz .L_bsp - /* APs. Set up shadow stacks before entering C. */ -#ifdef CONFIG_XEN_SHSTK - testl $cpufeat_mask(X86_FEATURE_XEN_SHSTK), \ - CPUINFO_FEATURE_OFFSET(X86_FEATURE_XEN_SHSTK) + boot_cpu_data(%rip) - je .L_ap_shstk_done + /* APs. Set up CET before entering C properly. */ +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_ap_cet_done /* Set up MSR_S_CET. */ mov $MSR_S_CET, %ecx xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax wrmsr + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_ap_cet_done + /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ mov $MSR_PL0_SSP, %ecx mov %rsp, %rdx @@ -51,13 +60,12 @@ ENTRY(__high_start) or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx - mov %rcx, %cr4 setssbsy -#endif -.L_ap_shstk_done: +#endif /* CONFIG_XEN_SHSTK */ +.L_ap_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ + call start_secondary BUG /* start_secondary() shouldn't return. */ diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index 0611b4fb9b..cfc6bdab7b 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -200,8 +200,8 @@ void machine_crash_shutdown(void) /* Reset CPUID masking and faulting to the host's default. */ ctxt_switch_levelling(NULL); - /* Disable shadow stacks. */ - if ( cpu_has_xen_shstk ) + /* Disable CET. */ + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) { wrmsrl(MSR_S_CET, 0); write_cr4(read_cr4() & ~X86_CR4_CET); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 297845d691..b80b933ddb 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -654,6 +654,21 @@ static void noinline init_done(void) startup_cpu_idle_loop(); } +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) +/* + * Used by AP and S3 asm code to calcualte the appropriate MSR_S_CET setting. + * Do not use on the BSP before reinit_bsp_stack(), or it may turn SHSTK on + * too early. + */ +unsigned int xen_msr_s_cet_value(void) +{ + return ((cpu_has_xen_shstk ? CET_SHSTK_EN | CET_WRSS_EN : 0) | + (cpu_has_xen_ibt ? CET_ENDBR_EN : 0)); +} +#else +unsigned int xen_msr_s_cet_value(void); /* To avoid ifdefary */ +#endif + /* Reinitalise all state referring to the old virtual address of the stack. */ static void __init noreturn reinit_bsp_stack(void) { @@ -677,7 +692,7 @@ static void __init noreturn reinit_bsp_stack(void) { wrmsrl(MSR_PL0_SSP, (unsigned long)stack + (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8); - wrmsrl(MSR_S_CET, CET_SHSTK_EN | CET_WRSS_EN); + wrmsrl(MSR_S_CET, xen_msr_s_cet_value()); asm volatile ("setssbsy" ::: "memory"); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 93f96e2ace..7a39d94b9a 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -118,6 +118,7 @@ #define MSR_S_CET 0x000006a2 #define CET_SHSTK_EN (_AC(1, ULL) << 0) #define CET_WRSS_EN (_AC(1, ULL) << 1) +#define CET_ENDBR_EN (_AC(1, ULL) << 2) #define MSR_PL0_SSP 0x000006a4 #define MSR_PL1_SSP 0x000006a5 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:34:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:34:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300037.511529 (Exim 4.92) (envelope-from ) id 1nc8c6-00065w-PR; Wed, 06 Apr 2022 16:34:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300037.511529; Wed, 06 Apr 2022 16:34:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8c6-00065m-MJ; Wed, 06 Apr 2022 16:34:34 +0000 Received: by outflank-mailman (input) for mailman id 300037; Wed, 06 Apr 2022 16:34:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8c5-00065Z-Em for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8c5-0000OE-E3 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8c5-0004RJ-DT for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aWGD94w7gX+l9BUfQY0iRcC4gHn4NkEUUvu4jHQO5lU=; b=T1aPY+qhrZYavkt9i1/mS9E1p3 MPHYgTejtrfAjxihHCxRPqjS9dJAAhGREQj2uW5IRiREzHbZjmYfL45lry8wjYuKMtztyN+NkrOUr I3OcTtUaCd5paxl4MaLO+ccOs+Gr9TXGN+o2FsGgJ/wJFkA5TCnghb2ZykWHES9FvtYo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/EFI: Disable CET-IBT around Runtime Services calls Message-Id: Date: Wed, 06 Apr 2022 16:34:33 +0000 commit cc080e630fa105d6924142be5ddb430756779528 Author: Andrew Cooper AuthorDate: Mon Nov 1 21:54:26 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/EFI: Disable CET-IBT around Runtime Services calls UEFI Runtime services, at the time of writing, aren't CET-IBT compatible. Work is ongoing to address this. In the meantime, unconditionally disable IBT. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit d37a8a067e62e3b6709d224c22f740fdda9d0078) --- xen/common/efi/runtime.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c index bbcc756f57..a8fc2b99ae 100644 --- a/xen/common/efi/runtime.c +++ b/xen/common/efi/runtime.c @@ -21,6 +21,7 @@ struct efi_rs_state { * don't strictly need that. */ unsigned long __aligned(32) cr3; + unsigned long msr_s_cet; #endif }; @@ -113,6 +114,19 @@ struct efi_rs_state efi_rs_enter(void) switch_cr3_cr4(virt_to_maddr(efi_l4_pgtable), read_cr4()); + /* + * At the time of writing (2022), no UEFI firwmare is CET-IBT compatible. + * Work is under way to remedy this. + * + * Stash MSR_S_CET and clobber ENDBR_EN. This is necessary because + * SHSTK_EN isn't configured until very late on the BSP. + */ + if ( cpu_has_xen_ibt ) + { + rdmsrl(MSR_S_CET, state.msr_s_cet); + wrmsrl(MSR_S_CET, state.msr_s_cet & ~CET_ENDBR_EN); + } + return state; } @@ -122,6 +136,10 @@ void efi_rs_leave(struct efi_rs_state *state) if ( !state->cr3 ) return; + + if ( state->msr_s_cet ) + wrmsrl(MSR_S_CET, state->msr_s_cet); + switch_cr3_cr4(state->cr3, read_cr4()); if ( is_pv_vcpu(curr) && !is_idle_vcpu(curr) ) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:34:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:34:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300038.511533 (Exim 4.92) (envelope-from ) id 1nc8cG-00068S-R1; Wed, 06 Apr 2022 16:34:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300038.511533; Wed, 06 Apr 2022 16:34:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8cG-00068K-Nt; Wed, 06 Apr 2022 16:34:44 +0000 Received: by outflank-mailman (input) for mailman id 300038; Wed, 06 Apr 2022 16:34:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8cF-000689-I6 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8cF-0000OO-HF for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8cF-0004SJ-GZ for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=b/u5jAsT+noUcBiEmTNn9NTXoMB+acWFgdRatMgPIC0=; b=Y2F9I11QQAbiS3GzOW4DZwzzxV jABMZCjL07pvWlzGCPRmw4VE+dKfo45pftSD+fDzMYq8x2z3AW5FZsTK9dED864K6jS2chEVEfn8A gyDgVikLC6RsuePQnqaGtSKTuYm9bSUQWP3SKPdGYLnEM1iRz88PMIZPbTP83CK35xek=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86: Enable CET Indirect Branch Tracking Message-Id: Date: Wed, 06 Apr 2022 16:34:43 +0000 commit e56827aa689e57d485fe3b40c71c0061ce1ded3e Author: Andrew Cooper AuthorDate: Mon Nov 1 15:17:20 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86: Enable CET Indirect Branch Tracking With all the pieces now in place, turn CET-IBT on when available. MSR_S_CET, like SMEP/SMAP, controls Ring1 meaning that ENDBR_EN can't be enabled for Xen independently of PV32 kernels. As we already disable PV32 for CET-SS, extend this to all CET, adjusting the documentation/comments as appropriate. Introduce a cet=no-ibt command line option to allow the admin to disable IBT even when everything else is configured correctly. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit cdbe2b0a1aecae946639ee080f14831429b184b6) --- docs/misc/xen-command-line.pandoc | 16 +++++++++++---- xen/arch/x86/cpu/common.c | 1 + xen/arch/x86/setup.c | 42 ++++++++++++++++++++++++++++++++++----- 3 files changed, 50 insertions(+), 9 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index c0bfbb7a5c..5467ae7168 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -271,7 +271,7 @@ enough. Setting this to a high value may cause boot failure, particularly if the NMI watchdog is also enabled. ### cet - = List of [ shstk= ] + = List of [ shstk=, ibt= ] Applicability: x86 @@ -279,6 +279,10 @@ Controls for the use of Control-flow Enforcement Technology. CET is group a of hardware features designed to combat Return-oriented Programming (ROP, also call/jmp COP/JOP) attacks. +CET is incompatible with 32bit PV guests. If any CET sub-options are active, +they will override the `pv=32` boolean to `false`. Backwards compatibility +can be maintained with the pv-shim mechanism. + * The `shstk=` boolean controls whether Xen uses Shadow Stacks for its own protection. @@ -287,9 +291,13 @@ call/jmp COP/JOP) attacks. `cet=no-shstk` will cause Xen not to use Shadow Stacks even when support is available in hardware. - Shadow Stacks are incompatible with 32bit PV guests. This option will - override the `pv=32` boolean to false. Backwards compatibility can be - maintained with the `pv-shim` mechanism. +* The `ibt=` boolean controls whether Xen uses Indirect Branch Tracking for + its own protection. + + The option is available when `CONFIG_XEN_IBT` is compiled in, and defaults + to `true` on hardware supporting CET-IBT. Specifying `cet=no-ibt` will + cause Xen not to use Indirect Branch Tracking even when support is + available in hardware. ### clocksource (x86) > `= pit | hpet | acpi | tsc` diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index b6672b56da..0388d720df 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -332,6 +332,7 @@ void __init early_cpu_init(void) if (c->cpuid_level >= 7) { cpuid_count(7, 0, &eax, &ebx, &ecx, &edx); c->x86_capability[cpufeat_word(X86_FEATURE_CET_SS)] = ecx; + c->x86_capability[cpufeat_word(X86_FEATURE_CET_IBT)] = edx; } eax = cpuid_eax(0x80000000); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index b80b933ddb..992d24ec7e 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -101,6 +101,12 @@ static bool __initdata opt_xen_shstk = true; #define opt_xen_shstk false #endif +#ifdef CONFIG_XEN_IBT +static bool __initdata opt_xen_ibt = true; +#else +#define opt_xen_ibt false +#endif + static int __init parse_cet(const char *s) { const char *ss; @@ -117,6 +123,14 @@ static int __init parse_cet(const char *s) opt_xen_shstk = val; #else no_config_param("XEN_SHSTK", "cet", s, ss); +#endif + } + else if ( (val = parse_boolean("ibt", s, ss)) >= 0 ) + { +#ifdef CONFIG_XEN_IBT + opt_xen_ibt = val; +#else + no_config_param("XEN_IBT", "cet", s, ss); #endif } else @@ -1103,11 +1117,33 @@ void __init noreturn __start_xen(unsigned long mbi_p) printk("Enabling Supervisor Shadow Stacks\n"); setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK); + } + + if ( opt_xen_ibt && boot_cpu_has(X86_FEATURE_CET_IBT) ) + { + printk("Enabling Indirect Branch Tracking\n"); + + setup_force_cpu_cap(X86_FEATURE_XEN_IBT); + + if ( efi_enabled(EFI_RS) ) + printk(" - IBT disabled in UEFI Runtime Services\n"); + + /* + * Enable IBT now. Only require the endbr64 on callees, which is + * entirely build-time arrangements. + */ + wrmsrl(MSR_S_CET, CET_ENDBR_EN); + } + + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) + { + set_in_cr4(X86_CR4_CET); + #ifdef CONFIG_PV32 if ( opt_pv32 ) { opt_pv32 = 0; - printk(" - Disabling PV32 due to Shadow Stacks\n"); + printk(" - Disabling PV32 due to CET\n"); } #endif } @@ -1848,10 +1884,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) alternative_branches(); - /* Defer CR4.CET until alternatives have finished playing with CR0.WP */ - if ( cpu_has_xen_shstk ) - set_in_cr4(X86_CR4_CET); - /* * NB: when running as a PV shim VCPUOP_up/down is wired to the shim * physical cpu_add/remove functions, so launch the guest with only -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:34:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:34:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300039.511537 (Exim 4.92) (envelope-from ) id 1nc8cQ-0006Bm-Tp; Wed, 06 Apr 2022 16:34:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300039.511537; Wed, 06 Apr 2022 16:34:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8cQ-0006Be-Qt; Wed, 06 Apr 2022 16:34:54 +0000 Received: by outflank-mailman (input) for mailman id 300039; Wed, 06 Apr 2022 16:34:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8cP-0006BG-Ko for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8cP-0000Ob-K5 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8cP-0004TC-JT for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:34:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OuHJmRazJfTjIXHbXk5O3LVUUxrBiH0hhunI7ShBBXo=; b=18aTZcY4HG2VmSp8fl/U+tlBJ7 Dq+oHl6+bld+vJrYrO2WiO08Cg5PR0TG/Xmr/KFqpIzvrfiASunTmZ2VFVQbm4tmeJ+PeDL2toFuf qiIU4hj2NTPfeVbY+ZE2TTDc7Nli++75Tl1DXbY0Xjn1M8N5bHIYdma0TUfShb8hxTyY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/CET: Fix S3 resume with shadow stacks active Message-Id: Date: Wed, 06 Apr 2022 16:34:53 +0000 commit 1bb2a88f0cb9564bfd2fe546938aeffe3d7ee460 Author: Andrew Cooper AuthorDate: Thu Feb 24 12:18:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/CET: Fix S3 resume with shadow stacks active The original shadow stack support has an error on S3 resume with very bizarre fallout. The BSP comes back up, but APs fail with: (XEN) Enabling non-boot CPUs ... (XEN) Stuck ?? (XEN) Error bringing CPU1 up: -5 and then later (on at least two Intel TigerLake platforms), the next HVM vCPU to be scheduled on the BSP dies with: (XEN) d1v0 Unexpected vmexit: reason 3 (XEN) domain_crash called from vmx.c:4304 (XEN) Domain 1 (vcpu#0) crashed on cpu#0: The VMExit reason is EXIT_REASON_INIT, which has nothing to do with the scheduled vCPU, and will be addressed in a subsequent patch. It is a consequence of the APs triple faulting. The reason the APs triple fault is because we don't tear down the stacks on suspend. The idle/play_dead loop is killed in the middle of running, meaning that the supervisor token is left busy. On resume, SETSSBSY finds busy bit set, suffers #CP and triple faults because the IDT isn't configured this early. Rework the AP bring-up path to (re)create the supervisor token. This ensures the primary stack is non-busy before use. Note: There are potential issues with the IST shadow stacks too, but fixing those is more involved. Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Link: https://github.com/QubesOS/qubes-issues/issues/7283 Reported-by: Thiner Logoer Reported-by: Marek Marczykowski-GĂ³recki Signed-off-by: Andrew Cooper Tested-by: Thiner Logoer Tested-by: Marek Marczykowski-GĂ³recki Reviewed-by: Jan Beulich (cherry picked from commit 7d9589239ec068c944190408b9838774d5ec1f8f) --- xen/arch/x86/boot/x86_64.S | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index 94b1d984cf..f11b5d0679 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -51,13 +51,21 @@ ENTRY(__high_start) test $CET_SHSTK_EN, %al jz .L_ap_cet_done - /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ - mov $MSR_PL0_SSP, %ecx + /* Derive the supervisor token address from %rsp. */ mov %rsp, %rdx + and $~(STACK_SIZE - 1), %rdx + or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %rdx + + /* + * Write a new supervisor token. Doesn't matter on boot, but for S3 + * resume this clears the busy bit. + */ + wrssq %rdx, (%rdx) + + /* Point MSR_PL0_SSP at the token. */ + mov $MSR_PL0_SSP, %ecx + mov %edx, %eax shr $32, %rdx - mov %esp, %eax - and $~(STACK_SIZE - 1), %eax - or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr setssbsy -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:35:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:35:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300040.511540 (Exim 4.92) (envelope-from ) id 1nc8ca-0006F3-VC; Wed, 06 Apr 2022 16:35:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300040.511540; Wed, 06 Apr 2022 16:35:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8ca-0006Ev-SN; Wed, 06 Apr 2022 16:35:04 +0000 Received: by outflank-mailman (input) for mailman id 300040; Wed, 06 Apr 2022 16:35:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8cZ-0006Ek-Nn for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8cZ-0000P0-N5 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8cZ-0004UO-MI for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hOTkCPNrbeXhofLhhLa6FEZi4EsJeAugSQ02J/IkwMU=; b=shSZcH0Ck+EW//kiba0GF6nA5O 5ii5EztdAqV0OmC+gxpRSgTd17MhED7CjJAYMOGM463y0kA+7USdZUEhLmLaO6gXdWwazl8QgD/yf qzJISDyoCDpNwmd8QhVaPgx7PW22EHwerGuBSXkJECzfGZhbkaGBCUCwuyxvUf1tsE7M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Disable retpolines with CET-IBT Message-Id: Date: Wed, 06 Apr 2022 16:35:03 +0000 commit 631d8408bbb424aed9f5fa3579a22aa1027e9902 Author: Andrew Cooper AuthorDate: Mon Feb 28 19:26:37 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/spec-ctrl: Disable retpolines with CET-IBT CET-IBT depend on executing indirect branches for protections to apply. Extend the clobber for CET-SS to all of CET. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 6e3f36387de566b09aa4145ea0e3bfe4814d68b4) --- xen/arch/x86/spec_ctrl.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 7ded6ecba1..1e226102d3 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -919,13 +919,14 @@ void __init init_speculation_mitigations(void) boot_cpu_has(X86_FEATURE_IBRS)); /* - * First, disable the use of retpolines if Xen is using shadow stacks, as - * they are incompatible. + * First, disable the use of retpolines if Xen is using CET. Retpolines + * are a ROP gadget so incompatbile with Shadow Stacks, while IBT depends + * on executing indirect branches for the safety properties to apply. * * In the absence of retpolines, IBRS needs to be used for speculative * safety. All CET-capable hardware has efficient IBRS. */ - if ( cpu_has_xen_shstk ) + if ( read_cr4() & X86_CR4_CET ) { if ( !has_spec_ctrl ) printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:35:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:35:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300041.511545 (Exim 4.92) (envelope-from ) id 1nc8cl-0006Hp-0Z; Wed, 06 Apr 2022 16:35:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300041.511545; Wed, 06 Apr 2022 16:35:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8ck-0006Hg-Tt; Wed, 06 Apr 2022 16:35:14 +0000 Received: by outflank-mailman (input) for mailman id 300041; Wed, 06 Apr 2022 16:35:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8cj-0006HT-Qz for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8cj-0000P9-QA for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8cj-0004VB-PS for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sTeUDECFkdP6SHdIe2PQOlllP0JX+IU2z6EEiWPTJT8=; b=RTrQe0jGvEukeRvN2Wquqfg6sp vgb7enbpQV5JLVc/c54yRXNBc5ZJzc3tl0k6f70PJ0iT7j7HYTBic8JMHYblAU7truK9RfNL493Vu /7kkuny5kq8u8a7yAT/MqdxOyNQTT60CBARocU3UTPHNi7PH3YsZBw68uYtQafz7V5BY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/kexec: Fix kexec-reboot with CET active Message-Id: Date: Wed, 06 Apr 2022 16:35:13 +0000 commit 37e594c58ff43aa2d65f49bfde106ecaffbbeeac Author: Andrew Cooper AuthorDate: Mon Mar 7 20:19:18 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/kexec: Fix kexec-reboot with CET active The kexec_reloc() asm has an indirect jump to relocate onto the identity trampoline. While we clear CET in machine_crash_shutdown(), we fail to clear CET for the non-crash path. This in turn highlights that the same is true of resetting the CPUID masking/faulting. Move both pieces of logic from machine_crash_shutdown() to machine_kexec(), the latter being common for all kexec transitions. Adjust the condition for CET being considered active to check in CR4, which is simpler and more robust. Fixes: 311434bfc9d1 ("x86/setup: Rework MSR_S_CET handling for CET-IBT") Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Fixes: 5ab9564c6fa1 ("x86/cpu: Context switch cpuid masks and faulting state in context_switch()") Reported-by: David Vrabel Signed-off-by: Andrew Cooper Reviewed-by: David Vrabel (cherry picked from commit 7f5b2448bd724f5f24426b2595a9bdceb1e5a346) --- xen/arch/x86/crash.c | 10 ---------- xen/arch/x86/machine_kexec.c | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index cfc6bdab7b..05a6104378 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -197,16 +197,6 @@ void machine_crash_shutdown(void) nmi_shootdown_cpus(); - /* Reset CPUID masking and faulting to the host's default. */ - ctxt_switch_levelling(NULL); - - /* Disable CET. */ - if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) - { - wrmsrl(MSR_S_CET, 0); - write_cr4(read_cr4() & ~X86_CR4_CET); - } - info = kexec_crash_save_info(); info->xen_phys_start = xen_phys_start; info->dom0_pfn_to_mfn_frame_list_list = diff --git a/xen/arch/x86/machine_kexec.c b/xen/arch/x86/machine_kexec.c index b70d5a6a86..eabba6aa6d 100644 --- a/xen/arch/x86/machine_kexec.c +++ b/xen/arch/x86/machine_kexec.c @@ -172,6 +172,16 @@ void machine_kexec(struct kexec_image *image) _update_gate_addr_lower(&idt_tables[i][TRAP_machine_check], &trap_nop); } + /* Reset CPUID masking and faulting to the host's default. */ + ctxt_switch_levelling(NULL); + + /* Disable CET. */ + if ( read_cr4() & X86_CR4_CET ) + { + wrmsrl(MSR_S_CET, 0); + write_cr4(read_cr4() & ~X86_CR4_CET); + } + /* Explicitly enable NMIs on this CPU. Some crashdump kernels do * not like running with NMIs disabled. */ enable_nmis(); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:35:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:35:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300042.511549 (Exim 4.92) (envelope-from ) id 1nc8cv-0006Kg-28; Wed, 06 Apr 2022 16:35:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300042.511549; Wed, 06 Apr 2022 16:35:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8cu-0006KU-VR; Wed, 06 Apr 2022 16:35:24 +0000 Received: by outflank-mailman (input) for mailman id 300042; Wed, 06 Apr 2022 16:35:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8ct-0006KF-Ts for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8ct-0000PY-T3 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8ct-0004Vq-SW for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EP5ndPSfTaGxt0FUcskkxP9ePEsrjU/cJDbZBgtD9NE=; b=tOVYuxhus4s/86GU0HMczNKsjC HZbfPX/Vp2qNBR1POwSQ9KGji8CMEWgCiMndJR5PtkLeCm31NHKfvSdugAUJq85l2BZP0dVFd3kT/ C19+5e1OYS5H20VlwyX7XuKtnL+S7sZ5bTtiQDofZrFQ+EV434xNuIkPy9bUXl3hv6gw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/cet: Clear IST supervisor token busy bits on S3 resume Message-Id: Date: Wed, 06 Apr 2022 16:35:23 +0000 commit c843a3030ba90f6f0982814a5f6524418c5f68d2 Author: Andrew Cooper AuthorDate: Mon Mar 14 10:30:46 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/cet: Clear IST supervisor token busy bits on S3 resume Stacks are not freed across S3. Execution just stops, leaving supervisor token busy bits active. Fixing this for the primary shadow stack was done previously, but there is a (rare) risk that an IST token is left busy too, if the platform power-off happens to intersect with an NMI/#MC arriving. This will manifest as #DF next time the IST vector gets used. Introduce rdssp() and wrss() helpers in a new shstk.h, cleaning up fixup_exception_return() and explaining the trick with the literal 1. Then this infrastructure to rewrite the IST tokens in load_system_tables() when all the other IST details are being set up. In the case that an IST token were left busy across S3, this will clear the busy bit before the stack gets used. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e421ed0f68488863599532bda575c03c33cde0e0) --- xen/arch/x86/cpu/common.c | 25 ++++++++++++++++++++---- xen/arch/x86/traps.c | 8 +++----- xen/include/asm-x86/shstk.h | 46 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 0388d720df..dd592a69c5 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include /* for XEN_INVALID_{SOCKET,CORE}_ID */ @@ -811,15 +812,31 @@ void load_system_tables(void) */ if (cpu_has_xen_shstk) { volatile uint64_t *ist_ssp = tss_page->ist_ssp; + unsigned long + mce_ssp = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8, + nmi_ssp = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8, + db_ssp = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8, + df_ssp = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; ist_ssp[0] = 0x8600111111111111ul; - ist_ssp[IST_MCE] = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_NMI] = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DB] = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DF] = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; + ist_ssp[IST_MCE] = mce_ssp; + ist_ssp[IST_NMI] = nmi_ssp; + ist_ssp[IST_DB] = db_ssp; + ist_ssp[IST_DF] = df_ssp; for ( i = IST_DF + 1; i < ARRAY_SIZE(tss_page->ist_ssp); ++i ) ist_ssp[i] = 0x8600111111111111ul; + if (IS_ENABLED(CONFIG_XEN_SHSTK) && rdssp() != SSP_NO_SHSTK) { + /* + * Rewrite supervisor tokens when shadow stacks are + * active. This resets any busy bits left across S3. + */ + wrss(mce_ssp, _p(mce_ssp)); + wrss(nmi_ssp, _p(nmi_ssp)); + wrss(db_ssp, _p(db_ssp)); + wrss(df_ssp, _p(df_ssp)); + } + wrmsrl(MSR_INTERRUPT_SSP_TABLE, (unsigned long)ist_ssp); } diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index d8dd583a4a..de372853d1 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -81,6 +81,7 @@ #include #include #include +#include /* * opt_nmi: one of 'ignore', 'dom0', or 'fatal'. @@ -782,8 +783,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, { unsigned long ssp, *ptr, *base; - asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); - if ( ssp == 1 ) + if ( (ssp = rdssp()) == SSP_NO_SHSTK ) goto shstk_done; ptr = _p(ssp); @@ -812,9 +812,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, */ if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) { - asm ( "wrssq %[fix], %[stk]" - : [stk] "=m" (ptr[0]) - : [fix] "r" (fixup) ); + wrss(fixup, ptr); goto shstk_done; } } diff --git a/xen/include/asm-x86/shstk.h b/xen/include/asm-x86/shstk.h new file mode 100644 index 0000000000..fdc9cc65a3 --- /dev/null +++ b/xen/include/asm-x86/shstk.h @@ -0,0 +1,46 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_SHSTK_H +#define XEN_ASM_SHSTK_H + +/* + * RDSSP is a nop when shadow stacks are inactive. Also, SSP has a minimum + * alignment of 4 which is enforced by hardware. + * + * We load 1 into a register, then RDSSP. If shadow stacks are not enabled, + * RDSSP is a nop, and the 1 is preserved. Otherwise, the 1 is clobbered with + * the real SSP, which has the bottom two bits clear. + */ +#define SSP_NO_SHSTK 1 + +static inline unsigned long rdssp(void) +{ + unsigned long ssp; + + asm volatile ( "rdsspq %0" : "=r" (ssp) : "0" (SSP_NO_SHSTK) ); + + return ssp; +} + +static inline void wrss(unsigned long val, unsigned long *ptr) +{ + asm ( "wrssq %[val], %[ptr]" + : [ptr] "=m" (*ptr) + : [val] "r" (val) ); +} + +#endif /* XEN_ASM_SHSTK_H */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:35:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:35:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300043.511552 (Exim 4.92) (envelope-from ) id 1nc8d5-0006NF-3y; Wed, 06 Apr 2022 16:35:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300043.511552; Wed, 06 Apr 2022 16:35:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8d5-0006N7-0n; Wed, 06 Apr 2022 16:35:35 +0000 Received: by outflank-mailman (input) for mailman id 300043; Wed, 06 Apr 2022 16:35:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8d4-0006Mx-0w for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8d4-0000Pi-0B for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8d3-0004WT-Vk for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/sSaWrJ85miENAs2nGeGQREsm5VxJNJijMxXcb5TNVw=; b=hG54auP3xPNR0CRsV4yNJw5AjI 4zeI8uKBDlwW/zU9PvgerqmerC37Azn+Suadm3LmEB/HxRvMYigMogEIFHgoVP3b1cg9iJ+2D7Ms3 ZD5cAFAfDHXn4V8qh1SXinAGENDQAcD/60pv3dGgZN3peQ9t2cHIrgi37/o+7qdgo9WQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/cet: Remove writeable mapping of the BSPs shadow stack Message-Id: Date: Wed, 06 Apr 2022 16:35:33 +0000 commit 6db64187700d6d1ce23f49e667c24f1c7ebe11f8 Author: Andrew Cooper AuthorDate: Tue Mar 15 12:07:18 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/cet: Remove writeable mapping of the BSPs shadow stack An unintended consequence of the BSP using cpu0_stack[] is that writeable mappings to the BSPs shadow stacks are retained in the bss. This renders CET-SS almost useless, as an attacker can update both return addresses and the ret will not fault. We specifically don't want to shatter the superpage mapping .data and .bss, so the only way to fix this is to not have the BSP stack in the main Xen image. Break cpu_alloc_stack() out of cpu_smpboot_alloc(), and dynamically allocate the BSP stack as early as reasonable in __start_xen(). As a consequence, there is no need to delay the BSP's memguard_guard_stack() call. Copy the top of cpu info block just before switching to use the new stack. Fix a latent bug by setting %rsp to info->guest_cpu_user_regs rather than ->es; this would be buggy if reinit_bsp_stack() called schedule() (which rewrites the GPR block) directly, but luckily it doesn't. Finally, move cpu0_stack[] into .init, so it can be reclaimed after boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 37786b23b027ab83051175cb8ce9ac86cacfc58e) --- xen/arch/x86/setup.c | 20 +++++++++++++------- xen/arch/x86/smpboot.c | 26 +++++++++++++++++++------- xen/arch/x86/xen.lds.S | 2 +- xen/include/asm-x86/smp.h | 2 ++ 4 files changed, 35 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 992d24ec7e..29d71087a7 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -149,7 +149,7 @@ unsigned long __read_mostly xen_phys_start; unsigned long __read_mostly xen_virt_end; -char __section(".bss.stack_aligned") __aligned(STACK_SIZE) +char __section(".init.bss.stack_aligned") __aligned(STACK_SIZE) cpu0_stack[STACK_SIZE]; struct cpuinfo_x86 __read_mostly boot_cpu_data = { 0, 0, 0, 0, -1 }; @@ -696,7 +696,6 @@ static void __init noreturn reinit_bsp_stack(void) percpu_traps_init(); stack_base[0] = stack; - memguard_guard_stack(stack); rc = setup_cpu_root_pgt(0); if ( rc ) @@ -850,6 +849,8 @@ void __init noreturn __start_xen(unsigned long mbi_p) { char *memmap_type = NULL; char *cmdline, *kextra, *loader; + void *bsp_stack; + struct cpu_info *info = get_cpu_info(), *bsp_info; unsigned int initrdidx, num_parked = 0; multiboot_info_t *mbi; module_t *mod; @@ -881,7 +882,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + asm volatile ( "mov %%cr4,%0" : "=r" (info->cr4) ); /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -1720,6 +1721,10 @@ void __init noreturn __start_xen(unsigned long mbi_p) */ vm_init(); + bsp_stack = cpu_alloc_stack(0); + if ( !bsp_stack ) + panic("No memory for BSP stack\n"); + console_init_ring(); vesa_init(); @@ -1975,17 +1980,18 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - /* Jump to the 1:1 virtual mappings of cpu0_stack. */ + /* Copy the cpu info block, and move onto the BSP stack. */ + bsp_info = get_cpu_info_from_stack((unsigned long)bsp_stack); + *bsp_info = *info; + asm volatile ("mov %[stk], %%rsp; jmp %c[fn]" :: - [stk] "g" (__va(__pa(get_stack_bottom()))), + [stk] "g" (&bsp_info->guest_cpu_user_regs), [fn] "i" (reinit_bsp_stack) : "memory"); unreachable(); } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 5abfae4c72..d968504539 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -988,6 +988,23 @@ static void cpu_smpboot_free(unsigned int cpu, bool remove) } } +void *cpu_alloc_stack(unsigned int cpu) +{ + nodeid_t node = cpu_to_node(cpu); + unsigned int memflags = 0; + void *stack; + + if ( node != NUMA_NO_NODE ) + memflags = MEMF_node(node); + + stack = alloc_xenheap_pages(STACK_ORDER, memflags); + + if ( stack ) + memguard_guard_stack(stack); + + return stack; +} + static int cpu_smpboot_alloc(unsigned int cpu) { struct cpu_info *info; @@ -1000,15 +1017,10 @@ static int cpu_smpboot_alloc(unsigned int cpu) if ( node != NUMA_NO_NODE ) memflags = MEMF_node(node); - if ( stack_base[cpu] == NULL ) - { - stack_base[cpu] = alloc_xenheap_pages(STACK_ORDER, memflags); - if ( !stack_base[cpu] ) + if ( stack_base[cpu] == NULL && + (stack_base[cpu] = cpu_alloc_stack(cpu)) == NULL ) goto out; - memguard_guard_stack(stack_base[cpu]); - } - info = get_cpu_info_from_stack((unsigned long)stack_base[cpu]); info->processor_id = cpu; info->per_cpu_offset = __per_cpu_offset[cpu]; diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index fcc6646487..7c9758c8cc 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -205,6 +205,7 @@ SECTIONS } :text DECL_SECTION(.init.data) { #endif + *(.init.bss.stack_aligned) *(.init.rodata) *(.init.rodata.*) @@ -293,7 +294,6 @@ SECTIONS DECL_SECTION(.bss) { __bss_start = .; - *(.bss.stack_aligned) *(.bss.page_aligned*) . = ALIGN(PAGE_SIZE); __per_cpu_start = .; diff --git a/xen/include/asm-x86/smp.h b/xen/include/asm-x86/smp.h index f7485f602e..9628d7842d 100644 --- a/xen/include/asm-x86/smp.h +++ b/xen/include/asm-x86/smp.h @@ -85,6 +85,8 @@ extern cpumask_t **socket_cpumask; extern unsigned int disabled_cpus; extern bool unaccounted_cpus; +void *cpu_alloc_stack(unsigned int cpu); + #endif /* !__ASSEMBLY__ */ #endif -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:35:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:35:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300044.511558 (Exim 4.92) (envelope-from ) id 1nc8dF-0006SA-7q; Wed, 06 Apr 2022 16:35:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300044.511558; Wed, 06 Apr 2022 16:35:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8dF-0006S2-4L; Wed, 06 Apr 2022 16:35:45 +0000 Received: by outflank-mailman (input) for mailman id 300044; Wed, 06 Apr 2022 16:35:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8dE-0006Rr-3m for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8dE-0000Pm-2w for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8dE-0004XP-2S for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=J6eWQ8DV4qSTeuVhH7KmsYiLx03uLHblwPDyuzhQMZM=; b=FOqwCIUhlq8gd6lrouk1+NDeuT qku7YeD113ew8B+HklCl7pmP2W9JxLe6HGAhFwfSN74NnrZwQz2NVR6wBsDEhqoct+l5ysQvD0K2v DzePCbajrtIkivz3ZyTVVEyNrl2kdXkC52mqSFsW2+8BPGSgrxEWdLYmyftK2xjqosy4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] xen/x86: Livepatch: support patching CET-enhanced functions Message-Id: Date: Wed, 06 Apr 2022 16:35:44 +0000 commit 72a75b9c2ce36ed573a2eb201ac63ca22bedb889 Author: Bjoern Doebel AuthorDate: Thu Mar 10 07:35:36 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 xen/x86: Livepatch: support patching CET-enhanced functions Xen enabled CET for supporting architectures. The control flow aspect of CET require functions that can be called indirectly (i.e., via function pointers) to start with an ENDBR64 instruction. Otherwise a control flow exception is raised. This expectation breaks livepatching flows because we patch functions by overwriting their first 5 bytes with a JMP + , thus breaking the ENDBR64. We fix this by checking the start of a patched function for being ENDBR64. In the positive case we move the livepatch JMP to start behind the ENDBR64 instruction. To avoid having to guess the ENDBR64 offset again on patch reversal (which might race with other mechanisms adding/removing ENDBR dynamically), use the livepatch metadata to store the computed offset along with the saved bytes of the overwritten function. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall Tested-by: Jiamei Xie (cherry picked from commit 6974c75180f1aad44e5428eabf2396b2b50fb0e4) Note: For backports to 4.14 thru 4.16, there is no endbr-clobbering, hence no is_endbr64_poison() logic. --- xen/arch/x86/livepatch.c | 39 +++++++++++++++++++++++++++++++++------ xen/include/public/sysctl.h | 3 ++- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index 49f0d902e5..e94ac9b228 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -14,6 +14,7 @@ #include #include +#include #include #include #include @@ -113,8 +114,20 @@ int arch_livepatch_verify_func(const struct livepatch_func *func) if ( func->old_size < func->new_size ) return -EINVAL; } - else if ( func->old_size < ARCH_PATCH_INSN_SIZE ) - return -EINVAL; + else + { + /* + * Space needed now depends on whether the target function + * starts with an ENDBR64 instruction. + */ + uint8_t needed = ARCH_PATCH_INSN_SIZE; + + if ( is_endbr64(func->old_addr) ) + needed += ENDBR64_LEN; + + if ( func->old_size < needed ) + return -EINVAL; + } return 0; } @@ -129,12 +142,24 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) uint8_t insn[sizeof(func->opaque)]; unsigned int len; + func->patch_offset = 0; old_ptr = func->old_addr; len = livepatch_insn_len(func); if ( !len ) return; - memcpy(func->opaque, old_ptr, len); + /* + * CET hotpatching support: We may have functions starting with an ENDBR64 + * instruction that MUST remain the first instruction of the function, + * hence we need to move any hotpatch trampoline further into the function. + * For that we need to keep track of the patching offset used for any + * loaded hotpatch (to avoid racing against other fixups adding/removing + * ENDBR64 or similar instructions). + */ + if ( is_endbr64(old_ptr) ) + func->patch_offset += ENDBR64_LEN; + + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { int32_t val; @@ -142,14 +167,15 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) BUILD_BUG_ON(ARCH_PATCH_INSN_SIZE != (1 + sizeof(val))); insn[0] = 0xe9; /* Relative jump. */ - val = func->new_addr - func->old_addr - ARCH_PATCH_INSN_SIZE; + val = func->new_addr - (func->old_addr + func->patch_offset + + ARCH_PATCH_INSN_SIZE); memcpy(&insn[1], &val, sizeof(val)); } else add_nops(insn, len); - memcpy(old_ptr, insn, len); + memcpy(old_ptr + func->patch_offset, insn, len); } /* @@ -158,7 +184,8 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) */ void noinline arch_livepatch_revert(const struct livepatch_func *func) { - memcpy(func->old_addr, func->opaque, livepatch_insn_len(func)); + memcpy(func->old_addr + func->patch_offset, func->opaque, + livepatch_insn_len(func)); } /* diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index a073647117..7439cc154f 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -869,7 +869,8 @@ struct livepatch_func { uint8_t version; /* MUST be LIVEPATCH_PAYLOAD_VERSION. */ uint8_t opaque[LIVEPATCH_OPAQUE_SIZE]; uint8_t applied; - uint8_t _pad[7]; + uint8_t patch_offset; + uint8_t _pad[6]; livepatch_expectation_t expect; }; typedef struct livepatch_func livepatch_func_t; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:35:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:35:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300045.511561 (Exim 4.92) (envelope-from ) id 1nc8dP-0006UZ-8e; Wed, 06 Apr 2022 16:35:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300045.511561; Wed, 06 Apr 2022 16:35:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8dP-0006UR-5o; Wed, 06 Apr 2022 16:35:55 +0000 Received: by outflank-mailman (input) for mailman id 300045; Wed, 06 Apr 2022 16:35:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8dO-0006UL-6w for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8dO-0000RZ-5r for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8dO-0004Ya-5D for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:35:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wqGHnAzoQ3ZIYYNyC6Dx0k5s3a0oVraqSJTOT36IT1E=; b=FTiOSnYogZf5oineKdHJf8svb4 UUwQSBOWlrFglMNkV1ZBVRD/p8TjF/zD4xgPV33+1+9NoX18Di0Zne7h+9wVAoI3SYci5+dJHKyNd Ilqip8AVpK0uj2IVdY9Ex8Wb/hgk+MfL5no3o1IeALP2slVJFXobgOv8rCn0jIM6jUHk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/cet: Remove XEN_SHSTK's dependency on EXPERT Message-Id: Date: Wed, 06 Apr 2022 16:35:54 +0000 commit 10b09aa2541de4c3c49b9343e9bc04e19f0ae4f8 Author: Andrew Cooper AuthorDate: Mon Feb 28 19:31:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/cet: Remove XEN_SHSTK's dependency on EXPERT CET-SS hardware is now available from multiple vendors, the feature has downstream users, and was declared security supported in XSA-398. Enable it by default. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross (cherry picked from commit fc90d75c2b71ae15b75128e7d0d4dbe718164ecb) --- xen/arch/x86/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 950deaa032..9fe6226a1e 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -111,7 +111,7 @@ config HVM config XEN_SHSTK bool "Supervisor Shadow Stacks" - depends on HAS_AS_CET_SS && EXPERT + depends on HAS_AS_CET_SS default y ---help--- Control-flow Enforcement Technology (CET) is a set of features in -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:36:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:36:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300046.511565 (Exim 4.92) (envelope-from ) id 1nc8dZ-0006Xz-AB; Wed, 06 Apr 2022 16:36:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300046.511565; Wed, 06 Apr 2022 16:36:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8dZ-0006Xt-7F; Wed, 06 Apr 2022 16:36:05 +0000 Received: by outflank-mailman (input) for mailman id 300046; Wed, 06 Apr 2022 16:36:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8dY-0006Xj-9u for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8dY-0000Ru-95 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8dY-0004Za-8L for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ad0JcZBtiDrQnq0cEQDc5hGIzldtXXcg2YhuQZYaZI0=; b=gV7hDbM6aBO9QoUc1SRd8JAw1M SCCOxbI1s88vjlsl/S+5GTyd1NXxxMDogwoJ0pqqBcyP7ZLEm/HvfTOb7U1TJ4t/1vMGL0pSM69l+ SqvQv2zttIp2o9HDcQAcjP1TopMTPKnvkv88U3GEg0qd7mtprZimZfCx5KhtiawF/8J0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] livepatch: resolve old address before function verification Message-Id: Date: Wed, 06 Apr 2022 16:36:04 +0000 commit 1e595d9c2b8608bcef48d6a69cc2f6135780bcc0 Author: Bjoern Doebel AuthorDate: Wed Mar 9 16:22:03 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Mar 28 12:50:23 2022 +0100 livepatch: resolve old address before function verification When verifying that a livepatch can be applied, we may as well want to inspect the target function to be patched. To do so, we need to resolve this function's address before running the arch-specific livepatch_verify hook. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall (cherry picked from commit 5142dc5c25e317c208e3dc16d16b664b9f05dab5) --- xen/common/livepatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 81ceafce98..cc2ee9a94a 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -685,11 +685,11 @@ static int prepare_payload(struct payload *payload, return -EINVAL; } - rc = arch_livepatch_verify_func(f); + rc = resolve_old_address(f, elf); if ( rc ) return rc; - rc = resolve_old_address(f, elf); + rc = arch_livepatch_verify_func(f); if ( rc ) return rc; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:36:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:36:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300047.511569 (Exim 4.92) (envelope-from ) id 1nc8dj-0006av-Bg; Wed, 06 Apr 2022 16:36:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300047.511569; Wed, 06 Apr 2022 16:36:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8dj-0006an-8d; Wed, 06 Apr 2022 16:36:15 +0000 Received: by outflank-mailman (input) for mailman id 300047; Wed, 06 Apr 2022 16:36:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8di-0006ag-D0 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8di-0000Ry-CG for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8di-0004aA-BQ for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=U4xlgQAAgUs/t00xJaSlB2picMt01QTLbNxnjNoRXAU=; b=2Wf120XfqArA11ujpwqLVb+09Z Tm0T5derea7PWA8IeBZkFndHI7XXqOcmZuLyWIEjJZda42xnrPsvFX1zRlFNEFS7eJe+ZaD1ApS9I xw34MN/hnlLKpsFI0HMoORRfowjhqlvuGir6mJauxabHrDDQ/UM54PZeJxT/gBCeXBFk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] livepatch: account for patch offset when applying NOP patch Message-Id: Date: Wed, 06 Apr 2022 16:36:14 +0000 commit 57cd4b1c52881e49901b344ca3da00209c4689f7 Author: Jan Beulich AuthorDate: Mon Apr 4 15:58:04 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 4 15:58:04 2022 +0200 livepatch: account for patch offset when applying NOP patch While not triggered by the trivial xen_nop in-tree patch on staging/master, that patch exposes a problem on the stable trees, where all functions have ENDBR inserted. When NOP-ing out a range, we need to account for this. Handle this right in livepatch_insn_len(). This requires livepatch_insn_len() to be called _after_ ->patch_offset was set. Fixes: 6974c75180f1 ("xen/x86: Livepatch: support patching CET-enhanced functions") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 8a87b9a0fb0564f9d68f0be0a0d1a17c34117b8b master date: 2022-03-31 10:45:46 +0200 --- xen/arch/x86/livepatch.c | 8 +++++--- xen/include/xen/livepatch.h | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index e94ac9b228..a3cb63a7ea 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -144,9 +144,6 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) func->patch_offset = 0; old_ptr = func->old_addr; - len = livepatch_insn_len(func); - if ( !len ) - return; /* * CET hotpatching support: We may have functions starting with an ENDBR64 @@ -159,6 +156,11 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) if ( is_endbr64(old_ptr) ) func->patch_offset += ENDBR64_LEN; + /* This call must be done with ->patch_offset already set. */ + len = livepatch_insn_len(func); + if ( !len ) + return; + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { diff --git a/xen/include/xen/livepatch.h b/xen/include/xen/livepatch.h index f3ae10f007..9fdb29c382 100644 --- a/xen/include/xen/livepatch.h +++ b/xen/include/xen/livepatch.h @@ -90,7 +90,7 @@ static inline unsigned int livepatch_insn_len(const struct livepatch_func *func) { if ( !func->new_addr ) - return func->new_size; + return func->new_size - func->patch_offset; return ARCH_PATCH_INSN_SIZE; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:36:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:36:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300048.511573 (Exim 4.92) (envelope-from ) id 1nc8dt-0006dl-D8; Wed, 06 Apr 2022 16:36:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300048.511573; Wed, 06 Apr 2022 16:36:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8dt-0006dc-AB; Wed, 06 Apr 2022 16:36:25 +0000 Received: by outflank-mailman (input) for mailman id 300048; Wed, 06 Apr 2022 16:36:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8ds-0006dU-G2 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8ds-0000SN-FH for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8ds-0004ah-Ec for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=b2/DvC8cKy0YBkyitko1ubxEJyAELZu8E129G6ZusF0=; b=MZLRW3gBiI+OFUa8f+QBbzSXx6 GKfqcSYauKt5wGwTtyBgHvMWs03uAONEfsnLqZ20dTjLG1uyUISRiZx0JAdTYKkWvEqncQBBV3elM +AbBQfVohMU/gxwPuJbf/q8uXUczLLr66fcNDgdpnE3pOZrTsHTWXPyJWNb83IP2faeU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/hap: do not switch on log dirty for VRAM tracking Message-Id: Date: Wed, 06 Apr 2022 16:36:24 +0000 commit abfa80967be95479ab53c8abc6194713b4f0ee0e Author: Roger Pau MonnĂ© AuthorDate: Tue Apr 5 15:08:40 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:08:40 2022 +0200 x86/hap: do not switch on log dirty for VRAM tracking XEN_DMOP_track_dirty_vram possibly calls into paging_log_dirty_enable when using HAP mode, and it can interact badly with other ongoing paging domctls, as XEN_DMOP_track_dirty_vram is not holding the domctl lock. This was detected as a result of the following assert triggering when doing repeated migrations of a HAP HVM domain with a stubdom: Assertion 'd->arch.paging.log_dirty.allocs == 0' failed at paging.c:198 ----[ Xen-4.17-unstable x86_64 debug=y Not tainted ]---- CPU: 34 RIP: e008:[] arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x6 RFLAGS: 0000000000010206 CONTEXT: hypervisor (d0v23) [...] Xen call trace: [] R arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x63a [] S xsm/flask/hooks.c#domain_has_perm+0x5a/0x67 [] F paging_domctl+0x251/0xd41 [] F paging_domctl_continuation+0x19d/0x202 [] F pv_hypercall+0x150/0x2a7 [] F lstar_enter+0x12d/0x140 Such assert triggered because the stubdom used XEN_DMOP_track_dirty_vram while dom0 was in the middle of executing XEN_DOMCTL_SHADOW_OP_OFF, and so log dirty become enabled while retiring the old structures, thus leading to new entries being populated in already clear slots. Fix this by not enabling log dirty for VRAM tracking, similar to what is done when using shadow instead of HAP. Call p2m_enable_hardware_log_dirty when enabling VRAM tracking in order to get some hardware assistance if available. As a side effect the memory pressure on the p2m pool should go down if only VRAM tracking is enabled, as the dirty bitmap is no longer allocated. Note that paging_log_dirty_range (used to get the dirty bitmap for VRAM tracking) doesn't use the log dirty bitmap, and instead relies on checking whether each gfn on the range has been switched from p2m_ram_logdirty to p2m_ram_rw in order to account for dirty pages. This is CVE-2022-26356 / XSA-397. Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich master commit: 4f4db53784d912c4f409a451c36ebfd4754e0a42 master date: 2022-04-05 14:11:30 +0200 --- xen/arch/x86/mm/hap/hap.c | 11 ++++------- xen/arch/x86/mm/paging.c | 2 +- xen/include/asm-x86/paging.h | 3 --- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 7f84d0c6ea..1349de01d4 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -69,13 +69,6 @@ int hap_track_dirty_vram(struct domain *d, { int size = (nr + BITS_PER_BYTE - 1) / BITS_PER_BYTE; - if ( !paging_mode_log_dirty(d) ) - { - rc = paging_log_dirty_enable(d, false); - if ( rc ) - goto out; - } - rc = -ENOMEM; dirty_bitmap = vzalloc(size); if ( !dirty_bitmap ) @@ -107,6 +100,10 @@ int hap_track_dirty_vram(struct domain *d, paging_unlock(d); + domain_pause(d); + p2m_enable_hardware_log_dirty(d); + domain_unpause(d); + if ( oend > ostart ) p2m_change_type_range(d, ostart, oend, p2m_ram_logdirty, p2m_ram_rw); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index 7c265fb5f3..7662db1ad4 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -209,7 +209,7 @@ static int paging_free_log_dirty_bitmap(struct domain *d, int rc) return rc; } -int paging_log_dirty_enable(struct domain *d, bool log_global) +static int paging_log_dirty_enable(struct domain *d, bool log_global) { int ret; diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h index abb9a7e75c..2ca6325c5f 100644 --- a/xen/include/asm-x86/paging.h +++ b/xen/include/asm-x86/paging.h @@ -160,9 +160,6 @@ void paging_log_dirty_range(struct domain *d, unsigned long nr, uint8_t *dirty_bitmap); -/* enable log dirty */ -int paging_log_dirty_enable(struct domain *d, bool log_global); - /* log dirty initialization */ void paging_log_dirty_init(struct domain *d, const struct log_dirty_ops *ops); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:36:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:36:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300049.511577 (Exim 4.92) (envelope-from ) id 1nc8e4-0006gY-Em; Wed, 06 Apr 2022 16:36:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300049.511577; Wed, 06 Apr 2022 16:36:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8e4-0006gQ-Bk; Wed, 06 Apr 2022 16:36:36 +0000 Received: by outflank-mailman (input) for mailman id 300049; Wed, 06 Apr 2022 16:36:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8e2-0006gD-J8 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8e2-0000SU-IL for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8e2-0004bM-Hc for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8kGPYpwRs49PJ5bpejc+vMeM0L60hyYB7pEybgi1v5c=; b=VxhtS22fsgQVtXaFOFi5J5X7Ls n0t/bxg/vA7w91U1xJTJq5sRbNfD1p8Se1WpE65L31ea9XcK8t1/EzTkUEd1jDT/v0aA7JWDZD57k FOCwXw1FdE6VUNm6DepSgLt8TTGVrqXHmCMjULA88XIIVUY/XnavdK7PlNOaGEVkHfCU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] VT-d: correct ordering of operations in cleanup_domid_map() Message-Id: Date: Wed, 06 Apr 2022 16:36:34 +0000 commit 9d7046b644b1fff443b5e12ba4d5676ec3708cb8 Author: Jan Beulich AuthorDate: Tue Apr 5 15:09:28 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:09:28 2022 +0200 VT-d: correct ordering of operations in cleanup_domid_map() The function may be called without any locks held (leaving aside the domctl one, which we surely don't want to depend on here), so needs to play safe wrt other accesses to domid_map[] and domid_bitmap[]. This is to avoid context_set_domain_id()'s writing of domid_map[] to be reset to zero right away in the case of it racing the freeing of a DID. For the interaction with context_set_domain_id() and did_to_domain_id() see the code comment. {check_,}cleanup_domid_map() are called with pcidevs_lock held or during domain cleanup only (and pcidevs_lock is also held around context_set_domain_id()), i.e. racing calls with the same (dom, iommu) tuple cannot occur. domain_iommu_domid(), besides its use by cleanup_domid_map(), has its result used only to control flushing, and hence a stale result would only lead to a stray extra flush. This is CVE-2022-26357 / XSA-399. Fixes: b9c20c78789f ("VT-d: per-iommu domain-id") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: d9eca7bb6c6636eb87bb17b08ba7de270f47ecd0 master date: 2022-04-05 14:12:27 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index ce3e511ef7..ea1c4cb67b 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -148,8 +148,14 @@ static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) if ( iommu_domid >= 0 ) { + /* + * Update domid_map[] /before/ domid_bitmap[] to avoid a race with + * context_set_domain_id(), setting the slot to DOMID_INVALID for + * ->domid_map[] reads to produce a suitable value while the bit is + * still set. + */ + iommu->domid_map[iommu_domid] = DOMID_INVALID; clear_bit(iommu_domid, iommu->domid_bitmap); - iommu->domid_map[iommu_domid] = 0; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:36:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:36:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300050.511580 (Exim 4.92) (envelope-from ) id 1nc8eE-0006jP-Ga; Wed, 06 Apr 2022 16:36:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300050.511580; Wed, 06 Apr 2022 16:36:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8eE-0006jF-DR; Wed, 06 Apr 2022 16:36:46 +0000 Received: by outflank-mailman (input) for mailman id 300050; Wed, 06 Apr 2022 16:36:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8eC-0006io-M4 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8eC-0000SY-LL for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8eC-0004cM-Kk for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SJ53fPKborSjzvP26+GSJAXRbnSOcAwWpY6SHFDSH6Y=; b=d/vg89FMGFnnJyt3MjBTdOBS9+ YEj7ska8DNB4lZGr4JpWnHKMDB70GctuYtLhhRUCCgkDaAbbxymK8dYIAqg25vaiot5gvsgPSOw0O fmWfAu+VtRNp8p0SAuE7+HccACsH7WaoRTmZ5+cLVH1tG6JZ/X++1KrLH6nZzLLlHe2w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] VT-d: fix (de)assign ordering when RMRRs are in use Message-Id: Date: Wed, 06 Apr 2022 16:36:44 +0000 commit b382b7d2ff7a92ccafe741f05fdc630d87ef7062 Author: Jan Beulich AuthorDate: Tue Apr 5 15:09:48 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:09:48 2022 +0200 VT-d: fix (de)assign ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully updated. Also adjust a related log message. This is CVE-2022-26358 / part of XSA-400. Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: 78a40f8b5dfa1a3aec43528663f39473d4429101 master date: 2022-04-05 14:15:33 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 56 ++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index ea1c4cb67b..1bf33f0177 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2411,6 +2411,10 @@ static int reassign_device_ownership( { int ret; + ret = domain_context_unmap(source, devfn, pdev); + if ( ret ) + return ret; + /* * Devices assigned to untrusted domains (here assumed to be any domU) * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected @@ -2447,10 +2451,6 @@ static int reassign_device_ownership( } } - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; - if ( devfn == pdev->devfn && pdev->domain != dom_io ) { list_move(&pdev->domain_list, &dom_io->pdev_list); @@ -2527,9 +2527,8 @@ static int intel_iommu_assign_device( } } - ret = reassign_device_ownership(s, d, devfn, pdev); - if ( ret || d == dom_io ) - return ret; + if ( d == dom_io ) + return reassign_device_ownership(s, d, devfn, pdev); /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) @@ -2542,20 +2541,37 @@ static int intel_iommu_assign_device( rmrr->end_address, flag); if ( ret ) { - int rc; - - rc = reassign_device_ownership(d, s, devfn, pdev); printk(XENLOG_G_ERR VTDPREFIX - " cannot map reserved region (%"PRIx64",%"PRIx64"] for Dom%d (%d)\n", - rmrr->base_address, rmrr->end_address, - d->domain_id, ret); - if ( rc ) - { - printk(XENLOG_ERR VTDPREFIX - " failed to reclaim %04x:%02x:%02x.%u from %pd (%d)\n", - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), d, rc); - domain_crash(d); - } + "%pd: cannot map reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, ret); + break; + } + } + } + + if ( !ret ) + ret = reassign_device_ownership(s, d, devfn, pdev); + + /* See reassign_device_ownership() for the hwdom aspect. */ + if ( !ret || is_hardware_domain(d) ) + return ret; + + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment == seg && + PCI_BUS(bdf) == bus && + PCI_DEVFN2(bdf) == devfn ) + { + int rc = iommu_identity_mapping(d, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); + + if ( rc && rc != -ENOENT ) + { + printk(XENLOG_ERR VTDPREFIX + "%pd: cannot unmap reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, rc); + domain_crash(d); break; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:36:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:36:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300051.511585 (Exim 4.92) (envelope-from ) id 1nc8eO-0006ml-JN; Wed, 06 Apr 2022 16:36:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300051.511585; Wed, 06 Apr 2022 16:36:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8eO-0006md-GT; Wed, 06 Apr 2022 16:36:56 +0000 Received: by outflank-mailman (input) for mailman id 300051; Wed, 06 Apr 2022 16:36:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8eM-0006mC-Oy for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8eM-0000Sh-O9 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8eM-0004dB-Nd for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:36:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+jNiUCPbE0Sx+tYGuD18I34F6SpYLTVbXSemvNRTt+g=; b=OKGaQGGub9/W0r2LyO8Ht7N9l0 qAjfX7AOVGcb2tKsubJM4N1IH8xsyKpIRC17YQurOx/9pWd+ZmmldZQ1Vp0Juub3fV1Hn7onKe8GL SbwEGpbgh8pazQfHRkGNXNPWowMyyNjoTd6kIm3rK1OG/sDNZJRthSFiF0ot6hHpX6To=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] VT-d: fix add/remove ordering when RMRRs are in use Message-Id: Date: Wed, 06 Apr 2022 16:36:54 +0000 commit 419a09377dd4e442d163b63404f6bc64a57a3603 Author: Jan Beulich AuthorDate: Tue Apr 5 15:10:10 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:10:10 2022 +0200 VT-d: fix add/remove ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully cleared. Also switch to %pd in related log messages. Fixes: fa88cfadf918 ("vt-d: Map RMRR in intel_iommu_add_device() if the device has RMRR") Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 3221f270cf2eba0a22fd4f92319d664eacb92889 master date: 2022-04-05 14:16:10 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 1bf33f0177..c4c94c41f7 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2000,14 +2000,6 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - ret = domain_context_mapping(pdev->domain, devfn, pdev); - if ( ret ) - { - dprintk(XENLOG_ERR VTDPREFIX, "d%d: context mapping failed\n", - pdev->domain->domain_id); - return ret; - } - for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment == pdev->seg && @@ -2024,12 +2016,17 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) rmrr->base_address, rmrr->end_address, 0); if ( ret ) - dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", - pdev->domain->domain_id); + dprintk(XENLOG_ERR VTDPREFIX, "%pd: RMRR mapping failed\n", + pdev->domain); } } - return 0; + ret = domain_context_mapping(pdev->domain, devfn, pdev); + if ( ret ) + dprintk(XENLOG_ERR VTDPREFIX, "%pd: context mapping failed\n", + pdev->domain); + + return ret; } static int intel_iommu_enable_device(struct pci_dev *pdev) @@ -2051,11 +2048,15 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; - int i; + int ret, i; if ( !pdev->domain ) return -EINVAL; + ret = domain_context_unmap(pdev->domain, devfn, pdev); + if ( ret ) + return ret; + for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment != pdev->seg || @@ -2071,7 +2072,7 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } - return domain_context_unmap(pdev->domain, devfn, pdev); + return 0; } static int __hwdom_init setup_hwdom_device(u8 devfn, struct pci_dev *pdev) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:37:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:37:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300052.511589 (Exim 4.92) (envelope-from ) id 1nc8eY-0006pt-L0; Wed, 06 Apr 2022 16:37:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300052.511589; Wed, 06 Apr 2022 16:37:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8eY-0006pl-Hy; Wed, 06 Apr 2022 16:37:06 +0000 Received: by outflank-mailman (input) for mailman id 300052; Wed, 06 Apr 2022 16:37:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8eW-0006pW-S5 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8eW-0000Sy-RF for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8eW-0004ei-Qh for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dZwE3NhX5k0LcFi1cfvHY51vMFH9pSyOWqt4HNGAQ40=; b=UOweH20W8hcfsLb3jXCL2JUdDQ QmuLF7jw90jweeej1dosbRfZ/ReukNIuUceLzklFxTYTc1xrNnRs8sTBBEfZ3UCNBXjwVrPnb/tEw abIrFUmvE/K9siRjprv1jOHJW7xbyoffJRkKt8+RfmKtDNq6o6tQbM/8y6Bghy1JR48E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] VT-d: drop ownership checking from domain_context_mapping_one() Message-Id: Date: Wed, 06 Apr 2022 16:37:04 +0000 commit bff4c690b2229e02bbd3fc1b1a53ce3ca189f218 Author: Jan Beulich AuthorDate: Tue Apr 5 15:12:11 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:12:11 2022 +0200 VT-d: drop ownership checking from domain_context_mapping_one() Despite putting in quite a bit of effort it was not possible to establish why exactly this code exists (beyond possibly sanity checking). Instead of a subsequent change further complicating this logic, simply get rid of it. Take the opportunity and move the respective unmap_vtd_domain_page() out of the locked region. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: a680b8134b2d1828bbbf443a97feea66e8a85c75 master date: 2022-04-05 14:17:21 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 64 ++----------------------------------- 1 file changed, 2 insertions(+), 62 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index c4c94c41f7..52601303fa 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -120,28 +120,6 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static int context_get_domain_id(struct context_entry *context, - struct vtd_iommu *iommu) -{ - unsigned long dom_index, nr_dom; - int domid = -1; - - if (iommu && context) - { - nr_dom = cap_ndoms(iommu->cap); - - dom_index = context_domain_id(*context); - - if ( dom_index < nr_dom && iommu->domid_map ) - domid = iommu->domid_map[dom_index]; - else - dprintk(XENLOG_DEBUG VTDPREFIX, - "dom_index %lu exceeds nr_dom %lu or iommu has no domid_map\n", - dom_index, nr_dom); - } - return domid; -} - static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) { int iommu_domid = domain_iommu_domid(domain, iommu); @@ -1395,47 +1373,9 @@ int domain_context_mapping_one( if ( context_present(*context) ) { - int res = 0; - - /* Try to get domain ownership from device structure. If that's - * not available, try to read it from the context itself. */ - if ( pdev ) - { - if ( pdev->domain != domain ) - { - printk(XENLOG_G_INFO VTDPREFIX - "%pd: %04x:%02x:%02x.%u owned by %pd\n", - domain, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), - pdev->domain); - res = -EINVAL; - } - } - else - { - int cdomain; - cdomain = context_get_domain_id(context, iommu); - - if ( cdomain < 0 ) - { - printk(XENLOG_G_WARNING VTDPREFIX - "%pd: %04x:%02x:%02x.%u mapped, but can't find owner\n", - domain, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - res = -EINVAL; - } - else if ( cdomain != domain->domain_id ) - { - printk(XENLOG_G_INFO VTDPREFIX - "%pd: %04x:%02x:%02x.%u already mapped to d%d\n", - domain, - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), - cdomain); - res = -EINVAL; - } - } - - unmap_vtd_domain_page(context_entries); spin_unlock(&iommu->lock); - return res; + unmap_vtd_domain_page(context_entries); + return 0; } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:37:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:37:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300053.511592 (Exim 4.92) (envelope-from ) id 1nc8ei-0006sS-Mw; Wed, 06 Apr 2022 16:37:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300053.511592; Wed, 06 Apr 2022 16:37:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8ei-0006sL-JZ; Wed, 06 Apr 2022 16:37:16 +0000 Received: by outflank-mailman (input) for mailman id 300053; Wed, 06 Apr 2022 16:37:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8eg-0006s7-VC for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8eg-0000TF-UK for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8eg-0004hE-Tl for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=y6WEDkT7gGBnnHcllYQitay7X2p2ydeX2R+iw10stdY=; b=ORQZR7PHLGhXG8hJMQWD5AS/6y 8+taqNZ3R99JDYU/mru88MFzwfSGov6taAmBBPY7D1mqP5HGZ4r/36COSrC8Mb0fKSywOORotQ7lI Gz610UNiNHtHQFEvtQK3mWiwnKF9Op5tOSVvjV/kiM17bUo3M20VGyz0qdstfV3d4cd0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] VT-d: re-assign devices directly Message-Id: Date: Wed, 06 Apr 2022 16:37:14 +0000 commit 8a9a21b1add6d96cffd028f2546b1c31f2e98210 Author: Jan Beulich AuthorDate: Tue Apr 5 15:12:28 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:12:28 2022 +0200 VT-d: re-assign devices directly Devices with RMRRs, due to it being unspecified how/when the specified memory regions may get accessed, may not be left disconnected from their respective mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than unmapping the old context and then mapping the new one, re-assignment needs to be done in a single step. This is CVE-2022-26359 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any RMRRs. The main difference is when it comes to updating context entries, which need to be atomic when there are RMRRs. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. The seemingly complicated choice of non-negative return values for domain_context_mapping_one() is to limit code churn: This way callers passing NULL for pdev don't need fiddling with. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 8f41e481b4852173909363b88c1ab3da747d3a05 master date: 2022-04-05 14:17:42 +0200 --- xen/drivers/passthrough/vtd/extern.h | 7 +- xen/drivers/passthrough/vtd/iommu.c | 267 +++++++++++++++++++++++++++-------- xen/drivers/passthrough/vtd/iommu.h | 8 +- xen/drivers/passthrough/vtd/quirks.c | 14 +- xen/drivers/passthrough/vtd/vtd.h | 10 +- 5 files changed, 232 insertions(+), 74 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 1cac22a02f..f51f8aae0d 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -85,7 +85,8 @@ void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *); + uint8_t bus, uint8_t devfn, + const struct pci_dev *pdev, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, u8 bus, u8 devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); @@ -105,8 +106,8 @@ int is_igd_vt_enabled_quirk(void); void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); -int __must_check me_wifi_quirk(struct domain *domain, - u8 bus, u8 devfn, int map); +int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, + uint8_t devfn, unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 52601303fa..a4a1c5141b 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -116,6 +116,7 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; return 0; } @@ -1353,15 +1354,27 @@ static void __hwdom_init intel_iommu_hwdom_init(struct domain *d) } } +/* + * This function returns + * - a negative errno value upon error, + * - zero upon success when previously the entry was non-present, or this isn't + * the "main" request for a device (pdev == NULL), or for no-op quarantining + * assignments, + * - positive (one) upon success when previously the entry was present and this + * is the "main" request for a device (pdev != NULL). + */ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *pdev) + uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, + unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); - struct context_entry *context, *context_entries; + struct context_entry *context, *context_entries, lctxt; + __uint128_t old; u64 maddr, pgd_maddr; - u16 seg = iommu->drhd->segment; + uint16_t seg = iommu->drhd->segment, prev_did = 0; + struct domain *prev_dom = NULL; int agaw, rc, ret; bool_t flush_dev_iotlb; @@ -1370,17 +1383,32 @@ int domain_context_mapping_one( maddr = bus_to_context_maddr(iommu, bus); context_entries = (struct context_entry *)map_vtd_domain_page(maddr); context = &context_entries[devfn]; + old = (lctxt = *context).full; - if ( context_present(*context) ) + if ( context_present(lctxt) ) { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return 0; + domid_t domid; + + prev_did = context_domain_id(lctxt); + domid = iommu->domid_map[prev_did]; + if ( domid < DOMID_FIRST_RESERVED ) + prev_dom = rcu_lock_domain_by_id(domid); + else if ( domid == DOMID_IO ) + prev_dom = rcu_lock_domain(dom_io); + if ( !prev_dom ) + { + spin_unlock(&iommu->lock); + unmap_vtd_domain_page(context_entries); + dprintk(XENLOG_DEBUG VTDPREFIX, + "no domain for did %u (nr_dom %u)\n", + prev_did, cap_ndoms(iommu->cap)); + return -ESRCH; + } } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) { - context_set_translation_type(*context, CONTEXT_TT_PASS_THRU); + context_set_translation_type(lctxt, CONTEXT_TT_PASS_THRU); agaw = level_to_agaw(iommu->nr_pt_levels); } else @@ -1397,6 +1425,8 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -ENOMEM; } } @@ -1414,33 +1444,102 @@ int domain_context_mapping_one( goto nomem; } - context_set_address_root(*context, pgd_maddr); + context_set_address_root(lctxt, pgd_maddr); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) - context_set_translation_type(*context, CONTEXT_TT_DEV_IOTLB); + context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else - context_set_translation_type(*context, CONTEXT_TT_MULTI_LEVEL); + context_set_translation_type(lctxt, CONTEXT_TT_MULTI_LEVEL); spin_unlock(&hd->arch.mapping_lock); } - if ( context_set_domain_id(context, domain, iommu) ) + rc = context_set_domain_id(&lctxt, domain, iommu); + if ( rc ) { + unlock: spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); - return -EFAULT; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + return rc; + } + + if ( !prev_dom ) + { + context_set_address_width(lctxt, agaw); + context_set_fault_enable(lctxt); + context_set_present(lctxt); + } + else if ( prev_dom == domain ) + { + ASSERT(lctxt.full == context->full); + rc = !!pdev; + goto unlock; + } + else + { + ASSERT(context_address_width(lctxt) == agaw); + ASSERT(!context_fault_disable(lctxt)); + } + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(context, &old, &lctxt.full); + + /* + * Hardware does not update the context entry behind our backs, + * so the return value should match "old". + */ + if ( res != old ) + { + if ( pdev ) + check_cleanup_domid_map(domain, pdev, iommu); + printk(XENLOG_ERR + "%04x:%02x:%02x.%u: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", + pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + rc = -EILSEQ; + goto unlock; + } + } + else if ( !prev_dom || !(mode & MAP_WITH_RMRR) ) + { + context_clear_present(*context); + iommu_sync_cache(context, sizeof(*context)); + + write_atomic(&context->hi, lctxt.hi); + /* No barrier should be needed between these two. */ + write_atomic(&context->lo, lctxt.lo); + } + else /* Best effort, updating DID last. */ + { + /* + * By non-atomically updating the context entry's DID field last, + * during a short window in time TLB entries with the old domain ID + * but the new page tables may be inserted. This could affect I/O + * of other devices using this same (old) domain ID. Such updating + * therefore is not a problem if this was the only device associated + * with the old domain ID. Diverting I/O of any of a dying domain's + * devices to the quarantine page tables is intended anyway. + */ + if ( !(mode & (MAP_OWNER_DYING | MAP_SINGLE_DEVICE)) ) + printk(XENLOG_WARNING VTDPREFIX + " %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", + seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), prev_dom); + + write_atomic(&context->lo, lctxt.lo); + /* No barrier should be needed between these two. */ + write_atomic(&context->hi, lctxt.hi); } - context_set_address_width(*context, agaw); - context_set_fault_enable(*context); - context_set_present(*context); iommu_sync_cache(context, sizeof(struct context_entry)); spin_unlock(&iommu->lock); - /* Context entry was previously non-present (with domid 0). */ - rc = iommu_flush_context_device(iommu, 0, PCI_BDF2(bus, devfn), - DMA_CCMD_MASK_NOBIT, 1); + rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF2(bus, devfn), + DMA_CCMD_MASK_NOBIT, !prev_dom); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - ret = iommu_flush_iotlb_dsi(iommu, 0, 1, flush_dev_iotlb); + ret = iommu_flush_iotlb_dsi(iommu, prev_did, !prev_dom, flush_dev_iotlb); /* * The current logic for returns: @@ -1461,17 +1560,26 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, MAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, mode); if ( rc ) { - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + if ( !prev_dom ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); + else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + mode & MAP_WITH_RMRR) < 0; + else + ret = 1; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); } - return rc; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + + return rc ?: pdev && prev_dom; } static int domain_context_unmap(struct domain *d, uint8_t devfn, @@ -1481,8 +1589,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; int ret = 0; - uint16_t seg = pdev->seg; + unsigned int i, mode = 0; + uint16_t seg = pdev->seg, bdf; uint8_t bus = pdev->bus, secbus; drhd = acpi_find_matched_drhd_unit(pdev); @@ -1502,8 +1612,29 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, ASSERT(pcidevs_locked()); + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment != pdev->seg || bdf != pdev->sbdf.bdf ) + continue; + + mode |= MAP_WITH_RMRR; + break; + } + + if ( domain != pdev->domain ) + { + if ( pdev->domain->is_dying ) + mode |= MAP_OWNER_DYING; + else if ( drhd && + !any_pdev_behind_iommu(pdev->domain, pdev, drhd->iommu) && + !pdev->phantom_stride ) + mode |= MAP_SINGLE_DEVICE; + } + switch ( pdev->type ) { + bool prev_present; + case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "d%d:Hostbridge: skip %04x:%02x:%02x.%u map\n", @@ -1524,7 +1655,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); + pdev, mode); + if ( ret > 0 ) + ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) enable_ats_device(pdev, &drhd->iommu->ats_devices); @@ -1537,9 +1670,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); - if ( ret ) + pdev, mode); + if ( ret < 0 ) break; + prev_present = ret; if ( (ret = find_upstream_bridge(seg, &bus, &devfn, &secbus)) < 1 ) { @@ -1547,6 +1681,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; ret = -ENXIO; } + /* + * Strictly speaking if the device is the only one behind this bridge + * and the only one with this (secbus,0,0) tuple, it could be allowed + * to be re-assigned regardless of RMRR presence. But let's deal with + * that case only if it is actually found in the wild. + */ + else if ( prev_present && (mode & MAP_WITH_RMRR) && + domain != pdev->domain ) + ret = -EOPNOTSUPP; /* * Mapping a bridge should, if anything, pass the struct pci_dev of @@ -1555,7 +1698,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL); + NULL, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1570,10 +1713,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL); + NULL, mode); if ( ret ) - domain_context_unmap(domain, devfn, pdev); + { + if ( !prev_present ) + domain_context_unmap(domain, devfn, pdev); + else if ( pdev->domain != domain ) /* Avoid infinite recursion. */ + domain_context_mapping(pdev->domain, devfn, pdev); + } break; @@ -2352,9 +2500,8 @@ static int reassign_device_ownership( { int ret; - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_assign(target); /* * Devices assigned to untrusted domains (here assumed to be any domU) @@ -2364,6 +2511,31 @@ static int reassign_device_ownership( if ( (target != hardware_domain) && !iommu_intremap ) untrusted_msi = true; + ret = domain_context_mapping(target, devfn, pdev); + if ( ret ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_deassign(target); + return ret; + } + + if ( pdev->devfn == devfn ) + { + const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + + if ( drhd ) + check_cleanup_domid_map(source, pdev, drhd->iommu); + } + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + + if ( !has_arch_pdevs(source) ) + vmx_pi_hooks_deassign(source); + /* * If the device belongs to the hardware domain, and it has RMRR, don't * remove it from the hardware domain, because BIOS may use RMRR at @@ -2392,34 +2564,7 @@ static int reassign_device_ownership( } } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - if ( !has_arch_pdevs(source) ) - vmx_pi_hooks_deassign(source); - - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_assign(target); - - ret = domain_context_mapping(target, devfn, pdev); - if ( ret ) - { - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_deassign(target); - - return ret; - } - - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - - return ret; + return 0; } static int intel_iommu_assign_device( diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 32b39c606a..503b07ffb7 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -202,8 +202,12 @@ struct root_entry { do {(root).val |= ((value) & PAGE_MASK_4K);} while(0) struct context_entry { - u64 lo; - u64 hi; + union { + struct { + uint64_t lo, hi; + }; + __uint128_t full; + }; }; #define ROOT_ENTRY_NR (PAGE_SIZE_4K/sizeof(struct root_entry)) #define context_present(c) ((c).lo & 1) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 1de2578378..7323e0f702 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -344,7 +344,8 @@ void __init platform_quirks_init(void) */ static int __must_check map_me_phantom_function(struct domain *domain, - u32 dev, int map) + unsigned int dev, + unsigned int mode) { struct acpi_drhd_unit *drhd; struct pci_dev *pdev; @@ -355,9 +356,9 @@ static int __must_check map_me_phantom_function(struct domain *domain, drhd = acpi_find_matched_drhd_unit(pdev); /* map or unmap ME phantom function */ - if ( map ) + if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL); + PCI_DEVFN(dev, 7), NULL, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, PCI_DEVFN(dev, 7)); @@ -365,7 +366,8 @@ static int __must_check map_me_phantom_function(struct domain *domain, return rc; } -int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) +int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, + unsigned int mode) { u32 id; int rc = 0; @@ -389,7 +391,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, map); + rc = map_me_phantom_function(domain, 3, mode); break; default: break; @@ -415,7 +417,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, map); + rc = map_me_phantom_function(domain, 22, mode); break; default: break; diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index bb8889f350..e4ab242fee 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -22,8 +22,14 @@ #include -#define MAP_ME_PHANTOM_FUNC 1 -#define UNMAP_ME_PHANTOM_FUNC 0 +/* + * Values for domain_context_mapping_one()'s and me_wifi_quirk()'s "mode" + * parameters. + */ +#define MAP_WITH_RMRR (1u << 0) +#define MAP_OWNER_DYING (1u << 1) +#define MAP_SINGLE_DEVICE (1u << 2) +#define UNMAP_ME_PHANTOM_FUNC (1u << 3) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:37:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:37:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300054.511597 (Exim 4.92) (envelope-from ) id 1nc8es-0006va-Py; Wed, 06 Apr 2022 16:37:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300054.511597; Wed, 06 Apr 2022 16:37:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8es-0006vS-Mw; Wed, 06 Apr 2022 16:37:26 +0000 Received: by outflank-mailman (input) for mailman id 300054; Wed, 06 Apr 2022 16:37:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8er-0006vD-1u for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8er-0000Ta-10 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8er-0004iD-0R for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=niSdScab196tPj08Nu1iszo+BIj/XC6pHS/ez/2Q1Gw=; b=lMVcDqywfOVlkChb7tkA5ISDy5 IQMAbP3FVus9I8i/Y5UItILB6J2KR6C8Jd/bAkiinoUV5ed93EXR2ywqubXNG89OC8tMLJ7RxnrLV SZvlt+upijXJnjapKfHjG3s7yPM3cdCDyEjKFvz9T3305haZvfjbwT2y/HeCd8YCtlMo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] AMD/IOMMU: re-assign devices directly Message-Id: Date: Wed, 06 Apr 2022 16:37:25 +0000 commit 037d360f578eb71c522af6550085e3df56d4fd30 Author: Jan Beulich AuthorDate: Tue Apr 5 15:12:46 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:12:46 2022 +0200 AMD/IOMMU: re-assign devices directly Devices with unity map ranges, due to it being unspecified how/when these memory ranges may get accessed, may not be left disconnected from their unity mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than tearing down the old root page table pointer and then establishing the new one, re-assignment needs to be done in a single step. This is CVE-2022-26360 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any unity map ranges. The main difference is when it comes to updating DTEs, which need to be atomic when there are unity mappings. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© master commit: 1fa6e9aa36233fe9c29a204fcb2697e985b8345f master date: 2022-04-05 14:18:04 +0200 --- xen/drivers/passthrough/amd/iommu.h | 10 +- xen/drivers/passthrough/amd/iommu_map.c | 67 ++++++++++- xen/drivers/passthrough/amd/pci_amd_iommu.c | 180 ++++++++++++++++++++-------- 3 files changed, 200 insertions(+), 57 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index fc4fd051b8..b1194ca92f 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -247,9 +247,13 @@ void amd_iommu_set_intremap_table(struct amd_iommu_dte *dte, const void *ptr, const struct amd_iommu *iommu, bool valid); -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid); +#define SET_ROOT_VALID (1u << 0) +#define SET_ROOT_WITH_UNITY_MAP (1u << 1) +int __must_check amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, + uint16_t domain_id, + uint8_t paging_mode, + unsigned int flags); void iommu_dte_add_device_entry(struct amd_iommu_dte *dte, const struct ivrs_mappings *ivrs_dev); void iommu_dte_set_guest_cr3(struct amd_iommu_dte *dte, uint16_t dom_id, diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 90c6e8b93e..d10dd1ac8e 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -99,10 +99,69 @@ static unsigned int set_iommu_pte_present(unsigned long pt_mfn, return flush_flags; } -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid) +/* + * This function returns + * - -errno for errors, + * - 0 for a successful update, atomic when necessary + * - 1 for a successful but non-atomic update, which may need to be warned + * about by the caller. + */ +int amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, uint16_t domain_id, + uint8_t paging_mode, unsigned int flags) { + bool valid = flags & SET_ROOT_VALID; + + if ( dte->v && dte->tv && + (cpu_has_cx16 || (flags & SET_ROOT_WITH_UNITY_MAP)) ) + { + union { + struct amd_iommu_dte dte; + uint64_t raw64[4]; + __uint128_t raw128[2]; + } ldte = { .dte = *dte }; + __uint128_t old = ldte.raw128[0]; + int ret = 0; + + ldte.dte.domain_id = domain_id; + ldte.dte.pt_root = paddr_to_pfn(root_ptr); + ldte.dte.iw = true; + ldte.dte.ir = true; + ldte.dte.paging_mode = paging_mode; + ldte.dte.v = valid; + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(dte, &old, &ldte.raw128[0]); + + /* + * Hardware does not update the DTE behind our backs, so the + * return value should match "old". + */ + if ( res != old ) + { + printk(XENLOG_ERR + "Dom%d: unexpected DTE %016lx_%016lx (expected %016lx_%016lx)\n", + domain_id, + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + ret = -EILSEQ; + } + } + else /* Best effort, updating domain_id last. */ + { + uint64_t *ptr = (void *)dte; + + write_atomic(ptr + 0, ldte.raw64[0]); + /* No barrier should be needed between these two. */ + write_atomic(ptr + 1, ldte.raw64[1]); + + ret = 1; + } + + return ret; + } + if ( valid || dte->v ) { dte->tv = false; @@ -117,6 +176,8 @@ void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, smp_wmb(); dte->tv = true; dte->v = valid; + + return 0; } void amd_iommu_set_intremap_table( diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 627ed79508..e87abbeb74 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -82,40 +82,81 @@ int get_dma_requestor_id(uint16_t seg, uint16_t bdf) return req_id; } -static void amd_iommu_setup_domain_device( +static int __must_check allocate_domain_resources(struct domain_iommu *hd) +{ + int rc; + + spin_lock(&hd->arch.mapping_lock); + rc = amd_iommu_alloc_root(hd); + spin_unlock(&hd->arch.mapping_lock); + + return rc; +} + +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct amd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + if ( pdev == exclude ) + continue; + + if ( find_iommu_for_device(pdev->seg, pdev->sbdf.bdf) == iommu ) + return true; + } + + return false; +} + +static int __must_check amd_iommu_setup_domain_device( struct domain *domain, struct amd_iommu *iommu, uint8_t devfn, struct pci_dev *pdev) { struct amd_iommu_dte *table, *dte; unsigned long flags; - int req_id, valid = 1; + unsigned int req_id, sr_flags; + int rc; u8 bus = pdev->bus; - const struct domain_iommu *hd = dom_iommu(domain); + struct domain_iommu *hd = dom_iommu(domain); + const struct ivrs_mappings *ivrs_dev; + + BUG_ON(!hd->arch.paging_mode || !iommu->dev_table.buffer); - BUG_ON( !hd->arch.root_table || !hd->arch.paging_mode || - !iommu->dev_table.buffer ); + rc = allocate_domain_resources(hd); + if ( rc ) + return rc; - if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) - valid = 0; + req_id = get_dma_requestor_id(iommu->seg, pdev->sbdf.bdf); + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + sr_flags = (iommu_hwdom_passthrough && is_hardware_domain(domain) + ? 0 : SET_ROOT_VALID) + | (ivrs_dev->unity_map ? SET_ROOT_WITH_UNITY_MAP : 0); /* get device-table entry */ req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); table = iommu->dev_table.buffer; dte = &table[req_id]; + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { - const struct ivrs_mappings *ivrs_dev; - /* bind DTE to domain page-tables */ - amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), domain->domain_id, - hd->arch.paging_mode, valid); + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode, sr_flags); + if ( rc ) + { + ASSERT(rc < 0); + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } /* Undo what amd_iommu_disable_domain_device() may have done. */ - ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; if ( dte->it_root ) { dte->int_ctl = IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED; @@ -130,17 +171,74 @@ static void amd_iommu_setup_domain_device( dte->i = ats_enabled; amd_iommu_flush_device(iommu, req_id); + } + else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.root_table)) ) + { + /* + * Strictly speaking if the device is the only one with this requestor + * ID, it could be allowed to be re-assigned regardless of unity map + * presence. But let's deal with that case only if it is actually + * found in the wild. + */ + if ( req_id != PCI_BDF2(bus, devfn) && + (sr_flags & SET_ROOT_WITH_UNITY_MAP) ) + rc = -EOPNOTSUPP; + else + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode, sr_flags); + if ( rc < 0 ) + { + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } + if ( rc && + domain != pdev->domain && + /* + * By non-atomically updating the DTE's domain ID field last, + * during a short window in time TLB entries with the old domain + * ID but the new page tables may have been inserted. This could + * affect I/O of other devices using this same (old) domain ID. + * Such updating therefore is not a problem if this was the only + * device associated with the old domain ID. Diverting I/O of any + * of a dying domain's devices to the quarantine page tables is + * intended anyway. + */ + !pdev->domain->is_dying && + (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || + pdev->phantom_stride) ) + printk(" %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", + pdev->seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + pdev->domain); + + /* + * Check remaining settings are still in place from an earlier call + * here. They're all independent of the domain, so should not have + * changed. + */ + if ( dte->it_root ) + ASSERT(dte->int_ctl == IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED); + ASSERT(dte->iv == iommu_intremap); + ASSERT(dte->ex == ivrs_dev->dte_allow_exclusion); + ASSERT(dte->sys_mgt == MASK_EXTR(ivrs_dev->device_flags, + ACPI_IVHD_SYSTEM_MGMT)); - AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " - "root table = %#"PRIx64", " - "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode); + if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && + iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) + ASSERT(dte->i == ats_enabled); + + amd_iommu_flush_device(iommu, req_id); } spin_unlock_irqrestore(&iommu->lock, flags); + AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " + "root table = %#"PRIx64", " + "domain = %d, paging mode = %d\n", + req_id, pdev->type, + page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode); + ASSERT(pcidevs_locked()); if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && @@ -151,6 +249,8 @@ static void amd_iommu_setup_domain_device( amd_iommu_flush_iotlb(devfn, pdev, INV_IOMMU_ALL_PAGES_ADDRESS, 0); } + + return 0; } int __init acpi_ivrs_init(void) @@ -214,17 +314,6 @@ int amd_iommu_alloc_root(struct domain_iommu *hd) return 0; } -static int __must_check allocate_domain_resources(struct domain_iommu *hd) -{ - int rc; - - spin_lock(&hd->arch.mapping_lock); - rc = amd_iommu_alloc_root(hd); - spin_unlock(&hd->arch.mapping_lock); - - return rc; -} - int __read_mostly amd_iommu_min_paging_mode = 1; static int amd_iommu_domain_init(struct domain *d) @@ -324,7 +413,6 @@ static int reassign_device(struct domain *source, struct domain *target, { struct amd_iommu *iommu; int bdf, rc; - struct domain_iommu *t = dom_iommu(target); const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); @@ -338,7 +426,15 @@ static int reassign_device(struct domain *source, struct domain *target, return -ENODEV; } - amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); + if ( rc ) + return rc; + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } /* * If the device belongs to the hardware domain, and it has a unity mapping, @@ -354,27 +450,10 @@ static int reassign_device(struct domain *source, struct domain *target, return rc; } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - rc = allocate_domain_resources(t); - if ( rc ) - return rc; - - amd_iommu_setup_domain_device(target, iommu, devfn, pdev); AMD_IOMMU_DEBUG("Re-assign %04x:%02x:%02x.%u from dom%d to dom%d\n", pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - return 0; } @@ -538,8 +617,7 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) spin_unlock_irqrestore(&iommu->lock, flags); } - amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); - return 0; + return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:37:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:37:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300055.511601 (Exim 4.92) (envelope-from ) id 1nc8f2-0006yh-SP; Wed, 06 Apr 2022 16:37:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300055.511601; Wed, 06 Apr 2022 16:37:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8f2-0006yY-Oe; Wed, 06 Apr 2022 16:37:36 +0000 Received: by outflank-mailman (input) for mailman id 300055; Wed, 06 Apr 2022 16:37:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8f1-0006y8-4p for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8f1-0000Tk-41 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8f1-0004jC-3U for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2OHjfOtL3mlIgR/d9zzOd0isz/aOeeFSb3oYKT4VhYI=; b=g+7V5sGvJCeMZdlpLLGIKP3h8y yVbRVJV0338DbEQuD7yEaVu1zbO8UB+cthy47Mm1AXXBPLv32fzEgtMTMYnHixFw6WmD/upjImcAl sJecJQWDSjyqyuG324maCb60cNhauKNMeScTvYRBByy5fanZCpDZK1asOi6U5hQHvyI8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] VT-d: prepare for per-device quarantine page tables (part I) Message-Id: Date: Wed, 06 Apr 2022 16:37:35 +0000 commit 680517b6e376729497cbbaf5664fef6b67ebee71 Author: Jan Beulich AuthorDate: Tue Apr 5 15:13:02 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:13:02 2022 +0200 VT-d: prepare for per-device quarantine page tables (part I) Arrange for domain ID and page table root to be passed around, the latter in particular to domain_pgd_maddr() such that taking it from the per-domain fields can be overridden. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: eb19326a328d49a6a4dc3930391b340f3bcd8948 master date: 2022-04-05 14:18:26 +0200 --- xen/drivers/passthrough/vtd/extern.h | 8 +++-- xen/drivers/passthrough/vtd/iommu.c | 62 ++++++++++++++++++++++++------------ xen/drivers/passthrough/vtd/quirks.c | 13 +++++--- 3 files changed, 54 insertions(+), 29 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index f51f8aae0d..897dcff9ff 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -86,9 +86,10 @@ void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, - const struct pci_dev *pdev, unsigned int mode); + const struct pci_dev *pdev, domid_t domid, + paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn); + uint8_t bus, uint8_t devfn, domid_t domid); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); @@ -107,7 +108,8 @@ void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, - uint8_t devfn, unsigned int mode); + uint8_t devfn, domid_t domid, paddr_t pgd_maddr, + unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index a4a1c5141b..648573ddd9 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1367,12 +1367,12 @@ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); struct context_entry *context, *context_entries, lctxt; __uint128_t old; - u64 maddr, pgd_maddr; + uint64_t maddr; uint16_t seg = iommu->drhd->segment, prev_did = 0; struct domain *prev_dom = NULL; int agaw, rc, ret; @@ -1413,10 +1413,12 @@ int domain_context_mapping_one( } else { + paddr_t root = pgd_maddr; + spin_lock(&hd->arch.mapping_lock); /* Ensure we have pagetables allocated down to leaf PTE. */ - if ( hd->arch.pgd_maddr == 0 ) + if ( !root ) { addr_to_dma_page_maddr(domain, 0, 1); if ( hd->arch.pgd_maddr == 0 ) @@ -1429,22 +1431,24 @@ int domain_context_mapping_one( rcu_unlock_domain(prev_dom); return -ENOMEM; } + + root = hd->arch.pgd_maddr; } /* Skip top levels of page tables for 2- and 3-level DRHDs. */ - pgd_maddr = hd->arch.pgd_maddr; for ( agaw = level_to_agaw(4); agaw != level_to_agaw(iommu->nr_pt_levels); agaw-- ) { - struct dma_pte *p = map_vtd_domain_page(pgd_maddr); - pgd_maddr = dma_pte_addr(*p); + struct dma_pte *p = map_vtd_domain_page(root); + + root = dma_pte_addr(*p); unmap_vtd_domain_page(p); - if ( pgd_maddr == 0 ) + if ( !root ) goto nomem; } - context_set_address_root(lctxt, pgd_maddr); + context_set_address_root(lctxt, root); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else @@ -1560,15 +1564,21 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, mode); + rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); if ( rc ) { if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + { + hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + domain->domain_id, + hd->arch.pgd_maddr, mode & MAP_WITH_RMRR) < 0; + } else ret = 1; @@ -1590,6 +1600,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; + paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1655,7 +1666,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret > 0 ) ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) @@ -1670,7 +1682,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret < 0 ) break; prev_present = ret; @@ -1698,7 +1711,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1713,7 +1727,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); if ( ret ) { @@ -1742,7 +1757,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn) + uint8_t bus, uint8_t devfn, domid_t domid) { struct context_entry *context, *context_entries; u64 maddr; @@ -1800,7 +1815,7 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1853,7 +1868,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, printk(VTDPREFIX "d%d:PCIe: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1863,7 +1879,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( ret ) break; @@ -1889,12 +1906,15 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, /* PCIe to PCI/PCIx bridge */ if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0); + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + domain->domain_id); } else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 7323e0f702..c0deef556b 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -345,6 +345,8 @@ void __init platform_quirks_init(void) static int __must_check map_me_phantom_function(struct domain *domain, unsigned int dev, + domid_t domid, + paddr_t pgd_maddr, unsigned int mode) { struct acpi_drhd_unit *drhd; @@ -358,16 +360,17 @@ static int __must_check map_me_phantom_function(struct domain *domain, /* map or unmap ME phantom function */ if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL, mode); + PCI_DEVFN(dev, 7), NULL, + domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7)); + PCI_DEVFN(dev, 7), domid); return rc; } int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { u32 id; int rc = 0; @@ -391,7 +394,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, mode); + rc = map_me_phantom_function(domain, 3, domid, pgd_maddr, mode); break; default: break; @@ -417,7 +420,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, mode); + rc = map_me_phantom_function(domain, 22, domid, pgd_maddr, mode); break; default: break; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:37:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:37:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300056.511605 (Exim 4.92) (envelope-from ) id 1nc8fC-000726-V5; Wed, 06 Apr 2022 16:37:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300056.511605; Wed, 06 Apr 2022 16:37:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8fC-00071y-S7; Wed, 06 Apr 2022 16:37:46 +0000 Received: by outflank-mailman (input) for mailman id 300056; Wed, 06 Apr 2022 16:37:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8fB-00071e-80 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8fB-0000To-7E for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8fB-0004k3-6V for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Hdt0XfgbyQxkgpIKj4uohan13IdEl8wYHRey66ESrBU=; b=NqvxW1EVkCgK6g3am4RsD21f4h iGPaIrV638fkuqvm/76Ouop9E9mxlb8i6VgbGVlOcTTjK4Q24UuLBoRmJDwNbe1xG2ysJ+KFKubRu Nqd4Pacrof1hHaXznJMysn3gYYP8/McCUAQZhUsVH74y8G7YbRGHMJD69ffXzTnRp36U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] VT-d: prepare for per-device quarantine page tables (part II) Message-Id: Date: Wed, 06 Apr 2022 16:37:45 +0000 commit 77c1cb2ae4c6b1e854dc9e41117183da9e08097e Author: Jan Beulich AuthorDate: Tue Apr 5 15:13:20 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:13:20 2022 +0200 VT-d: prepare for per-device quarantine page tables (part II) Replace the passing of struct domain * by domid_t in preparation of per-device quarantine page tables also requiring per-device pseudo domain IDs, which aren't going to be associated with any struct domain instances. No functional change intended (except for slightly adjusted log message text). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 7131163c4806e3c7de24873164d1a003d2a27dee master date: 2022-04-05 14:18:48 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 648573ddd9..82ed48b2a3 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -58,8 +58,8 @@ static struct tasklet vtd_fault_tasklet; static int setup_hwdom_device(u8 devfn, struct pci_dev *); static void setup_hwdom_rmrr(struct domain *d); -static int domain_iommu_domid(struct domain *d, - struct vtd_iommu *iommu) +static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, + bool warn) { unsigned long nr_dom, i; @@ -67,16 +67,16 @@ static int domain_iommu_domid(struct domain *d, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) return i; i = find_next_bit(iommu->domid_bitmap, nr_dom, i+1); } - if ( !d->is_dying ) + if ( warn ) dprintk(XENLOG_ERR VTDPREFIX, - "Cannot get valid iommu %u domid: %pd\n", - iommu->index, d); + "No valid iommu %u domid for Dom%d\n", + iommu->index, domid); return -1; } @@ -84,8 +84,7 @@ static int domain_iommu_domid(struct domain *d, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 static int context_set_domain_id(struct context_entry *context, - struct domain *d, - struct vtd_iommu *iommu) + domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; @@ -96,7 +95,7 @@ static int context_set_domain_id(struct context_entry *context, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) { found = 1; break; @@ -112,7 +111,7 @@ static int context_set_domain_id(struct context_entry *context, dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: no free domain ids\n"); return -EFAULT; } - iommu->domid_map[i] = d->domain_id; + iommu->domid_map[i] = domid; } set_bit(i, iommu->domid_bitmap); @@ -121,9 +120,9 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) +static void cleanup_domid_map(domid_t domid, struct vtd_iommu *iommu) { - int iommu_domid = domain_iommu_domid(domain, iommu); + int iommu_domid = get_iommu_did(domid, iommu, false); if ( iommu_domid >= 0 ) { @@ -179,7 +178,7 @@ static void check_cleanup_domid_map(struct domain *d, if ( !found ) { clear_bit(iommu->index, &dom_iommu(d)->arch.iommu_bitmap); - cleanup_domid_map(d, iommu); + cleanup_domid_map(d->domain_id, iommu); } } @@ -636,7 +635,7 @@ static int __must_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, continue; flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - iommu_domid= domain_iommu_domid(d, iommu); + iommu_domid = get_iommu_did(d->domain_id, iommu, !d->is_dying); if ( iommu_domid == -1 ) continue; @@ -1457,7 +1456,7 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); } - rc = context_set_domain_id(&lctxt, domain, iommu); + rc = context_set_domain_id(&lctxt, domid, iommu); if ( rc ) { unlock: @@ -1782,7 +1781,7 @@ int domain_context_unmap_one( context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid= domain_iommu_domid(domain, iommu); + iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); if ( iommu_domid == -1 ) { spin_unlock(&iommu->lock); @@ -1954,7 +1953,7 @@ static void iommu_domain_teardown(struct domain *d) spin_unlock(&hd->arch.mapping_lock); for_each_drhd_unit ( drhd ) - cleanup_domid_map(d, drhd->iommu); + cleanup_domid_map(d->domain_id, drhd->iommu); } static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:37:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:37:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300057.511609 (Exim 4.92) (envelope-from ) id 1nc8fN-000773-0Q; Wed, 06 Apr 2022 16:37:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300057.511609; Wed, 06 Apr 2022 16:37:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8fM-00076v-Tl; Wed, 06 Apr 2022 16:37:56 +0000 Received: by outflank-mailman (input) for mailman id 300057; Wed, 06 Apr 2022 16:37:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8fL-00076D-BT for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8fL-0000Ty-Ai for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8fL-0004l9-9y for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:37:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=w7wyxMMfln0a1+zpC83wvC5EU+0mHT1jaCWTXNRGT6s=; b=QK+HWSAzLtXNR39e6d1Rl86XOH B+slO/MV026DkuqFKsy0zxyDB9iahvgEMuNaypU5Q5Ns17jT68+nACZ+scmUblURg4hkk2Om/vYFO 3hZ6Q18q+H/h+f4hLHXVjxItslocicBTt8zi99B5EE/wKR69OeHzruoRaxW7xPcCvgHI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] IOMMU/x86: maintain a per-device pseudo domain ID Message-Id: Date: Wed, 06 Apr 2022 16:37:55 +0000 commit 27b89fdd092907af40d1945ea7b05db398d39565 Author: Jan Beulich AuthorDate: Tue Apr 5 15:13:43 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:13:43 2022 +0200 IOMMU/x86: maintain a per-device pseudo domain ID In order to subsequently enable per-device quarantine page tables, we'll need domain-ID-like identifiers to be inserted in the respective device (AMD) or context (Intel) table entries alongside the per-device page table root addresses. Make use of "real" domain IDs occupying only half of the value range coverable by domid_t. Note that in VT-d's iommu_alloc() I didn't want to introduce new memory leaks in case of error, but existing ones don't get plugged - that'll be the subject of a later change. The VT-d changes are slightly asymmetric, but this way we can avoid assigning pseudo domain IDs to devices which would never be mapped while still avoiding to add a new parameter to domain_context_unmap(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 97af062b89d52c0ecf7af254b53345c97d438e33 master date: 2022-04-05 14:19:10 +0200 --- xen/drivers/passthrough/amd/iommu.h | 1 + xen/drivers/passthrough/amd/iommu_detect.c | 8 ++++ xen/drivers/passthrough/amd/pci_amd_iommu.c | 22 ++++++++- xen/drivers/passthrough/pci.c | 11 +++-- xen/drivers/passthrough/vtd/iommu.c | 69 ++++++++++++++++++++++++----- xen/drivers/passthrough/vtd/iommu.h | 1 + xen/drivers/passthrough/x86/iommu.c | 47 ++++++++++++++++++++ xen/include/asm-x86/iommu.h | 4 ++ xen/include/asm-x86/pci.h | 6 +++ 9 files changed, 153 insertions(+), 16 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index b1194ca92f..79c6a5b5b0 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -96,6 +96,7 @@ struct amd_iommu { struct ring_buffer cmd_buffer; struct ring_buffer event_log; struct ring_buffer ppr_log; + unsigned long *domid_map; int exclusion_enable; int exclusion_allow_all; diff --git a/xen/drivers/passthrough/amd/iommu_detect.c b/xen/drivers/passthrough/amd/iommu_detect.c index 8312bb4b6f..a5fa647a18 100644 --- a/xen/drivers/passthrough/amd/iommu_detect.c +++ b/xen/drivers/passthrough/amd/iommu_detect.c @@ -180,6 +180,11 @@ int __init amd_iommu_detect_one_acpi( if ( rt ) goto out; + iommu->domid_map = iommu_init_domid(); + rt = -ENOMEM; + if ( !iommu->domid_map ) + goto out; + rt = pci_ro_device(iommu->seg, bus, PCI_DEVFN(dev, func)); if ( rt ) printk(XENLOG_ERR @@ -191,7 +196,10 @@ int __init amd_iommu_detect_one_acpi( out: if ( rt ) + { + xfree(iommu->domid_map); xfree(iommu); + } return rt; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index e87abbeb74..bd5f61fc3f 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -554,6 +554,8 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) struct amd_iommu *iommu; u16 bdf; struct ivrs_mappings *ivrs_mappings; + bool fresh_domid = false; + int ret; if ( !pdev->domain ) return -EINVAL; @@ -617,7 +619,22 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) spin_unlock_irqrestore(&iommu->lock, flags); } - return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = iommu_alloc_domid(iommu->domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + fresh_domid = true; + } + + ret = amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( ret && fresh_domid ) + { + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + + return ret; } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) @@ -642,6 +659,9 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, devfn); if ( amd_iommu_perdev_intremap && diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index f15af59764..0dfe30e38a 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -339,6 +339,7 @@ static struct pci_dev *alloc_pdev(struct pci_seg *pseg, u8 bus, u8 devfn) *((u8*) &pdev->bus) = bus; *((u8*) &pdev->devfn) = devfn; pdev->domain = NULL; + pdev->arch.pseudo_domid = DOMID_INVALID; INIT_LIST_HEAD(&pdev->msi_list); pos = pci_find_cap_offset(pseg->nr, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), @@ -1349,9 +1350,13 @@ static int _dump_pci_devices(struct pci_seg *pseg, void *arg) list_for_each_entry ( pdev, &pseg->alldevs_list, alldevs_list ) { - printk("%04x:%02x:%02x.%u - %pd - node %-3d - MSIs < ", - pseg->nr, pdev->bus, - PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn), pdev->domain, + printk("%04x:%02x:%02x.%u - ", pseg->nr, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); + if ( pdev->domain == dom_io ) + printk("DomIO:%x", pdev->arch.pseudo_domid); + else + printk("%pd", pdev->domain); + printk(" - node %-3d - MSIs < ", (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); list_for_each_entry ( msi, &pdev->msi_list, list ) printk("%d ", msi->irq); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 82ed48b2a3..52e9ec38e6 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -1195,7 +1196,7 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { struct vtd_iommu *iommu; unsigned long sagaw, nr_dom; - int agaw; + int agaw, rc; if ( nr_iommus >= MAX_IOMMUS ) { @@ -1288,7 +1289,16 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) if ( !iommu->domid_map ) return -ENOMEM; + iommu->pseudo_domid_map = iommu_init_domid(); + rc = -ENOMEM; + if ( !iommu->pseudo_domid_map ) + goto free; + return 0; + + free: + iommu_free(drhd); + return rc; } void __init iommu_free(struct acpi_drhd_unit *drhd) @@ -1311,6 +1321,7 @@ void __init iommu_free(struct acpi_drhd_unit *drhd) xfree(iommu->domid_bitmap); xfree(iommu->domid_map); + xfree(iommu->pseudo_domid_map); if ( iommu->msi.irq >= 0 ) destroy_irq(iommu->msi.irq); @@ -1591,8 +1602,8 @@ int domain_context_mapping_one( return rc ?: pdev && prev_dom; } -static int domain_context_unmap(struct domain *d, uint8_t devfn, - struct pci_dev *pdev); +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *d, uint8_t devfn, struct pci_dev *pdev); static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) @@ -1600,6 +1611,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; + domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1660,6 +1672,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCIe_ENDPOINT: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "d%d:PCIe: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, @@ -1675,6 +1695,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCI: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, @@ -1750,6 +1778,13 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && devfn == pdev->devfn ) pci_vtd_quirk(pdev); + if ( ret && drhd && orig_domid == DOMID_INVALID ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return ret; } @@ -1832,8 +1867,10 @@ int domain_context_unmap_one( return rc; } -static int domain_context_unmap(struct domain *domain, u8 devfn, - struct pci_dev *pdev) +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *domain, + uint8_t devfn, + struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -1843,7 +1880,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) - return -ENODEV; + return ERR_PTR(-ENODEV); iommu = drhd->iommu; switch ( pdev->type ) @@ -1854,7 +1891,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); if ( !is_hardware_domain(domain) ) - return -EPERM; + return ERR_PTR(-EPERM); goto out; case DEV_TYPE_PCIe_BRIDGE: @@ -1929,7 +1966,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, check_cleanup_domid_map(domain, pdev, iommu); out: - return ret; + return ret ? ERR_PTR(ret) : drhd; } static void iommu_domain_teardown(struct domain *d) @@ -2153,16 +2190,17 @@ static int intel_iommu_enable_device(struct pci_dev *pdev) static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { + const struct acpi_drhd_unit *drhd; struct acpi_rmrr_unit *rmrr; u16 bdf; - int ret, i; + unsigned int i; if ( !pdev->domain ) return -EINVAL; - ret = domain_context_unmap(pdev->domain, devfn, pdev); - if ( ret ) - return ret; + drhd = domain_context_unmap(pdev->domain, devfn, pdev); + if ( IS_ERR(drhd) ) + return PTR_ERR(drhd); for_each_rmrr_device ( rmrr, bdf, i ) { @@ -2179,6 +2217,13 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + if ( drhd ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 503b07ffb7..be44fc017f 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -535,6 +535,7 @@ struct vtd_iommu { } flush; struct list_head ats_devices; + unsigned long *pseudo_domid_map; /* "pseudo" domain id bitmap */ unsigned long *domid_bitmap; /* domain id bitmap */ u16 *domid_map; /* domain id mapping array */ uint32_t version; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 2db74e5a54..bf18f2f3a5 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -375,6 +375,53 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) return; } +unsigned long *__init iommu_init_domid(void) +{ + if ( !iommu_quarantine ) + return ZERO_BLOCK_PTR; + + BUILD_BUG_ON(DOMID_MASK * 2U >= UINT16_MAX); + + return xzalloc_array(unsigned long, + BITS_TO_LONGS(UINT16_MAX - DOMID_MASK)); +} + +domid_t iommu_alloc_domid(unsigned long *map) +{ + /* + * This is used uniformly across all IOMMUs, such that on typical + * systems we wouldn't re-use the same ID very quickly (perhaps never). + */ + static unsigned int start; + unsigned int idx = find_next_zero_bit(map, UINT16_MAX - DOMID_MASK, start); + + ASSERT(pcidevs_locked()); + + if ( idx >= UINT16_MAX - DOMID_MASK ) + idx = find_first_zero_bit(map, UINT16_MAX - DOMID_MASK); + if ( idx >= UINT16_MAX - DOMID_MASK ) + return DOMID_INVALID; + + __set_bit(idx, map); + + start = idx + 1; + + return idx | (DOMID_MASK + 1); +} + +void iommu_free_domid(domid_t domid, unsigned long *map) +{ + ASSERT(pcidevs_locked()); + + if ( domid == DOMID_INVALID ) + return; + + ASSERT(domid > DOMID_MASK); + + if ( !__test_and_clear_bit(domid & DOMID_MASK, map) ) + BUG(); +} + /* * Local variables: * mode: C diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index aaf9455b8e..389417d198 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -130,6 +130,10 @@ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, iommu_vcall(ops, sync_cache, addr, size); \ }) +unsigned long *iommu_init_domid(void); +domid_t iommu_alloc_domid(unsigned long *map); +void iommu_free_domid(domid_t domid, unsigned long *map); + #endif /* !__ARCH_X86_IOMMU_H__ */ /* * Local variables: diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index cc05045e9c..70ed48e309 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -15,6 +15,12 @@ struct arch_pci_dev { vmask_t used_vectors; + /* + * These fields are (de)initialized under pcidevs-lock. Other uses of + * them don't race (de)initialization and hence don't strictly need any + * locking. + */ + domid_t pseudo_domid; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:38:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:38:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300058.511613 (Exim 4.92) (envelope-from ) id 1nc8fW-0007BJ-27; Wed, 06 Apr 2022 16:38:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300058.511613; Wed, 06 Apr 2022 16:38:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8fV-0007BB-VF; Wed, 06 Apr 2022 16:38:05 +0000 Received: by outflank-mailman (input) for mailman id 300058; Wed, 06 Apr 2022 16:38:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8fV-0007B2-GD for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:38:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8fV-0000UF-Dv for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:38:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8fV-0004mB-DD for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:38:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=e0fiA76+nb+HET7cIzcEAsX1fwxgjSXNBgBt6H17d+Q=; b=0liVyVoQu1AYSbcVq6xZK9tti2 Gj4ppESkKrCH2kis6bIuVCk47NwjXY+ZOBVEPok8RmNb0+rCA4SOHbhkHjGY3EKx72MNj0i21so5W w1CPX1axnOcKodHkOTzdXMUSZ6vL4OurELSoxKNdx7Kw6pBQ2Q+3otWUezcdBFhnS3+c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] IOMMU/x86: drop TLB flushes from quarantine_init() hooks Message-Id: Date: Wed, 06 Apr 2022 16:38:05 +0000 commit bdea7e425cbf182ebca3588792109b4e8c38bc8f Author: Jan Beulich AuthorDate: Tue Apr 5 15:14:15 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:14:15 2022 +0200 IOMMU/x86: drop TLB flushes from quarantine_init() hooks The page tables just created aren't hooked up yet anywhere, so there's nothing that could be present in any TLB, and hence nothing to flush. Dropping this flush is, at least on the VT-d side, a prereq to per- device domain ID use when quarantining devices, as dom_io isn't going to be assigned a DID anymore: The warning in get_iommu_did() would trigger. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 54c5cef49239e2f27ec3b3fc8804bf57aa4bf46d master date: 2022-04-05 14:19:42 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 2 -- xen/drivers/passthrough/vtd/iommu.c | 5 +---- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index d10dd1ac8e..eb38c9a0bf 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -585,8 +585,6 @@ int __init amd_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - amd_iommu_flush_all_pages(d); - /* Pages leaked in failure case */ return level ? -ENOMEM : 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 52e9ec38e6..322c395403 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2914,7 +2914,6 @@ static int __init intel_iommu_quarantine_init(struct domain *d) struct dma_pte *parent; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); - int rc; if ( hd->arch.pgd_maddr ) { @@ -2961,10 +2960,8 @@ static int __init intel_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - rc = iommu_flush_iotlb_all(d); - /* Pages leaked in failure case */ - return level ? -ENOMEM : rc; + return level ? -ENOMEM : 0; } const struct iommu_ops __initconstrel intel_iommu_ops = { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:38:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:38:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300059.511617 (Exim 4.92) (envelope-from ) id 1nc8fg-0007EU-3l; Wed, 06 Apr 2022 16:38:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300059.511617; Wed, 06 Apr 2022 16:38:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8fg-0007EM-0R; Wed, 06 Apr 2022 16:38:16 +0000 Received: by outflank-mailman (input) for mailman id 300059; Wed, 06 Apr 2022 16:38:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8ff-0007EC-Hj for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:38:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8ff-0000UJ-Gn for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:38:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8ff-0004n8-G6 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:38:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QRssOYgPgph5JyW0p95lI5Rza4ZIZBTh7TIP+4Ixehg=; b=mZEb25RlqoRD//duvA76FjYJKg /FTRPochn/QrhTV1Rg6gGpGlUGJ5/pa2Dhb3Cz5EhgZGBvRaJXrNhczrOhTwQWz4K9IhI1LjCQz0t fJ68+bVCIeQXnKBZ+o5xxqYF5mu2iDLwGqfWGvaXwP+NUw63Xaphvy3PwoUYQGDoOcNg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] AMD/IOMMU: abstract maximum number of page table levels Message-Id: Date: Wed, 06 Apr 2022 16:38:15 +0000 commit 3e4c94da53b8943f37d458b968d582db3b5d952b Author: Jan Beulich AuthorDate: Tue Apr 5 15:14:33 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:14:33 2022 +0200 AMD/IOMMU: abstract maximum number of page table levels We will want to use the constant elsewhere. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: a038b514c1e970a8dc32229cbd31f6769ee61ad5 master date: 2022-04-05 14:20:04 +0200 --- xen/drivers/passthrough/amd/iommu-defs.h | 1 + xen/drivers/passthrough/amd/iommu.h | 2 +- xen/drivers/passthrough/amd/iommu_map.c | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu-defs.h b/xen/drivers/passthrough/amd/iommu-defs.h index 0c97db2a32..8810e497b9 100644 --- a/xen/drivers/passthrough/amd/iommu-defs.h +++ b/xen/drivers/passthrough/amd/iommu-defs.h @@ -106,6 +106,7 @@ struct amd_iommu_dte { bool tv:1; unsigned int :5; unsigned int had:2; +#define IOMMU_MAX_PT_LEVELS 6 unsigned int paging_mode:3; uint64_t pt_root:40; bool ppr:1; diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 79c6a5b5b0..1cddbb9f94 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -362,7 +362,7 @@ static inline int amd_iommu_get_paging_mode(unsigned long max_frames) while ( max_frames > PTE_PER_TABLE_SIZE ) { max_frames = PTE_PER_TABLE_ALIGN(max_frames) >> PTE_PER_TABLE_SHIFT; - if ( ++level > 6 ) + if ( ++level > IOMMU_MAX_PT_LEVELS ) return -ENOMEM; } diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index eb38c9a0bf..544c5bc2e4 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -256,7 +256,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, table = hd->arch.root_table; level = hd->arch.paging_mode; - BUG_ON( table == NULL || level < 1 || level > 6 ); + BUG_ON( table == NULL || level < 1 || level > IOMMU_MAX_PT_LEVELS ); /* * A frame number past what the current page tables can represent can't -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 16:38:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 16:38:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300060.511620 (Exim 4.92) (envelope-from ) id 1nc8fq-0007J6-6z; Wed, 06 Apr 2022 16:38:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300060.511620; Wed, 06 Apr 2022 16:38:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8fq-0007Iy-3J; Wed, 06 Apr 2022 16:38:26 +0000 Received: by outflank-mailman (input) for mailman id 300060; Wed, 06 Apr 2022 16:38:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8fp-0007In-Kp for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:38:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nc8fp-0000V5-K2 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:38:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nc8fp-0004o9-JT for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 16:38:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bxYtd5qoWmiGwdA0BYGwRFbrbHCE2tKkXCfb0YvipN0=; b=W/Lh1m1QwaM9kLe2DOmSLhh4j/ MGbU4STIm/aJDb6t4qdCgFg/OTOuAS9dgoKUsTUY8Ii6BDN+gYUpSIFFGjDTu7Y3TxJXJPEoG9RLd sqio/oCrzWPD6qLoP/28AyavUuSmRfKTW6B0ogvdfu/1QHhVECJ21G19DKIkDJFGSSJ0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] IOMMU/x86: use per-device page tables for quarantining Message-Id: Date: Wed, 06 Apr 2022 16:38:25 +0000 commit faed81ff3940b377a981af37a89161bddcacdaf5 Author: Jan Beulich AuthorDate: Tue Apr 5 15:14:50 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:14:50 2022 +0200 IOMMU/x86: use per-device page tables for quarantining Devices with RMRRs / unity mapped regions, due to it being unspecified how/when these memory regions may be accessed, may not be left disconnected from the mappings of these regions (as long as it's not certain that the device has been fully quiesced). Hence even the page tables used when quarantining such devices need to have mappings of those regions. This implies installing page tables in the first place even when not in scratch-page quarantining mode. This is CVE-2022-26361 / part of XSA-400. While for the purpose here it would be sufficient to have devices with RMRRs / unity mapped regions use per-device page tables, extend this to all devices (in scratch-page quarantining mode). This allows the leaf pages to be mapped r/w, thus covering also memory writes (rather than just reads) issued by non-quiescent devices. Set up quarantine page tables as late as possible, yet early enough to not encounter failure during de-assign. This means setup generally happens in assign_device(), while (for now) the one in deassign_device() is there mainly to be on the safe side. In VT-d's DID allocation function don't require the IOMMU lock to be held anymore: All involved code paths hold pcidevs_lock, so this way we avoid the need to acquire the IOMMU lock around the new call to context_set_domain_id(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 14dd241aad8af447680ac73e8579990e2c09c1e7 master date: 2022-04-05 14:24:18 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/amd/iommu.h | 3 +- xen/drivers/passthrough/amd/iommu_map.c | 155 ++++++++++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 35 ++-- xen/drivers/passthrough/iommu.c | 18 +- xen/drivers/passthrough/pci.c | 20 ++- xen/drivers/passthrough/vtd/iommu.c | 247 ++++++++++++++++++++-------- xen/drivers/passthrough/vtd/iommu.h | 2 +- xen/include/asm-x86/pci.h | 13 ++ xen/include/xen/iommu.h | 3 +- 10 files changed, 363 insertions(+), 135 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index ee0f2f6a09..be5e9c031a 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1455,7 +1455,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int ret; - if ( !paging_mode_translate(p2m->domain) ) + if ( !paging_mode_translate(d) ) { if ( !is_iommu_enabled(d) ) return 0; diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 1cddbb9f94..6f011bd68f 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -223,7 +223,8 @@ int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); int iov_adjust_irq_affinities(void); -int amd_iommu_quarantine_init(struct domain *d); +int amd_iommu_quarantine_init(struct pci_dev *pdev); +void amd_iommu_quarantine_teardown(struct pci_dev *pdev); /* mapping functions */ int __must_check amd_iommu_map_page(struct domain *d, dfn_t dfn, diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 544c5bc2e4..8a39999192 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -529,64 +529,137 @@ int amd_iommu_reserve_domain_unity_unmap(struct domain *d, return rc; } -int __init amd_iommu_quarantine_init(struct domain *d) +static int fill_qpt(union amd_iommu_pte *this, unsigned int level, + struct page_info *pgs[IOMMU_MAX_PT_LEVELS], + struct pci_dev *pdev) { - struct domain_iommu *hd = dom_iommu(d); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_PER_TABLE_SIZE; ++i ) + { + union amd_iommu_pte *pte = &this[i], *next; + + if ( !pte->pr ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = alloc_amd_iommu_pgtable(); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + page_list_add(pgs[level], &pdev->arch.pgtables_list); + + if ( level ) + { + next = __map_domain_page(pgs[level]); + rc = fill_qpt(next, level - 1, pgs, pdev); + unmap_domain_page(next); + } + } + + /* + * PDEs are essentially a subset of PTEs, so this function + * is fine to use even at the leaf. + */ + set_iommu_pde_present(pte, mfn_x(page_to_mfn(pgs[level])), level, + true, true); + } + else if ( level && pte->next_level ) + { + page_list_add(mfn_to_page(_mfn(pte->mfn)), + &pdev->arch.pgtables_list); + next = map_domain_page(_mfn(pte->mfn)); + rc = fill_qpt(next, level - 1, pgs, pdev); + unmap_domain_page(next); + } + } + + return rc; +} + +int amd_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); unsigned long end_gfn = 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT); unsigned int level = amd_iommu_get_paging_mode(end_gfn); - union amd_iommu_pte *table; + unsigned int req_id = get_dma_requestor_id(pdev->seg, pdev->sbdf.bdf); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + int rc; + + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.root_table); - if ( hd->arch.root_table ) + ASSERT(pdev->arch.pseudo_domid != DOMID_INVALID); + + if ( pdev->arch.amd.root_table ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + pdev->arch.amd.root_table = alloc_amd_iommu_pgtable(); + if ( !pdev->arch.amd.root_table ) + return -ENOMEM; - hd->arch.root_table = alloc_amd_iommu_pgtable(); - if ( !hd->arch.root_table ) - goto out; + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.root_table = pdev->arch.amd.root_table; + + rc = amd_iommu_reserve_domain_unity_map(dom_io, + ivrs_mappings[req_id].unity_map, + 0); - table = __map_domain_page(hd->arch.root_table); - while ( level ) + iommu_identity_map_teardown(dom_io); + hd->arch.root_table = NULL; + + if ( rc ) + printk("%04x:%02x:%02x.%u: quarantine unity mapping failed\n", + pdev->seg, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); + else { - struct page_info *pg; - unsigned int i; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = alloc_amd_iommu_pgtable(); - if ( !pg ) - break; - - for ( i = 0; i < PTE_PER_TABLE_SIZE; i++ ) - { - union amd_iommu_pte *pde = &table[i]; + union amd_iommu_pte *root; + struct page_info *pgs[IOMMU_MAX_PT_LEVELS] = {}; - /* - * PDEs are essentially a subset of PTEs, so this function - * is fine to use even at the leaf. - */ - set_iommu_pde_present(pde, mfn_x(page_to_mfn(pg)), level - 1, - false, true); - } + spin_lock(&hd->arch.mapping_lock); - unmap_domain_page(table); - table = __map_domain_page(pg); - level--; + root = __map_domain_page(pdev->arch.amd.root_table); + rc = fill_qpt(root, level - 1, pgs, pdev); + unmap_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_domain_page(table); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc ) + amd_iommu_quarantine_teardown(pdev); + + return rc; +} + +void amd_iommu_quarantine_teardown(struct pci_dev *pdev) +{ + struct page_info *pg; + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.amd.root_table ) + return; + + while ( (pg = page_list_remove_head(&pdev->arch.pgtables_list)) ) + free_amd_iommu_pgtable(pg); - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + pdev->arch.amd.root_table = NULL; } /* diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index bd5f61fc3f..4cee9227df 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -122,6 +122,8 @@ static int __must_check amd_iommu_setup_domain_device( u8 bus = pdev->bus; struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; + const struct page_info *root_pg; + domid_t domid; BUG_ON(!hd->arch.paging_mode || !iommu->dev_table.buffer); @@ -141,14 +143,25 @@ static int __must_check amd_iommu_setup_domain_device( dte = &table[req_id]; ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + if ( domain != dom_io ) + { + root_pg = hd->arch.root_table; + domid = domain->domain_id; + } + else + { + root_pg = pdev->arch.amd.root_table; + domid = pdev->arch.pseudo_domid; + } + spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { /* bind DTE to domain page-tables */ rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.paging_mode, sr_flags); if ( rc ) { ASSERT(rc < 0); @@ -172,7 +185,7 @@ static int __must_check amd_iommu_setup_domain_device( amd_iommu_flush_device(iommu, req_id); } - else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.root_table)) ) + else if ( dte->pt_root != mfn_x(page_to_mfn(root_pg)) ) { /* * Strictly speaking if the device is the only one with this requestor @@ -185,8 +198,8 @@ static int __must_check amd_iommu_setup_domain_device( rc = -EOPNOTSUPP; else rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.paging_mode, sr_flags); if ( rc < 0 ) { spin_unlock_irqrestore(&iommu->lock, flags); @@ -205,6 +218,7 @@ static int __must_check amd_iommu_setup_domain_device( * intended anyway. */ !pdev->domain->is_dying && + pdev->domain != dom_io && (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || pdev->phantom_stride) ) printk(" %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", @@ -235,9 +249,8 @@ static int __must_check amd_iommu_setup_domain_device( AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " "root table = %#"PRIx64", " "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode); + req_id, pdev->type, page_to_maddr(root_pg), + domid, hd->arch.paging_mode); ASSERT(pcidevs_locked()); @@ -304,7 +317,7 @@ static int iov_enable_xt(void) int amd_iommu_alloc_root(struct domain_iommu *hd) { - if ( unlikely(!hd->arch.root_table) ) + if ( unlikely(!hd->arch.root_table) && hd != dom_iommu(dom_io) ) { hd->arch.root_table = alloc_amd_iommu_pgtable(); if ( !hd->arch.root_table ) @@ -395,7 +408,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, AMD_IOMMU_DEBUG("Disable: device id = %#x, " "domain = %d, paging mode = %d\n", - req_id, domain->domain_id, + req_id, dte->domain_id, dom_iommu(domain)->arch.paging_mode); } spin_unlock_irqrestore(&iommu->lock, flags); @@ -659,6 +672,8 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + amd_iommu_quarantine_teardown(pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); pdev->arch.pseudo_domid = DOMID_INVALID; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 75eef853f4..d44e7c970b 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -447,21 +447,21 @@ int iommu_iotlb_flush_all(struct domain *d, unsigned int flush_flags) return rc; } -static int __init iommu_quarantine_init(void) +int iommu_quarantine_dev_init(device_t *dev) { const struct domain_iommu *hd = dom_iommu(dom_io); - int rc; - dom_io->options |= XEN_DOMCTL_CDF_iommu; + if ( !iommu_quarantine || !hd->platform_ops->quarantine_init ) + return 0; - rc = iommu_domain_init(dom_io, 0); - if ( rc ) - return rc; + return iommu_call(hd->platform_ops, quarantine_init, dev); +} - if ( !hd->platform_ops->quarantine_init ) - return 0; +static int __init iommu_quarantine_init(void) +{ + dom_io->options |= XEN_DOMCTL_CDF_iommu; - return hd->platform_ops->quarantine_init(dom_io); + return iommu_domain_init(dom_io, 0); } int __init iommu_setup(void) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 0dfe30e38a..cdcb030843 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -929,9 +929,16 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus, return -ENODEV; /* De-assignment from dom_io should de-quarantine the device */ - target = ((pdev->quarantine || iommu_quarantine) && - pdev->domain != dom_io) ? - dom_io : hardware_domain; + if ( (pdev->quarantine || iommu_quarantine) && pdev->domain != dom_io ) + { + ret = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( ret ) + return ret; + + target = dom_io; + } + else + target = hardware_domain; while ( pdev->phantom_stride ) { @@ -1528,6 +1535,13 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) msixtbl_init(d); } + if ( pdev->domain != dom_io ) + { + rc = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( rc ) + goto done; + } + pdev->fault.count = 0; if ( (rc = hd->platform_ops->assign_device(d, devfn, pci_to_dev(pdev), flag)) ) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 322c395403..391a815d30 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -43,6 +43,12 @@ #include "vtd.h" #include "../ats.h" +#define DEVICE_DOMID(d, pdev) ((d) != dom_io ? (d)->domain_id \ + : (pdev)->arch.pseudo_domid) +#define DEVICE_PGTABLE(d, pdev) ((d) != dom_io \ + ? dom_iommu(d)->arch.pgd_maddr \ + : (pdev)->arch.vtd.pgd_maddr) + /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -84,13 +90,18 @@ static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 + +/* + * This function may have "context" passed as NULL, to merely obtain a DID + * for "domid". + */ static int context_set_domain_id(struct context_entry *context, domid_t domid, struct vtd_iommu *iommu) { unsigned long nr_dom, i; int found = 0; - ASSERT(spin_is_locked(&iommu->lock)); + ASSERT(pcidevs_locked()); nr_dom = cap_ndoms(iommu->cap); i = find_first_bit(iommu->domid_bitmap, nr_dom); @@ -116,8 +127,13 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); - context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); - context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + + if ( context ) + { + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); + context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + } + return 0; } @@ -167,8 +183,12 @@ static void check_cleanup_domid_map(struct domain *d, const struct pci_dev *exclude, struct vtd_iommu *iommu) { - bool found = any_pdev_behind_iommu(d, exclude, iommu); + bool found; + + if ( d == dom_io ) + return; + found = any_pdev_behind_iommu(d, exclude, iommu); /* * Hidden devices are associated with DomXEN but usable by the hardware * domain. Hence they need considering here as well. @@ -1403,7 +1423,7 @@ int domain_context_mapping_one( domid = iommu->domid_map[prev_did]; if ( domid < DOMID_FIRST_RESERVED ) prev_dom = rcu_lock_domain_by_id(domid); - else if ( domid == DOMID_IO ) + else if ( pdev ? domid == pdev->arch.pseudo_domid : domid > DOMID_MASK ) prev_dom = rcu_lock_domain(dom_io); if ( !prev_dom ) { @@ -1580,15 +1600,12 @@ int domain_context_mapping_one( { if ( !prev_dom ) ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ - { - hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, - domain->domain_id, - hd->arch.pgd_maddr, + DEVICE_DOMID(prev_dom, pdev), + DEVICE_PGTABLE(prev_dom, pdev), mode & MAP_WITH_RMRR) < 0; - } else ret = 1; @@ -1610,7 +1627,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; - paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; + paddr_t pgd_maddr = DEVICE_PGTABLE(domain, pdev); domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; @@ -1643,7 +1660,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; } - if ( domain != pdev->domain ) + if ( domain != pdev->domain && pdev->domain != dom_io ) { if ( pdev->domain->is_dying ) mode |= MAP_OWNER_DYING; @@ -1684,8 +1701,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "d%d:PCIe: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, + ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, + DEVICE_DOMID(domain, pdev), pgd_maddr, mode); if ( ret > 0 ) ret = 0; @@ -1709,8 +1726,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, - mode); + pdev, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret < 0 ) break; prev_present = ret; @@ -1738,8 +1755,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1754,8 +1771,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret ) { @@ -1905,7 +1922,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1916,7 +1933,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( ret ) break; @@ -1939,18 +1956,12 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + DEVICE_DOMID(domain, pdev)); /* PCIe to PCI/PCIx bridge */ - if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); - if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - domain->domain_id); - } - else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); + if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + DEVICE_DOMID(domain, pdev)); break; @@ -1993,6 +2004,25 @@ static void iommu_domain_teardown(struct domain *d) cleanup_domid_map(d->domain_id, drhd->iommu); } +static void quarantine_teardown(struct pci_dev *pdev, + const struct acpi_drhd_unit *drhd) +{ + struct page_info *pg; + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.vtd.pgd_maddr ) + return; + + while ( (pg = page_list_remove_head(&pdev->arch.pgtables_list)) ) + free_domheap_page(pg); + + pdev->arch.vtd.pgd_maddr = 0; + + if ( drhd ) + cleanup_domid_map(pdev->arch.pseudo_domid, drhd->iommu); +} + static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, unsigned int *flush_flags) @@ -2217,6 +2247,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + quarantine_teardown(pdev, drhd); + if ( drhd ) { iommu_free_domid(pdev->arch.pseudo_domid, @@ -2908,60 +2940,139 @@ static void vtd_dump_p2m_table(struct domain *d) vtd_dump_p2m_table_level(hd->arch.pgd_maddr, agaw_to_level(hd->arch.agaw), 0, 0); } -static int __init intel_iommu_quarantine_init(struct domain *d) +static int fill_qpt(struct dma_pte *this, unsigned int level, + paddr_t maddrs[6], struct pci_dev *pdev) { - struct domain_iommu *hd = dom_iommu(d); - struct dma_pte *parent; + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_NUM; ++i ) + { + struct dma_pte *pte = &this[i], *next; + + if ( !dma_pte_present(*pte) ) + { + if ( !maddrs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + maddrs[level] = alloc_pgtable_maddr(1, hd->node); + if ( !maddrs[level] ) + { + rc = -ENOMEM; + break; + } + + page_list_add(maddr_to_page(maddrs[level]), + &pdev->arch.pgtables_list); + + if ( level ) + { + next = map_vtd_domain_page(maddrs[level]); + rc = fill_qpt(next, level - 1, maddrs, pdev); + unmap_vtd_domain_page(next); + } + } + + dma_set_pte_addr(*pte, maddrs[level]); + dma_set_pte_readable(*pte); + dma_set_pte_writable(*pte); + } + else if ( level && !dma_pte_superpage(*pte) ) + { + page_list_add(maddr_to_page(dma_pte_addr(*pte)), + &pdev->arch.pgtables_list); + next = map_vtd_domain_page(dma_pte_addr(*pte)); + rc = fill_qpt(next, level - 1, maddrs, pdev); + unmap_vtd_domain_page(next); + } + } + + return rc; +} + +static int intel_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + paddr_t maddr; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); + const struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; + unsigned int i, bdf; + bool rmrr_found = false; + int rc; - if ( hd->arch.pgd_maddr ) + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.pgd_maddr); + + if ( pdev->arch.vtd.pgd_maddr ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + drhd = acpi_find_matched_drhd_unit(pdev); + if ( !drhd ) + return -ENODEV; - hd->arch.pgd_maddr = alloc_pgtable_maddr(1, hd->node); - if ( !hd->arch.pgd_maddr ) - goto out; + maddr = alloc_pgtable_maddr(1, hd->node); + if ( !maddr ) + return -ENOMEM; - parent = map_vtd_domain_page(hd->arch.pgd_maddr); - while ( level ) - { - uint64_t maddr; - unsigned int offset; + rc = context_set_domain_id(NULL, pdev->arch.pseudo_domid, drhd->iommu); - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - maddr = alloc_pgtable_maddr(1, hd->node); - if ( !maddr ) + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.pgd_maddr = maddr; + + for_each_rmrr_device ( rmrr, bdf, i ) + { + if ( rc ) break; - for ( offset = 0; offset < PTE_NUM; offset++ ) + if ( rmrr->segment == pdev->seg && bdf == pdev->sbdf.bdf ) { - struct dma_pte *pte = &parent[offset]; + rmrr_found = true; - dma_set_pte_addr(*pte, maddr); - dma_set_pte_readable(*pte); + rc = iommu_identity_mapping(dom_io, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); + if ( rc ) + printk(XENLOG_ERR VTDPREFIX + "%04x:%02x:%02x.%u: RMRR quarantine mapping failed\n", + pdev->seg, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); } - iommu_sync_cache(parent, PAGE_SIZE); + } - unmap_vtd_domain_page(parent); - parent = map_vtd_domain_page(maddr); - level--; + iommu_identity_map_teardown(dom_io); + hd->arch.pgd_maddr = 0; + pdev->arch.vtd.pgd_maddr = maddr; + + if ( !rc ) + { + struct dma_pte *root; + paddr_t maddrs[6] = {}; + + spin_lock(&hd->arch.mapping_lock); + + root = map_vtd_domain_page(maddr); + rc = fill_qpt(root, level - 1, maddrs, pdev); + unmap_vtd_domain_page(root); + + pdev->arch.leaf_mfn = maddr_to_mfn(maddrs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_vtd_domain_page(parent); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc ) + quarantine_teardown(pdev, drhd); - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + return rc; } const struct iommu_ops __initconstrel intel_iommu_ops = { diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index be44fc017f..c67adb9b41 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -509,7 +509,7 @@ struct vtd_iommu { u32 nr_pt_levels; u64 cap; u64 ecap; - spinlock_t lock; /* protect context, domain ids */ + spinlock_t lock; /* protect context */ spinlock_t register_lock; /* protect iommu register handling */ u64 root_maddr; /* root entry machine address */ nodeid_t node; diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index 70ed48e309..0c79acb1ed 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -1,6 +1,8 @@ #ifndef __X86_PCI_H__ #define __X86_PCI_H__ +#include + #define CF8_BDF(cf8) ( ((cf8) & 0x00ffff00) >> 8) #define CF8_ADDR_LO(cf8) ( (cf8) & 0x000000fc) #define CF8_ADDR_HI(cf8) ( ((cf8) & 0x0f000000) >> 16) @@ -20,7 +22,18 @@ struct arch_pci_dev { * them don't race (de)initialization and hence don't strictly need any * locking. */ + union { + /* Subset of struct arch_iommu's fields, to be used in dom_io. */ + struct { + uint64_t pgd_maddr; + } vtd; + struct { + struct page_info *root_table; + } amd; + }; domid_t pseudo_domid; + mfn_t leaf_mfn; + struct page_list_head pgtables_list; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 3272874958..a80910ad46 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -236,7 +236,7 @@ typedef int iommu_grdm_t(xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt); struct iommu_ops { int (*init)(struct domain *d); void (*hwdom_init)(struct domain *d); - int (*quarantine_init)(struct domain *d); + int (*quarantine_init)(device_t *dev); int (*add_device)(u8 devfn, device_t *dev); int (*enable_device)(device_t *dev); int (*remove_device)(u8 devfn, device_t *dev); @@ -356,6 +356,7 @@ int __must_check iommu_suspend(void); void iommu_resume(void); void iommu_crash_shutdown(void); int iommu_get_reserved_device_memory(iommu_grdm_t *, void *); +int iommu_quarantine_dev_init(device_t *dev); void iommu_share_p2m_table(struct domain *d); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:44:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:44:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300171.511786 (Exim 4.92) (envelope-from ) id 1ncDRb-0005jj-6R; Wed, 06 Apr 2022 21:44:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300171.511786; Wed, 06 Apr 2022 21:44:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDRb-0005jb-3a; Wed, 06 Apr 2022 21:44:03 +0000 Received: by outflank-mailman (input) for mailman id 300171; Wed, 06 Apr 2022 21:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDRa-0005jT-9u for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDRa-0005iX-8s for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDRa-0003ca-7x for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=F6kmAGCmZMNco/bFaLczSm782hxEYfBLvT0+8CnVQlE=; b=Ly++X7XXQArMUHIpsQJngmRMaG Duyx6nnv0YbDhThJcna9nQ7kDOkZDfA7JMmuDeu1o0BvWsw8hVzVEQFXn6AOVegVKfnegkkmgDnBe WgphuZDNrRsoshttmtpq/LmcNuCxSO86DghbUh+uI/Q3BAu9GkDqEblhrx/iCcMFTZio=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: grab common EFI source files in arch specific dir Message-Id: Date: Wed, 06 Apr 2022 21:44:02 +0000 commit 39341fba7cb292d16ae77f54aaff1af3538f9115 Author: Anthony PERARD AuthorDate: Tue Apr 5 11:33:29 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 11:33:29 2022 +0200 build: grab common EFI source files in arch specific dir Rather than preparing the efi source file, we will make the symbolic link as needed from the build location. The `ln` command is run every time to allow to update the link in case the source tree change location. This patch also introduce "efi-common.mk" which allow to reuse the common make instructions without having to duplicate them into each arch. And now that we have a list of common source file, we can start to remove the links to the source files on clean. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich Acked-by: Julien Grall --- xen/Makefile | 5 ----- xen/arch/arm/efi/Makefile | 4 ++-- xen/arch/x86/efi/Makefile | 5 +---- xen/common/efi/efi-common.mk | 15 +++++++++++++++ 4 files changed, 18 insertions(+), 11 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index ad9bfc2506..51d8c3b530 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -441,11 +441,6 @@ $(TARGET).gz: $(TARGET) $(TARGET): FORCE $(Q)$(MAKE) $(build)=tools $(Q)$(MAKE) $(build)=. include/xen/compile.h - [ -e arch/$(TARGET_ARCH)/efi ] && for f in $$(cd common/efi; echo *.[ch]); \ - do test -r arch/$(TARGET_ARCH)/efi/$$f || \ - ln -nsf ../../../common/efi/$$f arch/$(TARGET_ARCH)/efi/; \ - done; \ - true $(Q)$(MAKE) $(build)=include all $(Q)$(MAKE) $(build)=arch/$(TARGET_ARCH) include $(Q)$(MAKE) $(build)=. arch/$(TARGET_ARCH)/include/asm/asm-offsets.h diff --git a/xen/arch/arm/efi/Makefile b/xen/arch/arm/efi/Makefile index 1b1ed06fed..4313c39066 100644 --- a/xen/arch/arm/efi/Makefile +++ b/xen/arch/arm/efi/Makefile @@ -1,4 +1,4 @@ -CFLAGS-y += -fshort-wchar +include $(srctree)/common/efi/efi-common.mk -obj-y += boot.init.o pe.init.o ebmalloc.o runtime.o +obj-y += $(EFIOBJ-y) obj-$(CONFIG_ACPI) += efi-dom0.init.o diff --git a/xen/arch/x86/efi/Makefile b/xen/arch/x86/efi/Makefile index e08b4d8e48..034ec87895 100644 --- a/xen/arch/x86/efi/Makefile +++ b/xen/arch/x86/efi/Makefile @@ -1,4 +1,4 @@ -CFLAGS-y += -fshort-wchar +include $(srctree)/common/efi/efi-common.mk quiet_cmd_objcopy_o_ihex = OBJCOPY $@ cmd_objcopy_o_ihex = $(OBJCOPY) -I ihex -O binary $< $@ @@ -8,9 +8,6 @@ $(obj)/%.o: $(src)/%.ihex FORCE $(obj)/boot.init.o: $(obj)/buildid.o -EFIOBJ-y := boot.init.o pe.init.o ebmalloc.o runtime.o -EFIOBJ-$(CONFIG_COMPAT) += compat.o - $(call cc-option-add,cflags-stack-boundary,CC,-mpreferred-stack-boundary=4) $(addprefix $(obj)/,$(EFIOBJ-y)): CFLAGS_stack_boundary := $(cflags-stack-boundary) diff --git a/xen/common/efi/efi-common.mk b/xen/common/efi/efi-common.mk new file mode 100644 index 0000000000..960d44a6d5 --- /dev/null +++ b/xen/common/efi/efi-common.mk @@ -0,0 +1,15 @@ +EFIOBJ-y := boot.init.o pe.init.o ebmalloc.o runtime.o +EFIOBJ-$(CONFIG_COMPAT) += compat.o + +CFLAGS-y += -fshort-wchar +CFLAGS-y += -iquote $(srctree)/common/efi + +# Part of the command line transforms $(obj) +# e.g.: It transforms "dir/foo/bar" into successively +# "dir foo bar", ".. .. ..", "../../.." +$(obj)/%.c: $(srctree)/common/efi/%.c FORCE + $(Q)ln -nfs $(subst $(space),/,$(patsubst %,..,$(subst /, ,$(obj))))/common/efi/$( Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300172.511790 (Exim 4.92) (envelope-from ) id 1ncDRl-0005mF-7s; Wed, 06 Apr 2022 21:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300172.511790; Wed, 06 Apr 2022 21:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDRl-0005m5-50; Wed, 06 Apr 2022 21:44:13 +0000 Received: by outflank-mailman (input) for mailman id 300172; Wed, 06 Apr 2022 21:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDRk-0005lz-DB for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDRk-0005ii-CE for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDRk-0003dF-BN for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YCSvo/kVoQ6aP+kBtwuWc3k7Nh+28N84EfBdIFXjoYk=; b=AfZFh79NlVUgKlEzNpZKBtpCl7 Rfo1of2wsCMM5P9t+Ax7NCVLdJqbn5byuj6T0QKr9C4oAxE5+gBRha2ci9vG9CmH1uJqhCUgQL20T usS3fVTsWS9/9JrqQ5FraJrRs6TqtfTxmdPX0ZcS+rXyTlhgWroRTa5qt/Gj0TMgm15Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/APIC: calibrate against platform timer when possible Message-Id: Date: Wed, 06 Apr 2022 21:44:12 +0000 commit 3f3906b462d57613d45051940d9083d02f49d1d2 Author: Jan Beulich AuthorDate: Tue Apr 5 11:36:32 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 11:36:32 2022 +0200 x86/APIC: calibrate against platform timer when possible Use the original calibration against PIT only when the platform timer is PIT. This implicitly excludes the "xen_guest" case from using the PIT logic (init_pit() fails there, and as of 5e73b2594c54 ["x86/time: minor adjustments to init_pit()"] using_pit also isn't being set too early anymore), so the respective hack there can be dropped at the same time. This also reduces calibration time from 100ms to 50ms, albeit this step is being skipped as of 0731a56c7c72 ("x86/APIC: no need for timer calibration when using TDT") anyway. While re-indenting the PIT logic in calibrate_APIC_clock(), besides adjusting style also switch around the 2nd TSC/TMCCT read pair, to match the order of the 1st one, yielding more consistent deltas. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/apic.c | 72 ++++++++++++++++++++--------------------- xen/arch/x86/include/asm/apic.h | 3 ++ xen/arch/x86/time.c | 65 +++++++++++++++++++++++++++++++++++++ 3 files changed, 103 insertions(+), 37 deletions(-) diff --git a/xen/arch/x86/apic.c b/xen/arch/x86/apic.c index 96d73a7449..2f1403f00c 100644 --- a/xen/arch/x86/apic.c +++ b/xen/arch/x86/apic.c @@ -1183,18 +1183,20 @@ static void __init check_deadline_errata(void) "please update microcode to version %#x (or later)\n", rev); } -static void __init wait_tick_pvh(void) +uint32_t __init apic_tmcct_read(void) { - u64 lapse_ns = 1000000000ULL / HZ; - s_time_t start, curr_time; - - start = NOW(); + if ( x2apic_enabled ) + { + /* + * Have a barrier here just like in rdtsc_ordered() as it's + * unclear whether this non-serializing RDMSR also can be + * executed speculatively (like RDTSC can). + */ + alternative("lfence", "mfence", X86_FEATURE_MFENCE_RDTSC); + return apic_rdmsr(APIC_TMCCT); + } - /* Won't wrap around */ - do { - cpu_relax(); - curr_time = NOW(); - } while ( curr_time - start < lapse_ns ); + return apic_mem_read(APIC_TMCCT); } /* @@ -1212,9 +1214,6 @@ static void __init wait_tick_pvh(void) static void __init calibrate_APIC_clock(void) { - unsigned long long t1, t2; - unsigned long tt1, tt2; - unsigned int i; unsigned long bus_freq; /* KAF: pointer-size avoids compile warns. */ unsigned int bus_cycle; /* length of one bus cycle in pico-seconds */ #define LOOPS_FRAC 10U /* measure for one tenth of a second */ @@ -1227,39 +1226,38 @@ static void __init calibrate_APIC_clock(void) */ __setup_APIC_LVTT(0xffffffff); - if ( !xen_guest ) + bus_freq = calibrate_apic_timer(); + if ( !bus_freq ) + { + unsigned int i, tt1, tt2; + unsigned long t1, t2; + + ASSERT(!xen_guest); + /* - * The timer chip counts down to zero. Let's wait - * for a wraparound to start exact measurement: - * (the current tick might have been already half done) + * The timer chip counts down to zero. Let's wait for a wraparound to + * start exact measurement (the current tick might have been already + * half done): */ wait_8254_wraparound(); - else - wait_tick_pvh(); - /* - * We wrapped around just now. Let's start: - */ - t1 = rdtsc_ordered(); - tt1 = apic_read(APIC_TMCCT); + /* We wrapped around just now. Let's start: */ + t1 = rdtsc_ordered(); + tt1 = apic_read(APIC_TMCCT); - /* - * Let's wait HZ / LOOPS_FRAC ticks: - */ - for (i = 0; i < HZ / LOOPS_FRAC; i++) - if ( !xen_guest ) + /* Let's wait HZ / LOOPS_FRAC ticks: */ + for ( i = 0; i < HZ / LOOPS_FRAC; ++i ) wait_8254_wraparound(); - else - wait_tick_pvh(); - tt2 = apic_read(APIC_TMCCT); - t2 = rdtsc_ordered(); + t2 = rdtsc_ordered(); + tt2 = apic_read(APIC_TMCCT); - bus_freq = (tt1 - tt2) * APIC_DIVISOR * LOOPS_FRAC; + bus_freq = (tt1 - tt2) * APIC_DIVISOR * LOOPS_FRAC; - apic_printk(APIC_VERBOSE, "..... CPU clock speed is %lu.%04lu MHz.\n", - ((unsigned long)(t2 - t1) * LOOPS_FRAC) / 1000000, - (((unsigned long)(t2 - t1) * LOOPS_FRAC) / 100) % 10000); + apic_printk(APIC_VERBOSE, "..... CPU clock speed is %lu.%04lu MHz.\n", + ((t2 - t1) * LOOPS_FRAC) / 1000000, + (((t2 - t1) * LOOPS_FRAC) / 100) % 10000); + } apic_printk(APIC_VERBOSE, "..... host bus clock speed is %ld.%04ld MHz.\n", bus_freq / 1000000, (bus_freq / 100) % 10000); diff --git a/xen/arch/x86/include/asm/apic.h b/xen/arch/x86/include/asm/apic.h index 2fe54bbf1c..7625c0ecd6 100644 --- a/xen/arch/x86/include/asm/apic.h +++ b/xen/arch/x86/include/asm/apic.h @@ -192,6 +192,9 @@ extern void record_boot_APIC_mode(void); extern enum apic_mode current_local_apic_mode(void); extern void check_for_unexpected_msi(unsigned int vector); +uint64_t calibrate_apic_timer(void); +uint32_t apic_tmcct_read(void); + extern void check_nmi_watchdog(void); extern unsigned int nmi_watchdog; diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index c549daadcc..90fbd23cc0 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -1018,6 +1019,70 @@ static u64 __init init_platform_timer(void) return rc; } +static uint64_t __init read_pt_and_tmcct(uint32_t *tmcct) +{ + uint32_t tmcct_prev = *tmcct = apic_tmcct_read(), tmcct_min = ~0; + uint64_t best = best; + unsigned int i; + + for ( i = 0; ; ++i ) + { + uint64_t pt = plt_src.read_counter(); + uint32_t tmcct_cur = apic_tmcct_read(); + uint32_t tmcct_delta = tmcct_prev - tmcct_cur; + + if ( tmcct_delta < tmcct_min ) + { + tmcct_min = tmcct_delta; + *tmcct = tmcct_cur; + best = pt; + } + else if ( i > 2 ) + break; + + tmcct_prev = tmcct_cur; + } + + return best; +} + +uint64_t __init calibrate_apic_timer(void) +{ + uint32_t start, end; + uint64_t count = read_pt_and_tmcct(&start), elapsed; + uint64_t target = CALIBRATE_VALUE(plt_src.frequency), actual; + uint64_t mask = (uint64_t)~0 >> (64 - plt_src.counter_bits); + + /* + * PIT cannot be used here as it requires the timer interrupt to maintain + * its 32-bit software counter, yet here we run with IRQs disabled. + */ + if ( using_pit ) + return 0; + + while ( ((plt_src.read_counter() - count) & mask) < target ) + continue; + + actual = (read_pt_and_tmcct(&end) - count) & mask; + elapsed = start - end; + + if ( likely(actual > target) ) + { + /* + * See the comment in calibrate_tsc(). But first scale down values + * to actually fit muldiv64()'s input range. + */ + while ( unlikely(actual > (uint32_t)actual) ) + { + actual >>= 1; + target >>= 1; + } + elapsed = muldiv64(elapsed, target, actual); + } + + return elapsed * CALIBRATE_FRAC; +} + u64 stime2tsc(s_time_t stime) { struct cpu_time *t; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:44:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:44:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300173.511794 (Exim 4.92) (envelope-from ) id 1ncDRv-0005pj-9g; Wed, 06 Apr 2022 21:44:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300173.511794; Wed, 06 Apr 2022 21:44:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDRv-0005pZ-6W; Wed, 06 Apr 2022 21:44:23 +0000 Received: by outflank-mailman (input) for mailman id 300173; Wed, 06 Apr 2022 21:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDRu-0005pH-GN for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDRu-0005iu-FV for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDRu-0003dq-Ee for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=W0Xs0wokaO14uK0lV0oQ2fudtHxKOGqwU8Hz648cHEM=; b=Oy2ZVLsXP+vpFxT8lULMsl+5qC 7+k+58Tflk/SnAC6ZwgplmnEXSvnLN4v6t8JlgVQVfFxiwr6QoioNRa0OOx5bCWEk2xueCdWU9jP9 OiH50HGy66wzShWWSbirABP3C8NB3LebZERXK4Y5LJz3KKGlU1cyMTR3RzY2/NyGAo70=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/APIC: make connections between seemingly arbitrary numbers Message-Id: Date: Wed, 06 Apr 2022 21:44:22 +0000 commit 5c04f6b4878ef92356f67fc3a192c6375ef28ec8 Author: Jan Beulich AuthorDate: Tue Apr 5 11:38:04 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 11:38:04 2022 +0200 x86/APIC: make connections between seemingly arbitrary numbers Making adjustments to arbitrarily chosen values shouldn't require auditing the code for possible derived numbers - such a change should be doable in a single place, having an effect on all code depending on that choice. For one make the TDCR write actually use APIC_DIVISOR. With the necessary mask constant introduced, also use that in vLAPIC code. While introducing the constant, drop APIC_TDR_DIV_TMBASE: The bit has been undefined in halfway recent SDM and PM versions. And then introduce a constant tying together the scale used when converting nanoseconds to bus clocks. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/apic.c | 13 ++++++++----- xen/arch/x86/hvm/vlapic.c | 6 +++--- xen/arch/x86/include/asm/apicdef.h | 2 +- xen/include/xen/lib.h | 4 ++++ 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/apic.c b/xen/arch/x86/apic.c index 2f1403f00c..47e6e5fe41 100644 --- a/xen/arch/x86/apic.c +++ b/xen/arch/x86/apic.c @@ -1078,8 +1078,8 @@ static void __setup_APIC_LVTT(unsigned int clocks) lvtt_value = APIC_TIMER_MODE_ONESHOT | LOCAL_TIMER_VECTOR; apic_write(APIC_LVTT, lvtt_value); - tmp_value = apic_read(APIC_TDCR); - apic_write(APIC_TDCR, tmp_value | APIC_TDR_DIV_1); + tmp_value = apic_read(APIC_TDCR) & ~APIC_TDR_DIV_MASK; + apic_write(APIC_TDCR, tmp_value | PASTE(APIC_TDR_DIV_, APIC_DIVISOR)); apic_write(APIC_TMICT, clocks / APIC_DIVISOR); } @@ -1212,6 +1212,8 @@ uint32_t __init apic_tmcct_read(void) * APIC irq that way. */ +#define BUS_SCALE_SHIFT 18 + static void __init calibrate_APIC_clock(void) { unsigned long bus_freq; /* KAF: pointer-size avoids compile warns. */ @@ -1265,8 +1267,8 @@ static void __init calibrate_APIC_clock(void) /* set up multipliers for accurate timer code */ bus_cycle = 1000000000000UL / bus_freq; /* in pico seconds */ bus_cycle += (1000000000000UL % bus_freq) * 2 > bus_freq; - bus_scale = (1000*262144)/bus_cycle; - bus_scale += ((1000 * 262144) % bus_cycle) * 2 > bus_cycle; + bus_scale = (1000 << BUS_SCALE_SHIFT) / bus_cycle; + bus_scale += ((1000 << BUS_SCALE_SHIFT) % bus_cycle) * 2 > bus_cycle; apic_printk(APIC_VERBOSE, "..... bus_scale = %#x\n", bus_scale); /* reset APIC to zero timeout value */ @@ -1353,7 +1355,8 @@ int reprogram_timer(s_time_t timeout) } if ( timeout && ((expire = timeout - NOW()) > 0) ) - apic_tmict = min_t(u64, (bus_scale * expire) >> 18, UINT_MAX); + apic_tmict = min_t(uint64_t, (bus_scale * expire) >> BUS_SCALE_SHIFT, + UINT32_MAX); apic_write(APIC_TMICT, (unsigned long)apic_tmict); diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c index 49be9c8ea4..257d3b6851 100644 --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c @@ -580,7 +580,7 @@ static uint32_t vlapic_get_tmcct(const struct vlapic *vlapic) static void vlapic_set_tdcr(struct vlapic *vlapic, unsigned int val) { /* Only bits 0, 1 and 3 are settable; others are MBZ. */ - val &= 0xb; + val &= APIC_TDR_DIV_MASK; vlapic_set_reg(vlapic, APIC_TDCR, val); /* Update the demangled hw.timer_divisor. */ @@ -888,7 +888,7 @@ void vlapic_reg_write(struct vcpu *v, unsigned int reg, uint32_t val) { uint32_t current_divisor = vlapic->hw.timer_divisor; - vlapic_set_tdcr(vlapic, val & 0xb); + vlapic_set_tdcr(vlapic, val); vlapic_update_timer(vlapic, vlapic_get_reg(vlapic, APIC_LVTT), false, current_divisor); @@ -1020,7 +1020,7 @@ int guest_wrmsr_x2apic(struct vcpu *v, uint32_t msr, uint64_t msr_content) break; case APIC_TDCR: - if ( msr_content & ~APIC_TDR_DIV_1 ) + if ( msr_content & ~APIC_TDR_DIV_MASK ) return X86EMUL_EXCEPTION; break; diff --git a/xen/arch/x86/include/asm/apicdef.h b/xen/arch/x86/include/asm/apicdef.h index 0633da9fe1..2440d83c8d 100644 --- a/xen/arch/x86/include/asm/apicdef.h +++ b/xen/arch/x86/include/asm/apicdef.h @@ -106,7 +106,7 @@ #define APIC_TMICT 0x380 #define APIC_TMCCT 0x390 #define APIC_TDCR 0x3E0 -#define APIC_TDR_DIV_TMBASE (1<<2) +#define APIC_TDR_DIV_MASK 0xB #define APIC_TDR_DIV_1 0xB #define APIC_TDR_DIV_2 0x0 #define APIC_TDR_DIV_4 0x1 diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index bf6470a2e7..b9b24a0436 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -13,6 +13,10 @@ #define count_args(args...) \ count_args_(., ## args, 8, 7, 6, 5, 4, 3, 2, 1, 0) +/* Indirect macros required for expanded argument pasting. */ +#define PASTE_(a, b) a ## b +#define PASTE(a, b) PASTE_(a, b) + #ifndef __ASSEMBLY__ #include -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:44:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:44:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300174.511798 (Exim 4.92) (envelope-from ) id 1ncDS5-0005tK-Ax; Wed, 06 Apr 2022 21:44:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300174.511798; Wed, 06 Apr 2022 21:44:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDS5-0005tC-81; Wed, 06 Apr 2022 21:44:33 +0000 Received: by outflank-mailman (input) for mailman id 300174; Wed, 06 Apr 2022 21:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDS4-0005t5-JF for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDS4-0005jW-IR for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDS4-0003eO-Hq for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JFaZR378Q1uWPgA7c3WgTtQw6wufKI+wxOSlbOKr3eU=; b=yh9SDmUGKkLw1Y6obu1adAM+sq JUWMMhbB3Q+O9aZcrZXNsf8SAzTwt6QSTKszEjfWZw+eX2e37jjaCr0NHqEfGX5mlahq/wHNkYjs6 4k9E0LaiW9wIHFgYUsB/1Tkk4edIk+C6+wnt8RG7SdRz6vbozlpZp+mHno2oJ/LrRBdg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] include: move STR() and IS_ALIGNED() Message-Id: Date: Wed, 06 Apr 2022 21:44:32 +0000 commit 472839e61c7c2a8a5d8221834761de85e745ae33 Author: Jan Beulich AuthorDate: Tue Apr 5 11:39:12 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 11:39:12 2022 +0200 include: move STR() and IS_ALIGNED() lib.h is imo a better fit for them than config.h. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall Reviewed-by: Roger Pau MonnĂ© --- xen/arch/arm/xen.lds.S | 1 + xen/arch/x86/xen.lds.S | 1 + xen/include/xen/config.h | 5 ----- xen/include/xen/lib.h | 5 +++++ 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S index 7921d8fa28..ad7f966f0e 100644 --- a/xen/arch/arm/xen.lds.S +++ b/xen/arch/arm/xen.lds.S @@ -3,6 +3,7 @@ /* Modified for ARM Xen by Ian Campbell */ #include +#include #include #undef ENTRY #undef ALIGN diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 3f9f633f55..6926e88e54 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -2,6 +2,7 @@ /* Modified for i386/x86-64 Xen by Keir Fraser */ #include +#include #include #undef ENTRY #undef ALIGN diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h index b76222ecf6..85c6f59be9 100644 --- a/xen/include/xen/config.h +++ b/xen/include/xen/config.h @@ -82,11 +82,6 @@ #define MB(_mb) (_AC(_mb, ULL) << 20) #define GB(_gb) (_AC(_gb, ULL) << 30) -#define IS_ALIGNED(val, align) (((val) & ((align) - 1)) == 0) - -#define __STR(...) #__VA_ARGS__ -#define STR(...) __STR(__VA_ARGS__) - /* allow existing code to work with Kconfig variable */ #define NR_CPUS CONFIG_NR_CPUS diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index b9b24a0436..aab1fc7c4a 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -3,6 +3,8 @@ #define ROUNDUP(x, a) (((x) + (a) - 1) & ~((a) - 1)) +#define IS_ALIGNED(val, align) (!((val) & ((align) - 1))) + #define DIV_ROUND(n, d) (((n) + (d) / 2) / (d)) #define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) @@ -17,6 +19,9 @@ #define PASTE_(a, b) a ## b #define PASTE(a, b) PASTE_(a, b) +#define __STR(...) #__VA_ARGS__ +#define STR(...) __STR(__VA_ARGS__) + #ifndef __ASSEMBLY__ #include -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:44:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:44:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300175.511802 (Exim 4.92) (envelope-from ) id 1ncDSF-0005wK-CH; Wed, 06 Apr 2022 21:44:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300175.511802; Wed, 06 Apr 2022 21:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSF-0005wC-9V; Wed, 06 Apr 2022 21:44:43 +0000 Received: by outflank-mailman (input) for mailman id 300175; Wed, 06 Apr 2022 21:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSE-0005w0-N0 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSE-0005jq-MI for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDSE-0003fD-LM for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IvcAx/TCMzjp7phqpue38HyBS2jyZgzOaNmVKBZfZ+k=; b=ezGdP+FoTYQdK/rMhF2eDACfOs 0oJFyUYmQD1j663vW0ZcqFucjWjUy+zda5PCtmJdNz+kI0LyYUp+mRc6GL+2+kjZ53GGq+yRsXIoB A66pVJ0lbuqR+SpGBa8ISSf9TWtY/J7q+NIQ/lJHE2a2HDxyez59edSyAaqwgrPq+HwM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/time: use fake read_tsc() Message-Id: Date: Wed, 06 Apr 2022 21:44:42 +0000 commit 120e26c2bb0097a589d718b1b58d7052ccce4458 Author: Jan Beulich AuthorDate: Tue Apr 5 11:40:58 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 11:40:58 2022 +0200 x86/time: use fake read_tsc() Go a step further than bed9ae54df44 ("x86/time: switch platform timer hooks to altcall") did and eliminate the "real" read_tsc() altogether: It's not used except in pointer comparisons, and hence it looks overall more safe to simply poison plt_tsc's read_counter hook. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/time.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index 90fbd23cc0..b01acd390d 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -607,16 +607,18 @@ static s64 __init cf_check init_tsc(struct platform_timesource *pts) return ret; } -static uint64_t __init cf_check read_tsc(void) -{ - return rdtsc_ordered(); -} +/* + * plt_tsc's read_counter hook is not (and should not be) invoked via the + * struct field. To avoid carrying an unused, indirectly reachable function, + * poison the field with an easily identifiable non-canonical pointer. + */ +#define READ_TSC_POISON ((uint64_t(*)(void))0x75C75C75C75C75C0ul) static struct platform_timesource __initdata_cf_clobber plt_tsc = { .id = "tsc", .name = "TSC", - .read_counter = read_tsc, + .read_counter = READ_TSC_POISON, /* * Calculations for platform timer overflow assume u64 boundary. * Hence we set to less than 64, such that the TSC wraparound is @@ -846,7 +848,7 @@ static uint64_t read_counter(void) * hence we can't invoke read_tsc() that way. Special case it here, open- * coding the function call at the same time. */ - return plt_src.read_counter != read_tsc + return plt_src.read_counter != READ_TSC_POISON ? alternative_call(plt_src.read_counter) : rdtsc_ordered(); } @@ -2510,7 +2512,7 @@ uint64_t pv_soft_rdtsc(const struct vcpu *v, const struct cpu_user_regs *regs) bool clocksource_is_tsc(void) { - return plt_src.read_counter == read_tsc; + return plt_src.read_counter == READ_TSC_POISON; } int host_tsc_is_safe(void) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:44:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:44:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300177.511806 (Exim 4.92) (envelope-from ) id 1ncDSP-0005za-FG; Wed, 06 Apr 2022 21:44:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300177.511806; Wed, 06 Apr 2022 21:44:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSP-0005zS-CC; Wed, 06 Apr 2022 21:44:53 +0000 Received: by outflank-mailman (input) for mailman id 300177; Wed, 06 Apr 2022 21:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSO-0005zI-QO for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSO-0005k3-Pb for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDSO-0003fo-Oq for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:44:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=i/PIkdkYc0EuvxhP782etC4HDzLOyEhpFY0pKuRzR7E=; b=IiWjRAIm3pCygsK3W8ItrdSP2M idfKqau6cDg4BrOfPI6p1vemp1pgysQb5d7BIdjiyoTFXLwRCfKx5NnuipRjx2ouhKENdZMvWWCON CtQ/ecr8GoEibKmcwldq7OQrKCJuY40nOC7a987pqqIA1GR3ir5TCmZxJMsbU2tM50Bo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/hap: do not switch on log dirty for VRAM tracking Message-Id: Date: Wed, 06 Apr 2022 21:44:52 +0000 commit 4f4db53784d912c4f409a451c36ebfd4754e0a42 Author: Roger Pau Monne AuthorDate: Wed Feb 23 09:40:40 2022 +0100 Commit: Jan Beulich CommitDate: Tue Apr 5 14:11:30 2022 +0200 x86/hap: do not switch on log dirty for VRAM tracking XEN_DMOP_track_dirty_vram possibly calls into paging_log_dirty_enable when using HAP mode, and it can interact badly with other ongoing paging domctls, as XEN_DMOP_track_dirty_vram is not holding the domctl lock. This was detected as a result of the following assert triggering when doing repeated migrations of a HAP HVM domain with a stubdom: Assertion 'd->arch.paging.log_dirty.allocs == 0' failed at paging.c:198 ----[ Xen-4.17-unstable x86_64 debug=y Not tainted ]---- CPU: 34 RIP: e008:[] arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x6 RFLAGS: 0000000000010206 CONTEXT: hypervisor (d0v23) [...] Xen call trace: [] R arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x63a [] S xsm/flask/hooks.c#domain_has_perm+0x5a/0x67 [] F paging_domctl+0x251/0xd41 [] F paging_domctl_continuation+0x19d/0x202 [] F pv_hypercall+0x150/0x2a7 [] F lstar_enter+0x12d/0x140 Such assert triggered because the stubdom used XEN_DMOP_track_dirty_vram while dom0 was in the middle of executing XEN_DOMCTL_SHADOW_OP_OFF, and so log dirty become enabled while retiring the old structures, thus leading to new entries being populated in already clear slots. Fix this by not enabling log dirty for VRAM tracking, similar to what is done when using shadow instead of HAP. Call p2m_enable_hardware_log_dirty when enabling VRAM tracking in order to get some hardware assistance if available. As a side effect the memory pressure on the p2m pool should go down if only VRAM tracking is enabled, as the dirty bitmap is no longer allocated. Note that paging_log_dirty_range (used to get the dirty bitmap for VRAM tracking) doesn't use the log dirty bitmap, and instead relies on checking whether each gfn on the range has been switched from p2m_ram_logdirty to p2m_ram_rw in order to account for dirty pages. This is CVE-2022-26356 / XSA-397. Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/paging.h | 3 --- xen/arch/x86/mm/hap/hap.c | 11 ++++------- xen/arch/x86/mm/paging.c | 2 +- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/include/asm/paging.h b/xen/arch/x86/include/asm/paging.h index f0b4efc66e..b7ecfd4721 100644 --- a/xen/arch/x86/include/asm/paging.h +++ b/xen/arch/x86/include/asm/paging.h @@ -160,9 +160,6 @@ void paging_log_dirty_range(struct domain *d, unsigned long nr, uint8_t *dirty_bitmap); -/* enable log dirty */ -int paging_log_dirty_enable(struct domain *d, bool log_global); - /* log dirty initialization */ void paging_log_dirty_init(struct domain *d, const struct log_dirty_ops *ops); diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index c19e337d65..79929774e8 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -69,13 +69,6 @@ int hap_track_dirty_vram(struct domain *d, { unsigned int size = DIV_ROUND_UP(nr_frames, BITS_PER_BYTE); - if ( !paging_mode_log_dirty(d) ) - { - rc = paging_log_dirty_enable(d, false); - if ( rc ) - goto out; - } - rc = -ENOMEM; dirty_bitmap = vzalloc(size); if ( !dirty_bitmap ) @@ -107,6 +100,10 @@ int hap_track_dirty_vram(struct domain *d, paging_unlock(d); + domain_pause(d); + p2m_enable_hardware_log_dirty(d); + domain_unpause(d); + if ( oend > ostart ) p2m_change_type_range(d, ostart, oend, p2m_ram_logdirty, p2m_ram_rw); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index 1f0b94ad21..b7e2750817 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -212,7 +212,7 @@ static int paging_free_log_dirty_bitmap(struct domain *d, int rc) return rc; } -int paging_log_dirty_enable(struct domain *d, bool log_global) +static int paging_log_dirty_enable(struct domain *d, bool log_global) { int ret; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:45:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:45:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300178.511811 (Exim 4.92) (envelope-from ) id 1ncDSa-00063B-HR; Wed, 06 Apr 2022 21:45:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300178.511811; Wed, 06 Apr 2022 21:45:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSa-000631-Dn; Wed, 06 Apr 2022 21:45:04 +0000 Received: by outflank-mailman (input) for mailman id 300178; Wed, 06 Apr 2022 21:45:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSY-00062n-TU for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSY-0005kd-Sg for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDSY-0003gc-Rv for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AT7oMQJsr3eqRd0nZ4uEMvme2PZxlQTK0c38c2fPwZg=; b=ynWue8ijF0lEI3ZbD0y6eb2xiU mtH7twdzqlQWODop2lmmI/BezZ3RXOiubnctAZlYn/W8/bJ82a57RhB0aKejAzRWUufuLlIHhXlju vDXXyK5iRmXDMvketTemUiuw6SMOyPTGb8DsRc2/ippB2bS5vHnKCbVukETN4qNKbGAg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: correct ordering of operations in cleanup_domid_map() Message-Id: Date: Wed, 06 Apr 2022 21:45:02 +0000 commit d9eca7bb6c6636eb87bb17b08ba7de270f47ecd0 Author: Jan Beulich AuthorDate: Tue Apr 5 14:12:27 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:12:27 2022 +0200 VT-d: correct ordering of operations in cleanup_domid_map() The function may be called without any locks held (leaving aside the domctl one, which we surely don't want to depend on here), so needs to play safe wrt other accesses to domid_map[] and domid_bitmap[]. This is to avoid context_set_domain_id()'s writing of domid_map[] to be reset to zero right away in the case of it racing the freeing of a DID. For the interaction with context_set_domain_id() and did_to_domain_id() see the code comment. {check_,}cleanup_domid_map() are called with pcidevs_lock held or during domain cleanup only (and pcidevs_lock is also held around context_set_domain_id()), i.e. racing calls with the same (dom, iommu) tuple cannot occur. domain_iommu_domid(), besides its use by cleanup_domid_map(), has its result used only to control flushing, and hence a stale result would only lead to a stray extra flush. This is CVE-2022-26357 / XSA-399. Fixes: b9c20c78789f ("VT-d: per-iommu domain-id") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/vtd/iommu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 82b485e7d4..c466eef56e 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -175,8 +175,14 @@ static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) if ( iommu_domid >= 0 ) { + /* + * Update domid_map[] /before/ domid_bitmap[] to avoid a race with + * context_set_domain_id(), setting the slot to DOMID_INVALID for + * did_to_domain_id() to return a suitable value while the bit is + * still set. + */ + iommu->domid_map[iommu_domid] = DOMID_INVALID; clear_bit(iommu_domid, iommu->domid_bitmap); - iommu->domid_map[iommu_domid] = 0; } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:45:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:45:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300179.511814 (Exim 4.92) (envelope-from ) id 1ncDSk-00066G-I9; Wed, 06 Apr 2022 21:45:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300179.511814; Wed, 06 Apr 2022 21:45:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSk-000668-FC; Wed, 06 Apr 2022 21:45:14 +0000 Received: by outflank-mailman (input) for mailman id 300179; Wed, 06 Apr 2022 21:45:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSj-00065m-0O for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSi-0005kr-Vq for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDSi-0003h3-V1 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UV4n5DRNwux50IbITxSdlHM7MDrGlwryLzcWo80x/5Q=; b=aUlIN7XlCN21Nuj19Fs5zs5u3m 8NtA40z38cFmk0FY1oqqAzER2gaIidxcIac3wjH8U4AWpOuyC1hISxvA3VFKmacKia1IvolmG/vQ4 MSzLbvl4TILlGC3yPr7aavg2lSc3Qnp07ciCVt9ic7g783MmoKAeZCeoSPL/d5O5TYqQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: fix (de)assign ordering when RMRRs are in use Message-Id: Date: Wed, 06 Apr 2022 21:45:12 +0000 commit 78a40f8b5dfa1a3aec43528663f39473d4429101 Author: Jan Beulich AuthorDate: Tue Apr 5 14:15:33 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:15:33 2022 +0200 VT-d: fix (de)assign ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully updated. Also adjust a related log message. This is CVE-2022-26358 / part of XSA-400. Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 56 ++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index c466eef56e..752024ee10 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2409,6 +2409,10 @@ static int cf_check reassign_device_ownership( { int ret; + ret = domain_context_unmap(source, devfn, pdev); + if ( ret ) + return ret; + /* * If the device belongs to the hardware domain, and it has RMRR, don't * remove it from the hardware domain, because BIOS may use RMRR at @@ -2437,10 +2441,6 @@ static int cf_check reassign_device_ownership( } } - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; - if ( devfn == pdev->devfn && pdev->domain != dom_io ) { list_move(&pdev->domain_list, &dom_io->pdev_list); @@ -2525,9 +2525,8 @@ static int cf_check intel_iommu_assign_device( } } - ret = reassign_device_ownership(s, d, devfn, pdev); - if ( ret || d == dom_io ) - return ret; + if ( d == dom_io ) + return reassign_device_ownership(s, d, devfn, pdev); /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) @@ -2540,20 +2539,37 @@ static int cf_check intel_iommu_assign_device( rmrr->end_address, flag); if ( ret ) { - int rc; - - rc = reassign_device_ownership(d, s, devfn, pdev); printk(XENLOG_G_ERR VTDPREFIX - " cannot map reserved region (%"PRIx64",%"PRIx64"] for Dom%d (%d)\n", - rmrr->base_address, rmrr->end_address, - d->domain_id, ret); - if ( rc ) - { - printk(XENLOG_ERR VTDPREFIX - " failed to reclaim %pp from %pd (%d)\n", - &PCI_SBDF3(seg, bus, devfn), d, rc); - domain_crash(d); - } + "%pd: cannot map reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, ret); + break; + } + } + } + + if ( !ret ) + ret = reassign_device_ownership(s, d, devfn, pdev); + + /* See reassign_device_ownership() for the hwdom aspect. */ + if ( !ret || is_hardware_domain(d) ) + return ret; + + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment == seg && + PCI_BUS(bdf) == bus && + PCI_DEVFN2(bdf) == devfn ) + { + int rc = iommu_identity_mapping(d, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); + + if ( rc && rc != -ENOENT ) + { + printk(XENLOG_ERR VTDPREFIX + "%pd: cannot unmap reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, rc); + domain_crash(d); break; } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:45:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:45:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300180.511818 (Exim 4.92) (envelope-from ) id 1ncDSu-000690-Jk; Wed, 06 Apr 2022 21:45:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300180.511818; Wed, 06 Apr 2022 21:45:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSu-00068s-Gc; Wed, 06 Apr 2022 21:45:24 +0000 Received: by outflank-mailman (input) for mailman id 300180; Wed, 06 Apr 2022 21:45:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSt-00068b-3D for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDSt-0005l6-2R for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDSt-0003he-1r for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FiBDLgIj7lwSdWysP8H6r4iddU0slhn30Zq/4SF4/FQ=; b=E7X/ZTEwsBqkxOoq/PTyZs60jM fRLz8dzLb+5IbOmB0Xs9SPYTvEehFaeO/kSGp9mbBChnX7qDcx2KHlUrJcJfoPlypOq/zoGBIRFcr Y5NYqa1Ky/Mg4TABuFA/kByAGuAZOXacEMya0IjS3nkBDM0YclbFOu5srKCDKMxTxPzI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: fix add/remove ordering when RMRRs are in use Message-Id: Date: Wed, 06 Apr 2022 21:45:23 +0000 commit 3221f270cf2eba0a22fd4f92319d664eacb92889 Author: Jan Beulich AuthorDate: Tue Apr 5 14:16:10 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:16:10 2022 +0200 VT-d: fix add/remove ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully cleared. Also switch to %pd in related log messages. Fixes: fa88cfadf918 ("vt-d: Map RMRR in intel_iommu_add_device() if the device has RMRR") Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 752024ee10..06ba21aad8 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1992,14 +1992,6 @@ static int cf_check intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - ret = domain_context_mapping(pdev->domain, devfn, pdev); - if ( ret ) - { - dprintk(XENLOG_ERR VTDPREFIX, "d%d: context mapping failed\n", - pdev->domain->domain_id); - return ret; - } - for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment == pdev->seg && @@ -2016,12 +2008,17 @@ static int cf_check intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) rmrr->base_address, rmrr->end_address, 0); if ( ret ) - dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", - pdev->domain->domain_id); + dprintk(XENLOG_ERR VTDPREFIX, "%pd: RMRR mapping failed\n", + pdev->domain); } } - return 0; + ret = domain_context_mapping(pdev->domain, devfn, pdev); + if ( ret ) + dprintk(XENLOG_ERR VTDPREFIX, "%pd: context mapping failed\n", + pdev->domain); + + return ret; } static int cf_check intel_iommu_enable_device(struct pci_dev *pdev) @@ -2043,11 +2040,15 @@ static int cf_check intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; - int i; + int ret, i; if ( !pdev->domain ) return -EINVAL; + ret = domain_context_unmap(pdev->domain, devfn, pdev); + if ( ret ) + return ret; + for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment != pdev->seg || @@ -2063,7 +2064,7 @@ static int cf_check intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } - return domain_context_unmap(pdev->domain, devfn, pdev); + return 0; } static int __hwdom_init cf_check setup_hwdom_device( -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:45:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:45:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300181.511822 (Exim 4.92) (envelope-from ) id 1ncDT4-0006Bx-LJ; Wed, 06 Apr 2022 21:45:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300181.511822; Wed, 06 Apr 2022 21:45:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDT4-0006Bp-I8; Wed, 06 Apr 2022 21:45:34 +0000 Received: by outflank-mailman (input) for mailman id 300181; Wed, 06 Apr 2022 21:45:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDT3-0006BV-6D for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDT3-0005lR-5R for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDT3-0003iS-4t for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Y/9I8m+fJU2UiYNYiI0OwiMh/M5PHj1UYzaqlI35ZpQ=; b=Fd5Pjeg4P6mIKQTadHtxgQnpcn sA/gYuBjTX731IGrjwbkqqA+VOMm/oQeyGWkxMORT7mLMuNckcB/LCgIBUB1UMDrJ1NXqNREiswEU 9zGu1k+g0Ye/J+RP0eI/ok88xju5FTab53HzyeH2TvhHH168Y+KAz1K0PwmXbswWwTok=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter Message-Id: Date: Wed, 06 Apr 2022 21:45:33 +0000 commit eba09b9dd78f9e8cbaa78ef0edb301b32def2c7a Author: Jan Beulich AuthorDate: Tue Apr 5 14:16:46 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:16:46 2022 +0200 IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter This is to make more obvious that nothing outside of domain_iommu(d) actually changes or is otherwise needed by the function. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian --- xen/arch/x86/include/asm/iommu.h | 3 ++- xen/drivers/passthrough/amd/iommu_map.c | 10 +++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 8 ++++---- xen/drivers/passthrough/x86/iommu.c | 3 +-- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index e3484ca023..5060f97124 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -141,7 +141,8 @@ static inline void iommu_sync_cache(const void *addr, unsigned int size) } int __must_check iommu_free_pgtables(struct domain *d); -struct page_info *__must_check iommu_alloc_pgtable(struct domain *d); +struct domain_iommu; +struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); #endif /* !__ARCH_X86_IOMMU_H__ */ /* diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index bf5df5fe5d..70089db76d 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -184,7 +184,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, unsigned long next_table_mfn; unsigned int level; struct page_info *table; - const struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(d); table = hd->arch.amd.root_table; level = hd->arch.amd.paging_mode; @@ -219,7 +219,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, mfn = next_table_mfn; /* allocate lower level page table */ - table = iommu_alloc_pgtable(d); + table = iommu_alloc_pgtable(hd); if ( table == NULL ) { AMD_IOMMU_ERROR("cannot allocate I/O page table\n"); @@ -249,7 +249,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, if ( next_table_mfn == 0 ) { - table = iommu_alloc_pgtable(d); + table = iommu_alloc_pgtable(hd); if ( table == NULL ) { AMD_IOMMU_ERROR("cannot allocate I/O page table\n"); @@ -555,7 +555,7 @@ int __init cf_check amd_iommu_quarantine_init(struct domain *d) spin_lock(&hd->arch.mapping_lock); - hd->arch.amd.root_table = iommu_alloc_pgtable(d); + hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) goto out; @@ -570,7 +570,7 @@ int __init cf_check amd_iommu_quarantine_init(struct domain *d) * page table pages, and the resulting allocations are always * zeroed. */ - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); if ( !pg ) break; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 4b59a4efe9..7b21380a46 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -242,7 +242,7 @@ int amd_iommu_alloc_root(struct domain *d) if ( unlikely(!hd->arch.amd.root_table) ) { - hd->arch.amd.root_table = iommu_alloc_pgtable(d); + hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) return -ENOMEM; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 06ba21aad8..0e90089c9b 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -318,7 +318,7 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) { struct page_info *pg; - if ( !alloc || !(pg = iommu_alloc_pgtable(domain)) ) + if ( !alloc || !(pg = iommu_alloc_pgtable(hd)) ) goto out; hd->arch.vtd.pgd_maddr = page_to_maddr(pg); @@ -338,7 +338,7 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) if ( !alloc ) break; - pg = iommu_alloc_pgtable(domain); + pg = iommu_alloc_pgtable(hd); if ( !pg ) break; @@ -2758,7 +2758,7 @@ static int __init cf_check intel_iommu_quarantine_init(struct domain *d) goto out; } - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); rc = -ENOMEM; if ( !pg ) @@ -2777,7 +2777,7 @@ static int __init cf_check intel_iommu_quarantine_init(struct domain *d) * page table pages, and the resulting allocations are always * zeroed. */ - pg = iommu_alloc_pgtable(d); + pg = iommu_alloc_pgtable(hd); if ( !pg ) goto out; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 65a622f26d..9c5fb6fa46 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -420,9 +420,8 @@ int iommu_free_pgtables(struct domain *d) return 0; } -struct page_info *iommu_alloc_pgtable(struct domain *d) +struct page_info *iommu_alloc_pgtable(struct domain_iommu *hd) { - struct domain_iommu *hd = dom_iommu(d); unsigned int memflags = 0; struct page_info *pg; void *p; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:45:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:45:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300182.511826 (Exim 4.92) (envelope-from ) id 1ncDTE-0006Gz-Nz; Wed, 06 Apr 2022 21:45:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300182.511826; Wed, 06 Apr 2022 21:45:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTE-0006Gr-L6; Wed, 06 Apr 2022 21:45:44 +0000 Received: by outflank-mailman (input) for mailman id 300182; Wed, 06 Apr 2022 21:45:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTD-0006GY-9E for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTD-0005le-8Q for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDTD-0003jO-7i for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qGuNpLC6b8WMxdpKUuKUdytdwbR4wTamS5tFJkmKGAA=; b=rF0I6dueMptiSJKAYvnv3HFMbm vYkQ6bVEr0qZdymg3i45FlhhOVCkRzXOahnBXVQsf+uDGDWEqBxMpimtURC9HiSwfat/oig+9cdC9 afZdL41U3XpmKynoXHlkxkqQWI9igWo2+r6Vn4w/SHn/puH4D2qK32E1+PoCt9UTuTqc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: drop ownership checking from domain_context_mapping_one() Message-Id: Date: Wed, 06 Apr 2022 21:45:43 +0000 commit a680b8134b2d1828bbbf443a97feea66e8a85c75 Author: Jan Beulich AuthorDate: Tue Apr 5 14:17:21 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:17:21 2022 +0200 VT-d: drop ownership checking from domain_context_mapping_one() Despite putting in quite a bit of effort it was not possible to establish why exactly this code exists (beyond possibly sanity checking). Instead of a subsequent change further complicating this logic, simply get rid of it. Take the opportunity and move the respective unmap_vtd_domain_page() out of the locked region. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 61 ++----------------------------------- 1 file changed, 2 insertions(+), 59 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 0e90089c9b..b1eeba377e 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -142,28 +142,6 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static int context_get_domain_id(const struct context_entry *context, - const struct vtd_iommu *iommu) -{ - int domid = -1; - - if ( iommu && context ) - { - unsigned int dom_index = context_domain_id(*context); - - domid = did_to_domain_id(iommu, dom_index); - if ( domid == DOMID_INVALID ) - { - dprintk(XENLOG_DEBUG VTDPREFIX, - "no domid for did %u (nr_dom %u)\n", - dom_index, cap_ndoms(iommu->cap)); - domid = -1; - } - } - - return domid; -} - static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) { int iommu_domid; @@ -1410,44 +1388,9 @@ int domain_context_mapping_one( if ( context_present(*context) ) { - int res = 0; - - /* Try to get domain ownership from device structure. If that's - * not available, try to read it from the context itself. */ - if ( pdev ) - { - if ( pdev->domain != domain ) - { - printk(XENLOG_G_INFO VTDPREFIX "%pd: %pp owned by %pd", - domain, &PCI_SBDF3(seg, bus, devfn), - pdev->domain); - res = -EINVAL; - } - } - else - { - int cdomain; - cdomain = context_get_domain_id(context, iommu); - - if ( cdomain < 0 ) - { - printk(XENLOG_G_WARNING VTDPREFIX - "%pd: %pp mapped, but can't find owner\n", - domain, &PCI_SBDF3(seg, bus, devfn)); - res = -EINVAL; - } - else if ( cdomain != domain->domain_id ) - { - printk(XENLOG_G_INFO VTDPREFIX - "%pd: %pp already mapped to d%d", - domain, &PCI_SBDF3(seg, bus, devfn), cdomain); - res = -EINVAL; - } - } - - unmap_vtd_domain_page(context_entries); spin_unlock(&iommu->lock); - return res; + unmap_vtd_domain_page(context_entries); + return 0; } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:45:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:45:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300183.511830 (Exim 4.92) (envelope-from ) id 1ncDTO-0006Js-Pk; Wed, 06 Apr 2022 21:45:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300183.511830; Wed, 06 Apr 2022 21:45:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTO-0006Jj-Mf; Wed, 06 Apr 2022 21:45:54 +0000 Received: by outflank-mailman (input) for mailman id 300183; Wed, 06 Apr 2022 21:45:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTN-0006JK-CT for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTN-0005lt-Be for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDTN-0003kW-Aw for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:45:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TnZgYLZWkLg+Pjig7dNJ0k/ZpM97fwE7PxMxw7UGdzI=; b=DSwikTdI7c+35SjLwqqL48RVHm NDU9YDM6f/dTNrIEHlmNMX4R95mTF5mcyaxwm8++o5l3FDPGghlMcjISgMOm2daNNtgnoCKpS66/l s40WP3QHF2kOiMe2IbatbmsEqaRy9/HmelzbpNmVC0TGoTlnqMFebEIjzsqJnlTz0CD8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: re-assign devices directly Message-Id: Date: Wed, 06 Apr 2022 21:45:53 +0000 commit 8f41e481b4852173909363b88c1ab3da747d3a05 Author: Jan Beulich AuthorDate: Tue Apr 5 14:17:42 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:17:42 2022 +0200 VT-d: re-assign devices directly Devices with RMRRs, due to it being unspecified how/when the specified memory regions may get accessed, may not be left disconnected from their respective mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than unmapping the old context and then mapping the new one, re-assignment needs to be done in a single step. This is CVE-2022-26359 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any RMRRs. The main difference is when it comes to updating context entries, which need to be atomic when there are RMRRs. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. The seemingly complicated choice of non-negative return values for domain_context_mapping_one() is to limit code churn: This way callers passing NULL for pdev don't need fiddling with. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/vtd/extern.h | 7 +- xen/drivers/passthrough/vtd/iommu.c | 284 ++++++++++++++++++++++++++--------- xen/drivers/passthrough/vtd/iommu.h | 8 +- xen/drivers/passthrough/vtd/quirks.c | 14 +- xen/drivers/passthrough/vtd/vtd.h | 10 +- 5 files changed, 243 insertions(+), 80 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index e6535548e1..92e09cc095 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -81,7 +81,8 @@ void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(const void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *); + uint8_t bus, uint8_t devfn, + const struct pci_dev *pdev, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, u8 bus, u8 devfn); int cf_check intel_iommu_get_reserved_device_memory( @@ -103,8 +104,8 @@ bool is_azalia_tlb_enabled(const struct acpi_drhd_unit *); void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); -int __must_check me_wifi_quirk(struct domain *domain, - u8 bus, u8 devfn, int map); +int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, + uint8_t devfn, unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index b1eeba377e..144e877993 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -138,6 +138,7 @@ static int context_set_domain_id(struct context_entry *context, else i = convert_domid(iommu, d->domain_id); + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; return 0; } @@ -1365,15 +1366,27 @@ static void __hwdom_init cf_check intel_iommu_hwdom_init(struct domain *d) } } +/* + * This function returns + * - a negative errno value upon error, + * - zero upon success when previously the entry was non-present, or this isn't + * the "main" request for a device (pdev == NULL), or for no-op quarantining + * assignments, + * - positive (one) upon success when previously the entry was present and this + * is the "main" request for a device (pdev != NULL). + */ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *pdev) + uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, + unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); - struct context_entry *context, *context_entries; + struct context_entry *context, *context_entries, lctxt; + __uint128_t old; u64 maddr, pgd_maddr; - u16 seg = iommu->drhd->segment; + uint16_t seg = iommu->drhd->segment, prev_did = 0; + struct domain *prev_dom = NULL; int rc, ret; bool_t flush_dev_iotlb; @@ -1385,17 +1398,32 @@ int domain_context_mapping_one( maddr = bus_to_context_maddr(iommu, bus); context_entries = (struct context_entry *)map_vtd_domain_page(maddr); context = &context_entries[devfn]; + old = (lctxt = *context).full; - if ( context_present(*context) ) + if ( context_present(lctxt) ) { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return 0; + domid_t domid; + + prev_did = context_domain_id(lctxt); + domid = did_to_domain_id(iommu, prev_did); + if ( domid < DOMID_FIRST_RESERVED ) + prev_dom = rcu_lock_domain_by_id(domid); + else if ( domid == DOMID_IO ) + prev_dom = rcu_lock_domain(dom_io); + if ( !prev_dom ) + { + spin_unlock(&iommu->lock); + unmap_vtd_domain_page(context_entries); + dprintk(XENLOG_DEBUG VTDPREFIX, + "no domain for did %u (nr_dom %u)\n", + prev_did, cap_ndoms(iommu->cap)); + return -ESRCH; + } } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) { - context_set_translation_type(*context, CONTEXT_TT_PASS_THRU); + context_set_translation_type(lctxt, CONTEXT_TT_PASS_THRU); } else { @@ -1407,37 +1435,108 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -ENOMEM; } - context_set_address_root(*context, pgd_maddr); + context_set_address_root(lctxt, pgd_maddr); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) - context_set_translation_type(*context, CONTEXT_TT_DEV_IOTLB); + context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else - context_set_translation_type(*context, CONTEXT_TT_MULTI_LEVEL); + context_set_translation_type(lctxt, CONTEXT_TT_MULTI_LEVEL); spin_unlock(&hd->arch.mapping_lock); } - rc = context_set_domain_id(context, domain, iommu); + rc = context_set_domain_id(&lctxt, domain, iommu); if ( rc ) { + unlock: spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return rc; } - context_set_address_width(*context, level_to_agaw(iommu->nr_pt_levels)); - context_set_fault_enable(*context); - context_set_present(*context); + if ( !prev_dom ) + { + context_set_address_width(lctxt, level_to_agaw(iommu->nr_pt_levels)); + context_set_fault_enable(lctxt); + context_set_present(lctxt); + } + else if ( prev_dom == domain ) + { + ASSERT(lctxt.full == context->full); + rc = !!pdev; + goto unlock; + } + else + { + ASSERT(context_address_width(lctxt) == + level_to_agaw(iommu->nr_pt_levels)); + ASSERT(!context_fault_disable(lctxt)); + } + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(context, &old, &lctxt.full); + + /* + * Hardware does not update the context entry behind our backs, + * so the return value should match "old". + */ + if ( res != old ) + { + if ( pdev ) + check_cleanup_domid_map(domain, pdev, iommu); + printk(XENLOG_ERR + "%pp: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + rc = -EILSEQ; + goto unlock; + } + } + else if ( !prev_dom || !(mode & MAP_WITH_RMRR) ) + { + context_clear_present(*context); + iommu_sync_cache(context, sizeof(*context)); + + write_atomic(&context->hi, lctxt.hi); + /* No barrier should be needed between these two. */ + write_atomic(&context->lo, lctxt.lo); + } + else /* Best effort, updating DID last. */ + { + /* + * By non-atomically updating the context entry's DID field last, + * during a short window in time TLB entries with the old domain ID + * but the new page tables may be inserted. This could affect I/O + * of other devices using this same (old) domain ID. Such updating + * therefore is not a problem if this was the only device associated + * with the old domain ID. Diverting I/O of any of a dying domain's + * devices to the quarantine page tables is intended anyway. + */ + if ( !(mode & (MAP_OWNER_DYING | MAP_SINGLE_DEVICE)) ) + printk(XENLOG_WARNING VTDPREFIX + " %pp: reassignment may cause %pd data corruption\n", + &PCI_SBDF3(seg, bus, devfn), prev_dom); + + write_atomic(&context->lo, lctxt.lo); + /* No barrier should be needed between these two. */ + write_atomic(&context->hi, lctxt.hi); + } + iommu_sync_cache(context, sizeof(struct context_entry)); spin_unlock(&iommu->lock); - /* Context entry was previously non-present (with domid 0). */ - rc = iommu_flush_context_device(iommu, 0, PCI_BDF2(bus, devfn), - DMA_CCMD_MASK_NOBIT, 1); + rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF2(bus, devfn), + DMA_CCMD_MASK_NOBIT, !prev_dom); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - ret = iommu_flush_iotlb_dsi(iommu, 0, 1, flush_dev_iotlb); + ret = iommu_flush_iotlb_dsi(iommu, prev_did, !prev_dom, flush_dev_iotlb); /* * The current logic for returns: @@ -1458,17 +1557,26 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, MAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, mode); if ( rc ) { - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + if ( !prev_dom ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); + else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + mode & MAP_WITH_RMRR) < 0; + else + ret = 1; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); } - return rc; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + + return rc ?: pdev && prev_dom; } static int domain_context_unmap(struct domain *d, uint8_t devfn, @@ -1478,8 +1586,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + const struct acpi_rmrr_unit *rmrr; int ret = 0; - uint16_t seg = pdev->seg; + unsigned int i, mode = 0; + uint16_t seg = pdev->seg, bdf; uint8_t bus = pdev->bus, secbus; /* @@ -1495,8 +1605,29 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, ASSERT(pcidevs_locked()); + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment != pdev->seg || bdf != pdev->sbdf.bdf ) + continue; + + mode |= MAP_WITH_RMRR; + break; + } + + if ( domain != pdev->domain ) + { + if ( pdev->domain->is_dying ) + mode |= MAP_OWNER_DYING; + else if ( drhd && + !any_pdev_behind_iommu(pdev->domain, pdev, drhd->iommu) && + !pdev->phantom_stride ) + mode |= MAP_SINGLE_DEVICE; + } + switch ( pdev->type ) { + bool prev_present; + case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "%pd:Hostbridge: skip %pp map\n", @@ -1518,7 +1649,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); + pdev, mode); + if ( ret > 0 ) + ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) enable_ats_device(pdev, &drhd->iommu->ats_devices); @@ -1533,9 +1666,10 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); - if ( ret ) + pdev, mode); + if ( ret < 0 ) break; + prev_present = ret; if ( (ret = find_upstream_bridge(seg, &bus, &devfn, &secbus)) < 1 ) { @@ -1543,6 +1677,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; ret = -ENXIO; } + /* + * Strictly speaking if the device is the only one behind this bridge + * and the only one with this (secbus,0,0) tuple, it could be allowed + * to be re-assigned regardless of RMRR presence. But let's deal with + * that case only if it is actually found in the wild. + */ + else if ( prev_present && (mode & MAP_WITH_RMRR) && + domain != pdev->domain ) + ret = -EOPNOTSUPP; /* * Mapping a bridge should, if anything, pass the struct pci_dev of @@ -1551,7 +1694,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL); + NULL, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1566,10 +1709,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL); + NULL, mode); if ( ret ) - domain_context_unmap(domain, devfn, pdev); + { + if ( !prev_present ) + domain_context_unmap(domain, devfn, pdev); + else if ( pdev->domain != domain ) /* Avoid infinite recursion. */ + domain_context_mapping(pdev->domain, devfn, pdev); + } break; @@ -2353,9 +2501,47 @@ static int cf_check reassign_device_ownership( { int ret; - ret = domain_context_unmap(source, devfn, pdev); + if ( !QUARANTINE_SKIP(target) ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_assign(target); + + /* + * Devices assigned to untrusted domains (here assumed to be any domU) + * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected + * by the root complex unless interrupt remapping is enabled. + */ + if ( !iommu_intremap && !is_hardware_domain(target) && + !is_system_domain(target) ) + untrusted_msi = true; + + ret = domain_context_mapping(target, devfn, pdev); + + if ( !ret && !QUARANTINE_SKIP(source) && pdev->devfn == devfn ) + { + const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + + if ( drhd ) + check_cleanup_domid_map(source, pdev, drhd->iommu); + } + } + else + ret = domain_context_unmap(source, devfn, pdev); if ( ret ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_deassign(target); return ret; + } + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } + + if ( !has_arch_pdevs(source) ) + vmx_pi_hooks_deassign(source); /* * If the device belongs to the hardware domain, and it has RMRR, don't @@ -2385,43 +2571,7 @@ static int cf_check reassign_device_ownership( } } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - if ( !has_arch_pdevs(source) ) - vmx_pi_hooks_deassign(source); - - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_assign(target); - - /* - * Devices assigned to untrusted domains (here assumed to be any domU) - * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected - * by the root complex unless interrupt remapping is enabled. - */ - if ( !iommu_intremap && !is_hardware_domain(target) && - !is_system_domain(target) ) - untrusted_msi = true; - - ret = domain_context_mapping(target, devfn, pdev); - if ( ret ) - { - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_deassign(target); - - return ret; - } - - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - - return ret; + return 0; } static int cf_check intel_iommu_assign_device( diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 652b8c9d09..67e34dd875 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -197,8 +197,12 @@ struct root_entry { do {(root).val |= ((value) & PAGE_MASK_4K);} while(0) struct context_entry { - u64 lo; - u64 hi; + union { + struct { + uint64_t lo, hi; + }; + __uint128_t full; + }; }; #define ROOT_ENTRY_NR (PAGE_SIZE_4K/sizeof(struct root_entry)) #define context_present(c) ((c).lo & 1) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 0590ddeea7..250bb7a344 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -407,7 +407,8 @@ void __init platform_quirks_init(void) */ static int __must_check map_me_phantom_function(struct domain *domain, - u32 dev, int map) + unsigned int dev, + unsigned int mode) { struct acpi_drhd_unit *drhd; struct pci_dev *pdev; @@ -418,9 +419,9 @@ static int __must_check map_me_phantom_function(struct domain *domain, drhd = acpi_find_matched_drhd_unit(pdev); /* map or unmap ME phantom function */ - if ( map ) + if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL); + PCI_DEVFN(dev, 7), NULL, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, PCI_DEVFN(dev, 7)); @@ -428,7 +429,8 @@ static int __must_check map_me_phantom_function(struct domain *domain, return rc; } -int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) +int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, + unsigned int mode) { u32 id; int rc = 0; @@ -452,7 +454,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, map); + rc = map_me_phantom_function(domain, 3, mode); break; default: break; @@ -478,7 +480,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, map); + rc = map_me_phantom_function(domain, 22, mode); break; default: break; diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index bb8889f350..e4ab242fee 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -22,8 +22,14 @@ #include -#define MAP_ME_PHANTOM_FUNC 1 -#define UNMAP_ME_PHANTOM_FUNC 0 +/* + * Values for domain_context_mapping_one()'s and me_wifi_quirk()'s "mode" + * parameters. + */ +#define MAP_WITH_RMRR (1u << 0) +#define MAP_OWNER_DYING (1u << 1) +#define MAP_SINGLE_DEVICE (1u << 2) +#define UNMAP_ME_PHANTOM_FUNC (1u << 3) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:46:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:46:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300185.511835 (Exim 4.92) (envelope-from ) id 1ncDTY-0006Mo-Ry; Wed, 06 Apr 2022 21:46:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300185.511835; Wed, 06 Apr 2022 21:46:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTY-0006Mg-OU; Wed, 06 Apr 2022 21:46:04 +0000 Received: by outflank-mailman (input) for mailman id 300185; Wed, 06 Apr 2022 21:46:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTX-0006MS-FW for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTX-0005mF-Ee for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDTX-0003lm-Dz for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YwjhEMyedRWny3b55Irwzf+YM13GJMZOodwYDFvmfEg=; b=fN1aQFBBZbV6W4MMtBVHwMatgR sfTDeReiAT0fTqNSEU7lIqfBKkF15g+x8m+lsajzsePJuul0OOYNOiI4KBeCYUpNLLqRz/NylNi4m IqVrUcO0131j0ru5TGhAGYhruqCNPF6G/TLDOnag+Tj+Gq4tkLdcHOJ7suDqI18vs5Ao=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: re-assign devices directly Message-Id: Date: Wed, 06 Apr 2022 21:46:03 +0000 commit 1fa6e9aa36233fe9c29a204fcb2697e985b8345f Author: Jan Beulich AuthorDate: Tue Apr 5 14:18:04 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:18:04 2022 +0200 AMD/IOMMU: re-assign devices directly Devices with unity map ranges, due to it being unspecified how/when these memory ranges may get accessed, may not be left disconnected from their unity mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than tearing down the old root page table pointer and then establishing the new one, re-assignment needs to be done in a single step. This is CVE-2022-26360 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any unity map ranges. The main difference is when it comes to updating DTEs, which need to be atomic when there are unity mappings. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/amd/iommu.h | 10 +- xen/drivers/passthrough/amd/iommu_map.c | 67 ++++++++++++- xen/drivers/passthrough/amd/pci_amd_iommu.c | 142 ++++++++++++++++++++++------ 3 files changed, 184 insertions(+), 35 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 0665deeab5..722b92fd78 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -263,9 +263,13 @@ void amd_iommu_set_intremap_table(struct amd_iommu_dte *dte, const void *ptr, const struct amd_iommu *iommu, bool valid); -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid); +#define SET_ROOT_VALID (1u << 0) +#define SET_ROOT_WITH_UNITY_MAP (1u << 1) +int __must_check amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, + uint16_t domain_id, + uint8_t paging_mode, + unsigned int flags); void iommu_dte_add_device_entry(struct amd_iommu_dte *dte, const struct ivrs_mappings *ivrs_dev); diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 70089db76d..500a176e47 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -114,10 +114,69 @@ static unsigned int set_iommu_ptes_present(unsigned long pt_mfn, return flush_flags; } -void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, - uint64_t root_ptr, uint16_t domain_id, - uint8_t paging_mode, bool valid) +/* + * This function returns + * - -errno for errors, + * - 0 for a successful update, atomic when necessary + * - 1 for a successful but non-atomic update, which may need to be warned + * about by the caller. + */ +int amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, + uint64_t root_ptr, uint16_t domain_id, + uint8_t paging_mode, unsigned int flags) { + bool valid = flags & SET_ROOT_VALID; + + if ( dte->v && dte->tv && + (cpu_has_cx16 || (flags & SET_ROOT_WITH_UNITY_MAP)) ) + { + union { + struct amd_iommu_dte dte; + uint64_t raw64[4]; + __uint128_t raw128[2]; + } ldte = { .dte = *dte }; + __uint128_t old = ldte.raw128[0]; + int ret = 0; + + ldte.dte.domain_id = domain_id; + ldte.dte.pt_root = paddr_to_pfn(root_ptr); + ldte.dte.iw = true; + ldte.dte.ir = true; + ldte.dte.paging_mode = paging_mode; + ldte.dte.v = valid; + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(dte, &old, &ldte.raw128[0]); + + /* + * Hardware does not update the DTE behind our backs, so the + * return value should match "old". + */ + if ( res != old ) + { + printk(XENLOG_ERR + "Dom%d: unexpected DTE %016lx_%016lx (expected %016lx_%016lx)\n", + domain_id, + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + ret = -EILSEQ; + } + } + else /* Best effort, updating domain_id last. */ + { + uint64_t *ptr = (void *)dte; + + write_atomic(ptr + 0, ldte.raw64[0]); + /* No barrier should be needed between these two. */ + write_atomic(ptr + 1, ldte.raw64[1]); + + ret = 1; + } + + return ret; + } + if ( valid || dte->v ) { dte->tv = false; @@ -132,6 +191,8 @@ void amd_iommu_set_root_page_table(struct amd_iommu_dte *dte, smp_wmb(); dte->tv = true; dte->v = valid; + + return 0; } void amd_iommu_set_intremap_table( diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 7b21380a46..38d2e5e15e 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -96,13 +96,32 @@ static int __must_check allocate_domain_resources(struct domain *d) return rc; } +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct amd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + if ( pdev == exclude ) + continue; + + if ( find_iommu_for_device(pdev->seg, pdev->sbdf.bdf) == iommu ) + return true; + } + + return false; +} + static int __must_check amd_iommu_setup_domain_device( struct domain *domain, struct amd_iommu *iommu, uint8_t devfn, struct pci_dev *pdev) { struct amd_iommu_dte *table, *dte; unsigned long flags; - int req_id, valid = 1, rc; + unsigned int req_id, sr_flags; + int rc; u8 bus = pdev->bus; struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; @@ -116,8 +135,11 @@ static int __must_check amd_iommu_setup_domain_device( if ( rc ) return rc; - if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) - valid = 0; + req_id = get_dma_requestor_id(iommu->seg, pdev->sbdf.bdf); + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + sr_flags = (iommu_hwdom_passthrough && is_hardware_domain(domain) + ? 0 : SET_ROOT_VALID) + | (ivrs_dev->unity_map ? SET_ROOT_WITH_UNITY_MAP : 0); /* get device-table entry */ req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); @@ -130,9 +152,15 @@ static int __must_check amd_iommu_setup_domain_device( if ( !dte->v || !dte->tv ) { /* bind DTE to domain page-tables */ - amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, valid); + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + if ( rc ) + { + ASSERT(rc < 0); + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } /* Undo what amd_iommu_disable_domain_device() may have done. */ if ( dte->it_root ) @@ -152,17 +180,76 @@ static int __must_check amd_iommu_setup_domain_device( spin_unlock_irqrestore(&iommu->lock, flags); amd_iommu_flush_device(iommu, req_id); + } + else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.amd.root_table)) ) + { + /* + * Strictly speaking if the device is the only one with this requestor + * ID, it could be allowed to be re-assigned regardless of unity map + * presence. But let's deal with that case only if it is actually + * found in the wild. + */ + if ( req_id != PCI_BDF2(bus, devfn) && + (sr_flags & SET_ROOT_WITH_UNITY_MAP) ) + rc = -EOPNOTSUPP; + else + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + if ( rc < 0 ) + { + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } + if ( rc && + domain != pdev->domain && + /* + * By non-atomically updating the DTE's domain ID field last, + * during a short window in time TLB entries with the old domain + * ID but the new page tables may have been inserted. This could + * affect I/O of other devices using this same (old) domain ID. + * Such updating therefore is not a problem if this was the only + * device associated with the old domain ID. Diverting I/O of any + * of a dying domain's devices to the quarantine page tables is + * intended anyway. + */ + !pdev->domain->is_dying && + (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || + pdev->phantom_stride) ) + AMD_IOMMU_WARN(" %pp: reassignment may cause %pd data corruption\n", + &PCI_SBDF3(pdev->seg, bus, devfn), pdev->domain); + + /* + * Check remaining settings are still in place from an earlier call + * here. They're all independent of the domain, so should not have + * changed. + */ + if ( dte->it_root ) + ASSERT(dte->int_ctl == IOMMU_DEV_TABLE_INT_CONTROL_TRANSLATED); + ASSERT(dte->iv == iommu_intremap); + ASSERT(dte->ex == ivrs_dev->dte_allow_exclusion); + ASSERT(dte->sys_mgt == MASK_EXTR(ivrs_dev->device_flags, + ACPI_IVHD_SYSTEM_MGMT)); - AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " - "root table = %#"PRIx64", " - "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode); + if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && + !ivrs_dev->block_ats && + iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) + ASSERT(dte->i == ats_enabled); + + spin_unlock_irqrestore(&iommu->lock, flags); + + amd_iommu_flush_device(iommu, req_id); } else spin_unlock_irqrestore(&iommu->lock, flags); + AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " + "root table = %#"PRIx64", " + "domain = %d, paging mode = %d\n", + req_id, pdev->type, + page_to_maddr(hd->arch.amd.root_table), + domain->domain_id, hd->arch.amd.paging_mode); + ASSERT(pcidevs_locked()); if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && @@ -367,7 +454,20 @@ static int cf_check reassign_device( return -ENODEV; } - amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + if ( !QUARANTINE_SKIP(target) ) + { + rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); + if ( rc ) + return rc; + } + else + amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->pdev_list); + pdev->domain = target; + } /* * If the device belongs to the hardware domain, and it has a unity mapping, @@ -383,25 +483,9 @@ static int cf_check reassign_device( return rc; } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->pdev_list); - pdev->domain = dom_io; - } - - rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); - if ( rc ) - return rc; - AMD_IOMMU_DEBUG("Re-assign %pp from dom%d to dom%d\n", &pdev->sbdf, source->domain_id, target->domain_id); - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->pdev_list); - pdev->domain = target; - } - return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:46:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:46:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300186.511837 (Exim 4.92) (envelope-from ) id 1ncDTi-0006QM-UU; Wed, 06 Apr 2022 21:46:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300186.511837; Wed, 06 Apr 2022 21:46:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTi-0006QF-Rh; Wed, 06 Apr 2022 21:46:14 +0000 Received: by outflank-mailman (input) for mailman id 300186; Wed, 06 Apr 2022 21:46:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTh-0006Pv-IL for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTh-0005n4-Ha for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDTh-0003mm-H0 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GlELlzLNHVYYscNTykG1YZSq158bbYiEqYOX8DXe6RA=; b=BMqzrqxUF3kKXQUr9aRKQpt0Nb /Re3qDFwcCm5HaFnc21Eye2v9sdHQ3+gqVmq5l34qso77lGdEXLLfcpLb2RXsDg/fzP++qsABuzNN mcKf9S+patK+qBb//cUQWjKaEd0k7yNQai37hRj/jb+R0LGeWkgJ68WhT8OgShQNWSmc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: prepare for per-device quarantine page tables (part I) Message-Id: Date: Wed, 06 Apr 2022 21:46:13 +0000 commit eb19326a328d49a6a4dc3930391b340f3bcd8948 Author: Jan Beulich AuthorDate: Tue Apr 5 14:18:26 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:18:26 2022 +0200 VT-d: prepare for per-device quarantine page tables (part I) Arrange for domain ID and page table root to be passed around, the latter in particular to domain_pgd_maddr() such that taking it from the per-domain fields can be overridden. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/extern.h | 8 ++-- xen/drivers/passthrough/vtd/iommu.c | 76 +++++++++++++++++++++++------------- xen/drivers/passthrough/vtd/quirks.c | 13 +++--- 3 files changed, 62 insertions(+), 35 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 92e09cc095..9ff38f3ded 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -82,9 +82,10 @@ void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(const void *va); int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, - const struct pci_dev *pdev, unsigned int mode); + const struct pci_dev *pdev, domid_t domid, + paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn); + uint8_t bus, uint8_t devfn, domid_t domid); int cf_check intel_iommu_get_reserved_device_memory( iommu_grdm_t *func, void *ctxt); @@ -105,7 +106,8 @@ void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct vtd_iommu *iommu); void vtd_ops_postamble_quirk(struct vtd_iommu *iommu); int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, - uint8_t devfn, unsigned int mode); + uint8_t devfn, domid_t domid, paddr_t pgd_maddr, + unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct vtd_iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 144e877993..a291dd85bc 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -43,7 +43,7 @@ #include "../ats.h" /* dom_io is used as a sentinel for quarantined devices */ -#define QUARANTINE_SKIP(d) ((d) == dom_io && !dom_iommu(d)->arch.vtd.pgd_maddr) +#define QUARANTINE_SKIP(d, pgd_maddr) ((d) == dom_io && !(pgd_maddr)) /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -346,15 +346,17 @@ static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) return pte_maddr; } -static uint64_t domain_pgd_maddr(struct domain *d, unsigned int nr_pt_levels) +static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, + unsigned int nr_pt_levels) { struct domain_iommu *hd = dom_iommu(d); - uint64_t pgd_maddr; unsigned int agaw; ASSERT(spin_is_locked(&hd->arch.mapping_lock)); - if ( iommu_use_hap_pt(d) ) + if ( pgd_maddr ) + /* nothing */; + else if ( iommu_use_hap_pt(d) ) { pagetable_t pgt = p2m_get_pagetable(p2m_get_hostp2m(d)); @@ -1379,18 +1381,18 @@ int domain_context_mapping_one( struct domain *domain, struct vtd_iommu *iommu, uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); struct context_entry *context, *context_entries, lctxt; __uint128_t old; - u64 maddr, pgd_maddr; + uint64_t maddr; uint16_t seg = iommu->drhd->segment, prev_did = 0; struct domain *prev_dom = NULL; int rc, ret; bool_t flush_dev_iotlb; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, pgd_maddr) ) return 0; ASSERT(pcidevs_locked()); @@ -1427,10 +1429,12 @@ int domain_context_mapping_one( } else { + paddr_t root; + spin_lock(&hd->arch.mapping_lock); - pgd_maddr = domain_pgd_maddr(domain, iommu->nr_pt_levels); - if ( !pgd_maddr ) + root = domain_pgd_maddr(domain, pgd_maddr, iommu->nr_pt_levels); + if ( !root ) { spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); @@ -1440,7 +1444,7 @@ int domain_context_mapping_one( return -ENOMEM; } - context_set_address_root(lctxt, pgd_maddr); + context_set_address_root(lctxt, root); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else @@ -1557,15 +1561,21 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, mode); + rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); if ( rc ) { if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + { + hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + domain->domain_id, + hd->arch.vtd.pgd_maddr, mode & MAP_WITH_RMRR) < 0; + } else ret = 1; @@ -1587,6 +1597,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); const struct acpi_rmrr_unit *rmrr; + paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1649,7 +1660,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret > 0 ) ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) @@ -1666,7 +1678,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret < 0 ) break; prev_present = ret; @@ -1694,7 +1707,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1709,7 +1723,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); if ( ret ) { @@ -1737,14 +1752,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - u8 bus, u8 devfn) + uint8_t bus, uint8_t devfn, domid_t domid) { struct context_entry *context, *context_entries; u64 maddr; int iommu_domid, rc, ret; bool_t flush_dev_iotlb; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) return 0; ASSERT(pcidevs_locked()); @@ -1798,7 +1813,7 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1845,7 +1860,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1858,7 +1874,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( ret ) break; @@ -1884,12 +1901,15 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, /* PCIe to PCI/PCIx bridge */ if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0); + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + domain->domain_id); } else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); break; @@ -1899,7 +1919,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, return -EINVAL; } - if ( !ret && !QUARANTINE_SKIP(domain) && pdev->devfn == devfn ) + if ( !ret && pdev->devfn == devfn && + !QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) check_cleanup_domid_map(domain, pdev, iommu); return ret; @@ -2501,7 +2522,7 @@ static int cf_check reassign_device_ownership( { int ret; - if ( !QUARANTINE_SKIP(target) ) + if ( !QUARANTINE_SKIP(target, dom_iommu(target)->arch.vtd.pgd_maddr) ) { if ( !has_arch_pdevs(target) ) vmx_pi_hooks_assign(target); @@ -2517,7 +2538,8 @@ static int cf_check reassign_device_ownership( ret = domain_context_mapping(target, devfn, pdev); - if ( !ret && !QUARANTINE_SKIP(source) && pdev->devfn == devfn ) + if ( !ret && pdev->devfn == devfn && + !QUARANTINE_SKIP(source, dom_iommu(source)->arch.vtd.pgd_maddr) ) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 250bb7a344..f6f74416d0 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -408,6 +408,8 @@ void __init platform_quirks_init(void) static int __must_check map_me_phantom_function(struct domain *domain, unsigned int dev, + domid_t domid, + paddr_t pgd_maddr, unsigned int mode) { struct acpi_drhd_unit *drhd; @@ -421,16 +423,17 @@ static int __must_check map_me_phantom_function(struct domain *domain, /* map or unmap ME phantom function */ if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL, mode); + PCI_DEVFN(dev, 7), NULL, + domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7)); + PCI_DEVFN(dev, 7), domid); return rc; } int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { u32 id; int rc = 0; @@ -454,7 +457,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, mode); + rc = map_me_phantom_function(domain, 3, domid, pgd_maddr, mode); break; default: break; @@ -480,7 +483,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, mode); + rc = map_me_phantom_function(domain, 22, domid, pgd_maddr, mode); break; default: break; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:46:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:46:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300187.511842 (Exim 4.92) (envelope-from ) id 1ncDTt-0006Tk-0C; Wed, 06 Apr 2022 21:46:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300187.511842; Wed, 06 Apr 2022 21:46:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTs-0006Tc-TL; Wed, 06 Apr 2022 21:46:24 +0000 Received: by outflank-mailman (input) for mailman id 300187; Wed, 06 Apr 2022 21:46:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTr-0006TO-LN for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDTr-0005nt-Ka for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDTr-0003ny-Jz for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Za3SbJkcsk2VtvwxxnotJoC2Rj6nssCUdPowjixJ9dU=; b=K5QdK82M/FDq9bfubUV1840f35 gEn8q3ArRG4Cm60KK1I9C2iluKCbCe8K1QdjoyzWVy6UsxZ9McU8mSI0E7CnHY1qd5910C4e82vDB DpZ9p+wlFB3Y5weuDfJMqlnSoln/OyiUTAALbPDXxDPwrSk5MPYXkAAbaKjZ4u+wsQpw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: prepare for per-device quarantine page tables (part II) Message-Id: Date: Wed, 06 Apr 2022 21:46:23 +0000 commit 7131163c4806e3c7de24873164d1a003d2a27dee Author: Jan Beulich AuthorDate: Tue Apr 5 14:18:48 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:18:48 2022 +0200 VT-d: prepare for per-device quarantine page tables (part II) Replace the passing of struct domain * by domid_t in preparation of per-device quarantine page tables also requiring per-device pseudo domain IDs, which aren't going to be associated with any struct domain instances. No functional change intended (except for slightly adjusted log message text). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/vtd/iommu.c | 39 ++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index a291dd85bc..2fd079a901 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -79,28 +79,28 @@ static domid_t convert_domid(const struct vtd_iommu *iommu, domid_t domid) return !cap_caching_mode(iommu->cap) ? domid : ~domid; } -static int domain_iommu_domid(const struct domain *d, - const struct vtd_iommu *iommu) +static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, + bool warn) { unsigned int nr_dom, i; if ( !domid_mapping(iommu) ) - return convert_domid(iommu, d->domain_id); + return convert_domid(iommu, domid); nr_dom = cap_ndoms(iommu->cap); i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) return i; i = find_next_bit(iommu->domid_bitmap, nr_dom, i + 1); } - if ( !d->is_dying ) + if ( warn ) dprintk(XENLOG_ERR VTDPREFIX, - "Cannot get valid iommu %u domid: %pd\n", - iommu->index, d); + "No valid iommu %u domid for Dom%d\n", + iommu->index, domid); return -1; } @@ -108,8 +108,7 @@ static int domain_iommu_domid(const struct domain *d, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 static int context_set_domain_id(struct context_entry *context, - const struct domain *d, - struct vtd_iommu *iommu) + domid_t domid, struct vtd_iommu *iommu) { unsigned int i; @@ -120,7 +119,7 @@ static int context_set_domain_id(struct context_entry *context, unsigned int nr_dom = cap_ndoms(iommu->cap); i = find_first_bit(iommu->domid_bitmap, nr_dom); - while ( i < nr_dom && iommu->domid_map[i] != d->domain_id ) + while ( i < nr_dom && iommu->domid_map[i] != domid ) i = find_next_bit(iommu->domid_bitmap, nr_dom, i + 1); if ( i >= nr_dom ) @@ -131,26 +130,26 @@ static int context_set_domain_id(struct context_entry *context, dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: no free domain id\n"); return -EBUSY; } - iommu->domid_map[i] = d->domain_id; + iommu->domid_map[i] = domid; set_bit(i, iommu->domid_bitmap); } } else - i = convert_domid(iommu, d->domain_id); + i = convert_domid(iommu, domid); context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; return 0; } -static void cleanup_domid_map(struct domain *domain, struct vtd_iommu *iommu) +static void cleanup_domid_map(domid_t domid, struct vtd_iommu *iommu) { int iommu_domid; if ( !domid_mapping(iommu) ) return; - iommu_domid = domain_iommu_domid(domain, iommu); + iommu_domid = get_iommu_did(domid, iommu, false); if ( iommu_domid >= 0 ) { @@ -190,7 +189,7 @@ static bool any_pdev_behind_iommu(const struct domain *d, * If no other devices under the same iommu owned by this domain, * clear iommu in iommu_bitmap and clear domain_id in domid_bitmap. */ -static void check_cleanup_domid_map(struct domain *d, +static void check_cleanup_domid_map(const struct domain *d, const struct pci_dev *exclude, struct vtd_iommu *iommu) { @@ -206,7 +205,7 @@ static void check_cleanup_domid_map(struct domain *d, if ( !found ) { clear_bit(iommu->index, dom_iommu(d)->arch.vtd.iommu_bitmap); - cleanup_domid_map(d, iommu); + cleanup_domid_map(d->domain_id, iommu); } } @@ -667,7 +666,7 @@ static int __must_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, continue; flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - iommu_domid= domain_iommu_domid(d, iommu); + iommu_domid = get_iommu_did(d->domain_id, iommu, !d->is_dying); if ( iommu_domid == -1 ) continue; @@ -1453,7 +1452,7 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); } - rc = context_set_domain_id(&lctxt, domain, iommu); + rc = context_set_domain_id(&lctxt, domid, iommu); if ( rc ) { unlock: @@ -1780,7 +1779,7 @@ int domain_context_unmap_one( context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid= domain_iommu_domid(domain, iommu); + iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); if ( iommu_domid == -1 ) { spin_unlock(&iommu->lock); @@ -1948,7 +1947,7 @@ static void cf_check iommu_domain_teardown(struct domain *d) ASSERT(!hd->arch.vtd.pgd_maddr); for_each_drhd_unit ( drhd ) - cleanup_domid_map(d, drhd->iommu); + cleanup_domid_map(d->domain_id, drhd->iommu); XFREE(hd->arch.vtd.iommu_bitmap); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:46:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:46:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300188.511846 (Exim 4.92) (envelope-from ) id 1ncDU3-0006X9-1r; Wed, 06 Apr 2022 21:46:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300188.511846; Wed, 06 Apr 2022 21:46:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDU2-0006Wy-Uu; Wed, 06 Apr 2022 21:46:34 +0000 Received: by outflank-mailman (input) for mailman id 300188; Wed, 06 Apr 2022 21:46:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDU1-0006Wm-OY for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDU1-0005oH-Np for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDU1-0003p0-NF for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=B+bHm41PvRSfd6eMcdKzGv3X2UVhXU2W1baEdshaNtQ=; b=AJs/mGivluu5WBvWjUE0PviHO3 3MJ8INRVZagIEjk4efp5hUNhmHfdQoGJ4z/Srj7mOD8nOgQJObX0aa9DDPZ8ykHzcPDzH6c9Z8EFj rO//gmnhc3kGS6YBWvMwmxg7eCFaGT5+yyvWcgV1eGFVrqHb8rmblDNaH8D8HE8Q7oHc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU/x86: maintain a per-device pseudo domain ID Message-Id: Date: Wed, 06 Apr 2022 21:46:33 +0000 commit 97af062b89d52c0ecf7af254b53345c97d438e33 Author: Jan Beulich AuthorDate: Tue Apr 5 14:19:10 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:19:10 2022 +0200 IOMMU/x86: maintain a per-device pseudo domain ID In order to subsequently enable per-device quarantine page tables, we'll need domain-ID-like identifiers to be inserted in the respective device (AMD) or context (Intel) table entries alongside the per-device page table root addresses. Make use of "real" domain IDs occupying only half of the value range coverable by domid_t. Note that in VT-d's iommu_alloc() I didn't want to introduce new memory leaks in case of error, but existing ones don't get plugged - that'll be the subject of a later change. The VT-d changes are slightly asymmetric, but this way we can avoid assigning pseudo domain IDs to devices which would never be mapped while still avoiding to add a new parameter to domain_context_unmap(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/include/asm/iommu.h | 4 ++ xen/arch/x86/include/asm/pci.h | 8 ++- xen/drivers/passthrough/amd/iommu.h | 1 + xen/drivers/passthrough/amd/iommu_detect.c | 8 +++ xen/drivers/passthrough/amd/pci_amd_iommu.c | 22 ++++++- xen/drivers/passthrough/pci.c | 11 +++- xen/drivers/passthrough/vtd/iommu.c | 90 ++++++++++++++++++++++++----- xen/drivers/passthrough/vtd/iommu.h | 1 + xen/drivers/passthrough/x86/iommu.c | 60 +++++++++++++++++++ 9 files changed, 184 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index 5060f97124..9ccf4f8bdd 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -140,6 +140,10 @@ static inline void iommu_sync_cache(const void *addr, unsigned int size) cache_writeback(addr, size); } +unsigned long *iommu_init_domid(domid_t reserve); +domid_t iommu_alloc_domid(unsigned long *map); +void iommu_free_domid(domid_t domid, unsigned long *map); + int __must_check iommu_free_pgtables(struct domain *d); struct domain_iommu; struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); diff --git a/xen/arch/x86/include/asm/pci.h b/xen/arch/x86/include/asm/pci.h index 443f25347d..f944017128 100644 --- a/xen/arch/x86/include/asm/pci.h +++ b/xen/arch/x86/include/asm/pci.h @@ -13,6 +13,12 @@ struct arch_pci_dev { vmask_t used_vectors; + /* + * These fields are (de)initialized under pcidevs-lock. Other uses of + * them don't race (de)initialization and hence don't strictly need any + * locking. + */ + domid_t pseudo_domid; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, @@ -36,6 +42,6 @@ static always_inline bool is_pci_passthrough_enabled(void) return true; } -static inline void arch_pci_init_pdev(struct pci_dev *pdev) {} +void arch_pci_init_pdev(struct pci_dev *pdev); #endif /* __X86_PCI_H__ */ diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 722b92fd78..ec7e030273 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -96,6 +96,7 @@ struct amd_iommu { struct ring_buffer cmd_buffer; struct ring_buffer event_log; struct ring_buffer ppr_log; + unsigned long *domid_map; int exclusion_enable; int exclusion_allow_all; diff --git a/xen/drivers/passthrough/amd/iommu_detect.c b/xen/drivers/passthrough/amd/iommu_detect.c index f52e7b90e1..fd89475a8d 100644 --- a/xen/drivers/passthrough/amd/iommu_detect.c +++ b/xen/drivers/passthrough/amd/iommu_detect.c @@ -223,6 +223,11 @@ int __init amd_iommu_detect_one_acpi( if ( rt ) goto out; + iommu->domid_map = iommu_init_domid(DOMID_INVALID); + rt = -ENOMEM; + if ( !iommu->domid_map ) + goto out; + rt = pci_ro_device(iommu->seg, bus, PCI_DEVFN(dev, func)); if ( rt ) printk(XENLOG_ERR "Could not mark config space of %pp read-only (%d)\n", @@ -233,7 +238,10 @@ int __init amd_iommu_detect_one_acpi( out: if ( rt ) + { + xfree(iommu->domid_map); xfree(iommu); + } return rt; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 38d2e5e15e..c9a1cdddaa 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -539,6 +539,8 @@ static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) struct amd_iommu *iommu; u16 bdf; struct ivrs_mappings *ivrs_mappings; + bool fresh_domid = false; + int ret; if ( !pdev->domain ) return -EINVAL; @@ -606,7 +608,22 @@ static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) AMD_IOMMU_WARN("%pd: unity mapping failed for %pp\n", pdev->domain, &pdev->sbdf); - return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = iommu_alloc_domid(iommu->domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + fresh_domid = true; + } + + ret = amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( ret && fresh_domid ) + { + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + + return ret; } static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) @@ -638,6 +655,9 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) AMD_IOMMU_WARN("%pd: unity unmapping failed for %pp\n", pdev->domain, &pdev->sbdf); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + if ( amd_iommu_perdev_intremap && ivrs_mappings[bdf].dte_requestor_id == bdf && ivrs_mappings[bdf].intremap_table ) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index c6d99af5d4..b59c1b61b7 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1342,9 +1342,14 @@ static int cf_check _dump_pci_devices(struct pci_seg *pseg, void *arg) list_for_each_entry ( pdev, &pseg->alldevs_list, alldevs_list ) { - printk("%pp - %pd - node %-3d", - &pdev->sbdf, pdev->domain, - (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); + printk("%pp - ", &pdev->sbdf); +#ifdef CONFIG_X86 + if ( pdev->domain == dom_io ) + printk("DomIO:%x", pdev->arch.pseudo_domid); + else +#endif + printk("%pd", pdev->domain); + printk(" - node %-3d", (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); pdev_dump_msi(pdev); printk("\n"); } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 2fd079a901..870bf465bc 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -1199,6 +1200,8 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { struct vtd_iommu *iommu; unsigned int sagaw, agaw = 0, nr_dom; + domid_t reserved_domid = DOMID_INVALID; + int rc; iommu = xzalloc(struct vtd_iommu); if ( iommu == NULL ) @@ -1269,7 +1272,7 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) nr_dom = cap_ndoms(iommu->cap); - if ( nr_dom <= DOMID_MASK + cap_caching_mode(iommu->cap) ) + if ( nr_dom <= DOMID_MASK * 2 + cap_caching_mode(iommu->cap) ) { /* Allocate domain id (bit) maps. */ iommu->domid_bitmap = xzalloc_array(unsigned long, @@ -1293,9 +1296,24 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) /* Don't leave dangling NULL pointers. */ iommu->domid_bitmap = ZERO_BLOCK_PTR; iommu->domid_map = ZERO_BLOCK_PTR; + + /* + * If Caching mode is set, then invalid translations are tagged + * with domain id 0. Hence reserve the ID taking up bit/slot 0. + */ + reserved_domid = convert_domid(iommu, 0) ?: DOMID_INVALID; } + iommu->pseudo_domid_map = iommu_init_domid(reserved_domid); + rc = -ENOMEM; + if ( !iommu->pseudo_domid_map ) + goto free; + return 0; + + free: + iommu_free(drhd); + return rc; } void __init iommu_free(struct acpi_drhd_unit *drhd) @@ -1318,6 +1336,7 @@ void __init iommu_free(struct acpi_drhd_unit *drhd) xfree(iommu->domid_bitmap); xfree(iommu->domid_map); + xfree(iommu->pseudo_domid_map); if ( iommu->msi.irq >= 0 ) destroy_irq(iommu->msi.irq); @@ -1588,8 +1607,8 @@ int domain_context_mapping_one( return rc ?: pdev && prev_dom; } -static int domain_context_unmap(struct domain *d, uint8_t devfn, - struct pci_dev *pdev); +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *d, uint8_t devfn, struct pci_dev *pdev); static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) @@ -1597,6 +1616,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); const struct acpi_rmrr_unit *rmrr; paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; + domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1655,6 +1675,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !drhd ) return -ENODEV; + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1672,6 +1700,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !drhd ) return -ENODEV; + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); @@ -1745,6 +1781,13 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && devfn == pdev->devfn ) pci_vtd_quirk(pdev); + if ( ret && drhd && orig_domid == DOMID_INVALID ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return ret; } @@ -1830,8 +1873,10 @@ int domain_context_unmap_one( return rc; } -static int domain_context_unmap(struct domain *domain, u8 devfn, - struct pci_dev *pdev) +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *domain, + uint8_t devfn, + struct pci_dev *pdev) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); struct vtd_iommu *iommu = drhd ? drhd->iommu : NULL; @@ -1845,16 +1890,16 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:Hostbridge: skip %pp unmap\n", domain, &PCI_SBDF3(seg, bus, devfn)); - return is_hardware_domain(domain) ? 0 : -EPERM; + return ERR_PTR(is_hardware_domain(domain) ? 0 : -EPERM); case DEV_TYPE_PCIe_BRIDGE: case DEV_TYPE_PCIe2PCI_BRIDGE: case DEV_TYPE_LEGACY_PCI_BRIDGE: - return 0; + return ERR_PTR(0); case DEV_TYPE_PCIe_ENDPOINT: if ( !iommu ) - return -ENODEV; + return ERR_PTR(-ENODEV); if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", @@ -1868,7 +1913,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, case DEV_TYPE_PCI: if ( !iommu ) - return -ENODEV; + return ERR_PTR(-ENODEV); if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", @@ -1915,14 +1960,14 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, default: dprintk(XENLOG_ERR VTDPREFIX, "%pd:unknown(%u): %pp\n", domain, pdev->type, &PCI_SBDF3(seg, bus, devfn)); - return -EINVAL; + return ERR_PTR(-EINVAL); } if ( !ret && pdev->devfn == devfn && !QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) check_cleanup_domid_map(domain, pdev, iommu); - return ret; + return drhd; } static void cf_check iommu_clear_root_pgtable(struct domain *d) @@ -2149,16 +2194,17 @@ static int cf_check intel_iommu_enable_device(struct pci_dev *pdev) static int cf_check intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { + const struct acpi_drhd_unit *drhd; struct acpi_rmrr_unit *rmrr; u16 bdf; - int ret, i; + unsigned int i; if ( !pdev->domain ) return -EINVAL; - ret = domain_context_unmap(pdev->domain, devfn, pdev); - if ( ret ) - return ret; + drhd = domain_context_unmap(pdev->domain, devfn, pdev); + if ( IS_ERR(drhd) ) + return PTR_ERR(drhd); for_each_rmrr_device ( rmrr, bdf, i ) { @@ -2175,6 +2221,13 @@ static int cf_check intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + if ( drhd ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return 0; } @@ -2547,7 +2600,12 @@ static int cf_check reassign_device_ownership( } } else - ret = domain_context_unmap(source, devfn, pdev); + { + const struct acpi_drhd_unit *drhd; + + drhd = domain_context_unmap(source, devfn, pdev); + ret = IS_ERR(drhd) ? PTR_ERR(drhd) : 0; + } if ( ret ) { if ( !has_arch_pdevs(target) ) diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 67e34dd875..3c76218f76 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -503,6 +503,7 @@ struct vtd_iommu { } flush; struct list_head ats_devices; + unsigned long *pseudo_domid_map; /* "pseudo" domain id bitmap */ unsigned long *domid_bitmap; /* domain id bitmap */ domid_t *domid_map; /* domain id mapping array */ uint32_t version; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 9c5fb6fa46..b942f2119e 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -391,6 +391,66 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) return; } +void arch_pci_init_pdev(struct pci_dev *pdev) +{ + pdev->arch.pseudo_domid = DOMID_INVALID; +} + +unsigned long *__init iommu_init_domid(domid_t reserve) +{ + unsigned long *map; + + if ( !iommu_quarantine ) + return ZERO_BLOCK_PTR; + + BUILD_BUG_ON(DOMID_MASK * 2U >= UINT16_MAX); + + map = xzalloc_array(unsigned long, BITS_TO_LONGS(UINT16_MAX - DOMID_MASK)); + if ( map && reserve != DOMID_INVALID ) + { + ASSERT(reserve > DOMID_MASK); + __set_bit(reserve & DOMID_MASK, map); + } + + return map; +} + +domid_t iommu_alloc_domid(unsigned long *map) +{ + /* + * This is used uniformly across all IOMMUs, such that on typical + * systems we wouldn't re-use the same ID very quickly (perhaps never). + */ + static unsigned int start; + unsigned int idx = find_next_zero_bit(map, UINT16_MAX - DOMID_MASK, start); + + ASSERT(pcidevs_locked()); + + if ( idx >= UINT16_MAX - DOMID_MASK ) + idx = find_first_zero_bit(map, UINT16_MAX - DOMID_MASK); + if ( idx >= UINT16_MAX - DOMID_MASK ) + return DOMID_INVALID; + + __set_bit(idx, map); + + start = idx + 1; + + return idx | (DOMID_MASK + 1); +} + +void iommu_free_domid(domid_t domid, unsigned long *map) +{ + ASSERT(pcidevs_locked()); + + if ( domid == DOMID_INVALID ) + return; + + ASSERT(domid > DOMID_MASK); + + if ( !__test_and_clear_bit(domid & DOMID_MASK, map) ) + BUG(); +} + int iommu_free_pgtables(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:46:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:46:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300189.511850 (Exim 4.92) (envelope-from ) id 1ncDUD-0006ad-4l; Wed, 06 Apr 2022 21:46:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300189.511850; Wed, 06 Apr 2022 21:46:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDUD-0006aT-1c; Wed, 06 Apr 2022 21:46:45 +0000 Received: by outflank-mailman (input) for mailman id 300189; Wed, 06 Apr 2022 21:46:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDUB-0006aF-RZ for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDUB-0005oT-Qm for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDUB-0003q7-QC for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xzj11YUhRwd9I+4DLpG9tEVv2UPmfbUHN/lK2FGajWQ=; b=GAK7JUhg1dktcQSKpGNU5zOXoD YGjRs1HtL2gSGkS0Q2wI4gkdXdKCPqPH/zZ3XtgbVNgP2NWoOSN6zyGfSOyRoz3OQixkqo7pQL7R5 q7hGFQ68B3SJnuacUwlRvkWjvPETk8DNJ7JTF3pCgi8Jynl3U/i/Qji0ouiIGpZp35Uw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU/x86: drop TLB flushes from quarantine_init() hooks Message-Id: Date: Wed, 06 Apr 2022 21:46:43 +0000 commit 54c5cef49239e2f27ec3b3fc8804bf57aa4bf46d Author: Jan Beulich AuthorDate: Tue Apr 5 14:19:42 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:19:42 2022 +0200 IOMMU/x86: drop TLB flushes from quarantine_init() hooks The page tables just created aren't hooked up yet anywhere, so there's nothing that could be present in any TLB, and hence nothing to flush. Dropping this flush is, at least on the VT-d side, a prereq to per- device domain ID use when quarantining devices, as dom_io isn't going to be assigned a DID anymore: The warning in get_iommu_did() would trigger. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian --- xen/drivers/passthrough/amd/iommu_map.c | 2 -- xen/drivers/passthrough/vtd/iommu.c | 3 --- 2 files changed, 5 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 500a176e47..080ffd4173 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -656,8 +656,6 @@ int __init cf_check amd_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - amd_iommu_flush_all_pages(d); - /* Pages leaked in failure case */ return level ? -ENOMEM : 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 870bf465bc..a00f436467 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2975,9 +2975,6 @@ static int __init cf_check intel_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - if ( !rc ) - rc = iommu_flush_iotlb_all(d); - /* Pages may be leaked in failure case */ return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:46:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:46:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300190.511853 (Exim 4.92) (envelope-from ) id 1ncDUN-0006dr-66; Wed, 06 Apr 2022 21:46:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300190.511853; Wed, 06 Apr 2022 21:46:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDUN-0006dj-36; Wed, 06 Apr 2022 21:46:55 +0000 Received: by outflank-mailman (input) for mailman id 300190; Wed, 06 Apr 2022 21:46:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDUL-0006dX-UX for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDUL-0005oY-Th for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDUL-0003rD-TA for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:46:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qKheZBfFG1TV6CthL0xkQuhzyEKFYR9sYKqIzrtz0BQ=; b=21z/vf53ZQaph29NLBsSqjl77u 8zaulJD0JfwW+Fv9mGc+lWJ5Es87oKydM0oqZaNTFm05CKrMO2mVcbqDKeAXbWP6oR0LJBK7wcLjD FL9JAgrpPmzJZ9ACOf+6gb12UAQe8K9y6zksv1e9r7NJ2heE95H8qaHaWw1C9etbRVh0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: abstract maximum number of page table levels Message-Id: Date: Wed, 06 Apr 2022 21:46:53 +0000 commit a038b514c1e970a8dc32229cbd31f6769ee61ad5 Author: Jan Beulich AuthorDate: Tue Apr 5 14:20:04 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:20:04 2022 +0200 AMD/IOMMU: abstract maximum number of page table levels We will want to use the constant elsewhere. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu-defs.h | 1 + xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/amd/iommu-defs.h b/xen/drivers/passthrough/amd/iommu-defs.h index 774234dfd2..8a17697ea7 100644 --- a/xen/drivers/passthrough/amd/iommu-defs.h +++ b/xen/drivers/passthrough/amd/iommu-defs.h @@ -106,6 +106,7 @@ struct amd_iommu_dte { bool tv:1; unsigned int :5; unsigned int had:2; +#define IOMMU_MAX_PT_LEVELS 6 unsigned int paging_mode:3; uint64_t pt_root:40; bool ppr:1; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index c9a1cdddaa..85c07e6999 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -337,7 +337,7 @@ int amd_iommu_alloc_root(struct domain *d) return 0; } -unsigned int __read_mostly amd_iommu_max_paging_mode = 6; +unsigned int __read_mostly amd_iommu_max_paging_mode = IOMMU_MAX_PT_LEVELS; int __read_mostly amd_iommu_min_paging_mode = 1; static int cf_check amd_iommu_domain_init(struct domain *d) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 06 21:47:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Apr 2022 21:47:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300191.511858 (Exim 4.92) (envelope-from ) id 1ncDUX-0006hK-89; Wed, 06 Apr 2022 21:47:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300191.511858; Wed, 06 Apr 2022 21:47:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDUX-0006hB-4f; Wed, 06 Apr 2022 21:47:05 +0000 Received: by outflank-mailman (input) for mailman id 300191; Wed, 06 Apr 2022 21:47:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDUW-0006gy-1r for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:47:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncDUW-0005ov-10 for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:47:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncDUW-0003sc-0G for xen-changelog@lists.xenproject.org; Wed, 06 Apr 2022 21:47:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lV+sRAJmVtwa+2TsYuf60RjL/+7daGvhLamKTTafAwc=; b=0ImqX3Yr7gq5vMqKUwP1diHtwi g39W5lguZaaJXO74UbRXR0ZUqbnT3GEF+Mw9SIk8ipFKdFlR06i1XeOTh8749kuzHCHpssjPywDNc CjZsWfEWtNlVq91bl1KW26GdNJN8XJqZcT4xjqVJNe8j7ucI6N2u+BJxFAjFq2uwwYmg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU/x86: use per-device page tables for quarantining Message-Id: Date: Wed, 06 Apr 2022 21:47:04 +0000 commit 14dd241aad8af447680ac73e8579990e2c09c1e7 Author: Jan Beulich AuthorDate: Tue Apr 5 14:24:18 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 14:24:18 2022 +0200 IOMMU/x86: use per-device page tables for quarantining Devices with RMRRs / unity mapped regions, due to it being unspecified how/when these memory regions may be accessed, may not be left disconnected from the mappings of these regions (as long as it's not certain that the device has been fully quiesced). Hence even the page tables used when quarantining such devices need to have mappings of those regions. This implies installing page tables in the first place even when not in scratch-page quarantining mode. This is CVE-2022-26361 / part of XSA-400. While for the purpose here it would be sufficient to have devices with RMRRs / unity mapped regions use per-device page tables, extend this to all devices (in scratch-page quarantining mode). This allows the leaf pages to be mapped r/w, thus covering also memory writes (rather than just reads) issued by non-quiescent devices. Set up quarantine page tables as late as possible, yet early enough to not encounter failure during de-assign. This means setup generally happens in assign_device(), while (for now) the one in deassign_device() is there mainly to be on the safe side. As to the removal of QUARANTINE_SKIP() from domain_context_unmap_one(): I think this was never really needed there, as the function explicitly deals with finding a non-present context entry. Leaving it there would require propagating pgd_maddr into the function (like was done by "VT-d: prepare for per-device quarantine page tables" for domain_context_mapping_one()). In VT-d's DID allocation function don't require the IOMMU lock to be held anymore: All involved code paths hold pcidevs_lock, so this way we avoid the need to acquire the IOMMU lock around the new call to context_set_domain_id(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/include/asm/pci.h | 13 ++ xen/drivers/passthrough/amd/iommu.h | 3 +- xen/drivers/passthrough/amd/iommu_map.c | 156 ++++++++++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 43 +++-- xen/drivers/passthrough/iommu.c | 19 ++- xen/drivers/passthrough/pci.c | 20 ++- xen/drivers/passthrough/vtd/iommu.c | 255 +++++++++++++++++++--------- xen/drivers/passthrough/vtd/iommu.h | 2 +- xen/include/xen/iommu.h | 3 +- 9 files changed, 364 insertions(+), 150 deletions(-) diff --git a/xen/arch/x86/include/asm/pci.h b/xen/arch/x86/include/asm/pci.h index f944017128..c8e1a9ecdb 100644 --- a/xen/arch/x86/include/asm/pci.h +++ b/xen/arch/x86/include/asm/pci.h @@ -1,6 +1,8 @@ #ifndef __X86_PCI_H__ #define __X86_PCI_H__ +#include + #define CF8_BDF(cf8) ( ((cf8) & 0x00ffff00) >> 8) #define CF8_ADDR_LO(cf8) ( (cf8) & 0x000000fc) #define CF8_ADDR_HI(cf8) ( ((cf8) & 0x0f000000) >> 16) @@ -18,7 +20,18 @@ struct arch_pci_dev { * them don't race (de)initialization and hence don't strictly need any * locking. */ + union { + /* Subset of struct arch_iommu's fields, to be used in dom_io. */ + struct { + uint64_t pgd_maddr; + } vtd; + struct { + struct page_info *root_table; + } amd; + }; domid_t pseudo_domid; + mfn_t leaf_mfn; + struct page_list_head pgtables_list; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index ec7e030273..64e4bbf33c 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -237,7 +237,8 @@ int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); void cf_check iov_adjust_irq_affinities(void); -int cf_check amd_iommu_quarantine_init(struct domain *d); +int cf_check amd_iommu_quarantine_init(struct pci_dev *pdev, bool scratch_page); +void amd_iommu_quarantine_teardown(struct pci_dev *pdev); /* mapping functions */ int __must_check cf_check amd_iommu_map_page( diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 080ffd4173..1f5eae9b7d 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -600,64 +600,138 @@ int cf_check amd_iommu_get_reserved_device_memory( return 0; } -int __init cf_check amd_iommu_quarantine_init(struct domain *d) +static int fill_qpt(union amd_iommu_pte *this, unsigned int level, + struct page_info *pgs[IOMMU_MAX_PT_LEVELS]) { - struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_PER_TABLE_SIZE; ++i ) + { + union amd_iommu_pte *pte = &this[i], *next; + + if ( !pte->pr ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = iommu_alloc_pgtable(hd); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + if ( level ) + { + next = __map_domain_page(pgs[level]); + rc = fill_qpt(next, level - 1, pgs); + unmap_domain_page(next); + } + } + + /* + * PDEs are essentially a subset of PTEs, so this function + * is fine to use even at the leaf. + */ + set_iommu_pde_present(pte, mfn_x(page_to_mfn(pgs[level])), level, + true, true); + } + else if ( level && pte->next_level ) + { + next = map_domain_page(_mfn(pte->mfn)); + rc = fill_qpt(next, level - 1, pgs); + unmap_domain_page(next); + } + } + + return rc; +} + +int cf_check amd_iommu_quarantine_init(struct pci_dev *pdev, bool scratch_page) +{ + struct domain_iommu *hd = dom_iommu(dom_io); unsigned long end_gfn = 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT); unsigned int level = amd_iommu_get_paging_mode(end_gfn); - union amd_iommu_pte *table; + unsigned int req_id = get_dma_requestor_id(pdev->seg, pdev->sbdf.bdf); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + int rc; + + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.amd.root_table); + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + + if ( !scratch_page && !ivrs_mappings[req_id].unity_map ) + return 0; + + ASSERT(pdev->arch.pseudo_domid != DOMID_INVALID); - if ( hd->arch.amd.root_table ) + if ( pdev->arch.amd.root_table ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + pdev->arch.amd.root_table = iommu_alloc_pgtable(hd); + if ( !pdev->arch.amd.root_table ) + return -ENOMEM; - hd->arch.amd.root_table = iommu_alloc_pgtable(hd); - if ( !hd->arch.amd.root_table ) - goto out; + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.amd.root_table = pdev->arch.amd.root_table; + + rc = amd_iommu_reserve_domain_unity_map(dom_io, + ivrs_mappings[req_id].unity_map, + 0); - table = __map_domain_page(hd->arch.amd.root_table); - while ( level ) + iommu_identity_map_teardown(dom_io); + hd->arch.amd.root_table = NULL; + + if ( rc ) + AMD_IOMMU_WARN("%pp: quarantine unity mapping failed\n", &pdev->sbdf); + else if ( scratch_page ) { - struct page_info *pg; - unsigned int i; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = iommu_alloc_pgtable(hd); - if ( !pg ) - break; - - for ( i = 0; i < PTE_PER_TABLE_SIZE; i++ ) - { - union amd_iommu_pte *pde = &table[i]; + union amd_iommu_pte *root; + struct page_info *pgs[IOMMU_MAX_PT_LEVELS] = {}; - /* - * PDEs are essentially a subset of PTEs, so this function - * is fine to use even at the leaf. - */ - set_iommu_pde_present(pde, mfn_x(page_to_mfn(pg)), level - 1, - false, true); - } + spin_lock(&hd->arch.mapping_lock); - unmap_domain_page(table); - table = __map_domain_page(pg); - level--; + root = __map_domain_page(pdev->arch.amd.root_table); + rc = fill_qpt(root, level - 1, pgs); + unmap_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_domain_page(table); - out: - spin_unlock(&hd->arch.mapping_lock); + page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); + + if ( rc ) + amd_iommu_quarantine_teardown(pdev); + + return rc; +} + +void amd_iommu_quarantine_teardown(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.amd.root_table ) + return; - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + page_list_move(&hd->arch.pgtables.list, &pdev->arch.pgtables_list); + while ( iommu_free_pgtables(dom_io) == -ERESTART ) + /* nothing */; + pdev->arch.amd.root_table = NULL; } /* diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 85c07e6999..dee51efd1a 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -26,7 +26,7 @@ #include "../ats.h" /* dom_io is used as a sentinel for quarantined devices */ -#define QUARANTINE_SKIP(d) ((d) == dom_io && !dom_iommu(d)->arch.amd.root_table) +#define QUARANTINE_SKIP(d, p) ((d) == dom_io && !(p)->arch.amd.root_table) static bool_t __read_mostly init_done; @@ -125,8 +125,10 @@ static int __must_check amd_iommu_setup_domain_device( u8 bus = pdev->bus; struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; + const struct page_info *root_pg; + domid_t domid; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, pdev) ) return 0; BUG_ON(!hd->arch.amd.paging_mode || !iommu->dev_table.buffer); @@ -147,14 +149,25 @@ static int __must_check amd_iommu_setup_domain_device( dte = &table[req_id]; ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + if ( domain != dom_io ) + { + root_pg = hd->arch.amd.root_table; + domid = domain->domain_id; + } + else + { + root_pg = pdev->arch.amd.root_table; + domid = pdev->arch.pseudo_domid; + } + spin_lock_irqsave(&iommu->lock, flags); if ( !dte->v || !dte->tv ) { /* bind DTE to domain page-tables */ rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.amd.paging_mode, sr_flags); if ( rc ) { ASSERT(rc < 0); @@ -181,7 +194,7 @@ static int __must_check amd_iommu_setup_domain_device( amd_iommu_flush_device(iommu, req_id); } - else if ( dte->pt_root != mfn_x(page_to_mfn(hd->arch.amd.root_table)) ) + else if ( dte->pt_root != mfn_x(page_to_mfn(root_pg)) ) { /* * Strictly speaking if the device is the only one with this requestor @@ -194,8 +207,8 @@ static int __must_check amd_iommu_setup_domain_device( rc = -EOPNOTSUPP; else rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.amd.paging_mode, sr_flags); if ( rc < 0 ) { spin_unlock_irqrestore(&iommu->lock, flags); @@ -214,6 +227,7 @@ static int __must_check amd_iommu_setup_domain_device( * intended anyway. */ !pdev->domain->is_dying && + pdev->domain != dom_io && (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || pdev->phantom_stride) ) AMD_IOMMU_WARN(" %pp: reassignment may cause %pd data corruption\n", @@ -246,9 +260,8 @@ static int __must_check amd_iommu_setup_domain_device( AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " "root table = %#"PRIx64", " "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.amd.root_table), - domain->domain_id, hd->arch.amd.paging_mode); + req_id, pdev->type, page_to_maddr(root_pg), + domid, hd->arch.amd.paging_mode); ASSERT(pcidevs_locked()); @@ -327,7 +340,7 @@ int amd_iommu_alloc_root(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); - if ( unlikely(!hd->arch.amd.root_table) ) + if ( unlikely(!hd->arch.amd.root_table) && d != dom_io ) { hd->arch.amd.root_table = iommu_alloc_pgtable(hd); if ( !hd->arch.amd.root_table ) @@ -391,7 +404,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, int req_id; u8 bus = pdev->bus; - if ( QUARANTINE_SKIP(domain) ) + if ( QUARANTINE_SKIP(domain, pdev) ) return; ASSERT(pcidevs_locked()); @@ -430,7 +443,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, AMD_IOMMU_DEBUG("Disable: device id = %#x, " "domain = %d, paging mode = %d\n", - req_id, domain->domain_id, + req_id, dte->domain_id, dom_iommu(domain)->arch.amd.paging_mode); } else @@ -454,7 +467,7 @@ static int cf_check reassign_device( return -ENODEV; } - if ( !QUARANTINE_SKIP(target) ) + if ( !QUARANTINE_SKIP(target, pdev) ) { rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); if ( rc ) @@ -655,6 +668,8 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) AMD_IOMMU_WARN("%pd: unity unmapping failed for %pp\n", pdev->domain, &pdev->sbdf); + amd_iommu_quarantine_teardown(pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); pdev->arch.pseudo_domid = DOMID_INVALID; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index c6b2c384d1..73a7da71cd 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -466,21 +466,22 @@ int iommu_iotlb_flush_all(struct domain *d, unsigned int flush_flags) return rc; } -static int __init iommu_quarantine_init(void) +int iommu_quarantine_dev_init(device_t *dev) { const struct domain_iommu *hd = dom_iommu(dom_io); - int rc; - dom_io->options |= XEN_DOMCTL_CDF_iommu; + if ( !iommu_quarantine || !hd->platform_ops->quarantine_init ) + return 0; - rc = iommu_domain_init(dom_io, 0); - if ( rc || iommu_quarantine < IOMMU_quarantine_scratch_page ) - return rc; + return iommu_call(hd->platform_ops, quarantine_init, + dev, iommu_quarantine == IOMMU_quarantine_scratch_page); +} - if ( !hd->platform_ops->quarantine_init ) - return 0; +static int __init iommu_quarantine_init(void) +{ + dom_io->options |= XEN_DOMCTL_CDF_iommu; - return hd->platform_ops->quarantine_init(dom_io); + return iommu_domain_init(dom_io, 0); } int __init iommu_setup(void) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index b59c1b61b7..d86ae67ae2 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -921,9 +921,16 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus, return -ENODEV; /* De-assignment from dom_io should de-quarantine the device */ - target = ((pdev->quarantine || iommu_quarantine) && - pdev->domain != dom_io) ? - dom_io : hardware_domain; + if ( (pdev->quarantine || iommu_quarantine) && pdev->domain != dom_io ) + { + ret = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( ret ) + return ret; + + target = dom_io; + } + else + target = hardware_domain; while ( pdev->phantom_stride ) { @@ -1503,6 +1510,13 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) if ( rc ) goto done; + if ( pdev->domain != dom_io ) + { + rc = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( rc ) + goto done; + } + pdev->fault.count = 0; if ( (rc = iommu_call(hd->platform_ops, assign_device, d, devfn, diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index a00f436467..f7cb7cd3a6 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -45,6 +45,11 @@ /* dom_io is used as a sentinel for quarantined devices */ #define QUARANTINE_SKIP(d, pgd_maddr) ((d) == dom_io && !(pgd_maddr)) +#define DEVICE_DOMID(d, pdev) ((d) != dom_io ? (d)->domain_id \ + : (pdev)->arch.pseudo_domid) +#define DEVICE_PGTABLE(d, pdev) ((d) != dom_io \ + ? dom_iommu(d)->arch.vtd.pgd_maddr \ + : (pdev)->arch.vtd.pgd_maddr) /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -108,12 +113,17 @@ static int get_iommu_did(domid_t domid, const struct vtd_iommu *iommu, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 + +/* + * This function may have "context" passed as NULL, to merely obtain a DID + * for "domid". + */ static int context_set_domain_id(struct context_entry *context, domid_t domid, struct vtd_iommu *iommu) { unsigned int i; - ASSERT(spin_is_locked(&iommu->lock)); + ASSERT(pcidevs_locked()); if ( domid_mapping(iommu) ) { @@ -138,8 +148,12 @@ static int context_set_domain_id(struct context_entry *context, else i = convert_domid(iommu, domid); - context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); - context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + if ( context ) + { + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); + context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + } + return 0; } @@ -194,8 +208,12 @@ static void check_cleanup_domid_map(const struct domain *d, const struct pci_dev *exclude, struct vtd_iommu *iommu) { - bool found = any_pdev_behind_iommu(d, exclude, iommu); + bool found; + + if ( d == dom_io ) + return; + found = any_pdev_behind_iommu(d, exclude, iommu); /* * Hidden devices are associated with DomXEN but usable by the hardware * domain. Hence they need considering here as well. @@ -212,7 +230,7 @@ static void check_cleanup_domid_map(const struct domain *d, domid_t did_to_domain_id(const struct vtd_iommu *iommu, unsigned int did) { - if ( did >= min(cap_ndoms(iommu->cap), DOMID_MASK + 1) ) + if ( did >= cap_ndoms(iommu->cap) ) return DOMID_INVALID; if ( !domid_mapping(iommu) ) @@ -1428,7 +1446,7 @@ int domain_context_mapping_one( domid = did_to_domain_id(iommu, prev_did); if ( domid < DOMID_FIRST_RESERVED ) prev_dom = rcu_lock_domain_by_id(domid); - else if ( domid == DOMID_IO ) + else if ( pdev ? domid == pdev->arch.pseudo_domid : domid > DOMID_MASK ) prev_dom = rcu_lock_domain(dom_io); if ( !prev_dom ) { @@ -1585,15 +1603,12 @@ int domain_context_mapping_one( { if ( !prev_dom ) ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ - { - hd = dom_iommu(prev_dom); ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, - domain->domain_id, - hd->arch.vtd.pgd_maddr, + DEVICE_DOMID(prev_dom, pdev), + DEVICE_PGTABLE(prev_dom, pdev), mode & MAP_WITH_RMRR) < 0; - } else ret = 1; @@ -1615,7 +1630,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); const struct acpi_rmrr_unit *rmrr; - paddr_t pgd_maddr = dom_iommu(domain)->arch.vtd.pgd_maddr; + paddr_t pgd_maddr = DEVICE_PGTABLE(domain, pdev); domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; @@ -1644,7 +1659,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; } - if ( domain != pdev->domain ) + if ( domain != pdev->domain && pdev->domain != dom_io ) { if ( pdev->domain->is_dying ) mode |= MAP_OWNER_DYING; @@ -1686,8 +1701,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, + ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, + DEVICE_DOMID(domain, pdev), pgd_maddr, mode); if ( ret > 0 ) ret = 0; @@ -1713,8 +1728,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, - mode); + pdev, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret < 0 ) break; prev_present = ret; @@ -1742,8 +1757,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1758,8 +1773,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret ) { @@ -1801,9 +1816,6 @@ int domain_context_unmap_one( int iommu_domid, rc, ret; bool_t flush_dev_iotlb; - if ( QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) - return 0; - ASSERT(pcidevs_locked()); spin_lock(&iommu->lock); @@ -1905,7 +1917,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1919,7 +1931,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( ret ) break; @@ -1942,18 +1954,12 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + DEVICE_DOMID(domain, pdev)); /* PCIe to PCI/PCIx bridge */ - if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); - if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - domain->domain_id); - } - else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); + if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + DEVICE_DOMID(domain, pdev)); break; @@ -1964,7 +1970,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( } if ( !ret && pdev->devfn == devfn && - !QUARANTINE_SKIP(domain, dom_iommu(domain)->arch.vtd.pgd_maddr) ) + !QUARANTINE_SKIP(domain, pdev->arch.vtd.pgd_maddr) ) check_cleanup_domid_map(domain, pdev, iommu); return drhd; @@ -1997,6 +2003,26 @@ static void cf_check iommu_domain_teardown(struct domain *d) XFREE(hd->arch.vtd.iommu_bitmap); } +static void quarantine_teardown(struct pci_dev *pdev, + const struct acpi_drhd_unit *drhd) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.vtd.pgd_maddr ) + return; + + ASSERT(page_list_empty(&hd->arch.pgtables.list)); + page_list_move(&hd->arch.pgtables.list, &pdev->arch.pgtables_list); + while ( iommu_free_pgtables(dom_io) == -ERESTART ) + /* nothing */; + pdev->arch.vtd.pgd_maddr = 0; + + if ( drhd ) + cleanup_domid_map(pdev->arch.pseudo_domid, drhd->iommu); +} + static int __must_check cf_check intel_iommu_map_page( struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, unsigned int *flush_flags) @@ -2221,6 +2247,8 @@ static int cf_check intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + quarantine_teardown(pdev, drhd); + if ( drhd ) { iommu_free_domid(pdev->arch.pseudo_domid, @@ -2574,7 +2602,7 @@ static int cf_check reassign_device_ownership( { int ret; - if ( !QUARANTINE_SKIP(target, dom_iommu(target)->arch.vtd.pgd_maddr) ) + if ( !QUARANTINE_SKIP(target, pdev->arch.vtd.pgd_maddr) ) { if ( !has_arch_pdevs(target) ) vmx_pi_hooks_assign(target); @@ -2591,7 +2619,7 @@ static int cf_check reassign_device_ownership( ret = domain_context_mapping(target, devfn, pdev); if ( !ret && pdev->devfn == devfn && - !QUARANTINE_SKIP(source, dom_iommu(source)->arch.vtd.pgd_maddr) ) + !QUARANTINE_SKIP(source, pdev->arch.vtd.pgd_maddr) ) { const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); @@ -2913,69 +2941,136 @@ static void cf_check vtd_dump_page_tables(struct domain *d) agaw_to_level(hd->arch.vtd.agaw), 0, 0); } -static int __init cf_check intel_iommu_quarantine_init(struct domain *d) +static int fill_qpt(struct dma_pte *this, unsigned int level, + struct page_info *pgs[6]) { - struct domain_iommu *hd = dom_iommu(d); + struct domain_iommu *hd = dom_iommu(dom_io); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_NUM; ++i ) + { + struct dma_pte *pte = &this[i], *next; + + if ( !dma_pte_present(*pte) ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = iommu_alloc_pgtable(hd); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + if ( level ) + { + next = map_vtd_domain_page(page_to_maddr(pgs[level])); + rc = fill_qpt(next, level - 1, pgs); + unmap_vtd_domain_page(next); + } + } + + dma_set_pte_addr(*pte, page_to_maddr(pgs[level])); + dma_set_pte_readable(*pte); + dma_set_pte_writable(*pte); + } + else if ( level && !dma_pte_superpage(*pte) ) + { + next = map_vtd_domain_page(dma_pte_addr(*pte)); + rc = fill_qpt(next, level - 1, pgs); + unmap_vtd_domain_page(next); + } + } + + return rc; +} + +static int cf_check intel_iommu_quarantine_init(struct pci_dev *pdev, + bool scratch_page) +{ + struct domain_iommu *hd = dom_iommu(dom_io); struct page_info *pg; - struct dma_pte *parent; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); - int rc = 0; + const struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; + unsigned int i, bdf; + bool rmrr_found = false; + int rc; - spin_lock(&hd->arch.mapping_lock); + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.vtd.pgd_maddr); + ASSERT(page_list_empty(&hd->arch.pgtables.list)); - if ( hd->arch.vtd.pgd_maddr ) + if ( pdev->arch.vtd.pgd_maddr ) { - ASSERT_UNREACHABLE(); - goto out; + clear_domain_page(pdev->arch.leaf_mfn); + return 0; } - pg = iommu_alloc_pgtable(hd); + drhd = acpi_find_matched_drhd_unit(pdev); + if ( !drhd ) + return -ENODEV; - rc = -ENOMEM; + pg = iommu_alloc_pgtable(hd); if ( !pg ) - goto out; + return -ENOMEM; + + rc = context_set_domain_id(NULL, pdev->arch.pseudo_domid, drhd->iommu); + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ hd->arch.vtd.pgd_maddr = page_to_maddr(pg); - parent = map_vtd_domain_page(hd->arch.vtd.pgd_maddr); - while ( level ) + for_each_rmrr_device ( rmrr, bdf, i ) { - uint64_t maddr; - unsigned int offset; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = iommu_alloc_pgtable(hd); - - if ( !pg ) - goto out; + if ( rc ) + break; - maddr = page_to_maddr(pg); - for ( offset = 0; offset < PTE_NUM; offset++ ) + if ( rmrr->segment == pdev->seg && bdf == pdev->sbdf.bdf ) { - struct dma_pte *pte = &parent[offset]; + rmrr_found = true; - dma_set_pte_addr(*pte, maddr); - dma_set_pte_readable(*pte); + rc = iommu_identity_mapping(dom_io, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); + if ( rc ) + printk(XENLOG_ERR VTDPREFIX + "%pp: RMRR quarantine mapping failed\n", + &pdev->sbdf); } - iommu_sync_cache(parent, PAGE_SIZE); + } - unmap_vtd_domain_page(parent); - parent = map_vtd_domain_page(maddr); - level--; + iommu_identity_map_teardown(dom_io); + hd->arch.vtd.pgd_maddr = 0; + pdev->arch.vtd.pgd_maddr = page_to_maddr(pg); + + if ( !rc && scratch_page ) + { + struct dma_pte *root; + struct page_info *pgs[6] = {}; + + spin_lock(&hd->arch.mapping_lock); + + root = map_vtd_domain_page(pdev->arch.vtd.pgd_maddr); + rc = fill_qpt(root, level - 1, pgs); + unmap_vtd_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_vtd_domain_page(parent); - rc = 0; + page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc || (!scratch_page && !rmrr_found) ) + quarantine_teardown(pdev, drhd); - /* Pages may be leaked in failure case */ return rc; } diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 3c76218f76..aca055f577 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -477,7 +477,7 @@ struct vtd_iommu { u32 nr_pt_levels; u64 cap; u64 ecap; - spinlock_t lock; /* protect context, domain ids */ + spinlock_t lock; /* protect context */ spinlock_t register_lock; /* protect iommu register handling */ u64 root_maddr; /* root entry machine address */ nodeid_t node; diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index e4d526052d..3a83981464 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -233,7 +233,7 @@ typedef int iommu_grdm_t(xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt); struct iommu_ops { int (*init)(struct domain *d); void (*hwdom_init)(struct domain *d); - int (*quarantine_init)(struct domain *d); + int (*quarantine_init)(device_t *dev, bool scratch_page); int (*add_device)(u8 devfn, device_t *dev); int (*enable_device)(device_t *dev); int (*remove_device)(u8 devfn, device_t *dev); @@ -349,6 +349,7 @@ int __must_check iommu_suspend(void); void iommu_resume(void); void iommu_crash_shutdown(void); int iommu_get_reserved_device_memory(iommu_grdm_t *, void *); +int iommu_quarantine_dev_init(device_t *dev); #ifdef CONFIG_HAS_PCI int iommu_do_pci_domctl(struct xen_domctl *, struct domain *d, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 03:55:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 03:55:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300337.512201 (Exim 4.92) (envelope-from ) id 1ncJEc-0005zj-VM; Thu, 07 Apr 2022 03:55:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300337.512201; Thu, 07 Apr 2022 03:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJEc-0005zb-SN; Thu, 07 Apr 2022 03:55:02 +0000 Received: by outflank-mailman (input) for mailman id 300337; Thu, 07 Apr 2022 03:55:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJEb-0005zV-MJ for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJEb-0005Hk-LS for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncJEb-0002ek-Kb for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8CZLjl9YHDr35KJ0A9dYy4U/zqICbmWAPvoSonts2YE=; b=CQun7pnp+xEkThV9E0chHRJ0Xa p0rFP0CbgGQ2crUAbZlJmAOSEmxv4GTcXhmGdwur/NMqJORxN8pNYlnahdy+fZX5PjbyKksJAfJow TQZhIFwhXlIGgOIivuahGg26rrPZpwbym+072uXDznizicXIa8ta7t2seAdBVv6rgxh8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] tools/libs/light: set video_mem for PVH guests Message-Id: Date: Thu, 07 Apr 2022 03:55:01 +0000 commit 38f1fb90bb8793556947cf9ec984258bf12d4096 Author: Juergen Gross AuthorDate: Wed Apr 6 10:17:36 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:17:36 2022 +0200 tools/libs/light: set video_mem for PVH guests The size of the video memory of PVH guests should be set to 0 in case no value has been specified. Doing not so will leave it to be -1, resulting in an additional 1 kB of RAM being advertised in the memory map (here the output of a PVH Mini-OS boot with 16 MB of RAM assigned): Memory map: 000000000000-0000010003ff: RAM 0000feff8000-0000feffffff: Reserved 0000fc008000-0000fc00803f: ACPI 0000fc000000-0000fc000fff: ACPI 0000fc001000-0000fc007fff: ACPI Signed-off-by: Juergen Gross Reviewed-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD master commit: 0a20a53df158eb0724ce6dcd9de70cbdad547d6f master date: 2021-12-09 16:26:29 +0000 --- tools/libs/light/libxl_create.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 2890697de8..15ed021f41 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -427,6 +427,8 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, break; case LIBXL_DOMAIN_TYPE_PVH: libxl_defbool_setdefault(&b_info->u.pvh.pvshim, false); + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 0; if (libxl_defbool_val(b_info->u.pvh.pvshim)) { if (!b_info->u.pvh.pvshim_path) b_info->u.pvh.pvshim_path = -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 03:55:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 03:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300338.512205 (Exim 4.92) (envelope-from ) id 1ncJEn-00062N-0U; Thu, 07 Apr 2022 03:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300338.512205; Thu, 07 Apr 2022 03:55:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJEm-00062F-Tt; Thu, 07 Apr 2022 03:55:12 +0000 Received: by outflank-mailman (input) for mailman id 300338; Thu, 07 Apr 2022 03:55:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJEl-000625-PU for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJEl-0005Hp-Of for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncJEl-0002fL-Nl for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/i7xyNeCqoTubjcCvb/Hx+jmDnKHr9CH4jzyAs3su7w=; b=hsfMqd+IH+j1nCt+nnj80OtxQ/ FOeHtDwDEzIpTCxIUtOMAyjZ1DO06pJMWgByP+VUz4Hv262C9eKxLvthDvshFYElYLUmCkxSmWkj3 zcLH0ep8k32g4rJHJ8b6dF5DfkaH6FRv5r6osuzu8P9xlxNZuvR1AW172OCHnJcWDacw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xl: Fix global pci options Message-Id: Date: Thu, 07 Apr 2022 03:55:11 +0000 commit 2b6badd63439f5ad774b1cad0958850c2b3975e6 Author: Jason Andryuk AuthorDate: Wed Apr 6 10:18:36 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:18:36 2022 +0200 xl: Fix global pci options commit babde47a3fed "introduce a 'passthrough' configuration option to xl.cfg..." moved the pci list parsing ahead of the global pci option parsing. This broke the global pci configuration options since they need to be set first so that looping over the pci devices assigns their values. Move the global pci options ahead of the pci list to restore their function. Fixes: babde47a3fed ("introduce a 'passthrough' configuration option to xl.cfg...") Signed-off-by: Jason Andryuk Acked-by: Anthony PERARD master commit: e45ad0b1b0bd6a43f59aaf4a6f86d88783c630e5 master date: 2022-03-31 19:48:12 +0100 --- tools/xl/xl_parse.c | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 117fcdcb2b..b98c0de378 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -1478,6 +1478,32 @@ void parse_config_data(const char *config_source, exit(1); } + /* To be reworked (automatically enabled) once the auto ballooning + * after guest starts is done (with PCI devices passed in). */ + if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { + xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); + } + + if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) + pci_msitranslate = l; + + if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) + pci_power_mgmt = l; + + if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) + pci_permissive = l; + + if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) + pci_seize = l; + + if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { + libxl_rdm_reserve rdm; + if (!xlu_rdm_parse(config, &rdm, buf)) { + b_info->u.hvm.rdm.strategy = rdm.strategy; + b_info->u.hvm.rdm.policy = rdm.policy; + } + } + if (!xlu_cfg_get_list (config, "pci", &pcis, 0, 0)) { d_config->num_pcidevs = 0; d_config->pcidevs = NULL; @@ -2338,32 +2364,6 @@ skip_vfb: } } - if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) - pci_msitranslate = l; - - if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) - pci_power_mgmt = l; - - if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) - pci_permissive = l; - - if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) - pci_seize = l; - - /* To be reworked (automatically enabled) once the auto ballooning - * after guest starts is done (with PCI devices passed in). */ - if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { - xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); - } - - if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { - libxl_rdm_reserve rdm; - if (!xlu_rdm_parse(config, &rdm, buf)) { - b_info->u.hvm.rdm.strategy = rdm.strategy; - b_info->u.hvm.rdm.policy = rdm.policy; - } - } - if (!xlu_cfg_get_list(config, "usbctrl", &usbctrls, 0, 0)) { d_config->num_usbctrls = 0; d_config->usbctrls = NULL; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 03:55:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 03:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300339.512209 (Exim 4.92) (envelope-from ) id 1ncJEx-00065P-2A; Thu, 07 Apr 2022 03:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300339.512209; Thu, 07 Apr 2022 03:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJEw-00065H-VP; Thu, 07 Apr 2022 03:55:22 +0000 Received: by outflank-mailman (input) for mailman id 300339; Thu, 07 Apr 2022 03:55:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJEv-00064w-Sf for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJEv-0005I7-Rq for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncJEv-0002fs-Qv for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sXLs8QtGgaP9m48KwF6A+l3pguMLYHglATJItx9MMI0=; b=UQvPcDcHYN4I+QUgw4LqMlOBYf 87AI0Fij8er/yIcvyT3kFXR0tGDjGJ688FLrMF9pItcp5TVWTTBr6hbRa3Fnh1oQEwAFqDp/3GRQI B/xIsk+4DJohJj468nKBqFOXFpJoBWtVMRduRN1qaByH21EGtMo6vw59r8ImG4IueEVA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] libxl: Don't segfault on soft-reset failure Message-Id: Date: Thu, 07 Apr 2022 03:55:21 +0000 commit c3cf5d0f3d173b59e09642e278f53820a52f3cef Author: Jason Andryuk AuthorDate: Wed Apr 6 10:19:33 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:19:33 2022 +0200 libxl: Don't segfault on soft-reset failure If domain_soft_reset_cb can't rename the save file, it doesn't call initiate_domain_create() and calls domcreate_complete(). Skipping initiate_domain_create() means dcs->console_wait is uninitialized and all 0s. We have: domcreate_complete() libxl__xswait_stop() libxl__ev_xswatch_deregister(). The uninitialized slotnum 0 is considered valid (-1 is the invalid sentinel), so the NULL pointer path to passed to xs_unwatch() which segfaults. libxl__ev_xswatch_deregister:watch w=0x12bc250 wpath=(null) token=0/0: deregister slotnum=0 Move dcs->console_xswait initialization into the callers of initiate_domain_create, do_domain_create() and do_domain_soft_reset(), so it is initialized along with the other dcs state. Fixes: c57e6ebd8c3e ("(lib)xl: soft reset support") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD master commit: d2ecf97f911fc00a85b34b70ca311b5d355a9756 master date: 2022-04-01 17:01:57 +0100 --- tools/libs/light/libxl_create.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 15ed021f41..885675591f 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1255,8 +1255,6 @@ static void initiate_domain_create(libxl__egc *egc, libxl_domain_config *const d_config = dcs->guest_config; libxl__domain_build_state *dbs = &dcs->build_state; - libxl__xswait_init(&dcs->console_xswait); - domid = dcs->domid; libxl__domain_build_state_init(dbs); dbs->restore = dcs->restore_fd >= 0; @@ -2072,6 +2070,7 @@ static int do_domain_create(libxl_ctx *ctx, libxl_domain_config *d_config, cdcs->dcs.callback = domain_create_cb; cdcs->dcs.domid = INVALID_DOMID; cdcs->dcs.soft_reset = false; + libxl__xswait_init(&cdcs->dcs.console_xswait); if (cdcs->dcs.restore_params.checkpointed_stream == LIBXL_CHECKPOINTED_STREAM_COLO) { @@ -2172,6 +2171,7 @@ static int do_domain_soft_reset(libxl_ctx *ctx, cdcs->dcs.domid = domid; cdcs->dcs.soft_reset = true; cdcs->dcs.callback = domain_create_cb; + libxl__xswait_init(&cdcs->dcs.console_xswait); libxl__ao_progress_gethow(&srs->cdcs.dcs.aop_console_how, aop_console_how); cdcs->domid_out = &domid_out; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 03:55:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 03:55:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300340.512213 (Exim 4.92) (envelope-from ) id 1ncJF7-00068F-3W; Thu, 07 Apr 2022 03:55:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300340.512213; Thu, 07 Apr 2022 03:55:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJF7-000687-0h; Thu, 07 Apr 2022 03:55:33 +0000 Received: by outflank-mailman (input) for mailman id 300340; Thu, 07 Apr 2022 03:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJF5-00067m-Vi for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJF5-0005Ie-Uo for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncJF5-0002gX-U7 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FhfNmsDW6FX0FeULS9NbUU6K1ywTAj5I+mfQg2Npiyk=; b=1d5NnOu610/I1zj+ZlGguI0CZy Whoz6siU94QeUkbfEfEdl3dcCZLHblqHNH2Ciajo0sWYJKvkzQpoJ9tOWJVON4Y4QujKL8bUiwqGy VMmvsB50jlEhdmQ2UWzKVUTeTj1aDJNwSGSrhkxJmsovzVgtqtR7hQSjSUkPT/Xk+1dw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] libxl: Re-scope qmp_proxy_spawn.ao usage Message-Id: Date: Thu, 07 Apr 2022 03:55:31 +0000 commit 72a5bde6912198fb2d26ef94ae9cb7ed2bb6bb43 Author: Jason Andryuk AuthorDate: Wed Apr 6 10:19:57 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:19:57 2022 +0200 libxl: Re-scope qmp_proxy_spawn.ao usage I've observed this failed assertion: libxl_event.c:2057: libxl__ao_inprogress_gc: Assertion `ao' failed. AFAICT, this is happening in qmp_proxy_spawn_outcome where sdss->qmp_proxy_spawn.ao is NULL. The out label of spawn_stub_launch_dm() calls qmp_proxy_spawn_outcome(), but it is only in the success path that sdss->qmp_proxy_spawn.ao gets set to the current ao. qmp_proxy_spawn_outcome() should instead use sdss->dm.spawn.ao, which is the already in-use ao when spawn_stub_launch_dm() is called. The same is true for spawn_qmp_proxy(). With this, move sdss->qmp_proxy_spawn.ao initialization to spawn_qmp_proxy() since its use is for libxl__spawn_spawn() and it can be initialized along with the rest of sdss->qmp_proxy_spawn. Fixes: 83c845033dc8 ("libxl: use vchan for QMP access with Linux stubdomain") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD master commit: d62a34423a1a98aefd7c30e22d2d82d198f077c8 master date: 2022-04-01 17:01:57 +0100 --- tools/libs/light/libxl_dm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 9a8ddbe188..1864ee30f0 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -2567,7 +2567,6 @@ static void spawn_stub_launch_dm(libxl__egc *egc, goto out; } - sdss->qmp_proxy_spawn.ao = ao; if (libxl__stubdomain_is_linux(&guest_config->b_info)) { spawn_qmp_proxy(egc, sdss); } else { @@ -2584,7 +2583,7 @@ out: static void spawn_qmp_proxy(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); const uint32_t guest_domid = sdss->dm.guest_domid; const uint32_t dm_domid = sdss->pvqemu.guest_domid; const char *dom_path = libxl__xs_get_dompath(gc, dm_domid); @@ -2598,6 +2597,7 @@ static void spawn_qmp_proxy(libxl__egc *egc, goto out; } + sdss->qmp_proxy_spawn.ao = ao; sdss->qmp_proxy_spawn.what = GCSPRINTF("domain %d device model qmp proxy", guest_domid); sdss->qmp_proxy_spawn.pidpath = GCSPRINTF("%s/image/qmp-proxy-pid", dom_path); sdss->qmp_proxy_spawn.xspath = DEVICE_MODEL_XS_PATH(gc, LIBXL_TOOLSTACK_DOMID, @@ -2685,7 +2685,7 @@ static void qmp_proxy_spawn_outcome(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss, int rc) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); /* * Until xenconsoled learns how to handle multiple consoles, require qemu * in dom0 to serve consoles for a stubdomain - it require at least 3 of them. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 03:55:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 03:55:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300341.512217 (Exim 4.92) (envelope-from ) id 1ncJFH-0006Ck-56; Thu, 07 Apr 2022 03:55:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300341.512217; Thu, 07 Apr 2022 03:55:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJFH-0006Cc-2E; Thu, 07 Apr 2022 03:55:43 +0000 Received: by outflank-mailman (input) for mailman id 300341; Thu, 07 Apr 2022 03:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJFG-0006CS-2c for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJFG-0005Ip-1i for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncJFG-0002hB-0s for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eEzooGs7ekhuBmF14+SDOtBEywmrNygOvA8DZAEVfRY=; b=g48LfKxxUIngwYNIDZYuje5ol5 0W5XmdFgT3C3T/9u1wZhcH6QpiNo2Nqj36r/h8mczxWNuZDVEKatrrbSUFTCx+f2MqQmYnynmbfMX n7kzt98MQXq1IOvHRVaVc5MSIa5oZgNv/2MKW7/rf17BY4i7Siph0wFy5iMGRLprL9aI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] tools/firmware: force -fcf-protection=none Message-Id: Date: Thu, 07 Apr 2022 03:55:42 +0000 commit 548c443d9f1f11641bd52ea1f5c9035dcbdd6121 Author: Roger Pau MonnĂ© AuthorDate: Wed Apr 6 10:20:23 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:20:23 2022 +0200 tools/firmware: force -fcf-protection=none Do so right in firmware/Rules.mk, like it's done for other compiler flags. Fixes: 3667f7f8f7 ('x86: Introduce support for CET-IBT') Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Anthony PERARD Acked-by: Andrew Cooper master commit: 7225f6e0cd3afd48b4d61c43dd8fead0f4c92193 master date: 2022-04-04 12:30:00 +0100 --- tools/firmware/Rules.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index 9f78a7dec9..c227fe2524 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -15,6 +15,8 @@ CFLAGS += -Werror $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -ffreestanding -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 03:55:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 03:55:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300342.512221 (Exim 4.92) (envelope-from ) id 1ncJFR-0006Fe-6m; Thu, 07 Apr 2022 03:55:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300342.512221; Thu, 07 Apr 2022 03:55:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJFR-0006FW-3k; Thu, 07 Apr 2022 03:55:53 +0000 Received: by outflank-mailman (input) for mailman id 300342; Thu, 07 Apr 2022 03:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJFQ-0006FH-5T for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJFQ-0005J4-4h for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncJFQ-0002hj-43 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 03:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jZMbh+ry1InSai+CLCP1MI3d3F6X2mE+iM7lCeDMcOo=; b=gugmC4KHNY1bTUt9WdsYXjkG1u FCPRZJbhnZk52kd61ZoZegVn5wnTdlyOzmam5KkIYmx8P9QaUc6GjELSuFp2N+4brz8bzAl+KOH4l zRKmoM61h9uQ4937bqBVPINuLzNLlzG4UXoJs92yGkQ9DZMgsl4Ewg+NQUd/1NCMB3wA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] tools/firmware: do not add a .note.gnu.property section Message-Id: Date: Thu, 07 Apr 2022 03:55:52 +0000 commit 2c026fe1f159494b3ec05f19ddfb3d39ff901296 Author: Roger Pau MonnĂ© AuthorDate: Wed Apr 6 10:20:44 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:20:44 2022 +0200 tools/firmware: do not add a .note.gnu.property section Prevent the assembler from creating a .note.gnu.property section on the output objects, as it's not useful for firmware related binaries, and breaks the resulting rombios image. This requires modifying the cc-option Makefile macro so it can test assembler options (by replacing the usage of the -S flag with -c) and also stripping the -Wa, prefix if present when checking for the test output. Signed-off-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD Acked-by: Andrew Cooper master commit: e270af94280e6a9610705ebc1fdd1d7a9b1f8a98 master date: 2022-04-04 12:30:07 +0100 --- Config.mk | 2 +- tools/firmware/Rules.mk | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index 32b6637b4d..5c177e73de 100644 --- a/Config.mk +++ b/Config.mk @@ -91,7 +91,7 @@ PYTHON_PREFIX_ARG ?= --prefix="$(prefix)" # # Usage: cflags-y += $(call cc-option,$(CC),-march=winchip-c6,-march=i586) cc-option = $(shell if test -z "`echo 'void*p=1;' | \ - $(1) $(2) -S -o /dev/null -x c - 2>&1 | grep -- $(2) -`"; \ + $(1) $(2) -c -o /dev/null -x c - 2>&1 | grep -- $(2:-Wa$(comma)%=%) -`"; \ then echo "$(2)"; else echo "$(3)"; fi ;) # cc-option-add: Add an option to compilation flags, but only if supported. diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index c227fe2524..278cca01e4 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -17,6 +17,10 @@ $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +# Do not add the .note.gnu.property section to any of the firmware objects: it +# breaks the rombios binary and is not useful for firmware anyway. +$(call cc-option-add,CFLAGS,CC,-Wa$$(comma)-mx86-used-note=no) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -ffreestanding -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 04:33:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 04:33:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300351.512236 (Exim 4.92) (envelope-from ) id 1ncJpP-0002hq-7q; Thu, 07 Apr 2022 04:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300351.512236; Thu, 07 Apr 2022 04:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJpP-0002hi-4q; Thu, 07 Apr 2022 04:33:03 +0000 Received: by outflank-mailman (input) for mailman id 300351; Thu, 07 Apr 2022 04:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJpO-0002hc-Dy for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJpO-00069Y-D4 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncJpO-0005BI-CA for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Dn3Mb4MFAbuCgmSJQZdNBgXSWN9ueiMxOSZUuclLpf8=; b=txHnWuRlHmNV+kve28giz+5XPc OiA5ljTIURsrRrgE+1+MZb1oEqPL+4bjajXgDNsyft7BGnsHy34LS8KCN/NA0z0dgOmFvcBJRGDFo iVb8iB0leyw/6YxiCnunJ75hrDHaI4rr28Rvsr/NZavDqWYzaB1wRsmGhK0u7tubKkk0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] tools/libs/light: set video_mem for PVH guests Message-Id: Date: Thu, 07 Apr 2022 04:33:02 +0000 commit 3dc39cfd725c6cea989a7952b478aa675cf880f0 Author: Juergen Gross AuthorDate: Wed Apr 6 10:21:44 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:21:44 2022 +0200 tools/libs/light: set video_mem for PVH guests The size of the video memory of PVH guests should be set to 0 in case no value has been specified. Doing not so will leave it to be -1, resulting in an additional 1 kB of RAM being advertised in the memory map (here the output of a PVH Mini-OS boot with 16 MB of RAM assigned): Memory map: 000000000000-0000010003ff: RAM 0000feff8000-0000feffffff: Reserved 0000fc008000-0000fc00803f: ACPI 0000fc000000-0000fc000fff: ACPI 0000fc001000-0000fc007fff: ACPI Signed-off-by: Juergen Gross Reviewed-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD master commit: 0a20a53df158eb0724ce6dcd9de70cbdad547d6f master date: 2021-12-09 16:26:29 +0000 --- tools/libs/light/libxl_create.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 93b5093920..f3878cecc1 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -426,6 +426,8 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, break; case LIBXL_DOMAIN_TYPE_PVH: libxl_defbool_setdefault(&b_info->u.pvh.pvshim, false); + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 0; if (libxl_defbool_val(b_info->u.pvh.pvshim)) { if (!b_info->u.pvh.pvshim_path) b_info->u.pvh.pvshim_path = -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 04:33:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 04:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300352.512239 (Exim 4.92) (envelope-from ) id 1ncJpZ-0002ky-AJ; Thu, 07 Apr 2022 04:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300352.512239; Thu, 07 Apr 2022 04:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJpZ-0002kr-7X; Thu, 07 Apr 2022 04:33:13 +0000 Received: by outflank-mailman (input) for mailman id 300352; Thu, 07 Apr 2022 04:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJpY-0002kg-HE for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJpY-0006AJ-GO for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncJpY-0005Bs-FQ for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aj1OxYweqYFs8rzY4iAo1guLRIOF9lZiTgVLIZcGbig=; b=zNsXn+Gw4cFSZejZut83lhNWI9 q6EcJzWHjWYmyKx0p9gFDbDeIqyZJaGIux+a3yocyny/62G/kOLqkhQrnpLVSX4sXEgNXDrj1jOGY OSf0NrO+DmByDysf8MVjw177tkdE9S0VAcV+VfkR2GsgXZgfdPm3ozLs3zSAo9GGzjhA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xl: Fix global pci options Message-Id: Date: Thu, 07 Apr 2022 04:33:12 +0000 commit 00535c8a7487a384c3a3c3fed11d58c0e6208cc0 Author: Jason Andryuk AuthorDate: Wed Apr 6 10:22:27 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:22:27 2022 +0200 xl: Fix global pci options commit babde47a3fed "introduce a 'passthrough' configuration option to xl.cfg..." moved the pci list parsing ahead of the global pci option parsing. This broke the global pci configuration options since they need to be set first so that looping over the pci devices assigns their values. Move the global pci options ahead of the pci list to restore their function. Fixes: babde47a3fed ("introduce a 'passthrough' configuration option to xl.cfg...") Signed-off-by: Jason Andryuk Acked-by: Anthony PERARD master commit: e45ad0b1b0bd6a43f59aaf4a6f86d88783c630e5 master date: 2022-03-31 19:48:12 +0100 --- tools/xl/xl_parse.c | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 9fb0791429..aba31ed4aa 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -1469,6 +1469,32 @@ void parse_config_data(const char *config_source, exit(1); } + /* To be reworked (automatically enabled) once the auto ballooning + * after guest starts is done (with PCI devices passed in). */ + if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { + xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); + } + + if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) + pci_msitranslate = l; + + if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) + pci_power_mgmt = l; + + if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) + pci_permissive = l; + + if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) + pci_seize = l; + + if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { + libxl_rdm_reserve rdm; + if (!xlu_rdm_parse(config, &rdm, buf)) { + b_info->u.hvm.rdm.strategy = rdm.strategy; + b_info->u.hvm.rdm.policy = rdm.policy; + } + } + if (!xlu_cfg_get_list (config, "pci", &pcis, 0, 0)) { d_config->num_pcidevs = 0; d_config->pcidevs = NULL; @@ -2329,32 +2355,6 @@ skip_vfb: } } - if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) - pci_msitranslate = l; - - if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) - pci_power_mgmt = l; - - if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) - pci_permissive = l; - - if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) - pci_seize = l; - - /* To be reworked (automatically enabled) once the auto ballooning - * after guest starts is done (with PCI devices passed in). */ - if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { - xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); - } - - if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { - libxl_rdm_reserve rdm; - if (!xlu_rdm_parse(config, &rdm, buf)) { - b_info->u.hvm.rdm.strategy = rdm.strategy; - b_info->u.hvm.rdm.policy = rdm.policy; - } - } - if (!xlu_cfg_get_list(config, "usbctrl", &usbctrls, 0, 0)) { d_config->num_usbctrls = 0; d_config->usbctrls = NULL; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 04:33:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 04:33:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300353.512244 (Exim 4.92) (envelope-from ) id 1ncJpk-0002o6-C0; Thu, 07 Apr 2022 04:33:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300353.512244; Thu, 07 Apr 2022 04:33:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJpk-0002ny-9D; Thu, 07 Apr 2022 04:33:24 +0000 Received: by outflank-mailman (input) for mailman id 300353; Thu, 07 Apr 2022 04:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJpi-0002nk-L9 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJpi-0006B8-KK for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncJpi-0005CT-Ii for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Pi8fUjIkQWlQFsDnL3TqUDB3NB5HLnHUaejQQWhyyhk=; b=Y1aJ9uM7FRqZ3+XD8hs9MBMAWq Cy4HT+A7CqOuJ91LKjGleHcIoxLJTV2PACINaggT5wLtW/PIpiAwjPWk+wz+XUhQQOjrjGMbq5E4i k5LSAXxGZz4VrrQnodyUux6yj+ZPhxiwt6Bzgg3+eNEcTzVHfn/2mCU5ZM2YDg40urZU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl: Don't segfault on soft-reset failure Message-Id: Date: Thu, 07 Apr 2022 04:33:22 +0000 commit d9b39c308da9fe7cf58941cff4b343d4b57c2ae5 Author: Jason Andryuk AuthorDate: Wed Apr 6 10:23:03 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:23:03 2022 +0200 libxl: Don't segfault on soft-reset failure If domain_soft_reset_cb can't rename the save file, it doesn't call initiate_domain_create() and calls domcreate_complete(). Skipping initiate_domain_create() means dcs->console_wait is uninitialized and all 0s. We have: domcreate_complete() libxl__xswait_stop() libxl__ev_xswatch_deregister(). The uninitialized slotnum 0 is considered valid (-1 is the invalid sentinel), so the NULL pointer path to passed to xs_unwatch() which segfaults. libxl__ev_xswatch_deregister:watch w=0x12bc250 wpath=(null) token=0/0: deregister slotnum=0 Move dcs->console_xswait initialization into the callers of initiate_domain_create, do_domain_create() and do_domain_soft_reset(), so it is initialized along with the other dcs state. Fixes: c57e6ebd8c3e ("(lib)xl: soft reset support") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD master commit: d2ecf97f911fc00a85b34b70ca311b5d355a9756 master date: 2022-04-01 17:01:57 +0100 --- tools/libs/light/libxl_create.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index f3878cecc1..2f171a190a 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1226,8 +1226,6 @@ static void initiate_domain_create(libxl__egc *egc, libxl_domain_config *const d_config = dcs->guest_config; libxl__domain_build_state *dbs = &dcs->build_state; - libxl__xswait_init(&dcs->console_xswait); - domid = dcs->domid; libxl__domain_build_state_init(dbs); dbs->restore = dcs->restore_fd >= 0; @@ -2042,6 +2040,7 @@ static int do_domain_create(libxl_ctx *ctx, libxl_domain_config *d_config, cdcs->dcs.callback = domain_create_cb; cdcs->dcs.domid = INVALID_DOMID; cdcs->dcs.soft_reset = false; + libxl__xswait_init(&cdcs->dcs.console_xswait); if (cdcs->dcs.restore_params.checkpointed_stream == LIBXL_CHECKPOINTED_STREAM_COLO) { @@ -2142,6 +2141,7 @@ static int do_domain_soft_reset(libxl_ctx *ctx, cdcs->dcs.domid = domid; cdcs->dcs.soft_reset = true; cdcs->dcs.callback = domain_create_cb; + libxl__xswait_init(&cdcs->dcs.console_xswait); libxl__ao_progress_gethow(&srs->cdcs.dcs.aop_console_how, aop_console_how); cdcs->domid_out = &domid_out; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 04:33:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 04:33:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300354.512248 (Exim 4.92) (envelope-from ) id 1ncJpu-0002qi-Dc; Thu, 07 Apr 2022 04:33:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300354.512248; Thu, 07 Apr 2022 04:33:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJpu-0002qa-Ah; Thu, 07 Apr 2022 04:33:34 +0000 Received: by outflank-mailman (input) for mailman id 300354; Thu, 07 Apr 2022 04:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJps-0002qN-ON for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJps-0006CA-NV for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncJps-0005Cy-Mm for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0sXGiAWINp2XZgFdf6yyCSoWeQvIKj3N+QaUvHuTQGE=; b=V4zCSk6MVWrW2WArWwTeAVmdch 2vR6lz3CqY27Ortp2juoTJf5jlCTJd2HWbO+4YzoMzilirj1jf6MU+YCj9/QO/8Jvj60xZkCw/Rxt etXSC1kT1mG7pOXup3XEsyuJ73XSRsjxoxHOat+oKXfxzHhRJB1xVzQvDkKjVIm0itIQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl: Re-scope qmp_proxy_spawn.ao usage Message-Id: Date: Thu, 07 Apr 2022 04:33:32 +0000 commit 7b181e559a09e08ef5968c8c21dcac62e17ad7cb Author: Jason Andryuk AuthorDate: Wed Apr 6 10:23:32 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:23:32 2022 +0200 libxl: Re-scope qmp_proxy_spawn.ao usage I've observed this failed assertion: libxl_event.c:2057: libxl__ao_inprogress_gc: Assertion `ao' failed. AFAICT, this is happening in qmp_proxy_spawn_outcome where sdss->qmp_proxy_spawn.ao is NULL. The out label of spawn_stub_launch_dm() calls qmp_proxy_spawn_outcome(), but it is only in the success path that sdss->qmp_proxy_spawn.ao gets set to the current ao. qmp_proxy_spawn_outcome() should instead use sdss->dm.spawn.ao, which is the already in-use ao when spawn_stub_launch_dm() is called. The same is true for spawn_qmp_proxy(). With this, move sdss->qmp_proxy_spawn.ao initialization to spawn_qmp_proxy() since its use is for libxl__spawn_spawn() and it can be initialized along with the rest of sdss->qmp_proxy_spawn. Fixes: 83c845033dc8 ("libxl: use vchan for QMP access with Linux stubdomain") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD master commit: d62a34423a1a98aefd7c30e22d2d82d198f077c8 master date: 2022-04-01 17:01:57 +0100 --- tools/libs/light/libxl_dm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 9949632eb8..24f6e73b0a 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -2567,7 +2567,6 @@ static void spawn_stub_launch_dm(libxl__egc *egc, goto out; } - sdss->qmp_proxy_spawn.ao = ao; if (libxl__stubdomain_is_linux(&guest_config->b_info)) { spawn_qmp_proxy(egc, sdss); } else { @@ -2584,7 +2583,7 @@ out: static void spawn_qmp_proxy(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); const uint32_t guest_domid = sdss->dm.guest_domid; const uint32_t dm_domid = sdss->pvqemu.guest_domid; const char *dom_path = libxl__xs_get_dompath(gc, dm_domid); @@ -2598,6 +2597,7 @@ static void spawn_qmp_proxy(libxl__egc *egc, goto out; } + sdss->qmp_proxy_spawn.ao = ao; sdss->qmp_proxy_spawn.what = GCSPRINTF("domain %d device model qmp proxy", guest_domid); sdss->qmp_proxy_spawn.pidpath = GCSPRINTF("%s/image/qmp-proxy-pid", dom_path); sdss->qmp_proxy_spawn.xspath = DEVICE_MODEL_XS_PATH(gc, LIBXL_TOOLSTACK_DOMID, @@ -2685,7 +2685,7 @@ static void qmp_proxy_spawn_outcome(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss, int rc) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); /* * Until xenconsoled learns how to handle multiple consoles, require qemu * in dom0 to serve consoles for a stubdomain - it require at least 3 of them. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 04:33:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 04:33:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300355.512252 (Exim 4.92) (envelope-from ) id 1ncJq4-0002td-F9; Thu, 07 Apr 2022 04:33:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300355.512252; Thu, 07 Apr 2022 04:33:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJq4-0002tV-CE; Thu, 07 Apr 2022 04:33:44 +0000 Received: by outflank-mailman (input) for mailman id 300355; Thu, 07 Apr 2022 04:33:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJq2-0002tC-Ra for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJq2-0006Cy-Qo for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncJq2-0005DU-Pm for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=V7DnJ7qRHlsTZKhEf4mhdU2dN2WTrP421zYXkRw82CA=; b=CeF3NvROC23nltDmCgHkjUwR4O PwBwFfaYxP57AS6tA81l0qedmfIfdR+dp3srmFrvuBwOUuqJcZLoIGVDh3XBMYg1RG2MNEd9Umn51 4p4yuS9T9vIW8s0vh79/M4BV9J2Pn7j2thE1Up8ex+wesEzlYEh8vX3bMC4449cNppoI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] tools/firmware: force -fcf-protection=none Message-Id: Date: Thu, 07 Apr 2022 04:33:42 +0000 commit 9fbd91a388b4b45d0330c8cb93702af6ab9ec5d2 Author: Roger Pau MonnĂ© AuthorDate: Wed Apr 6 10:23:52 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:23:52 2022 +0200 tools/firmware: force -fcf-protection=none Do so right in firmware/Rules.mk, like it's done for other compiler flags. Fixes: 3667f7f8f7 ('x86: Introduce support for CET-IBT') Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Anthony PERARD Acked-by: Andrew Cooper master commit: 7225f6e0cd3afd48b4d61c43dd8fead0f4c92193 master date: 2022-04-04 12:30:00 +0100 --- tools/firmware/Rules.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index 9f78a7dec9..c227fe2524 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -15,6 +15,8 @@ CFLAGS += -Werror $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -ffreestanding -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 04:33:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 04:33:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300356.512256 (Exim 4.92) (envelope-from ) id 1ncJqE-0002wJ-GX; Thu, 07 Apr 2022 04:33:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300356.512256; Thu, 07 Apr 2022 04:33:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJqE-0002wA-Df; Thu, 07 Apr 2022 04:33:54 +0000 Received: by outflank-mailman (input) for mailman id 300356; Thu, 07 Apr 2022 04:33:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJqD-0002vy-0M for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncJqC-0006Dq-U5 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncJqC-0005Dw-T4 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 04:33:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=M4H7ByIdon766/maWvP9uFB0UsQqi5dalZwqX3D/+ow=; b=Eo+E9zK9nATxy1L2Uuf538cesO bFSD7yWi9b5PLUyv9eawSxyoLLIItyqbJepfvqyWOsX8+Fb/kt8qTmrLAB2WpcouqeetoOv88JRK5 loGUMTJ10mk/c3W/VaV3/9A3KUA4XOq58DoXCN8e2+s6WOc6loPpsX396nhvbYyEtc00=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] tools/firmware: do not add a .note.gnu.property section Message-Id: Date: Thu, 07 Apr 2022 04:33:52 +0000 commit 10cd51d5bf5f2d9ebe5f36a1b428f65ff5efd115 Author: Roger Pau MonnĂ© AuthorDate: Wed Apr 6 10:24:10 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 6 10:24:10 2022 +0200 tools/firmware: do not add a .note.gnu.property section Prevent the assembler from creating a .note.gnu.property section on the output objects, as it's not useful for firmware related binaries, and breaks the resulting rombios image. This requires modifying the cc-option Makefile macro so it can test assembler options (by replacing the usage of the -S flag with -c) and also stripping the -Wa, prefix if present when checking for the test output. Signed-off-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD Acked-by: Andrew Cooper master commit: e270af94280e6a9610705ebc1fdd1d7a9b1f8a98 master date: 2022-04-04 12:30:07 +0100 --- Config.mk | 2 +- tools/firmware/Rules.mk | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index ae5eaecd62..2593e5aa78 100644 --- a/Config.mk +++ b/Config.mk @@ -91,7 +91,7 @@ PYTHON_PREFIX_ARG ?= --prefix="$(prefix)" # # Usage: cflags-y += $(call cc-option,$(CC),-march=winchip-c6,-march=i586) cc-option = $(shell if test -z "`echo 'void*p=1;' | \ - $(1) $(2) -S -o /dev/null -x c - 2>&1 | grep -- $(2) -`"; \ + $(1) $(2) -c -o /dev/null -x c - 2>&1 | grep -- $(2:-Wa$(comma)%=%) -`"; \ then echo "$(2)"; else echo "$(3)"; fi ;) # cc-option-add: Add an option to compilation flags, but only if supported. diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index c227fe2524..278cca01e4 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -17,6 +17,10 @@ $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +# Do not add the .note.gnu.property section to any of the firmware objects: it +# breaks the rombios binary and is not useful for firmware anyway. +$(call cc-option-add,CFLAGS,CC,-Wa$$(comma)-mx86-used-note=no) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -ffreestanding -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 06:44:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 06:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300423.512403 (Exim 4.92) (envelope-from ) id 1ncLsD-0008Iv-Jv; Thu, 07 Apr 2022 06:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300423.512403; Thu, 07 Apr 2022 06:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsD-0008Io-H0; Thu, 07 Apr 2022 06:44:05 +0000 Received: by outflank-mailman (input) for mailman id 300423; Thu, 07 Apr 2022 06:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsC-0008Ig-8c for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsC-0000WS-6j for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncLsC-0005Mi-5v for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CUPi9bkaPBK9qzrczbYDW6v6H/Im6dyPYq7n9cQRzOA=; b=HyW8rQHOi909mJvYd0dO2c/d+U 6gg+IW+lG9PbYRVGn0aNWGlO1280Dko96ftStmXipUws12w1NqwZ2DbWWmJ6SSVRtHISUvUSQihIw p/8xFWO7WqcXPVciqu9Tbc1OyK6HXTdcC+5NeJnXF5AT7OEEntAWRTY2+W+USBmBKi98=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/P2M: rename p2m_remove_page() Message-Id: Date: Thu, 07 Apr 2022 06:44:04 +0000 commit 0cd09bf30514f20d15956aa22dda370a4cf59b2e Author: Jan Beulich AuthorDate: Thu Apr 7 08:28:38 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:28:38 2022 +0200 x86/P2M: rename p2m_remove_page() This is in preparation to re-using the original name. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/mm/p2m.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 444761d31b..76ac72de86 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -788,8 +788,8 @@ void p2m_final_teardown(struct domain *d) #ifdef CONFIG_HVM static int __must_check -p2m_remove_page(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, - unsigned int page_order) +p2m_remove_entry(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, + unsigned int page_order) { unsigned long i; p2m_type_t t; @@ -861,7 +861,7 @@ guest_physmap_remove_page(struct domain *d, gfn_t gfn, return 0; gfn_lock(p2m, gfn, page_order); - rc = p2m_remove_page(p2m, gfn, mfn, page_order); + rc = p2m_remove_entry(p2m, gfn, mfn, page_order); gfn_unlock(p2m, gfn, page_order); return rc; @@ -1034,7 +1034,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, P2M_DEBUG("old gfn=%#lx -> mfn %#lx\n", gfn_x(ogfn) , mfn_x(omfn)); if ( mfn_eq(omfn, mfn_add(mfn, i)) && - (rc = p2m_remove_page(p2m, ogfn, omfn, 0)) ) + (rc = p2m_remove_entry(p2m, ogfn, omfn, 0)) ) goto out; } } @@ -2444,7 +2444,7 @@ int p2m_change_altp2m_gfn(struct domain *d, unsigned int idx, { mfn = ap2m->get_entry(ap2m, old_gfn, &t, &a, 0, NULL, NULL); rc = mfn_valid(mfn) - ? p2m_remove_page(ap2m, old_gfn, mfn, PAGE_ORDER_4K) + ? p2m_remove_entry(ap2m, old_gfn, mfn, PAGE_ORDER_4K) : 0; goto out; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 06:44:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 06:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300424.512407 (Exim 4.92) (envelope-from ) id 1ncLsN-0008L5-Lp; Thu, 07 Apr 2022 06:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300424.512407; Thu, 07 Apr 2022 06:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsN-0008Kx-J1; Thu, 07 Apr 2022 06:44:15 +0000 Received: by outflank-mailman (input) for mailman id 300424; Thu, 07 Apr 2022 06:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsM-0008Kk-Az for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsM-0000WZ-A3 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncLsM-0005NP-9D for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yyOGIpsyLScHKANViMsqT5xYfU5qX7d9j4TIW9cNM+M=; b=0xRUfjZG3fNXShxMVom9mhPlfg JuVp02oU/WbcfB9gv5nmKD7dcDa06vRpxv/G+Dfm9/VEH/zKZZ7r56OLcMkiKC5+W5TlKvmyCj3zu PHlievy8I3YLbbbWwhpHytpN+TTQFwVlcer0wrUciFkovLI9nLVgpCis9+li4Q3Vp+G0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/P2M: introduce p2m_{add,remove}_page() Message-Id: Date: Thu, 07 Apr 2022 06:44:14 +0000 commit fa4b4fa61debfde019e3e145e39706c4652d1c32 Author: Jan Beulich AuthorDate: Thu Apr 7 08:29:33 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:29:33 2022 +0200 x86/P2M: introduce p2m_{add,remove}_page() Rename guest_physmap_add_entry() to p2m_add_page(); make guest_physmap_remove_page() a trivial wrapper around p2m_remove_page(). This way callers can use suitable pairs of functions (previously violated by hvm/grant_table.c). In HVM-specific code further avoid going through the guest_physmap_*() layer, and instead use the two new/renamed functions directly. Ultimately the goal is to have guest_physmap_...() functions cover all types of guests, but p2m_...() dealing only with translated ones. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: George Dunlap --- xen/arch/x86/hvm/dom0_build.c | 3 +-- xen/arch/x86/hvm/grant_table.c | 7 +++---- xen/arch/x86/hvm/ioreq.c | 6 ++---- xen/arch/x86/include/asm/p2m.h | 9 +++++---- xen/arch/x86/mm/p2m.c | 37 +++++++++++++++++++++++++------------ 5 files changed, 36 insertions(+), 26 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index 25fb05a389..1864d048a1 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -173,8 +173,7 @@ static int __init pvh_populate_memory_range(struct domain *d, continue; } - rc = guest_physmap_add_page(d, _gfn(start), page_to_mfn(page), - order); + rc = p2m_add_page(d, _gfn(start), page_to_mfn(page), order, p2m_ram_rw); if ( rc != 0 ) { printk("Failed to populate memory: [%#lx,%#lx): %d\n", diff --git a/xen/arch/x86/hvm/grant_table.c b/xen/arch/x86/hvm/grant_table.c index f18582f5a6..b7a896ea58 100644 --- a/xen/arch/x86/hvm/grant_table.c +++ b/xen/arch/x86/hvm/grant_table.c @@ -39,9 +39,8 @@ int create_grant_p2m_mapping(uint64_t addr, mfn_t frame, p2mt = p2m_grant_map_ro; else p2mt = p2m_grant_map_rw; - rc = guest_physmap_add_entry(current->domain, - _gfn(addr >> PAGE_SHIFT), - frame, PAGE_ORDER_4K, p2mt); + rc = p2m_add_page(current->domain, _gfn(addr >> PAGE_SHIFT), + frame, PAGE_ORDER_4K, p2mt); if ( rc ) return GNTST_general_error; else @@ -68,7 +67,7 @@ int replace_grant_p2m_mapping(uint64_t addr, mfn_t frame, type, mfn_x(old_mfn), mfn_x(frame)); return GNTST_general_error; } - if ( guest_physmap_remove_page(d, _gfn(gfn), frame, PAGE_ORDER_4K) ) + if ( p2m_remove_page(d, _gfn(gfn), frame, PAGE_ORDER_4K) ) { put_gfn(d, gfn); return GNTST_general_error; diff --git a/xen/arch/x86/hvm/ioreq.c b/xen/arch/x86/hvm/ioreq.c index 8409d910d6..0bdcca1e1a 100644 --- a/xen/arch/x86/hvm/ioreq.c +++ b/xen/arch/x86/hvm/ioreq.c @@ -188,8 +188,7 @@ static void hvm_remove_ioreq_gfn(struct ioreq_server *s, bool buf) if ( gfn_eq(iorp->gfn, INVALID_GFN) ) return; - if ( guest_physmap_remove_page(d, iorp->gfn, - page_to_mfn(iorp->page), 0) ) + if ( p2m_remove_page(d, iorp->gfn, page_to_mfn(iorp->page), 0) ) domain_crash(d); clear_page(iorp->va); } @@ -205,8 +204,7 @@ static int hvm_add_ioreq_gfn(struct ioreq_server *s, bool buf) clear_page(iorp->va); - rc = guest_physmap_add_page(d, iorp->gfn, - page_to_mfn(iorp->page), 0); + rc = p2m_add_page(d, iorp->gfn, page_to_mfn(iorp->page), 0, p2m_ram_rw); if ( rc == 0 ) paging_mark_pfn_dirty(d, _pfn(gfn_x(iorp->gfn))); diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 7873744263..84d19e871e 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -577,10 +577,11 @@ int p2m_alloc_table(struct p2m_domain *p2m); void p2m_teardown(struct p2m_domain *p2m); void p2m_final_teardown(struct domain *d); -/* Add a page to a domain's p2m table */ -int guest_physmap_add_entry(struct domain *d, gfn_t gfn, - mfn_t mfn, unsigned int page_order, - p2m_type_t t); +/* Add/remove a page to/from a domain's p2m table. */ +int p2m_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, + unsigned int page_order, p2m_type_t t); +int p2m_remove_page(struct domain *d, gfn_t gfn, mfn_t mfn, + unsigned int page_order); /* Untyped version for RAM only, for compatibility and PV. */ int __must_check guest_physmap_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 76ac72de86..056a622c95 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -850,15 +850,17 @@ p2m_remove_entry(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, } int -guest_physmap_remove_page(struct domain *d, gfn_t gfn, - mfn_t mfn, unsigned int page_order) +p2m_remove_page(struct domain *d, gfn_t gfn, mfn_t mfn, + unsigned int page_order) { struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; - /* IOMMU for PV guests is handled in get_page_type() and put_page(). */ if ( !paging_mode_translate(d) ) - return 0; + { + ASSERT_UNREACHABLE(); + return -EPERM; + } gfn_lock(p2m, gfn, page_order); rc = p2m_remove_entry(p2m, gfn, mfn, page_order); @@ -867,6 +869,17 @@ guest_physmap_remove_page(struct domain *d, gfn_t gfn, return rc; } +int +guest_physmap_remove_page(struct domain *d, gfn_t gfn, + mfn_t mfn, unsigned int page_order) +{ + /* IOMMU for PV guests is handled in get_page_type() and put_page(). */ + if ( !paging_mode_translate(d) ) + return 0; + + return p2m_remove_page(d, gfn, mfn, page_order); +} + #endif /* CONFIG_HVM */ int @@ -905,14 +918,14 @@ guest_physmap_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, return 0; } - return guest_physmap_add_entry(d, gfn, mfn, page_order, p2m_ram_rw); + return p2m_add_page(d, gfn, mfn, page_order, p2m_ram_rw); } #ifdef CONFIG_HVM int -guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, - unsigned int page_order, p2m_type_t t) +p2m_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, + unsigned int page_order, p2m_type_t t) { struct p2m_domain *p2m = p2m_get_hostp2m(d); unsigned long i; @@ -2724,7 +2737,7 @@ static int p2m_add_foreign(struct domain *tdom, unsigned long fgfn, { if ( is_special_page(mfn_to_page(prev_mfn)) ) /* Special pages are simply unhooked from this phys slot */ - rc = guest_physmap_remove_page(tdom, _gfn(gpfn), prev_mfn, 0); + rc = p2m_remove_page(tdom, _gfn(gpfn), prev_mfn, 0); else /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(tdom, gpfn); @@ -2732,7 +2745,7 @@ static int p2m_add_foreign(struct domain *tdom, unsigned long fgfn, goto put_both; } /* - * Create the new mapping. Can't use guest_physmap_add_page() because it + * Create the new mapping. Can't use p2m_add_page() because it * will update the m2p table which will result in mfn -> gpfn of dom0 * and not fgfn of domU. */ @@ -2846,7 +2859,7 @@ int xenmem_add_to_physmap_one( { if ( is_special_page(mfn_to_page(prev_mfn)) ) /* Special pages are simply unhooked from this phys slot. */ - rc = guest_physmap_remove_page(d, gpfn, prev_mfn, PAGE_ORDER_4K); + rc = p2m_remove_page(d, gpfn, prev_mfn, PAGE_ORDER_4K); else if ( !mfn_eq(mfn, prev_mfn) ) /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(d, gfn_x(gpfn)); @@ -2854,11 +2867,11 @@ int xenmem_add_to_physmap_one( /* Unmap from old location, if any. */ if ( !rc && old_gpfn != INVALID_M2P_ENTRY && !gfn_eq(_gfn(old_gpfn), gpfn) ) - rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); + rc = p2m_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ if ( !rc ) - rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + rc = p2m_add_page(d, gpfn, mfn, PAGE_ORDER_4K, p2m_ram_rw); put_all: put_gfn(d, gfn_x(gpfn)); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 06:44:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 06:44:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300425.512411 (Exim 4.92) (envelope-from ) id 1ncLsX-0008Oi-PC; Thu, 07 Apr 2022 06:44:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300425.512411; Thu, 07 Apr 2022 06:44:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsX-0008Ob-MC; Thu, 07 Apr 2022 06:44:25 +0000 Received: by outflank-mailman (input) for mailman id 300425; Thu, 07 Apr 2022 06:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsW-0008OM-E5 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsW-0000Wu-DA for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncLsW-0005OE-CR for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EByS3/sZZRf2qC1LGwcJ/IEsoDnr6kxVQmPcG0k4BCk=; b=s/MFvx9yK5GVrPMR/hXIqoWG1/ b5NAXb3e0J2nC4JUjxsV6xbTZZedsNuIQd+1mrkV9lQUaiTmBC94aWfDreNdEGNVhHD7TaC5qCvoS iUjYVxuiijT9N7T8HZs633Pbvd3XOrZvF/DFr9dpmyiEiOtlpB2sGpGj50SDfZeqo5yg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mm: move guest_physmap_{add,remove}_page() Message-Id: Date: Thu, 07 Apr 2022 06:44:24 +0000 commit 0e58a6ceb6ef4e0c47acd3c7e48bb904c4d1a0a8 Author: Jan Beulich AuthorDate: Thu Apr 7 08:30:36 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:30:36 2022 +0200 x86/mm: move guest_physmap_{add,remove}_page() ... to a new file, separating the functions from their HVM-specific backing ones, themselves only dealing with the non-translated case. To avoid having a new CONFIG_HVM conditional in there, do away with the inline placeholder. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/mm/Makefile | 1 + xen/arch/x86/mm/p2m.c | 54 ---------------------------- xen/arch/x86/mm/physmap.c | 85 ++++++++++++++++++++++++++++++++++++++++++++ xen/include/xen/p2m-common.h | 9 ----- 4 files changed, 86 insertions(+), 63 deletions(-) diff --git a/xen/arch/x86/mm/Makefile b/xen/arch/x86/mm/Makefile index 6b7882d992..a47ef5fd9f 100644 --- a/xen/arch/x86/mm/Makefile +++ b/xen/arch/x86/mm/Makefile @@ -10,3 +10,4 @@ obj-$(CONFIG_MEM_SHARING) += mem_sharing.o obj-y += p2m.o obj-$(CONFIG_HVM) += p2m-ept.o p2m-pod.o p2m-pt.o obj-y += paging.o +obj-y += physmap.o diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 056a622c95..a01e42ee61 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -869,60 +869,6 @@ p2m_remove_page(struct domain *d, gfn_t gfn, mfn_t mfn, return rc; } -int -guest_physmap_remove_page(struct domain *d, gfn_t gfn, - mfn_t mfn, unsigned int page_order) -{ - /* IOMMU for PV guests is handled in get_page_type() and put_page(). */ - if ( !paging_mode_translate(d) ) - return 0; - - return p2m_remove_page(d, gfn, mfn, page_order); -} - -#endif /* CONFIG_HVM */ - -int -guest_physmap_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, - unsigned int page_order) -{ - /* IOMMU for PV guests is handled in get_page_type() and put_page(). */ - if ( !paging_mode_translate(d) ) - { - struct page_info *page = mfn_to_page(mfn); - unsigned long i; - - /* - * Our interface for PV guests wrt IOMMU entries hasn't been very - * clear; but historically, pages have started out with IOMMU mappings, - * and only lose them when changed to a different page type. - * - * Retain this property by grabbing a writable type ref and then - * dropping it immediately. The result will be pages that have a - * writable type (and an IOMMU entry), but a count of 0 (such that - * any guest-requested type changes succeed and remove the IOMMU - * entry). - */ - for ( i = 0; i < (1UL << page_order); ++i, ++page ) - { - if ( !need_iommu_pt_sync(d) ) - /* nothing */; - else if ( get_page_and_type(page, d, PGT_writable_page) ) - put_page_and_type(page); - else - return -EINVAL; - - set_gpfn_from_mfn(mfn_x(mfn) + i, gfn_x(gfn) + i); - } - - return 0; - } - - return p2m_add_page(d, gfn, mfn, page_order, p2m_ram_rw); -} - -#ifdef CONFIG_HVM - int p2m_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, unsigned int page_order, p2m_type_t t) diff --git a/xen/arch/x86/mm/physmap.c b/xen/arch/x86/mm/physmap.c new file mode 100644 index 0000000000..ea82a07283 --- /dev/null +++ b/xen/arch/x86/mm/physmap.c @@ -0,0 +1,85 @@ +/****************************************************************************** + * arch/x86/mm/physmap.c + * + * Parts of this code are Copyright (c) 2009 by Citrix Systems, Inc. (Patrick Colp) + * Parts of this code are Copyright (c) 2007 by Advanced Micro Devices. + * Parts of this code are Copyright (c) 2006-2007 by XenSource Inc. + * Parts of this code are Copyright (c) 2006 by Michael A Fetterman + * Parts based on earlier work by Michael A Fetterman, Ian Pratt et al. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + */ + +#include + +#include "mm-locks.h" + +int +guest_physmap_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, + unsigned int page_order) +{ + /* IOMMU for PV guests is handled in get_page_type() and put_page(). */ + if ( !paging_mode_translate(d) ) + { + struct page_info *page = mfn_to_page(mfn); + unsigned long i; + + /* + * Our interface for PV guests wrt IOMMU entries hasn't been very + * clear; but historically, pages have started out with IOMMU mappings, + * and only lose them when changed to a different page type. + * + * Retain this property by grabbing a writable type ref and then + * dropping it immediately. The result will be pages that have a + * writable type (and an IOMMU entry), but a count of 0 (such that + * any guest-requested type changes succeed and remove the IOMMU + * entry). + */ + for ( i = 0; i < (1UL << page_order); ++i, ++page ) + { + if ( !need_iommu_pt_sync(d) ) + /* nothing */; + else if ( get_page_and_type(page, d, PGT_writable_page) ) + put_page_and_type(page); + else + return -EINVAL; + + set_gpfn_from_mfn(mfn_x(mfn) + i, gfn_x(gfn) + i); + } + + return 0; + } + + return p2m_add_page(d, gfn, mfn, page_order, p2m_ram_rw); +} + +int +guest_physmap_remove_page(struct domain *d, gfn_t gfn, + mfn_t mfn, unsigned int page_order) +{ + /* IOMMU for PV guests is handled in get_page_type() and put_page(). */ + if ( !paging_mode_translate(d) ) + return 0; + + return p2m_remove_page(d, gfn, mfn, page_order); +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/include/xen/p2m-common.h b/xen/include/xen/p2m-common.h index 80bac95057..a322e738ef 100644 --- a/xen/include/xen/p2m-common.h +++ b/xen/include/xen/p2m-common.h @@ -8,18 +8,9 @@ int set_foreign_p2m_entry(struct domain *d, const struct domain *fd, unsigned long gfn, mfn_t mfn); /* Remove a page from a domain's p2m table */ -#ifdef CONFIG_HVM int __must_check guest_physmap_remove_page(struct domain *d, gfn_t gfn, mfn_t mfn, unsigned int page_order); -#else -static inline int -guest_physmap_remove_page(struct domain *d, gfn_t gfn, mfn_t mfn, - unsigned int page_order) -{ - return 0; -} -#endif /* Map MMIO regions in the p2m: start_gfn and nr describe the range in * * the guest physical address space to map, starting from the machine -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 06:44:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 06:44:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300426.512417 (Exim 4.92) (envelope-from ) id 1ncLsh-0008Rs-Rv; Thu, 07 Apr 2022 06:44:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300426.512417; Thu, 07 Apr 2022 06:44:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsh-0008Rj-Nz; Thu, 07 Apr 2022 06:44:35 +0000 Received: by outflank-mailman (input) for mailman id 300426; Thu, 07 Apr 2022 06:44:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsg-0008RU-HJ for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsg-0000XN-GU for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncLsg-0005Os-Fo for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KLjGKNhm1I+R3KEZ9wosFtA4R6O7zFf1o+BjGyCL0j8=; b=fsYLL5QWAEeeyQWQQNlq1tKI5p T2/rcN0u4/qcG56uw2Ep+wEFzoYSYkbySb1fGuTZcX+wOh5mMZ89SDv8uvqj+uh3mxPMM44tP5vw/ 4BXDdybjKHUjDncwnnJW5YvWY97lvayP+g2iX3TGRYbC1G98CntupvRp/R/J/ljMC4IE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/EFI: retrieve EDID Message-Id: Date: Thu, 07 Apr 2022 06:44:34 +0000 commit 3d486def5085cfa3a938ba3b066a2515fb1a401a Author: Jan Beulich AuthorDate: Thu Apr 7 08:33:09 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:33:09 2022 +0200 x86/EFI: retrieve EDID When booting directly from EFI, obtaining this information from EFI is the only possible way. And even when booting with a boot loader interposed, it's more clean not to use legacy BIOS calls for this purpose. (The downside being that there are no "capabilities" that we can retrieve the EFI way.) To achieve this we need to propagate the handle used to obtain the EFI_GRAPHICS_OUTPUT_PROTOCOL instance for further obtaining an EFI_EDID_*_PROTOCOL instance, which has been part of the spec since 2.5. Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu # Arm, common Acked-by: Roger Pau MonnĂ© Acked-by: Bertrand Marquis #arm --- xen/arch/arm/efi/efi-boot.h | 4 ++++ xen/arch/x86/boot/video.S | 9 ++++++- xen/arch/x86/efi/efi-boot.h | 58 ++++++++++++++++++++++++++++++++++++++++++++- xen/common/efi/boot.c | 15 ++++++++---- xen/include/efi/efiprot.h | 47 ++++++++++++++++++++++++++++++++++++ 5 files changed, 127 insertions(+), 6 deletions(-) diff --git a/xen/arch/arm/efi/efi-boot.h b/xen/arch/arm/efi/efi-boot.h index ae8627134e..e452b687d8 100644 --- a/xen/arch/arm/efi/efi-boot.h +++ b/xen/arch/arm/efi/efi-boot.h @@ -464,6 +464,10 @@ static void __init efi_arch_edd(void) { } +static void __init efi_arch_edid(EFI_HANDLE gop_handle) +{ +} + static void __init efi_arch_memory_setup(void) { } diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S index 0efbe8d3b3..22bc3732a0 100644 --- a/xen/arch/x86/boot/video.S +++ b/xen/arch/x86/boot/video.S @@ -890,7 +890,14 @@ store_edid: pushw %dx pushw %di - cmpb $1, bootsym(opt_edid) # EDID disabled on cmdline (edid=no)? + movb bootsym(opt_edid), %al + cmpw $0x1313, bootsym(boot_edid_caps) # Data already retrieved? + je .Lcheck_edid + cmpb $2, %al # EDID forced on cmdline (edid=force)? + jne .Lno_edid + +.Lcheck_edid: + cmpb $1, %al # EDID disabled on cmdline (edid=no)? je .Lno_edid leaw vesa_glob_info, %di diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index d91eb5a537..6e65b569b0 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -568,6 +568,57 @@ static void __init efi_arch_video_init(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, #endif } +#ifdef CONFIG_VIDEO +static bool __init copy_edid(const void *buf, unsigned int size) +{ + /* + * Be conservative - for both undersized and oversized blobs it is unclear + * what to actually do with them. The more that unlike the VESA BIOS + * interface we also have no associated "capabilities" value (which might + * carry a hint as to possible interpretation). + */ + if ( size != ARRAY_SIZE(boot_edid_info) ) + return false; + + memcpy(boot_edid_info, buf, size); + boot_edid_caps = 0; + + return true; +} +#endif + +static void __init efi_arch_edid(EFI_HANDLE gop_handle) +{ +#ifdef CONFIG_VIDEO + static EFI_GUID __initdata active_guid = EFI_EDID_ACTIVE_PROTOCOL_GUID; + static EFI_GUID __initdata discovered_guid = EFI_EDID_DISCOVERED_PROTOCOL_GUID; + EFI_EDID_ACTIVE_PROTOCOL *active_edid; + EFI_EDID_DISCOVERED_PROTOCOL *discovered_edid; + EFI_STATUS status; + + status = efi_bs->OpenProtocol(gop_handle, &active_guid, + (void **)&active_edid, efi_ih, NULL, + EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if ( status == EFI_SUCCESS && + copy_edid(active_edid->Edid, active_edid->SizeOfEdid) ) + return; + + /* + * In case an override is in place which doesn't fit copy_edid(), also try + * obtaining the discovered EDID in the hope that it's better than nothing. + * + * Note that attempting to use the information in + * EFI_EDID_DISCOVERED_PROTOCOL when there's an override provided by + * EFI_EDID_ACTIVE_PROTOCOL might lead to issues. + */ + status = efi_bs->OpenProtocol(gop_handle, &discovered_guid, + (void **)&discovered_edid, efi_ih, NULL, + EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if ( status == EFI_SUCCESS ) + copy_edid(discovered_edid->Edid, discovered_edid->SizeOfEdid); +#endif +} + static void __init efi_arch_memory_setup(void) { unsigned int i; @@ -729,6 +780,7 @@ static void __init efi_arch_flush_dcache_area(const void *vaddr, UINTN size) { } void __init efi_multiboot2(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) { EFI_GRAPHICS_OUTPUT_PROTOCOL *gop; + EFI_HANDLE gop_handle; UINTN cols, gop_mode = ~0, rows; __set_bit(EFI_BOOT, &efi_flags); @@ -742,11 +794,15 @@ void __init efi_multiboot2(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable &cols, &rows) == EFI_SUCCESS ) efi_arch_console_init(cols, rows); - gop = efi_get_gop(); + gop = efi_get_gop(&gop_handle); if ( gop ) + { gop_mode = efi_find_gop_mode(gop, 0, 0, 0); + efi_arch_edid(gop_handle); + } + efi_arch_edd(); efi_arch_cpu(); diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index 4dd5ea6a06..f827a72e93 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -118,7 +118,7 @@ static bool read_section(const EFI_LOADED_IMAGE *image, const CHAR16 *name, static void efi_init(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable); static void efi_console_set_mode(void); -static EFI_GRAPHICS_OUTPUT_PROTOCOL *efi_get_gop(void); +static EFI_GRAPHICS_OUTPUT_PROTOCOL *efi_get_gop(EFI_HANDLE *gop_handle); static UINTN efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, UINTN cols, UINTN rows, UINTN depth); static void efi_tables(void); @@ -758,7 +758,7 @@ static void __init efi_console_set_mode(void) StdOut->SetMode(StdOut, best); } -static EFI_GRAPHICS_OUTPUT_PROTOCOL __init *efi_get_gop(void) +static EFI_GRAPHICS_OUTPUT_PROTOCOL __init *efi_get_gop(EFI_HANDLE *gop_handle) { EFI_GRAPHICS_OUTPUT_MODE_INFORMATION *mode_info; EFI_GRAPHICS_OUTPUT_PROTOCOL *gop = NULL; @@ -783,7 +783,10 @@ static EFI_GRAPHICS_OUTPUT_PROTOCOL __init *efi_get_gop(void) continue; status = gop->QueryMode(gop, gop->Mode->Mode, &info_size, &mode_info); if ( !EFI_ERROR(status) ) + { + *gop_handle = handles[i]; break; + } } if ( handles ) efi_bs->FreePool(handles); @@ -1222,6 +1225,7 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) if ( use_cfg_file ) { EFI_FILE_HANDLE dir_handle; + EFI_HANDLE gop_handle; UINTN depth, cols, rows, size; size = cols = rows = depth = 0; @@ -1230,7 +1234,7 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) &cols, &rows) == EFI_SUCCESS ) efi_arch_console_init(cols, rows); - gop = efi_get_gop(); + gop = efi_get_gop(&gop_handle); /* Get the file system interface. */ dir_handle = get_parent_handle(loaded_image, &file_name); @@ -1360,7 +1364,11 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) dir_handle->Close(dir_handle); if ( gop && !base_video ) + { gop_mode = efi_find_gop_mode(gop, cols, rows, depth); + + efi_arch_edid(gop_handle); + } } /* Get the number of boot modules specified on the DT or an error (<0) */ @@ -1387,7 +1395,6 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) efi_arch_edd(); - /* XXX Collect EDID info. */ efi_arch_cpu(); efi_tables(); diff --git a/xen/include/efi/efiprot.h b/xen/include/efi/efiprot.h index 8cf04df437..56d7636b2b 100644 --- a/xen/include/efi/efiprot.h +++ b/xen/include/efi/efiprot.h @@ -724,5 +724,52 @@ struct _EFI_GRAPHICS_OUTPUT_PROTOCOL { EFI_GRAPHICS_OUTPUT_PROTOCOL_BLT Blt; EFI_GRAPHICS_OUTPUT_PROTOCOL_MODE *Mode; }; + +/* + * EFI EDID Discovered Protocol + * UEFI Specification Version 2.5 Section 11.9 + */ +#define EFI_EDID_DISCOVERED_PROTOCOL_GUID \ + { 0x1C0C34F6, 0xD380, 0x41FA, { 0xA0, 0x49, 0x8a, 0xD0, 0x6C, 0x1A, 0x66, 0xAA} } + +typedef struct _EFI_EDID_DISCOVERED_PROTOCOL { + UINT32 SizeOfEdid; + UINT8 *Edid; +} EFI_EDID_DISCOVERED_PROTOCOL; + +/* + * EFI EDID Active Protocol + * UEFI Specification Version 2.5 Section 11.9 + */ +#define EFI_EDID_ACTIVE_PROTOCOL_GUID \ + { 0xBD8C1056, 0x9F36, 0x44EC, { 0x92, 0xA8, 0xA6, 0x33, 0x7F, 0x81, 0x79, 0x86} } + +typedef struct _EFI_EDID_ACTIVE_PROTOCOL { + UINT32 SizeOfEdid; + UINT8 *Edid; +} EFI_EDID_ACTIVE_PROTOCOL; + +/* + * EFI EDID Override Protocol + * UEFI Specification Version 2.5 Section 11.9 + */ +#define EFI_EDID_OVERRIDE_PROTOCOL_GUID \ + { 0x48ECB431, 0xFB72, 0x45C0, { 0xA9, 0x22, 0xF4, 0x58, 0xFE, 0x04, 0x0B, 0xD5} } + +INTERFACE_DECL(_EFI_EDID_OVERRIDE_PROTOCOL); + +typedef +EFI_STATUS +(EFIAPI *EFI_EDID_OVERRIDE_PROTOCOL_GET_EDID) ( + IN struct _EFI_EDID_OVERRIDE_PROTOCOL *This, + IN EFI_HANDLE *ChildHandle, + OUT UINT32 *Attributes, + IN OUT UINTN *EdidSize, + IN OUT UINT8 **Edid); + +typedef struct _EFI_EDID_OVERRIDE_PROTOCOL { + EFI_EDID_OVERRIDE_PROTOCOL_GET_EDID GetEdid; +} EFI_EDID_OVERRIDE_PROTOCOL; + #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 06:44:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 06:44:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300427.512419 (Exim 4.92) (envelope-from ) id 1ncLsr-0008Ui-SQ; Thu, 07 Apr 2022 06:44:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300427.512419; Thu, 07 Apr 2022 06:44:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsr-0008Ua-PT; Thu, 07 Apr 2022 06:44:45 +0000 Received: by outflank-mailman (input) for mailman id 300427; Thu, 07 Apr 2022 06:44:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsq-0008UJ-KG for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLsq-0000YM-JP for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncLsq-0005Pk-Io for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=L8GsNvWOPNx1wD2cQcseWhNhIjZB7l2RASsiuGv9QZE=; b=Lyyz4cqgdrv0yGtX5EWCGGJa8/ 43okcDhIoMmZC9ZhOK0AsbkIIFNs1iF9tSHuk81p8zPSTxNO4a0d/orAf5uPtnKb06NBecJMMf9mH jRnmJKU3NaivY5vQwctb1Fld82SaJah8dDsJQDSnuEDfZ4QG2TNAwdTMEr5Mr7n47Lkg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/boot: simplify mode_table Message-Id: Date: Thu, 07 Apr 2022 06:44:44 +0000 commit 3b91082bb8486001dfca9952123aa643ca7c5a5e Author: Jan Beulich AuthorDate: Thu Apr 7 08:34:07 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:34:07 2022 +0200 x86/boot: simplify mode_table There's no point in writing 80x25 text mode information via multiple insns all storing immediate values. The data can simply be included first thing in the vga_modes table, allowing the already present REP MOVSB to take care of everything in one go. While touching this also correct a related but stale comment. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/boot/video.S | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S index 22bc3732a0..822d6d9cf1 100644 --- a/xen/arch/x86/boot/video.S +++ b/xen/arch/x86/boot/video.S @@ -656,8 +656,9 @@ outidx: outb %al, %dx # Build the table of video modes (stored after the setup.S code at the # `modelist' label. Each video mode record looks like: # .word MODE-ID (our special mode ID (see above)) -# .byte rows (number of rows) -# .byte columns (number of columns) +# .word rows (number of rows) +# .word columns (number of columns) +# .word 0 (color depth; gfx modes only) # Returns address of the end of the table in DI, the end is marked # with a ASK_VGA ID. mode_table: @@ -666,12 +667,6 @@ mode_table: jnz mtab1 leaw modelist, %di # Store standard modes: - movw $VIDEO_80x25,(%di) # The 80x25 mode (ALL) - movw $0x50,2(%di) - movw $0x19,4(%di) - movw $0x00,6(%di) - addw $8,%di - leaw bootsym(vga_modes), %si # All modes for std VGA movw $vga_modes_end-vga_modes, %cx rep movsb @@ -685,6 +680,7 @@ ret0: ret # Modes usable on all standard VGAs vga_modes: + .word VIDEO_80x25, 0x50,0x19,0 # 80x25 .word VIDEO_80x50, 0x50,0x32,0 # 80x50 .word VIDEO_80x43, 0x50,0x2b,0 # 80x43 .word VIDEO_80x28, 0x50,0x1c,0 # 80x28 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 06:44:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 06:44:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300428.512423 (Exim 4.92) (envelope-from ) id 1ncLt1-000065-Tq; Thu, 07 Apr 2022 06:44:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300428.512423; Thu, 07 Apr 2022 06:44:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLt1-00005w-R0; Thu, 07 Apr 2022 06:44:55 +0000 Received: by outflank-mailman (input) for mailman id 300428; Thu, 07 Apr 2022 06:44:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLt0-00005d-NT for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLt0-0000YZ-Mb for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncLt0-0005QR-Lp for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:44:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eV/Z0pwsBSicgWiUmT8SNZc9kNBBQR2iI+SfwNzdAXY=; b=P5TtFNgEdsu7q7SdUMivjdc9Hp 7a+CPxB0D9ZOFzFrRVb5za3E4pNcmk2N+3eyiUje4ff8exqTUX8w2Q08OnqxXSdJGQ73nBpxkAocc G6aSFsCp76UTnZw8DI3M+IwCfdNXIkhCtKXThGY0k93NU43K2k4U/aWk8W9aThtCcPso=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/boot: fold branches in video handling code Message-Id: Date: Thu, 07 Apr 2022 06:44:54 +0000 commit 2f576a65a09d98e63e548143825d7a33fa5cff1b Author: Jan Beulich AuthorDate: Thu Apr 7 08:34:58 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:34:58 2022 +0200 x86/boot: fold branches in video handling code Using Jcc to branch around a JMP is necessary only in pre-386 code, where Jcc is limited to disp8. Use the opposite Jcc directly in two places. Since it's adjacent, also convert an ORB to TESTB. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/boot/video.S | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S index 822d6d9cf1..b5af93dbc5 100644 --- a/xen/arch/x86/boot/video.S +++ b/xen/arch/x86/boot/video.S @@ -332,8 +332,7 @@ lment: movb $0, (%di) cmpw $0x656d, (%si) # 'me' jnz lmhx cmpw $0x756e, 2(%si) # 'nu' - jnz lmhx - jmp listm + jz listm lmhx: xorw %bx, %bx # Else => mode ID in hex lmhex: lodsb @@ -401,10 +400,8 @@ mode_set: cmpb $VIDEO_FIRST_VESA>>8, %ah jnc check_vesa - orb %ah, %ah - jnz setbad - - jmp setmenu + testb %ah, %ah + jz setmenu setbad: clc ret -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 06:45:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 06:45:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300429.512426 (Exim 4.92) (envelope-from ) id 1ncLtB-00008x-VR; Thu, 07 Apr 2022 06:45:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300429.512426; Thu, 07 Apr 2022 06:45:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLtB-00008p-SY; Thu, 07 Apr 2022 06:45:05 +0000 Received: by outflank-mailman (input) for mailman id 300429; Thu, 07 Apr 2022 06:45:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLtA-00008e-QI for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:45:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLtA-0000Z9-PV for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:45:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncLtA-0005RY-Ov for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:45:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3YoCkT0ZZ2Xv6yPmrovTs1iKPFf3LIXk0hFQCTk+sVw=; b=sc/GKfKKNg0LVnV5aVP9D/zBg5 Dj3plVXrtvfQ47TgoWPpz3XMINqFz+fdwm5BHz1Q6Pgm25zFl3cO4hpWVHDxwDFYFf/fJtRIOp0t8 TmxXsLmzO0+OwSxGLj6R92nbs8R1LbIbW4Nnh3pi0PSCWeLdwJymmXbDRcpka+1iAZBQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/boot: fold/replace moves in video handling code Message-Id: Date: Thu, 07 Apr 2022 06:45:04 +0000 commit c4cac1f48a45925fcc3ec2a60b1271b71dc60223 Author: Jan Beulich AuthorDate: Thu Apr 7 08:36:02 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:36:02 2022 +0200 x86/boot: fold/replace moves in video handling code Replace (mainly) MOV forms with shorter insns (or sequences thereof). Signed-off-by: Jan Beulich Acked-by: Roger Pau MonnĂ© --- xen/arch/x86/boot/video.S | 40 ++++++++++++++++------------------------ 1 file changed, 16 insertions(+), 24 deletions(-) diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S index b5af93dbc5..ee993e1073 100644 --- a/xen/arch/x86/boot/video.S +++ b/xen/arch/x86/boot/video.S @@ -121,8 +121,7 @@ mopar_gr: movw %ax, _param(PARAM_LFB_WIDTH) movw 20(%di), %ax movw %ax, _param(PARAM_LFB_HEIGHT) - movb 25(%di), %al - movb $0, %ah + movzbw 25(%di), %ax movw %ax, _param(PARAM_LFB_DEPTH) movl 40(%di), %eax movl %eax, _param(PARAM_LFB_BASE) @@ -135,8 +134,7 @@ mopar_gr: # get video mem size leaw vesa_glob_info, %di - xorl %eax, %eax - movw 18(%di), %ax + movzwl 18(%di), %eax movl %eax, _param(PARAM_LFB_SIZE) # store mode capabilities @@ -144,14 +142,11 @@ mopar_gr: movl %eax, _param(PARAM_CAPABILITIES) # switching the DAC to 8-bit is for <= 8 bpp only - movw _param(PARAM_LFB_DEPTH), %ax - cmpw $8, %ax + cmpw $8, _param(PARAM_LFB_DEPTH) jg dac_done # get DAC switching capability - xorl %eax, %eax - movb 10(%di), %al - testb $1, %al + testb $1, 10(%di) jz dac_set # attempt to switch DAC to 8-bit @@ -164,17 +159,17 @@ mopar_gr: dac_set: # set color size to DAC size - movb bootsym(dac_size), %al + movzbw bootsym(dac_size), %ax movb %al, _param(PARAM_LFB_COLORS+0) movb %al, _param(PARAM_LFB_COLORS+2) movb %al, _param(PARAM_LFB_COLORS+4) movb %al, _param(PARAM_LFB_COLORS+6) # set color offsets to 0 - movb $0, _param(PARAM_LFB_COLORS+1) - movb $0, _param(PARAM_LFB_COLORS+3) - movb $0, _param(PARAM_LFB_COLORS+5) - movb $0, _param(PARAM_LFB_COLORS+7) + movb %ah, _param(PARAM_LFB_COLORS+1) + movb %ah, _param(PARAM_LFB_COLORS+3) + movb %ah, _param(PARAM_LFB_COLORS+5) + movb %ah, _param(PARAM_LFB_COLORS+7) dac_done: # get protected mode interface information @@ -504,7 +499,8 @@ setvesabysize: call mode_table leaw modelist,%si 1: add $8,%si - cmpw $ASK_VGA,-8(%si) # End? + movw -8(%si),%bx + cmpw $ASK_VGA,%bx # End? je setbad movw -6(%si),%ax cmpw %ax,bootsym(vesa_size)+0 @@ -515,9 +511,7 @@ setvesabysize: movw -2(%si),%ax cmpw %ax,bootsym(vesa_size)+4 jne 1b - movw -8(%si),%ax - movw %ax,%bx - movw %ax,bootsym(boot_vid_mode) + movw %bx,bootsym(boot_vid_mode) jmp check_vesa # Table of routines for setting of the special modes. @@ -741,8 +735,7 @@ vesa2: pushw %cx movw %bx, 2(%di) movw 0x14(%di), %bx # Height movw %bx, 4(%di) - xorw %bx, %bx - movb 0x19(%di), %bl # Depth + movzbw 0x19(%di), %bx # Depth movw %bx, 6(%di) addw $8, %di # The mode is valid. Store it. @@ -869,8 +862,7 @@ gettime: movb %dh, %al # %dh contains the seconds andb $0x0f, %al movb %dh, %ah - movb $0x04, %cl - shrb %cl, %ah + shrb $4, %ah aad popw %cx ret @@ -927,8 +919,8 @@ store_edid: .Lforce_edid: movw $0x4f15, %ax # do VBE/DDC movw $0x01, %bx - movw $0x00, %cx - movw $0x00, %dx + xorw %cx, %cx + xorw %dx, %dx movw $bootsym(boot_edid_info), %di int $0x10 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 06:45:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 06:45:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300430.512432 (Exim 4.92) (envelope-from ) id 1ncLtM-0000Ci-2X; Thu, 07 Apr 2022 06:45:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300430.512432; Thu, 07 Apr 2022 06:45:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLtL-0000CZ-VR; Thu, 07 Apr 2022 06:45:15 +0000 Received: by outflank-mailman (input) for mailman id 300430; Thu, 07 Apr 2022 06:45:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLtK-0000CM-TK for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:45:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLtK-0000ZK-SR for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:45:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncLtK-0005SY-Ri for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:45:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KksJIJyBHvpIbrxV1aCMmUXXXbnK68id/vjmhtMmDGo=; b=zYT/H9CsxKM8uEhgcoJXurU43r wd6MYmG1DaJHveboY6jzxQQ+mmN/NOv15fHHcD5T8PbHlqWzGVQIvb5Cv4803UosDnQTwNdps+YI3 7XwSl1Fw+gjDZYPiS5TMzz8uy4EB2OafSJdJHJKwmB8cfP5BiCNCAu2SDB97bQ13g9Ew=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/boot: fold two MOVs into an ADD Message-Id: Date: Thu, 07 Apr 2022 06:45:14 +0000 commit 7451cdf204a1b119f134f8bc370a5ec119909565 Author: Jan Beulich AuthorDate: Thu Apr 7 08:37:27 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:37:27 2022 +0200 x86/boot: fold two MOVs into an ADD There's no point going through %ax; the addition can be done directly in %di. Signed-off-by: Jan Beulich Acked-by: Roger Pau MonnĂ© --- xen/arch/x86/boot/mem.S | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/xen/arch/x86/boot/mem.S b/xen/arch/x86/boot/mem.S index a2db7b5d4d..94ffc87d50 100644 --- a/xen/arch/x86/boot/mem.S +++ b/xen/arch/x86/boot/mem.S @@ -24,9 +24,7 @@ get_memory_map: cmpw $E820_BIOS_MAX, bootsym(bios_e820nr) # up to this many entries jae .Ldone - movw %di,%ax - addw $20,%ax - movw %ax,%di + addw $20,%di testl %ebx,%ebx # check to see if jnz 1b # %ebx is set to EOF -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 06:45:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 06:45:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300431.512436 (Exim 4.92) (envelope-from ) id 1ncLtW-0000Fg-3i; Thu, 07 Apr 2022 06:45:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300431.512436; Thu, 07 Apr 2022 06:45:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLtW-0000FU-0Z; Thu, 07 Apr 2022 06:45:26 +0000 Received: by outflank-mailman (input) for mailman id 300431; Thu, 07 Apr 2022 06:45:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLtU-0000FK-W8 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:45:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncLtU-0000ZZ-VJ for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:45:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncLtU-0005TB-Um for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 06:45:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O2hdpe0DgpUaX7jaxONhSv2isveFHwa7U3uaEltwb1I=; b=V4S2Cyjn3Uj92/lVIetQKt5UUE PP18Oab3GdqP/9Bvk6VO6XGaR87+LGB7edrpnsDqtNcHnxTLWs0ef7q6jPWFTe294WsyEZHzWqfH9 EGDDbrZ01xy6Bj1QYFPlDsa1t/aw2vX5Nh6u3GEouYZRaO451/1tQ4jAFQqzDsqzvC3g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] EFI: correct indentation in efi_tables() Message-Id: Date: Thu, 07 Apr 2022 06:45:24 +0000 commit 609b8b0153e9bdb4e15be88a8911c6360e13e268 Author: Jan Beulich AuthorDate: Thu Apr 7 08:39:03 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:39:03 2022 +0200 EFI: correct indentation in efi_tables() Eliminate hard tabs. While there also cast to the intended type. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/common/efi/boot.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index f827a72e93..ac1b235372 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -859,15 +859,15 @@ static void __init efi_tables(void) static EFI_GUID __initdata smbios3_guid = SMBIOS3_TABLE_GUID; if ( match_guid(&acpi2_guid, &efi_ct[i].VendorGuid) ) - efi.acpi20 = (long)efi_ct[i].VendorTable; + efi.acpi20 = (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&acpi_guid, &efi_ct[i].VendorGuid) ) - efi.acpi = (long)efi_ct[i].VendorTable; + efi.acpi = (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&mps_guid, &efi_ct[i].VendorGuid) ) - efi.mps = (long)efi_ct[i].VendorTable; + efi.mps = (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&smbios_guid, &efi_ct[i].VendorGuid) ) - efi.smbios = (long)efi_ct[i].VendorTable; + efi.smbios = (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&smbios3_guid, &efi_ct[i].VendorGuid) ) - efi.smbios3 = (long)efi_ct[i].VendorTable; + efi.smbios3 = (unsigned long)efi_ct[i].VendorTable; } #ifndef CONFIG_ARM /* TODO - disabled until implemented on ARM */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:22:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300446.512471 (Exim 4.92) (envelope-from ) id 1ncMSz-0006WV-LZ; Thu, 07 Apr 2022 07:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300446.512471; Thu, 07 Apr 2022 07:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMSz-0006WN-Ik; Thu, 07 Apr 2022 07:22:05 +0000 Received: by outflank-mailman (input) for mailman id 300446; Thu, 07 Apr 2022 07:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMSy-0006WH-Gm for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMSy-0001Eb-ED for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMSy-00018C-DN for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tZaO1ifcYo5yxy4V1WmEs+HX9jdQlxOICO3+ni6tH+U=; b=Guwu4CB64uaniXghsjFUM/Um2t oOaqzVaGFrl1aaO8Qv/ZzCqueBv7TVKrcze3iKVBkOyBzM5Wxjo8oRy4lRytEMTRp36zrOHIyHm7Z x7P2XDZ5lVBSftivOsFGtuNBEUXZJl3FUsHeT3Ra2fDZP2gVTX60wpZEkY3/QhqGWo9U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] update Xen version to 4.14.5-pre Message-Id: Date: Thu, 07 Apr 2022 07:22:04 +0000 commit 576d4697cd8a7f7afd621dcac22e306328871744 Author: Jan Beulich AuthorDate: Thu Apr 7 09:02:27 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:02:27 2022 +0200 update Xen version to 4.14.5-pre --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index 6995bf01d9..7c98e4ae15 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 14 -export XEN_EXTRAVERSION ?= .4$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .5-pre$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:22:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:22:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300447.512476 (Exim 4.92) (envelope-from ) id 1ncMT9-0006Yb-Mz; Thu, 07 Apr 2022 07:22:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300447.512476; Thu, 07 Apr 2022 07:22:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMT9-0006YT-KB; Thu, 07 Apr 2022 07:22:15 +0000 Received: by outflank-mailman (input) for mailman id 300447; Thu, 07 Apr 2022 07:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMT8-0006YJ-Jj for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMT8-0001Eo-Is for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMT8-0001AN-Gb for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/nZ5a5tf1kj2qZwEAgumd7THpg4lZtxC7SVQKVibjU0=; b=AbF6rUntbFW7Mg1DDfnadKIP5T wqCIZrNyqpY9Dr1S7zbXHcM+viehLjkYJvDXYJsk80g7eYbBw9dZMeiXW72QYC2dogoweCXaR2ZK6 wCnBQZQFUqBLfkd5RRnNCZacPcIfhbKAbX80c/qX4jK+pd1X3VQz2F0+zLUhPGiflijI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] tools/libxl: Correctly align the ACPI tables Message-Id: Date: Thu, 07 Apr 2022 07:22:14 +0000 commit 67f52a2e2d4a710a27380cd9fc9db672f9b39830 Author: Kevin Stefanov AuthorDate: Thu Apr 7 09:03:55 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:03:55 2022 +0200 tools/libxl: Correctly align the ACPI tables The memory allocator currently calculates alignment in libxl's virtual address space, rather than guest physical address space. This results in the FACS being commonly misaligned. Furthermore, the allocator has several other bugs. The opencoded align-up calculation is currently susceptible to a bug that occurs in the corner case that the buffer is already aligned to begin with. In that case, an align-sized memory hole is introduced. The while loop is dead logic because its effects are entirely and unconditionally overwritten immediately after it. Rework the memory allocator to align in guest physical address space instead of libxl's virtual memory and improve the calculation, drop errant extra page in allocated buffer for ACPI tables, and give some of the variables better names/types. Fixes: 14c0d328da2b ("libxl/acpi: Build ACPI tables for HVMlite guests") Signed-off-by: Kevin Stefanov Reviewed-by: Jan Beulich Acked-by: Ian Jackson master commit: dd6c062a7a4abdb662c18af03d1396325969d155 master date: 2021-09-24 11:07:50 +0100 --- tools/libxl/libxl_x86_acpi.c | 49 +++++++++++++++++--------------------------- 1 file changed, 19 insertions(+), 30 deletions(-) diff --git a/tools/libxl/libxl_x86_acpi.c b/tools/libxl/libxl_x86_acpi.c index ed6610c84e..43da8a38ed 100644 --- a/tools/libxl/libxl_x86_acpi.c +++ b/tools/libxl/libxl_x86_acpi.c @@ -22,6 +22,7 @@ /* Number of pages holding ACPI tables */ #define NUM_ACPI_PAGES 16 +#define ALIGN(p, a) (((p) + ((a) - 1)) & ~((a) - 1)) struct libxl_acpi_ctxt { struct acpi_ctxt c; @@ -30,10 +31,10 @@ struct libxl_acpi_ctxt { unsigned int page_shift; /* Memory allocator */ - unsigned long alloc_base_paddr; - unsigned long alloc_base_vaddr; - unsigned long alloc_currp; - unsigned long alloc_end; + unsigned long guest_start; + unsigned long guest_curr; + unsigned long guest_end; + void *buf; }; extern const unsigned char dsdt_pvh[]; @@ -45,8 +46,7 @@ static unsigned long virt_to_phys(struct acpi_ctxt *ctxt, void *v) struct libxl_acpi_ctxt *libxl_ctxt = CONTAINER_OF(ctxt, struct libxl_acpi_ctxt, c); - return (((unsigned long)v - libxl_ctxt->alloc_base_vaddr) + - libxl_ctxt->alloc_base_paddr); + return libxl_ctxt->guest_start + (v - libxl_ctxt->buf); } static void *mem_alloc(struct acpi_ctxt *ctxt, @@ -60,20 +60,16 @@ static void *mem_alloc(struct acpi_ctxt *ctxt, if (align < 16) align = 16; - s = (libxl_ctxt->alloc_currp + align) & ~((unsigned long)align - 1); + s = ALIGN(libxl_ctxt->guest_curr, align); e = s + size - 1; /* TODO: Reallocate memory */ - if ((e < s) || (e >= libxl_ctxt->alloc_end)) + if ((e < s) || (e >= libxl_ctxt->guest_end)) return NULL; - while (libxl_ctxt->alloc_currp >> libxl_ctxt->page_shift != - e >> libxl_ctxt->page_shift) - libxl_ctxt->alloc_currp += libxl_ctxt->page_size; + libxl_ctxt->guest_curr = e; - libxl_ctxt->alloc_currp = e; - - return (void *)s; + return libxl_ctxt->buf + (s - libxl_ctxt->guest_start); } static void acpi_mem_free(struct acpi_ctxt *ctxt, @@ -165,15 +161,12 @@ int libxl__dom_load_acpi(libxl__gc *gc, struct acpi_config config = {0}; struct libxl_acpi_ctxt libxl_ctxt; int rc = 0, acpi_pages_num; - void *acpi_pages; - unsigned long page_mask; if (b_info->type != LIBXL_DOMAIN_TYPE_PVH) goto out; libxl_ctxt.page_size = XC_DOM_PAGE_SIZE(dom); libxl_ctxt.page_shift = XC_DOM_PAGE_SHIFT(dom); - page_mask = (1UL << libxl_ctxt.page_shift) - 1; libxl_ctxt.c.mem_ops.alloc = mem_alloc; libxl_ctxt.c.mem_ops.v2p = virt_to_phys; @@ -188,19 +181,17 @@ int libxl__dom_load_acpi(libxl__gc *gc, config.rsdp = (unsigned long)libxl__malloc(gc, libxl_ctxt.page_size); config.infop = (unsigned long)libxl__malloc(gc, libxl_ctxt.page_size); /* Pages to hold ACPI tables */ - acpi_pages = libxl__malloc(gc, (NUM_ACPI_PAGES + 1) * - libxl_ctxt.page_size); + libxl_ctxt.buf = libxl__malloc(gc, NUM_ACPI_PAGES * + libxl_ctxt.page_size); /* * Set up allocator memory. * Start next to acpi_info page to avoid fracturing e820. */ - libxl_ctxt.alloc_base_paddr = ACPI_INFO_PHYSICAL_ADDRESS + - libxl_ctxt.page_size; - libxl_ctxt.alloc_base_vaddr = libxl_ctxt.alloc_currp = - (unsigned long)acpi_pages; - libxl_ctxt.alloc_end = (unsigned long)acpi_pages + - (NUM_ACPI_PAGES * libxl_ctxt.page_size); + libxl_ctxt.guest_start = libxl_ctxt.guest_curr = libxl_ctxt.guest_end = + ACPI_INFO_PHYSICAL_ADDRESS + libxl_ctxt.page_size; + + libxl_ctxt.guest_end += NUM_ACPI_PAGES * libxl_ctxt.page_size; /* Build the tables. */ rc = acpi_build_tables(&libxl_ctxt.c, &config); @@ -210,10 +201,8 @@ int libxl__dom_load_acpi(libxl__gc *gc, } /* Calculate how many pages are needed for the tables. */ - acpi_pages_num = - ((libxl_ctxt.alloc_currp - (unsigned long)acpi_pages) - >> libxl_ctxt.page_shift) + - ((libxl_ctxt.alloc_currp & page_mask) ? 1 : 0); + acpi_pages_num = (ALIGN(libxl_ctxt.guest_curr, libxl_ctxt.page_size) - + libxl_ctxt.guest_start) >> libxl_ctxt.page_shift; dom->acpi_modules[0].data = (void *)config.rsdp; dom->acpi_modules[0].length = 64; @@ -234,7 +223,7 @@ int libxl__dom_load_acpi(libxl__gc *gc, dom->acpi_modules[1].length = 4096; dom->acpi_modules[1].guest_addr_out = ACPI_INFO_PHYSICAL_ADDRESS; - dom->acpi_modules[2].data = acpi_pages; + dom->acpi_modules[2].data = libxl_ctxt.buf; dom->acpi_modules[2].length = acpi_pages_num << libxl_ctxt.page_shift; dom->acpi_modules[2].guest_addr_out = ACPI_INFO_PHYSICAL_ADDRESS + libxl_ctxt.page_size; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:22:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:22:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300448.512479 (Exim 4.92) (envelope-from ) id 1ncMTJ-0006bl-Od; Thu, 07 Apr 2022 07:22:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300448.512479; Thu, 07 Apr 2022 07:22:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTJ-0006bd-Li; Thu, 07 Apr 2022 07:22:25 +0000 Received: by outflank-mailman (input) for mailman id 300448; Thu, 07 Apr 2022 07:22:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTI-0006bK-ND for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTI-0001F2-ME for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMTI-0001BH-LH for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wb96EeXSeeEdFBVan7NHjrvMxkyCdrPkRC1yuwhaCFE=; b=mSmXS3LXuD5foaFlLETGeEsHT0 0CKaK68rjAfEph8IOxaseX52bH8QdDYst6BpULUKRHITDmE1ryJQ/gM1lP0yuJ/kgGDKVqGKcBMVP Q/miypS23bmZFpq9gC1V7Xshz51vGLiGbyuU9aD5z4eJl86I5yrlfkN+e8XdFAuj9dc0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] tools/libs/light: set video_mem for PVH guests Message-Id: Date: Thu, 07 Apr 2022 07:22:24 +0000 commit a58f5fdc1b743d11ead73614b0affc97a745c414 Author: Juergen Gross AuthorDate: Thu Apr 7 09:04:14 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:04:14 2022 +0200 tools/libs/light: set video_mem for PVH guests The size of the video memory of PVH guests should be set to 0 in case no value has been specified. Doing not so will leave it to be -1, resulting in an additional 1 kB of RAM being advertised in the memory map (here the output of a PVH Mini-OS boot with 16 MB of RAM assigned): Memory map: 000000000000-0000010003ff: RAM 0000feff8000-0000feffffff: Reserved 0000fc008000-0000fc00803f: ACPI 0000fc000000-0000fc000fff: ACPI 0000fc001000-0000fc007fff: ACPI Signed-off-by: Juergen Gross Reviewed-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD master commit: 0a20a53df158eb0724ce6dcd9de70cbdad547d6f master date: 2021-12-09 16:26:29 +0000 --- tools/libxl/libxl_create.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c index 83b0eb00bf..76299dd43d 100644 --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -427,6 +427,8 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, break; case LIBXL_DOMAIN_TYPE_PVH: libxl_defbool_setdefault(&b_info->u.pvh.pvshim, false); + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 0; if (libxl_defbool_val(b_info->u.pvh.pvshim)) { if (!b_info->u.pvh.pvshim_path) b_info->u.pvh.pvshim_path = -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:22:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:22:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300449.512484 (Exim 4.92) (envelope-from ) id 1ncMTT-0006es-QS; Thu, 07 Apr 2022 07:22:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300449.512484; Thu, 07 Apr 2022 07:22:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTT-0006ek-NO; Thu, 07 Apr 2022 07:22:35 +0000 Received: by outflank-mailman (input) for mailman id 300449; Thu, 07 Apr 2022 07:22:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTS-0006eW-QF for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTS-0001FV-PL for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMTS-0001Bu-OT for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3qs++7XO6Lp3DITl9yZb2mBQxFY0ValgA7WGFAwvHic=; b=k6q4xHeO1VOukedcEyEG1YxEPd W+SydmcGIB47N0YQ9mx8bycz23phyfddRLdhQ4NWT/LHgL0duoR2riqlxybFnFfpG7TPuOco6sUKe 4+r08qp9FX715NL/yFhJMeAt2ehabbcyp17ZYsB0z3Mu6K7SltI8WshdmkpSXTL5fcSw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] build: fix exported variable name CFLAGS_stack_boundary Message-Id: Date: Thu, 07 Apr 2022 07:22:34 +0000 commit 83694747099ee34fe38bc1ac761dacc41026d3ee Author: Anthony PERARD AuthorDate: Thu Apr 7 09:05:23 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:05:23 2022 +0200 build: fix exported variable name CFLAGS_stack_boundary Exporting a variable with a dash doesn't work reliably, they may be striped from the environment when calling a sub-make or sub-shell. CFLAGS-stack-boundary start to be removed from env in patch "build: set ALL_OBJS in main Makefile; move prelink.o to main Makefile" when running `make "ALL_OBJS=.."` due to the addition of the quote. At least in my empirical tests. Fixes: 2740d96efd ("xen/build: have the root Makefile generates the CFLAGS") Signed-off-by: Anthony PERARD Acked-by: Jan Beulich master commit: aa390d513a67a6ec0a069eea7478e5ecd54a7ea6 master date: 2022-01-28 11:44:33 +0100 --- xen/arch/x86/Rules.mk | 4 ++-- xen/arch/x86/arch.mk | 4 ++-- xen/arch/x86/efi/Makefile | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/Rules.mk b/xen/arch/x86/Rules.mk index 56fe22c979..7aef93f5f3 100644 --- a/xen/arch/x86/Rules.mk +++ b/xen/arch/x86/Rules.mk @@ -6,5 +6,5 @@ object_label_flags = '-D__OBJECT_LABEL__=$(subst $(BASEDIR)/,,$(CURDIR))/$@' else object_label_flags = '-D__OBJECT_LABEL__=$(subst /,$$,$(subst -,_,$(subst $(BASEDIR)/,,$(CURDIR))/$@))' endif -c_flags += $(object_label_flags) $(CFLAGS-stack-boundary) -a_flags += $(object_label_flags) $(CFLAGS-stack-boundary) +c_flags += $(object_label_flags) $(CFLAGS_stack_boundary) +a_flags += $(object_label_flags) $(CFLAGS_stack_boundary) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 7a7ff7dd7d..329ff8e541 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -56,8 +56,8 @@ endif # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. -$(call cc-option-add,CFLAGS-stack-boundary,CC,-mpreferred-stack-boundary=3) -export CFLAGS-stack-boundary +$(call cc-option-add,CFLAGS_stack_boundary,CC,-mpreferred-stack-boundary=3) +export CFLAGS_stack_boundary ifeq ($(CONFIG_UBSAN),y) # Don't enable alignment sanitisation. x86 has efficient unaligned accesses, diff --git a/xen/arch/x86/efi/Makefile b/xen/arch/x86/efi/Makefile index 3e4c395b75..a26fc2d1a5 100644 --- a/xen/arch/x86/efi/Makefile +++ b/xen/arch/x86/efi/Makefile @@ -11,7 +11,7 @@ boot.init.o: buildid.o EFIOBJ := boot.init.o compat.o runtime.o $(call cc-option-add,cflags-stack-boundary,CC,-mpreferred-stack-boundary=4) -$(EFIOBJ): CFLAGS-stack-boundary := $(cflags-stack-boundary) +$(EFIOBJ): CFLAGS_stack_boundary := $(cflags-stack-boundary) obj-y := stub.o obj-$(XEN_BUILD_EFI) := $(EFIOBJ) relocs-dummy.o -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:22:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:22:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300450.512488 (Exim 4.92) (envelope-from ) id 1ncMTd-0006he-Rn; Thu, 07 Apr 2022 07:22:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300450.512488; Thu, 07 Apr 2022 07:22:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTd-0006hV-Ow; Thu, 07 Apr 2022 07:22:45 +0000 Received: by outflank-mailman (input) for mailman id 300450; Thu, 07 Apr 2022 07:22:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTc-0006hM-Th for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTc-0001Fj-Sr for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMTc-0001CX-SB for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rNPj44iUGRVHTKxQNSpWje1mn+UKeOYI2Y3IJugcKM0=; b=fq5i5Bgao44y+eXAlpknGnhl/O ftSnaNpjJvA899R9aJKbCuiX42sq8PuBKi0jTjBOAQSGPFttGx8rbFV78HE6yIGSEuwoj774TBNqE zEU1LuBAzKno3POR8LwQJhiiD4eLrrQku7hNFRfpezwfsq6YWt/BEWTZJA6Tb3P9F/+0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86emul: fix VPBLENDMW with mask and memory operand Message-Id: Date: Thu, 07 Apr 2022 07:22:44 +0000 commit cc06d95c4139b403236614dcddc7f8a6c5e8bb51 Author: Jan Beulich AuthorDate: Thu Apr 7 09:06:00 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:06:00 2022 +0200 x86emul: fix VPBLENDMW with mask and memory operand Element size for this opcode depends on EVEX.W, not the low opcode bit. Make use of AVX512BW being a prereq to AVX512_BITALG and move the case label there, adding an AVX512BW feature check. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: eddf13b5e9401f6871dcce1ce61c80cff62079ed master date: 2022-02-14 10:08:38 +0100 --- xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index e9216c40ff..c0f91dd4b3 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -7364,7 +7364,6 @@ x86_emulate( case X86EMUL_OPC_EVEX_66(0x0f38, 0x0b): /* vpmulhrsw [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1c): /* vpabsb [xyz]mm/mem,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1d): /* vpabsw [xyz]mm/mem,[xyz]mm{k} */ - case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << (b & 1); @@ -9512,6 +9511,9 @@ x86_emulate( /* fall through */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x54): /* vpopcnt{b,w} [xyz]mm/mem,[xyz]mm{k} */ host_and_vcpu_must_have(avx512_bitalg); + /* fall through */ + case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ + host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << evex.w; goto avx512f_no_sae; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:22:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:22:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300451.512492 (Exim 4.92) (envelope-from ) id 1ncMTn-0006lB-Uu; Thu, 07 Apr 2022 07:22:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300451.512492; Thu, 07 Apr 2022 07:22:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTn-0006l3-Rn; Thu, 07 Apr 2022 07:22:55 +0000 Received: by outflank-mailman (input) for mailman id 300451; Thu, 07 Apr 2022 07:22:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTn-0006kn-0L for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTm-0001Ft-Vg for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMTm-0001DA-V3 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:22:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ycxGJyPSmavpLzUwHDqxRrJg5mzFYrQvrVXPO5au5YQ=; b=LAGuiVS0BlKTxIYsbiOD1WesQA oUzrjqyUL2SpSiguR5hk63WN6TZ458ZuTNjwLvavrUXPFe/B9wzofAilA0c8Ak4yEQszNq9h9wMYx 9z9wkYVCWPtHL8SHOZB+AtMEYvGbblWq6YH+c347eXyVWST+skNcT9AH9uUsRcthp+08=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/console: process softirqs between warning prints Message-Id: Date: Thu, 07 Apr 2022 07:22:54 +0000 commit a2f7300559242d03ae12c3f98bb21e79acea8e6a Author: Roger Pau MonnĂ© AuthorDate: Thu Apr 7 09:06:49 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:06:49 2022 +0200 x86/console: process softirqs between warning prints Process softirqs while printing end of boot warnings. Each warning can be several lines long, and on slow consoles printing multiple ones without processing softirqs can result in the watchdog triggering: (XEN) [ 22.277806] *************************************************** (XEN) [ 22.417802] WARNING: CONSOLE OUTPUT IS SYNCHRONOUS (XEN) [ 22.556029] This option is intended to aid debugging of Xen by ensuring (XEN) [ 22.696802] that all output is synchronously delivered on the serial line. (XEN) [ 22.838024] However it can introduce SIGNIFICANT latencies and affect (XEN) [ 22.978710] timekeeping. It is NOT recommended for production use! (XEN) [ 23.119066] *************************************************** (XEN) [ 23.258865] Booted on L1TF-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.399560] enabled. Please assess your configuration and choose an (XEN) [ 23.539925] explicit 'smt=' setting. See XSA-273. (XEN) [ 23.678860] *************************************************** (XEN) [ 23.818492] Booted on MLPDS/MFBDS-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.959811] enabled. Mitigations will not be fully effective. Please (XEN) [ 24.100396] choose an explicit smt= setting. See XSA-297. (XEN) [ 24.240254] *************************************************(XEN) [ 24.247302] Watchdog timer detects that CPU0 is stuck! (XEN) [ 24.386785] ----[ Xen-4.17-unstable x86_64 debug=y Tainted: C ]---- (XEN) [ 24.527874] CPU: 0 (XEN) [ 24.662422] RIP: e008:[] drivers/char/ns16550.c#ns16550_tx_ready+0x3a/0x90 Fixes: ee3fd57acd ('xen: add warning infrastructure') Signed-off-by: Roger Pau MonnĂ© Acked-by: Jan Beulich master commit: 6bd1b4d35c05c21a78bf00f610587ce8a75cb5c2 master date: 2022-02-18 09:02:16 +0100 --- xen/common/warning.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/warning.c b/xen/common/warning.c index 0269c6715c..e6e1404baf 100644 --- a/xen/common/warning.c +++ b/xen/common/warning.c @@ -30,6 +30,7 @@ void __init warning_print(void) { printk("%s", warnings[i]); printk("***************************************************\n"); + process_pending_softirqs(); } for ( i = 0; i < 3; i++ ) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:23:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:23:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300452.512496 (Exim 4.92) (envelope-from ) id 1ncMTx-0006nw-WE; Thu, 07 Apr 2022 07:23:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300452.512496; Thu, 07 Apr 2022 07:23:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTx-0006no-TM; Thu, 07 Apr 2022 07:23:05 +0000 Received: by outflank-mailman (input) for mailman id 300452; Thu, 07 Apr 2022 07:23:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTx-0006nc-3G for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMTx-0001GM-2R for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMTx-0001Ds-1n for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TcwPEtHAXFHJ7AHl91GYjc8h6YBCDlgbDWX92Uxdpso=; b=vnX0LH6d5QKYiCfI4J6/pjS8UP oKdHb50TyblUOxz6jRHWcL0Z50ZlAbi5esSmsshFITQh180nZd+l1smm5CDwM0yXthLnJsWpiorEK bEfhazBJiUFI1hPzDRFNWHGkNgRD50FVh0gx8JLo4SX7qyF9quf1RSmbUBb4Tgp1RL+U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] tools/libxl: don't allow IOMMU usage with PoD Message-Id: Date: Thu, 07 Apr 2022 07:23:05 +0000 commit f21d28750627c9bba3e0032251d29ddefd9ac491 Author: Roger Pau MonnĂ© AuthorDate: Thu Apr 7 09:07:18 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:07:18 2022 +0200 tools/libxl: don't allow IOMMU usage with PoD Prevent libxl from creating guests that attempts to use PoD together with an IOMMU, even if no devices are actually assigned. While the hypervisor could support using PoD together with an IOMMU as long as no devices are assigned, such usage seems doubtful. There's no guarantee the guest has PoD no longer be active, and thus a later assignment of a PCI device to such domain could fail. Preventing the usage of PoD together with an IOMMU at guest creation avoids having to add checks for active PoD entries in the device assignment paths. Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Anthony PERARD master commit: 07449ecfa42532495156fa342af2112e3e31dd3f master date: 2022-02-18 09:03:08 +0100 --- tools/libxl/libxl_create.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c index 76299dd43d..5cadb95a3f 100644 --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -1132,17 +1132,17 @@ int libxl__domain_config_setdefault(libxl__gc *gc, pod_enabled = (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV) && (d_config->b_info.target_memkb < d_config->b_info.max_memkb); - /* We cannot have PoD and PCI device assignment at the same time - * for HVM guest. It was reported that IOMMU cannot work with PoD - * enabled because it needs to populated entire page table for - * guest. To stay on the safe side, we disable PCI device - * assignment when PoD is enabled. + /* We don't support having PoD and an IOMMU at the same time for HVM + * guests. An active IOMMU cannot work with PoD because it needs a fully + * populated page-table. Prevent PoD usage if the domain has an IOMMU + * assigned, even if not active. */ if (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV && - d_config->num_pcidevs && pod_enabled) { + d_config->c_info.passthrough != LIBXL_PASSTHROUGH_DISABLED && + pod_enabled) { ret = ERROR_INVAL; LOGD(ERROR, domid, - "PCI device assignment for HVM guest failed due to PoD enabled"); + "IOMMU required for device passthrough but not supported together with PoD"); goto error_out; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:23:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:23:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300453.512500 (Exim 4.92) (envelope-from ) id 1ncMU8-0006qz-1P; Thu, 07 Apr 2022 07:23:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300453.512500; Thu, 07 Apr 2022 07:23:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMU7-0006qr-Ur; Thu, 07 Apr 2022 07:23:15 +0000 Received: by outflank-mailman (input) for mailman id 300453; Thu, 07 Apr 2022 07:23:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMU7-0006qi-67 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMU7-0001GQ-5L for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMU7-0001Ee-4f for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kNQKuKmSm/Yg4ihe9kigXvfoF3DKNHFGb93G4o2brZU=; b=XLRI9sBa+FJFl0dyp9rMTrgj+8 VKMezMEWcPcxNs9ojivCqU2/NZd/ltALGC4K4u8eeRszmXSZr9xOd9O6Ln3cDTPoqXMb48/E4J0iB ebuDyDWsYE22TCT1RBcDNgByuwe7xHqP0+Pl7Xv8WoeJvmWXmk+BHXzkEhAi7dm6F5kM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] xz: avoid overlapping memcpy() with invalid input with in-place decompression Message-Id: Date: Thu, 07 Apr 2022 07:23:15 +0000 commit a220fe87684f5247f15ed9f3d69ccf040e142aea Author: Lasse Collin AuthorDate: Thu Apr 7 09:07:43 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:07:43 2022 +0200 xz: avoid overlapping memcpy() with invalid input with in-place decompression With valid files, the safety margin described in lib/decompress_unxz.c ensures that these buffers cannot overlap. But if the uncompressed size of the input is larger than the caller thought, which is possible when the input file is invalid/corrupt, the buffers can overlap. Obviously the result will then be garbage (and usually the decoder will return an error too) but no other harm will happen when such an over-run occurs. This change only affects uncompressed LZMA2 chunks and so this should have no effect on performance. Link: https://lore.kernel.org/r/20211010213145.17462-2-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 83d3c4f22a36 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper master commit: 10454f381f9157bce26d5db15e07e857b317b4af master date: 2022-03-07 09:08:08 +0100 --- xen/common/unxz.c | 2 +- xen/common/xz/dec_lzma2.c | 21 +++++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/xen/common/unxz.c b/xen/common/unxz.c index cf25c9fc8e..3676a2ab0c 100644 --- a/xen/common/unxz.c +++ b/xen/common/unxz.c @@ -127,7 +127,7 @@ * memeq and memzero are not used much and any remotely sane implementation * is fast enough. memcpy/memmove speed matters in multi-call mode, but * the kernel image is decompressed in single-call mode, in which only - * memcpy speed can matter and only if there is a lot of uncompressible data + * memmove speed can matter and only if there is a lot of uncompressible data * (LZMA2 stores uncompressible chunks in uncompressed form). Thus, the * functions below should just be kept small; it's probably not worth * optimizing for speed. diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 44fe79bc30..3c086732c8 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -387,7 +387,14 @@ static void INIT dict_uncompressed(struct dictionary *dict, struct xz_buf *b, *left -= copy_size; - memcpy(dict->buf + dict->pos, b->in + b->in_pos, copy_size); + /* + * If doing in-place decompression in single-call mode and the + * uncompressed size of the file is larger than the caller + * thought (i.e. it is invalid input!), the buffers below may + * overlap and cause undefined behavior with memcpy(). + * With valid inputs memcpy() would be fine here. + */ + memmove(dict->buf + dict->pos, b->in + b->in_pos, copy_size); dict->pos += copy_size; if (dict->full < dict->pos) @@ -397,7 +404,11 @@ static void INIT dict_uncompressed(struct dictionary *dict, struct xz_buf *b, if (dict->pos == dict->end) dict->pos = 0; - memcpy(b->out + b->out_pos, b->in + b->in_pos, + /* + * Like above but for multi-call mode: use memmove() + * to avoid undefined behavior with invalid input. + */ + memmove(b->out + b->out_pos, b->in + b->in_pos, copy_size); } @@ -421,6 +432,12 @@ static uint32_t INIT dict_flush(struct dictionary *dict, struct xz_buf *b) if (dict->pos == dict->end) dict->pos = 0; + /* + * These buffers cannot overlap even if doing in-place + * decompression because in multi-call mode dict->buf + * has been allocated by us in this file; it's not + * provided by the caller like in single-call mode. + */ memcpy(b->out + b->out_pos, dict->buf + dict->start, copy_size); } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:23:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:23:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300454.512504 (Exim 4.92) (envelope-from ) id 1ncMUJ-0006tf-36; Thu, 07 Apr 2022 07:23:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300454.512504; Thu, 07 Apr 2022 07:23:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUJ-0006tX-0C; Thu, 07 Apr 2022 07:23:27 +0000 Received: by outflank-mailman (input) for mailman id 300454; Thu, 07 Apr 2022 07:23:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUH-0006tN-9Y for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUH-0001Gd-8g for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMUH-0001FF-7l for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UwAQ8IKZ4hj2n+Y1DFvMxFpnN0ly33UPZ69guz92uCk=; b=bYyEfi0mLwiTU44NRd0WgeBIYz 3zVO2fzKKFHvELs+u6mHRDWhhNh78ZlVmUumjqC9Qyhxa0tIeYpYH4wa/LXHoNuwU3k4fwwMs3ov5 rSR9a0LL6aBg3DR4fyG1rjZJJhX0jbfZR5bwVQcfYt0IVqx+Nv7L3ny8TJpMwTtQ3MpA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] xz: validate the value before assigning it to an enum variable Message-Id: Date: Thu, 07 Apr 2022 07:23:25 +0000 commit a3b6ec391c5ed975b565b008196c4db444f246a5 Author: Lasse Collin AuthorDate: Thu Apr 7 09:08:20 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:08:20 2022 +0200 xz: validate the value before assigning it to an enum variable This might matter, for example, if the underlying type of enum xz_check was a signed char. In such a case the validation wouldn't have caught an unsupported header. I don't know if this problem can occur in the kernel on any arch but it's still good to fix it because some people might copy the XZ code to their own projects from Linux instead of the upstream XZ Embedded repository. This change may increase the code size by a few bytes. An alternative would have been to use an unsigned int instead of enum xz_check but using an enumeration looks cleaner. Link: https://lore.kernel.org/r/20211010213145.17462-3-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4f8d7abaa413 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper master commit: 0a21660515c24f09c4ee060ce0bb42e4b2e6b6fa master date: 2022-03-07 09:08:54 +0100 --- xen/common/xz/dec_stream.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/common/xz/dec_stream.c b/xen/common/xz/dec_stream.c index b8b566307c..e921d46abc 100644 --- a/xen/common/xz/dec_stream.c +++ b/xen/common/xz/dec_stream.c @@ -402,12 +402,12 @@ static enum xz_ret INIT dec_stream_header(struct xz_dec *s) * we will accept other check types too, but then the check won't * be verified and a warning (XZ_UNSUPPORTED_CHECK) will be given. */ + if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX) + return XZ_OPTIONS_ERROR; + s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1]; #ifdef XZ_DEC_ANY_CHECK - if (s->check_type > XZ_CHECK_MAX) - return XZ_OPTIONS_ERROR; - if (s->check_type > XZ_CHECK_CRC32) return XZ_UNSUPPORTED_CHECK; #else -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:23:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:23:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300455.512507 (Exim 4.92) (envelope-from ) id 1ncMUT-0006wV-4c; Thu, 07 Apr 2022 07:23:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300455.512507; Thu, 07 Apr 2022 07:23:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUT-0006wN-1h; Thu, 07 Apr 2022 07:23:37 +0000 Received: by outflank-mailman (input) for mailman id 300455; Thu, 07 Apr 2022 07:23:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUR-0006vo-Ca for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUR-0001Gx-Bl for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMUR-0001G4-B1 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zILgnQjL+9w5Y6LZaEpLgOJW4NLHZM9B4e4HgtCgn7c=; b=avTPTMk8julR1aencHo4unFuCP sDRmvDRoK8AoaVZln4Js55OJbMTxMz04qFACLqWHdoEf01noNwG21TwkJ5QF7T13aFLgkHWsKHWrM j8cYmaVaAIEuvsuSnRfwoiQCeAI5pNHA5j51zJtkOzIsbRbKklBfm6ZzRTCE4GY0HzGM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] vpci/msix: fix PBA accesses Message-Id: Date: Thu, 07 Apr 2022 07:23:35 +0000 commit 47188b2fdcc6c05ee2bdbc0324e068e342762e97 Author: Roger Pau MonnĂ© AuthorDate: Thu Apr 7 09:08:54 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:08:54 2022 +0200 vpci/msix: fix PBA accesses Map the PBA in order to access it from the MSI-X read and write handlers. Note that previously the handlers would pass the physical host address into the {read,write}{l,q} handlers, which is wrong as those expect a linear address. Map the PBA using ioremap when the first access is performed. Note that 32bit arches might want to abstract the call to ioremap into a vPCI arch handler, so they can use a fixmap range to map the PBA. Reported-by: Jan Beulich Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich Tested-by: Alex Olson master commit: b4f21160601155762a4d014db9623af921fec959 master date: 2022-03-09 16:21:01 +0100 --- xen/drivers/vpci/msix.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++--- xen/drivers/vpci/vpci.c | 2 ++ xen/include/xen/vpci.h | 2 ++ 3 files changed, 65 insertions(+), 4 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index 38c1e7e5dd..d9c08d0df5 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -194,6 +194,38 @@ static struct vpci_msix_entry *get_entry(struct vpci_msix *msix, return &msix->entries[(addr - start) / PCI_MSIX_ENTRY_SIZE]; } +static void __iomem *get_pba(struct vpci *vpci) +{ + struct vpci_msix *msix = vpci->msix; + /* + * PBA will only be unmapped when the device is deassigned, so access it + * without holding the vpci lock. + */ + void __iomem *pba = read_atomic(&msix->pba); + + if ( likely(pba) ) + return pba; + + pba = ioremap(vmsix_table_addr(vpci, VPCI_MSIX_PBA), + vmsix_table_size(vpci, VPCI_MSIX_PBA)); + if ( !pba ) + return read_atomic(&msix->pba); + + spin_lock(&vpci->lock); + if ( !msix->pba ) + { + write_atomic(&msix->pba, pba); + spin_unlock(&vpci->lock); + } + else + { + spin_unlock(&vpci->lock); + iounmap(pba); + } + + return read_atomic(&msix->pba); +} + static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, unsigned long *data) { @@ -212,6 +244,10 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); + /* * Access to PBA. * @@ -219,14 +255,22 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, * guest address space. If this changes the address will need to be * translated. */ + if ( !pba ) + { + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, report all pending\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - *data = readl(addr); + *data = readl(pba + idx); break; case 8: - *data = readq(addr); + *data = readq(pba + idx); break; default: @@ -290,14 +334,27 @@ static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, /* Ignore writes to PBA for DomUs, it's behavior is undefined. */ if ( is_hardware_domain(d) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); + + if ( !pba ) + { + /* Unable to map the PBA, ignore write. */ + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, write ignored\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - writel(data, addr); + writel(data, pba + idx); break; case 8: - writeq(data, addr); + writeq(data, pba + idx); break; default: diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index cbd1bac7fc..a27c9e600d 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -48,6 +48,8 @@ void vpci_remove_device(struct pci_dev *pdev) xfree(r); } spin_unlock(&pdev->vpci->lock); + if ( pdev->vpci->msix && pdev->vpci->msix->pba ) + iounmap(pdev->vpci->msix->pba); xfree(pdev->vpci->msix); xfree(pdev->vpci->msi); xfree(pdev->vpci); diff --git a/xen/include/xen/vpci.h b/xen/include/xen/vpci.h index 5295d4c990..458d1f9507 100644 --- a/xen/include/xen/vpci.h +++ b/xen/include/xen/vpci.h @@ -127,6 +127,8 @@ struct vpci { bool enabled : 1; /* Masked? */ bool masked : 1; + /* PBA map */ + void __iomem *pba; /* Entries. */ struct vpci_msix_entry { uint64_t addr; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:23:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:23:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300456.512512 (Exim 4.92) (envelope-from ) id 1ncMUd-0006zL-7J; Thu, 07 Apr 2022 07:23:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300456.512512; Thu, 07 Apr 2022 07:23:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUd-0006z6-3F; Thu, 07 Apr 2022 07:23:47 +0000 Received: by outflank-mailman (input) for mailman id 300456; Thu, 07 Apr 2022 07:23:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUb-0006yt-Fa for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUb-0001H7-Eo for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMUb-0001Gz-E6 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BvcN0uFJM6KcF3yIG9IkUL9j02DsA/Fe+cphkCOE9hI=; b=F0WOEfWAXvGCqcJPCMMao1Tlwv rD/vEQw2V8u4irEUFyHqWdFgmDDZWPBgRyFWbGh0/mOMCOBbsSvRlG9KZu2eG5MwgxTPe6ewJEk52 rYZiUG9EHT/6dHYOHyWy5UEyMYvLnMT32Pes36NKU4ANnEb68Hqxf8cYhuiW6gJzjMzU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] xl: Fix global pci options Message-Id: Date: Thu, 07 Apr 2022 07:23:45 +0000 commit 294d12c8426713a9e99f8112a8192da871f2013a Author: Jason Andryuk AuthorDate: Thu Apr 7 09:10:15 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:10:15 2022 +0200 xl: Fix global pci options commit babde47a3fed "introduce a 'passthrough' configuration option to xl.cfg..." moved the pci list parsing ahead of the global pci option parsing. This broke the global pci configuration options since they need to be set first so that looping over the pci devices assigns their values. Move the global pci options ahead of the pci list to restore their function. Fixes: babde47a3fed ("introduce a 'passthrough' configuration option to xl.cfg...") Signed-off-by: Jason Andryuk Acked-by: Anthony PERARD master commit: e45ad0b1b0bd6a43f59aaf4a6f86d88783c630e5 master date: 2022-03-31 19:48:12 +0100 --- tools/xl/xl_parse.c | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 61b4ef7b7e..34ac20773d 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -1467,6 +1467,32 @@ void parse_config_data(const char *config_source, exit(1); } + /* To be reworked (automatically enabled) once the auto ballooning + * after guest starts is done (with PCI devices passed in). */ + if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { + xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); + } + + if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) + pci_msitranslate = l; + + if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) + pci_power_mgmt = l; + + if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) + pci_permissive = l; + + if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) + pci_seize = l; + + if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { + libxl_rdm_reserve rdm; + if (!xlu_rdm_parse(config, &rdm, buf)) { + b_info->u.hvm.rdm.strategy = rdm.strategy; + b_info->u.hvm.rdm.policy = rdm.policy; + } + } + if (!xlu_cfg_get_list (config, "pci", &pcis, 0, 0)) { d_config->num_pcidevs = 0; d_config->pcidevs = NULL; @@ -2323,32 +2349,6 @@ skip_vfb: } } - if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) - pci_msitranslate = l; - - if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) - pci_power_mgmt = l; - - if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) - pci_permissive = l; - - if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) - pci_seize = l; - - /* To be reworked (automatically enabled) once the auto ballooning - * after guest starts is done (with PCI devices passed in). */ - if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { - xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); - } - - if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { - libxl_rdm_reserve rdm; - if (!xlu_rdm_parse(config, &rdm, buf)) { - b_info->u.hvm.rdm.strategy = rdm.strategy; - b_info->u.hvm.rdm.policy = rdm.policy; - } - } - if (!xlu_cfg_get_list(config, "usbctrl", &usbctrls, 0, 0)) { d_config->num_usbctrls = 0; d_config->usbctrls = NULL; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:23:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:23:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300457.512516 (Exim 4.92) (envelope-from ) id 1ncMUn-00072Z-9O; Thu, 07 Apr 2022 07:23:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300457.512516; Thu, 07 Apr 2022 07:23:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUn-00072R-6R; Thu, 07 Apr 2022 07:23:57 +0000 Received: by outflank-mailman (input) for mailman id 300457; Thu, 07 Apr 2022 07:23:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUl-000726-Ib for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUl-0001HE-Hi for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMUl-0001Hl-HE for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:23:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=V8zI4Q9yBWTui3FcYA/uVJYOAGNJGqTdr2OLKuruPPM=; b=rbW6ZKZ6D07anEt2sWotH2rVyj gTvpGVohfYOThkjkkPAnx6FP0SNKtrT7QNrk5rN09SouB8OQqHLcua9jrTxEYl/R614FLfbWXyGUA 3304Zw7odFC8GVG+eMSN7OpIvbiMWrgurPn69H6kFmsrA4max9jq3YenVhPbYOkkgA0E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] libxl: Don't segfault on soft-reset failure Message-Id: Date: Thu, 07 Apr 2022 07:23:55 +0000 commit 3486d599f71e5ad563f3974ab2374b9b084e5e28 Author: Jason Andryuk AuthorDate: Thu Apr 7 09:10:38 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:10:38 2022 +0200 libxl: Don't segfault on soft-reset failure If domain_soft_reset_cb can't rename the save file, it doesn't call initiate_domain_create() and calls domcreate_complete(). Skipping initiate_domain_create() means dcs->console_wait is uninitialized and all 0s. We have: domcreate_complete() libxl__xswait_stop() libxl__ev_xswatch_deregister(). The uninitialized slotnum 0 is considered valid (-1 is the invalid sentinel), so the NULL pointer path to passed to xs_unwatch() which segfaults. libxl__ev_xswatch_deregister:watch w=0x12bc250 wpath=(null) token=0/0: deregister slotnum=0 Move dcs->console_xswait initialization into the callers of initiate_domain_create, do_domain_create() and do_domain_soft_reset(), so it is initialized along with the other dcs state. Fixes: c57e6ebd8c3e ("(lib)xl: soft reset support") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD master commit: d2ecf97f911fc00a85b34b70ca311b5d355a9756 master date: 2022-04-01 17:01:57 +0100 --- tools/libxl/libxl_create.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c index 5cadb95a3f..daf3ff0a55 100644 --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -1221,8 +1221,6 @@ static void initiate_domain_create(libxl__egc *egc, libxl_domain_config *const d_config = dcs->guest_config; libxl__domain_build_state *dbs = &dcs->build_state; - libxl__xswait_init(&dcs->console_xswait); - domid = dcs->domid; libxl__domain_build_state_init(dbs); dbs->restore = dcs->restore_fd >= 0; @@ -2037,6 +2035,7 @@ static int do_domain_create(libxl_ctx *ctx, libxl_domain_config *d_config, cdcs->dcs.callback = domain_create_cb; cdcs->dcs.domid = INVALID_DOMID; cdcs->dcs.soft_reset = false; + libxl__xswait_init(&cdcs->dcs.console_xswait); if (cdcs->dcs.restore_params.checkpointed_stream == LIBXL_CHECKPOINTED_STREAM_COLO) { @@ -2137,6 +2136,7 @@ static int do_domain_soft_reset(libxl_ctx *ctx, cdcs->dcs.domid = domid; cdcs->dcs.soft_reset = true; cdcs->dcs.callback = domain_create_cb; + libxl__xswait_init(&cdcs->dcs.console_xswait); libxl__ao_progress_gethow(&srs->cdcs.dcs.aop_console_how, aop_console_how); cdcs->domid_out = &domid_out; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:24:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:24:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300458.512521 (Exim 4.92) (envelope-from ) id 1ncMUx-00075g-BH; Thu, 07 Apr 2022 07:24:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300458.512521; Thu, 07 Apr 2022 07:24:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUx-00075Y-7t; Thu, 07 Apr 2022 07:24:07 +0000 Received: by outflank-mailman (input) for mailman id 300458; Thu, 07 Apr 2022 07:24:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUv-000751-Lj for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:24:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMUv-0001HY-Ko for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:24:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMUv-0001Ig-K4 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:24:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=c271dGGvONx6ud9rKRF9uPCsRrjqjXwbEaz3iihqTZ8=; b=F3GXWpT5Kol3+wLSZvHR2CplXM OcikA1NZ2JrLfLSBwlIlVCKfsHcMkNz0mHTIjUTXaAnioc9t0s275okvEmvRQWiC3Ha6dhB9iyHil fojI08zrg8Hzv+XrMzhRpJCjFZonNN1kVXG6M+DExPVgmjWBetOMyqXOevFO3v9lAXgs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] libxl: Re-scope qmp_proxy_spawn.ao usage Message-Id: Date: Thu, 07 Apr 2022 07:24:05 +0000 commit 3f48134e31993b4fde53b970014dc032619ffd93 Author: Jason Andryuk AuthorDate: Thu Apr 7 09:11:08 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:11:08 2022 +0200 libxl: Re-scope qmp_proxy_spawn.ao usage I've observed this failed assertion: libxl_event.c:2057: libxl__ao_inprogress_gc: Assertion `ao' failed. AFAICT, this is happening in qmp_proxy_spawn_outcome where sdss->qmp_proxy_spawn.ao is NULL. The out label of spawn_stub_launch_dm() calls qmp_proxy_spawn_outcome(), but it is only in the success path that sdss->qmp_proxy_spawn.ao gets set to the current ao. qmp_proxy_spawn_outcome() should instead use sdss->dm.spawn.ao, which is the already in-use ao when spawn_stub_launch_dm() is called. The same is true for spawn_qmp_proxy(). With this, move sdss->qmp_proxy_spawn.ao initialization to spawn_qmp_proxy() since its use is for libxl__spawn_spawn() and it can be initialized along with the rest of sdss->qmp_proxy_spawn. Fixes: 83c845033dc8 ("libxl: use vchan for QMP access with Linux stubdomain") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD master commit: d62a34423a1a98aefd7c30e22d2d82d198f077c8 master date: 2022-04-01 17:01:57 +0100 --- tools/libxl/libxl_dm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c index f2dc5696b9..0620e3908b 100644 --- a/tools/libxl/libxl_dm.c +++ b/tools/libxl/libxl_dm.c @@ -2538,7 +2538,6 @@ static void spawn_stub_launch_dm(libxl__egc *egc, goto out; } - sdss->qmp_proxy_spawn.ao = ao; if (libxl__stubdomain_is_linux(&guest_config->b_info)) { spawn_qmp_proxy(egc, sdss); } else { @@ -2555,7 +2554,7 @@ out: static void spawn_qmp_proxy(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); const uint32_t guest_domid = sdss->dm.guest_domid; const uint32_t dm_domid = sdss->pvqemu.guest_domid; const char *dom_path = libxl__xs_get_dompath(gc, dm_domid); @@ -2569,6 +2568,7 @@ static void spawn_qmp_proxy(libxl__egc *egc, goto out; } + sdss->qmp_proxy_spawn.ao = ao; sdss->qmp_proxy_spawn.what = GCSPRINTF("domain %d device model qmp proxy", guest_domid); sdss->qmp_proxy_spawn.pidpath = GCSPRINTF("%s/image/qmp-proxy-pid", dom_path); sdss->qmp_proxy_spawn.xspath = DEVICE_MODEL_XS_PATH(gc, LIBXL_TOOLSTACK_DOMID, @@ -2656,7 +2656,7 @@ static void qmp_proxy_spawn_outcome(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss, int rc) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); /* * Until xenconsoled learns how to handle multiple consoles, require qemu * in dom0 to serve consoles for a stubdomain - it require at least 3 of them. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:24:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:24:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300459.512525 (Exim 4.92) (envelope-from ) id 1ncMV7-00078X-CX; Thu, 07 Apr 2022 07:24:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300459.512525; Thu, 07 Apr 2022 07:24:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMV7-00078P-9M; Thu, 07 Apr 2022 07:24:17 +0000 Received: by outflank-mailman (input) for mailman id 300459; Thu, 07 Apr 2022 07:24:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMV5-00078B-OQ for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:24:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMV5-0001Hc-Ne for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:24:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMV5-0001JP-N0 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:24:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GoB0rhb1NKXRoLghsMrOVjC40SaQKezTcTpygIDWK1Q=; b=hdUeUuReDQf5P2049mWmdi7bqg gYpdTdghneKFpp+otKUmAU+/yqLK/9dX8Nhw+hKmtjRZzLOXh1yv8bDZKd48VEKt1Ly7RlqMejj8Y RPpvwgDwj2dprdjagVgtVWukuh4GT0VUIfsfz8PltwuFU5TmNZNFv06x5xpFrsp/9lZk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] tools/firmware: force -fcf-protection=none Message-Id: Date: Thu, 07 Apr 2022 07:24:15 +0000 commit 87faac2c5ea07ccf306f4d94ac0b41bca76f504b Author: Roger Pau MonnĂ© AuthorDate: Thu Apr 7 09:11:35 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:11:35 2022 +0200 tools/firmware: force -fcf-protection=none Do so right in firmware/Rules.mk, like it's done for other compiler flags. Fixes: 3667f7f8f7 ('x86: Introduce support for CET-IBT') Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Anthony PERARD Acked-by: Andrew Cooper master commit: 7225f6e0cd3afd48b4d61c43dd8fead0f4c92193 master date: 2022-04-04 12:30:00 +0100 --- tools/firmware/Rules.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index 26bbddccd4..87a8c752bd 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -15,5 +15,7 @@ CFLAGS += -Werror $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -fno-builtin -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 07:24:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 07:24:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300460.512528 (Exim 4.92) (envelope-from ) id 1ncMVH-0007BJ-Dr; Thu, 07 Apr 2022 07:24:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300460.512528; Thu, 07 Apr 2022 07:24:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMVH-0007BB-Ay; Thu, 07 Apr 2022 07:24:27 +0000 Received: by outflank-mailman (input) for mailman id 300460; Thu, 07 Apr 2022 07:24:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMVF-0007B1-RQ for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:24:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncMVF-0001Hk-Qb for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:24:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncMVF-0001K7-Ps for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 07:24:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qbYqSvcYglwDSUq9Z1LvMGvLSwUsVyFthsV8W1ABaqY=; b=izp3P/SFq/Zd6+5wTQAcrlur7w KmmFk3Dkquyjikhdj/jIZK271TDmkPHZGi7gFmswR/rw2iwUWz6HeW8QqZ8jBU3XVi10Xlw8ZaQ3O yYEkuqJ4NI7dk6yLcKaN8YWTUlywK20bhUEKhmgUGwtbrzkMjuCtB7MObi8ZftJT/N8c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] tools/firmware: do not add a .note.gnu.property section Message-Id: Date: Thu, 07 Apr 2022 07:24:25 +0000 commit d7b22226b5172c86c0c19b23edc16a4432d04fb8 Author: Roger Pau MonnĂ© AuthorDate: Thu Apr 7 09:11:53 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:11:53 2022 +0200 tools/firmware: do not add a .note.gnu.property section Prevent the assembler from creating a .note.gnu.property section on the output objects, as it's not useful for firmware related binaries, and breaks the resulting rombios image. This requires modifying the cc-option Makefile macro so it can test assembler options (by replacing the usage of the -S flag with -c) and also stripping the -Wa, prefix if present when checking for the test output. Signed-off-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD Acked-by: Andrew Cooper master commit: e270af94280e6a9610705ebc1fdd1d7a9b1f8a98 master date: 2022-04-04 12:30:07 +0100 --- Config.mk | 2 +- tools/firmware/Rules.mk | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index 69ea750856..51910c53b5 100644 --- a/Config.mk +++ b/Config.mk @@ -91,7 +91,7 @@ PYTHON_PREFIX_ARG ?= --prefix="$(prefix)" # # Usage: cflags-y += $(call cc-option,$(CC),-march=winchip-c6,-march=i586) cc-option = $(shell if test -z "`echo 'void*p=1;' | \ - $(1) $(2) -S -o /dev/null -x c - 2>&1 | grep -- $(2) -`"; \ + $(1) $(2) -c -o /dev/null -x c - 2>&1 | grep -- $(2:-Wa$(comma)%=%) -`"; \ then echo "$(2)"; else echo "$(3)"; fi ;) # cc-option-add: Add an option to compilation flags, but only if supported. diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index 87a8c752bd..8ac2037591 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -17,5 +17,9 @@ $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +# Do not add the .note.gnu.property section to any of the firmware objects: it +# breaks the rombios binary and is not useful for firmware anyway. +$(call cc-option-add,CFLAGS,CC,-Wa$$(comma)-mx86-used-note=no) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -fno-builtin -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 10:33:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 10:33:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300686.512931 (Exim 4.92) (envelope-from ) id 1ncPRq-0008To-4F; Thu, 07 Apr 2022 10:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300686.512931; Thu, 07 Apr 2022 10:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPRq-0008Tg-1N; Thu, 07 Apr 2022 10:33:06 +0000 Received: by outflank-mailman (input) for mailman id 300686; Thu, 07 Apr 2022 10:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPRo-0008Ta-94 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPRo-0005Dn-5a for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncPRo-00060q-4Y for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uzk6E5cQowXqT6PQlvoNzIU9VFgNVoXCmaDVQDKGWVk=; b=yiFPMl9lgPFWwe/gwAag3+ZMlJ 6tk2r3uN/OQrNkbAiD9kvmIJ1LMho3W9uF0fJ2ZKMaJTEUd/MCeN6NI+PeXT74tMj2sTu/MvTNLJZ DxUXipsffcSkRUxwWD0K49l1akDg6F0BqA/Yfpic4Udo6z+VBs0xrKIzCIbySTEEDAOw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] platform/cpufreq: add public defines for CPUFREQ_SHARED_TYPE_ Message-Id: Date: Thu, 07 Apr 2022 10:33:04 +0000 commit 72919c762fccfc1467eec7edb0737b6d548b00a7 Author: Roger Pau MonnĂ© AuthorDate: Thu Apr 7 12:25:42 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 12:25:42 2022 +0200 platform/cpufreq: add public defines for CPUFREQ_SHARED_TYPE_ The values set in the shared_type field of xen_processor_performance have so far relied on Xen and Linux having the same CPUFREQ_SHARED_TYPE_ defines, as those have never been part of the public interface. Formalize by adding the defines for the allowed values in the public header, while renaming them to use the XEN_CPUPERF_SHARED_TYPE_ prefix for clarity. Set the Xen internal defines for CPUFREQ_SHARED_TYPE_ using the newly introduced XEN_CPUPERF_SHARED_TYPE_ public defines in order to avoid unnecessary code churn. While there also drop CPUFREQ_SHARED_TYPE_NONE as it's unused. Fixes: 2fa7bee0a0 ('Get ACPI Px from dom0 and choose Px controller') Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich --- xen/include/acpi/cpufreq/cpufreq.h | 7 +++---- xen/include/public/platform.h | 6 +++++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/xen/include/acpi/cpufreq/cpufreq.h b/xen/include/acpi/cpufreq/cpufreq.h index e5e58c6c30..35dcf21e8f 100644 --- a/xen/include/acpi/cpufreq/cpufreq.h +++ b/xen/include/acpi/cpufreq/cpufreq.h @@ -78,10 +78,9 @@ DECLARE_PER_CPU(struct cpufreq_policy *, cpufreq_cpu_policy); extern int __cpufreq_set_policy(struct cpufreq_policy *data, struct cpufreq_policy *policy); -#define CPUFREQ_SHARED_TYPE_NONE (0) /* None */ -#define CPUFREQ_SHARED_TYPE_HW (1) /* HW does needed coordination */ -#define CPUFREQ_SHARED_TYPE_ALL (2) /* All dependent CPUs should set freq */ -#define CPUFREQ_SHARED_TYPE_ANY (3) /* Freq can be set from any dependent CPU*/ +#define CPUFREQ_SHARED_TYPE_HW XEN_CPUPERF_SHARED_TYPE_HW +#define CPUFREQ_SHARED_TYPE_ALL XEN_CPUPERF_SHARED_TYPE_ALL +#define CPUFREQ_SHARED_TYPE_ANY XEN_CPUPERF_SHARED_TYPE_ANY /******************** cpufreq transition notifiers *******************/ diff --git a/xen/include/public/platform.h b/xen/include/public/platform.h index a4c0eb6224..8100133509 100644 --- a/xen/include/public/platform.h +++ b/xen/include/public/platform.h @@ -465,7 +465,11 @@ struct xen_processor_performance { uint32_t state_count; /* total available performance states */ XEN_GUEST_HANDLE(xen_processor_px_t) states; struct xen_psd_package domain_info; - uint32_t shared_type; /* coordination type of this processor */ + /* Coordination type of this processor */ +#define XEN_CPUPERF_SHARED_TYPE_HW 1 /* HW does needed coordination */ +#define XEN_CPUPERF_SHARED_TYPE_ALL 2 /* All dependent CPUs should set freq */ +#define XEN_CPUPERF_SHARED_TYPE_ANY 3 /* Freq can be set from any dependent CPU */ + uint32_t shared_type; }; typedef struct xen_processor_performance xen_processor_performance_t; DEFINE_XEN_GUEST_HANDLE(xen_processor_performance_t); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 10:33:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 10:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300687.512935 (Exim 4.92) (envelope-from ) id 1ncPRz-0008Vw-5h; Thu, 07 Apr 2022 10:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300687.512935; Thu, 07 Apr 2022 10:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPRz-0008Vo-2o; Thu, 07 Apr 2022 10:33:15 +0000 Received: by outflank-mailman (input) for mailman id 300687; Thu, 07 Apr 2022 10:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPRy-0008Vb-9l for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPRy-0005Dr-8q for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncPRy-00061d-7y for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pxuKopXtzHTZdAbCiX9ZtsGc0X7Mz+GvSSsN6pyexZs=; b=rwohup4vVGshDctguTmw/4CL94 NP7xV0bvRRf/6eB+W0TwoMVNEpfIzzfNOtdDWj2spp/kuDZUHKdnaunrIJvby+R1Eni40dcPpJZ1p on0/nZPiOly6xEIAbRx5CQ1IONZV2akdT728kEXtsAOF5x3sVmxcBZmhzBVl2wg4i8bM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: don't needlessly look up DID Message-Id: Date: Thu, 07 Apr 2022 10:33:14 +0000 commit 445ab9852d69d8957467f0036098ebec75fec092 Author: Jan Beulich AuthorDate: Thu Apr 7 12:29:03 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 12:29:03 2022 +0200 VT-d: don't needlessly look up DID If get_iommu_domid() in domain_context_unmap_one() fails, we better wouldn't clear the context entry in the first place, as we're then unable to issue the corresponding flush. However, we have no need to look up the DID in the first place: What needs flushing is very specifically the DID that was in the context entry before our clearing of it. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/vtd/iommu.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index f7cb7cd3a6..4c9de8fecf 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1830,18 +1830,12 @@ int domain_context_unmap_one( return 0; } + iommu_domid = context_domain_id(*context); + context_clear_present(*context); context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); - if ( iommu_domid == -1 ) - { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return -EINVAL; - } - rc = iommu_flush_context_device(iommu, iommu_domid, PCI_BDF2(bus, devfn), DMA_CCMD_MASK_NOBIT, 0); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 10:33:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 10:33:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300688.512939 (Exim 4.92) (envelope-from ) id 1ncPSA-00007n-84; Thu, 07 Apr 2022 10:33:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300688.512939; Thu, 07 Apr 2022 10:33:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPSA-00007e-4N; Thu, 07 Apr 2022 10:33:26 +0000 Received: by outflank-mailman (input) for mailman id 300688; Thu, 07 Apr 2022 10:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPS8-00007H-Cv for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPS8-0005E9-Bz for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncPS8-000626-B7 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=M2WwcyEwE1VCwz3jQhqkzRwwR3Ivzw1yLYZRTOnB0Lk=; b=4FR/dvYlHC4d5tqCSeJfew3f3+ +li9e42HovhvQm+TtYpOaf+CCI2CuaNFZ+3B4J9BxXF3nIus8wrFXjORBCJBpeCjfudSfeYMewe7X /HOhZiLYv2GjfXeLXPgtuPs/v3Uj5CF2NkyFhtpp1NrhSdkBvYT0ujWbWYc29AcVgik4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: avoid NULL deref on domain_context_mapping_one() error paths Message-Id: Date: Thu, 07 Apr 2022 10:33:24 +0000 commit 608394b906e71587f02e6662597bc985bad33a5a Author: Jan Beulich AuthorDate: Thu Apr 7 12:30:19 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 12:30:19 2022 +0200 VT-d: avoid NULL deref on domain_context_mapping_one() error paths First there's a printk() which actually wrongly uses pdev in the first place: We want to log the coordinates of the (perhaps fake) device acted upon, which may not be pdev. Then it was quite pointless for eb19326a328d ("VT-d: prepare for per- device quarantine page tables (part I)") to add a domid_t parameter to domain_context_unmap_one(): It's only used to pass back here via me_wifi_quirk() -> map_me_phantom_function(). Drop the parameter again. Finally there's the invocation of domain_context_mapping_one(), which needs to be passed the correct domain ID. Avoid taking that path when pdev is NULL and the quarantine state is what would need restoring to. This means we can't security-support non-PCI-Express devices with RMRRs (if such exist in practice) any longer; note that as of trhe 1st of the two commits referenced below assigning them to DomU-s is unsupported anyway. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Fixes: 14dd241aad8a ("IOMMU/x86: use per-device page tables for quarantining") Coverity ID: 1503784 Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/vtd/extern.h | 2 +- xen/drivers/passthrough/vtd/iommu.c | 34 +++++++++++++++++++--------------- xen/drivers/passthrough/vtd/quirks.c | 2 +- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 9ff38f3ded..39602d1f88 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -85,7 +85,7 @@ int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, const struct pci_dev *pdev, domid_t domid, paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid); + uint8_t bus, uint8_t devfn); int cf_check intel_iommu_get_reserved_device_memory( iommu_grdm_t *func, void *ctxt); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 4c9de8fecf..76ff551dfe 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1533,7 +1533,7 @@ int domain_context_mapping_one( check_cleanup_domid_map(domain, pdev, iommu); printk(XENLOG_ERR "%pp: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), + &PCI_SBDF3(seg, bus, devfn), (uint64_t)(res >> 64), (uint64_t)res, (uint64_t)(old >> 64), (uint64_t)old); rc = -EILSEQ; @@ -1601,9 +1601,14 @@ int domain_context_mapping_one( if ( rc ) { - if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + if ( !prev_dom || + /* + * Unmapping here means DEV_TYPE_PCI devices with RMRRs (if such + * exist) would cause problems if such a region was actually + * accessed. + */ + (prev_dom == dom_io && !pdev) ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), @@ -1744,7 +1749,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, * Strictly speaking if the device is the only one behind this bridge * and the only one with this (secbus,0,0) tuple, it could be allowed * to be re-assigned regardless of RMRR presence. But let's deal with - * that case only if it is actually found in the wild. + * that case only if it is actually found in the wild. Note that + * dealing with this just here would still not render the operation + * secure. */ else if ( prev_present && (mode & MAP_WITH_RMRR) && domain != pdev->domain ) @@ -1809,7 +1816,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid) + uint8_t bus, uint8_t devfn) { struct context_entry *context, *context_entries; u64 maddr; @@ -1861,7 +1868,8 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, DOMID_INVALID, 0, + UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1910,8 +1918,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1924,8 +1931,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( ret ) break; @@ -1948,12 +1954,10 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); /* PCIe to PCI/PCIx bridge */ if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, secbus, 0); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index f6f74416d0..3ddbb20e48 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -427,7 +427,7 @@ static int __must_check map_me_phantom_function(struct domain *domain, domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), domid); + PCI_DEVFN(dev, 7)); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 10:33:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 10:33:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300689.512942 (Exim 4.92) (envelope-from ) id 1ncPSK-0000BK-Ae; Thu, 07 Apr 2022 10:33:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300689.512942; Thu, 07 Apr 2022 10:33:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPSK-0000BC-7k; Thu, 07 Apr 2022 10:33:36 +0000 Received: by outflank-mailman (input) for mailman id 300689; Thu, 07 Apr 2022 10:33:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPSI-0000Ax-G5 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:33:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPSI-0005EZ-F9 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:33:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncPSI-00062v-EQ for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:33:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kMaap9zSdXVZNJG+CV1eNFOKoli60Bh0S3pFbffEL/c=; b=uzfn5WO7t5bTWR5XwwS/zj3b3B 49UXYZdr9cNL7m+4VVARY0N5WCUee5CefmfVu4/8f2hqcUPaWU8gWpbdh6wHzJPc5l3da2Ug0RiwZ O6KORmHTg4pucRsvdoQsXZV0v4iYkvgrSO4DVV8bGjwvVK/VlH3sSkgE92+9M8+08hr0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: avoid infinite recursion on domain_context_mapping_one() error path Message-Id: Date: Thu, 07 Apr 2022 10:33:34 +0000 commit 99d829dba1390b98a3ca07b365713e62182ee7ca Author: Jan Beulich AuthorDate: Thu Apr 7 12:31:16 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 12:31:16 2022 +0200 VT-d: avoid infinite recursion on domain_context_mapping_one() error path Despite the comment there infinite recursion was still possible, by flip-flopping between two domains. This is because prev_dom is derived from the DID found in the context entry, which was already updated by the time error recovery is invoked. Simply introduce yet another mode flag to prevent rolling back an in-progress roll-back of a prior mapping attempt. Also drop the existing recursion prevention for having been dead anyway: Earlier in the function we already bail when prev_dom == domain. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/vtd/iommu.c | 9 ++++----- xen/drivers/passthrough/vtd/vtd.h | 3 ++- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 76ff551dfe..069427abb2 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1599,7 +1599,7 @@ int domain_context_mapping_one( if ( !seg && !rc ) rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); - if ( rc ) + if ( rc && !(mode & MAP_ERROR_RECOVERY) ) { if ( !prev_dom || /* @@ -1609,13 +1609,12 @@ int domain_context_mapping_one( */ (prev_dom == dom_io && !pdev) ) ret = domain_context_unmap_one(domain, iommu, bus, devfn); - else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + else ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), DEVICE_PGTABLE(prev_dom, pdev), - mode & MAP_WITH_RMRR) < 0; - else - ret = 1; + (mode & MAP_WITH_RMRR) | + MAP_ERROR_RECOVERY) < 0; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index e4ab242fee..cb2df76eed 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -29,7 +29,8 @@ #define MAP_WITH_RMRR (1u << 0) #define MAP_OWNER_DYING (1u << 1) #define MAP_SINGLE_DEVICE (1u << 2) -#define UNMAP_ME_PHANTOM_FUNC (1u << 3) +#define MAP_ERROR_RECOVERY (1u << 3) +#define UNMAP_ME_PHANTOM_FUNC (1u << 4) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 10:44:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 10:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300694.512958 (Exim 4.92) (envelope-from ) id 1ncPcU-0001wo-Ba; Thu, 07 Apr 2022 10:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300694.512958; Thu, 07 Apr 2022 10:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPcU-0001wg-8g; Thu, 07 Apr 2022 10:44:06 +0000 Received: by outflank-mailman (input) for mailman id 300694; Thu, 07 Apr 2022 10:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPcS-0001wa-LD for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncPcS-0005Pj-Hk for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncPcS-0006ph-Gq for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 10:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WEnfX1t5iJHPWUsAOMHMKPs/MXHQNC07Dlpe366NS8s=; b=iHyDySdCl9b6wsp5FTNyRIAA1F 2bg6ST4TsfD5z/yGTDiPX7OgqMswcQBKuwRhjqntbD0ItDlzWw3nU+5Wh2Auulg0jJa5B74jbgBwu iJkAhmB5cS/v2dpYsYQCpr4N8qxim4LHHh8DcTkOcYnjs89BFpZgPyawx19KcozxjmUI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies Message-Id: Date: Thu, 07 Apr 2022 10:44:04 +0000 commit d4012d50082c2eae2f3cbe7770be13b9227fbc3f Author: Andrew Cooper AuthorDate: Wed Apr 6 22:40:20 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 7 11:36:45 2022 +0100 x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies c/s 1a914256dca5 increased the AMD max leaf from 0x8000001c to 0x80000021, but did not adjust anything in the calculate_*_policy() chain. As a result, on hardware supporting these leaves, we read the real hardware values into the raw policy, then copy into host, and all the way into the PV/HVM default policies. All 4 of these leaves have enable bits (first two by TopoExt, next by SEV, next by PQOS), so any software following the rules is fine and will leave them alone. However, leaf 0x8000001d takes a subleaf input and at least two userspace utilities have been observed to loop indefinitely under Xen (clearly waiting for eax to report "no more cache levels"). Such userspace is buggy, but Xen's behaviour isn't great either. In the short term, clobber all information in these leaves. This is a giant bodge, but there are complexities with implementing all of these leaves properly. Fixes: 1a914256dca5 ("x86/cpuid: support LFENCE always serialising CPUID bit") Link: https://github.com/QubesOS/qubes-issues/issues/7392 Reported-by: fosslinux Reported-by: Marek Marczykowski-GĂ³recki Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpuid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index bb554b06a7..7e0b395698 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -328,8 +328,15 @@ static void recalculate_misc(struct cpuid_policy *p) zero_leaves(p->extd.raw, 0xb, 0x18); + /* 0x19 - TLB details. Pass through. */ + /* 0x1a - Perf hints. Pass through. */ + p->extd.raw[0x1b] = EMPTY_LEAF; /* IBS - not supported. */ p->extd.raw[0x1c] = EMPTY_LEAF; /* LWP - not supported. */ + p->extd.raw[0x1d] = EMPTY_LEAF; /* TopoExt Cache */ + p->extd.raw[0x1e] = EMPTY_LEAF; /* TopoExt APIC ID/Core/Node */ + p->extd.raw[0x1f] = EMPTY_LEAF; /* SEV */ + p->extd.raw[0x20] = EMPTY_LEAF; /* Platform QoS */ break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 16:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 16:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300945.513490 (Exim 4.92) (envelope-from ) id 1ncUiw-0002md-3q; Thu, 07 Apr 2022 16:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300945.513490; Thu, 07 Apr 2022 16:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUiw-0002mV-0s; Thu, 07 Apr 2022 16:11:06 +0000 Received: by outflank-mailman (input) for mailman id 300945; Thu, 07 Apr 2022 16:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUiu-0002mJ-Oc for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUiu-0003Tx-Ng for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncUiu-0004BY-Mr for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=I46V8m+gvwQYg/jCriZCj1dFBXII5h1CReQmeY+5Zws=; b=1B2WTHyw6I1gnFMvcAngQBRfDj 9Gb2fyBfRx8yaUq4RlBAKwXHb/l2HXFDIfVIhbA94CTHVzGxE8h0lZclmCMkFSUrdbCGu5flot+OO JoMgg1fLJSViyuAZBMsaFCxGojDYl8XQpHhy6+7RLAhqIdfNqa5ytzfL4xO+SGBJFUaI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: replace $(BASEDIR) by $(objtree) Message-Id: Date: Thu, 07 Apr 2022 16:11:04 +0000 commit 915e67b75c06367c061a63146cf5c0829366b7ac Author: Anthony PERARD AuthorDate: Thu Apr 7 17:54:42 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 17:54:42 2022 +0200 build: replace $(BASEDIR) by $(objtree) We need to differentiate between source files and generated/built files. We will be replacing $(BASEDIR) by $(objtree) for files that are generated. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich Acked-by: Julien Grall Acked-by: Ross Lagerwall --- xen/Rules.mk | 2 +- xen/arch/arm/Makefile | 10 +++++----- xen/arch/x86/Makefile | 28 ++++++++++++++-------------- xen/common/Makefile | 2 +- xen/test/livepatch/Makefile | 12 ++++++------ 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index abeba1ab74..7712bfa063 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -12,7 +12,7 @@ src := $(obj) PHONY := __build __build: --include $(BASEDIR)/include/config/auto.conf +-include $(objtree)/include/config/auto.conf include $(XEN_ROOT)/Config.mk include $(BASEDIR)/scripts/Kbuild.include diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index 51ec2ba928..1d862351d1 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -90,21 +90,21 @@ ifeq ($(CONFIG_ARM_64),y) ln -sf $(@F) $@.efi endif -$(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds +$(TARGET)-syms: $(objtree)/prelink.o $(obj)/xen.lds $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< \ - $(BASEDIR)/common/symbols-dummy.o -o $(@D)/.$(@F).0 + $(objtree)/common/symbols-dummy.o -o $(@D)/.$(@F).0 $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ - | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0.S + | $(objtree)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0.S $(MAKE) $(build)=$(@D) $(@D)/.$(@F).0.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ - | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1.S + | $(objtree)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1.S $(MAKE) $(build)=$(@D) $(@D)/.$(@F).1.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ - | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ + | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \ >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index b6b082ee1d..7cea79ed2f 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -92,8 +92,8 @@ ifneq ($(CONFIG_HVM),y) $(obj)/x86_emulate.o: CFLAGS-y += -Wno-unused-label endif -efi-y := $(shell if [ ! -r $(BASEDIR)/include/xen/compile.h -o \ - -O $(BASEDIR)/include/xen/compile.h ]; then \ +efi-y := $(shell if [ ! -r $(objtree)/include/xen/compile.h -o \ + -O $(objtree)/include/xen/compile.h ]; then \ echo '$(TARGET).efi'; fi) \ $(space) efi-$(CONFIG_PV_SHIM_EXCLUSIVE) := @@ -133,23 +133,23 @@ $(TARGET): $(TARGET)-syms $(efi-y) $(obj)/boot/mkelf32 CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI -$(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds +$(TARGET)-syms: $(objtree)/prelink.o $(obj)/xen.lds $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ - $(BASEDIR)/common/symbols-dummy.o -o $(@D)/.$(@F).0 + $(objtree)/common/symbols-dummy.o -o $(@D)/.$(@F).0 $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ - | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort \ + | $(objtree)/tools/symbols $(all_symbols) --sysv --sort \ >$(@D)/.$(@F).0.S $(MAKE) $(build)=$(@D) $(@D)/.$(@F).0.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ - | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort $(syms-warn-dup-y) \ + | $(objtree)/tools/symbols $(all_symbols) --sysv --sort $(syms-warn-dup-y) \ >$(@D)/.$(@F).1.S $(MAKE) $(build)=$(@D) $(@D)/.$(@F).1.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(orphan-handling-y) $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ - | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ + | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \ >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* ifeq ($(CONFIG_XEN_IBT),y) @@ -202,28 +202,28 @@ note_file_option ?= $(note_file) extra-$(XEN_BUILD_PE) += efi.lds ifeq ($(XEN_BUILD_PE),y) -$(TARGET).efi: $(BASEDIR)/prelink.o $(note_file) $(obj)/efi.lds $(obj)/efi/relocs-dummy.o $(obj)/efi/mkreloc +$(TARGET).efi: $(objtree)/prelink.o $(note_file) $(obj)/efi.lds $(obj)/efi/relocs-dummy.o $(obj)/efi/mkreloc ifeq ($(CONFIG_DEBUG_INFO),y) $(if $(filter --strip-debug,$(EFI_LDFLAGS)),echo,:) "Will strip debug info from $(@F)" endif $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ $(LD) $(call EFI_LDFLAGS,$(base)) -T $(obj)/efi.lds -N $< $(relocs-dummy) \ - $(BASEDIR)/common/symbols-dummy.o $(note_file_option) -o $(@D)/.$(@F).$(base).0 &&) : + $(objtree)/common/symbols-dummy.o $(note_file_option) -o $(@D)/.$(@F).$(base).0 &&) : $(MKRELOC) $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).0) >$(@D)/.$(@F).0r.S $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).0 \ - | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S + | $(objtree)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S $(MAKE) $(build)=$(@D) .$(@F).0r.o .$(@F).0s.o $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ $(LD) $(call EFI_LDFLAGS,$(base)) -T $(obj)/efi.lds -N $< \ $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(note_file_option) -o $(@D)/.$(@F).$(base).1 &&) : $(MKRELOC) $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).1) >$(@D)/.$(@F).1r.S $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).1 \ - | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S + | $(objtree)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S $(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds -N $< \ $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(orphan-handling-y) $(note_file_option) -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ - | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map + | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* ifeq ($(CONFIG_XEN_IBT),y) $(SHELL) $(BASEDIR)/tools/check-endbr.sh $@ @@ -238,11 +238,11 @@ endif $(obj)/efi/buildid.o $(obj)/efi/relocs-dummy.o: ; .PHONY: include -include: $(BASEDIR)/arch/x86/include/asm/asm-macros.h +include: $(objtree)/arch/x86/include/asm/asm-macros.h $(obj)/asm-macros.i: CFLAGS-y += -D__ASSEMBLY__ -P -$(BASEDIR)/arch/x86/include/asm/asm-macros.h: $(obj)/asm-macros.i $(src)/Makefile +$(objtree)/arch/x86/include/asm/asm-macros.h: $(obj)/asm-macros.i $(src)/Makefile $(call filechk,asm-macros.h) define filechk_asm-macros.h diff --git a/xen/common/Makefile b/xen/common/Makefile index dc8d3a13f5..30641a7372 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -74,7 +74,7 @@ obj-$(CONFIG_UBSAN) += ubsan/ obj-$(CONFIG_NEEDS_LIBELF) += libelf/ obj-$(CONFIG_HAS_DEVICE_TREE) += libfdt/ -CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(BASEDIR)/)$(KCONFIG_CONFIG) +CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(objtree)/)$(KCONFIG_CONFIG) $(obj)/config.gz: $(CONF_FILE) gzip -n -c $< >$@ diff --git a/xen/test/livepatch/Makefile b/xen/test/livepatch/Makefile index e6fee84b69..ddb0737131 100644 --- a/xen/test/livepatch/Makefile +++ b/xen/test/livepatch/Makefile @@ -22,9 +22,9 @@ $(obj)/xen_hello_world.o: $(obj)/config.h $(obj)/config.h: $(obj)/xen_hello_world_func.o (set -e; \ echo "#define NEW_CODE_SZ $(call CODE_SZ,$<,xen_hello_world)"; \ - echo "#define MINOR_VERSION_SZ $(call CODE_SZ,$(BASEDIR)/xen-syms,xen_minor_version)"; \ - echo "#define MINOR_VERSION_ADDR $(call CODE_ADDR,$(BASEDIR)/xen-syms,xen_minor_version)"; \ - echo "#define OLD_CODE_SZ $(call CODE_SZ,$(BASEDIR)/xen-syms,xen_extra_version)") > $@ + echo "#define MINOR_VERSION_SZ $(call CODE_SZ,$(objtree)/xen-syms,xen_minor_version)"; \ + echo "#define MINOR_VERSION_ADDR $(call CODE_ADDR,$(objtree)/xen-syms,xen_minor_version)"; \ + echo "#define OLD_CODE_SZ $(call CODE_SZ,$(objtree)/xen-syms,xen_extra_version)") > $@ $(obj)/modinfo.o: (set -e; \ @@ -42,7 +42,7 @@ $(obj)/modinfo.o: # not be built (it is for EFI builds), and that we do not have # the note.o.bin to muck with (as it gets deleted) # -$(obj)/note.o: $(BASEDIR)/xen-syms +$(obj)/note.o: $(objtree)/xen-syms $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin $(OBJCOPY) $(OBJCOPY_MAGIC) \ --rename-section=.data=.livepatch.depends,alloc,load,readonly,data,contents -S $@.bin $@ @@ -52,7 +52,7 @@ $(obj)/note.o: $(BASEDIR)/xen-syms # Append .livepatch.xen_depends section # with Xen build-id derived from xen-syms. # -$(obj)/xen_note.o: $(BASEDIR)/xen-syms +$(obj)/xen_note.o: $(objtree)/xen-syms $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin $(OBJCOPY) $(OBJCOPY_MAGIC) \ --rename-section=.data=.livepatch.xen_depends,alloc,load,readonly,data,contents -S $@.bin $@ @@ -125,7 +125,7 @@ xen_action_hooks_norevert-objs := xen_action_hooks_marker.o xen_hello_world_func EXPECT_BYTES_COUNT := 8 CODE_GET_EXPECT=$(shell $(OBJDUMP) -d --insn-width=1 $(1) | sed -n -e '/<'$(2)'>:$$/,/^$$/ p' | tail -n +2 | head -n $(EXPECT_BYTES_COUNT) | awk '{$$0=$$2; printf "%s", substr($$0,length-1)}' | sed 's/.\{2\}/0x&,/g' | sed 's/^/{/;s/,$$/}/g') -$(obj)/expect_config.h: $(BASEDIR)/xen-syms +$(obj)/expect_config.h: $(objtree)/xen-syms (set -e; \ echo "#define EXPECT_BYTES $(call CODE_GET_EXPECT,$<,xen_extra_version)"; \ echo "#define EXPECT_BYTES_COUNT $(EXPECT_BYTES_COUNT)") > $@ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 16:11:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 16:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300946.513494 (Exim 4.92) (envelope-from ) id 1ncUj6-0002p5-5g; Thu, 07 Apr 2022 16:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300946.513494; Thu, 07 Apr 2022 16:11:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUj6-0002ox-2R; Thu, 07 Apr 2022 16:11:16 +0000 Received: by outflank-mailman (input) for mailman id 300946; Thu, 07 Apr 2022 16:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUj4-0002op-Ri for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUj4-0003U1-Qp for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncUj4-0004DE-Q3 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9nnQECnKxTUp0o0uA1Ymf5hvO1P08rGJZxwlxuHPWSM=; b=z/F0qcL6SAGoKSVQxiHVdg+E6H JNz4OEE/AM+DXGWsJ3Q0vC+eTFBWeEw8HLrV3N1w0mlOuAWC88M1P96xzji1E7j30cdl3PJlMdnYE QTzRXuZ8cJF/1N2pmEiB7L/+EtyyZuzrDl+1p1vMVnc5w1gGcI/cpGtyNIB9LTJLxTEU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: replace $(BASEDIR) and use $(srctree) Message-Id: Date: Thu, 07 Apr 2022 16:11:14 +0000 commit bc8d05dd2dceb6569799965a4bd0aeff7a5827d4 Author: Anthony PERARD AuthorDate: Thu Apr 7 17:56:00 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 17:56:00 2022 +0200 build: replace $(BASEDIR) and use $(srctree) $(srctree) is a better description for the source directory than $(BASEDIR) that has been used for both source and build directory (which where the same). This adds $(srctree) to a few path where make's VPATH=$(srctree) won't apply. And replace $(BASEDIR) by $(srctree). Introduce "$(srcdir)" as a shortcut for "$(srctree)/$(src)" as the later is used often enough. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich Reviewed-by: Daniel P. Smith # XSM --- xen/Kconfig | 4 ++-- xen/Makefile | 7 +++---- xen/Rules.mk | 9 ++++++--- xen/arch/x86/Makefile | 4 ++-- xen/arch/x86/arch.mk | 2 +- xen/build.mk | 4 ++-- xen/common/Makefile | 2 +- xen/common/libfdt/Makefile | 2 +- xen/include/Makefile | 14 +++++++------- xen/scripts/Kconfig.include | 2 +- xen/scripts/Makefile.clean | 5 ++++- xen/xsm/flask/Makefile | 10 +++++----- 12 files changed, 35 insertions(+), 30 deletions(-) diff --git a/xen/Kconfig b/xen/Kconfig index d134397a0b..ec2bd9fbcf 100644 --- a/xen/Kconfig +++ b/xen/Kconfig @@ -14,14 +14,14 @@ config CC_IS_GCC config GCC_VERSION int - default $(shell,$(BASEDIR)/scripts/gcc-version.sh $(CC)) + default $(shell,$(srctree)/scripts/gcc-version.sh $(CC)) config CC_IS_CLANG def_bool $(success,$(CC) --version | head -n 1 | grep -q clang) config CLANG_VERSION int - default $(shell,$(BASEDIR)/scripts/clang-version.sh $(CC)) + default $(shell,$(srctree)/scripts/clang-version.sh $(CC)) # -fvisibility=hidden reduces -fpic cost, if it's available config CC_HAS_VISIBILITY_ATTRIBUTE diff --git a/xen/Makefile b/xen/Makefile index 51d8c3b530..e78d681baa 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -19,8 +19,7 @@ export PYTHON ?= $(PYTHON_INTERPRETER) export CHECKPOLICY ?= checkpolicy -export BASEDIR := $(CURDIR) -export XEN_ROOT := $(BASEDIR)/.. +export XEN_ROOT := $(CURDIR)/.. abs_objtree := $(CURDIR) abs_srctree := $(CURDIR) @@ -189,7 +188,7 @@ ifeq ($(TARGET_ARCH),x86) t1 = $(call as-insn,$(CC),".L0: .L1: .skip (.L1 - .L0)",,-no-integrated-as) # Check whether clang asm()-s support .include. -t2 = $(call as-insn,$(CC) -I$(BASEDIR)/arch/x86/include,".include \"asm/asm-defns.h\"",,-no-integrated-as) +t2 = $(call as-insn,$(CC) -I$(srctree)/arch/x86/include,".include \"asm/asm-defns.h\"",,-no-integrated-as) # Check whether clang keeps .macro-s between asm()-s: # https://bugs.llvm.org/show_bug.cgi?id=36110 @@ -326,7 +325,7 @@ ALL_OBJS-$(CONFIG_CRYPTO) += crypto/built_in.o ALL_LIBS-y := lib/lib.a -include $(BASEDIR)/arch/$(TARGET_ARCH)/arch.mk +include $(srctree)/arch/$(TARGET_ARCH)/arch.mk # define new variables to avoid the ones defined in Config.mk export XEN_CFLAGS := $(CFLAGS) diff --git a/xen/Rules.mk b/xen/Rules.mk index 7712bfa063..57a0294555 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -9,13 +9,16 @@ endif src := $(obj) +# shortcuts +srcdir := $(srctree)/$(src) + PHONY := __build __build: -include $(objtree)/include/config/auto.conf include $(XEN_ROOT)/Config.mk -include $(BASEDIR)/scripts/Kbuild.include +include $(srctree)/scripts/Kbuild.include # Initialise some variables obj-y := @@ -58,7 +61,7 @@ cmd_objcopy = $(OBJCOPY) $(OBJCOPYFLAGS) $< $@ # binfile # use e.g. $(call if_changed,binfile,binary-file varname) quiet_cmd_binfile = BINFILE $@ -cmd_binfile = $(SHELL) $(BASEDIR)/tools/binfile $(BINFILE_FLAGS) $@ $(2) +cmd_binfile = $(SHELL) $(srctree)/tools/binfile $(BINFILE_FLAGS) $@ $(2) # Figure out what we need to build from the various variables # =========================================================================== @@ -177,7 +180,7 @@ cpp_flags = $(filter-out -Wa$(comma)% -flto,$(1)) c_flags = -MMD -MP -MF $(depfile) $(XEN_CFLAGS) a_flags = -MMD -MP -MF $(depfile) $(XEN_AFLAGS) -include $(BASEDIR)/arch/$(TARGET_ARCH)/Rules.mk +include $(srctree)/arch/$(TARGET_ARCH)/Rules.mk c_flags += $(_c_flags) a_flags += $(_c_flags) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 7cea79ed2f..717bcbcac7 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -153,7 +153,7 @@ $(TARGET)-syms: $(objtree)/prelink.o $(obj)/xen.lds >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* ifeq ($(CONFIG_XEN_IBT),y) - $(SHELL) $(BASEDIR)/tools/check-endbr.sh $@ + $(SHELL) $(srctree)/tools/check-endbr.sh $@ endif $(obj)/note.o: $(TARGET)-syms @@ -226,7 +226,7 @@ endif | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* ifeq ($(CONFIG_XEN_IBT),y) - $(SHELL) $(BASEDIR)/tools/check-endbr.sh $@ + $(SHELL) $(srctree)/tools/check-endbr.sh $@ endif else $(TARGET).efi: FORCE diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index c90e56aeab..cfde143053 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -78,7 +78,7 @@ ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y) efi-check := arch/x86/efi/check # Check if the compiler supports the MS ABI. -XEN_BUILD_EFI := $(call if-success,$(CC) $(CFLAGS) -c $(efi-check).c -o $(efi-check).o,y) +XEN_BUILD_EFI := $(call if-success,$(CC) $(CFLAGS) -c $(srctree)/$(efi-check).c -o $(efi-check).o,y) # Check if the linker supports PE. EFI_LDFLAGS := $(patsubst -m%,-mi386pep,$(LDFLAGS)) --subsystem=10 diff --git a/xen/build.mk b/xen/build.mk index e718743ef7..758590c68e 100644 --- a/xen/build.mk +++ b/xen/build.mk @@ -27,9 +27,9 @@ define cmd_compile.h -e 's/@@version@@/$(XEN_VERSION)/g' \ -e 's/@@subversion@@/$(XEN_SUBVERSION)/g' \ -e 's/@@extraversion@@/$(XEN_EXTRAVERSION)/g' \ - -e 's!@@changeset@@!$(shell tools/scmversion $(XEN_ROOT) || echo "unavailable")!g' \ + -e 's!@@changeset@@!$(shell $(srctree)/tools/scmversion $(XEN_ROOT) || echo "unavailable")!g' \ < $< > $(dot-target).tmp; \ - sed -rf tools/process-banner.sed < .banner >> $(dot-target).tmp; \ + sed -rf $(srctree)/tools/process-banner.sed < .banner >> $(dot-target).tmp; \ mv -f $(dot-target).tmp $@; \ fi endef diff --git a/xen/common/Makefile b/xen/common/Makefile index 30641a7372..b1e076c30b 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -80,7 +80,7 @@ $(obj)/config.gz: $(CONF_FILE) $(obj)/config_data.o: $(obj)/config.gz -$(obj)/config_data.S: $(BASEDIR)/tools/binfile FORCE +$(obj)/config_data.S: $(srctree)/tools/binfile FORCE $(call if_changed,binfile,$(obj)/config.gz xen_config_data) targets += config_data.S diff --git a/xen/common/libfdt/Makefile b/xen/common/libfdt/Makefile index 6708af12e5..75aaefa2e3 100644 --- a/xen/common/libfdt/Makefile +++ b/xen/common/libfdt/Makefile @@ -6,7 +6,7 @@ OBJCOPYFLAGS := $(foreach s,$(SECTIONS),--rename-section .$(s)=.init.$(s)) obj-y += libfdt.o nocov-y += libfdt.o -CFLAGS-y += -I$(BASEDIR)/include/xen/libfdt/ +CFLAGS-y += -I$(srctree)/include/xen/libfdt/ $(obj)/libfdt.o: $(obj)/libfdt-temp.o FORCE $(call if_changed,objcopy) diff --git a/xen/include/Makefile b/xen/include/Makefile index a3c2511f5f..5a2b4c9f65 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -45,22 +45,22 @@ public-$(CONFIG_ARM) := $(wildcard $(src)/public/arch-arm/*.h $(src)/public/arch .PHONY: all all: $(addprefix $(obj)/,$(headers-y)) -$(obj)/compat/%.h: $(obj)/compat/%.i $(src)/Makefile $(BASEDIR)/tools/compat-build-header.py - $(PYTHON) $(BASEDIR)/tools/compat-build-header.py <$< $(patsubst $(obj)/%,%,$@) >>$@.new; \ +$(obj)/compat/%.h: $(obj)/compat/%.i $(src)/Makefile $(srctree)/tools/compat-build-header.py + $(PYTHON) $(srctree)/tools/compat-build-header.py <$< $(patsubst $(obj)/%,%,$@) >>$@.new; \ mv -f $@.new $@ $(obj)/compat/%.i: $(obj)/compat/%.c $(src)/Makefile $(CPP) $(filter-out -Wa$(comma)% -include %/include/xen/config.h,$(XEN_CFLAGS)) $(cppflags-y) -o $@ $< -$(obj)/compat/%.c: $(src)/public/%.h $(src)/xlat.lst $(src)/Makefile $(BASEDIR)/tools/compat-build-source.py +$(obj)/compat/%.c: $(src)/public/%.h $(src)/xlat.lst $(src)/Makefile $(srctree)/tools/compat-build-source.py mkdir -p $(@D) - $(PYTHON) $(BASEDIR)/tools/compat-build-source.py $(src)/xlat.lst <$< >$@.new + $(PYTHON) $(srctree)/tools/compat-build-source.py $(srcdir)/xlat.lst <$< >$@.new mv -f $@.new $@ -$(obj)/compat/.xlat/%.h: $(obj)/compat/%.h $(obj)/compat/.xlat/%.lst $(BASEDIR)/tools/get-fields.sh $(src)/Makefile +$(obj)/compat/.xlat/%.h: $(obj)/compat/%.h $(obj)/compat/.xlat/%.lst $(srctree)/tools/get-fields.sh $(src)/Makefile export PYTHON=$(PYTHON); \ while read what name; do \ - $(SHELL) $(BASEDIR)/tools/get-fields.sh "$$what" compat_$$name $< || exit $$?; \ + $(SHELL) $(srctree)/tools/get-fields.sh "$$what" compat_$$name $< || exit $$?; \ done <$(patsubst $(obj)/compat/%,$(obj)/compat/.xlat/%,$(basename $<)).lst >$@.new mv -f $@.new $@ @@ -70,7 +70,7 @@ $(obj)/compat/.xlat/%.lst: $(src)/xlat.lst $(src)/Makefile grep -v '^[[:blank:]]*#' $< | sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,[[:blank:]]+$*\.h[[:blank:]]*$$,,p' >$@.new $(call move-if-changed,$@.new,$@) -xlat-y := $(shell sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,^[?!][[:blank:]]+[^[:blank:]]+[[:blank:]]+,,p' $(src)/xlat.lst | uniq) +xlat-y := $(shell sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,^[?!][[:blank:]]+[^[:blank:]]+[[:blank:]]+,,p' $(srcdir)/xlat.lst | uniq) xlat-y := $(filter $(patsubst compat/%,%,$(headers-y)),$(xlat-y)) $(obj)/compat/xlat.h: $(addprefix $(obj)/compat/.xlat/,$(xlat-y)) $(obj)/config/auto.conf $(src)/Makefile diff --git a/xen/scripts/Kconfig.include b/xen/scripts/Kconfig.include index e1f13e1720..389a690a12 100644 --- a/xen/scripts/Kconfig.include +++ b/xen/scripts/Kconfig.include @@ -40,4 +40,4 @@ $(error-if,$(failure,command -v $(CC)),compiler '$(CC)' not found) $(error-if,$(failure,command -v $(LD)),linker '$(LD)' not found) # gcc version including patch level -gcc-version := $(shell,$(BASEDIR)/scripts/gcc-version.sh $(CC)) +gcc-version := $(shell,$(srctree)/scripts/gcc-version.sh $(CC)) diff --git a/xen/scripts/Makefile.clean b/xen/scripts/Makefile.clean index 4eed319745..f97ecd3b8e 100644 --- a/xen/scripts/Makefile.clean +++ b/xen/scripts/Makefile.clean @@ -5,9 +5,12 @@ src := $(obj) +# shortcuts +srcdir := $(srctree)/$(src) + clean:: -include $(BASEDIR)/scripts/Kbuild.include +include $(srctree)/scripts/Kbuild.include include $(src)/Makefile diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index 4ac6fb8778..a99038cb57 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -8,8 +8,8 @@ CFLAGS-y += -I$(obj)/include AWK = awk -FLASK_H_DEPEND := $(addprefix $(src)/policy/,security_classes initial_sids) -AV_H_DEPEND = $(src)/policy/access_vectors +FLASK_H_DEPEND := $(addprefix $(srcdir)/policy/,security_classes initial_sids) +AV_H_DEPEND := $(srcdir)/policy/access_vectors FLASK_H_FILES := flask.h class_to_string.h initial_sid_to_string.h AV_H_FILES := av_perm_to_string.h av_permissions.h @@ -18,14 +18,14 @@ ALL_H_FILES := $(addprefix include/,$(FLASK_H_FILES) $(AV_H_FILES)) $(addprefix $(obj)/,$(obj-y)) $(obj)/ss/built_in.o: $(addprefix $(obj)/,$(ALL_H_FILES)) extra-y += $(ALL_H_FILES) -mkflask := $(src)/policy/mkflask.sh +mkflask := $(srcdir)/policy/mkflask.sh quiet_cmd_mkflask = MKFLASK $@ cmd_mkflask = $(SHELL) $(mkflask) $(AWK) $(obj)/include $(FLASK_H_DEPEND) $(addprefix $(obj)/%/,$(FLASK_H_FILES)): $(FLASK_H_DEPEND) $(mkflask) FORCE $(call if_changed,mkflask) -mkaccess := $(src)/policy/mkaccess_vector.sh +mkaccess := $(srcdir)/policy/mkaccess_vector.sh quiet_cmd_mkaccess = MKACCESS VECTOR $@ cmd_mkaccess = $(SHELL) $(mkaccess) $(AWK) $(obj)/include $(AV_H_DEPEND) @@ -36,7 +36,7 @@ obj-bin-$(CONFIG_XSM_FLASK_POLICY) += flask-policy.o $(obj)/flask-policy.o: $(obj)/policy.bin $(obj)/flask-policy.S: BINFILE_FLAGS := -i -$(obj)/flask-policy.S: $(BASEDIR)/tools/binfile FORCE +$(obj)/flask-policy.S: $(srctree)/tools/binfile FORCE $(call if_changed,binfile,$(obj)/policy.bin xsm_flask_init_policy) targets += flask-policy.S -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 16:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 16:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300948.513497 (Exim 4.92) (envelope-from ) id 1ncUjG-0002s7-73; Thu, 07 Apr 2022 16:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300948.513497; Thu, 07 Apr 2022 16:11:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUjG-0002s0-41; Thu, 07 Apr 2022 16:11:26 +0000 Received: by outflank-mailman (input) for mailman id 300948; Thu, 07 Apr 2022 16:11:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUjE-0002ro-Ug for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUjE-0003UJ-Tp for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncUjE-0004Dp-T2 for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zdWOVDukA275cpG2wLpAVDqhyJCkExHZy8dzWRibF6Q=; b=mp9vtQBI2r2A6YFVqIbTyxo/LT tMW1xURil8+3xBjzcI30KohkIeLv8qGOBGSqVrfZx7LpcPfAe7ntqTicjlr6MW5WpszBYdf7gtls5 S9hMk7rItRVr3i9py7uoPpNaL39uybIhWHcdFHkeFRub0Gs3dE9gR1MPRCCZLTNuURP0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: rework "headers*.chk" prerequisite in include/ Message-Id: Date: Thu, 07 Apr 2022 16:11:24 +0000 commit d55a3043401a82f1ff0f40bbf9a212753aa46781 Author: Anthony PERARD AuthorDate: Thu Apr 7 17:56:53 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 17:56:53 2022 +0200 build: rework "headers*.chk" prerequisite in include/ Listing public headers when out-of-tree build are involved becomes more annoying where every path to every headers needs to start with "$(srctree)/$(src)", or $(wildcard ) will not work. This means more repetition. ( "$(srcdir)" is a shortcut for "$(srctree)/$(src)" ) This patch attempt to reduce the amount of duplication and make better use of make's meta programming capability. The filters are now listed in a variable and don't have to repeat the path to the headers files as this is added later as needed. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/include/Makefile | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/xen/include/Makefile b/xen/include/Makefile index 5a2b4c9f65..fddf5a575b 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -39,8 +39,8 @@ cppflags-$(CONFIG_X86) += -m32 endif -public-$(CONFIG_X86) := $(wildcard $(src)/public/arch-x86/*.h $(src)/public/arch-x86/*/*.h) -public-$(CONFIG_ARM) := $(wildcard $(src)/public/arch-arm/*.h $(src)/public/arch-arm/*/*.h) +public-$(CONFIG_X86) := $(wildcard $(srcdir)/public/arch-x86/*.h $(srcdir)/public/arch-x86/*/*.h) +public-$(CONFIG_ARM) := $(wildcard $(srcdir)/public/arch-arm/*.h $(srcdir)/public/arch-arm/*/*.h) .PHONY: all all: $(addprefix $(obj)/,$(headers-y)) @@ -81,10 +81,23 @@ ifeq ($(XEN_TARGET_ARCH),$(XEN_COMPILE_ARCH)) all: $(obj)/headers.chk $(obj)/headers99.chk $(obj)/headers++.chk -PUBLIC_HEADERS := $(filter-out $(src)/public/arch-% $(src)/public/dom0_ops.h, $(wildcard $(src)/public/*.h $(src)/public/*/*.h) $(public-y)) +public-hdrs-path := $(srcdir)/public -PUBLIC_C99_HEADERS := $(src)/public/io/9pfs.h $(src)/public/io/pvcalls.h -PUBLIC_ANSI_HEADERS := $(filter-out $(src)/public/%ctl.h $(src)/public/xsm/% $(src)/public/%hvm/save.h $(PUBLIC_C99_HEADERS), $(PUBLIC_HEADERS)) +public-list-headers = $(wildcard $1/*.h $1/*/*.h) +public-filter-headers = $(filter-out $(addprefix $(public-hdrs-path)/, $($1-filter)), $($1)) + +public-headers := $(call public-list-headers, $(public-hdrs-path)) $(public-y) +public-ansi-headers := $(public-headers) +public-c99-headers := $(addprefix $(public-hdrs-path)/, io/9pfs.h io/pvcalls.h) + +public-headers-filter := dom0_ops.h arch-% +public-ansi-headers-filter := %ctl.h xsm/% %hvm/save.h $(public-headers-filter) \ + $(patsubst $(public-hdrs-path)/%,%,$(public-c99-headers)) +public-c99-headers-filter := + +PUBLIC_HEADERS := $(call public-filter-headers,public-headers) +PUBLIC_ANSI_HEADERS := $(call public-filter-headers,public-ansi-headers) +PUBLIC_C99_HEADERS := $(call public-filter-headers,public-c99-headers) $(src)/public/io/9pfs.h-prereq := string $(src)/public/io/pvcalls.h-prereq := string -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 16:11:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 16:11:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300949.513502 (Exim 4.92) (envelope-from ) id 1ncUjQ-0002vp-A6; Thu, 07 Apr 2022 16:11:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300949.513502; Thu, 07 Apr 2022 16:11:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUjQ-0002vh-79; Thu, 07 Apr 2022 16:11:36 +0000 Received: by outflank-mailman (input) for mailman id 300949; Thu, 07 Apr 2022 16:11:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUjP-0002vV-1W for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUjP-0003UU-0d for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncUjO-0004Eb-Vy for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=d7hgfmLtFkrMSPdHokB8rWLiH5Bm1xKPCVFRliZKJ94=; b=gJpbTS0/8iQFFxa1wB1JdpNzU8 BuEiXDSGs9cB3MxrfrQg0SdG1Ml0m5MZ7Ux/zZk8GDWs6i5Ks4p6JEX9gLQ+i8+4uM+SACMS9b7nh 0ymaAhnOlahSKtcTTutGuzqCGJbEvWS2EMyUxrRse2ScOnhNUQOLsgCgAnHTWJCeK6AI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: specify source tree in include/ for prerequisite Message-Id: Date: Thu, 07 Apr 2022 16:11:34 +0000 commit 1188c24ef7a12d1375ad628f93dd685f5a2fab5d Author: Anthony PERARD AuthorDate: Thu Apr 7 17:57:44 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 17:57:44 2022 +0200 build: specify source tree in include/ for prerequisite When doing an out-of-tree build, and thus setting VPATH, GNU Make 3.81 on Ubuntu Trusty complains about Circular dependency of include/Makefile and include/xlat.lst and drop them. The build fails later due to headers malformed. This might be due to bug #13529 "Incorrect circular dependancy" https://savannah.gnu.org/bugs/?13529 which was fixed in 3.82. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/include/Makefile | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/include/Makefile b/xen/include/Makefile index fddf5a575b..c8c4bcd93b 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -45,19 +45,19 @@ public-$(CONFIG_ARM) := $(wildcard $(srcdir)/public/arch-arm/*.h $(srcdir)/publi .PHONY: all all: $(addprefix $(obj)/,$(headers-y)) -$(obj)/compat/%.h: $(obj)/compat/%.i $(src)/Makefile $(srctree)/tools/compat-build-header.py +$(obj)/compat/%.h: $(obj)/compat/%.i $(srcdir)/Makefile $(srctree)/tools/compat-build-header.py $(PYTHON) $(srctree)/tools/compat-build-header.py <$< $(patsubst $(obj)/%,%,$@) >>$@.new; \ mv -f $@.new $@ -$(obj)/compat/%.i: $(obj)/compat/%.c $(src)/Makefile +$(obj)/compat/%.i: $(obj)/compat/%.c $(srcdir)/Makefile $(CPP) $(filter-out -Wa$(comma)% -include %/include/xen/config.h,$(XEN_CFLAGS)) $(cppflags-y) -o $@ $< -$(obj)/compat/%.c: $(src)/public/%.h $(src)/xlat.lst $(src)/Makefile $(srctree)/tools/compat-build-source.py +$(obj)/compat/%.c: $(src)/public/%.h $(srcdir)/xlat.lst $(srcdir)/Makefile $(srctree)/tools/compat-build-source.py mkdir -p $(@D) $(PYTHON) $(srctree)/tools/compat-build-source.py $(srcdir)/xlat.lst <$< >$@.new mv -f $@.new $@ -$(obj)/compat/.xlat/%.h: $(obj)/compat/%.h $(obj)/compat/.xlat/%.lst $(srctree)/tools/get-fields.sh $(src)/Makefile +$(obj)/compat/.xlat/%.h: $(obj)/compat/%.h $(obj)/compat/.xlat/%.lst $(srctree)/tools/get-fields.sh $(srcdir)/Makefile export PYTHON=$(PYTHON); \ while read what name; do \ $(SHELL) $(srctree)/tools/get-fields.sh "$$what" compat_$$name $< || exit $$?; \ @@ -65,7 +65,7 @@ $(obj)/compat/.xlat/%.h: $(obj)/compat/%.h $(obj)/compat/.xlat/%.lst $(srctree)/ mv -f $@.new $@ .PRECIOUS: $(obj)/compat/.xlat/%.lst -$(obj)/compat/.xlat/%.lst: $(src)/xlat.lst $(src)/Makefile +$(obj)/compat/.xlat/%.lst: $(srcdir)/xlat.lst $(srcdir)/Makefile mkdir -p $(@D) grep -v '^[[:blank:]]*#' $< | sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,[[:blank:]]+$*\.h[[:blank:]]*$$,,p' >$@.new $(call move-if-changed,$@.new,$@) @@ -73,7 +73,7 @@ $(obj)/compat/.xlat/%.lst: $(src)/xlat.lst $(src)/Makefile xlat-y := $(shell sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,^[?!][[:blank:]]+[^[:blank:]]+[[:blank:]]+,,p' $(srcdir)/xlat.lst | uniq) xlat-y := $(filter $(patsubst compat/%,%,$(headers-y)),$(xlat-y)) -$(obj)/compat/xlat.h: $(addprefix $(obj)/compat/.xlat/,$(xlat-y)) $(obj)/config/auto.conf $(src)/Makefile +$(obj)/compat/xlat.h: $(addprefix $(obj)/compat/.xlat/,$(xlat-y)) $(obj)/config/auto.conf $(srcdir)/Makefile cat $(filter %.h,$^) >$@.new mv -f $@.new $@ @@ -102,7 +102,7 @@ PUBLIC_C99_HEADERS := $(call public-filter-headers,public-c99-headers) $(src)/public/io/9pfs.h-prereq := string $(src)/public/io/pvcalls.h-prereq := string -$(obj)/headers.chk: $(PUBLIC_ANSI_HEADERS) $(src)/Makefile +$(obj)/headers.chk: $(PUBLIC_ANSI_HEADERS) $(srcdir)/Makefile for i in $(filter %.h,$^); do \ $(CC) -x c -ansi -Wall -Werror -include stdint.h \ -S -o /dev/null $$i || exit 1; \ @@ -110,7 +110,7 @@ $(obj)/headers.chk: $(PUBLIC_ANSI_HEADERS) $(src)/Makefile done >$@.new mv $@.new $@ -$(obj)/headers99.chk: $(PUBLIC_C99_HEADERS) $(src)/Makefile +$(obj)/headers99.chk: $(PUBLIC_C99_HEADERS) $(srcdir)/Makefile rm -f $@.new $(foreach i, $(filter %.h,$^), \ echo "#include "\"$(i)\" \ @@ -120,7 +120,7 @@ $(obj)/headers99.chk: $(PUBLIC_C99_HEADERS) $(src)/Makefile || exit $$?; echo $(i) >> $@.new;) mv $@.new $@ -$(obj)/headers++.chk: $(PUBLIC_HEADERS) $(src)/Makefile +$(obj)/headers++.chk: $(PUBLIC_HEADERS) $(srcdir)/Makefile rm -f $@.new if ! $(CXX) -v >/dev/null 2>&1; then \ touch $@.new; \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 16:11:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 16:11:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300950.513505 (Exim 4.92) (envelope-from ) id 1ncUja-0002yq-Br; Thu, 07 Apr 2022 16:11:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300950.513505; Thu, 07 Apr 2022 16:11:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUja-0002yi-8h; Thu, 07 Apr 2022 16:11:46 +0000 Received: by outflank-mailman (input) for mailman id 300950; Thu, 07 Apr 2022 16:11:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUjZ-0002yR-4T for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUjZ-0003Uu-3a for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncUjZ-0004GY-2q for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0n3J8ZC96Zqx5V0wRlgKFDexehnprvNT/v3RXhqU2nU=; b=1jRJBJr1KYHBlvNcooV0Zng5GA lTk4vCq3ZLnQtZAmS0+AyZ6CbDxEnKilDyeT25iWp6Uku+JyZo67MjQ2zvgJPqRZuPzBw8VVcaO5r 5WftNrVc7fWYgYwlTw/3uPe3fP4shItgRcAAj8Rmh2nBsuydxyc+3PLzOsYM1hafBaZc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: shuffle main Makefile Message-Id: Date: Thu, 07 Apr 2022 16:11:45 +0000 commit 15a0578ca4b02c8daf8d36c94e5955cfc5885424 Author: Anthony PERARD AuthorDate: Thu Apr 7 17:58:44 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 17:58:44 2022 +0200 build: shuffle main Makefile Reorganize a bit the Makefile ahead of patch "build: adding out-of-tree support to the xen build" We are going to want to calculate all the $(*srctree) and $(*objtree) once, when we can calculate them. This can happen within the "$(root-make-done)" guard, in an out-of-tree build scenario, so move those variable there. $(XEN_ROOT) is going to depends on the value of $(abs_srctree) so needs to move as well. "Kbuild.include" also depends on $(srctree). Next, "Config.mk" depends on $(XEN_ROOT) and $(TARGET_*ARCH) depends on "Config.mk" so those needs to move as well. This should only be code movement without functional changes. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/Makefile | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index e78d681baa..ebc7854c08 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -19,17 +19,6 @@ export PYTHON ?= $(PYTHON_INTERPRETER) export CHECKPOLICY ?= checkpolicy -export XEN_ROOT := $(CURDIR)/.. - -abs_objtree := $(CURDIR) -abs_srctree := $(CURDIR) - -export abs_srctree abs_objtree - -srctree := . -objtree := . -export srctree objtree - # Do not use make's built-in rules and variables MAKEFLAGS += -rR @@ -41,16 +30,6 @@ SRCARCH=$(shell echo $(ARCH) | \ -e s'/riscv.*/riscv/g') export ARCH SRCARCH -# Don't break if the build process wasn't called from the top level -# we need XEN_TARGET_ARCH to generate the proper config -include $(XEN_ROOT)/Config.mk - -# Set ARCH/SUBARCH appropriately. -export TARGET_SUBARCH := $(XEN_TARGET_ARCH) -export TARGET_ARCH := $(shell echo $(XEN_TARGET_ARCH) | \ - sed -e 's/x86.*/x86/' -e s'/arm\(32\|64\)/arm/g' \ - -e s'/riscv.*/riscv/g') - # Allow someone to change their config file export KCONFIG_CONFIG ?= .config @@ -64,8 +43,6 @@ default: build .PHONY: dist dist: install -include scripts/Kbuild.include - ifneq ($(root-make-done),y) # section to run before calling Rules.mk, but only once. @@ -141,6 +118,17 @@ endif export quiet Q KBUILD_VERBOSE +abs_objtree := $(CURDIR) +abs_srctree := $(CURDIR) + +export abs_srctree abs_objtree + +srctree := . +objtree := . +export srctree objtree + +export XEN_ROOT := $(CURDIR)/.. + # To make sure we do not include .config for any of the *config targets # catch them early, and hand them over to tools/kconfig/Makefile @@ -163,6 +151,18 @@ ifneq ($(filter %config,$(MAKECMDGOALS)),) config-build := y endif +include scripts/Kbuild.include + +# Don't break if the build process wasn't called from the top level +# we need XEN_TARGET_ARCH to generate the proper config +include $(XEN_ROOT)/Config.mk + +# Set ARCH/SUBARCH appropriately. +export TARGET_SUBARCH := $(XEN_TARGET_ARCH) +export TARGET_ARCH := $(shell echo $(XEN_TARGET_ARCH) | \ + sed -e 's/x86.*/x86/' -e s'/arm\(32\|64\)/arm/g' \ + -e s'/riscv.*/riscv/g') + export CONFIG_SHELL := $(SHELL) export YACC = $(if $(BISON),$(BISON),bison) export LEX = $(if $(FLEX),$(FLEX),flex) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 07 16:11:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Apr 2022 16:11:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.300951.513509 (Exim 4.92) (envelope-from ) id 1ncUjl-00032A-D5; Thu, 07 Apr 2022 16:11:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 300951.513509; Thu, 07 Apr 2022 16:11:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUjl-000322-AF; Thu, 07 Apr 2022 16:11:57 +0000 Received: by outflank-mailman (input) for mailman id 300951; Thu, 07 Apr 2022 16:11:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUjj-00031e-7T for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncUjj-0003V6-6e for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncUjj-0004PX-5q for xen-changelog@lists.xenproject.org; Thu, 07 Apr 2022 16:11:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Boo/otzaWkc9Xxlbed4PnObUnEeg8/fFzUVUfwdkLbw=; b=6xqwIk0RUgqfcqMHjqQnrGkywy u/4vmWUWOvkgxTFAnIYISpy9hwldya/zRLWWnCwuL4LG56Y9+wOX2kD+AMqiW9HkP+bjrqhDPo+W9 +JDC+knticuKV+c0FyiEN49PDRxEoGFJl84OVXiQJxUmRBc3d+CH2cs0HJIJPwHszn7s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] vPCI: fix MSI-X PBA read/write gprintk()s Message-Id: Date: Thu, 07 Apr 2022 16:11:55 +0000 commit d3f61beea4255e2d86ae82303384c57a3262435e Author: Jan Beulich AuthorDate: Thu Apr 7 18:01:24 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 18:01:24 2022 +0200 vPCI: fix MSI-X PBA read/write gprintk()s %pp wants the address of an SBDF, not that of a PCI device. Fixes: b4f211606011 ("vpci/msix: fix PBA accesses") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/vpci/msix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index 63f162cf5a..ab758a1ddf 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -247,7 +247,7 @@ static int cf_check msix_read( { gprintk(XENLOG_WARNING, "%pp: unable to map MSI-X PBA, report all pending\n", - msix->pdev); + &msix->pdev->sbdf); return X86EMUL_OKAY; } @@ -332,7 +332,7 @@ static int cf_check msix_write( /* Unable to map the PBA, ignore write. */ gprintk(XENLOG_WARNING, "%pp: unable to map MSI-X PBA, write ignored\n", - msix->pdev); + &msix->pdev->sbdf); return X86EMUL_OKAY; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:00:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:00:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301030.513621 (Exim 4.92) (envelope-from ) id 1ncc2l-0007Or-Ie; Fri, 08 Apr 2022 00:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301030.513621; Fri, 08 Apr 2022 00:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc2l-0007OS-E4; Fri, 08 Apr 2022 00:00:03 +0000 Received: by outflank-mailman (input) for mailman id 301030; Fri, 08 Apr 2022 00:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc2k-00072k-9U for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc2k-0003GJ-70 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc2k-0005Fz-5v for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GI7HLU7u4EtqJLByz9RIRVA3zYz/f7Fig5mFwKY0NWE=; b=o1GQy8+NILwKRYXv/DhsLLRuja KhqIbbWgcx9ecNUTmB+EPhiytLnTS7Co6NS+n25pmeC7QzeuIgvCod4ycXOralBbL5Tbxf2XBdWTi bMvEEJrqA9Nu6YRuoKQ63l9dcIcY+7QiR68BMdaNsk8eT5CpI+px0i3lZC5jArRwpmGU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] update Xen version to 4.14.5-pre Message-Id: Date: Fri, 08 Apr 2022 00:00:02 +0000 commit 576d4697cd8a7f7afd621dcac22e306328871744 Author: Jan Beulich AuthorDate: Thu Apr 7 09:02:27 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:02:27 2022 +0200 update Xen version to 4.14.5-pre --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index 6995bf01d9..7c98e4ae15 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 14 -export XEN_EXTRAVERSION ?= .4$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .5-pre$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:00:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301031.513623 (Exim 4.92) (envelope-from ) id 1ncc2v-0007sN-Ku; Fri, 08 Apr 2022 00:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301031.513623; Fri, 08 Apr 2022 00:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc2v-0007sF-Ht; Fri, 08 Apr 2022 00:00:13 +0000 Received: by outflank-mailman (input) for mailman id 301031; Fri, 08 Apr 2022 00:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc2u-0007s7-BQ for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc2u-0003as-AV for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc2u-0005J0-9T for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=y4VUlH7oinKb300LN2ZlU4Mns5fXU2QX/G8+ByVDfwA=; b=Lx6LAZuKzZgQ5/nhdjjQs2z5g+ yrEotgXq4lQ2XMv5ax5dG1Df+xbIlkm7sHiRbaX1J1I6o/F33OZfqpuq/WCPNL6l+OZpFKiZu5IW9 wXSLyROLIWo5ZxhsUlWuTuzbPoE51N7SaIJV66yBz6X9pziuOUzO5kqHOP268TOAo4Ts=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] tools/libxl: Correctly align the ACPI tables Message-Id: Date: Fri, 08 Apr 2022 00:00:12 +0000 commit 67f52a2e2d4a710a27380cd9fc9db672f9b39830 Author: Kevin Stefanov AuthorDate: Thu Apr 7 09:03:55 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:03:55 2022 +0200 tools/libxl: Correctly align the ACPI tables The memory allocator currently calculates alignment in libxl's virtual address space, rather than guest physical address space. This results in the FACS being commonly misaligned. Furthermore, the allocator has several other bugs. The opencoded align-up calculation is currently susceptible to a bug that occurs in the corner case that the buffer is already aligned to begin with. In that case, an align-sized memory hole is introduced. The while loop is dead logic because its effects are entirely and unconditionally overwritten immediately after it. Rework the memory allocator to align in guest physical address space instead of libxl's virtual memory and improve the calculation, drop errant extra page in allocated buffer for ACPI tables, and give some of the variables better names/types. Fixes: 14c0d328da2b ("libxl/acpi: Build ACPI tables for HVMlite guests") Signed-off-by: Kevin Stefanov Reviewed-by: Jan Beulich Acked-by: Ian Jackson master commit: dd6c062a7a4abdb662c18af03d1396325969d155 master date: 2021-09-24 11:07:50 +0100 --- tools/libxl/libxl_x86_acpi.c | 49 +++++++++++++++++--------------------------- 1 file changed, 19 insertions(+), 30 deletions(-) diff --git a/tools/libxl/libxl_x86_acpi.c b/tools/libxl/libxl_x86_acpi.c index ed6610c84e..43da8a38ed 100644 --- a/tools/libxl/libxl_x86_acpi.c +++ b/tools/libxl/libxl_x86_acpi.c @@ -22,6 +22,7 @@ /* Number of pages holding ACPI tables */ #define NUM_ACPI_PAGES 16 +#define ALIGN(p, a) (((p) + ((a) - 1)) & ~((a) - 1)) struct libxl_acpi_ctxt { struct acpi_ctxt c; @@ -30,10 +31,10 @@ struct libxl_acpi_ctxt { unsigned int page_shift; /* Memory allocator */ - unsigned long alloc_base_paddr; - unsigned long alloc_base_vaddr; - unsigned long alloc_currp; - unsigned long alloc_end; + unsigned long guest_start; + unsigned long guest_curr; + unsigned long guest_end; + void *buf; }; extern const unsigned char dsdt_pvh[]; @@ -45,8 +46,7 @@ static unsigned long virt_to_phys(struct acpi_ctxt *ctxt, void *v) struct libxl_acpi_ctxt *libxl_ctxt = CONTAINER_OF(ctxt, struct libxl_acpi_ctxt, c); - return (((unsigned long)v - libxl_ctxt->alloc_base_vaddr) + - libxl_ctxt->alloc_base_paddr); + return libxl_ctxt->guest_start + (v - libxl_ctxt->buf); } static void *mem_alloc(struct acpi_ctxt *ctxt, @@ -60,20 +60,16 @@ static void *mem_alloc(struct acpi_ctxt *ctxt, if (align < 16) align = 16; - s = (libxl_ctxt->alloc_currp + align) & ~((unsigned long)align - 1); + s = ALIGN(libxl_ctxt->guest_curr, align); e = s + size - 1; /* TODO: Reallocate memory */ - if ((e < s) || (e >= libxl_ctxt->alloc_end)) + if ((e < s) || (e >= libxl_ctxt->guest_end)) return NULL; - while (libxl_ctxt->alloc_currp >> libxl_ctxt->page_shift != - e >> libxl_ctxt->page_shift) - libxl_ctxt->alloc_currp += libxl_ctxt->page_size; + libxl_ctxt->guest_curr = e; - libxl_ctxt->alloc_currp = e; - - return (void *)s; + return libxl_ctxt->buf + (s - libxl_ctxt->guest_start); } static void acpi_mem_free(struct acpi_ctxt *ctxt, @@ -165,15 +161,12 @@ int libxl__dom_load_acpi(libxl__gc *gc, struct acpi_config config = {0}; struct libxl_acpi_ctxt libxl_ctxt; int rc = 0, acpi_pages_num; - void *acpi_pages; - unsigned long page_mask; if (b_info->type != LIBXL_DOMAIN_TYPE_PVH) goto out; libxl_ctxt.page_size = XC_DOM_PAGE_SIZE(dom); libxl_ctxt.page_shift = XC_DOM_PAGE_SHIFT(dom); - page_mask = (1UL << libxl_ctxt.page_shift) - 1; libxl_ctxt.c.mem_ops.alloc = mem_alloc; libxl_ctxt.c.mem_ops.v2p = virt_to_phys; @@ -188,19 +181,17 @@ int libxl__dom_load_acpi(libxl__gc *gc, config.rsdp = (unsigned long)libxl__malloc(gc, libxl_ctxt.page_size); config.infop = (unsigned long)libxl__malloc(gc, libxl_ctxt.page_size); /* Pages to hold ACPI tables */ - acpi_pages = libxl__malloc(gc, (NUM_ACPI_PAGES + 1) * - libxl_ctxt.page_size); + libxl_ctxt.buf = libxl__malloc(gc, NUM_ACPI_PAGES * + libxl_ctxt.page_size); /* * Set up allocator memory. * Start next to acpi_info page to avoid fracturing e820. */ - libxl_ctxt.alloc_base_paddr = ACPI_INFO_PHYSICAL_ADDRESS + - libxl_ctxt.page_size; - libxl_ctxt.alloc_base_vaddr = libxl_ctxt.alloc_currp = - (unsigned long)acpi_pages; - libxl_ctxt.alloc_end = (unsigned long)acpi_pages + - (NUM_ACPI_PAGES * libxl_ctxt.page_size); + libxl_ctxt.guest_start = libxl_ctxt.guest_curr = libxl_ctxt.guest_end = + ACPI_INFO_PHYSICAL_ADDRESS + libxl_ctxt.page_size; + + libxl_ctxt.guest_end += NUM_ACPI_PAGES * libxl_ctxt.page_size; /* Build the tables. */ rc = acpi_build_tables(&libxl_ctxt.c, &config); @@ -210,10 +201,8 @@ int libxl__dom_load_acpi(libxl__gc *gc, } /* Calculate how many pages are needed for the tables. */ - acpi_pages_num = - ((libxl_ctxt.alloc_currp - (unsigned long)acpi_pages) - >> libxl_ctxt.page_shift) + - ((libxl_ctxt.alloc_currp & page_mask) ? 1 : 0); + acpi_pages_num = (ALIGN(libxl_ctxt.guest_curr, libxl_ctxt.page_size) - + libxl_ctxt.guest_start) >> libxl_ctxt.page_shift; dom->acpi_modules[0].data = (void *)config.rsdp; dom->acpi_modules[0].length = 64; @@ -234,7 +223,7 @@ int libxl__dom_load_acpi(libxl__gc *gc, dom->acpi_modules[1].length = 4096; dom->acpi_modules[1].guest_addr_out = ACPI_INFO_PHYSICAL_ADDRESS; - dom->acpi_modules[2].data = acpi_pages; + dom->acpi_modules[2].data = libxl_ctxt.buf; dom->acpi_modules[2].length = acpi_pages_num << libxl_ctxt.page_shift; dom->acpi_modules[2].guest_addr_out = ACPI_INFO_PHYSICAL_ADDRESS + libxl_ctxt.page_size; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:00:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:00:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301032.513628 (Exim 4.92) (envelope-from ) id 1ncc35-00085v-ML; Fri, 08 Apr 2022 00:00:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301032.513628; Fri, 08 Apr 2022 00:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc35-00085n-JM; Fri, 08 Apr 2022 00:00:23 +0000 Received: by outflank-mailman (input) for mailman id 301032; Fri, 08 Apr 2022 00:00:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc34-00085d-Ef for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc34-0003bH-Dn for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc34-0005Jh-Cs for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YBPM/y/le0oNjC58A4fiI/y9NV9QuYO8SdPdrKTLu/8=; b=gY7OvhV7nnDrhwBdZHqeO2ghWc cUdxIAbuTyBKLB93yjWED1aVm7qc5KZEbxHnju1k9Ma427lj+OwygvSR964B0jIrPxO6+xexXFQzv bHown8W1mVjNeSbnOXLvfDwZWfqHI7aTQPAQ+aTZvH2ApnqjVE8fvIRErQvfjrTbRktE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] tools/libs/light: set video_mem for PVH guests Message-Id: Date: Fri, 08 Apr 2022 00:00:22 +0000 commit a58f5fdc1b743d11ead73614b0affc97a745c414 Author: Juergen Gross AuthorDate: Thu Apr 7 09:04:14 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:04:14 2022 +0200 tools/libs/light: set video_mem for PVH guests The size of the video memory of PVH guests should be set to 0 in case no value has been specified. Doing not so will leave it to be -1, resulting in an additional 1 kB of RAM being advertised in the memory map (here the output of a PVH Mini-OS boot with 16 MB of RAM assigned): Memory map: 000000000000-0000010003ff: RAM 0000feff8000-0000feffffff: Reserved 0000fc008000-0000fc00803f: ACPI 0000fc000000-0000fc000fff: ACPI 0000fc001000-0000fc007fff: ACPI Signed-off-by: Juergen Gross Reviewed-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD master commit: 0a20a53df158eb0724ce6dcd9de70cbdad547d6f master date: 2021-12-09 16:26:29 +0000 --- tools/libxl/libxl_create.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c index 83b0eb00bf..76299dd43d 100644 --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -427,6 +427,8 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, break; case LIBXL_DOMAIN_TYPE_PVH: libxl_defbool_setdefault(&b_info->u.pvh.pvshim, false); + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 0; if (libxl_defbool_val(b_info->u.pvh.pvshim)) { if (!b_info->u.pvh.pvshim_path) b_info->u.pvh.pvshim_path = -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:00:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:00:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301033.513632 (Exim 4.92) (envelope-from ) id 1ncc3F-0008AP-PW; Fri, 08 Apr 2022 00:00:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301033.513632; Fri, 08 Apr 2022 00:00:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3F-0008AI-MQ; Fri, 08 Apr 2022 00:00:33 +0000 Received: by outflank-mailman (input) for mailman id 301033; Fri, 08 Apr 2022 00:00:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3E-0008A2-Ht for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3E-0003bY-H0 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc3E-0005KM-G1 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YlbIWj399y/6pmCsdDT39hGliuLjsnzX4FO7ZaPiXCY=; b=o8Fr3CKLaBG7pxNBYCNeAS9IfW 8Aj2Mxd4tNey4O/hbhdPre9ZqJ/Gs0pqww+UpFUJCUWGQ41P/q2pIDtzsL+O6O64KZLmQGUHF9CiW AWtQiGMCPq7Heqs2Dxu0v1K9et8VbdEK/Oc9zIh1+LilG6kkidzu4CkLGlFkfHsvqXTY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] build: fix exported variable name CFLAGS_stack_boundary Message-Id: Date: Fri, 08 Apr 2022 00:00:32 +0000 commit 83694747099ee34fe38bc1ac761dacc41026d3ee Author: Anthony PERARD AuthorDate: Thu Apr 7 09:05:23 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:05:23 2022 +0200 build: fix exported variable name CFLAGS_stack_boundary Exporting a variable with a dash doesn't work reliably, they may be striped from the environment when calling a sub-make or sub-shell. CFLAGS-stack-boundary start to be removed from env in patch "build: set ALL_OBJS in main Makefile; move prelink.o to main Makefile" when running `make "ALL_OBJS=.."` due to the addition of the quote. At least in my empirical tests. Fixes: 2740d96efd ("xen/build: have the root Makefile generates the CFLAGS") Signed-off-by: Anthony PERARD Acked-by: Jan Beulich master commit: aa390d513a67a6ec0a069eea7478e5ecd54a7ea6 master date: 2022-01-28 11:44:33 +0100 --- xen/arch/x86/Rules.mk | 4 ++-- xen/arch/x86/arch.mk | 4 ++-- xen/arch/x86/efi/Makefile | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/Rules.mk b/xen/arch/x86/Rules.mk index 56fe22c979..7aef93f5f3 100644 --- a/xen/arch/x86/Rules.mk +++ b/xen/arch/x86/Rules.mk @@ -6,5 +6,5 @@ object_label_flags = '-D__OBJECT_LABEL__=$(subst $(BASEDIR)/,,$(CURDIR))/$@' else object_label_flags = '-D__OBJECT_LABEL__=$(subst /,$$,$(subst -,_,$(subst $(BASEDIR)/,,$(CURDIR))/$@))' endif -c_flags += $(object_label_flags) $(CFLAGS-stack-boundary) -a_flags += $(object_label_flags) $(CFLAGS-stack-boundary) +c_flags += $(object_label_flags) $(CFLAGS_stack_boundary) +a_flags += $(object_label_flags) $(CFLAGS_stack_boundary) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 7a7ff7dd7d..329ff8e541 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -56,8 +56,8 @@ endif # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. -$(call cc-option-add,CFLAGS-stack-boundary,CC,-mpreferred-stack-boundary=3) -export CFLAGS-stack-boundary +$(call cc-option-add,CFLAGS_stack_boundary,CC,-mpreferred-stack-boundary=3) +export CFLAGS_stack_boundary ifeq ($(CONFIG_UBSAN),y) # Don't enable alignment sanitisation. x86 has efficient unaligned accesses, diff --git a/xen/arch/x86/efi/Makefile b/xen/arch/x86/efi/Makefile index 3e4c395b75..a26fc2d1a5 100644 --- a/xen/arch/x86/efi/Makefile +++ b/xen/arch/x86/efi/Makefile @@ -11,7 +11,7 @@ boot.init.o: buildid.o EFIOBJ := boot.init.o compat.o runtime.o $(call cc-option-add,cflags-stack-boundary,CC,-mpreferred-stack-boundary=4) -$(EFIOBJ): CFLAGS-stack-boundary := $(cflags-stack-boundary) +$(EFIOBJ): CFLAGS_stack_boundary := $(cflags-stack-boundary) obj-y := stub.o obj-$(XEN_BUILD_EFI) := $(EFIOBJ) relocs-dummy.o -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:00:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:00:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301034.513636 (Exim 4.92) (envelope-from ) id 1ncc3P-0008F3-R4; Fri, 08 Apr 2022 00:00:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301034.513636; Fri, 08 Apr 2022 00:00:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3P-0008Ev-O4; Fri, 08 Apr 2022 00:00:43 +0000 Received: by outflank-mailman (input) for mailman id 301034; Fri, 08 Apr 2022 00:00:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3O-0008Eh-Lb for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3O-0003c1-Kk for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc3O-0005LA-Jp for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2mEIjcaFBgFUHkysHkSQOgOItn6w/hQSdAxB7yXkDwE=; b=6S8sZ5R5MkV2sX9B/TSi5Qlz7p o3/z5rQNCC65OVdbm2YwpVOh0+1Q2lCDt65xl2ipQCERhLCTN3OiOUmVkXCcYnTBxxWheaB+FJ10w c4IYKB6sS0BSX1evVsXb6UVy0IbUcP1m5SqsctaKwjYiykRfYDgiWQZ+VoEM+isiiSHc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86emul: fix VPBLENDMW with mask and memory operand Message-Id: Date: Fri, 08 Apr 2022 00:00:42 +0000 commit cc06d95c4139b403236614dcddc7f8a6c5e8bb51 Author: Jan Beulich AuthorDate: Thu Apr 7 09:06:00 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:06:00 2022 +0200 x86emul: fix VPBLENDMW with mask and memory operand Element size for this opcode depends on EVEX.W, not the low opcode bit. Make use of AVX512BW being a prereq to AVX512_BITALG and move the case label there, adding an AVX512BW feature check. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: eddf13b5e9401f6871dcce1ce61c80cff62079ed master date: 2022-02-14 10:08:38 +0100 --- xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index e9216c40ff..c0f91dd4b3 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -7364,7 +7364,6 @@ x86_emulate( case X86EMUL_OPC_EVEX_66(0x0f38, 0x0b): /* vpmulhrsw [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1c): /* vpabsb [xyz]mm/mem,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1d): /* vpabsw [xyz]mm/mem,[xyz]mm{k} */ - case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << (b & 1); @@ -9512,6 +9511,9 @@ x86_emulate( /* fall through */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x54): /* vpopcnt{b,w} [xyz]mm/mem,[xyz]mm{k} */ host_and_vcpu_must_have(avx512_bitalg); + /* fall through */ + case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ + host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << evex.w; goto avx512f_no_sae; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:00:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:00:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301035.513641 (Exim 4.92) (envelope-from ) id 1ncc3Z-0008Hv-Tj; Fri, 08 Apr 2022 00:00:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301035.513641; Fri, 08 Apr 2022 00:00:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3Z-0008Hn-PZ; Fri, 08 Apr 2022 00:00:53 +0000 Received: by outflank-mailman (input) for mailman id 301035; Fri, 08 Apr 2022 00:00:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3Y-0008HR-Oh for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3Y-0003cG-Nt for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc3Y-0005Ls-N5 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:00:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BFLdZ6mIxnRzzyEnYIG8zYZZnE5QKp82yvXZp6AB0B8=; b=UFW0U13LiYT0yGFYwrug8gS2X6 yHbjDijhscJiSXL54UkBDjfRWGQwr6enngJNxSJp1Y6fAsraJwBZgfoIDWFuk2BLws2gTOLiJ5vgF 3L8h02sZrqm3dRLWPrtuSI2KqAwqoB0LhskDDLatshd8Vwdnolbhd4UrFR4nUdoPVLMc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/console: process softirqs between warning prints Message-Id: Date: Fri, 08 Apr 2022 00:00:52 +0000 commit a2f7300559242d03ae12c3f98bb21e79acea8e6a Author: Roger Pau MonnĂ© AuthorDate: Thu Apr 7 09:06:49 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:06:49 2022 +0200 x86/console: process softirqs between warning prints Process softirqs while printing end of boot warnings. Each warning can be several lines long, and on slow consoles printing multiple ones without processing softirqs can result in the watchdog triggering: (XEN) [ 22.277806] *************************************************** (XEN) [ 22.417802] WARNING: CONSOLE OUTPUT IS SYNCHRONOUS (XEN) [ 22.556029] This option is intended to aid debugging of Xen by ensuring (XEN) [ 22.696802] that all output is synchronously delivered on the serial line. (XEN) [ 22.838024] However it can introduce SIGNIFICANT latencies and affect (XEN) [ 22.978710] timekeeping. It is NOT recommended for production use! (XEN) [ 23.119066] *************************************************** (XEN) [ 23.258865] Booted on L1TF-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.399560] enabled. Please assess your configuration and choose an (XEN) [ 23.539925] explicit 'smt=' setting. See XSA-273. (XEN) [ 23.678860] *************************************************** (XEN) [ 23.818492] Booted on MLPDS/MFBDS-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.959811] enabled. Mitigations will not be fully effective. Please (XEN) [ 24.100396] choose an explicit smt= setting. See XSA-297. (XEN) [ 24.240254] *************************************************(XEN) [ 24.247302] Watchdog timer detects that CPU0 is stuck! (XEN) [ 24.386785] ----[ Xen-4.17-unstable x86_64 debug=y Tainted: C ]---- (XEN) [ 24.527874] CPU: 0 (XEN) [ 24.662422] RIP: e008:[] drivers/char/ns16550.c#ns16550_tx_ready+0x3a/0x90 Fixes: ee3fd57acd ('xen: add warning infrastructure') Signed-off-by: Roger Pau MonnĂ© Acked-by: Jan Beulich master commit: 6bd1b4d35c05c21a78bf00f610587ce8a75cb5c2 master date: 2022-02-18 09:02:16 +0100 --- xen/common/warning.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/warning.c b/xen/common/warning.c index 0269c6715c..e6e1404baf 100644 --- a/xen/common/warning.c +++ b/xen/common/warning.c @@ -30,6 +30,7 @@ void __init warning_print(void) { printk("%s", warnings[i]); printk("***************************************************\n"); + process_pending_softirqs(); } for ( i = 0; i < 3; i++ ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:01:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:01:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301037.513655 (Exim 4.92) (envelope-from ) id 1ncc3k-0000BG-7Y; Fri, 08 Apr 2022 00:01:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301037.513655; Fri, 08 Apr 2022 00:01:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3k-0000B8-4Z; Fri, 08 Apr 2022 00:01:04 +0000 Received: by outflank-mailman (input) for mailman id 301037; Fri, 08 Apr 2022 00:01:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3i-0000Ag-Rq for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3i-0003cd-R1 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc3i-0005Mn-QK for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eSIW5TypOZejA45tipHXteNqwphgJDmK/GVC4hK+Kxs=; b=fbHA7DTbWDX0KMeVkOxGsKUak7 CaIImNsazHPHZd7jjJeKyye8/j/ntVZq6clJTRPQeqttXMcD3o7U4S+c9PgAe3gsTgnhc+31HmQ+o D/2Yw1b4DMq5VQWMrfQABbTfh2Adedqy9bFAIF/EWShjo0eAiHVJs4TcFNy3D5W9ZFt4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] tools/libxl: don't allow IOMMU usage with PoD Message-Id: Date: Fri, 08 Apr 2022 00:01:02 +0000 commit f21d28750627c9bba3e0032251d29ddefd9ac491 Author: Roger Pau MonnĂ© AuthorDate: Thu Apr 7 09:07:18 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:07:18 2022 +0200 tools/libxl: don't allow IOMMU usage with PoD Prevent libxl from creating guests that attempts to use PoD together with an IOMMU, even if no devices are actually assigned. While the hypervisor could support using PoD together with an IOMMU as long as no devices are assigned, such usage seems doubtful. There's no guarantee the guest has PoD no longer be active, and thus a later assignment of a PCI device to such domain could fail. Preventing the usage of PoD together with an IOMMU at guest creation avoids having to add checks for active PoD entries in the device assignment paths. Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Anthony PERARD master commit: 07449ecfa42532495156fa342af2112e3e31dd3f master date: 2022-02-18 09:03:08 +0100 --- tools/libxl/libxl_create.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c index 76299dd43d..5cadb95a3f 100644 --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -1132,17 +1132,17 @@ int libxl__domain_config_setdefault(libxl__gc *gc, pod_enabled = (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV) && (d_config->b_info.target_memkb < d_config->b_info.max_memkb); - /* We cannot have PoD and PCI device assignment at the same time - * for HVM guest. It was reported that IOMMU cannot work with PoD - * enabled because it needs to populated entire page table for - * guest. To stay on the safe side, we disable PCI device - * assignment when PoD is enabled. + /* We don't support having PoD and an IOMMU at the same time for HVM + * guests. An active IOMMU cannot work with PoD because it needs a fully + * populated page-table. Prevent PoD usage if the domain has an IOMMU + * assigned, even if not active. */ if (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV && - d_config->num_pcidevs && pod_enabled) { + d_config->c_info.passthrough != LIBXL_PASSTHROUGH_DISABLED && + pod_enabled) { ret = ERROR_INVAL; LOGD(ERROR, domid, - "PCI device assignment for HVM guest failed due to PoD enabled"); + "IOMMU required for device passthrough but not supported together with PoD"); goto error_out; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:01:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:01:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301040.513663 (Exim 4.92) (envelope-from ) id 1ncc3u-0000K5-I8; Fri, 08 Apr 2022 00:01:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301040.513663; Fri, 08 Apr 2022 00:01:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3u-0000JR-Da; Fri, 08 Apr 2022 00:01:14 +0000 Received: by outflank-mailman (input) for mailman id 301040; Fri, 08 Apr 2022 00:01:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3s-0000GD-Uh for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc3s-0003cs-Tv for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc3s-0005NQ-TG for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OAk9uK70n7GzXZ17tjsuGPApR5shKcaijlbGCw69oIA=; b=f7Y1YN6W8dgBIdmB9DkyQlk2Md JfaPn2saRoTxRjs6jOsoGuDGZ8ixWt7MMLvvELTp6FlRXBWvla08LbKbzXAc/+YGtk8nr3OjDGAnl KK4J8puOJFOaGBroOK9x/9VfL/b3Rdl6VG79luJWlDhQBML+nxHAsWB9HopISceotHug=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] xz: avoid overlapping memcpy() with invalid input with in-place decompression Message-Id: Date: Fri, 08 Apr 2022 00:01:12 +0000 commit a220fe87684f5247f15ed9f3d69ccf040e142aea Author: Lasse Collin AuthorDate: Thu Apr 7 09:07:43 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:07:43 2022 +0200 xz: avoid overlapping memcpy() with invalid input with in-place decompression With valid files, the safety margin described in lib/decompress_unxz.c ensures that these buffers cannot overlap. But if the uncompressed size of the input is larger than the caller thought, which is possible when the input file is invalid/corrupt, the buffers can overlap. Obviously the result will then be garbage (and usually the decoder will return an error too) but no other harm will happen when such an over-run occurs. This change only affects uncompressed LZMA2 chunks and so this should have no effect on performance. Link: https://lore.kernel.org/r/20211010213145.17462-2-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 83d3c4f22a36 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper master commit: 10454f381f9157bce26d5db15e07e857b317b4af master date: 2022-03-07 09:08:08 +0100 --- xen/common/unxz.c | 2 +- xen/common/xz/dec_lzma2.c | 21 +++++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/xen/common/unxz.c b/xen/common/unxz.c index cf25c9fc8e..3676a2ab0c 100644 --- a/xen/common/unxz.c +++ b/xen/common/unxz.c @@ -127,7 +127,7 @@ * memeq and memzero are not used much and any remotely sane implementation * is fast enough. memcpy/memmove speed matters in multi-call mode, but * the kernel image is decompressed in single-call mode, in which only - * memcpy speed can matter and only if there is a lot of uncompressible data + * memmove speed can matter and only if there is a lot of uncompressible data * (LZMA2 stores uncompressible chunks in uncompressed form). Thus, the * functions below should just be kept small; it's probably not worth * optimizing for speed. diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 44fe79bc30..3c086732c8 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -387,7 +387,14 @@ static void INIT dict_uncompressed(struct dictionary *dict, struct xz_buf *b, *left -= copy_size; - memcpy(dict->buf + dict->pos, b->in + b->in_pos, copy_size); + /* + * If doing in-place decompression in single-call mode and the + * uncompressed size of the file is larger than the caller + * thought (i.e. it is invalid input!), the buffers below may + * overlap and cause undefined behavior with memcpy(). + * With valid inputs memcpy() would be fine here. + */ + memmove(dict->buf + dict->pos, b->in + b->in_pos, copy_size); dict->pos += copy_size; if (dict->full < dict->pos) @@ -397,7 +404,11 @@ static void INIT dict_uncompressed(struct dictionary *dict, struct xz_buf *b, if (dict->pos == dict->end) dict->pos = 0; - memcpy(b->out + b->out_pos, b->in + b->in_pos, + /* + * Like above but for multi-call mode: use memmove() + * to avoid undefined behavior with invalid input. + */ + memmove(b->out + b->out_pos, b->in + b->in_pos, copy_size); } @@ -421,6 +432,12 @@ static uint32_t INIT dict_flush(struct dictionary *dict, struct xz_buf *b) if (dict->pos == dict->end) dict->pos = 0; + /* + * These buffers cannot overlap even if doing in-place + * decompression because in multi-call mode dict->buf + * has been allocated by us in this file; it's not + * provided by the caller like in single-call mode. + */ memcpy(b->out + b->out_pos, dict->buf + dict->start, copy_size); } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:01:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:01:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301043.513674 (Exim 4.92) (envelope-from ) id 1ncc44-0000fy-Iv; Fri, 08 Apr 2022 00:01:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301043.513674; Fri, 08 Apr 2022 00:01:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc44-0000fo-Fr; Fri, 08 Apr 2022 00:01:24 +0000 Received: by outflank-mailman (input) for mailman id 301043; Fri, 08 Apr 2022 00:01:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc43-0000eu-1N for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc43-0003d3-0Z for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc42-0005O7-W7 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1J5luTPQA0SJ2HV9j+vXMfPPUrhEE+IctzSzZLYptLs=; b=JAnC/671LU1WEKVIgVus5Bt1N5 lfUT5HtACAkKxtcGRuZIgRUzXh5ZbeHQe7xJJ5rsdG500YnpXzG+JxlGz73dZ9VZMY1pk2v41XNAe /5hea7oYK7weZen9dqX/EUqrkEqeGhWfmwe1eRhLhGefFmgLR87Yg+eaXVXaIvDeGnQg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] xz: validate the value before assigning it to an enum variable Message-Id: Date: Fri, 08 Apr 2022 00:01:22 +0000 commit a3b6ec391c5ed975b565b008196c4db444f246a5 Author: Lasse Collin AuthorDate: Thu Apr 7 09:08:20 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:08:20 2022 +0200 xz: validate the value before assigning it to an enum variable This might matter, for example, if the underlying type of enum xz_check was a signed char. In such a case the validation wouldn't have caught an unsupported header. I don't know if this problem can occur in the kernel on any arch but it's still good to fix it because some people might copy the XZ code to their own projects from Linux instead of the upstream XZ Embedded repository. This change may increase the code size by a few bytes. An alternative would have been to use an unsigned int instead of enum xz_check but using an enumeration looks cleaner. Link: https://lore.kernel.org/r/20211010213145.17462-3-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4f8d7abaa413 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper master commit: 0a21660515c24f09c4ee060ce0bb42e4b2e6b6fa master date: 2022-03-07 09:08:54 +0100 --- xen/common/xz/dec_stream.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/common/xz/dec_stream.c b/xen/common/xz/dec_stream.c index b8b566307c..e921d46abc 100644 --- a/xen/common/xz/dec_stream.c +++ b/xen/common/xz/dec_stream.c @@ -402,12 +402,12 @@ static enum xz_ret INIT dec_stream_header(struct xz_dec *s) * we will accept other check types too, but then the check won't * be verified and a warning (XZ_UNSUPPORTED_CHECK) will be given. */ + if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX) + return XZ_OPTIONS_ERROR; + s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1]; #ifdef XZ_DEC_ANY_CHECK - if (s->check_type > XZ_CHECK_MAX) - return XZ_OPTIONS_ERROR; - if (s->check_type > XZ_CHECK_CRC32) return XZ_UNSUPPORTED_CHECK; #else -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:01:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:01:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301046.513678 (Exim 4.92) (envelope-from ) id 1ncc4E-0000pw-Kr; Fri, 08 Apr 2022 00:01:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301046.513678; Fri, 08 Apr 2022 00:01:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4E-0000pm-Ho; Fri, 08 Apr 2022 00:01:34 +0000 Received: by outflank-mailman (input) for mailman id 301046; Fri, 08 Apr 2022 00:01:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4D-0000nO-4Y for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4D-0003dB-3j for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc4D-0005Oi-2z for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pLde8+1NZWrcUSCwTzsw4WF+HHzWJGkx/4oklyFyhSE=; b=1HFcR/+/S+9HJrfqvp1/owP213 wShQbuPz6xEQnh5FxPhs0n2Q0xKPnVx2m54Z+daU1Q5hBfGTZg0nzhyqYrEDqyBpHZlw7dLB8dJVX tm1AA4pVCObgS3KdotkHXk0YVfzZBkyIVMTrMWnxduQxZMS3DDqMqWtBnHvLnaNQVzDQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] vpci/msix: fix PBA accesses Message-Id: Date: Fri, 08 Apr 2022 00:01:33 +0000 commit 47188b2fdcc6c05ee2bdbc0324e068e342762e97 Author: Roger Pau MonnĂ© AuthorDate: Thu Apr 7 09:08:54 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:08:54 2022 +0200 vpci/msix: fix PBA accesses Map the PBA in order to access it from the MSI-X read and write handlers. Note that previously the handlers would pass the physical host address into the {read,write}{l,q} handlers, which is wrong as those expect a linear address. Map the PBA using ioremap when the first access is performed. Note that 32bit arches might want to abstract the call to ioremap into a vPCI arch handler, so they can use a fixmap range to map the PBA. Reported-by: Jan Beulich Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich Tested-by: Alex Olson master commit: b4f21160601155762a4d014db9623af921fec959 master date: 2022-03-09 16:21:01 +0100 --- xen/drivers/vpci/msix.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++--- xen/drivers/vpci/vpci.c | 2 ++ xen/include/xen/vpci.h | 2 ++ 3 files changed, 65 insertions(+), 4 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index 38c1e7e5dd..d9c08d0df5 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -194,6 +194,38 @@ static struct vpci_msix_entry *get_entry(struct vpci_msix *msix, return &msix->entries[(addr - start) / PCI_MSIX_ENTRY_SIZE]; } +static void __iomem *get_pba(struct vpci *vpci) +{ + struct vpci_msix *msix = vpci->msix; + /* + * PBA will only be unmapped when the device is deassigned, so access it + * without holding the vpci lock. + */ + void __iomem *pba = read_atomic(&msix->pba); + + if ( likely(pba) ) + return pba; + + pba = ioremap(vmsix_table_addr(vpci, VPCI_MSIX_PBA), + vmsix_table_size(vpci, VPCI_MSIX_PBA)); + if ( !pba ) + return read_atomic(&msix->pba); + + spin_lock(&vpci->lock); + if ( !msix->pba ) + { + write_atomic(&msix->pba, pba); + spin_unlock(&vpci->lock); + } + else + { + spin_unlock(&vpci->lock); + iounmap(pba); + } + + return read_atomic(&msix->pba); +} + static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, unsigned long *data) { @@ -212,6 +244,10 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); + /* * Access to PBA. * @@ -219,14 +255,22 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, * guest address space. If this changes the address will need to be * translated. */ + if ( !pba ) + { + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, report all pending\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - *data = readl(addr); + *data = readl(pba + idx); break; case 8: - *data = readq(addr); + *data = readq(pba + idx); break; default: @@ -290,14 +334,27 @@ static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, /* Ignore writes to PBA for DomUs, it's behavior is undefined. */ if ( is_hardware_domain(d) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); + + if ( !pba ) + { + /* Unable to map the PBA, ignore write. */ + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, write ignored\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - writel(data, addr); + writel(data, pba + idx); break; case 8: - writeq(data, addr); + writeq(data, pba + idx); break; default: diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index cbd1bac7fc..a27c9e600d 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -48,6 +48,8 @@ void vpci_remove_device(struct pci_dev *pdev) xfree(r); } spin_unlock(&pdev->vpci->lock); + if ( pdev->vpci->msix && pdev->vpci->msix->pba ) + iounmap(pdev->vpci->msix->pba); xfree(pdev->vpci->msix); xfree(pdev->vpci->msi); xfree(pdev->vpci); diff --git a/xen/include/xen/vpci.h b/xen/include/xen/vpci.h index 5295d4c990..458d1f9507 100644 --- a/xen/include/xen/vpci.h +++ b/xen/include/xen/vpci.h @@ -127,6 +127,8 @@ struct vpci { bool enabled : 1; /* Masked? */ bool masked : 1; + /* PBA map */ + void __iomem *pba; /* Entries. */ struct vpci_msix_entry { uint64_t addr; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:01:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:01:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301048.513682 (Exim 4.92) (envelope-from ) id 1ncc4O-0000yv-O5; Fri, 08 Apr 2022 00:01:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301048.513682; Fri, 08 Apr 2022 00:01:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4O-0000yn-Ki; Fri, 08 Apr 2022 00:01:44 +0000 Received: by outflank-mailman (input) for mailman id 301048; Fri, 08 Apr 2022 00:01:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4N-0000yI-7Z for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4N-0003dV-6m for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc4N-0005PJ-64 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=D5IO00rNNctm0O7Pq975KvNGkGha8/LPqZo5QK6QZIE=; b=RbX5w9vTLUEpOI3v0pE7MmcuWn us4uvVbMrsetuvrhXWzNJnnhJ6E/w7WQ1BaSzPLnC4A7cL5YkqyWQlz5quLINXasSFPzanKzBcllg 7mQlWYCVYjyEjglBkvA/ssO5d8PZ8s5dghhnnFhVMmL0y3jfSW2avQyukV7MMpsBhx18=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] xl: Fix global pci options Message-Id: Date: Fri, 08 Apr 2022 00:01:43 +0000 commit 294d12c8426713a9e99f8112a8192da871f2013a Author: Jason Andryuk AuthorDate: Thu Apr 7 09:10:15 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:10:15 2022 +0200 xl: Fix global pci options commit babde47a3fed "introduce a 'passthrough' configuration option to xl.cfg..." moved the pci list parsing ahead of the global pci option parsing. This broke the global pci configuration options since they need to be set first so that looping over the pci devices assigns their values. Move the global pci options ahead of the pci list to restore their function. Fixes: babde47a3fed ("introduce a 'passthrough' configuration option to xl.cfg...") Signed-off-by: Jason Andryuk Acked-by: Anthony PERARD master commit: e45ad0b1b0bd6a43f59aaf4a6f86d88783c630e5 master date: 2022-03-31 19:48:12 +0100 --- tools/xl/xl_parse.c | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 61b4ef7b7e..34ac20773d 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -1467,6 +1467,32 @@ void parse_config_data(const char *config_source, exit(1); } + /* To be reworked (automatically enabled) once the auto ballooning + * after guest starts is done (with PCI devices passed in). */ + if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { + xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); + } + + if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) + pci_msitranslate = l; + + if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) + pci_power_mgmt = l; + + if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) + pci_permissive = l; + + if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) + pci_seize = l; + + if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { + libxl_rdm_reserve rdm; + if (!xlu_rdm_parse(config, &rdm, buf)) { + b_info->u.hvm.rdm.strategy = rdm.strategy; + b_info->u.hvm.rdm.policy = rdm.policy; + } + } + if (!xlu_cfg_get_list (config, "pci", &pcis, 0, 0)) { d_config->num_pcidevs = 0; d_config->pcidevs = NULL; @@ -2323,32 +2349,6 @@ skip_vfb: } } - if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) - pci_msitranslate = l; - - if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) - pci_power_mgmt = l; - - if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) - pci_permissive = l; - - if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) - pci_seize = l; - - /* To be reworked (automatically enabled) once the auto ballooning - * after guest starts is done (with PCI devices passed in). */ - if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { - xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); - } - - if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { - libxl_rdm_reserve rdm; - if (!xlu_rdm_parse(config, &rdm, buf)) { - b_info->u.hvm.rdm.strategy = rdm.strategy; - b_info->u.hvm.rdm.policy = rdm.policy; - } - } - if (!xlu_cfg_get_list(config, "usbctrl", &usbctrls, 0, 0)) { d_config->num_usbctrls = 0; d_config->usbctrls = NULL; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:01:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:01:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301050.513685 (Exim 4.92) (envelope-from ) id 1ncc4Y-00018c-P7; Fri, 08 Apr 2022 00:01:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301050.513685; Fri, 08 Apr 2022 00:01:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4Y-00018V-MA; Fri, 08 Apr 2022 00:01:54 +0000 Received: by outflank-mailman (input) for mailman id 301050; Fri, 08 Apr 2022 00:01:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4X-00015u-Ac for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4X-0003da-9p for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc4X-0005Q2-9E for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:01:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dS4nohygNOHVIf3kaMMwUfmAvvnPRihN9jfbHRliswM=; b=j6LgeueZ8Qe//P4o186mqZX5rf xxt3r9LxKEVjLThQ2ieoy6zqJFg1/5Ww0whsgZFe9RD/XobZZ0hbLIlDdb8gyIog2O2meADtKdmOv th/vw1Y+5qbL/vAMwKRpaRdRF9EevOR/93ANWdOAoTRixkHm4DYC+2pFLhbxQQUFNu3M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] libxl: Don't segfault on soft-reset failure Message-Id: Date: Fri, 08 Apr 2022 00:01:53 +0000 commit 3486d599f71e5ad563f3974ab2374b9b084e5e28 Author: Jason Andryuk AuthorDate: Thu Apr 7 09:10:38 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:10:38 2022 +0200 libxl: Don't segfault on soft-reset failure If domain_soft_reset_cb can't rename the save file, it doesn't call initiate_domain_create() and calls domcreate_complete(). Skipping initiate_domain_create() means dcs->console_wait is uninitialized and all 0s. We have: domcreate_complete() libxl__xswait_stop() libxl__ev_xswatch_deregister(). The uninitialized slotnum 0 is considered valid (-1 is the invalid sentinel), so the NULL pointer path to passed to xs_unwatch() which segfaults. libxl__ev_xswatch_deregister:watch w=0x12bc250 wpath=(null) token=0/0: deregister slotnum=0 Move dcs->console_xswait initialization into the callers of initiate_domain_create, do_domain_create() and do_domain_soft_reset(), so it is initialized along with the other dcs state. Fixes: c57e6ebd8c3e ("(lib)xl: soft reset support") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD master commit: d2ecf97f911fc00a85b34b70ca311b5d355a9756 master date: 2022-04-01 17:01:57 +0100 --- tools/libxl/libxl_create.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c index 5cadb95a3f..daf3ff0a55 100644 --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -1221,8 +1221,6 @@ static void initiate_domain_create(libxl__egc *egc, libxl_domain_config *const d_config = dcs->guest_config; libxl__domain_build_state *dbs = &dcs->build_state; - libxl__xswait_init(&dcs->console_xswait); - domid = dcs->domid; libxl__domain_build_state_init(dbs); dbs->restore = dcs->restore_fd >= 0; @@ -2037,6 +2035,7 @@ static int do_domain_create(libxl_ctx *ctx, libxl_domain_config *d_config, cdcs->dcs.callback = domain_create_cb; cdcs->dcs.domid = INVALID_DOMID; cdcs->dcs.soft_reset = false; + libxl__xswait_init(&cdcs->dcs.console_xswait); if (cdcs->dcs.restore_params.checkpointed_stream == LIBXL_CHECKPOINTED_STREAM_COLO) { @@ -2137,6 +2136,7 @@ static int do_domain_soft_reset(libxl_ctx *ctx, cdcs->dcs.domid = domid; cdcs->dcs.soft_reset = true; cdcs->dcs.callback = domain_create_cb; + libxl__xswait_init(&cdcs->dcs.console_xswait); libxl__ao_progress_gethow(&srs->cdcs.dcs.aop_console_how, aop_console_how); cdcs->domid_out = &domid_out; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:02:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:02:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301052.513690 (Exim 4.92) (envelope-from ) id 1ncc4i-0001DV-RF; Fri, 08 Apr 2022 00:02:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301052.513690; Fri, 08 Apr 2022 00:02:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4i-0001DL-No; Fri, 08 Apr 2022 00:02:04 +0000 Received: by outflank-mailman (input) for mailman id 301052; Fri, 08 Apr 2022 00:02:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4h-0001Cu-Dt for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:02:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4h-0003e2-D8 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:02:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc4h-0005R4-CD for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:02:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uWL9IHai98tMnIunEPuyozAheTEdNSgiP+L4R8uzh2E=; b=ERzYq91WL4IATMOPpx7cKQCGIf kyWuvHj8KxGqu0yCBSlFahkRWzr5fecYTovjoZCL46xH30vi+Wy1L8DV3DzKc5HlDJbwCAmo/2NyP flHFQCc1WGHcLUq8gIJTPfMTq+je4V1hlHCa4t+6C1ROl5OTxXuRL+7e9mGIbMm3Now0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] libxl: Re-scope qmp_proxy_spawn.ao usage Message-Id: Date: Fri, 08 Apr 2022 00:02:03 +0000 commit 3f48134e31993b4fde53b970014dc032619ffd93 Author: Jason Andryuk AuthorDate: Thu Apr 7 09:11:08 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:11:08 2022 +0200 libxl: Re-scope qmp_proxy_spawn.ao usage I've observed this failed assertion: libxl_event.c:2057: libxl__ao_inprogress_gc: Assertion `ao' failed. AFAICT, this is happening in qmp_proxy_spawn_outcome where sdss->qmp_proxy_spawn.ao is NULL. The out label of spawn_stub_launch_dm() calls qmp_proxy_spawn_outcome(), but it is only in the success path that sdss->qmp_proxy_spawn.ao gets set to the current ao. qmp_proxy_spawn_outcome() should instead use sdss->dm.spawn.ao, which is the already in-use ao when spawn_stub_launch_dm() is called. The same is true for spawn_qmp_proxy(). With this, move sdss->qmp_proxy_spawn.ao initialization to spawn_qmp_proxy() since its use is for libxl__spawn_spawn() and it can be initialized along with the rest of sdss->qmp_proxy_spawn. Fixes: 83c845033dc8 ("libxl: use vchan for QMP access with Linux stubdomain") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD master commit: d62a34423a1a98aefd7c30e22d2d82d198f077c8 master date: 2022-04-01 17:01:57 +0100 --- tools/libxl/libxl_dm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c index f2dc5696b9..0620e3908b 100644 --- a/tools/libxl/libxl_dm.c +++ b/tools/libxl/libxl_dm.c @@ -2538,7 +2538,6 @@ static void spawn_stub_launch_dm(libxl__egc *egc, goto out; } - sdss->qmp_proxy_spawn.ao = ao; if (libxl__stubdomain_is_linux(&guest_config->b_info)) { spawn_qmp_proxy(egc, sdss); } else { @@ -2555,7 +2554,7 @@ out: static void spawn_qmp_proxy(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); const uint32_t guest_domid = sdss->dm.guest_domid; const uint32_t dm_domid = sdss->pvqemu.guest_domid; const char *dom_path = libxl__xs_get_dompath(gc, dm_domid); @@ -2569,6 +2568,7 @@ static void spawn_qmp_proxy(libxl__egc *egc, goto out; } + sdss->qmp_proxy_spawn.ao = ao; sdss->qmp_proxy_spawn.what = GCSPRINTF("domain %d device model qmp proxy", guest_domid); sdss->qmp_proxy_spawn.pidpath = GCSPRINTF("%s/image/qmp-proxy-pid", dom_path); sdss->qmp_proxy_spawn.xspath = DEVICE_MODEL_XS_PATH(gc, LIBXL_TOOLSTACK_DOMID, @@ -2656,7 +2656,7 @@ static void qmp_proxy_spawn_outcome(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss, int rc) { - STATE_AO_GC(sdss->qmp_proxy_spawn.ao); + STATE_AO_GC(sdss->dm.spawn.ao); /* * Until xenconsoled learns how to handle multiple consoles, require qemu * in dom0 to serve consoles for a stubdomain - it require at least 3 of them. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:02:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:02:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301053.513694 (Exim 4.92) (envelope-from ) id 1ncc4s-0001Hu-SH; Fri, 08 Apr 2022 00:02:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301053.513694; Fri, 08 Apr 2022 00:02:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4s-0001Hm-PR; Fri, 08 Apr 2022 00:02:14 +0000 Received: by outflank-mailman (input) for mailman id 301053; Fri, 08 Apr 2022 00:02:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4r-0001Ha-Gn for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:02:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc4r-0003eI-Fw for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:02:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc4r-0005SU-FP for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:02:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dwdxUO+ZnIj2O/wtEuvQbXECnFOhAseLbQqjWwof/vw=; b=urKyfaClXocsUu0nV2HTdCpwDF zeqMuDvi6rRdpOET3B2YYSxrqUqXREcfTLx2sbe4+aNu7+ikar3erZXFeU/zcpcMooiRaFxlXNUxI xp0BjwopbCXH7E3eu8b2seTOs0So7FGPq1j8Z9aicKZ1nF5ZdWPKYa7yCXs/YcfS0M2o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] tools/firmware: force -fcf-protection=none Message-Id: Date: Fri, 08 Apr 2022 00:02:13 +0000 commit 87faac2c5ea07ccf306f4d94ac0b41bca76f504b Author: Roger Pau MonnĂ© AuthorDate: Thu Apr 7 09:11:35 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:11:35 2022 +0200 tools/firmware: force -fcf-protection=none Do so right in firmware/Rules.mk, like it's done for other compiler flags. Fixes: 3667f7f8f7 ('x86: Introduce support for CET-IBT') Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Anthony PERARD Acked-by: Andrew Cooper master commit: 7225f6e0cd3afd48b4d61c43dd8fead0f4c92193 master date: 2022-04-04 12:30:00 +0100 --- tools/firmware/Rules.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index 26bbddccd4..87a8c752bd 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -15,5 +15,7 @@ CFLAGS += -Werror $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -fno-builtin -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 00:02:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 00:02:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301054.513698 (Exim 4.92) (envelope-from ) id 1ncc52-0001M6-Tp; Fri, 08 Apr 2022 00:02:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301054.513698; Fri, 08 Apr 2022 00:02:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc52-0001Ly-Qr; Fri, 08 Apr 2022 00:02:24 +0000 Received: by outflank-mailman (input) for mailman id 301054; Fri, 08 Apr 2022 00:02:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc51-0001Ll-JY for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:02:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncc51-0003eS-Io for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:02:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncc51-0005Tq-IC for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 00:02:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=m718/+1lWx61vqV8hPCjCUZlHnh03epJ2TugG5ei/aY=; b=1adOTnVWI17oxwej5S3rO7bdOV zXQvqrZeNC840abhJRj94m+k++/Bcu9aRrcIgn/VAD7wpbSmaKIBrh+WITE9Ust4A6pD6ExxwQ9AJ Gj+6AbC3XiVgChbqCSgmQqvR1LGc5SS9INSyib0aFPROmBQWbBbCmRDGajTGbGSadBXA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] tools/firmware: do not add a .note.gnu.property section Message-Id: Date: Fri, 08 Apr 2022 00:02:23 +0000 commit d7b22226b5172c86c0c19b23edc16a4432d04fb8 Author: Roger Pau MonnĂ© AuthorDate: Thu Apr 7 09:11:53 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 09:11:53 2022 +0200 tools/firmware: do not add a .note.gnu.property section Prevent the assembler from creating a .note.gnu.property section on the output objects, as it's not useful for firmware related binaries, and breaks the resulting rombios image. This requires modifying the cc-option Makefile macro so it can test assembler options (by replacing the usage of the -S flag with -c) and also stripping the -Wa, prefix if present when checking for the test output. Signed-off-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD Acked-by: Andrew Cooper master commit: e270af94280e6a9610705ebc1fdd1d7a9b1f8a98 master date: 2022-04-04 12:30:07 +0100 --- Config.mk | 2 +- tools/firmware/Rules.mk | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index 69ea750856..51910c53b5 100644 --- a/Config.mk +++ b/Config.mk @@ -91,7 +91,7 @@ PYTHON_PREFIX_ARG ?= --prefix="$(prefix)" # # Usage: cflags-y += $(call cc-option,$(CC),-march=winchip-c6,-march=i586) cc-option = $(shell if test -z "`echo 'void*p=1;' | \ - $(1) $(2) -S -o /dev/null -x c - 2>&1 | grep -- $(2) -`"; \ + $(1) $(2) -c -o /dev/null -x c - 2>&1 | grep -- $(2:-Wa$(comma)%=%) -`"; \ then echo "$(2)"; else echo "$(3)"; fi ;) # cc-option-add: Add an option to compilation flags, but only if supported. diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index 87a8c752bd..8ac2037591 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -17,5 +17,9 @@ $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +# Do not add the .note.gnu.property section to any of the firmware objects: it +# breaks the rombios binary and is not useful for firmware anyway. +$(call cc-option-add,CFLAGS,CC,-Wa$$(comma)-mx86-used-note=no) + # Extra CFLAGS suitable for an embedded type of environment. CFLAGS += -fno-builtin -msoft-float -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 02:11:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 02:11:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301084.513757 (Exim 4.92) (envelope-from ) id 1nce5X-0004ll-IN; Fri, 08 Apr 2022 02:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301084.513757; Fri, 08 Apr 2022 02:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce5X-0004lc-F8; Fri, 08 Apr 2022 02:11:03 +0000 Received: by outflank-mailman (input) for mailman id 301084; Fri, 08 Apr 2022 02:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce5W-0004lE-2g for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce5W-0006vs-1p for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nce5W-0006H6-0w for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mHN8FUwAx9tCF1Ezsb8KMID1yyvwqKVDuy5sJ83+jMs=; b=LUBFyteXZ9f0JeGW2xPEkPt6BA 2XIFUDi7dpbdhkfbr1P2CXsjY3ijdAd4mTt9GTagBX26AA8V4o9dKCnfzG5VtjNbConWjsWt4s0Ta DHdmlRkkfbSlGIOk18LAlsoUG92j22Wco2koZHCwojm8HrFN6D4utbTWYTgbJ4Lkd4lw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] x86/hap: do not switch on log dirty for VRAM tracking Message-Id: Date: Fri, 08 Apr 2022 02:11:02 +0000 commit af4a5eca8f8774b4b3e6c684ca416368e90ce453 Author: Roger Pau MonnĂ© AuthorDate: Tue Apr 5 15:33:53 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:33:53 2022 +0200 x86/hap: do not switch on log dirty for VRAM tracking XEN_DMOP_track_dirty_vram possibly calls into paging_log_dirty_enable when using HAP mode, and it can interact badly with other ongoing paging domctls, as XEN_DMOP_track_dirty_vram is not holding the domctl lock. This was detected as a result of the following assert triggering when doing repeated migrations of a HAP HVM domain with a stubdom: Assertion 'd->arch.paging.log_dirty.allocs == 0' failed at paging.c:198 ----[ Xen-4.17-unstable x86_64 debug=y Not tainted ]---- CPU: 34 RIP: e008:[] arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x6 RFLAGS: 0000000000010206 CONTEXT: hypervisor (d0v23) [...] Xen call trace: [] R arch/x86/mm/paging.c#paging_free_log_dirty_bitmap+0x606/0x63a [] S xsm/flask/hooks.c#domain_has_perm+0x5a/0x67 [] F paging_domctl+0x251/0xd41 [] F paging_domctl_continuation+0x19d/0x202 [] F pv_hypercall+0x150/0x2a7 [] F lstar_enter+0x12d/0x140 Such assert triggered because the stubdom used XEN_DMOP_track_dirty_vram while dom0 was in the middle of executing XEN_DOMCTL_SHADOW_OP_OFF, and so log dirty become enabled while retiring the old structures, thus leading to new entries being populated in already clear slots. Fix this by not enabling log dirty for VRAM tracking, similar to what is done when using shadow instead of HAP. Call p2m_enable_hardware_log_dirty when enabling VRAM tracking in order to get some hardware assistance if available. As a side effect the memory pressure on the p2m pool should go down if only VRAM tracking is enabled, as the dirty bitmap is no longer allocated. Note that paging_log_dirty_range (used to get the dirty bitmap for VRAM tracking) doesn't use the log dirty bitmap, and instead relies on checking whether each gfn on the range has been switched from p2m_ram_logdirty to p2m_ram_rw in order to account for dirty pages. This is CVE-2022-26356 / XSA-397. Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich master commit: 4f4db53784d912c4f409a451c36ebfd4754e0a42 master date: 2022-04-05 14:11:30 +0200 --- xen/arch/x86/mm/hap/hap.c | 11 ++++------- xen/arch/x86/mm/paging.c | 2 +- xen/include/asm-x86/paging.h | 3 --- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 412a442b6a..9aac006d65 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -69,13 +69,6 @@ int hap_track_dirty_vram(struct domain *d, { int size = (nr + BITS_PER_BYTE - 1) / BITS_PER_BYTE; - if ( !paging_mode_log_dirty(d) ) - { - rc = paging_log_dirty_enable(d, 0); - if ( rc ) - goto out; - } - rc = -ENOMEM; dirty_bitmap = vzalloc(size); if ( !dirty_bitmap ) @@ -107,6 +100,10 @@ int hap_track_dirty_vram(struct domain *d, paging_unlock(d); + domain_pause(d); + p2m_enable_hardware_log_dirty(d); + domain_unpause(d); + if ( oend > ostart ) p2m_change_type_range(d, ostart, oend, p2m_ram_logdirty, p2m_ram_rw); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index 21db3eceb6..eac6f6a6cc 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -209,7 +209,7 @@ static int paging_free_log_dirty_bitmap(struct domain *d, int rc) return rc; } -int paging_log_dirty_enable(struct domain *d, bool_t log_global) +static int paging_log_dirty_enable(struct domain *d, bool_t log_global) { int ret; diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h index 18a7eaeca4..cb6d9e9146 100644 --- a/xen/include/asm-x86/paging.h +++ b/xen/include/asm-x86/paging.h @@ -144,9 +144,6 @@ void paging_log_dirty_range(struct domain *d, unsigned long nr, uint8_t *dirty_bitmap); -/* enable log dirty */ -int paging_log_dirty_enable(struct domain *d, bool_t log_global); - /* log dirty initialization */ void paging_log_dirty_init(struct domain *d, const struct log_dirty_ops *ops); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 02:11:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 02:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301086.513760 (Exim 4.92) (envelope-from ) id 1nce5h-0004st-L1; Fri, 08 Apr 2022 02:11:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301086.513760; Fri, 08 Apr 2022 02:11:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce5h-0004sl-I5; Fri, 08 Apr 2022 02:11:13 +0000 Received: by outflank-mailman (input) for mailman id 301086; Fri, 08 Apr 2022 02:11:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce5g-0004sb-68 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce5g-0006vz-5F for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nce5g-0006Hv-4K for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xlij8GadQuogQHtYu1M5orLdP1tJv5WwlnTm9axp9z0=; b=Gsx1qHjOvsZd7b8lK5qcGsnvre 4qPp6A2G4zSy5+QC/lnJjIpID+UCDNjMiDGtFTxueiagq3nfsI6El+HLhyc28jbaXg1HAR+VRo+57 FVXt9ZyAsTyqpIAwQVRRtJzElpG/aGmYnLPGX+/UktEOQfMs/q/j7ETvGklx9/7GpYZM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] VT-d: correct ordering of operations in cleanup_domid_map() Message-Id: Date: Fri, 08 Apr 2022 02:11:12 +0000 commit 7615e24837074daab396dc2a9718a0a2191dc136 Author: Jan Beulich AuthorDate: Tue Apr 5 15:35:44 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:35:44 2022 +0200 VT-d: correct ordering of operations in cleanup_domid_map() The function may be called without any locks held (leaving aside the domctl one, which we surely don't want to depend on here), so needs to play safe wrt other accesses to domid_map[] and domid_bitmap[]. This is to avoid context_set_domain_id()'s writing of domid_map[] to be reset to zero right away in the case of it racing the freeing of a DID. For the interaction with context_set_domain_id() and did_to_domain_id() see the code comment. {check_,}cleanup_domid_map() are called with pcidevs_lock held or during domain cleanup only (and pcidevs_lock is also held around context_set_domain_id()), i.e. racing calls with the same (dom, iommu) tuple cannot occur. domain_iommu_domid(), besides its use by cleanup_domid_map(), has its result used only to control flushing, and hence a stale result would only lead to a stray extra flush. This is CVE-2022-26357 / XSA-399. Fixes: b9c20c78789f ("VT-d: per-iommu domain-id") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: d9eca7bb6c6636eb87bb17b08ba7de270f47ecd0 master date: 2022-04-05 14:12:27 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index d8393d31d8..e7ba56e809 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1770,8 +1770,14 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, goto out; } + /* + * Update domid_map[] /before/ domid_bitmap[] to avoid a race with + * context_set_domain_id(), setting the slot to DOMID_INVALID for + * ->domid_map[] reads to produce a suitable value while the bit is + * still set. + */ + iommu->domid_map[iommu_domid] = DOMID_INVALID; clear_bit(iommu_domid, iommu->domid_bitmap); - iommu->domid_map[iommu_domid] = 0; } out: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 02:11:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 02:11:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301088.513765 (Exim 4.92) (envelope-from ) id 1nce5r-0004yt-MU; Fri, 08 Apr 2022 02:11:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301088.513765; Fri, 08 Apr 2022 02:11:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce5r-0004yl-JV; Fri, 08 Apr 2022 02:11:23 +0000 Received: by outflank-mailman (input) for mailman id 301088; Fri, 08 Apr 2022 02:11:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce5q-0004xN-9c for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce5q-0006wF-8m for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nce5q-0006Ig-7k for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8FpkkXa4pTriBqvs+Ll4jjXy4htxDN8lbDIVZUyVJv4=; b=1MyCGVD2p/2rCkIh5T/i9zKKey 8hTWTZn6uZMQaOfdWl4cY7FfWLmtJRQ1KoiwH/91b0FptXMJgzb18cXMqrPBRC7sSAGXQN2gL2V6m 5qxBjMV+OgNkji6Jv+3ZpI/iio7NH9PsJasuFGIz/wDA5VvIwHyWBq0UoNrNS8wdyktM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] VT-d: split domid map cleanup check into a function Message-Id: Date: Fri, 08 Apr 2022 02:11:22 +0000 commit 5f3027e00666c248e8a25015b8e202cd321890ab Author: Jan Beulich AuthorDate: Tue Apr 5 15:36:09 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:36:09 2022 +0200 VT-d: split domid map cleanup check into a function This logic will want invoking from elsewhere. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 9fdc10abe9457e4c9879a266f82372cb08e88ffb master date: 2021-11-24 11:06:20 +0100 --- xen/drivers/passthrough/vtd/iommu.c | 104 ++++++++++++++++++++++-------------- 1 file changed, 64 insertions(+), 40 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index e7ba56e809..410dc216b2 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -152,6 +152,68 @@ static void __init free_intel_iommu(struct intel_iommu *intel) xfree(intel); } +static void cleanup_domid_map(struct domain *domain, struct iommu *iommu) +{ + int iommu_domid = domain_iommu_domid(domain, iommu); + + if ( iommu_domid >= 0 ) + { + /* + * Update domid_map[] /before/ domid_bitmap[] to avoid a race with + * context_set_domain_id(), setting the slot to DOMID_INVALID for + * ->domid_map[] reads to produce a suitable value while the bit is + * still set. + */ + iommu->domid_map[iommu_domid] = DOMID_INVALID; + clear_bit(iommu_domid, iommu->domid_bitmap); + } +} + +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + const struct acpi_drhd_unit *drhd; + + if ( pdev == exclude ) + continue; + + drhd = acpi_find_matched_drhd_unit(pdev); + if ( drhd && drhd->iommu == iommu ) + return true; + } + + return false; +} + +/* + * If no other devices under the same iommu owned by this domain, + * clear iommu in iommu_bitmap and clear domain_id in domid_bitmap. + */ +static void check_cleanup_domid_map(struct domain *d, + const struct pci_dev *exclude, + struct iommu *iommu) +{ + bool found = any_pdev_behind_iommu(d, exclude, iommu); + + /* + * Hidden devices are associated with DomXEN but usable by the hardware + * domain. Hence they need considering here as well. + */ + if ( !found && is_hardware_domain(d) ) + found = any_pdev_behind_iommu(dom_xen, exclude, iommu); + + if ( !found ) + { + clear_bit(iommu->index, &dom_iommu(d)->arch.iommu_bitmap); + cleanup_domid_map(d, iommu); + } +} + static int iommus_incoherent; static void sync_cache(const void *addr, unsigned int size) @@ -1671,7 +1733,6 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, struct iommu *iommu; int ret = 0; u8 seg = pdev->seg, bus = pdev->bus, tmp_bus, tmp_devfn, secbus; - int found = 0; drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) @@ -1740,45 +1801,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, goto out; } - /* - * if no other devices under the same iommu owned by this domain, - * clear iommu in iommu_bitmap and clear domain_id in domid_bitmp - */ - for_each_pdev ( domain, pdev ) - { - if ( pdev->seg == seg && pdev->bus == bus && pdev->devfn == devfn ) - continue; - - drhd = acpi_find_matched_drhd_unit(pdev); - if ( drhd && drhd->iommu == iommu ) - { - found = 1; - break; - } - } - - if ( found == 0 ) - { - int iommu_domid; - - clear_bit(iommu->index, &dom_iommu(domain)->arch.iommu_bitmap); - - iommu_domid = domain_iommu_domid(domain, iommu); - if ( iommu_domid == -1 ) - { - ret = -EINVAL; - goto out; - } - - /* - * Update domid_map[] /before/ domid_bitmap[] to avoid a race with - * context_set_domain_id(), setting the slot to DOMID_INVALID for - * ->domid_map[] reads to produce a suitable value while the bit is - * still set. - */ - iommu->domid_map[iommu_domid] = DOMID_INVALID; - clear_bit(iommu_domid, iommu->domid_bitmap); - } + if ( !ret ) + check_cleanup_domid_map(domain, pdev, iommu); out: return ret; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 02:11:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 02:11:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301089.513769 (Exim 4.92) (envelope-from ) id 1nce61-00051v-Nz; Fri, 08 Apr 2022 02:11:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301089.513769; Fri, 08 Apr 2022 02:11:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce61-00051m-Kz; Fri, 08 Apr 2022 02:11:33 +0000 Received: by outflank-mailman (input) for mailman id 301089; Fri, 08 Apr 2022 02:11:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce60-00051X-DB for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce60-0006wQ-CM for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nce60-0006Jg-BK for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BLdt6f0wFzRl2itM7INZ/M19MEJULSskwh/MwZ9a6Mo=; b=ss+9Z9Ge6go+5Ucs9+HGmNiT8B xkq3Kn/ahWwvmvZqaDPk7Y6BBZ3y7J30qDl5gxB4FdWITZtHjbL0/Nc2XTM3w/Hn9qQ5UHYWUbFJu Kv47MKdChG4c4BowTLogR3HgJ8gfzoA4zrcqwt/1Kc2m5UgugegGc74oUDMZnCOPz02I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] VT-d: fix (de)assign ordering when RMRRs are in use Message-Id: Date: Fri, 08 Apr 2022 02:11:32 +0000 commit 7b0d89d547d4a7428133d837ef2e69ad474fa3e7 Author: Jan Beulich AuthorDate: Tue Apr 5 15:36:36 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:36:36 2022 +0200 VT-d: fix (de)assign ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully updated. Also adjust a related log message. This is CVE-2022-26358 / part of XSA-400. Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: 78a40f8b5dfa1a3aec43528663f39473d4429101 master date: 2022-04-05 14:15:33 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 56 ++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 410dc216b2..1f04f0b4cf 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2352,6 +2352,10 @@ static int reassign_device_ownership( { int ret; + ret = domain_context_unmap(source, devfn, pdev); + if ( ret ) + return ret; + /* * Devices assigned to untrusted domains (here assumed to be any domU) * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected @@ -2388,10 +2392,6 @@ static int reassign_device_ownership( } } - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; - if ( devfn == pdev->devfn && pdev->domain != dom_io ) { list_move(&pdev->domain_list, &dom_io->arch.pdev_list); @@ -2468,9 +2468,8 @@ static int intel_iommu_assign_device( } } - ret = reassign_device_ownership(s, d, devfn, pdev); - if ( ret || d == dom_io ) - return ret; + if ( d == dom_io ) + return reassign_device_ownership(s, d, devfn, pdev); /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) @@ -2483,20 +2482,37 @@ static int intel_iommu_assign_device( rmrr->end_address, flag); if ( ret ) { - int rc; - - rc = reassign_device_ownership(d, s, devfn, pdev); printk(XENLOG_G_ERR VTDPREFIX - " cannot map reserved region (%"PRIx64",%"PRIx64"] for Dom%d (%d)\n", - rmrr->base_address, rmrr->end_address, - d->domain_id, ret); - if ( rc ) - { - printk(XENLOG_ERR VTDPREFIX - " failed to reclaim %04x:%02x:%02x.%u from %pd (%d)\n", - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), d, rc); - domain_crash(d); - } + "%pd: cannot map reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, ret); + break; + } + } + } + + if ( !ret ) + ret = reassign_device_ownership(s, d, devfn, pdev); + + /* See reassign_device_ownership() for the hwdom aspect. */ + if ( !ret || is_hardware_domain(d) ) + return ret; + + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment == seg && + PCI_BUS(bdf) == bus && + PCI_DEVFN2(bdf) == devfn ) + { + int rc = iommu_identity_mapping(d, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); + + if ( rc && rc != -ENOENT ) + { + printk(XENLOG_ERR VTDPREFIX + "%pd: cannot unmap reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, rc); + domain_crash(d); break; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 02:11:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 02:11:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301090.513773 (Exim 4.92) (envelope-from ) id 1nce6B-00056b-PQ; Fri, 08 Apr 2022 02:11:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301090.513773; Fri, 08 Apr 2022 02:11:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6B-00056T-Mc; Fri, 08 Apr 2022 02:11:43 +0000 Received: by outflank-mailman (input) for mailman id 301090; Fri, 08 Apr 2022 02:11:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6A-00056B-GI for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6A-0006wa-FZ for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nce6A-0006KR-Ep for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=y8V2A8Z6dhGniGgVtoRpHpckQ3RgPNSIRQzqQ/ExkgE=; b=FohVyj8oAZk3/Ini/VmNTR4sQm rPWwL3pRVqExqo8GWSDbWjrC0RJ/sc76IZvFpi65A7qshm2rx40QvbDZvi49dpdyNaVYWv3f8+Ge0 hyeb6aH3x/owU6O8wx9D8zLUwI7Jntuo2GDqpfPmdVKUaOM46Fop428jUzd8XlXJzXJI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] VT-d: fix add/remove ordering when RMRRs are in use Message-Id: Date: Fri, 08 Apr 2022 02:11:42 +0000 commit fd9759001e30675b0e9a7d40b1532822281337f7 Author: Jan Beulich AuthorDate: Tue Apr 5 15:37:00 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:37:00 2022 +0200 VT-d: fix add/remove ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully cleared. Also switch to %pd in related log messages. Fixes: fa88cfadf918 ("vt-d: Map RMRR in intel_iommu_add_device() if the device has RMRR") Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 3221f270cf2eba0a22fd4f92319d664eacb92889 master date: 2022-04-05 14:16:10 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 1f04f0b4cf..86cdd60886 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1985,14 +1985,6 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - ret = domain_context_mapping(pdev->domain, devfn, pdev); - if ( ret ) - { - dprintk(XENLOG_ERR VTDPREFIX, "d%d: context mapping failed\n", - pdev->domain->domain_id); - return ret; - } - for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment == pdev->seg && @@ -2009,12 +2001,17 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) rmrr->base_address, rmrr->end_address, 0); if ( ret ) - dprintk(XENLOG_ERR VTDPREFIX, "d%d: RMRR mapping failed\n", - pdev->domain->domain_id); + dprintk(XENLOG_ERR VTDPREFIX, "%pd: RMRR mapping failed\n", + pdev->domain); } } - return 0; + ret = domain_context_mapping(pdev->domain, devfn, pdev); + if ( ret ) + dprintk(XENLOG_ERR VTDPREFIX, "%pd: context mapping failed\n", + pdev->domain); + + return ret; } static int intel_iommu_enable_device(struct pci_dev *pdev) @@ -2036,11 +2033,15 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; - int i; + int ret, i; if ( !pdev->domain ) return -EINVAL; + ret = domain_context_unmap(pdev->domain, devfn, pdev); + if ( ret ) + return ret; + for_each_rmrr_device ( rmrr, bdf, i ) { if ( rmrr->segment != pdev->seg || @@ -2056,7 +2057,7 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } - return domain_context_unmap(pdev->domain, devfn, pdev); + return 0; } static int __hwdom_init setup_hwdom_device(u8 devfn, struct pci_dev *pdev) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 02:11:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 02:11:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301091.513776 (Exim 4.92) (envelope-from ) id 1nce6L-00059d-Qv; Fri, 08 Apr 2022 02:11:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301091.513776; Fri, 08 Apr 2022 02:11:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6L-00059V-O6; Fri, 08 Apr 2022 02:11:53 +0000 Received: by outflank-mailman (input) for mailman id 301091; Fri, 08 Apr 2022 02:11:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6K-00059G-Jg for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6K-0006x1-Ip for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nce6K-0006LG-Hz for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:11:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mcIZOH+xlKd2V2LWcwS2Vf8Cs8nKPr/VSIhgcDnOsfU=; b=3w5Lixlj8rJ//kfdWoe5u783Tn H+ZJirWjUUNrB4rcdpVP43wzXnu0fI58f7eWeykdxR7p9l0MkfbBhESqp8IRFhE2CmVsnXstfoAzs NFyYuU99wYDApvHvL1WsW92sM327SoHU7ucSbk8wyIKgV10OhsUE+JnrS9MPr+d7Q0ds=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] VT-d: drop ownership checking from domain_context_mapping_one() Message-Id: Date: Fri, 08 Apr 2022 02:11:52 +0000 commit 243ed3a1b690b81d16ccab07d9bcbc480f73e102 Author: Jan Beulich AuthorDate: Tue Apr 5 15:37:26 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:37:26 2022 +0200 VT-d: drop ownership checking from domain_context_mapping_one() Despite putting in quite a bit of effort it was not possible to establish why exactly this code exists (beyond possibly sanity checking). Instead of a subsequent change further complicating this logic, simply get rid of it. Take the opportunity and move the respective unmap_vtd_domain_page() out of the locked region. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian master commit: a680b8134b2d1828bbbf443a97feea66e8a85c75 master date: 2022-04-05 14:17:21 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 66 ++----------------------------------- 1 file changed, 2 insertions(+), 64 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 86cdd60886..d046b9a7dd 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -112,28 +112,6 @@ static int context_set_domain_id(struct context_entry *context, return 0; } -static int context_get_domain_id(struct context_entry *context, - struct iommu *iommu) -{ - unsigned long dom_index, nr_dom; - int domid = -1; - - if (iommu && context) - { - nr_dom = cap_ndoms(iommu->cap); - - dom_index = context_domain_id(*context); - - if ( dom_index < nr_dom && iommu->domid_map ) - domid = iommu->domid_map[dom_index]; - else - dprintk(XENLOG_DEBUG VTDPREFIX, - "dom_index %lu exceeds nr_dom %lu or iommu has no domid_map\n", - dom_index, nr_dom); - } - return domid; -} - static struct intel_iommu *__init alloc_intel_iommu(void) { struct intel_iommu *intel; @@ -1433,49 +1411,9 @@ int domain_context_mapping_one( if ( context_present(*context) ) { - int res = 0; - - /* Try to get domain ownership from device structure. If that's - * not available, try to read it from the context itself. */ - if ( pdev ) - { - if ( pdev->domain != domain ) - { - printk(XENLOG_G_INFO VTDPREFIX - "d%d: %04x:%02x:%02x.%u owned by d%d!", - domain->domain_id, - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), - pdev->domain ? pdev->domain->domain_id : -1); - res = -EINVAL; - } - } - else - { - int cdomain; - cdomain = context_get_domain_id(context, iommu); - - if ( cdomain < 0 ) - { - printk(XENLOG_G_WARNING VTDPREFIX - "d%d: %04x:%02x:%02x.%u mapped, but can't find owner!\n", - domain->domain_id, - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - res = -EINVAL; - } - else if ( cdomain != domain->domain_id ) - { - printk(XENLOG_G_INFO VTDPREFIX - "d%d: %04x:%02x:%02x.%u already mapped to d%d!", - domain->domain_id, - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), - cdomain); - res = -EINVAL; - } - } - - unmap_vtd_domain_page(context_entries); spin_unlock(&iommu->lock); - return res; + unmap_vtd_domain_page(context_entries); + return 0; } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 02:12:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 02:12:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301092.513781 (Exim 4.92) (envelope-from ) id 1nce6V-0005D0-TI; Fri, 08 Apr 2022 02:12:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301092.513781; Fri, 08 Apr 2022 02:12:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6V-0005Cr-Pg; Fri, 08 Apr 2022 02:12:03 +0000 Received: by outflank-mailman (input) for mailman id 301092; Fri, 08 Apr 2022 02:12:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6U-0005Cc-N8 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6U-0006xS-MH for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nce6U-0006MQ-LQ for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MAl84qcRYcyCF8aYkRTgtvOlsI4xEMh4ztomdMejvfI=; b=nv/dpVsKEo93e3xem//N0VjaNT upjG6w0S+rkHLOoOQ+X6oVcSLw0//t+hchretOqAkGBEZBpWcgSepHW75Z256nWcoA9vaJSPdrxne 8bwPfmC9duh4M99NryM7qkNWsPnTjjPRQxDsV9SsuMyd5Vlbkb+3zOSWLqYDWVWRR0sc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] VT-d: re-assign devices directly Message-Id: Date: Fri, 08 Apr 2022 02:12:02 +0000 commit 18479bf16d62b232830ad7247ebb50e598319db3 Author: Jan Beulich AuthorDate: Tue Apr 5 15:37:50 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:37:50 2022 +0200 VT-d: re-assign devices directly Devices with RMRRs, due to it being unspecified how/when the specified memory regions may get accessed, may not be left disconnected from their respective mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than unmapping the old context and then mapping the new one, re-assignment needs to be done in a single step. This is CVE-2022-26359 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any RMRRs. The main difference is when it comes to updating context entries, which need to be atomic when there are RMRRs. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. The seemingly complicated choice of non-negative return values for domain_context_mapping_one() is to limit code churn: This way callers passing NULL for pdev don't need fiddling with. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 8f41e481b4852173909363b88c1ab3da747d3a05 master date: 2022-04-05 14:17:42 +0200 --- xen/drivers/passthrough/vtd/extern.h | 7 +- xen/drivers/passthrough/vtd/iommu.c | 279 +++++++++++++++++++++++++++-------- xen/drivers/passthrough/vtd/iommu.h | 8 +- xen/drivers/passthrough/vtd/quirks.c | 14 +- xen/drivers/passthrough/vtd/vtd.h | 10 +- 5 files changed, 245 insertions(+), 73 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 97181757ac..e6bd26cc65 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -71,7 +71,8 @@ void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(void *va); int domain_context_mapping_one(struct domain *domain, struct iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *); + uint8_t bus, uint8_t devfn, + const struct pci_dev *pdev, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct iommu *iommu, u8 bus, u8 devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); @@ -91,8 +92,8 @@ int is_igd_vt_enabled_quirk(void); void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct iommu* iommu); void vtd_ops_postamble_quirk(struct iommu* iommu); -int __must_check me_wifi_quirk(struct domain *domain, - u8 bus, u8 devfn, int map); +int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, + uint8_t devfn, unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index d046b9a7dd..cd5c5e66b1 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -108,6 +108,7 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; return 0; } @@ -1391,15 +1392,27 @@ static void __hwdom_init intel_iommu_hwdom_init(struct domain *d) } } +/* + * This function returns + * - a negative errno value upon error, + * - zero upon success when previously the entry was non-present, or this isn't + * the "main" request for a device (pdev == NULL), or for no-op quarantining + * assignments, + * - positive (one) upon success when previously the entry was present and this + * is the "main" request for a device (pdev != NULL). + */ int domain_context_mapping_one( struct domain *domain, struct iommu *iommu, - u8 bus, u8 devfn, const struct pci_dev *pdev) + uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, + unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); - struct context_entry *context, *context_entries; + struct context_entry *context, *context_entries, lctxt; + __uint128_t old; u64 maddr, pgd_maddr; - u16 seg = iommu->intel->drhd->segment; + uint16_t seg = iommu->intel->drhd->segment, prev_did = 0; + struct domain *prev_dom = NULL; int agaw, rc, ret; bool_t flush_dev_iotlb; @@ -1408,17 +1421,32 @@ int domain_context_mapping_one( maddr = bus_to_context_maddr(iommu, bus); context_entries = (struct context_entry *)map_vtd_domain_page(maddr); context = &context_entries[devfn]; + old = (lctxt = *context).full; - if ( context_present(*context) ) + if ( context_present(lctxt) ) { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return 0; + domid_t domid; + + prev_did = context_domain_id(lctxt); + domid = iommu->domid_map[prev_did]; + if ( domid < DOMID_FIRST_RESERVED ) + prev_dom = rcu_lock_domain_by_id(domid); + else if ( domid == DOMID_IO ) + prev_dom = rcu_lock_domain(dom_io); + if ( !prev_dom ) + { + spin_unlock(&iommu->lock); + unmap_vtd_domain_page(context_entries); + dprintk(XENLOG_DEBUG VTDPREFIX, + "no domain for did %u (nr_dom %u)\n", + prev_did, cap_ndoms(iommu->cap)); + return -ESRCH; + } } if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) { - context_set_translation_type(*context, CONTEXT_TT_PASS_THRU); + context_set_translation_type(lctxt, CONTEXT_TT_PASS_THRU); agaw = level_to_agaw(iommu->nr_pt_levels); } else @@ -1435,6 +1463,8 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); + if ( prev_dom ) + rcu_unlock_domain(prev_dom); return -ENOMEM; } } @@ -1452,33 +1482,102 @@ int domain_context_mapping_one( goto nomem; } - context_set_address_root(*context, pgd_maddr); + context_set_address_root(lctxt, pgd_maddr); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) - context_set_translation_type(*context, CONTEXT_TT_DEV_IOTLB); + context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else - context_set_translation_type(*context, CONTEXT_TT_MULTI_LEVEL); + context_set_translation_type(lctxt, CONTEXT_TT_MULTI_LEVEL); spin_unlock(&hd->arch.mapping_lock); } - if ( context_set_domain_id(context, domain, iommu) ) + rc = context_set_domain_id(&lctxt, domain, iommu); + if ( rc ) { + unlock: spin_unlock(&iommu->lock); unmap_vtd_domain_page(context_entries); - return -EFAULT; + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + return rc; + } + + if ( !prev_dom ) + { + context_set_address_width(lctxt, agaw); + context_set_fault_enable(lctxt); + context_set_present(lctxt); + } + else if ( prev_dom == domain ) + { + ASSERT(lctxt.full == context->full); + rc = !!pdev; + goto unlock; + } + else + { + ASSERT(context_address_width(lctxt) == agaw); + ASSERT(!context_fault_disable(lctxt)); + } + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(context, &old, &lctxt.full); + + /* + * Hardware does not update the context entry behind our backs, + * so the return value should match "old". + */ + if ( res != old ) + { + if ( pdev ) + check_cleanup_domid_map(domain, pdev, iommu); + printk(XENLOG_ERR + "%04x:%02x:%02x.%u: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", + pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + rc = -EILSEQ; + goto unlock; + } + } + else if ( !prev_dom || !(mode & MAP_WITH_RMRR) ) + { + context_clear_present(*context); + iommu_sync_cache(context, sizeof(*context)); + + write_atomic(&context->hi, lctxt.hi); + /* No barrier should be needed between these two. */ + write_atomic(&context->lo, lctxt.lo); + } + else /* Best effort, updating DID last. */ + { + /* + * By non-atomically updating the context entry's DID field last, + * during a short window in time TLB entries with the old domain ID + * but the new page tables may be inserted. This could affect I/O + * of other devices using this same (old) domain ID. Such updating + * therefore is not a problem if this was the only device associated + * with the old domain ID. Diverting I/O of any of a dying domain's + * devices to the quarantine page tables is intended anyway. + */ + if ( !(mode & (MAP_OWNER_DYING | MAP_SINGLE_DEVICE)) ) + printk(XENLOG_WARNING VTDPREFIX + " %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", + seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), prev_dom); + + write_atomic(&context->lo, lctxt.lo); + /* No barrier should be needed between these two. */ + write_atomic(&context->hi, lctxt.hi); } - context_set_address_width(*context, agaw); - context_set_fault_enable(*context); - context_set_present(*context); iommu_sync_cache(context, sizeof(struct context_entry)); spin_unlock(&iommu->lock); - /* Context entry was previously non-present (with domid 0). */ - rc = iommu_flush_context_device(iommu, 0, PCI_BDF2(bus, devfn), - DMA_CCMD_MASK_NOBIT, 1); + rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF2(bus, devfn), + DMA_CCMD_MASK_NOBIT, !prev_dom); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - ret = iommu_flush_iotlb_dsi(iommu, 0, 1, flush_dev_iotlb); + ret = iommu_flush_iotlb_dsi(iommu, prev_did, !prev_dom, flush_dev_iotlb); /* * The current logic for returns: @@ -1499,17 +1598,35 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, MAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, mode); - return rc; + if ( rc ) + { + if ( !prev_dom ) + domain_context_unmap_one(domain, iommu, bus, devfn); + else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + mode & MAP_WITH_RMRR); + } + + if ( prev_dom ) + rcu_unlock_domain(prev_dom); + + return rc ?: pdev && prev_dom; } +static int domain_context_unmap(struct domain *d, uint8_t devfn, + struct pci_dev *pdev); + static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; int ret = 0; - u8 seg = pdev->seg, bus = pdev->bus, secbus; + unsigned int i, mode = 0; + uint16_t seg = pdev->seg, bdf; + uint8_t bus = pdev->bus, secbus; drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) @@ -1517,8 +1634,30 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, ASSERT(pcidevs_locked()); + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment != pdev->seg || + bdf != PCI_BDF2(pdev->bus, pdev->devfn) ) + continue; + + mode |= MAP_WITH_RMRR; + break; + } + + if ( domain != pdev->domain ) + { + if ( pdev->domain->is_dying ) + mode |= MAP_OWNER_DYING; + else if ( drhd && + !any_pdev_behind_iommu(pdev->domain, pdev, drhd->iommu) && + !pdev->phantom_stride ) + mode |= MAP_SINGLE_DEVICE; + } + switch ( pdev->type ) { + bool prev_present; + case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "d%d:Hostbridge: skip %04x:%02x:%02x.%u map\n", @@ -1539,7 +1678,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); + pdev, mode); + if ( ret > 0 ) + ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) enable_ats_device(pdev, &drhd->iommu->ats_devices); @@ -1552,20 +1693,33 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev); - if ( ret ) + pdev, mode); + if ( ret < 0 ) break; + prev_present = ret; + ret = 0; if ( find_upstream_bridge(seg, &bus, &devfn, &secbus) < 1 ) break; + /* + * Strictly speaking if the device is the only one behind this bridge + * and the only one with this (secbus,0,0) tuple, it could be allowed + * to be re-assigned regardless of RMRR presence. But let's deal with + * that case only if it is actually found in the wild. + */ + if ( prev_present && (mode & MAP_WITH_RMRR) && + domain != pdev->domain ) + ret = -EOPNOTSUPP; + /* * Mapping a bridge should, if anything, pass the struct pci_dev of * that bridge. Since bridges don't normally get assigned to guests, * their owner would be the wrong one. Pass NULL instead. */ - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL); + if ( ret >= 0 ) + ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, + NULL, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1580,7 +1734,15 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL); + NULL, mode); + + if ( ret ) + { + if ( !prev_present ) + domain_context_unmap(domain, devfn, pdev); + else if ( pdev->domain != domain ) /* Avoid infinite recursion. */ + domain_context_mapping(pdev->domain, devfn, pdev); + } break; @@ -2291,9 +2453,8 @@ static int reassign_device_ownership( { int ret; - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_assign(target); /* * Devices assigned to untrusted domains (here assumed to be any domU) @@ -2303,6 +2464,31 @@ static int reassign_device_ownership( if ( (target != hardware_domain) && !iommu_intremap ) untrusted_msi = true; + ret = domain_context_mapping(target, devfn, pdev); + if ( ret ) + { + if ( !has_arch_pdevs(target) ) + vmx_pi_hooks_deassign(target); + return ret; + } + + if ( pdev->devfn == devfn ) + { + const struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); + + if ( drhd ) + check_cleanup_domid_map(source, pdev, drhd->iommu); + } + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->arch.pdev_list); + pdev->domain = target; + } + + if ( !has_arch_pdevs(source) ) + vmx_pi_hooks_deassign(source); + /* * If the device belongs to the hardware domain, and it has RMRR, don't * remove it from the hardware domain, because BIOS may use RMRR at @@ -2331,34 +2517,7 @@ static int reassign_device_ownership( } } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->arch.pdev_list); - pdev->domain = dom_io; - } - - if ( !has_arch_pdevs(source) ) - vmx_pi_hooks_deassign(source); - - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_assign(target); - - ret = domain_context_mapping(target, devfn, pdev); - if ( ret ) - { - if ( !has_arch_pdevs(target) ) - vmx_pi_hooks_deassign(target); - - return ret; - } - - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->arch.pdev_list); - pdev->domain = target; - } - - return ret; + return 0; } static int intel_iommu_assign_device( diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 3fa6a4ff13..fce03a9f4a 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -201,8 +201,12 @@ struct root_entry { do {(root).val |= ((value) & PAGE_MASK_4K);} while(0) struct context_entry { - u64 lo; - u64 hi; + union { + struct { + uint64_t lo, hi; + }; + __uint128_t full; + }; }; #define ROOT_ENTRY_NR (PAGE_SIZE_4K/sizeof(struct root_entry)) #define context_present(c) ((c).lo & 1) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index b02688e316..68e8ecd09d 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -330,7 +330,8 @@ void __init platform_quirks_init(void) */ static int __must_check map_me_phantom_function(struct domain *domain, - u32 dev, int map) + unsigned int dev, + unsigned int mode) { struct acpi_drhd_unit *drhd; struct pci_dev *pdev; @@ -341,9 +342,9 @@ static int __must_check map_me_phantom_function(struct domain *domain, drhd = acpi_find_matched_drhd_unit(pdev); /* map or unmap ME phantom function */ - if ( map ) + if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL); + PCI_DEVFN(dev, 7), NULL, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, PCI_DEVFN(dev, 7)); @@ -351,7 +352,8 @@ static int __must_check map_me_phantom_function(struct domain *domain, return rc; } -int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) +int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, + unsigned int mode) { u32 id; int rc = 0; @@ -375,7 +377,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, map); + rc = map_me_phantom_function(domain, 3, mode); break; default: break; @@ -401,7 +403,7 @@ int me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map) case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, map); + rc = map_me_phantom_function(domain, 22, mode); break; default: break; diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index bb8889f350..e4ab242fee 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -22,8 +22,14 @@ #include -#define MAP_ME_PHANTOM_FUNC 1 -#define UNMAP_ME_PHANTOM_FUNC 0 +/* + * Values for domain_context_mapping_one()'s and me_wifi_quirk()'s "mode" + * parameters. + */ +#define MAP_WITH_RMRR (1u << 0) +#define MAP_OWNER_DYING (1u << 1) +#define MAP_SINGLE_DEVICE (1u << 2) +#define UNMAP_ME_PHANTOM_FUNC (1u << 3) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 02:12:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 02:12:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301093.513785 (Exim 4.92) (envelope-from ) id 1nce6f-0005GG-Vw; Fri, 08 Apr 2022 02:12:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301093.513785; Fri, 08 Apr 2022 02:12:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6f-0005G8-Ss; Fri, 08 Apr 2022 02:12:13 +0000 Received: by outflank-mailman (input) for mailman id 301093; Fri, 08 Apr 2022 02:12:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6e-0005Fm-QX for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6e-0006xi-Pf for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nce6e-0006N9-Os for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sWLn9jbWPz1jSPfsv2nKZ+imLRLJcqkUjrZM7RVWHRs=; b=T2i6WDm0/yNyYd16tv3iELAN0n IE8pGbv95bT2UzRoMIGuCqHbORJWNfZiht37G9MyjyWEM+Nwrqzc3L+1z3cBBQPltRoT3DqYlfiSr rOnet/TdhE/nmbJDAL0XugtcfxT7tGTHHfQnVEmFu3f8h9wpP0vws9XydRzADHdTEKP0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] AMD/IOMMU: re-assign devices directly Message-Id: Date: Fri, 08 Apr 2022 02:12:12 +0000 commit 1a250caadb837748e4a797019fc3cb0f790c9bab Author: Jan Beulich AuthorDate: Tue Apr 5 15:38:19 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:38:19 2022 +0200 AMD/IOMMU: re-assign devices directly Devices with unity map ranges, due to it being unspecified how/when these memory ranges may get accessed, may not be left disconnected from their unity mappings (as long as it's not certain that the device has been fully quiesced). Hence rather than tearing down the old root page table pointer and then establishing the new one, re-assignment needs to be done in a single step. This is CVE-2022-26360 / part of XSA-400. Reported-by: Roger Pau MonnĂ© Similarly quarantining scratch-page mode relies on page tables to be continuously wired up. To avoid complicating things more than necessary, treat all devices mostly equally, i.e. regardless of their association with any unity map ranges. The main difference is when it comes to updating DTEs, which need to be atomic when there are unity mappings. Yet atomicity can only be achieved with CMPXCHG16B, availability of which we can't take for given. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© master commit: 1fa6e9aa36233fe9c29a204fcb2697e985b8345f master date: 2022-04-05 14:18:04 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 116 ++++++++++++++++- xen/drivers/passthrough/amd/pci_amd_iommu.c | 173 ++++++++++++++++++-------- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 8 +- 3 files changed, 239 insertions(+), 58 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index a5492da9fb..2986ae5fc9 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -158,12 +158,105 @@ static unsigned int set_iommu_pte_present(unsigned long pt_mfn, return flush_flags; } -void amd_iommu_set_root_page_table(uint32_t *dte, uint64_t root_ptr, - uint16_t domain_id, uint8_t paging_mode, - uint8_t valid) +/* + * This function returns + * - -errno for errors, + * - 0 for a successful update, atomic when necessary + * - 1 for a successful but non-atomic update, which may need to be warned + * about by the caller. + */ +int amd_iommu_set_root_page_table(uint32_t *dte, uint64_t root_ptr, + uint16_t domain_id, uint8_t paging_mode, + unsigned int flags) { + bool valid = flags & SET_ROOT_VALID; uint32_t addr_hi, addr_lo, entry, dte0 = dte[0]; + addr_lo = root_ptr & DMA_32BIT_MASK; + addr_hi = root_ptr >> 32; + + if ( get_field_from_reg_u32(dte0, IOMMU_DEV_TABLE_VALID_MASK, + IOMMU_DEV_TABLE_VALID_SHIFT) && + get_field_from_reg_u32(dte0, IOMMU_DEV_TABLE_TRANSLATION_VALID_MASK, + IOMMU_DEV_TABLE_TRANSLATION_VALID_SHIFT) && + (cpu_has_cx16 || (flags & SET_ROOT_WITH_UNITY_MAP)) ) + { + union { + uint32_t dte[4]; + uint64_t raw64[2]; + __uint128_t raw128; + } ldte; + __uint128_t old; + int ret = 0; + + memcpy(ldte.dte, dte, sizeof(ldte)); + old = ldte.raw128; + + set_field_in_reg_u32(domain_id, ldte.dte[2], + IOMMU_DEV_TABLE_DOMAIN_ID_MASK, + IOMMU_DEV_TABLE_DOMAIN_ID_SHIFT, &ldte.dte[2]); + + set_field_in_reg_u32(addr_hi, ldte.dte[1], + IOMMU_DEV_TABLE_PAGE_TABLE_PTR_HIGH_MASK, + IOMMU_DEV_TABLE_PAGE_TABLE_PTR_HIGH_SHIFT, + &ldte.dte[1]); + set_field_in_reg_u32(IOMMU_CONTROL_ENABLED, ldte.dte[1], + IOMMU_DEV_TABLE_IO_WRITE_PERMISSION_MASK, + IOMMU_DEV_TABLE_IO_WRITE_PERMISSION_SHIFT, + &ldte.dte[1]); + set_field_in_reg_u32(IOMMU_CONTROL_ENABLED, ldte.dte[1], + IOMMU_DEV_TABLE_IO_READ_PERMISSION_MASK, + IOMMU_DEV_TABLE_IO_READ_PERMISSION_SHIFT, + &ldte.dte[1]); + + set_field_in_reg_u32(addr_lo >> PAGE_SHIFT, ldte.dte[0], + IOMMU_DEV_TABLE_PAGE_TABLE_PTR_LOW_MASK, + IOMMU_DEV_TABLE_PAGE_TABLE_PTR_LOW_SHIFT, + &ldte.dte[0]); + set_field_in_reg_u32(paging_mode, ldte.dte[0], + IOMMU_DEV_TABLE_PAGING_MODE_MASK, + IOMMU_DEV_TABLE_PAGING_MODE_SHIFT, &ldte.dte[0]); + set_field_in_reg_u32(IOMMU_CONTROL_ENABLED, ldte.dte[0], + IOMMU_DEV_TABLE_TRANSLATION_VALID_MASK, + IOMMU_DEV_TABLE_TRANSLATION_VALID_SHIFT, + &ldte.dte[0]); + set_field_in_reg_u32(valid ? IOMMU_CONTROL_ENABLED + : IOMMU_CONTROL_DISABLED, + ldte.dte[0], IOMMU_DEV_TABLE_VALID_MASK, + IOMMU_DEV_TABLE_VALID_SHIFT, &ldte.dte[0]); + + if ( cpu_has_cx16 ) + { + __uint128_t res = cmpxchg16b(dte, &old, &ldte.raw128); + + /* + * Hardware does not update the DTE behind our backs, so the + * return value should match "old". + */ + if ( res != old ) + { + printk(XENLOG_ERR + "Dom%d: unexpected DTE %016lx_%016lx (expected %016lx_%016lx)\n", + domain_id, + (uint64_t)(res >> 64), (uint64_t)res, + (uint64_t)(old >> 64), (uint64_t)old); + ret = -EILSEQ; + } + } + else /* Best effort, updating domain_id last. */ + { + uint64_t *ptr = (void *)dte; + + write_atomic(ptr + 0, ldte.raw64[0]); + /* No barrier should be needed between these two. */ + write_atomic(ptr + 1, ldte.raw64[1]); + + ret = 1; + } + + return ret; + } + if ( valid || get_field_from_reg_u32(dte0, IOMMU_DEV_TABLE_VALID_MASK, IOMMU_DEV_TABLE_VALID_SHIFT) ) @@ -183,9 +276,6 @@ void amd_iommu_set_root_page_table(uint32_t *dte, uint64_t root_ptr, IOMMU_DEV_TABLE_DOMAIN_ID_SHIFT, &entry); dte[2] = entry; - addr_lo = root_ptr & DMA_32BIT_MASK; - addr_hi = root_ptr >> 32; - set_field_in_reg_u32(addr_hi, 0, IOMMU_DEV_TABLE_PAGE_TABLE_PTR_HIGH_MASK, IOMMU_DEV_TABLE_PAGE_TABLE_PTR_HIGH_SHIFT, &entry); @@ -212,6 +302,20 @@ void amd_iommu_set_root_page_table(uint32_t *dte, uint64_t root_ptr, IOMMU_DEV_TABLE_VALID_MASK, IOMMU_DEV_TABLE_VALID_SHIFT, &entry); write_atomic(&dte[0], entry); + + return 0; +} + +paddr_t amd_iommu_get_root_page_table(const uint32_t *dte) +{ + uint32_t lo = get_field_from_reg_u32( + dte[0], IOMMU_DEV_TABLE_PAGE_TABLE_PTR_LOW_MASK, + IOMMU_DEV_TABLE_PAGE_TABLE_PTR_LOW_SHIFT); + uint32_t hi = get_field_from_reg_u32( + dte[1], IOMMU_DEV_TABLE_PAGE_TABLE_PTR_HIGH_MASK, + IOMMU_DEV_TABLE_PAGE_TABLE_PTR_HIGH_SHIFT); + + return ((paddr_t)hi << 32) | (lo << PAGE_SHIFT); } void iommu_dte_set_iotlb(uint32_t *dte, uint8_t i) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index e9153a5271..3cbb2e9b61 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -109,22 +109,60 @@ static void disable_translation(u32 *dte) dte[0] = entry; } -static void amd_iommu_setup_domain_device( +static int __must_check allocate_domain_resources(struct domain_iommu *hd) +{ + int rc; + + spin_lock(&hd->arch.mapping_lock); + rc = amd_iommu_alloc_root(hd); + spin_unlock(&hd->arch.mapping_lock); + + return rc; +} + +static bool any_pdev_behind_iommu(const struct domain *d, + const struct pci_dev *exclude, + const struct amd_iommu *iommu) +{ + const struct pci_dev *pdev; + + for_each_pdev ( d, pdev ) + { + if ( pdev == exclude ) + continue; + + if ( find_iommu_for_device(pdev->seg, + PCI_BDF2(pdev->bus, pdev->devfn)) == iommu ) + return true; + } + + return false; +} + +static int __must_check amd_iommu_setup_domain_device( struct domain *domain, struct amd_iommu *iommu, u8 devfn, struct pci_dev *pdev) { - void *dte; + uint32_t *dte; unsigned long flags; - int req_id, valid = 1; - int dte_i = 0; + unsigned int req_id, sr_flags; + int dte_i = 0, rc; u8 bus = pdev->bus; - const struct domain_iommu *hd = dom_iommu(domain); + struct domain_iommu *hd = dom_iommu(domain); + const struct ivrs_mappings *ivrs_dev; + + BUG_ON(!hd->arch.paging_mode || !iommu->dev_table.buffer); - BUG_ON( !hd->arch.root_table || !hd->arch.paging_mode || - !iommu->dev_table.buffer ); + rc = allocate_domain_resources(hd); + if ( rc ) + return rc; - if ( iommu_hwdom_passthrough && is_hardware_domain(domain) ) - valid = 0; + req_id = get_dma_requestor_id(iommu->seg, + PCI_BDF2(pdev->bus, pdev->devfn)); + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + sr_flags = (iommu_hwdom_passthrough && is_hardware_domain(domain) + ? 0 : SET_ROOT_VALID) + | (ivrs_dev->unity_map ? SET_ROOT_WITH_UNITY_MAP : 0); if ( ats_enabled ) dte_i = 1; @@ -132,32 +170,87 @@ static void amd_iommu_setup_domain_device( /* get device-table entry */ req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); dte = iommu->dev_table.buffer + (req_id * IOMMU_DEV_TABLE_ENTRY_SIZE); + ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; spin_lock_irqsave(&iommu->lock, flags); if ( !is_translation_valid((u32 *)dte) ) { /* bind DTE to domain page-tables */ - amd_iommu_set_root_page_table( - (u32 *)dte, page_to_maddr(hd->arch.root_table), domain->domain_id, - hd->arch.paging_mode, valid); + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode, sr_flags); + if ( rc ) + { + ASSERT(rc < 0); + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) iommu_dte_set_iotlb((u32 *)dte, dte_i); amd_iommu_flush_device(iommu, req_id); + } + else if ( amd_iommu_get_root_page_table(dte) != + page_to_maddr(hd->arch.root_table) ) + { + /* + * Strictly speaking if the device is the only one with this requestor + * ID, it could be allowed to be re-assigned regardless of unity map + * presence. But let's deal with that case only if it is actually + * found in the wild. + */ + if ( req_id != PCI_BDF2(bus, devfn) && + (sr_flags & SET_ROOT_WITH_UNITY_MAP) ) + rc = -EOPNOTSUPP; + else + rc = amd_iommu_set_root_page_table( + dte, page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode, sr_flags); + if ( rc < 0 ) + { + spin_unlock_irqrestore(&iommu->lock, flags); + return rc; + } + if ( rc && + domain != pdev->domain && + /* + * By non-atomically updating the DTE's domain ID field last, + * during a short window in time TLB entries with the old domain + * ID but the new page tables may have been inserted. This could + * affect I/O of other devices using this same (old) domain ID. + * Such updating therefore is not a problem if this was the only + * device associated with the old domain ID. Diverting I/O of any + * of a dying domain's devices to the quarantine page tables is + * intended anyway. + */ + !pdev->domain->is_dying && + (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || + pdev->phantom_stride) ) + printk(" %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", + pdev->seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + pdev->domain); - AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " - "root table = %#"PRIx64", " - "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode); + if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && + iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) + ASSERT(get_field_from_reg_u32( + dte[3], IOMMU_DEV_TABLE_IOTLB_SUPPORT_MASK, + IOMMU_DEV_TABLE_IOTLB_SUPPORT_SHIFT) == dte_i); + + amd_iommu_flush_device(iommu, req_id); } spin_unlock_irqrestore(&iommu->lock, flags); + AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " + "root table = %#"PRIx64", " + "domain = %d, paging mode = %d\n", + req_id, pdev->type, + page_to_maddr(hd->arch.root_table), + domain->domain_id, hd->arch.paging_mode); + ASSERT(pcidevs_locked()); if ( pci_ats_device(iommu->seg, bus, pdev->devfn) && @@ -168,6 +261,8 @@ static void amd_iommu_setup_domain_device( amd_iommu_flush_iotlb(devfn, pdev, INV_IOMMU_ALL_PAGES_ADDRESS, 0); } + + return 0; } int __init amd_iov_detect(void) @@ -211,17 +306,6 @@ int amd_iommu_alloc_root(struct domain_iommu *hd) return 0; } -static int __must_check allocate_domain_resources(struct domain_iommu *hd) -{ - int rc; - - spin_lock(&hd->arch.mapping_lock); - rc = amd_iommu_alloc_root(hd); - spin_unlock(&hd->arch.mapping_lock); - - return rc; -} - int __read_mostly amd_iommu_min_paging_mode = 1; static int amd_iommu_domain_init(struct domain *d) @@ -310,7 +394,6 @@ static int reassign_device(struct domain *source, struct domain *target, { struct amd_iommu *iommu; int bdf, rc; - struct domain_iommu *t = dom_iommu(target); const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); bdf = PCI_BDF2(pdev->bus, pdev->devfn); @@ -324,7 +407,15 @@ static int reassign_device(struct domain *source, struct domain *target, return -ENODEV; } - amd_iommu_disable_domain_device(source, iommu, devfn, pdev); + rc = amd_iommu_setup_domain_device(target, iommu, devfn, pdev); + if ( rc ) + return rc; + + if ( devfn == pdev->devfn && pdev->domain != target ) + { + list_move(&pdev->domain_list, &target->arch.pdev_list); + pdev->domain = target; + } /* * If the device belongs to the hardware domain, and it has a unity mapping, @@ -340,27 +431,10 @@ static int reassign_device(struct domain *source, struct domain *target, return rc; } - if ( devfn == pdev->devfn && pdev->domain != dom_io ) - { - list_move(&pdev->domain_list, &dom_io->arch.pdev_list); - pdev->domain = dom_io; - } - - rc = allocate_domain_resources(t); - if ( rc ) - return rc; - - amd_iommu_setup_domain_device(target, iommu, devfn, pdev); AMD_IOMMU_DEBUG("Re-assign %04x:%02x:%02x.%u from dom%d to dom%d\n", pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); - if ( devfn == pdev->devfn && pdev->domain != target ) - { - list_move(&pdev->domain_list, &target->arch.pdev_list); - pdev->domain = target; - } - return 0; } @@ -491,8 +565,7 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) return -ENODEV; } - amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); - return 0; + return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 6c83810fc3..a3211ccdfb 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -78,8 +78,12 @@ void amd_iommu_share_p2m(struct domain *d); int get_dma_requestor_id(u16 seg, u16 bdf); void amd_iommu_set_intremap_table( u32 *dte, u64 intremap_ptr, u8 int_valid); -void amd_iommu_set_root_page_table( - u32 *dte, u64 root_ptr, u16 domain_id, u8 paging_mode, u8 valid); +#define SET_ROOT_VALID (1u << 0) +#define SET_ROOT_WITH_UNITY_MAP (1u << 1) +int __must_check amd_iommu_set_root_page_table( + uint32_t *dte, uint64_t root_ptr, uint16_t domain_id, uint8_t paging_mode, + unsigned int flags); +paddr_t amd_iommu_get_root_page_table(const uint32_t *dte); void iommu_dte_set_iotlb(u32 *dte, u8 i); void iommu_dte_add_device_entry(u32 *dte, struct ivrs_mappings *ivrs_dev); void iommu_dte_set_guest_cr3(u32 *dte, u16 dom_id, u64 gcr3, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 02:12:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 02:12:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301094.513789 (Exim 4.92) (envelope-from ) id 1nce6r-0005Jw-1T; Fri, 08 Apr 2022 02:12:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301094.513789; Fri, 08 Apr 2022 02:12:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6q-0005Jo-UY; Fri, 08 Apr 2022 02:12:24 +0000 Received: by outflank-mailman (input) for mailman id 301094; Fri, 08 Apr 2022 02:12:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6o-0005JC-Tv for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6o-0006xs-T4 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nce6o-0006PW-SL for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zYVxEk7T475T9vxd9ceZwqf6YcHgZJP5VX6gGFLyU9k=; b=UxaOHhF0o6xzZWArnjyJ6LtdVG WI7I+2i1sljqqr97nWy04wMqwTrCF/DpDN4dU4GNoW8LcgP3Bw9pQC1xFpVyWDu521GmwHyNeQfkt HDyWMMWGCS7BmnPYyboOCc9Nni0Iqvk6lQwd5rmrup2tjnyDtWmTmKGwUUX8CwAMWV6Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] VT-d: prepare for per-device quarantine page tables (part I) Message-Id: Date: Fri, 08 Apr 2022 02:12:22 +0000 commit 644a6669c18164ee46fc2da67252e7ac52be5db6 Author: Jan Beulich AuthorDate: Tue Apr 5 15:39:04 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:39:04 2022 +0200 VT-d: prepare for per-device quarantine page tables (part I) Arrange for domain ID and page table root to be passed around, the latter in particular to domain_pgd_maddr() such that taking it from the per-domain fields can be overridden. No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: eb19326a328d49a6a4dc3930391b340f3bcd8948 master date: 2022-04-05 14:18:26 +0200 --- xen/drivers/passthrough/vtd/extern.h | 8 +++-- xen/drivers/passthrough/vtd/iommu.c | 62 ++++++++++++++++++++++++------------ xen/drivers/passthrough/vtd/quirks.c | 13 +++++--- 3 files changed, 54 insertions(+), 29 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index e6bd26cc65..e45650eba0 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -72,9 +72,10 @@ void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(void *va); int domain_context_mapping_one(struct domain *domain, struct iommu *iommu, uint8_t bus, uint8_t devfn, - const struct pci_dev *pdev, unsigned int mode); + const struct pci_dev *pdev, domid_t domid, + paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct iommu *iommu, - u8 bus, u8 devfn); + uint8_t bus, uint8_t devfn, domid_t domid); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); @@ -93,7 +94,8 @@ void platform_quirks_init(void); void vtd_ops_preamble_quirk(struct iommu* iommu); void vtd_ops_postamble_quirk(struct iommu* iommu); int __must_check me_wifi_quirk(struct domain *domain, uint8_t bus, - uint8_t devfn, unsigned int mode); + uint8_t devfn, domid_t domid, paddr_t pgd_maddr, + unsigned int mode); void pci_vtd_quirk(const struct pci_dev *); void quirk_iommu_caps(struct iommu *iommu); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index cd5c5e66b1..47a1c9c29f 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1405,12 +1405,12 @@ int domain_context_mapping_one( struct domain *domain, struct iommu *iommu, uint8_t bus, uint8_t devfn, const struct pci_dev *pdev, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { struct domain_iommu *hd = dom_iommu(domain); struct context_entry *context, *context_entries, lctxt; __uint128_t old; - u64 maddr, pgd_maddr; + uint64_t maddr; uint16_t seg = iommu->intel->drhd->segment, prev_did = 0; struct domain *prev_dom = NULL; int agaw, rc, ret; @@ -1451,10 +1451,12 @@ int domain_context_mapping_one( } else { + paddr_t root = pgd_maddr; + spin_lock(&hd->arch.mapping_lock); /* Ensure we have pagetables allocated down to leaf PTE. */ - if ( hd->arch.pgd_maddr == 0 ) + if ( !root ) { addr_to_dma_page_maddr(domain, 0, 1); if ( hd->arch.pgd_maddr == 0 ) @@ -1467,22 +1469,24 @@ int domain_context_mapping_one( rcu_unlock_domain(prev_dom); return -ENOMEM; } + + root = hd->arch.pgd_maddr; } /* Skip top levels of page tables for 2- and 3-level DRHDs. */ - pgd_maddr = hd->arch.pgd_maddr; for ( agaw = level_to_agaw(4); agaw != level_to_agaw(iommu->nr_pt_levels); agaw-- ) { - struct dma_pte *p = map_vtd_domain_page(pgd_maddr); - pgd_maddr = dma_pte_addr(*p); + struct dma_pte *p = map_vtd_domain_page(root); + + root = dma_pte_addr(*p); unmap_vtd_domain_page(p); - if ( pgd_maddr == 0 ) + if ( !root ) goto nomem; } - context_set_address_root(lctxt, pgd_maddr); + context_set_address_root(lctxt, root); if ( ats_enabled && ecap_dev_iotlb(iommu->ecap) ) context_set_translation_type(lctxt, CONTEXT_TT_DEV_IOTLB); else @@ -1598,15 +1602,21 @@ int domain_context_mapping_one( unmap_vtd_domain_page(context_entries); if ( !seg && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, mode); + rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); if ( rc ) { if ( !prev_dom ) - domain_context_unmap_one(domain, iommu, bus, devfn); + domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + { + hd = dom_iommu(prev_dom); domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, + domain->domain_id, + hd->arch.pgd_maddr, mode & MAP_WITH_RMRR); + } } if ( prev_dom ) @@ -1623,6 +1633,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; + paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1678,7 +1689,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret > 0 ) ret = 0; if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) @@ -1693,7 +1705,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, mode); + pdev, domain->domain_id, pgd_maddr, + mode); if ( ret < 0 ) break; prev_present = ret; @@ -1719,7 +1732,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1734,7 +1748,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, mode); + NULL, domain->domain_id, pgd_maddr, + mode); if ( ret ) { @@ -1763,7 +1778,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct iommu *iommu, - u8 bus, u8 devfn) + uint8_t bus, uint8_t devfn, domid_t domid) { struct context_entry *context, *context_entries; u64 maddr; @@ -1821,7 +1836,7 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->intel->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); return rc; } @@ -1860,7 +1875,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, printk(VTDPREFIX "d%d:PCIe: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1870,7 +1886,8 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn); + ret = domain_context_unmap_one(domain, iommu, bus, devfn, + domain->domain_id); if ( ret ) break; @@ -1882,14 +1899,17 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, /* PCIe to PCI/PCIx bridge */ if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); if ( ret ) return ret; - ret = domain_context_unmap_one(domain, iommu, secbus, 0); + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + domain->domain_id); } else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + domain->domain_id); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 68e8ecd09d..5373930c0f 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -331,6 +331,8 @@ void __init platform_quirks_init(void) static int __must_check map_me_phantom_function(struct domain *domain, unsigned int dev, + domid_t domid, + paddr_t pgd_maddr, unsigned int mode) { struct acpi_drhd_unit *drhd; @@ -344,16 +346,17 @@ static int __must_check map_me_phantom_function(struct domain *domain, /* map or unmap ME phantom function */ if ( !(mode & UNMAP_ME_PHANTOM_FUNC) ) rc = domain_context_mapping_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), NULL, mode); + PCI_DEVFN(dev, 7), NULL, + domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7)); + PCI_DEVFN(dev, 7), domid); return rc; } int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, - unsigned int mode) + domid_t domid, paddr_t pgd_maddr, unsigned int mode) { u32 id; int rc = 0; @@ -377,7 +380,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x423b8086: case 0x423c8086: case 0x423d8086: - rc = map_me_phantom_function(domain, 3, mode); + rc = map_me_phantom_function(domain, 3, domid, pgd_maddr, mode); break; default: break; @@ -403,7 +406,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, case 0x42388086: /* Puma Peak */ case 0x422b8086: case 0x422c8086: - rc = map_me_phantom_function(domain, 22, mode); + rc = map_me_phantom_function(domain, 22, domid, pgd_maddr, mode); break; default: break; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 02:12:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 02:12:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301095.513793 (Exim 4.92) (envelope-from ) id 1nce71-0005Ne-5B; Fri, 08 Apr 2022 02:12:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301095.513793; Fri, 08 Apr 2022 02:12:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce71-0005NW-25; Fri, 08 Apr 2022 02:12:35 +0000 Received: by outflank-mailman (input) for mailman id 301095; Fri, 08 Apr 2022 02:12:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6z-0005N9-0r for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce6z-0006y2-06 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nce6y-0006QT-VU for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TjrsXFTP9tnlRab6wBv6yRnpbz4eOM/pxMTAJzGjtMY=; b=B+Yawa5+INd4N6Srky8TADouzE vay/eDbZPHX84xY6NYrTgn9QZcnxlfAS3i2nBJAKf0tDcXLCQiXLcygDEnvlkzmT75VXHeCrdsuXc WKEv4mrc1pmuMUIxs17yep6sMYVIGPZGwc7rYC9yrouzgrSIDMhdlZIDiZLDa6ksI49I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] VT-d: prepare for per-device quarantine page tables (part II) Message-Id: Date: Fri, 08 Apr 2022 02:12:32 +0000 commit e3be966b9cc9143ca6ec6bb7df0c4cb7a6fd317a Author: Jan Beulich AuthorDate: Tue Apr 5 15:39:43 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:39:43 2022 +0200 VT-d: prepare for per-device quarantine page tables (part II) Replace the passing of struct domain * by domid_t in preparation of per-device quarantine page tables also requiring per-device pseudo domain IDs, which aren't going to be associated with any struct domain instances. No functional change intended (except for slightly adjusted log message text). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 7131163c4806e3c7de24873164d1a003d2a27dee master date: 2022-04-05 14:18:48 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 47a1c9c29f..88ef84336e 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -52,8 +52,8 @@ static struct tasklet vtd_fault_tasklet; static int setup_hwdom_device(u8 devfn, struct pci_dev *); static void setup_hwdom_rmrr(struct domain *d); -static int domain_iommu_domid(struct domain *d, - struct iommu *iommu) +static int get_iommu_did(domid_t domid, const struct iommu *iommu, + bool warn) { unsigned long nr_dom, i; @@ -61,23 +61,24 @@ static int domain_iommu_domid(struct domain *d, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) return i; i = find_next_bit(iommu->domid_bitmap, nr_dom, i+1); } - dprintk(XENLOG_ERR VTDPREFIX, - "Cannot get valid iommu domid: domid=%d iommu->index=%d\n", - d->domain_id, iommu->index); + if ( warn ) + dprintk(XENLOG_ERR VTDPREFIX, + "No valid iommu %u domid for Dom%d\n", + iommu->index, domid); + return -1; } #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 static int context_set_domain_id(struct context_entry *context, - struct domain *d, - struct iommu *iommu) + domid_t domid, struct iommu *iommu) { unsigned long nr_dom, i; int found = 0; @@ -88,7 +89,7 @@ static int context_set_domain_id(struct context_entry *context, i = find_first_bit(iommu->domid_bitmap, nr_dom); while ( i < nr_dom ) { - if ( iommu->domid_map[i] == d->domain_id ) + if ( iommu->domid_map[i] == domid ) { found = 1; break; @@ -104,7 +105,7 @@ static int context_set_domain_id(struct context_entry *context, dprintk(XENLOG_ERR VTDPREFIX, "IOMMU: no free domain ids\n"); return -EFAULT; } - iommu->domid_map[i] = d->domain_id; + iommu->domid_map[i] = domid; } set_bit(i, iommu->domid_bitmap); @@ -131,9 +132,9 @@ static void __init free_intel_iommu(struct intel_iommu *intel) xfree(intel); } -static void cleanup_domid_map(struct domain *domain, struct iommu *iommu) +static void cleanup_domid_map(domid_t domid, struct iommu *iommu) { - int iommu_domid = domain_iommu_domid(domain, iommu); + int iommu_domid = get_iommu_did(domid, iommu, false); if ( iommu_domid >= 0 ) { @@ -189,7 +190,7 @@ static void check_cleanup_domid_map(struct domain *d, if ( !found ) { clear_bit(iommu->index, &dom_iommu(d)->arch.iommu_bitmap); - cleanup_domid_map(d, iommu); + cleanup_domid_map(d->domain_id, iommu); } } @@ -670,7 +671,7 @@ static int __must_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, continue; flush_dev_iotlb = !!find_ats_dev_drhd(iommu); - iommu_domid= domain_iommu_domid(d, iommu); + iommu_domid = get_iommu_did(d->domain_id, iommu, !d->is_dying); if ( iommu_domid == -1 ) continue; @@ -1495,7 +1496,7 @@ int domain_context_mapping_one( spin_unlock(&hd->arch.mapping_lock); } - rc = context_set_domain_id(&lctxt, domain, iommu); + rc = context_set_domain_id(&lctxt, domid, iommu); if ( rc ) { unlock: @@ -1803,7 +1804,7 @@ int domain_context_unmap_one( context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid= domain_iommu_domid(domain, iommu); + iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); if ( iommu_domid == -1 ) { spin_unlock(&iommu->lock); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 02:12:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 02:12:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301096.513797 (Exim 4.92) (envelope-from ) id 1nce7B-0005Qe-6z; Fri, 08 Apr 2022 02:12:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301096.513797; Fri, 08 Apr 2022 02:12:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce7B-0005QW-3q; Fri, 08 Apr 2022 02:12:45 +0000 Received: by outflank-mailman (input) for mailman id 301096; Fri, 08 Apr 2022 02:12:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce79-0005Q9-4H for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce79-0006yS-3N for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nce79-0006RD-2j for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=A6G8Psn5fh59HVtsPeARLKyyhYJqUKYAPxY1IUE740k=; b=OECnLgQcdPIX5wIM/3BX9Ew6Il FNrVXbgzh1aPyyVo3qFBnxPDPVd1UkPSayG4TO9eFJbA5mRHShTPR9+oyhBgeOC83CUjtKdhCxl2m sN57j24yjyCgv9rzbR7tqdBLdj0lUGk6F28NsdpC2+IQSHR/jRkm771Rp0ns7kW/N1qs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] IOMMU/x86: maintain a per-device pseudo domain ID Message-Id: Date: Fri, 08 Apr 2022 02:12:43 +0000 commit 5776043ebb54345ded7530051e2a4377b3875cc2 Author: Jan Beulich AuthorDate: Tue Apr 5 15:40:21 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:40:21 2022 +0200 IOMMU/x86: maintain a per-device pseudo domain ID In order to subsequently enable per-device quarantine page tables, we'll need domain-ID-like identifiers to be inserted in the respective device (AMD) or context (Intel) table entries alongside the per-device page table root addresses. Make use of "real" domain IDs occupying only half of the value range coverable by domid_t. Note that in VT-d's iommu_alloc() I didn't want to introduce new memory leaks in case of error, but existing ones don't get plugged - that'll be the subject of a later change. The VT-d changes are slightly asymmetric, but this way we can avoid assigning pseudo domain IDs to devices which would never be mapped while still avoiding to add a new parameter to domain_context_unmap(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 97af062b89d52c0ecf7af254b53345c97d438e33 master date: 2022-04-05 14:19:10 +0200 --- xen/drivers/passthrough/amd/iommu_detect.c | 8 +++ xen/drivers/passthrough/amd/pci_amd_iommu.c | 23 ++++++++- xen/drivers/passthrough/pci.c | 12 +++-- xen/drivers/passthrough/vtd/iommu.c | 77 ++++++++++++++++++++++------- xen/drivers/passthrough/vtd/iommu.h | 1 + xen/drivers/passthrough/x86/iommu.c | 47 ++++++++++++++++++ xen/include/asm-x86/amd-iommu.h | 1 + xen/include/asm-x86/iommu.h | 4 ++ xen/include/asm-x86/pci.h | 6 +++ xen/include/public/xen.h | 3 ++ 10 files changed, 160 insertions(+), 22 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_detect.c b/xen/drivers/passthrough/amd/iommu_detect.c index 3c5d4de1a3..43c35037bc 100644 --- a/xen/drivers/passthrough/amd/iommu_detect.c +++ b/xen/drivers/passthrough/amd/iommu_detect.c @@ -150,6 +150,11 @@ int __init amd_iommu_detect_one_acpi( if ( rt ) goto out; + iommu->domid_map = iommu_init_domid(); + rt = -ENOMEM; + if ( !iommu->domid_map ) + goto out; + rt = pci_ro_device(iommu->seg, bus, PCI_DEVFN(dev, func)); if ( rt ) printk(XENLOG_ERR @@ -161,7 +166,10 @@ int __init amd_iommu_detect_one_acpi( out: if ( rt ) + { + xfree(iommu->domid_map); xfree(iommu); + } return rt; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 3cbb2e9b61..301a8f1229 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -541,6 +541,8 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct amd_iommu *iommu; u16 bdf; + bool fresh_domid = false; + int ret; if ( !pdev->domain ) return -EINVAL; @@ -565,7 +567,22 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) return -ENODEV; } - return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = iommu_alloc_domid(iommu->domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + fresh_domid = true; + } + + ret = amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); + if ( ret && fresh_domid ) + { + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + + return ret; } static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) @@ -587,6 +604,10 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) } amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + return 0; } diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 6b87febc3d..f4d9777b52 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -343,6 +343,7 @@ static struct pci_dev *alloc_pdev(struct pci_seg *pseg, u8 bus, u8 devfn) *((u8*) &pdev->bus) = bus; *((u8*) &pdev->devfn) = devfn; pdev->domain = NULL; + pdev->arch.pseudo_domid = DOMID_INVALID; INIT_LIST_HEAD(&pdev->msi_list); if ( pci_find_cap_offset(pseg->nr, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), @@ -1311,10 +1312,13 @@ static int _dump_pci_devices(struct pci_seg *pseg, void *arg) list_for_each_entry ( pdev, &pseg->alldevs_list, alldevs_list ) { - printk("%04x:%02x:%02x.%u - dom %-3d - node %-3d - MSIs < ", - pseg->nr, pdev->bus, - PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn), - pdev->domain ? pdev->domain->domain_id : -1, + printk("%04x:%02x:%02x.%u - ", pseg->nr, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); + if ( pdev->domain == dom_io ) + printk("DomIO:%x", pdev->arch.pseudo_domid); + else if ( pdev->domain ) + printk("Dom%d", pdev->domain->domain_id); + printk(" - node %-3d - MSIs < ", (pdev->node != NUMA_NO_NODE) ? pdev->node : -1); list_for_each_entry ( msi, &pdev->msi_list, list ) printk("%d ", msi->irq); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 88ef84336e..7c09ef77ed 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -1234,7 +1235,7 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { struct iommu *iommu; unsigned long sagaw, nr_dom; - int agaw; + int agaw, rc; if ( nr_iommus > MAX_IOMMUS ) { @@ -1324,10 +1325,19 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) if ( !iommu->domid_map ) return -ENOMEM ; + iommu->pseudo_domid_map = iommu_init_domid(); + rc = -ENOMEM; + if ( !iommu->pseudo_domid_map ) + goto free; + spin_lock_init(&iommu->lock); spin_lock_init(&iommu->register_lock); return 0; + + free: + iommu_free(drhd); + return rc; } void __init iommu_free(struct acpi_drhd_unit *drhd) @@ -1350,6 +1360,7 @@ void __init iommu_free(struct acpi_drhd_unit *drhd) xfree(iommu->domid_bitmap); xfree(iommu->domid_map); + xfree(iommu->pseudo_domid_map); free_intel_iommu(iommu->intel); if ( iommu->msi.irq >= 0 ) @@ -1626,8 +1637,8 @@ int domain_context_mapping_one( return rc ?: pdev && prev_dom; } -static int domain_context_unmap(struct domain *d, uint8_t devfn, - struct pci_dev *pdev); +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *d, uint8_t devfn, struct pci_dev *pdev); static int domain_context_mapping(struct domain *domain, u8 devfn, struct pci_dev *pdev) @@ -1635,6 +1646,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; + domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; uint16_t seg = pdev->seg, bdf; @@ -1685,6 +1697,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCIe_ENDPOINT: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "d%d:PCIe: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, @@ -1700,6 +1720,14 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; case DEV_TYPE_PCI: + if ( iommu_quarantine && orig_domid == DOMID_INVALID ) + { + pdev->arch.pseudo_domid = + iommu_alloc_domid(drhd->iommu->pseudo_domid_map); + if ( pdev->arch.pseudo_domid == DOMID_INVALID ) + return -ENOSPC; + } + if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, @@ -1773,6 +1801,13 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && devfn == pdev->devfn ) pci_vtd_quirk(pdev); + if ( ret && drhd && orig_domid == DOMID_INVALID ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return ret; } @@ -1842,8 +1877,10 @@ int domain_context_unmap_one( return rc; } -static int domain_context_unmap(struct domain *domain, u8 devfn, - struct pci_dev *pdev) +static const struct acpi_drhd_unit *domain_context_unmap( + struct domain *domain, + uint8_t devfn, + struct pci_dev *pdev) { struct acpi_drhd_unit *drhd; struct iommu *iommu; @@ -1852,7 +1889,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, drhd = acpi_find_matched_drhd_unit(pdev); if ( !drhd ) - return -ENODEV; + return ERR_PTR(-ENODEV); iommu = drhd->iommu; switch ( pdev->type ) @@ -1863,7 +1900,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); if ( !is_hardware_domain(domain) ) - return -EPERM; + return ERR_PTR(-EPERM); goto out; case DEV_TYPE_PCIe_BRIDGE: @@ -1902,11 +1939,9 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, { ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, domain->domain_id); - if ( ret ) - return ret; - - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - domain->domain_id); + if ( !ret ) + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + domain->domain_id); } else /* Legacy PCI bridge */ ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, @@ -1926,7 +1961,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, check_cleanup_domid_map(domain, pdev, iommu); out: - return ret; + return ret ? ERR_PTR(ret) : drhd; } static void iommu_domain_teardown(struct domain *d) @@ -2152,16 +2187,17 @@ static int intel_iommu_enable_device(struct pci_dev *pdev) static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { + const struct acpi_drhd_unit *drhd; struct acpi_rmrr_unit *rmrr; u16 bdf; - int ret, i; + unsigned int i; if ( !pdev->domain ) return -EINVAL; - ret = domain_context_unmap(pdev->domain, devfn, pdev); - if ( ret ) - return ret; + drhd = domain_context_unmap(pdev->domain, devfn, pdev); + if ( IS_ERR(drhd) ) + return PTR_ERR(drhd); for_each_rmrr_device ( rmrr, bdf, i ) { @@ -2178,6 +2214,13 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + if ( drhd ) + { + iommu_free_domid(pdev->arch.pseudo_domid, + drhd->iommu->pseudo_domid_map); + pdev->arch.pseudo_domid = DOMID_INVALID; + } + return 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index fce03a9f4a..e8346e29b6 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -541,6 +541,7 @@ struct iommu { struct msi_desc msi; struct intel_iommu *intel; struct list_head ats_devices; + unsigned long *pseudo_domid_map; /* "pseudo" domain id bitmap */ unsigned long *domid_bitmap; /* domain id bitmap */ u16 *domid_map; /* domain id mapping array */ }; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 519353f81a..bee2028de2 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -373,6 +373,53 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) return; } +unsigned long *__init iommu_init_domid(void) +{ + if ( !iommu_quarantine ) + return ZERO_BLOCK_PTR; + + BUILD_BUG_ON(DOMID_MASK * 2U >= UINT16_MAX); + + return xzalloc_array(unsigned long, + BITS_TO_LONGS(UINT16_MAX - DOMID_MASK)); +} + +domid_t iommu_alloc_domid(unsigned long *map) +{ + /* + * This is used uniformly across all IOMMUs, such that on typical + * systems we wouldn't re-use the same ID very quickly (perhaps never). + */ + static unsigned int start; + unsigned int idx = find_next_zero_bit(map, UINT16_MAX - DOMID_MASK, start); + + ASSERT(pcidevs_locked()); + + if ( idx >= UINT16_MAX - DOMID_MASK ) + idx = find_first_zero_bit(map, UINT16_MAX - DOMID_MASK); + if ( idx >= UINT16_MAX - DOMID_MASK ) + return DOMID_INVALID; + + __set_bit(idx, map); + + start = idx + 1; + + return idx | (DOMID_MASK + 1); +} + +void iommu_free_domid(domid_t domid, unsigned long *map) +{ + ASSERT(pcidevs_locked()); + + if ( domid == DOMID_INVALID ) + return; + + ASSERT(domid > DOMID_MASK); + + if ( !__test_and_clear_bit(domid & DOMID_MASK, map) ) + BUG(); +} + /* * Local variables: * mode: C diff --git a/xen/include/asm-x86/amd-iommu.h b/xen/include/asm-x86/amd-iommu.h index 1bba272379..ab2c0983f7 100644 --- a/xen/include/asm-x86/amd-iommu.h +++ b/xen/include/asm-x86/amd-iommu.h @@ -97,6 +97,7 @@ struct amd_iommu { struct ring_buffer cmd_buffer; struct ring_buffer event_log; struct ring_buffer ppr_log; + unsigned long *domid_map; int exclusion_enable; int exclusion_allow_all; diff --git a/xen/include/asm-x86/iommu.h b/xen/include/asm-x86/iommu.h index b8d2951b12..bab00f6ae4 100644 --- a/xen/include/asm-x86/iommu.h +++ b/xen/include/asm-x86/iommu.h @@ -112,6 +112,10 @@ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, ops->sync_cache(addr, size); \ }) +unsigned long *iommu_init_domid(void); +domid_t iommu_alloc_domid(unsigned long *map); +void iommu_free_domid(domid_t domid, unsigned long *map); + #endif /* !__ARCH_X86_IOMMU_H__ */ /* * Local variables: diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index cc05045e9c..70ed48e309 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -15,6 +15,12 @@ struct arch_pci_dev { vmask_t used_vectors; + /* + * These fields are (de)initialized under pcidevs-lock. Other uses of + * them don't race (de)initialization and hence don't strictly need any + * locking. + */ + domid_t pseudo_domid; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index 0d395404b0..88182d4004 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -584,6 +584,9 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t); /* Idle domain. */ #define DOMID_IDLE xen_mk_uint(0x7FFF) +/* Mask for valid domain id values */ +#define DOMID_MASK xen_mk_uint(0x7FFF) + #ifndef __ASSEMBLY__ typedef uint16_t domid_t; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 02:12:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 02:12:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301097.513803 (Exim 4.92) (envelope-from ) id 1nce7K-0005TM-96; Fri, 08 Apr 2022 02:12:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301097.513803; Fri, 08 Apr 2022 02:12:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce7K-0005TE-5T; Fri, 08 Apr 2022 02:12:54 +0000 Received: by outflank-mailman (input) for mailman id 301097; Fri, 08 Apr 2022 02:12:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce7J-0005Ss-7W for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce7J-0006yW-6h for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nce7J-0006Rs-5p for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:12:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=b2And+rK9X5ZoH8a9pVDDiRq5OryFnrhH5sG6AnELD0=; b=wUkOkPrruXuwp3bhp/VKryHWO2 sbQn9uOCpWKy3GB0pZPLojRKaJDO6IOqTeHR1juHqKeqIXPv6IXLDzEnOKdZoiXw2kIVzEx8P3HUR /Ww0+epRT4IJxhr0rfwT+qSCgEeVufXK5UWiiiHBe6ht8JJKDCDm3GFanSb8r1AK/Hys=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] IOMMU/x86: drop TLB flushes from quarantine_init() hooks Message-Id: Date: Fri, 08 Apr 2022 02:12:53 +0000 commit d15a9c9a05d5a33a323f6584d91bc693fd3c0338 Author: Jan Beulich AuthorDate: Tue Apr 5 15:41:05 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:41:05 2022 +0200 IOMMU/x86: drop TLB flushes from quarantine_init() hooks The page tables just created aren't hooked up yet anywhere, so there's nothing that could be present in any TLB, and hence nothing to flush. Dropping this flush is, at least on the VT-d side, a prereq to per- device domain ID use when quarantining devices, as dom_io isn't going to be assigned a DID anymore: The warning in get_iommu_did() would trigger. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian master commit: 54c5cef49239e2f27ec3b3fc8804bf57aa4bf46d master date: 2022-04-05 14:19:42 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 2 -- xen/drivers/passthrough/vtd/iommu.c | 5 +---- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 2986ae5fc9..0b619e235e 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -840,8 +840,6 @@ int __init amd_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - amd_iommu_flush_all_pages(d); - /* Pages leaked in failure case */ return level ? -ENOMEM : 0; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 7c09ef77ed..b0918643b3 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2858,7 +2858,6 @@ static int __init intel_iommu_quarantine_init(struct domain *d) struct dma_pte *parent; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); - int rc; if ( hd->arch.pgd_maddr ) { @@ -2905,10 +2904,8 @@ static int __init intel_iommu_quarantine_init(struct domain *d) out: spin_unlock(&hd->arch.mapping_lock); - rc = iommu_flush_iotlb_all(d); - /* Pages leaked in failure case */ - return level ? -ENOMEM : rc; + return level ? -ENOMEM : 0; } const struct iommu_ops __initconstrel intel_iommu_ops = { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 02:13:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 02:13:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301098.513805 (Exim 4.92) (envelope-from ) id 1nce7U-0005XC-An; Fri, 08 Apr 2022 02:13:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301098.513805; Fri, 08 Apr 2022 02:13:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce7U-0005X4-7B; Fri, 08 Apr 2022 02:13:04 +0000 Received: by outflank-mailman (input) for mailman id 301098; Fri, 08 Apr 2022 02:13:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce7T-0005Wj-Af for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:13:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce7T-0006yn-9r for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:13:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nce7T-0006Sg-9F for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:13:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UVKhS4ajG/fiU2Getsy+ZyHAHOGLimjRifXpDmMLKS8=; b=qg7wn2D7diFZ/1Q+E5V81BH4XZ 4/Vwj/vcVvGBmK700WAThb7eqAEnEwQyJRpbdlbi1obChe3nzbG+qUDYCy8uEMokzSqhbCrkmYtnW NM4D2JmDI5Wyi0oIOM2QUfvHcpDfODf3Ci59elUdDZBhH5nyOUtp4BeUucmzsmmNzloA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] AMD/IOMMU: abstract maximum number of page table levels Message-Id: Date: Fri, 08 Apr 2022 02:13:03 +0000 commit 0af8d2dfc39f5841b5ccc2298487d5e2d3035145 Author: Jan Beulich AuthorDate: Tue Apr 5 15:42:01 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:42:01 2022 +0200 AMD/IOMMU: abstract maximum number of page table levels We will want to use the constant elsewhere. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant master commit: a038b514c1e970a8dc32229cbd31f6769ee61ad5 master date: 2022-04-05 14:20:04 +0200 --- xen/drivers/passthrough/amd/iommu_map.c | 2 +- xen/include/asm-x86/hvm/svm/amd-iommu-defs.h | 2 ++ xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 0b619e235e..62bcfc5af7 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -477,7 +477,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, table = hd->arch.root_table; level = hd->arch.paging_mode; - BUG_ON( table == NULL || level < 1 || level > 6 ); + BUG_ON( table == NULL || level < 1 || level > IOMMU_MAX_PT_LEVELS ); /* * A frame number past what the current page tables can represent can't diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h b/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h index d9ec20cc90..ee3380c131 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-defs.h @@ -114,6 +114,8 @@ #define IOMMU_DEV_TABLE_PAGE_TABLE_PTR_LOW_MASK 0xFFFFF000 #define IOMMU_DEV_TABLE_PAGE_TABLE_PTR_LOW_SHIFT 12 +#define IOMMU_MAX_PT_LEVELS 6 + /* DeviceTable Entry[63:32] */ #define IOMMU_DEV_TABLE_GV_SHIFT 23 #define IOMMU_DEV_TABLE_GV_MASK 0x800000 diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index a3211ccdfb..35b7d9eb23 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -185,7 +185,7 @@ static inline int amd_iommu_get_paging_mode(unsigned long max_frames) while ( max_frames > PTE_PER_TABLE_SIZE ) { max_frames = PTE_PER_TABLE_ALIGN(max_frames) >> PTE_PER_TABLE_SHIFT; - if ( ++level > 6 ) + if ( ++level > IOMMU_MAX_PT_LEVELS ) return -ENOMEM; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 02:13:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 02:13:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301100.513809 (Exim 4.92) (envelope-from ) id 1nce7e-0005an-D4; Fri, 08 Apr 2022 02:13:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301100.513809; Fri, 08 Apr 2022 02:13:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce7e-0005ad-A5; Fri, 08 Apr 2022 02:13:14 +0000 Received: by outflank-mailman (input) for mailman id 301100; Fri, 08 Apr 2022 02:13:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce7d-0005aW-E8 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:13:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nce7d-0006yy-DK for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:13:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nce7d-0006TS-Cc for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 02:13:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BZ1F1JpxJN27KWx3Eov3gi5rACqTIP7TPZ4Iaaf6bEg=; b=MGtWuvoeLiw3nIhuNlvUHvH2am Lq9CjJC80cIhTetUanCsz4xW9Mim+YqS5kSIxd7vcBwtWbPIbzX8AjzUWxBqUWUwUc4zxwG+dE3V7 Gwp7BboBOwALWiuFJpJSKkPoNa1eFFkaADsUfRB91byLi7+hNLPSJ+KybH02IhyW2LHc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] IOMMU/x86: use per-device page tables for quarantining Message-Id: Date: Fri, 08 Apr 2022 02:13:13 +0000 commit c633ec9451e76015c409bd5119ffcb0f2e61fe8b Author: Jan Beulich AuthorDate: Tue Apr 5 15:42:45 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 5 15:42:45 2022 +0200 IOMMU/x86: use per-device page tables for quarantining Devices with RMRRs / unity mapped regions, due to it being unspecified how/when these memory regions may be accessed, may not be left disconnected from the mappings of these regions (as long as it's not certain that the device has been fully quiesced). Hence even the page tables used when quarantining such devices need to have mappings of those regions. This implies installing page tables in the first place even when not in scratch-page quarantining mode. This is CVE-2022-26361 / part of XSA-400. While for the purpose here it would be sufficient to have devices with RMRRs / unity mapped regions use per-device page tables, extend this to all devices (in scratch-page quarantining mode). This allows the leaf pages to be mapped r/w, thus covering also memory writes (rather than just reads) issued by non-quiescent devices. Set up quarantine page tables as late as possible, yet early enough to not encounter failure during de-assign. This means setup generally happens in assign_device(), while (for now) the one in deassign_device() is there mainly to be on the safe side. In VT-d's DID allocation function don't require the IOMMU lock to be held anymore: All involved code paths hold pcidevs_lock, so this way we avoid the need to acquire the IOMMU lock around the new call to context_set_domain_id(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© master commit: 14dd241aad8af447680ac73e8579990e2c09c1e7 master date: 2022-04-05 14:24:18 +0200 --- xen/arch/x86/mm/p2m.c | 2 +- xen/drivers/passthrough/amd/iommu_map.c | 168 +++++++++++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 39 ++-- xen/drivers/passthrough/iommu.c | 16 +- xen/drivers/passthrough/pci.c | 20 ++- xen/drivers/passthrough/vtd/iommu.c | 247 +++++++++++++++++++------- xen/drivers/passthrough/vtd/iommu.h | 2 +- xen/include/asm-x86/hvm/svm/amd-iommu-proto.h | 3 +- xen/include/asm-x86/pci.h | 13 ++ xen/include/xen/iommu.h | 3 +- 10 files changed, 378 insertions(+), 135 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 266b6a0416..c7bf160be9 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1424,7 +1424,7 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, struct p2m_domain *p2m = p2m_get_hostp2m(d); int ret; - if ( !paging_mode_translate(p2m->domain) ) + if ( !paging_mode_translate(d) ) { if ( !has_iommu_pt(d) ) return 0; diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 62bcfc5af7..9bdf9e25e4 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -784,64 +784,150 @@ void amd_iommu_share_p2m(struct domain *d) } } -int __init amd_iommu_quarantine_init(struct domain *d) +static int fill_qpt(uint64_t *this, unsigned int level, + struct page_info *pgs[IOMMU_MAX_PT_LEVELS], + struct pci_dev *pdev) { - struct domain_iommu *hd = dom_iommu(d); + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_PER_TABLE_SIZE; ++i ) + { + uint32_t *pte = (uint32_t *)&this[i]; + uint64_t *next; + + if ( !get_field_from_reg_u32(pte[0], IOMMU_PTE_PRESENT_MASK, + IOMMU_PTE_PRESENT_SHIFT) ) + { + if ( !pgs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + pgs[level] = alloc_amd_iommu_pgtable(); + if ( !pgs[level] ) + { + rc = -ENOMEM; + break; + } + + page_list_add(pgs[level], &pdev->arch.pgtables_list); + + if ( level ) + { + next = __map_domain_page(pgs[level]); + rc = fill_qpt(next, level - 1, pgs, pdev); + unmap_domain_page(next); + } + } + + /* + * PDEs are essentially a subset of PTEs, so this function + * is fine to use even at the leaf. + */ + set_iommu_pde_present(pte, mfn_x(page_to_mfn(pgs[level])), level, + true, true); + } + else if ( level && + get_field_from_reg_u32(pte[0], + IOMMU_PDE_NEXT_LEVEL_MASK, + IOMMU_PDE_NEXT_LEVEL_SHIFT) ) + { + paddr_t addr_hi = get_field_from_reg_u32(pte[1], + IOMMU_PTE_ADDR_HIGH_MASK, + IOMMU_PTE_ADDR_HIGH_SHIFT); + paddr_t addr_lo = get_field_from_reg_u32(pte[0], + IOMMU_PTE_ADDR_LOW_MASK, + IOMMU_PTE_ADDR_LOW_SHIFT); + unsigned long mfn = (addr_hi << (32 - PAGE_SHIFT)) | addr_lo; + + page_list_add(mfn_to_page(_mfn(mfn)), &pdev->arch.pgtables_list); + next = map_domain_page(_mfn(mfn)); + rc = fill_qpt(next, level - 1, pgs, pdev); + unmap_domain_page(next); + } + } + + return rc; +} + +int amd_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); unsigned long end_gfn = 1ul << (DEFAULT_DOMAIN_ADDRESS_WIDTH - PAGE_SHIFT); unsigned int level = amd_iommu_get_paging_mode(end_gfn); - uint64_t *table; + unsigned int req_id = get_dma_requestor_id(pdev->seg, + PCI_BDF2(pdev->bus, pdev->devfn)); + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + int rc; - if ( hd->arch.root_table ) + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.root_table); + + ASSERT(pdev->arch.pseudo_domid != DOMID_INVALID); + + if ( pdev->arch.amd.root_table ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + pdev->arch.amd.root_table = alloc_amd_iommu_pgtable(); + if ( !pdev->arch.amd.root_table ) + return -ENOMEM; - hd->arch.root_table = alloc_amd_iommu_pgtable(); - if ( !hd->arch.root_table ) - goto out; + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.root_table = pdev->arch.amd.root_table; - table = __map_domain_page(hd->arch.root_table); - while ( level ) + rc = amd_iommu_reserve_domain_unity_map(dom_io, + ivrs_mappings[req_id].unity_map, + 0); + + iommu_identity_map_teardown(dom_io); + hd->arch.root_table = NULL; + + if ( rc ) + printk("%04x:%02x:%02x.%u: quarantine unity mapping failed\n", + pdev->seg, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); + else { - struct page_info *pg; - unsigned int i; - - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - pg = alloc_amd_iommu_pgtable(); - if ( !pg ) - break; - - for ( i = 0; i < PTE_PER_TABLE_SIZE; i++ ) - { - uint32_t *pde = (uint32_t *)&table[i]; + uint64_t *root; + struct page_info *pgs[IOMMU_MAX_PT_LEVELS] = {}; - /* - * PDEs are essentially a subset of PTEs, so this function - * is fine to use even at the leaf. - */ - set_iommu_pde_present(pde, mfn_x(page_to_mfn(pg)), level - 1, - false, true); - } + spin_lock(&hd->arch.mapping_lock); - unmap_domain_page(table); - table = __map_domain_page(pg); - level--; + root = __map_domain_page(pdev->arch.amd.root_table); + rc = fill_qpt(root, level - 1, pgs, pdev); + unmap_domain_page(root); + + pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_domain_page(table); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc ) + amd_iommu_quarantine_teardown(pdev); + + return rc; +} + +void amd_iommu_quarantine_teardown(struct pci_dev *pdev) +{ + struct page_info *pg; + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.amd.root_table ) + return; + + while ( (pg = page_list_remove_head(&pdev->arch.pgtables_list)) ) + free_amd_iommu_pgtable(pg); - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + pdev->arch.amd.root_table = NULL; } /* diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 301a8f1229..567472e48d 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -150,6 +150,8 @@ static int __must_check amd_iommu_setup_domain_device( u8 bus = pdev->bus; struct domain_iommu *hd = dom_iommu(domain); const struct ivrs_mappings *ivrs_dev; + const struct page_info *root_pg; + domid_t domid; BUG_ON(!hd->arch.paging_mode || !iommu->dev_table.buffer); @@ -172,14 +174,25 @@ static int __must_check amd_iommu_setup_domain_device( dte = iommu->dev_table.buffer + (req_id * IOMMU_DEV_TABLE_ENTRY_SIZE); ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; + if ( domain != dom_io ) + { + root_pg = hd->arch.root_table; + domid = domain->domain_id; + } + else + { + root_pg = pdev->arch.amd.root_table; + domid = pdev->arch.pseudo_domid; + } + spin_lock_irqsave(&iommu->lock, flags); if ( !is_translation_valid((u32 *)dte) ) { /* bind DTE to domain page-tables */ rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.paging_mode, sr_flags); if ( rc ) { ASSERT(rc < 0); @@ -193,8 +206,7 @@ static int __must_check amd_iommu_setup_domain_device( amd_iommu_flush_device(iommu, req_id); } - else if ( amd_iommu_get_root_page_table(dte) != - page_to_maddr(hd->arch.root_table) ) + else if ( amd_iommu_get_root_page_table(dte) != page_to_maddr(root_pg) ) { /* * Strictly speaking if the device is the only one with this requestor @@ -207,8 +219,8 @@ static int __must_check amd_iommu_setup_domain_device( rc = -EOPNOTSUPP; else rc = amd_iommu_set_root_page_table( - dte, page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode, sr_flags); + dte, page_to_maddr(root_pg), domid, + hd->arch.paging_mode, sr_flags); if ( rc < 0 ) { spin_unlock_irqrestore(&iommu->lock, flags); @@ -227,6 +239,7 @@ static int __must_check amd_iommu_setup_domain_device( * intended anyway. */ !pdev->domain->is_dying && + pdev->domain != dom_io && (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || pdev->phantom_stride) ) printk(" %04x:%02x:%02x.%u: reassignment may cause %pd data corruption\n", @@ -247,9 +260,8 @@ static int __must_check amd_iommu_setup_domain_device( AMD_IOMMU_DEBUG("Setup I/O page table: device id = %#x, type = %#x, " "root table = %#"PRIx64", " "domain = %d, paging mode = %d\n", - req_id, pdev->type, - page_to_maddr(hd->arch.root_table), - domain->domain_id, hd->arch.paging_mode); + req_id, pdev->type, page_to_maddr(root_pg), + domid, hd->arch.paging_mode); ASSERT(pcidevs_locked()); @@ -296,7 +308,7 @@ int __init amd_iov_detect(void) int amd_iommu_alloc_root(struct domain_iommu *hd) { - if ( unlikely(!hd->arch.root_table) ) + if ( unlikely(!hd->arch.root_table) && hd != dom_iommu(dom_io) ) { hd->arch.root_table = alloc_amd_iommu_pgtable(); if ( !hd->arch.root_table ) @@ -376,7 +388,10 @@ void amd_iommu_disable_domain_device(struct domain *domain, AMD_IOMMU_DEBUG("Disable: device id = %#x, " "domain = %d, paging mode = %d\n", - req_id, domain->domain_id, + req_id, + get_field_from_reg_u32(((uint32_t *)dte)[2], + IOMMU_DEV_TABLE_DOMAIN_ID_MASK, + IOMMU_DEV_TABLE_DOMAIN_ID_SHIFT), dom_iommu(domain)->arch.paging_mode); } spin_unlock_irqrestore(&iommu->lock, flags); @@ -605,6 +620,8 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); + amd_iommu_quarantine_teardown(pdev); + iommu_free_domid(pdev->arch.pseudo_domid, iommu->domid_map); pdev->arch.pseudo_domid = DOMID_INVALID; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index a747bfb946..f8af06c0fd 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -497,19 +497,19 @@ int iommu_iotlb_flush_all(struct domain *d, unsigned int flush_flags) return rc; } -static int __init iommu_quarantine_init(void) +int iommu_quarantine_dev_init(device_t *dev) { const struct domain_iommu *hd = dom_iommu(dom_io); - int rc; - rc = iommu_domain_init(dom_io); - if ( rc ) - return rc; - - if ( !hd->platform_ops->quarantine_init ) + if ( !iommu_quarantine || !hd->platform_ops->quarantine_init ) return 0; - return hd->platform_ops->quarantine_init(dom_io); + return hd->platform_ops->quarantine_init(dev); +} + +static int __init iommu_quarantine_init(void) +{ + return iommu_domain_init(dom_io); } int __init iommu_setup(void) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index f4d9777b52..768b900830 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1512,6 +1512,13 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) msixtbl_init(d); } + if ( pdev->domain != dom_io ) + { + rc = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( rc ) + goto done; + } + pdev->fault.count = 0; if ( (rc = hd->platform_ops->assign_device(d, devfn, pci_to_dev(pdev), flag)) ) @@ -1558,9 +1565,16 @@ int deassign_device(struct domain *d, u16 seg, u8 bus, u8 devfn) return -ENODEV; /* De-assignment from dom_io should de-quarantine the device */ - target = ((pdev->quarantine || iommu_quarantine) && - pdev->domain != dom_io) ? - dom_io : hardware_domain; + if ( (pdev->quarantine || iommu_quarantine) && pdev->domain != dom_io ) + { + ret = iommu_quarantine_dev_init(pci_to_dev(pdev)); + if ( ret ) + return ret; + + target = dom_io; + } + else + target = hardware_domain; while ( pdev->phantom_stride ) { diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index b0918643b3..5ca1d02981 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -43,6 +43,12 @@ #include "vtd.h" #include "../ats.h" +#define DEVICE_DOMID(d, pdev) ((d) != dom_io ? (d)->domain_id \ + : (pdev)->arch.pseudo_domid) +#define DEVICE_PGTABLE(d, pdev) ((d) != dom_io \ + ? dom_iommu(d)->arch.pgd_maddr \ + : (pdev)->arch.vtd.pgd_maddr) + /* Possible unfiltered LAPIC/MSI messages from untrusted sources? */ bool __read_mostly untrusted_msi; @@ -78,13 +84,18 @@ static int get_iommu_did(domid_t domid, const struct iommu *iommu, #define DID_FIELD_WIDTH 16 #define DID_HIGH_OFFSET 8 + +/* + * This function may have "context" passed as NULL, to merely obtain a DID + * for "domid". + */ static int context_set_domain_id(struct context_entry *context, domid_t domid, struct iommu *iommu) { unsigned long nr_dom, i; int found = 0; - ASSERT(spin_is_locked(&iommu->lock)); + ASSERT(pcidevs_locked()); nr_dom = cap_ndoms(iommu->cap); i = find_first_bit(iommu->domid_bitmap, nr_dom); @@ -110,8 +121,13 @@ static int context_set_domain_id(struct context_entry *context, } set_bit(i, iommu->domid_bitmap); - context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); - context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + + if ( context ) + { + context->hi &= ~(((1 << DID_FIELD_WIDTH) - 1) << DID_HIGH_OFFSET); + context->hi |= (i & ((1 << DID_FIELD_WIDTH) - 1)) << DID_HIGH_OFFSET; + } + return 0; } @@ -179,8 +195,12 @@ static void check_cleanup_domid_map(struct domain *d, const struct pci_dev *exclude, struct iommu *iommu) { - bool found = any_pdev_behind_iommu(d, exclude, iommu); + bool found; + if ( d == dom_io ) + return; + + found = any_pdev_behind_iommu(d, exclude, iommu); /* * Hidden devices are associated with DomXEN but usable by the hardware * domain. Hence they need considering here as well. @@ -1443,7 +1463,7 @@ int domain_context_mapping_one( domid = iommu->domid_map[prev_did]; if ( domid < DOMID_FIRST_RESERVED ) prev_dom = rcu_lock_domain_by_id(domid); - else if ( domid == DOMID_IO ) + else if ( pdev ? domid == pdev->arch.pseudo_domid : domid > DOMID_MASK ) prev_dom = rcu_lock_domain(dom_io); if ( !prev_dom ) { @@ -1620,15 +1640,12 @@ int domain_context_mapping_one( { if ( !prev_dom ) domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ - { - hd = dom_iommu(prev_dom); domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, - domain->domain_id, - hd->arch.pgd_maddr, + DEVICE_DOMID(prev_dom, pdev), + DEVICE_PGTABLE(prev_dom, pdev), mode & MAP_WITH_RMRR); - } } if ( prev_dom ) @@ -1645,7 +1662,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, { struct acpi_drhd_unit *drhd; const struct acpi_rmrr_unit *rmrr; - paddr_t pgd_maddr = dom_iommu(domain)->arch.pgd_maddr; + paddr_t pgd_maddr = DEVICE_PGTABLE(domain, pdev); domid_t orig_domid = pdev->arch.pseudo_domid; int ret = 0; unsigned int i, mode = 0; @@ -1668,7 +1685,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, break; } - if ( domain != pdev->domain ) + if ( domain != pdev->domain && pdev->domain != dom_io ) { if ( pdev->domain->is_dying ) mode |= MAP_OWNER_DYING; @@ -1709,8 +1726,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, printk(VTDPREFIX "d%d:PCIe: map %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, + ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, + DEVICE_DOMID(domain, pdev), pgd_maddr, mode); if ( ret > 0 ) ret = 0; @@ -1734,8 +1751,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - pdev, domain->domain_id, pgd_maddr, - mode); + pdev, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret < 0 ) break; prev_present = ret; @@ -1761,8 +1778,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, */ if ( ret >= 0 ) ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); /* * Devices behind PCIe-to-PCI/PCIx bridge may generate different @@ -1777,8 +1794,8 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( !ret && pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE && (secbus != pdev->bus || pdev->devfn != 0) ) ret = domain_context_mapping_one(domain, drhd->iommu, secbus, 0, - NULL, domain->domain_id, pgd_maddr, - mode); + NULL, DEVICE_DOMID(domain, pdev), + pgd_maddr, mode); if ( ret ) { @@ -1914,7 +1931,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1925,7 +1942,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn, - domain->domain_id); + DEVICE_DOMID(domain, pdev)); if ( ret ) break; @@ -1934,18 +1951,12 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( find_upstream_bridge(seg, &tmp_bus, &tmp_devfn, &secbus) < 1 ) break; + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, + DEVICE_DOMID(domain, pdev)); /* PCIe to PCI/PCIx bridge */ - if ( pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - { - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); - if ( !ret ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - domain->domain_id); - } - else /* Legacy PCI bridge */ - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - domain->domain_id); + if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) + ret = domain_context_unmap_one(domain, iommu, secbus, 0, + DEVICE_DOMID(domain, pdev)); break; @@ -1992,6 +2003,25 @@ static void iommu_domain_teardown(struct domain *d) spin_unlock(&hd->arch.mapping_lock); } +static void quarantine_teardown(struct pci_dev *pdev, + const struct acpi_drhd_unit *drhd) +{ + struct page_info *pg; + + ASSERT(pcidevs_locked()); + + if ( !pdev->arch.vtd.pgd_maddr ) + return; + + while ( (pg = page_list_remove_head(&pdev->arch.pgtables_list)) ) + free_domheap_page(pg); + + pdev->arch.vtd.pgd_maddr = 0; + + if ( drhd ) + cleanup_domid_map(pdev->arch.pseudo_domid, drhd->iommu); +} + static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, unsigned int *flush_flags) @@ -2214,6 +2244,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) rmrr->end_address, 0); } + quarantine_teardown(pdev, drhd); + if ( drhd ) { iommu_free_domid(pdev->arch.pseudo_domid, @@ -2852,60 +2884,139 @@ static void vtd_dump_p2m_table(struct domain *d) vtd_dump_p2m_table_level(hd->arch.pgd_maddr, agaw_to_level(hd->arch.agaw), 0, 0); } -static int __init intel_iommu_quarantine_init(struct domain *d) +static int fill_qpt(struct dma_pte *this, unsigned int level, + paddr_t maddrs[6], struct pci_dev *pdev) { - struct domain_iommu *hd = dom_iommu(d); - struct dma_pte *parent; + unsigned int i; + int rc = 0; + + for ( i = 0; !rc && i < PTE_NUM; ++i ) + { + struct dma_pte *pte = &this[i], *next; + + if ( !dma_pte_present(*pte) ) + { + if ( !maddrs[level] ) + { + /* + * The pgtable allocator is fine for the leaf page, as well as + * page table pages, and the resulting allocations are always + * zeroed. + */ + maddrs[level] = alloc_pgtable_maddr(NULL, 1); + if ( !maddrs[level] ) + { + rc = -ENOMEM; + break; + } + + page_list_add(maddr_to_page(maddrs[level]), + &pdev->arch.pgtables_list); + + if ( level ) + { + next = map_vtd_domain_page(maddrs[level]); + rc = fill_qpt(next, level - 1, maddrs, pdev); + unmap_vtd_domain_page(next); + } + } + + dma_set_pte_addr(*pte, maddrs[level]); + dma_set_pte_readable(*pte); + dma_set_pte_writable(*pte); + } + else if ( level && !dma_pte_superpage(*pte) ) + { + page_list_add(maddr_to_page(dma_pte_addr(*pte)), + &pdev->arch.pgtables_list); + next = map_vtd_domain_page(dma_pte_addr(*pte)); + rc = fill_qpt(next, level - 1, maddrs, pdev); + unmap_vtd_domain_page(next); + } + } + + return rc; +} + +static int intel_iommu_quarantine_init(struct pci_dev *pdev) +{ + struct domain_iommu *hd = dom_iommu(dom_io); + paddr_t maddr; unsigned int agaw = width_to_agaw(DEFAULT_DOMAIN_ADDRESS_WIDTH); unsigned int level = agaw_to_level(agaw); + const struct acpi_drhd_unit *drhd; + const struct acpi_rmrr_unit *rmrr; + unsigned int i, bdf; + bool rmrr_found = false; + int rc; - if ( hd->arch.pgd_maddr ) + ASSERT(pcidevs_locked()); + ASSERT(!hd->arch.pgd_maddr); + + if ( pdev->arch.vtd.pgd_maddr ) { - ASSERT_UNREACHABLE(); + clear_domain_page(pdev->arch.leaf_mfn); return 0; } - spin_lock(&hd->arch.mapping_lock); + drhd = acpi_find_matched_drhd_unit(pdev); + if ( !drhd ) + return -ENODEV; - hd->arch.pgd_maddr = alloc_pgtable_maddr(NULL, 1); - if ( !hd->arch.pgd_maddr ) - goto out; + maddr = alloc_pgtable_maddr(NULL, 1); + if ( !maddr ) + return -ENOMEM; - parent = map_vtd_domain_page(hd->arch.pgd_maddr); - while ( level ) - { - uint64_t maddr; - unsigned int offset; + rc = context_set_domain_id(NULL, pdev->arch.pseudo_domid, drhd->iommu); - /* - * The pgtable allocator is fine for the leaf page, as well as - * page table pages, and the resulting allocations are always - * zeroed. - */ - maddr = alloc_pgtable_maddr(NULL, 1); - if ( !maddr ) + /* Transiently install the root into DomIO, for iommu_identity_mapping(). */ + hd->arch.pgd_maddr = maddr; + + for_each_rmrr_device ( rmrr, bdf, i ) + { + if ( rc ) break; - for ( offset = 0; offset < PTE_NUM; offset++ ) + if ( rmrr->segment == pdev->seg && + bdf == PCI_BDF2(pdev->bus, pdev->devfn) ) { - struct dma_pte *pte = &parent[offset]; + rmrr_found = true; - dma_set_pte_addr(*pte, maddr); - dma_set_pte_readable(*pte); + rc = iommu_identity_mapping(dom_io, p2m_access_rw, + rmrr->base_address, rmrr->end_address, + 0); + if ( rc ) + printk(XENLOG_ERR VTDPREFIX + "%04x:%02x:%02x.%u: RMRR quarantine mapping failed\n", + pdev->seg, pdev->bus, + PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn)); } - iommu_sync_cache(parent, PAGE_SIZE); + } - unmap_vtd_domain_page(parent); - parent = map_vtd_domain_page(maddr); - level--; + iommu_identity_map_teardown(dom_io); + hd->arch.pgd_maddr = 0; + pdev->arch.vtd.pgd_maddr = maddr; + + if ( !rc ) + { + struct dma_pte *root; + paddr_t maddrs[6] = {}; + + spin_lock(&hd->arch.mapping_lock); + + root = map_vtd_domain_page(maddr); + rc = fill_qpt(root, level - 1, maddrs, pdev); + unmap_vtd_domain_page(root); + + pdev->arch.leaf_mfn = maddr_to_mfn(maddrs[0]); + + spin_unlock(&hd->arch.mapping_lock); } - unmap_vtd_domain_page(parent); - out: - spin_unlock(&hd->arch.mapping_lock); + if ( rc ) + quarantine_teardown(pdev, drhd); - /* Pages leaked in failure case */ - return level ? -ENOMEM : 0; + return rc; } const struct iommu_ops __initconstrel intel_iommu_ops = { diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index e8346e29b6..4fecb9802c 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -535,7 +535,7 @@ struct iommu { u32 nr_pt_levels; u64 cap; u64 ecap; - spinlock_t lock; /* protect context, domain ids */ + spinlock_t lock; /* protect context */ spinlock_t register_lock; /* protect iommu register handling */ u64 root_maddr; /* root entry machine address */ struct msi_desc msi; diff --git a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h index 35b7d9eb23..453d8047e1 100644 --- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h @@ -51,7 +51,8 @@ void get_iommu_features(struct amd_iommu *iommu); int amd_iommu_init(void); int amd_iommu_update_ivrs_mapping_acpi(void); -int amd_iommu_quarantine_init(struct domain *d); +int amd_iommu_quarantine_init(struct pci_dev *pdev); +void amd_iommu_quarantine_teardown(struct pci_dev *pdev); /* mapping functions */ int __must_check amd_iommu_map_page(struct domain *d, dfn_t dfn, diff --git a/xen/include/asm-x86/pci.h b/xen/include/asm-x86/pci.h index 70ed48e309..0c79acb1ed 100644 --- a/xen/include/asm-x86/pci.h +++ b/xen/include/asm-x86/pci.h @@ -1,6 +1,8 @@ #ifndef __X86_PCI_H__ #define __X86_PCI_H__ +#include + #define CF8_BDF(cf8) ( ((cf8) & 0x00ffff00) >> 8) #define CF8_ADDR_LO(cf8) ( (cf8) & 0x000000fc) #define CF8_ADDR_HI(cf8) ( ((cf8) & 0x0f000000) >> 16) @@ -20,7 +22,18 @@ struct arch_pci_dev { * them don't race (de)initialization and hence don't strictly need any * locking. */ + union { + /* Subset of struct arch_iommu's fields, to be used in dom_io. */ + struct { + uint64_t pgd_maddr; + } vtd; + struct { + struct page_info *root_table; + } amd; + }; domid_t pseudo_domid; + mfn_t leaf_mfn; + struct page_list_head pgtables_list; }; int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 262679485d..e2b6ca4e1f 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -189,7 +189,7 @@ typedef int iommu_grdm_t(xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt); struct iommu_ops { int (*init)(struct domain *d); void (*hwdom_init)(struct domain *d); - int (*quarantine_init)(struct domain *d); + int (*quarantine_init)(device_t *dev); int (*add_device)(u8 devfn, device_t *dev); int (*enable_device)(device_t *dev); int (*remove_device)(u8 devfn, device_t *dev); @@ -277,6 +277,7 @@ int __must_check iommu_suspend(void); void iommu_resume(void); void iommu_crash_shutdown(void); int iommu_get_reserved_device_memory(iommu_grdm_t *, void *); +int iommu_quarantine_dev_init(device_t *dev); void iommu_share_p2m_table(struct domain *d); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 08:33:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 08:33:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301198.513970 (Exim 4.92) (envelope-from ) id 1nck3H-0007Tm-6H; Fri, 08 Apr 2022 08:33:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301198.513970; Fri, 08 Apr 2022 08:33:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nck3H-0007Tf-39; Fri, 08 Apr 2022 08:33:07 +0000 Received: by outflank-mailman (input) for mailman id 301198; Fri, 08 Apr 2022 08:33:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nck3F-0007TZ-Ab for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 08:33:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nck3F-00060F-7w for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 08:33:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nck3F-0000dh-6u for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 08:33:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nz14V3+U9VMGHd0g9e9mMNrWifejtZEfZBbf1diZ2Co=; b=h+d9ca7L95q34Fl4nOofo+1KTn SiXO1wZUuY9tsGQV2Mh8byxFsTglPbn+OTxgl1TGJaKvpJ1ck6YRmCJ9awB58G1uvygPHs10+m8Ex mlyQS2vBKVk8cQTQ+e0E+Qb0jI/qJXt1kSmxpJAzfNgaIuuh28tbvm1FOYKptEzCkmww=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] livepatch: do not ignore sections with 0 size Message-Id: Date: Fri, 08 Apr 2022 08:33:05 +0000 commit 0dc1f929e8fed681dec09ca3ea8de38202d5bf30 Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 10:24:10 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 10:24:10 2022 +0200 livepatch: do not ignore sections with 0 size A side effect of ignoring such sections is that symbols belonging to them won't be resolved, and that could make relocations belonging to other sections that reference those symbols fail. For example it's likely to have an empty .altinstr_replacement with symbols pointing to it, and marking the section as ignored will prevent the symbols from being resolved, which in turn will cause any relocations against them to fail. In order to solve this do not ignore sections with 0 size, only ignore sections that don't have the SHF_ALLOC flag set. Special case such empty sections in move_payload so they are not taken into account in order to decide whether a livepatch can be safely re-applied after a revert. Fixes: 98b728a7b2 ('livepatch: Disallow applying after an revert') Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Ross Lagerwall --- xen/common/livepatch.c | 16 +++++++++++----- xen/include/xen/livepatch_elf.h | 2 +- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index edf56a357f..d385f882c6 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -300,9 +300,6 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) * and .shstrtab. For the non-relocate we allocate and copy these * via other means - and the .rel we can ignore as we only use it * once during loading. - * - * Also ignore sections with zero size. Those can be for example: - * data, or .bss. */ if ( livepatch_elf_ignore_section(elf->sec[i].sec) ) offset[i] = UINT_MAX; @@ -361,8 +358,17 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) else if ( elf->sec[i].sec->sh_flags & SHF_WRITE ) { buf = rw_buf; - rw_buf_sec = i; - rw_buf_cnt++; + if ( elf->sec[i].sec->sh_size ) + { + /* + * Special handling of RW empty regions: do not account for + * them in order to decide whether a patch can safely be + * re-applied, but assign them a load address so symbol + * resolution and relocations work. + */ + rw_buf_sec = i; + rw_buf_cnt++; + } } else buf = ro_buf; diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 9ad499ee8b..5b1ec469da 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -48,7 +48,7 @@ int livepatch_elf_perform_relocs(struct livepatch_elf *elf); static inline bool livepatch_elf_ignore_section(const Elf_Shdr *sec) { - return !(sec->sh_flags & SHF_ALLOC) || sec->sh_size == 0; + return !(sec->sh_flags & SHF_ALLOC); } #endif /* __XEN_LIVEPATCH_ELF_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 08:33:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 08:33:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301199.513974 (Exim 4.92) (envelope-from ) id 1nck3R-0007Vp-84; Fri, 08 Apr 2022 08:33:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301199.513974; Fri, 08 Apr 2022 08:33:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nck3R-0007Vf-4r; Fri, 08 Apr 2022 08:33:17 +0000 Received: by outflank-mailman (input) for mailman id 301199; Fri, 08 Apr 2022 08:33:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nck3P-0007VT-CU for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 08:33:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nck3P-00060K-Bb for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 08:33:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nck3P-0000eg-AZ for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 08:33:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lTeo9ETj3NASN6gxad7qfraCpiBnWrT+GSFrTzv5wnw=; b=NRBxh8Mehkeg5BtiCsDhBabfLY MtzzuCaj/rTHjKTV6ARc0ZllovYtqZcUe9SAo636TrzhFnF+/B5PcXSxoVthYGE7tBRBMBi47Co4H F0YoEKZtSMra+SnW3D4egPqR3wmhRGcmkoVdZoXBIdqAzXhGB/NaH0HMvqF1kJmrHwTg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] livepatch: avoid relocations referencing ignored section symbols Message-Id: Date: Fri, 08 Apr 2022 08:33:15 +0000 commit 9120b5737f517fe9d2a3936c38d3a2211630323b Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 10:27:11 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 10:27:11 2022 +0200 livepatch: avoid relocations referencing ignored section symbols Track whether symbols belong to ignored sections in order to avoid applying relocations referencing those symbols. The address of such symbols won't be resolved and thus the relocation will likely fail or write garbage to the destination. Return an error in that case, as leaving unresolved relocations would lead to malfunctioning payload code. Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Jan Beulich Reviewed-by: Ross Lagerwall --- xen/arch/arm/arm32/livepatch.c | 7 +++++++ xen/arch/arm/arm64/livepatch.c | 7 +++++++ xen/arch/x86/livepatch.c | 7 +++++++ xen/common/livepatch_elf.c | 6 ++++++ xen/include/xen/livepatch_elf.h | 1 + 5 files changed, 28 insertions(+) diff --git a/xen/arch/arm/arm32/livepatch.c b/xen/arch/arm/arm32/livepatch.c index 5a06467008..3c50283b2a 100644 --- a/xen/arch/arm/arm32/livepatch.c +++ b/xen/arch/arm/arm32/livepatch.c @@ -272,6 +272,13 @@ int arch_livepatch_perform(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value; /* S */ diff --git a/xen/arch/arm/arm64/livepatch.c b/xen/arch/arm/arm64/livepatch.c index 6ec8dc60f0..62d2ef373a 100644 --- a/xen/arch/arm/arm64/livepatch.c +++ b/xen/arch/arm/arm64/livepatch.c @@ -270,6 +270,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value + r->r_addend; /* S+A */ diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index 78c35f1fef..f2d783fdc5 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -291,6 +291,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = r->r_addend + elf->sym[symndx].sym->st_value; diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c index b089cacb1c..45d73912a3 100644 --- a/xen/common/livepatch_elf.c +++ b/xen/common/livepatch_elf.c @@ -334,7 +334,13 @@ int livepatch_elf_resolve_symbols(struct livepatch_elf *elf) } if ( livepatch_elf_ignore_section(elf->sec[idx].sec) ) + { + dprintk(XENLOG_DEBUG, LIVEPATCH + "%s: Symbol %s from section %s ignored\n", + elf->name, elf->sym[i].name, elf->sec[idx].name); + elf->sym[i].ignored = true; break; + } st_value += (unsigned long)elf->sec[idx].load_addr; if ( elf->sym[i].name ) diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 5b1ec469da..7116deaddc 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -22,6 +22,7 @@ struct livepatch_elf_sec { struct livepatch_elf_sym { const Elf_Sym *sym; const char *name; + bool ignored; }; struct livepatch_elf { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 09:55:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 09:55:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301285.514143 (Exim 4.92) (envelope-from ) id 1nclKa-00006X-0x; Fri, 08 Apr 2022 09:55:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301285.514143; Fri, 08 Apr 2022 09:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclKZ-00006P-UK; Fri, 08 Apr 2022 09:55:03 +0000 Received: by outflank-mailman (input) for mailman id 301285; Fri, 08 Apr 2022 09:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclKY-000067-9V for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclKY-0007Qq-69 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nclKY-00062m-4y for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=T23k0nWRh/B39xHmUu95NUN99KrAWeljlM9FNBP1LHI=; b=mzVtG0DVXUT47ohLTzYSI/xD/9 KDXHCi6/EKasqtXRiVvUgkMH53ZMS+Z24bL+xrQdGaAQwqzWFVWs3bRwTyJsqKNWapGl+oHKzMRZw B+AiE4J9iBKomlbiAUqFDPPYhcshqfqdM2aukCMTPxaLlVSf1NRbeiHRFhgr0jX2AcHE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/P2M: rename p2m_remove_page() Message-Id: Date: Fri, 08 Apr 2022 09:55:02 +0000 commit 0cd09bf30514f20d15956aa22dda370a4cf59b2e Author: Jan Beulich AuthorDate: Thu Apr 7 08:28:38 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:28:38 2022 +0200 x86/P2M: rename p2m_remove_page() This is in preparation to re-using the original name. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/mm/p2m.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 444761d31b..76ac72de86 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -788,8 +788,8 @@ void p2m_final_teardown(struct domain *d) #ifdef CONFIG_HVM static int __must_check -p2m_remove_page(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, - unsigned int page_order) +p2m_remove_entry(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, + unsigned int page_order) { unsigned long i; p2m_type_t t; @@ -861,7 +861,7 @@ guest_physmap_remove_page(struct domain *d, gfn_t gfn, return 0; gfn_lock(p2m, gfn, page_order); - rc = p2m_remove_page(p2m, gfn, mfn, page_order); + rc = p2m_remove_entry(p2m, gfn, mfn, page_order); gfn_unlock(p2m, gfn, page_order); return rc; @@ -1034,7 +1034,7 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, P2M_DEBUG("old gfn=%#lx -> mfn %#lx\n", gfn_x(ogfn) , mfn_x(omfn)); if ( mfn_eq(omfn, mfn_add(mfn, i)) && - (rc = p2m_remove_page(p2m, ogfn, omfn, 0)) ) + (rc = p2m_remove_entry(p2m, ogfn, omfn, 0)) ) goto out; } } @@ -2444,7 +2444,7 @@ int p2m_change_altp2m_gfn(struct domain *d, unsigned int idx, { mfn = ap2m->get_entry(ap2m, old_gfn, &t, &a, 0, NULL, NULL); rc = mfn_valid(mfn) - ? p2m_remove_page(ap2m, old_gfn, mfn, PAGE_ORDER_4K) + ? p2m_remove_entry(ap2m, old_gfn, mfn, PAGE_ORDER_4K) : 0; goto out; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 09:55:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 09:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301287.514147 (Exim 4.92) (envelope-from ) id 1nclKj-00009A-2j; Fri, 08 Apr 2022 09:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301287.514147; Fri, 08 Apr 2022 09:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclKi-000092-W1; Fri, 08 Apr 2022 09:55:12 +0000 Received: by outflank-mailman (input) for mailman id 301287; Fri, 08 Apr 2022 09:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclKi-00008q-AO for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclKi-0007R1-9S for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nclKi-00063W-8d for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+BchzrUli8lFel5JvXC8hFuhrTFaGnxuD3NMiQrumUk=; b=ODUzgX45nJff8QNuWEOd3cHhvc 5H8VnYfbDMkQY6OQ3rd3tcZKYEfO4ZX9KJjzXRoCQUBpKU6nkbOUJ3/JHl1SiWVaQHK/49swhkzbs sV8voXwwxM0WstvbdiQFrRlTDwGivG7RTvHTKi444DJf3/D+Lyz8jcupfdt0AZ8yUMVI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/P2M: introduce p2m_{add,remove}_page() Message-Id: Date: Fri, 08 Apr 2022 09:55:12 +0000 commit fa4b4fa61debfde019e3e145e39706c4652d1c32 Author: Jan Beulich AuthorDate: Thu Apr 7 08:29:33 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:29:33 2022 +0200 x86/P2M: introduce p2m_{add,remove}_page() Rename guest_physmap_add_entry() to p2m_add_page(); make guest_physmap_remove_page() a trivial wrapper around p2m_remove_page(). This way callers can use suitable pairs of functions (previously violated by hvm/grant_table.c). In HVM-specific code further avoid going through the guest_physmap_*() layer, and instead use the two new/renamed functions directly. Ultimately the goal is to have guest_physmap_...() functions cover all types of guests, but p2m_...() dealing only with translated ones. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: George Dunlap --- xen/arch/x86/hvm/dom0_build.c | 3 +-- xen/arch/x86/hvm/grant_table.c | 7 +++---- xen/arch/x86/hvm/ioreq.c | 6 ++---- xen/arch/x86/include/asm/p2m.h | 9 +++++---- xen/arch/x86/mm/p2m.c | 37 +++++++++++++++++++++++++------------ 5 files changed, 36 insertions(+), 26 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index 25fb05a389..1864d048a1 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -173,8 +173,7 @@ static int __init pvh_populate_memory_range(struct domain *d, continue; } - rc = guest_physmap_add_page(d, _gfn(start), page_to_mfn(page), - order); + rc = p2m_add_page(d, _gfn(start), page_to_mfn(page), order, p2m_ram_rw); if ( rc != 0 ) { printk("Failed to populate memory: [%#lx,%#lx): %d\n", diff --git a/xen/arch/x86/hvm/grant_table.c b/xen/arch/x86/hvm/grant_table.c index f18582f5a6..b7a896ea58 100644 --- a/xen/arch/x86/hvm/grant_table.c +++ b/xen/arch/x86/hvm/grant_table.c @@ -39,9 +39,8 @@ int create_grant_p2m_mapping(uint64_t addr, mfn_t frame, p2mt = p2m_grant_map_ro; else p2mt = p2m_grant_map_rw; - rc = guest_physmap_add_entry(current->domain, - _gfn(addr >> PAGE_SHIFT), - frame, PAGE_ORDER_4K, p2mt); + rc = p2m_add_page(current->domain, _gfn(addr >> PAGE_SHIFT), + frame, PAGE_ORDER_4K, p2mt); if ( rc ) return GNTST_general_error; else @@ -68,7 +67,7 @@ int replace_grant_p2m_mapping(uint64_t addr, mfn_t frame, type, mfn_x(old_mfn), mfn_x(frame)); return GNTST_general_error; } - if ( guest_physmap_remove_page(d, _gfn(gfn), frame, PAGE_ORDER_4K) ) + if ( p2m_remove_page(d, _gfn(gfn), frame, PAGE_ORDER_4K) ) { put_gfn(d, gfn); return GNTST_general_error; diff --git a/xen/arch/x86/hvm/ioreq.c b/xen/arch/x86/hvm/ioreq.c index 8409d910d6..0bdcca1e1a 100644 --- a/xen/arch/x86/hvm/ioreq.c +++ b/xen/arch/x86/hvm/ioreq.c @@ -188,8 +188,7 @@ static void hvm_remove_ioreq_gfn(struct ioreq_server *s, bool buf) if ( gfn_eq(iorp->gfn, INVALID_GFN) ) return; - if ( guest_physmap_remove_page(d, iorp->gfn, - page_to_mfn(iorp->page), 0) ) + if ( p2m_remove_page(d, iorp->gfn, page_to_mfn(iorp->page), 0) ) domain_crash(d); clear_page(iorp->va); } @@ -205,8 +204,7 @@ static int hvm_add_ioreq_gfn(struct ioreq_server *s, bool buf) clear_page(iorp->va); - rc = guest_physmap_add_page(d, iorp->gfn, - page_to_mfn(iorp->page), 0); + rc = p2m_add_page(d, iorp->gfn, page_to_mfn(iorp->page), 0, p2m_ram_rw); if ( rc == 0 ) paging_mark_pfn_dirty(d, _pfn(gfn_x(iorp->gfn))); diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 7873744263..84d19e871e 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -577,10 +577,11 @@ int p2m_alloc_table(struct p2m_domain *p2m); void p2m_teardown(struct p2m_domain *p2m); void p2m_final_teardown(struct domain *d); -/* Add a page to a domain's p2m table */ -int guest_physmap_add_entry(struct domain *d, gfn_t gfn, - mfn_t mfn, unsigned int page_order, - p2m_type_t t); +/* Add/remove a page to/from a domain's p2m table. */ +int p2m_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, + unsigned int page_order, p2m_type_t t); +int p2m_remove_page(struct domain *d, gfn_t gfn, mfn_t mfn, + unsigned int page_order); /* Untyped version for RAM only, for compatibility and PV. */ int __must_check guest_physmap_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 76ac72de86..056a622c95 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -850,15 +850,17 @@ p2m_remove_entry(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, } int -guest_physmap_remove_page(struct domain *d, gfn_t gfn, - mfn_t mfn, unsigned int page_order) +p2m_remove_page(struct domain *d, gfn_t gfn, mfn_t mfn, + unsigned int page_order) { struct p2m_domain *p2m = p2m_get_hostp2m(d); int rc; - /* IOMMU for PV guests is handled in get_page_type() and put_page(). */ if ( !paging_mode_translate(d) ) - return 0; + { + ASSERT_UNREACHABLE(); + return -EPERM; + } gfn_lock(p2m, gfn, page_order); rc = p2m_remove_entry(p2m, gfn, mfn, page_order); @@ -867,6 +869,17 @@ guest_physmap_remove_page(struct domain *d, gfn_t gfn, return rc; } +int +guest_physmap_remove_page(struct domain *d, gfn_t gfn, + mfn_t mfn, unsigned int page_order) +{ + /* IOMMU for PV guests is handled in get_page_type() and put_page(). */ + if ( !paging_mode_translate(d) ) + return 0; + + return p2m_remove_page(d, gfn, mfn, page_order); +} + #endif /* CONFIG_HVM */ int @@ -905,14 +918,14 @@ guest_physmap_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, return 0; } - return guest_physmap_add_entry(d, gfn, mfn, page_order, p2m_ram_rw); + return p2m_add_page(d, gfn, mfn, page_order, p2m_ram_rw); } #ifdef CONFIG_HVM int -guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn, - unsigned int page_order, p2m_type_t t) +p2m_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, + unsigned int page_order, p2m_type_t t) { struct p2m_domain *p2m = p2m_get_hostp2m(d); unsigned long i; @@ -2724,7 +2737,7 @@ static int p2m_add_foreign(struct domain *tdom, unsigned long fgfn, { if ( is_special_page(mfn_to_page(prev_mfn)) ) /* Special pages are simply unhooked from this phys slot */ - rc = guest_physmap_remove_page(tdom, _gfn(gpfn), prev_mfn, 0); + rc = p2m_remove_page(tdom, _gfn(gpfn), prev_mfn, 0); else /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(tdom, gpfn); @@ -2732,7 +2745,7 @@ static int p2m_add_foreign(struct domain *tdom, unsigned long fgfn, goto put_both; } /* - * Create the new mapping. Can't use guest_physmap_add_page() because it + * Create the new mapping. Can't use p2m_add_page() because it * will update the m2p table which will result in mfn -> gpfn of dom0 * and not fgfn of domU. */ @@ -2846,7 +2859,7 @@ int xenmem_add_to_physmap_one( { if ( is_special_page(mfn_to_page(prev_mfn)) ) /* Special pages are simply unhooked from this phys slot. */ - rc = guest_physmap_remove_page(d, gpfn, prev_mfn, PAGE_ORDER_4K); + rc = p2m_remove_page(d, gpfn, prev_mfn, PAGE_ORDER_4K); else if ( !mfn_eq(mfn, prev_mfn) ) /* Normal domain memory is freed, to avoid leaking memory. */ rc = guest_remove_page(d, gfn_x(gpfn)); @@ -2854,11 +2867,11 @@ int xenmem_add_to_physmap_one( /* Unmap from old location, if any. */ if ( !rc && old_gpfn != INVALID_M2P_ENTRY && !gfn_eq(_gfn(old_gpfn), gpfn) ) - rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); + rc = p2m_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ if ( !rc ) - rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); + rc = p2m_add_page(d, gpfn, mfn, PAGE_ORDER_4K, p2m_ram_rw); put_all: put_gfn(d, gfn_x(gpfn)); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 09:55:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 09:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301289.514151 (Exim 4.92) (envelope-from ) id 1nclKt-0000Cq-4W; Fri, 08 Apr 2022 09:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301289.514151; Fri, 08 Apr 2022 09:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclKt-0000Ci-1I; Fri, 08 Apr 2022 09:55:23 +0000 Received: by outflank-mailman (input) for mailman id 301289; Fri, 08 Apr 2022 09:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclKs-0000CY-Dd for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclKs-0007RG-Cg for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nclKs-00063x-Bo for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IPKU+3OXDepnAqBwdY+f1jTvbM6QLoyLFKs7xuPy318=; b=mnvWjZvtzooYE7m2y/7/sGKmnc yleIIp0Hg+67ReJWwfqTCjyJO1PxqYD2avGAcQFwjg1hSpr8lJyG5rjkCMJUvWkcM1lUQsGjxxcMW Nx0QK4Ahe92UiWNVci8IXliO0XzPs4LhGI+YM2eSrSN+HNUqY8QFyNCutz25kqTtRl6U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/mm: move guest_physmap_{add,remove}_page() Message-Id: Date: Fri, 08 Apr 2022 09:55:22 +0000 commit 0e58a6ceb6ef4e0c47acd3c7e48bb904c4d1a0a8 Author: Jan Beulich AuthorDate: Thu Apr 7 08:30:36 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:30:36 2022 +0200 x86/mm: move guest_physmap_{add,remove}_page() ... to a new file, separating the functions from their HVM-specific backing ones, themselves only dealing with the non-translated case. To avoid having a new CONFIG_HVM conditional in there, do away with the inline placeholder. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/mm/Makefile | 1 + xen/arch/x86/mm/p2m.c | 54 ---------------------------- xen/arch/x86/mm/physmap.c | 85 ++++++++++++++++++++++++++++++++++++++++++++ xen/include/xen/p2m-common.h | 9 ----- 4 files changed, 86 insertions(+), 63 deletions(-) diff --git a/xen/arch/x86/mm/Makefile b/xen/arch/x86/mm/Makefile index 6b7882d992..a47ef5fd9f 100644 --- a/xen/arch/x86/mm/Makefile +++ b/xen/arch/x86/mm/Makefile @@ -10,3 +10,4 @@ obj-$(CONFIG_MEM_SHARING) += mem_sharing.o obj-y += p2m.o obj-$(CONFIG_HVM) += p2m-ept.o p2m-pod.o p2m-pt.o obj-y += paging.o +obj-y += physmap.o diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 056a622c95..a01e42ee61 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -869,60 +869,6 @@ p2m_remove_page(struct domain *d, gfn_t gfn, mfn_t mfn, return rc; } -int -guest_physmap_remove_page(struct domain *d, gfn_t gfn, - mfn_t mfn, unsigned int page_order) -{ - /* IOMMU for PV guests is handled in get_page_type() and put_page(). */ - if ( !paging_mode_translate(d) ) - return 0; - - return p2m_remove_page(d, gfn, mfn, page_order); -} - -#endif /* CONFIG_HVM */ - -int -guest_physmap_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, - unsigned int page_order) -{ - /* IOMMU for PV guests is handled in get_page_type() and put_page(). */ - if ( !paging_mode_translate(d) ) - { - struct page_info *page = mfn_to_page(mfn); - unsigned long i; - - /* - * Our interface for PV guests wrt IOMMU entries hasn't been very - * clear; but historically, pages have started out with IOMMU mappings, - * and only lose them when changed to a different page type. - * - * Retain this property by grabbing a writable type ref and then - * dropping it immediately. The result will be pages that have a - * writable type (and an IOMMU entry), but a count of 0 (such that - * any guest-requested type changes succeed and remove the IOMMU - * entry). - */ - for ( i = 0; i < (1UL << page_order); ++i, ++page ) - { - if ( !need_iommu_pt_sync(d) ) - /* nothing */; - else if ( get_page_and_type(page, d, PGT_writable_page) ) - put_page_and_type(page); - else - return -EINVAL; - - set_gpfn_from_mfn(mfn_x(mfn) + i, gfn_x(gfn) + i); - } - - return 0; - } - - return p2m_add_page(d, gfn, mfn, page_order, p2m_ram_rw); -} - -#ifdef CONFIG_HVM - int p2m_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, unsigned int page_order, p2m_type_t t) diff --git a/xen/arch/x86/mm/physmap.c b/xen/arch/x86/mm/physmap.c new file mode 100644 index 0000000000..ea82a07283 --- /dev/null +++ b/xen/arch/x86/mm/physmap.c @@ -0,0 +1,85 @@ +/****************************************************************************** + * arch/x86/mm/physmap.c + * + * Parts of this code are Copyright (c) 2009 by Citrix Systems, Inc. (Patrick Colp) + * Parts of this code are Copyright (c) 2007 by Advanced Micro Devices. + * Parts of this code are Copyright (c) 2006-2007 by XenSource Inc. + * Parts of this code are Copyright (c) 2006 by Michael A Fetterman + * Parts based on earlier work by Michael A Fetterman, Ian Pratt et al. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + */ + +#include + +#include "mm-locks.h" + +int +guest_physmap_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, + unsigned int page_order) +{ + /* IOMMU for PV guests is handled in get_page_type() and put_page(). */ + if ( !paging_mode_translate(d) ) + { + struct page_info *page = mfn_to_page(mfn); + unsigned long i; + + /* + * Our interface for PV guests wrt IOMMU entries hasn't been very + * clear; but historically, pages have started out with IOMMU mappings, + * and only lose them when changed to a different page type. + * + * Retain this property by grabbing a writable type ref and then + * dropping it immediately. The result will be pages that have a + * writable type (and an IOMMU entry), but a count of 0 (such that + * any guest-requested type changes succeed and remove the IOMMU + * entry). + */ + for ( i = 0; i < (1UL << page_order); ++i, ++page ) + { + if ( !need_iommu_pt_sync(d) ) + /* nothing */; + else if ( get_page_and_type(page, d, PGT_writable_page) ) + put_page_and_type(page); + else + return -EINVAL; + + set_gpfn_from_mfn(mfn_x(mfn) + i, gfn_x(gfn) + i); + } + + return 0; + } + + return p2m_add_page(d, gfn, mfn, page_order, p2m_ram_rw); +} + +int +guest_physmap_remove_page(struct domain *d, gfn_t gfn, + mfn_t mfn, unsigned int page_order) +{ + /* IOMMU for PV guests is handled in get_page_type() and put_page(). */ + if ( !paging_mode_translate(d) ) + return 0; + + return p2m_remove_page(d, gfn, mfn, page_order); +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/include/xen/p2m-common.h b/xen/include/xen/p2m-common.h index 80bac95057..a322e738ef 100644 --- a/xen/include/xen/p2m-common.h +++ b/xen/include/xen/p2m-common.h @@ -8,18 +8,9 @@ int set_foreign_p2m_entry(struct domain *d, const struct domain *fd, unsigned long gfn, mfn_t mfn); /* Remove a page from a domain's p2m table */ -#ifdef CONFIG_HVM int __must_check guest_physmap_remove_page(struct domain *d, gfn_t gfn, mfn_t mfn, unsigned int page_order); -#else -static inline int -guest_physmap_remove_page(struct domain *d, gfn_t gfn, mfn_t mfn, - unsigned int page_order) -{ - return 0; -} -#endif /* Map MMIO regions in the p2m: start_gfn and nr describe the range in * * the guest physical address space to map, starting from the machine -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 09:55:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 09:55:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301290.514155 (Exim 4.92) (envelope-from ) id 1nclL3-0000Gw-7S; Fri, 08 Apr 2022 09:55:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301290.514155; Fri, 08 Apr 2022 09:55:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclL3-0000Go-4a; Fri, 08 Apr 2022 09:55:33 +0000 Received: by outflank-mailman (input) for mailman id 301290; Fri, 08 Apr 2022 09:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclL2-0000Gf-Gq for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclL2-0007RR-Fv for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nclL2-00064T-F5 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aWRvmZr7VuErp0g05ylqzBflwMqV9iCzZfG4Eza/xSQ=; b=0o9+SWMMxtaFQRCozlR7wCc3HH uw9V1f+1MbdlzsnDiEGaVwbMx8HTJ8oG7ox3NT+2+WM/9rjKIYpikjNczd7xmOk6ggjpLfPYeaiLo rgfpF21NeIHnFkpDt1QQgyyjKi7QSp2bHasn3ejKx6Zh/HtSFA4s2aqNXST+521tVhdc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/EFI: retrieve EDID Message-Id: Date: Fri, 08 Apr 2022 09:55:32 +0000 commit 3d486def5085cfa3a938ba3b066a2515fb1a401a Author: Jan Beulich AuthorDate: Thu Apr 7 08:33:09 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:33:09 2022 +0200 x86/EFI: retrieve EDID When booting directly from EFI, obtaining this information from EFI is the only possible way. And even when booting with a boot loader interposed, it's more clean not to use legacy BIOS calls for this purpose. (The downside being that there are no "capabilities" that we can retrieve the EFI way.) To achieve this we need to propagate the handle used to obtain the EFI_GRAPHICS_OUTPUT_PROTOCOL instance for further obtaining an EFI_EDID_*_PROTOCOL instance, which has been part of the spec since 2.5. Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu # Arm, common Acked-by: Roger Pau MonnĂ© Acked-by: Bertrand Marquis #arm --- xen/arch/arm/efi/efi-boot.h | 4 ++++ xen/arch/x86/boot/video.S | 9 ++++++- xen/arch/x86/efi/efi-boot.h | 58 ++++++++++++++++++++++++++++++++++++++++++++- xen/common/efi/boot.c | 15 ++++++++---- xen/include/efi/efiprot.h | 47 ++++++++++++++++++++++++++++++++++++ 5 files changed, 127 insertions(+), 6 deletions(-) diff --git a/xen/arch/arm/efi/efi-boot.h b/xen/arch/arm/efi/efi-boot.h index ae8627134e..e452b687d8 100644 --- a/xen/arch/arm/efi/efi-boot.h +++ b/xen/arch/arm/efi/efi-boot.h @@ -464,6 +464,10 @@ static void __init efi_arch_edd(void) { } +static void __init efi_arch_edid(EFI_HANDLE gop_handle) +{ +} + static void __init efi_arch_memory_setup(void) { } diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S index 0efbe8d3b3..22bc3732a0 100644 --- a/xen/arch/x86/boot/video.S +++ b/xen/arch/x86/boot/video.S @@ -890,7 +890,14 @@ store_edid: pushw %dx pushw %di - cmpb $1, bootsym(opt_edid) # EDID disabled on cmdline (edid=no)? + movb bootsym(opt_edid), %al + cmpw $0x1313, bootsym(boot_edid_caps) # Data already retrieved? + je .Lcheck_edid + cmpb $2, %al # EDID forced on cmdline (edid=force)? + jne .Lno_edid + +.Lcheck_edid: + cmpb $1, %al # EDID disabled on cmdline (edid=no)? je .Lno_edid leaw vesa_glob_info, %di diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index d91eb5a537..6e65b569b0 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -568,6 +568,57 @@ static void __init efi_arch_video_init(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, #endif } +#ifdef CONFIG_VIDEO +static bool __init copy_edid(const void *buf, unsigned int size) +{ + /* + * Be conservative - for both undersized and oversized blobs it is unclear + * what to actually do with them. The more that unlike the VESA BIOS + * interface we also have no associated "capabilities" value (which might + * carry a hint as to possible interpretation). + */ + if ( size != ARRAY_SIZE(boot_edid_info) ) + return false; + + memcpy(boot_edid_info, buf, size); + boot_edid_caps = 0; + + return true; +} +#endif + +static void __init efi_arch_edid(EFI_HANDLE gop_handle) +{ +#ifdef CONFIG_VIDEO + static EFI_GUID __initdata active_guid = EFI_EDID_ACTIVE_PROTOCOL_GUID; + static EFI_GUID __initdata discovered_guid = EFI_EDID_DISCOVERED_PROTOCOL_GUID; + EFI_EDID_ACTIVE_PROTOCOL *active_edid; + EFI_EDID_DISCOVERED_PROTOCOL *discovered_edid; + EFI_STATUS status; + + status = efi_bs->OpenProtocol(gop_handle, &active_guid, + (void **)&active_edid, efi_ih, NULL, + EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if ( status == EFI_SUCCESS && + copy_edid(active_edid->Edid, active_edid->SizeOfEdid) ) + return; + + /* + * In case an override is in place which doesn't fit copy_edid(), also try + * obtaining the discovered EDID in the hope that it's better than nothing. + * + * Note that attempting to use the information in + * EFI_EDID_DISCOVERED_PROTOCOL when there's an override provided by + * EFI_EDID_ACTIVE_PROTOCOL might lead to issues. + */ + status = efi_bs->OpenProtocol(gop_handle, &discovered_guid, + (void **)&discovered_edid, efi_ih, NULL, + EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if ( status == EFI_SUCCESS ) + copy_edid(discovered_edid->Edid, discovered_edid->SizeOfEdid); +#endif +} + static void __init efi_arch_memory_setup(void) { unsigned int i; @@ -729,6 +780,7 @@ static void __init efi_arch_flush_dcache_area(const void *vaddr, UINTN size) { } void __init efi_multiboot2(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) { EFI_GRAPHICS_OUTPUT_PROTOCOL *gop; + EFI_HANDLE gop_handle; UINTN cols, gop_mode = ~0, rows; __set_bit(EFI_BOOT, &efi_flags); @@ -742,11 +794,15 @@ void __init efi_multiboot2(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable &cols, &rows) == EFI_SUCCESS ) efi_arch_console_init(cols, rows); - gop = efi_get_gop(); + gop = efi_get_gop(&gop_handle); if ( gop ) + { gop_mode = efi_find_gop_mode(gop, 0, 0, 0); + efi_arch_edid(gop_handle); + } + efi_arch_edd(); efi_arch_cpu(); diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index 4dd5ea6a06..f827a72e93 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -118,7 +118,7 @@ static bool read_section(const EFI_LOADED_IMAGE *image, const CHAR16 *name, static void efi_init(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable); static void efi_console_set_mode(void); -static EFI_GRAPHICS_OUTPUT_PROTOCOL *efi_get_gop(void); +static EFI_GRAPHICS_OUTPUT_PROTOCOL *efi_get_gop(EFI_HANDLE *gop_handle); static UINTN efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, UINTN cols, UINTN rows, UINTN depth); static void efi_tables(void); @@ -758,7 +758,7 @@ static void __init efi_console_set_mode(void) StdOut->SetMode(StdOut, best); } -static EFI_GRAPHICS_OUTPUT_PROTOCOL __init *efi_get_gop(void) +static EFI_GRAPHICS_OUTPUT_PROTOCOL __init *efi_get_gop(EFI_HANDLE *gop_handle) { EFI_GRAPHICS_OUTPUT_MODE_INFORMATION *mode_info; EFI_GRAPHICS_OUTPUT_PROTOCOL *gop = NULL; @@ -783,7 +783,10 @@ static EFI_GRAPHICS_OUTPUT_PROTOCOL __init *efi_get_gop(void) continue; status = gop->QueryMode(gop, gop->Mode->Mode, &info_size, &mode_info); if ( !EFI_ERROR(status) ) + { + *gop_handle = handles[i]; break; + } } if ( handles ) efi_bs->FreePool(handles); @@ -1222,6 +1225,7 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) if ( use_cfg_file ) { EFI_FILE_HANDLE dir_handle; + EFI_HANDLE gop_handle; UINTN depth, cols, rows, size; size = cols = rows = depth = 0; @@ -1230,7 +1234,7 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) &cols, &rows) == EFI_SUCCESS ) efi_arch_console_init(cols, rows); - gop = efi_get_gop(); + gop = efi_get_gop(&gop_handle); /* Get the file system interface. */ dir_handle = get_parent_handle(loaded_image, &file_name); @@ -1360,7 +1364,11 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) dir_handle->Close(dir_handle); if ( gop && !base_video ) + { gop_mode = efi_find_gop_mode(gop, cols, rows, depth); + + efi_arch_edid(gop_handle); + } } /* Get the number of boot modules specified on the DT or an error (<0) */ @@ -1387,7 +1395,6 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) efi_arch_edd(); - /* XXX Collect EDID info. */ efi_arch_cpu(); efi_tables(); diff --git a/xen/include/efi/efiprot.h b/xen/include/efi/efiprot.h index 8cf04df437..56d7636b2b 100644 --- a/xen/include/efi/efiprot.h +++ b/xen/include/efi/efiprot.h @@ -724,5 +724,52 @@ struct _EFI_GRAPHICS_OUTPUT_PROTOCOL { EFI_GRAPHICS_OUTPUT_PROTOCOL_BLT Blt; EFI_GRAPHICS_OUTPUT_PROTOCOL_MODE *Mode; }; + +/* + * EFI EDID Discovered Protocol + * UEFI Specification Version 2.5 Section 11.9 + */ +#define EFI_EDID_DISCOVERED_PROTOCOL_GUID \ + { 0x1C0C34F6, 0xD380, 0x41FA, { 0xA0, 0x49, 0x8a, 0xD0, 0x6C, 0x1A, 0x66, 0xAA} } + +typedef struct _EFI_EDID_DISCOVERED_PROTOCOL { + UINT32 SizeOfEdid; + UINT8 *Edid; +} EFI_EDID_DISCOVERED_PROTOCOL; + +/* + * EFI EDID Active Protocol + * UEFI Specification Version 2.5 Section 11.9 + */ +#define EFI_EDID_ACTIVE_PROTOCOL_GUID \ + { 0xBD8C1056, 0x9F36, 0x44EC, { 0x92, 0xA8, 0xA6, 0x33, 0x7F, 0x81, 0x79, 0x86} } + +typedef struct _EFI_EDID_ACTIVE_PROTOCOL { + UINT32 SizeOfEdid; + UINT8 *Edid; +} EFI_EDID_ACTIVE_PROTOCOL; + +/* + * EFI EDID Override Protocol + * UEFI Specification Version 2.5 Section 11.9 + */ +#define EFI_EDID_OVERRIDE_PROTOCOL_GUID \ + { 0x48ECB431, 0xFB72, 0x45C0, { 0xA9, 0x22, 0xF4, 0x58, 0xFE, 0x04, 0x0B, 0xD5} } + +INTERFACE_DECL(_EFI_EDID_OVERRIDE_PROTOCOL); + +typedef +EFI_STATUS +(EFIAPI *EFI_EDID_OVERRIDE_PROTOCOL_GET_EDID) ( + IN struct _EFI_EDID_OVERRIDE_PROTOCOL *This, + IN EFI_HANDLE *ChildHandle, + OUT UINT32 *Attributes, + IN OUT UINTN *EdidSize, + IN OUT UINT8 **Edid); + +typedef struct _EFI_EDID_OVERRIDE_PROTOCOL { + EFI_EDID_OVERRIDE_PROTOCOL_GET_EDID GetEdid; +} EFI_EDID_OVERRIDE_PROTOCOL; + #endif -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 09:55:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 09:55:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301291.514159 (Exim 4.92) (envelope-from ) id 1nclLD-0000Lz-9B; Fri, 08 Apr 2022 09:55:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301291.514159; Fri, 08 Apr 2022 09:55:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLD-0000Ls-6B; Fri, 08 Apr 2022 09:55:43 +0000 Received: by outflank-mailman (input) for mailman id 301291; Fri, 08 Apr 2022 09:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLC-0000Lj-Jt for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLC-0007Rb-J1 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nclLC-000651-IB for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BABHUadmQfvIfyNacj/vqL0H/rhWYMqV0XkIo3+qJUg=; b=upcJVP3QHtPH4ll4ZgepiVWaPY VkN5mVQYoGJP6o7N3Uxm22FZeZHFrxvloEqXZDM1JDnaiGoiu+DJwSp2ukxAJf3R36w+H1E0U3mya 5gthZ9DkAhEme5TT7jvM6ztnB5tHe3rkZQ0cqdhK/pYkvjE/AFt0Lvv3TAkjDglSr5P4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/boot: simplify mode_table Message-Id: Date: Fri, 08 Apr 2022 09:55:42 +0000 commit 3b91082bb8486001dfca9952123aa643ca7c5a5e Author: Jan Beulich AuthorDate: Thu Apr 7 08:34:07 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:34:07 2022 +0200 x86/boot: simplify mode_table There's no point in writing 80x25 text mode information via multiple insns all storing immediate values. The data can simply be included first thing in the vga_modes table, allowing the already present REP MOVSB to take care of everything in one go. While touching this also correct a related but stale comment. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/boot/video.S | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S index 22bc3732a0..822d6d9cf1 100644 --- a/xen/arch/x86/boot/video.S +++ b/xen/arch/x86/boot/video.S @@ -656,8 +656,9 @@ outidx: outb %al, %dx # Build the table of video modes (stored after the setup.S code at the # `modelist' label. Each video mode record looks like: # .word MODE-ID (our special mode ID (see above)) -# .byte rows (number of rows) -# .byte columns (number of columns) +# .word rows (number of rows) +# .word columns (number of columns) +# .word 0 (color depth; gfx modes only) # Returns address of the end of the table in DI, the end is marked # with a ASK_VGA ID. mode_table: @@ -666,12 +667,6 @@ mode_table: jnz mtab1 leaw modelist, %di # Store standard modes: - movw $VIDEO_80x25,(%di) # The 80x25 mode (ALL) - movw $0x50,2(%di) - movw $0x19,4(%di) - movw $0x00,6(%di) - addw $8,%di - leaw bootsym(vga_modes), %si # All modes for std VGA movw $vga_modes_end-vga_modes, %cx rep movsb @@ -685,6 +680,7 @@ ret0: ret # Modes usable on all standard VGAs vga_modes: + .word VIDEO_80x25, 0x50,0x19,0 # 80x25 .word VIDEO_80x50, 0x50,0x32,0 # 80x50 .word VIDEO_80x43, 0x50,0x2b,0 # 80x43 .word VIDEO_80x28, 0x50,0x1c,0 # 80x28 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 09:55:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 09:55:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301292.514163 (Exim 4.92) (envelope-from ) id 1nclLN-0000Pa-B6; Fri, 08 Apr 2022 09:55:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301292.514163; Fri, 08 Apr 2022 09:55:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLN-0000PR-7v; Fri, 08 Apr 2022 09:55:53 +0000 Received: by outflank-mailman (input) for mailman id 301292; Fri, 08 Apr 2022 09:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLM-0000PJ-N2 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLM-0007SL-M5 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nclLM-000662-LF for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eb1AAJ2HFkjLVf4jBOuv3nMplwoBAwwb/5urLHVeumc=; b=PSq/E1BG8JbYhSiW6TQQuntTQp izEMwJsjjEwPgQQjF7K8Mbg/8O/1daM4g2cmaKHw03vaJq58PBzMEyx4tVe+o3bqFO0mKpjgl7g2S rXwvknV+5LeEVOzZ57V6rr8gwaIiopsXKHW58olASnWbj+4oksZURqBbzybJi/73XQBc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/boot: fold branches in video handling code Message-Id: Date: Fri, 08 Apr 2022 09:55:52 +0000 commit 2f576a65a09d98e63e548143825d7a33fa5cff1b Author: Jan Beulich AuthorDate: Thu Apr 7 08:34:58 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:34:58 2022 +0200 x86/boot: fold branches in video handling code Using Jcc to branch around a JMP is necessary only in pre-386 code, where Jcc is limited to disp8. Use the opposite Jcc directly in two places. Since it's adjacent, also convert an ORB to TESTB. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/boot/video.S | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S index 822d6d9cf1..b5af93dbc5 100644 --- a/xen/arch/x86/boot/video.S +++ b/xen/arch/x86/boot/video.S @@ -332,8 +332,7 @@ lment: movb $0, (%di) cmpw $0x656d, (%si) # 'me' jnz lmhx cmpw $0x756e, 2(%si) # 'nu' - jnz lmhx - jmp listm + jz listm lmhx: xorw %bx, %bx # Else => mode ID in hex lmhex: lodsb @@ -401,10 +400,8 @@ mode_set: cmpb $VIDEO_FIRST_VESA>>8, %ah jnc check_vesa - orb %ah, %ah - jnz setbad - - jmp setmenu + testb %ah, %ah + jz setmenu setbad: clc ret -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 09:56:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 09:56:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301294.514167 (Exim 4.92) (envelope-from ) id 1nclLX-0000SX-CM; Fri, 08 Apr 2022 09:56:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301294.514167; Fri, 08 Apr 2022 09:56:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLX-0000SP-9Q; Fri, 08 Apr 2022 09:56:03 +0000 Received: by outflank-mailman (input) for mailman id 301294; Fri, 08 Apr 2022 09:56:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLW-0000SH-Py for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLW-0007Sd-PA for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nclLW-00066s-OR for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QZx9ga40B32ytF0BP4hl+wUGzu8hCXk5sgfakkVTMiw=; b=lG5FYPSor65wYnXjF0xNXzow/d SbDeU937WUv276ZJYPPxNk7gL/LkbFrpHCawHsGL1s/KC4o5x787TaZUBxHQmWHI/LBCJ/NTUdT8X 6CYtIh5R9nSrvR7BCYfcVm4mO9DS+1jT5T/0O29uQBg/6TbJpK1zA04k4/RxO7FQJlow=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/boot: fold/replace moves in video handling code Message-Id: Date: Fri, 08 Apr 2022 09:56:02 +0000 commit c4cac1f48a45925fcc3ec2a60b1271b71dc60223 Author: Jan Beulich AuthorDate: Thu Apr 7 08:36:02 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:36:02 2022 +0200 x86/boot: fold/replace moves in video handling code Replace (mainly) MOV forms with shorter insns (or sequences thereof). Signed-off-by: Jan Beulich Acked-by: Roger Pau MonnĂ© --- xen/arch/x86/boot/video.S | 40 ++++++++++++++++------------------------ 1 file changed, 16 insertions(+), 24 deletions(-) diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S index b5af93dbc5..ee993e1073 100644 --- a/xen/arch/x86/boot/video.S +++ b/xen/arch/x86/boot/video.S @@ -121,8 +121,7 @@ mopar_gr: movw %ax, _param(PARAM_LFB_WIDTH) movw 20(%di), %ax movw %ax, _param(PARAM_LFB_HEIGHT) - movb 25(%di), %al - movb $0, %ah + movzbw 25(%di), %ax movw %ax, _param(PARAM_LFB_DEPTH) movl 40(%di), %eax movl %eax, _param(PARAM_LFB_BASE) @@ -135,8 +134,7 @@ mopar_gr: # get video mem size leaw vesa_glob_info, %di - xorl %eax, %eax - movw 18(%di), %ax + movzwl 18(%di), %eax movl %eax, _param(PARAM_LFB_SIZE) # store mode capabilities @@ -144,14 +142,11 @@ mopar_gr: movl %eax, _param(PARAM_CAPABILITIES) # switching the DAC to 8-bit is for <= 8 bpp only - movw _param(PARAM_LFB_DEPTH), %ax - cmpw $8, %ax + cmpw $8, _param(PARAM_LFB_DEPTH) jg dac_done # get DAC switching capability - xorl %eax, %eax - movb 10(%di), %al - testb $1, %al + testb $1, 10(%di) jz dac_set # attempt to switch DAC to 8-bit @@ -164,17 +159,17 @@ mopar_gr: dac_set: # set color size to DAC size - movb bootsym(dac_size), %al + movzbw bootsym(dac_size), %ax movb %al, _param(PARAM_LFB_COLORS+0) movb %al, _param(PARAM_LFB_COLORS+2) movb %al, _param(PARAM_LFB_COLORS+4) movb %al, _param(PARAM_LFB_COLORS+6) # set color offsets to 0 - movb $0, _param(PARAM_LFB_COLORS+1) - movb $0, _param(PARAM_LFB_COLORS+3) - movb $0, _param(PARAM_LFB_COLORS+5) - movb $0, _param(PARAM_LFB_COLORS+7) + movb %ah, _param(PARAM_LFB_COLORS+1) + movb %ah, _param(PARAM_LFB_COLORS+3) + movb %ah, _param(PARAM_LFB_COLORS+5) + movb %ah, _param(PARAM_LFB_COLORS+7) dac_done: # get protected mode interface information @@ -504,7 +499,8 @@ setvesabysize: call mode_table leaw modelist,%si 1: add $8,%si - cmpw $ASK_VGA,-8(%si) # End? + movw -8(%si),%bx + cmpw $ASK_VGA,%bx # End? je setbad movw -6(%si),%ax cmpw %ax,bootsym(vesa_size)+0 @@ -515,9 +511,7 @@ setvesabysize: movw -2(%si),%ax cmpw %ax,bootsym(vesa_size)+4 jne 1b - movw -8(%si),%ax - movw %ax,%bx - movw %ax,bootsym(boot_vid_mode) + movw %bx,bootsym(boot_vid_mode) jmp check_vesa # Table of routines for setting of the special modes. @@ -741,8 +735,7 @@ vesa2: pushw %cx movw %bx, 2(%di) movw 0x14(%di), %bx # Height movw %bx, 4(%di) - xorw %bx, %bx - movb 0x19(%di), %bl # Depth + movzbw 0x19(%di), %bx # Depth movw %bx, 6(%di) addw $8, %di # The mode is valid. Store it. @@ -869,8 +862,7 @@ gettime: movb %dh, %al # %dh contains the seconds andb $0x0f, %al movb %dh, %ah - movb $0x04, %cl - shrb %cl, %ah + shrb $4, %ah aad popw %cx ret @@ -927,8 +919,8 @@ store_edid: .Lforce_edid: movw $0x4f15, %ax # do VBE/DDC movw $0x01, %bx - movw $0x00, %cx - movw $0x00, %dx + xorw %cx, %cx + xorw %dx, %dx movw $bootsym(boot_edid_info), %di int $0x10 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 09:56:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 09:56:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301296.514171 (Exim 4.92) (envelope-from ) id 1nclLh-0000Vi-Dq; Fri, 08 Apr 2022 09:56:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301296.514171; Fri, 08 Apr 2022 09:56:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLh-0000Va-Ay; Fri, 08 Apr 2022 09:56:13 +0000 Received: by outflank-mailman (input) for mailman id 301296; Fri, 08 Apr 2022 09:56:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLg-0000VT-T6 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLg-0007Sn-SE for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nclLg-00067f-RN for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=I9SelcflWzzTmBiAfncr+x0zsw2nmgO//4YLqHOlVDM=; b=SNczGFTgN8/jLxmiptCPdg+VFi UvZlEa9bffiWq0j/vjUxYRHnZkxQxInwqFoa2t/WDrODDJYpXOF4u4wDK1har/wWL3tKJAeqjMgb0 KdmH6E3HJDyLfBCdZj/vBHez5LVg77JLtm0YmNYrknTPvorFLiieHKCWQiJ8Y21sau8c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/boot: fold two MOVs into an ADD Message-Id: Date: Fri, 08 Apr 2022 09:56:12 +0000 commit 7451cdf204a1b119f134f8bc370a5ec119909565 Author: Jan Beulich AuthorDate: Thu Apr 7 08:37:27 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:37:27 2022 +0200 x86/boot: fold two MOVs into an ADD There's no point going through %ax; the addition can be done directly in %di. Signed-off-by: Jan Beulich Acked-by: Roger Pau MonnĂ© --- xen/arch/x86/boot/mem.S | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/xen/arch/x86/boot/mem.S b/xen/arch/x86/boot/mem.S index a2db7b5d4d..94ffc87d50 100644 --- a/xen/arch/x86/boot/mem.S +++ b/xen/arch/x86/boot/mem.S @@ -24,9 +24,7 @@ get_memory_map: cmpw $E820_BIOS_MAX, bootsym(bios_e820nr) # up to this many entries jae .Ldone - movw %di,%ax - addw $20,%ax - movw %ax,%di + addw $20,%di testl %ebx,%ebx # check to see if jnz 1b # %ebx is set to EOF -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 09:56:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 09:56:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301297.514175 (Exim 4.92) (envelope-from ) id 1nclLs-0000Yd-FP; Fri, 08 Apr 2022 09:56:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301297.514175; Fri, 08 Apr 2022 09:56:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLs-0000YV-CN; Fri, 08 Apr 2022 09:56:24 +0000 Received: by outflank-mailman (input) for mailman id 301297; Fri, 08 Apr 2022 09:56:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLq-0000YI-WB for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclLq-0007Sy-VK for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nclLq-00068I-Ua for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oKSTuNLFuspBCorSSv52i6KrImBKV6ZMJJIed330xFo=; b=AC7fNDu/RqO9p5fIN8UYzjBs7O FRF7bd1pjhmWc8Yxfm9h2h8/6xKW93q1IZqfxnIux0PG/5umFHfIY+swkIMuHnLhbhuIfcNuHwyLC KX1SadT65jc9uRl82roYCKDfGzVrDIDaNQV0WwV8BIqMQbxN5fwG4eniJ7Eo+MYfX5i8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] EFI: correct indentation in efi_tables() Message-Id: Date: Fri, 08 Apr 2022 09:56:22 +0000 commit 609b8b0153e9bdb4e15be88a8911c6360e13e268 Author: Jan Beulich AuthorDate: Thu Apr 7 08:39:03 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 08:39:03 2022 +0200 EFI: correct indentation in efi_tables() Eliminate hard tabs. While there also cast to the intended type. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/common/efi/boot.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index f827a72e93..ac1b235372 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -859,15 +859,15 @@ static void __init efi_tables(void) static EFI_GUID __initdata smbios3_guid = SMBIOS3_TABLE_GUID; if ( match_guid(&acpi2_guid, &efi_ct[i].VendorGuid) ) - efi.acpi20 = (long)efi_ct[i].VendorTable; + efi.acpi20 = (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&acpi_guid, &efi_ct[i].VendorGuid) ) - efi.acpi = (long)efi_ct[i].VendorTable; + efi.acpi = (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&mps_guid, &efi_ct[i].VendorGuid) ) - efi.mps = (long)efi_ct[i].VendorTable; + efi.mps = (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&smbios_guid, &efi_ct[i].VendorGuid) ) - efi.smbios = (long)efi_ct[i].VendorTable; + efi.smbios = (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&smbios3_guid, &efi_ct[i].VendorGuid) ) - efi.smbios3 = (long)efi_ct[i].VendorTable; + efi.smbios3 = (unsigned long)efi_ct[i].VendorTable; } #ifndef CONFIG_ARM /* TODO - disabled until implemented on ARM */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 09:56:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 09:56:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301298.514179 (Exim 4.92) (envelope-from ) id 1nclM2-0000cP-Jm; Fri, 08 Apr 2022 09:56:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301298.514179; Fri, 08 Apr 2022 09:56:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclM2-0000cH-Gm; Fri, 08 Apr 2022 09:56:34 +0000 Received: by outflank-mailman (input) for mailman id 301298; Fri, 08 Apr 2022 09:56:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclM1-0000c5-2y for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclM1-0007T3-28 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nclM1-00068t-1K for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8cEnPhEQ1fy6LOAHaVfE2NEYSVqYGafXSnBJj6Vp0/w=; b=QgzwSQLzhDQQ4Tx/2Pj5e1B6OO 2ZrGr7IWeipy1yceepVYrO7IUyW/uwqnJ9FgKQIEN4e6pk95+/PZYiLK7fJmtMYKfvceyIyJgY9CF 8GhNQnsK9yyC0rTm9gHPXV8CATLHHZUWWPnrh/5/MpNv6oTQ+fbyn4lcihuUnVMHiVQA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] platform/cpufreq: add public defines for CPUFREQ_SHARED_TYPE_ Message-Id: Date: Fri, 08 Apr 2022 09:56:33 +0000 commit 72919c762fccfc1467eec7edb0737b6d548b00a7 Author: Roger Pau MonnĂ© AuthorDate: Thu Apr 7 12:25:42 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 12:25:42 2022 +0200 platform/cpufreq: add public defines for CPUFREQ_SHARED_TYPE_ The values set in the shared_type field of xen_processor_performance have so far relied on Xen and Linux having the same CPUFREQ_SHARED_TYPE_ defines, as those have never been part of the public interface. Formalize by adding the defines for the allowed values in the public header, while renaming them to use the XEN_CPUPERF_SHARED_TYPE_ prefix for clarity. Set the Xen internal defines for CPUFREQ_SHARED_TYPE_ using the newly introduced XEN_CPUPERF_SHARED_TYPE_ public defines in order to avoid unnecessary code churn. While there also drop CPUFREQ_SHARED_TYPE_NONE as it's unused. Fixes: 2fa7bee0a0 ('Get ACPI Px from dom0 and choose Px controller') Signed-off-by: Roger Pau MonnĂ© Reviewed-by: Jan Beulich --- xen/include/acpi/cpufreq/cpufreq.h | 7 +++---- xen/include/public/platform.h | 6 +++++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/xen/include/acpi/cpufreq/cpufreq.h b/xen/include/acpi/cpufreq/cpufreq.h index e5e58c6c30..35dcf21e8f 100644 --- a/xen/include/acpi/cpufreq/cpufreq.h +++ b/xen/include/acpi/cpufreq/cpufreq.h @@ -78,10 +78,9 @@ DECLARE_PER_CPU(struct cpufreq_policy *, cpufreq_cpu_policy); extern int __cpufreq_set_policy(struct cpufreq_policy *data, struct cpufreq_policy *policy); -#define CPUFREQ_SHARED_TYPE_NONE (0) /* None */ -#define CPUFREQ_SHARED_TYPE_HW (1) /* HW does needed coordination */ -#define CPUFREQ_SHARED_TYPE_ALL (2) /* All dependent CPUs should set freq */ -#define CPUFREQ_SHARED_TYPE_ANY (3) /* Freq can be set from any dependent CPU*/ +#define CPUFREQ_SHARED_TYPE_HW XEN_CPUPERF_SHARED_TYPE_HW +#define CPUFREQ_SHARED_TYPE_ALL XEN_CPUPERF_SHARED_TYPE_ALL +#define CPUFREQ_SHARED_TYPE_ANY XEN_CPUPERF_SHARED_TYPE_ANY /******************** cpufreq transition notifiers *******************/ diff --git a/xen/include/public/platform.h b/xen/include/public/platform.h index a4c0eb6224..8100133509 100644 --- a/xen/include/public/platform.h +++ b/xen/include/public/platform.h @@ -465,7 +465,11 @@ struct xen_processor_performance { uint32_t state_count; /* total available performance states */ XEN_GUEST_HANDLE(xen_processor_px_t) states; struct xen_psd_package domain_info; - uint32_t shared_type; /* coordination type of this processor */ + /* Coordination type of this processor */ +#define XEN_CPUPERF_SHARED_TYPE_HW 1 /* HW does needed coordination */ +#define XEN_CPUPERF_SHARED_TYPE_ALL 2 /* All dependent CPUs should set freq */ +#define XEN_CPUPERF_SHARED_TYPE_ANY 3 /* Freq can be set from any dependent CPU */ + uint32_t shared_type; }; typedef struct xen_processor_performance xen_processor_performance_t; DEFINE_XEN_GUEST_HANDLE(xen_processor_performance_t); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 09:56:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 09:56:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301299.514182 (Exim 4.92) (envelope-from ) id 1nclMC-0000f8-LU; Fri, 08 Apr 2022 09:56:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301299.514182; Fri, 08 Apr 2022 09:56:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclMC-0000f0-IO; Fri, 08 Apr 2022 09:56:44 +0000 Received: by outflank-mailman (input) for mailman id 301299; Fri, 08 Apr 2022 09:56:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclMB-0000eo-62 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclMB-0007T7-59 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nclMB-00069S-4P for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Y2jiYDoI7Cl42ATImQpUCQxme52Hr/q0R/JVVVbyoIQ=; b=6eWQCWDDKpxV3y9D1WtQUv4dAR aXRRMp/jytyJpoSeVCXwVe0i2MWUQxZNuDQdWnoAdvnqK+iYwyGGdmNL5IyX8WKPVgk9/Sctp1bu6 +1PJUbC3ocpnm0gaEZfjAV9OT1+u3mWyq3S406C+Oa3k5wGtH9lHMX0LwyS9HkZuv+YQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: don't needlessly look up DID Message-Id: Date: Fri, 08 Apr 2022 09:56:43 +0000 commit 445ab9852d69d8957467f0036098ebec75fec092 Author: Jan Beulich AuthorDate: Thu Apr 7 12:29:03 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 12:29:03 2022 +0200 VT-d: don't needlessly look up DID If get_iommu_domid() in domain_context_unmap_one() fails, we better wouldn't clear the context entry in the first place, as we're then unable to issue the corresponding flush. However, we have no need to look up the DID in the first place: What needs flushing is very specifically the DID that was in the context entry before our clearing of it. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/vtd/iommu.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index f7cb7cd3a6..4c9de8fecf 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1830,18 +1830,12 @@ int domain_context_unmap_one( return 0; } + iommu_domid = context_domain_id(*context); + context_clear_present(*context); context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); - if ( iommu_domid == -1 ) - { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return -EINVAL; - } - rc = iommu_flush_context_device(iommu, iommu_domid, PCI_BDF2(bus, devfn), DMA_CCMD_MASK_NOBIT, 0); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 09:56:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 09:56:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301300.514187 (Exim 4.92) (envelope-from ) id 1nclMM-0000i7-Mr; Fri, 08 Apr 2022 09:56:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301300.514187; Fri, 08 Apr 2022 09:56:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclMM-0000i0-Jy; Fri, 08 Apr 2022 09:56:54 +0000 Received: by outflank-mailman (input) for mailman id 301300; Fri, 08 Apr 2022 09:56:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclML-0000hh-9E for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclML-0007TW-8I for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nclML-00069z-7c for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:56:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xPrbq8WwDBTuMGtXjztp4rUfgwpH1HruEPb+ZZ6I1QE=; b=pDEZZFRqqJHdp/NYwulZm2Aokr yjZJBV2czmtbG+008jjaQ454Ya6ZYRKuM01To8u4XcA1GVtFXqUWTCXmNe7s4UO15PBhmjD6kv9v+ HAr4LmD2TkOhYbZl9XROqB2CEqQkeiOlefiJVOiwC4sDInr67ggovIWdYWdnf+5+hQ7Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: avoid NULL deref on domain_context_mapping_one() error paths Message-Id: Date: Fri, 08 Apr 2022 09:56:53 +0000 commit 608394b906e71587f02e6662597bc985bad33a5a Author: Jan Beulich AuthorDate: Thu Apr 7 12:30:19 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 12:30:19 2022 +0200 VT-d: avoid NULL deref on domain_context_mapping_one() error paths First there's a printk() which actually wrongly uses pdev in the first place: We want to log the coordinates of the (perhaps fake) device acted upon, which may not be pdev. Then it was quite pointless for eb19326a328d ("VT-d: prepare for per- device quarantine page tables (part I)") to add a domid_t parameter to domain_context_unmap_one(): It's only used to pass back here via me_wifi_quirk() -> map_me_phantom_function(). Drop the parameter again. Finally there's the invocation of domain_context_mapping_one(), which needs to be passed the correct domain ID. Avoid taking that path when pdev is NULL and the quarantine state is what would need restoring to. This means we can't security-support non-PCI-Express devices with RMRRs (if such exist in practice) any longer; note that as of trhe 1st of the two commits referenced below assigning them to DomU-s is unsupported anyway. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Fixes: 14dd241aad8a ("IOMMU/x86: use per-device page tables for quarantining") Coverity ID: 1503784 Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/vtd/extern.h | 2 +- xen/drivers/passthrough/vtd/iommu.c | 34 +++++++++++++++++++--------------- xen/drivers/passthrough/vtd/quirks.c | 2 +- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 9ff38f3ded..39602d1f88 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -85,7 +85,7 @@ int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, const struct pci_dev *pdev, domid_t domid, paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid); + uint8_t bus, uint8_t devfn); int cf_check intel_iommu_get_reserved_device_memory( iommu_grdm_t *func, void *ctxt); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 4c9de8fecf..76ff551dfe 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1533,7 +1533,7 @@ int domain_context_mapping_one( check_cleanup_domid_map(domain, pdev, iommu); printk(XENLOG_ERR "%pp: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), + &PCI_SBDF3(seg, bus, devfn), (uint64_t)(res >> 64), (uint64_t)res, (uint64_t)(old >> 64), (uint64_t)old); rc = -EILSEQ; @@ -1601,9 +1601,14 @@ int domain_context_mapping_one( if ( rc ) { - if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + if ( !prev_dom || + /* + * Unmapping here means DEV_TYPE_PCI devices with RMRRs (if such + * exist) would cause problems if such a region was actually + * accessed. + */ + (prev_dom == dom_io && !pdev) ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), @@ -1744,7 +1749,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, * Strictly speaking if the device is the only one behind this bridge * and the only one with this (secbus,0,0) tuple, it could be allowed * to be re-assigned regardless of RMRR presence. But let's deal with - * that case only if it is actually found in the wild. + * that case only if it is actually found in the wild. Note that + * dealing with this just here would still not render the operation + * secure. */ else if ( prev_present && (mode & MAP_WITH_RMRR) && domain != pdev->domain ) @@ -1809,7 +1816,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid) + uint8_t bus, uint8_t devfn) { struct context_entry *context, *context_entries; u64 maddr; @@ -1861,7 +1868,8 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, DOMID_INVALID, 0, + UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1910,8 +1918,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1924,8 +1931,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( ret ) break; @@ -1948,12 +1954,10 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); /* PCIe to PCI/PCIx bridge */ if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, secbus, 0); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index f6f74416d0..3ddbb20e48 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -427,7 +427,7 @@ static int __must_check map_me_phantom_function(struct domain *domain, domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), domid); + PCI_DEVFN(dev, 7)); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 09:57:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 09:57:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301301.514193 (Exim 4.92) (envelope-from ) id 1nclMW-0000lA-PL; Fri, 08 Apr 2022 09:57:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301301.514193; Fri, 08 Apr 2022 09:57:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclMW-0000l2-Lc; Fri, 08 Apr 2022 09:57:04 +0000 Received: by outflank-mailman (input) for mailman id 301301; Fri, 08 Apr 2022 09:57:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclMV-0000ke-C2 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:57:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclMV-0007U0-B9 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:57:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nclMV-0006BG-AU for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:57:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=D9jrtA1SwDGmJO+e9PyJQphutkb9NGgOnoTgttPEUA0=; b=2pNMTbGZ89g3Nc8R+L4nUOx4yi 8r2GvVkPQfB/tjClJ+CsUfiqr4dSbbwgRpMj3og7pdbjsGFay5GixvzWHUIwQINU2VGkja/XTvfXV WS0TL+rvxuVWgpwZ2bu3xdgUJr9hOoC6imyvBdzAyUoza7olQFZ85CM3GJlhrh+hAVBE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: avoid infinite recursion on domain_context_mapping_one() error path Message-Id: Date: Fri, 08 Apr 2022 09:57:03 +0000 commit 99d829dba1390b98a3ca07b365713e62182ee7ca Author: Jan Beulich AuthorDate: Thu Apr 7 12:31:16 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 12:31:16 2022 +0200 VT-d: avoid infinite recursion on domain_context_mapping_one() error path Despite the comment there infinite recursion was still possible, by flip-flopping between two domains. This is because prev_dom is derived from the DID found in the context entry, which was already updated by the time error recovery is invoked. Simply introduce yet another mode flag to prevent rolling back an in-progress roll-back of a prior mapping attempt. Also drop the existing recursion prevention for having been dead anyway: Earlier in the function we already bail when prev_dom == domain. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/vtd/iommu.c | 9 ++++----- xen/drivers/passthrough/vtd/vtd.h | 3 ++- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 76ff551dfe..069427abb2 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1599,7 +1599,7 @@ int domain_context_mapping_one( if ( !seg && !rc ) rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); - if ( rc ) + if ( rc && !(mode & MAP_ERROR_RECOVERY) ) { if ( !prev_dom || /* @@ -1609,13 +1609,12 @@ int domain_context_mapping_one( */ (prev_dom == dom_io && !pdev) ) ret = domain_context_unmap_one(domain, iommu, bus, devfn); - else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + else ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), DEVICE_PGTABLE(prev_dom, pdev), - mode & MAP_WITH_RMRR) < 0; - else - ret = 1; + (mode & MAP_WITH_RMRR) | + MAP_ERROR_RECOVERY) < 0; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index e4ab242fee..cb2df76eed 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -29,7 +29,8 @@ #define MAP_WITH_RMRR (1u << 0) #define MAP_OWNER_DYING (1u << 1) #define MAP_SINGLE_DEVICE (1u << 2) -#define UNMAP_ME_PHANTOM_FUNC (1u << 3) +#define MAP_ERROR_RECOVERY (1u << 3) +#define UNMAP_ME_PHANTOM_FUNC (1u << 4) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 09:57:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 09:57:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301302.514196 (Exim 4.92) (envelope-from ) id 1nclMg-0000o9-R5; Fri, 08 Apr 2022 09:57:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301302.514196; Fri, 08 Apr 2022 09:57:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclMg-0000nx-ND; Fri, 08 Apr 2022 09:57:14 +0000 Received: by outflank-mailman (input) for mailman id 301302; Fri, 08 Apr 2022 09:57:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclMf-0000ng-Ew for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:57:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nclMf-0007UG-E7 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:57:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nclMf-0006Cb-DT for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 09:57:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0zzi3NDizsBf0lEqL+vu8ZoSbmSibzhZgVz8Mx7qR8Q=; b=b2UPrUSssSd0JSOAHBO8Kb+i3y W5eK4fqiTztamygafe2q+rjjCPy1HCVxSkSrzsHNb8t3cA8JjW8CwyJqtQUZ1bFkJ36s9iGQKIVHK LTV5f5tGvRJNlA9nTeRKF+JaLaq/5KgsHa85sjv8B659HuqaNV1TAhnuinh7QCBJaeO0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies Message-Id: Date: Fri, 08 Apr 2022 09:57:13 +0000 commit d4012d50082c2eae2f3cbe7770be13b9227fbc3f Author: Andrew Cooper AuthorDate: Wed Apr 6 22:40:20 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 7 11:36:45 2022 +0100 x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies c/s 1a914256dca5 increased the AMD max leaf from 0x8000001c to 0x80000021, but did not adjust anything in the calculate_*_policy() chain. As a result, on hardware supporting these leaves, we read the real hardware values into the raw policy, then copy into host, and all the way into the PV/HVM default policies. All 4 of these leaves have enable bits (first two by TopoExt, next by SEV, next by PQOS), so any software following the rules is fine and will leave them alone. However, leaf 0x8000001d takes a subleaf input and at least two userspace utilities have been observed to loop indefinitely under Xen (clearly waiting for eax to report "no more cache levels"). Such userspace is buggy, but Xen's behaviour isn't great either. In the short term, clobber all information in these leaves. This is a giant bodge, but there are complexities with implementing all of these leaves properly. Fixes: 1a914256dca5 ("x86/cpuid: support LFENCE always serialising CPUID bit") Link: https://github.com/QubesOS/qubes-issues/issues/7392 Reported-by: fosslinux Reported-by: Marek Marczykowski-GĂ³recki Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpuid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index bb554b06a7..7e0b395698 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -328,8 +328,15 @@ static void recalculate_misc(struct cpuid_policy *p) zero_leaves(p->extd.raw, 0xb, 0x18); + /* 0x19 - TLB details. Pass through. */ + /* 0x1a - Perf hints. Pass through. */ + p->extd.raw[0x1b] = EMPTY_LEAF; /* IBS - not supported. */ p->extd.raw[0x1c] = EMPTY_LEAF; /* LWP - not supported. */ + p->extd.raw[0x1d] = EMPTY_LEAF; /* TopoExt Cache */ + p->extd.raw[0x1e] = EMPTY_LEAF; /* TopoExt APIC ID/Core/Node */ + p->extd.raw[0x1f] = EMPTY_LEAF; /* SEV */ + p->extd.raw[0x20] = EMPTY_LEAF; /* Platform QoS */ break; } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 12:55:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 12:55:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301527.514587 (Exim 4.92) (envelope-from ) id 1nco8o-0000KA-6e; Fri, 08 Apr 2022 12:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301527.514587; Fri, 08 Apr 2022 12:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco8o-0000K2-3f; Fri, 08 Apr 2022 12:55:06 +0000 Received: by outflank-mailman (input) for mailman id 301527; Fri, 08 Apr 2022 12:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco8m-0000Jw-GZ for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco8m-0002Io-8g for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nco8m-0002AP-7a for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HFSKguyvJpjULANYu5VUCYUKC0Mk/aXiPUVTRegV01U=; b=qZVHy1VxXl6tP1an4unQH8oA1X ZjR3uMdYBDNlhSJpm0ib9WQxmYx4McT/cZiIMvEoV4QUC3vjXPDdd7yCrAmL8Kh7pOq0nL21MMxMT CqCBzAsJeHMhmhPWva7vyVE3O2Vin+qIf/p4GUvXhwhu+9wSKmCXApBx/FvCdo1wX3vU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mm: split set_identity_p2m_entry() into PV and HVM parts Message-Id: Date: Fri, 08 Apr 2022 12:55:04 +0000 commit 21e9f2e212e6f022340dfc2c43810fcc66415c9c Author: Jan Beulich AuthorDate: Fri Apr 8 14:39:43 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:39:43 2022 +0200 x86/mm: split set_identity_p2m_entry() into PV and HVM parts ..., moving the former into the new physmap.c. Also call the new functions directly from arch_iommu_hwdom_init() and vpci_make_msix_hole(), as the PV/HVM split is explicit there. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/include/asm/p2m.h | 4 ++++ xen/arch/x86/mm/p2m.c | 28 ++++++---------------------- xen/arch/x86/mm/physmap.c | 28 ++++++++++++++++++++++++++++ xen/drivers/passthrough/x86/iommu.c | 2 +- xen/drivers/vpci/msix.c | 2 +- 5 files changed, 40 insertions(+), 24 deletions(-) diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 84d19e871e..2d0783693e 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -637,6 +637,10 @@ int set_mmio_p2m_entry(struct domain *d, gfn_t gfn, mfn_t mfn, int set_identity_p2m_entry(struct domain *d, unsigned long gfn, p2m_access_t p2ma, unsigned int flag); int clear_identity_p2m_entry(struct domain *d, unsigned long gfn); +/* HVM-only callers can use these directly: */ +int p2m_add_identity_entry(struct domain *d, unsigned long gfn, + p2m_access_t p2ma, unsigned int flag); +int p2m_remove_identity_entry(struct domain *d, unsigned long gfn); /* * Populate-on-demand diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index a01e42ee61..4f739e27e4 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1473,12 +1473,9 @@ static int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, return rc; } -#endif /* CONFIG_HVM */ - -int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, +int p2m_add_identity_entry(struct domain *d, unsigned long gfn_l, p2m_access_t p2ma, unsigned int flag) { -#ifdef CONFIG_HVM p2m_type_t p2mt; p2m_access_t a; gfn_t gfn = _gfn(gfn_l); @@ -1488,13 +1485,8 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, if ( !paging_mode_translate(d) ) { -#endif - if ( !is_iommu_enabled(d) ) - return 0; - return iommu_legacy_map(d, _dfn(gfn_l), _mfn(gfn_l), - 1ul << PAGE_ORDER_4K, - p2m_access_to_iommu_flags(p2ma)); -#ifdef CONFIG_HVM + ASSERT_UNREACHABLE(); + return -EPERM; } gfn_lock(p2m, gfn, 0); @@ -1520,12 +1512,10 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, gfn_unlock(p2m, gfn, 0); return ret; -#endif } -int clear_identity_p2m_entry(struct domain *d, unsigned long gfn_l) +int p2m_remove_identity_entry(struct domain *d, unsigned long gfn_l) { -#ifdef CONFIG_HVM p2m_type_t p2mt; p2m_access_t a; gfn_t gfn = _gfn(gfn_l); @@ -1535,11 +1525,8 @@ int clear_identity_p2m_entry(struct domain *d, unsigned long gfn_l) if ( !paging_mode_translate(d) ) { -#endif - if ( !is_iommu_enabled(d) ) - return 0; - return iommu_legacy_unmap(d, _dfn(gfn_l), 1ul << PAGE_ORDER_4K); -#ifdef CONFIG_HVM + ASSERT_UNREACHABLE(); + return -EPERM; } gfn_lock(p2m, gfn, 0); @@ -1561,7 +1548,6 @@ int clear_identity_p2m_entry(struct domain *d, unsigned long gfn_l) } return ret; -#endif } #ifdef CONFIG_MEM_SHARING @@ -1606,8 +1592,6 @@ int set_shared_p2m_entry(struct domain *d, unsigned long gfn_l, mfn_t mfn) #endif /* CONFIG_MEM_SHARING */ -#ifdef CONFIG_HVM - static struct p2m_domain * p2m_getlru_nestedp2m(struct domain *d, struct p2m_domain *p2m) { diff --git a/xen/arch/x86/mm/physmap.c b/xen/arch/x86/mm/physmap.c index ea82a07283..2d267b42f7 100644 --- a/xen/arch/x86/mm/physmap.c +++ b/xen/arch/x86/mm/physmap.c @@ -21,6 +21,7 @@ * along with this program; If not, see . */ +#include #include #include "mm-locks.h" @@ -75,6 +76,33 @@ guest_physmap_remove_page(struct domain *d, gfn_t gfn, return p2m_remove_page(d, gfn, mfn, page_order); } +int set_identity_p2m_entry(struct domain *d, unsigned long gfn, + p2m_access_t p2ma, unsigned int flag) +{ + if ( !paging_mode_translate(d) ) + { + if ( !is_iommu_enabled(d) ) + return 0; + return iommu_legacy_map(d, _dfn(gfn), _mfn(gfn), + 1ul << PAGE_ORDER_4K, + p2m_access_to_iommu_flags(p2ma)); + } + + return p2m_add_identity_entry(d, gfn, p2ma, flag); +} + +int clear_identity_p2m_entry(struct domain *d, unsigned long gfn) +{ + if ( !paging_mode_translate(d) ) + { + if ( !is_iommu_enabled(d) ) + return 0; + return iommu_legacy_unmap(d, _dfn(gfn), 1ul << PAGE_ORDER_4K); + } + + return p2m_remove_identity_entry(d, gfn); +} + /* * Local variables: * mode: C diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index b942f2119e..209aeb8c2f 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -373,7 +373,7 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) if ( !hwdom_iommu_map(d, pfn, max_pfn) ) rc = 0; else if ( paging_mode_translate(d) ) - rc = set_identity_p2m_entry(d, pfn, p2m_access_rw, 0); + rc = p2m_add_identity_entry(d, pfn, p2m_access_rw, 0); else rc = iommu_map(d, _dfn(pfn), _mfn(pfn), 1ul << PAGE_ORDER_4K, IOMMUF_readable | IOMMUF_writable, &flush_flags); diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index ab758a1ddf..bea0cc7aed 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -466,7 +466,7 @@ int vpci_make_msix_hole(const struct pci_dev *pdev) case p2m_mmio_direct: if ( mfn_x(mfn) == start ) { - clear_identity_p2m_entry(d, start); + p2m_remove_identity_entry(d, start); break; } /* fallthrough. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 12:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 12:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301528.514591 (Exim 4.92) (envelope-from ) id 1nco8y-0000MU-8E; Fri, 08 Apr 2022 12:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301528.514591; Fri, 08 Apr 2022 12:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco8y-0000ML-5C; Fri, 08 Apr 2022 12:55:16 +0000 Received: by outflank-mailman (input) for mailman id 301528; Fri, 08 Apr 2022 12:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco8w-0000M5-DB for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco8w-0002Ix-CG for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nco8w-0002Ax-BJ for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rZWHx11OIFUDSSuxb2CRqkqsSkEtDG1aYab74GKLiSQ=; b=XdmI9cd84MFqrfqAyvoLf0cpqB 86LBCF83NR99y35iwnhUwN5alH2+hgIWcaQ9T04bFfOTM0FPdSmtL042s0NfjCL/ZOxepPt2lZvOX KWqDiSmcOzNg2VcqCP0/ju8TLQXyRro2PwZgg4Cr9P7q7Ty2tmhUXyMjB3HnCFu05KFI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/P2M: p2m_{alloc,free}_ptp() and p2m_alloc_table() are HVM-only Message-Id: Date: Fri, 08 Apr 2022 12:55:14 +0000 commit 033ff90aa9c17306ae0026fd10f6532b2ea3fca2 Author: Jan Beulich AuthorDate: Fri Apr 8 14:40:46 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:40:46 2022 +0200 x86/P2M: p2m_{alloc,free}_ptp() and p2m_alloc_table() are HVM-only This also includes the two p2m related fields. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: George Dunlap --- xen/arch/x86/include/asm/p2m.h | 12 ++++++------ xen/arch/x86/mm/p2m.c | 13 ++++++++++++- xen/arch/x86/mm/shadow/common.c | 2 ++ xen/drivers/passthrough/vtd/iommu.c | 2 ++ 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 2d0783693e..30236daba3 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -208,9 +208,6 @@ struct p2m_domain { /* Lock that protects updates to the p2m */ mm_rwlock_t lock; - /* Shadow translated domain: p2m mapping */ - pagetable_t phys_table; - /* * Same as a domain's dirty_cpumask but limited to * this p2m and those physical cpus whose vcpu's are in @@ -229,9 +226,6 @@ struct p2m_domain { */ p2m_access_t default_access; - /* Pages used to construct the p2m */ - struct page_list_head pages; - /* Host p2m: Log-dirty ranges registered for the domain. */ struct rangeset *logdirty_ranges; @@ -239,6 +233,12 @@ struct p2m_domain { bool global_logdirty; #ifdef CONFIG_HVM + /* Translated domain: p2m mapping */ + pagetable_t phys_table; + + /* Pages used to construct the p2m */ + struct page_list_head pages; + /* Alternate p2m: count of vcpu's currently using this p2m. */ atomic_t active_vcpus; diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 4f739e27e4..48bff44a6a 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -93,7 +93,9 @@ static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) int ret = 0; mm_rwlock_init(&p2m->lock); +#ifdef CONFIG_HVM INIT_PAGE_LIST_HEAD(&p2m->pages); +#endif p2m->domain = d; p2m->default_access = p2m_access_rwx; @@ -627,6 +629,7 @@ struct page_info *p2m_get_page_from_gfn( } #ifdef CONFIG_HVM + /* Returns: 0 for success, -errno for failure */ int p2m_set_entry(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, unsigned int page_order, p2m_type_t p2mt, p2m_access_t p2ma) @@ -666,7 +669,6 @@ int p2m_set_entry(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, return rc; } -#endif mfn_t p2m_alloc_ptp(struct p2m_domain *p2m, unsigned int level) { @@ -745,6 +747,8 @@ int p2m_alloc_table(struct p2m_domain *p2m) return 0; } +#endif /* CONFIG_HVM */ + /* * hvm fixme: when adding support for pvh non-hardware domains, this path must * cleanup any foreign p2m types (release refcnts on them). @@ -753,7 +757,9 @@ void p2m_teardown(struct p2m_domain *p2m) /* Return all the p2m pages to Xen. * We know we don't have any extra mappings to these pages */ { +#ifdef CONFIG_HVM struct page_info *pg; +#endif struct domain *d; if (p2m == NULL) @@ -762,11 +768,16 @@ void p2m_teardown(struct p2m_domain *p2m) d = p2m->domain; p2m_lock(p2m); + ASSERT(atomic_read(&d->shr_pages) == 0); + +#ifdef CONFIG_HVM p2m->phys_table = pagetable_null(); while ( (pg = page_list_remove_head(&p2m->pages)) ) d->arch.paging.free_page(d, pg); +#endif + p2m_unlock(p2m); } diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 8f11190173..06a0f22906 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -2701,8 +2701,10 @@ int shadow_enable(struct domain *d, u32 mode) out_locked: paging_unlock(d); out_unlocked: +#ifdef CONFIG_HVM if ( rv != 0 && !pagetable_is_null(p2m_get_pagetable(p2m)) ) p2m_teardown(p2m); +#endif if ( rv != 0 && pg != NULL ) { pg->count_info &= ~PGC_count_mask; diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 069427abb2..42b76af73f 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -374,6 +374,7 @@ static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, if ( pgd_maddr ) /* nothing */; +#ifdef CONFIG_HVM else if ( iommu_use_hap_pt(d) ) { pagetable_t pgt = p2m_get_pagetable(p2m_get_hostp2m(d)); @@ -381,6 +382,7 @@ static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, pgd_maddr = pagetable_get_paddr(pgt); } else +#endif { if ( !hd->arch.vtd.pgd_maddr ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 12:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 12:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301529.514595 (Exim 4.92) (envelope-from ) id 1nco98-0000PJ-9t; Fri, 08 Apr 2022 12:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301529.514595; Fri, 08 Apr 2022 12:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco98-0000PB-6i; Fri, 08 Apr 2022 12:55:26 +0000 Received: by outflank-mailman (input) for mailman id 301529; Fri, 08 Apr 2022 12:55:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco96-0000Ow-H0 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco96-0002JM-G6 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nco96-0002BZ-F1 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6moSviGJGwuTxW0uAR93qerxmX1cngg8bkVCC3j8J8Y=; b=YGLkU3zY5nL4hJdCX8a+HJidZg bMi2hex7UQfPObGqJPoSDRJP40q+UbvgyOD5F+wej+gQIyV6tGCR8Ot44ChmiNdQh991sTYD0Gtpy OcnvG/AF8FsUgIQIzhpUpeKXoofasSbac45Uiw7LbcJdZMpIj3Qe0oXjgcHU4ZEIjufQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/P2M: PoD, altp2m, and nested-p2m are HVM-only Message-Id: Date: Fri, 08 Apr 2022 12:55:24 +0000 commit 26c719f67e71d5ff4cabc44cba37de2155204cbb Author: Jan Beulich AuthorDate: Fri Apr 8 14:41:51 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:41:51 2022 +0200 x86/P2M: PoD, altp2m, and nested-p2m are HVM-only There's no need to initialize respective data for PV domains. Note that p2m_teardown_{alt,nested}p2m() will handle the lack-of-initialization case fine. As a result, despite PV domains having a host P2M associated with them and hence using XENMEM_get_pod_target on such may not be a real problem, calling p2m_pod_set_mem_target() for a PV domain is surely wrong, even if benign at present. Add a guard there as well. In p2m_pod_demand_populate() the situation is a little different: This function is reachable only for HVM domains anyway, but following from other PoD functions only ever acting on the host P2M (and hence PoD entries only ever existing in host P2Ms), assert and bail from there for non-host-P2Ms. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/include/asm/p2m.h | 4 ---- xen/arch/x86/mm.c | 4 +++- xen/arch/x86/mm/p2m-pod.c | 7 +++++++ xen/arch/x86/mm/p2m.c | 6 +++++- xen/arch/x86/mm/p2m.h | 27 +++++++++++++++++++++++++++ 5 files changed, 42 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 30236daba3..44c953c83a 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -679,8 +679,6 @@ static inline long p2m_pod_entry_count(const struct p2m_domain *p2m) return p2m->pod.entry_count; } -void p2m_pod_init(struct p2m_domain *p2m); - #else static inline bool @@ -709,8 +707,6 @@ static inline long p2m_pod_entry_count(const struct p2m_domain *p2m) return 0; } -static inline void p2m_pod_init(struct p2m_domain *p2m) {} - #endif diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 6cc73187ac..e90789085b 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4810,7 +4810,9 @@ long arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -ESRCH; - if ( cmd == XENMEM_set_pod_target ) + if ( !is_hvm_domain(d) ) + rc = -EINVAL; + else if ( cmd == XENMEM_set_pod_target ) { rc = xsm_set_pod_target(XSM_PRIV, d); if ( rc ) diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index afee09ab40..fd12f8ca73 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -30,6 +30,7 @@ #include #include "mm-locks.h" +#include "p2m.h" #define superpage_aligned(_x) (((_x)&(SUPERPAGE_PAGES-1))==0) @@ -1162,6 +1163,12 @@ p2m_pod_demand_populate(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn; unsigned long i; + if ( !p2m_is_hostp2m(p2m) ) + { + ASSERT_UNREACHABLE(); + return false; + } + ASSERT(gfn_locked_by_me(p2m, gfn)); pod_lock(p2m); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 48bff44a6a..1f1eddac48 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -43,6 +43,7 @@ #include #include "mm-locks.h" +#include "p2m.h" /* Override macro from asm/page.h to make work with mfn_t */ #undef virt_to_mfn @@ -101,6 +102,9 @@ static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) p2m->default_access = p2m_access_rwx; p2m->p2m_class = p2m_host; + if ( !is_hvm_domain(d) ) + return 0; + p2m_pod_init(p2m); p2m_nestedp2m_init(p2m); @@ -258,7 +262,7 @@ int p2m_init(struct domain *d) int rc; rc = p2m_init_hostp2m(d); - if ( rc ) + if ( rc || !is_hvm_domain(d) ) return rc; #ifdef CONFIG_HVM diff --git a/xen/arch/x86/mm/p2m.h b/xen/arch/x86/mm/p2m.h new file mode 100644 index 0000000000..ec1d54f915 --- /dev/null +++ b/xen/arch/x86/mm/p2m.h @@ -0,0 +1,27 @@ +/****************************************************************************** + * arch/x86/mm/p2m.h + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + */ + +void p2m_pod_init(struct p2m_domain *p2m); + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 12:55:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 12:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301530.514598 (Exim 4.92) (envelope-from ) id 1nco9I-0000SN-BA; Fri, 08 Apr 2022 12:55:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301530.514598; Fri, 08 Apr 2022 12:55:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9I-0000SF-8H; Fri, 08 Apr 2022 12:55:36 +0000 Received: by outflank-mailman (input) for mailman id 301530; Fri, 08 Apr 2022 12:55:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9G-0000Ru-KY for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9G-0002JW-Je for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nco9G-0002C8-Id for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dwIndZIWMYpN9CuvazL3B/aVAohp9N8OryZX+mjqaF0=; b=Q+kLi1kcr4IhRmXorpR3GJTN82 lfEZGAGFK1affSaLDusEPSzGr4ax4MxOnGaWqqD4QD0Eav00sILF3oP2x5CYsSlpw4gsb1+ZwBvtl hewQ7AF1eIl86dgEbBD+4hSjOycv1Hz3pbFgY4gBEWJyIkc57jFsVNeJhU4IAi9cBe/g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/P2M: split out init/teardown functions Message-Id: Date: Fri, 08 Apr 2022 12:55:34 +0000 commit e2b2ff6779580a3a56f338a81e8d74ec30eead8c Author: Jan Beulich AuthorDate: Fri Apr 8 14:44:05 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:44:05 2022 +0200 x86/P2M: split out init/teardown functions Mostly just code movement, and certainly no functional change intended. In p2m_final_teardown() the calls to p2m_teardown_{alt,nested}p2m() need to be guarded by an is_hvm_domain() check now, though. This matches p2m_init(). And p2m_is_logdirty_range() also gets moved inside the (so far) adjacent #ifdef. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/include/asm/hvm/vmx/vmx.h | 4 - xen/arch/x86/mm/Makefile | 2 + xen/arch/x86/mm/altp2m.c | 40 +++++ xen/arch/x86/mm/mm-locks.h | 2 - xen/arch/x86/mm/nested.c | 74 +++++++++ xen/arch/x86/mm/p2m-basic.c | 207 +++++++++++++++++++++++++ xen/arch/x86/mm/p2m-ept.c | 1 + xen/arch/x86/mm/p2m.c | 265 +-------------------------------- xen/arch/x86/mm/p2m.h | 22 +++ 9 files changed, 348 insertions(+), 269 deletions(-) diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/asm/hvm/vmx/vmx.h index c2ebdd6864..8eedf59155 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h @@ -594,15 +594,11 @@ unsigned int vmx_get_cpl(void); void vmx_inject_extint(int trap, uint8_t source); void vmx_inject_nmi(void); -int ept_p2m_init(struct p2m_domain *p2m); -void ept_p2m_uninit(struct p2m_domain *p2m); - void ept_walk_table(struct domain *d, unsigned long gfn); bool_t ept_handle_misconfig(uint64_t gpa); int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn, unsigned int order, bool *ipat, p2m_type_t type); void setup_ept_dump(void); -void p2m_init_altp2m_ept(struct domain *d, unsigned int i); /* Locate an alternate p2m by its EPTP */ unsigned int p2m_find_altp2m_by_eptp(struct domain *d, uint64_t eptp); diff --git a/xen/arch/x86/mm/Makefile b/xen/arch/x86/mm/Makefile index a47ef5fd9f..c6eca5ac82 100644 --- a/xen/arch/x86/mm/Makefile +++ b/xen/arch/x86/mm/Makefile @@ -7,7 +7,9 @@ obj-$(CONFIG_SHADOW_PAGING) += guest_walk_4.o obj-$(CONFIG_MEM_ACCESS) += mem_access.o obj-$(CONFIG_MEM_PAGING) += mem_paging.o obj-$(CONFIG_MEM_SHARING) += mem_sharing.o +obj-$(CONFIG_HVM) += nested.o obj-y += p2m.o +obj-y += p2m-basic.o obj-$(CONFIG_HVM) += p2m-ept.o p2m-pod.o p2m-pt.o obj-y += paging.o obj-y += physmap.o diff --git a/xen/arch/x86/mm/altp2m.c b/xen/arch/x86/mm/altp2m.c index c091b03ea3..8be6eaf242 100644 --- a/xen/arch/x86/mm/altp2m.c +++ b/xen/arch/x86/mm/altp2m.c @@ -19,6 +19,8 @@ #include #include #include +#include "mm-locks.h" +#include "p2m.h" void altp2m_vcpu_initialise(struct vcpu *v) @@ -123,6 +125,44 @@ void altp2m_vcpu_disable_ve(struct vcpu *v) } } +int p2m_init_altp2m(struct domain *d) +{ + unsigned int i; + struct p2m_domain *p2m; + struct p2m_domain *hostp2m = p2m_get_hostp2m(d); + + mm_lock_init(&d->arch.altp2m_list_lock); + for ( i = 0; i < MAX_ALTP2M; i++ ) + { + d->arch.altp2m_p2m[i] = p2m = p2m_init_one(d); + if ( p2m == NULL ) + { + p2m_teardown_altp2m(d); + return -ENOMEM; + } + p2m->p2m_class = p2m_alternate; + p2m->access_required = hostp2m->access_required; + _atomic_set(&p2m->active_vcpus, 0); + } + + return 0; +} + +void p2m_teardown_altp2m(struct domain *d) +{ + unsigned int i; + struct p2m_domain *p2m; + + for ( i = 0; i < MAX_ALTP2M; i++ ) + { + if ( !d->arch.altp2m_p2m[i] ) + continue; + p2m = d->arch.altp2m_p2m[i]; + d->arch.altp2m_p2m[i] = NULL; + p2m_free_one(p2m); + } +} + /* * Local variables: * mode: C diff --git a/xen/arch/x86/mm/mm-locks.h b/xen/arch/x86/mm/mm-locks.h index fcfd4706ba..831e56d281 100644 --- a/xen/arch/x86/mm/mm-locks.h +++ b/xen/arch/x86/mm/mm-locks.h @@ -25,8 +25,6 @@ #ifndef _MM_LOCKS_H #define _MM_LOCKS_H -#include - /* Per-CPU variable for enforcing the lock ordering */ DECLARE_PER_CPU(int, mm_lock_level); diff --git a/xen/arch/x86/mm/nested.c b/xen/arch/x86/mm/nested.c new file mode 100644 index 0000000000..fab62b2b2d --- /dev/null +++ b/xen/arch/x86/mm/nested.c @@ -0,0 +1,74 @@ +/****************************************************************************** + * arch/x86/mm/nested.c + * + * Parts of this code are Copyright (c) 2009 by Citrix Systems, Inc. (Patrick Colp) + * Parts of this code are Copyright (c) 2007 by Advanced Micro Devices. + * Parts of this code are Copyright (c) 2006-2007 by XenSource Inc. + * Parts of this code are Copyright (c) 2006 by Michael A Fetterman + * Parts based on earlier work by Michael A Fetterman, Ian Pratt et al. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + */ + +#include +#include +#include "mm-locks.h" +#include "p2m.h" + +void p2m_nestedp2m_init(struct p2m_domain *p2m) +{ + INIT_LIST_HEAD(&p2m->np2m_list); + + p2m->np2m_base = P2M_BASE_EADDR; + p2m->np2m_generation = 0; +} + +int p2m_init_nestedp2m(struct domain *d) +{ + unsigned int i; + struct p2m_domain *p2m; + + mm_lock_init(&d->arch.nested_p2m_lock); + for ( i = 0; i < MAX_NESTEDP2M; i++ ) + { + d->arch.nested_p2m[i] = p2m = p2m_init_one(d); + if ( p2m == NULL ) + { + p2m_teardown_nestedp2m(d); + return -ENOMEM; + } + p2m->p2m_class = p2m_nested; + p2m->write_p2m_entry_pre = NULL; + p2m->write_p2m_entry_post = nestedp2m_write_p2m_entry_post; + list_add(&p2m->np2m_list, &p2m_get_hostp2m(d)->np2m_list); + } + + return 0; +} + +void p2m_teardown_nestedp2m(struct domain *d) +{ + unsigned int i; + struct p2m_domain *p2m; + + for ( i = 0; i < MAX_NESTEDP2M; i++ ) + { + if ( !d->arch.nested_p2m[i] ) + continue; + p2m = d->arch.nested_p2m[i]; + list_del(&p2m->np2m_list); + p2m_free_one(p2m); + d->arch.nested_p2m[i] = NULL; + } +} diff --git a/xen/arch/x86/mm/p2m-basic.c b/xen/arch/x86/mm/p2m-basic.c new file mode 100644 index 0000000000..be4a08b9cb --- /dev/null +++ b/xen/arch/x86/mm/p2m-basic.c @@ -0,0 +1,207 @@ +/****************************************************************************** + * arch/x86/mm/p2m-basic.c + * + * Basic P2M management largely applicable to all domain types. + * + * Parts of this code are Copyright (c) 2009 by Citrix Systems, Inc. (Patrick Colp) + * Parts of this code are Copyright (c) 2007 by Advanced Micro Devices. + * Parts of this code are Copyright (c) 2006-2007 by XenSource Inc. + * Parts of this code are Copyright (c) 2006 by Michael A Fetterman + * Parts based on earlier work by Michael A Fetterman, Ian Pratt et al. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + */ + +#include +#include +#include "mm-locks.h" +#include "p2m.h" + +/* Init the datastructures for later use by the p2m code */ +static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) +{ + int ret = 0; + + mm_rwlock_init(&p2m->lock); +#ifdef CONFIG_HVM + INIT_PAGE_LIST_HEAD(&p2m->pages); +#endif + + p2m->domain = d; + p2m->default_access = p2m_access_rwx; + p2m->p2m_class = p2m_host; + + if ( !is_hvm_domain(d) ) + return 0; + + p2m_pod_init(p2m); + p2m_nestedp2m_init(p2m); + + if ( hap_enabled(d) && cpu_has_vmx ) + ret = ept_p2m_init(p2m); + else + p2m_pt_init(p2m); + + spin_lock_init(&p2m->ioreq.lock); + + return ret; +} + +struct p2m_domain *p2m_init_one(struct domain *d) +{ + struct p2m_domain *p2m = xzalloc(struct p2m_domain); + + if ( !p2m ) + return NULL; + + if ( !zalloc_cpumask_var(&p2m->dirty_cpumask) ) + goto free_p2m; + + if ( p2m_initialise(d, p2m) ) + goto free_cpumask; + return p2m; + + free_cpumask: + free_cpumask_var(p2m->dirty_cpumask); + free_p2m: + xfree(p2m); + return NULL; +} + +void p2m_free_one(struct p2m_domain *p2m) +{ + p2m_free_logdirty(p2m); + if ( hap_enabled(p2m->domain) && cpu_has_vmx ) + ept_p2m_uninit(p2m); + free_cpumask_var(p2m->dirty_cpumask); + xfree(p2m); +} + +static int p2m_init_hostp2m(struct domain *d) +{ + struct p2m_domain *p2m = p2m_init_one(d); + int rc; + + if ( !p2m ) + return -ENOMEM; + + rc = p2m_init_logdirty(p2m); + + if ( !rc ) + d->arch.p2m = p2m; + else + p2m_free_one(p2m); + + return rc; +} + +static void p2m_teardown_hostp2m(struct domain *d) +{ + /* Iterate over all p2m tables per domain */ + struct p2m_domain *p2m = p2m_get_hostp2m(d); + + if ( p2m ) + { + p2m_free_one(p2m); + d->arch.p2m = NULL; + } +} + +int p2m_init(struct domain *d) +{ + int rc; + + rc = p2m_init_hostp2m(d); + if ( rc || !is_hvm_domain(d) ) + return rc; + + /* + * Must initialise nestedp2m unconditionally + * since nestedhvm_enabled(d) returns false here. + * (p2m_init runs too early for HVM_PARAM_* options) + */ + rc = p2m_init_nestedp2m(d); + if ( rc ) + { + p2m_teardown_hostp2m(d); + return rc; + } + + rc = p2m_init_altp2m(d); + if ( rc ) + { + p2m_teardown_hostp2m(d); + p2m_teardown_nestedp2m(d); + } + + return rc; +} + +/* + * Return all the p2m pages to Xen. + * We know we don't have any extra mappings to these pages. + * + * hvm fixme: when adding support for pvh non-hardware domains, this path must + * cleanup any foreign p2m types (release refcnts on them). + */ +void p2m_teardown(struct p2m_domain *p2m) +{ +#ifdef CONFIG_HVM + struct page_info *pg; +#endif + struct domain *d; + + if ( !p2m ) + return; + + d = p2m->domain; + + p2m_lock(p2m); + + ASSERT(atomic_read(&d->shr_pages) == 0); + +#ifdef CONFIG_HVM + p2m->phys_table = pagetable_null(); + + while ( (pg = page_list_remove_head(&p2m->pages)) ) + d->arch.paging.free_page(d, pg); +#endif + + p2m_unlock(p2m); +} + +void p2m_final_teardown(struct domain *d) +{ + if ( is_hvm_domain(d) ) + { + /* + * We must tear down both of them unconditionally because + * we initialise them unconditionally. + */ + p2m_teardown_altp2m(d); + p2m_teardown_nestedp2m(d); + } + + /* Iterate over all p2m tables per domain */ + p2m_teardown_hostp2m(d); +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index 70a401c3a7..b04ca6dbe8 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -35,6 +35,7 @@ #include #include "mm-locks.h" +#include "p2m.h" #define atomic_read_ept_entry(__pepte) \ ( (ept_entry_t) { .epte = read_atomic(&(__pepte)->epte) } ) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 1f1eddac48..6498cd460b 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -35,7 +35,6 @@ #include #include #include -#include /* ept_p2m_init() */ #include #include #include @@ -56,17 +55,9 @@ boolean_param("hap_2mb", opt_hap_2mb); DEFINE_PERCPU_RWLOCK_GLOBAL(p2m_percpu_rwlock); -static void p2m_nestedp2m_init(struct p2m_domain *p2m) -{ #ifdef CONFIG_HVM - INIT_LIST_HEAD(&p2m->np2m_list); - - p2m->np2m_base = P2M_BASE_EADDR; - p2m->np2m_generation = 0; -#endif -} -static int p2m_init_logdirty(struct p2m_domain *p2m) +int p2m_init_logdirty(struct p2m_domain *p2m) { if ( p2m->logdirty_ranges ) return 0; @@ -79,7 +70,7 @@ static int p2m_init_logdirty(struct p2m_domain *p2m) return 0; } -static void p2m_free_logdirty(struct p2m_domain *p2m) +void p2m_free_logdirty(struct p2m_domain *p2m) { if ( !p2m->logdirty_ranges ) return; @@ -88,205 +79,6 @@ static void p2m_free_logdirty(struct p2m_domain *p2m) p2m->logdirty_ranges = NULL; } -/* Init the datastructures for later use by the p2m code */ -static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) -{ - int ret = 0; - - mm_rwlock_init(&p2m->lock); -#ifdef CONFIG_HVM - INIT_PAGE_LIST_HEAD(&p2m->pages); -#endif - - p2m->domain = d; - p2m->default_access = p2m_access_rwx; - p2m->p2m_class = p2m_host; - - if ( !is_hvm_domain(d) ) - return 0; - - p2m_pod_init(p2m); - p2m_nestedp2m_init(p2m); - - if ( hap_enabled(d) && cpu_has_vmx ) - ret = ept_p2m_init(p2m); - else - p2m_pt_init(p2m); - - spin_lock_init(&p2m->ioreq.lock); - - return ret; -} - -static struct p2m_domain *p2m_init_one(struct domain *d) -{ - struct p2m_domain *p2m = xzalloc(struct p2m_domain); - - if ( !p2m ) - return NULL; - - if ( !zalloc_cpumask_var(&p2m->dirty_cpumask) ) - goto free_p2m; - - if ( p2m_initialise(d, p2m) ) - goto free_cpumask; - return p2m; - -free_cpumask: - free_cpumask_var(p2m->dirty_cpumask); -free_p2m: - xfree(p2m); - return NULL; -} - -static void p2m_free_one(struct p2m_domain *p2m) -{ - p2m_free_logdirty(p2m); - if ( hap_enabled(p2m->domain) && cpu_has_vmx ) - ept_p2m_uninit(p2m); - free_cpumask_var(p2m->dirty_cpumask); - xfree(p2m); -} - -static int p2m_init_hostp2m(struct domain *d) -{ - struct p2m_domain *p2m = p2m_init_one(d); - int rc; - - if ( !p2m ) - return -ENOMEM; - - rc = p2m_init_logdirty(p2m); - - if ( !rc ) - d->arch.p2m = p2m; - else - p2m_free_one(p2m); - - return rc; -} - -static void p2m_teardown_hostp2m(struct domain *d) -{ - /* Iterate over all p2m tables per domain */ - struct p2m_domain *p2m = p2m_get_hostp2m(d); - - if ( p2m ) - { - p2m_free_one(p2m); - d->arch.p2m = NULL; - } -} - -#ifdef CONFIG_HVM -static void p2m_teardown_nestedp2m(struct domain *d) -{ - unsigned int i; - struct p2m_domain *p2m; - - for ( i = 0; i < MAX_NESTEDP2M; i++ ) - { - if ( !d->arch.nested_p2m[i] ) - continue; - p2m = d->arch.nested_p2m[i]; - list_del(&p2m->np2m_list); - p2m_free_one(p2m); - d->arch.nested_p2m[i] = NULL; - } -} - -static int p2m_init_nestedp2m(struct domain *d) -{ - unsigned int i; - struct p2m_domain *p2m; - - mm_lock_init(&d->arch.nested_p2m_lock); - for ( i = 0; i < MAX_NESTEDP2M; i++ ) - { - d->arch.nested_p2m[i] = p2m = p2m_init_one(d); - if ( p2m == NULL ) - { - p2m_teardown_nestedp2m(d); - return -ENOMEM; - } - p2m->p2m_class = p2m_nested; - p2m->write_p2m_entry_pre = NULL; - p2m->write_p2m_entry_post = nestedp2m_write_p2m_entry_post; - list_add(&p2m->np2m_list, &p2m_get_hostp2m(d)->np2m_list); - } - - return 0; -} - -static void p2m_teardown_altp2m(struct domain *d) -{ - unsigned int i; - struct p2m_domain *p2m; - - for ( i = 0; i < MAX_ALTP2M; i++ ) - { - if ( !d->arch.altp2m_p2m[i] ) - continue; - p2m = d->arch.altp2m_p2m[i]; - d->arch.altp2m_p2m[i] = NULL; - p2m_free_one(p2m); - } -} - -static int p2m_init_altp2m(struct domain *d) -{ - unsigned int i; - struct p2m_domain *p2m; - struct p2m_domain *hostp2m = p2m_get_hostp2m(d); - - mm_lock_init(&d->arch.altp2m_list_lock); - for ( i = 0; i < MAX_ALTP2M; i++ ) - { - d->arch.altp2m_p2m[i] = p2m = p2m_init_one(d); - if ( p2m == NULL ) - { - p2m_teardown_altp2m(d); - return -ENOMEM; - } - p2m->p2m_class = p2m_alternate; - p2m->access_required = hostp2m->access_required; - _atomic_set(&p2m->active_vcpus, 0); - } - - return 0; -} -#endif - -int p2m_init(struct domain *d) -{ - int rc; - - rc = p2m_init_hostp2m(d); - if ( rc || !is_hvm_domain(d) ) - return rc; - -#ifdef CONFIG_HVM - /* Must initialise nestedp2m unconditionally - * since nestedhvm_enabled(d) returns false here. - * (p2m_init runs too early for HVM_PARAM_* options) */ - rc = p2m_init_nestedp2m(d); - if ( rc ) - { - p2m_teardown_hostp2m(d); - return rc; - } - - rc = p2m_init_altp2m(d); - if ( rc ) - { - p2m_teardown_hostp2m(d); - p2m_teardown_nestedp2m(d); - } -#endif - - return rc; -} - int p2m_is_logdirty_range(struct p2m_domain *p2m, unsigned long start, unsigned long end) { @@ -298,8 +90,6 @@ int p2m_is_logdirty_range(struct p2m_domain *p2m, unsigned long start, return 0; } -#ifdef CONFIG_HVM - static void change_entry_type_global(struct p2m_domain *p2m, p2m_type_t ot, p2m_type_t nt) { @@ -751,57 +541,6 @@ int p2m_alloc_table(struct p2m_domain *p2m) return 0; } -#endif /* CONFIG_HVM */ - -/* - * hvm fixme: when adding support for pvh non-hardware domains, this path must - * cleanup any foreign p2m types (release refcnts on them). - */ -void p2m_teardown(struct p2m_domain *p2m) -/* Return all the p2m pages to Xen. - * We know we don't have any extra mappings to these pages */ -{ -#ifdef CONFIG_HVM - struct page_info *pg; -#endif - struct domain *d; - - if (p2m == NULL) - return; - - d = p2m->domain; - - p2m_lock(p2m); - - ASSERT(atomic_read(&d->shr_pages) == 0); - -#ifdef CONFIG_HVM - p2m->phys_table = pagetable_null(); - - while ( (pg = page_list_remove_head(&p2m->pages)) ) - d->arch.paging.free_page(d, pg); -#endif - - p2m_unlock(p2m); -} - -void p2m_final_teardown(struct domain *d) -{ -#ifdef CONFIG_HVM - /* - * We must teardown both of them unconditionally because - * we initialise them unconditionally. - */ - p2m_teardown_altp2m(d); - p2m_teardown_nestedp2m(d); -#endif - - /* Iterate over all p2m tables per domain */ - p2m_teardown_hostp2m(d); -} - -#ifdef CONFIG_HVM - static int __must_check p2m_remove_entry(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, unsigned int page_order) diff --git a/xen/arch/x86/mm/p2m.h b/xen/arch/x86/mm/p2m.h index ec1d54f915..cc0f6766e4 100644 --- a/xen/arch/x86/mm/p2m.h +++ b/xen/arch/x86/mm/p2m.h @@ -15,8 +15,30 @@ * along with this program; If not, see . */ +struct p2m_domain *p2m_init_one(struct domain *d); +void p2m_free_one(struct p2m_domain *p2m); + void p2m_pod_init(struct p2m_domain *p2m); +#ifdef CONFIG_HVM +int p2m_init_logdirty(struct p2m_domain *p2m); +void p2m_free_logdirty(struct p2m_domain *p2m); +#else +static inline int p2m_init_logdirty(struct p2m_domain *p2m) { return 0; } +static inline void p2m_free_logdirty(struct p2m_domain *p2m) {} +#endif + +int p2m_init_altp2m(struct domain *d); +void p2m_teardown_altp2m(struct domain *d); + +void p2m_nestedp2m_init(struct p2m_domain *p2m); +int p2m_init_nestedp2m(struct domain *d); +void p2m_teardown_nestedp2m(struct domain *d); + +int ept_p2m_init(struct p2m_domain *p2m); +void ept_p2m_uninit(struct p2m_domain *p2m); +void p2m_init_altp2m_ept(struct domain *d, unsigned int i); + /* * Local variables: * mode: C -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 12:55:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 12:55:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301531.514602 (Exim 4.92) (envelope-from ) id 1nco9R-0000X9-EV; Fri, 08 Apr 2022 12:55:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301531.514602; Fri, 08 Apr 2022 12:55:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9R-0000X1-Bl; Fri, 08 Apr 2022 12:55:45 +0000 Received: by outflank-mailman (input) for mailman id 301531; Fri, 08 Apr 2022 12:55:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9Q-0000Wv-Na for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9Q-0002Jg-Mm for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nco9Q-0002D5-M3 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PuWcbe5PicUxs6UsAOnU/hC/PyCgTntXv1MqmpHsL5o=; b=iWYzaMtD4dNu/vBKNHu235lzxa O3jA8f0r/A+ZVNfLnm40zL3sf8wyCJnKZ9mLKD8bZjjJ0cEmxt7DfRWECw4GV9v8Iz9rqLVOu6NsR 2Sm/9Wx+eJ48YFeTApKvoPCiN81kWecO6UG5It+XNyysAWywQBNKMLru19iaKmTOAHbs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/P2M: p2m_get_page_from_gfn() is HVM-only Message-Id: Date: Fri, 08 Apr 2022 12:55:44 +0000 commit c9e802e916423111652424a93d98f67ae7135afc Author: Jan Beulich AuthorDate: Fri Apr 8 14:45:37 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:45:37 2022 +0200 x86/P2M: p2m_get_page_from_gfn() is HVM-only This function is the wrong layer to go through for PV guests. It happens to work, but produces results which aren't fully consistent with get_page_from_gfn(). The latter function, however, cannot be used in map_domain_gfn() as it may not be the host P2M we mean to act on. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/mm/guest_walk.c | 4 +++- xen/arch/x86/mm/p2m.c | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/mm/guest_walk.c b/xen/arch/x86/mm/guest_walk.c index 35d543ca5f..70dacc477f 100644 --- a/xen/arch/x86/mm/guest_walk.c +++ b/xen/arch/x86/mm/guest_walk.c @@ -551,7 +551,9 @@ void *map_domain_gfn(struct p2m_domain *p2m, gfn_t gfn, mfn_t *mfn, } /* Translate the gfn, unsharing if shared. */ - page = p2m_get_page_from_gfn(p2m, gfn, &p2mt, NULL, q); + page = paging_mode_translate(p2m->domain) + ? p2m_get_page_from_gfn(p2m, gfn, &p2mt, NULL, q) + : get_page_from_gfn(p2m->domain, gfn_x(gfn), &p2mt, q); if ( p2m_is_paging(p2mt) ) { ASSERT(p2m_is_hostp2m(p2m)); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 6498cd460b..c3653b013d 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -357,6 +357,8 @@ void __put_gfn(struct p2m_domain *p2m, unsigned long gfn) gfn_unlock(p2m, gfn, 0); } +#ifdef CONFIG_HVM + /* Atomically look up a GFN and take a reference count on the backing page. */ struct page_info *p2m_get_page_from_gfn( struct p2m_domain *p2m, gfn_t gfn, @@ -422,8 +424,6 @@ struct page_info *p2m_get_page_from_gfn( return page; } -#ifdef CONFIG_HVM - /* Returns: 0 for success, -errno for failure */ int p2m_set_entry(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, unsigned int page_order, p2m_type_t p2mt, p2m_access_t p2ma) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 12:55:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 12:55:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301532.514607 (Exim 4.92) (envelope-from ) id 1nco9b-0000aA-Fw; Fri, 08 Apr 2022 12:55:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301532.514607; Fri, 08 Apr 2022 12:55:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9b-0000a2-DA; Fri, 08 Apr 2022 12:55:55 +0000 Received: by outflank-mailman (input) for mailman id 301532; Fri, 08 Apr 2022 12:55:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9a-0000Zt-R9 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9a-0002KB-QF for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nco9a-0002Dw-PX for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:55:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=h1pCLzgCVo1bSS2bmrT04Nh8eU6QgAxnYJUb7BdXUXI=; b=UTcQ5hqsKJ42zMTsXnsJVq+lk7 urMceBIPhxqnK5bKv0dgqgAuRXL2fURoyGaVd6jQv4MCN3sRXwvt4Di3cjqXi77kPG3TalCHj3jnw cM7bqRz8RrnKyF+5W8FuJY1HYUwMf3cvUgB6BNAf4AaRvu+0Bs6wImWhbB360vOdCfkc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/P2M: derive HVM-only variant from __get_gfn_type_access() Message-Id: Date: Fri, 08 Apr 2022 12:55:54 +0000 commit aa70b8959915b67b4e7a2516f743ab6ffe0f8a1b Author: Jan Beulich AuthorDate: Fri Apr 8 14:46:30 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:46:30 2022 +0200 x86/P2M: derive HVM-only variant from __get_gfn_type_access() Introduce an inline wrapper dealing with the non-translated-domain case, while stripping that logic from the main function, which gets renamed to p2m_get_gfn_type_access(). HVM-only callers can then directly use the main function. Along with renaming the main function also make its and the new inline helper's GFN parameters type-safe. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/hvm/svm/svm.c | 4 ++-- xen/arch/x86/include/asm/p2m.h | 26 ++++++++++++++++++++++---- xen/arch/x86/mm/mem_access.c | 5 +++-- xen/arch/x86/mm/mem_sharing.c | 16 ++++++++-------- xen/arch/x86/mm/p2m.c | 35 ++++++++++++----------------------- 5 files changed, 47 insertions(+), 39 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 64a45045da..2455835eda 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1712,7 +1712,7 @@ static void svm_do_nested_pgfault(struct vcpu *v, } _d; p2m = p2m_get_p2m(v); - mfn = __get_gfn_type_access(p2m, gfn, &p2mt, &p2ma, 0, NULL, 0); + mfn = p2m_get_gfn_type_access(p2m, _gfn(gfn), &p2mt, &p2ma, 0, NULL, 0); _d.gpa = gpa; _d.qualification = 0; @@ -1737,7 +1737,7 @@ static void svm_do_nested_pgfault(struct vcpu *v, if ( p2m == NULL ) { p2m = p2m_get_p2m(v); - mfn = __get_gfn_type_access(p2m, gfn, &p2mt, &p2ma, 0, NULL, 0); + mfn = p2m_get_gfn_type_access(p2m, _gfn(gfn), &p2mt, &p2ma, 0, NULL, 0); } gdprintk(XENLOG_ERR, "SVM violation gpa %#"PRIpaddr", mfn %#lx, type %i\n", diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 44c953c83a..789d5a4464 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -459,10 +459,27 @@ void p2m_unlock_and_tlb_flush(struct p2m_domain *p2m); * After calling any of the variants below, caller needs to use * put_gfn. ****/ -mfn_t __nonnull(3, 4) __get_gfn_type_access( - struct p2m_domain *p2m, unsigned long gfn, p2m_type_t *t, +mfn_t __nonnull(3, 4) p2m_get_gfn_type_access( + struct p2m_domain *p2m, gfn_t gfn, p2m_type_t *t, p2m_access_t *a, p2m_query_t q, unsigned int *page_order, bool_t locked); +static inline mfn_t __nonnull(3, 4) _get_gfn_type_access( + struct p2m_domain *p2m, gfn_t gfn, p2m_type_t *t, + p2m_access_t *a, p2m_query_t q, unsigned int *page_order, bool_t locked) +{ + if ( !p2m || !paging_mode_translate(p2m->domain) ) + { + /* + * Not necessarily true, but for non-translated guests we claim + * it's the most generic kind of memory. + */ + *t = p2m_ram_rw; + return _mfn(gfn_x(gfn)); + } + + return p2m_get_gfn_type_access(p2m, gfn, t, a, q, page_order, locked); +} + /* Read a particular P2M table, mapping pages as we go. Most callers * should _not_ call this directly; use the other get_gfn* functions * below unless you know you want to walk a p2m that isn't a domain's @@ -474,7 +491,7 @@ static inline mfn_t __nonnull(3, 4) get_gfn_type_access( struct p2m_domain *p2m, unsigned long gfn, p2m_type_t *t, p2m_access_t *a, p2m_query_t q, unsigned int *page_order) { - return __get_gfn_type_access(p2m, gfn, t, a, q, page_order, true); + return _get_gfn_type_access(p2m, _gfn(gfn), t, a, q, page_order, true); } /* General conversion function from gfn to mfn */ @@ -515,7 +532,8 @@ static inline mfn_t get_gfn_query_unlocked(struct domain *d, p2m_type_t *t) { p2m_access_t a; - return __get_gfn_type_access(p2m_get_hostp2m(d), gfn, t, &a, 0, NULL, 0); + return _get_gfn_type_access(p2m_get_hostp2m(d), _gfn(gfn), t, &a, 0, + NULL, 0); } /* Atomically look up a GFN and take a reference count on the backing page. diff --git a/xen/arch/x86/mm/mem_access.c b/xen/arch/x86/mm/mem_access.c index 7750b81cd4..f3aed9fcc9 100644 --- a/xen/arch/x86/mm/mem_access.c +++ b/xen/arch/x86/mm/mem_access.c @@ -299,8 +299,9 @@ static int set_mem_access(struct domain *d, struct p2m_domain *p2m, { p2m_access_t _a; p2m_type_t t; - mfn_t mfn = __get_gfn_type_access(p2m, gfn_x(gfn), &t, &_a, - P2M_ALLOC, NULL, false); + mfn_t mfn = p2m_get_gfn_type_access(p2m, gfn, &t, &_a, + P2M_ALLOC, NULL, false); + rc = p2m->set_entry(p2m, gfn, mfn, PAGE_ORDER_4K, t, a, -1); } diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index 15e6a7ed81..703b1c06dc 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -478,12 +478,12 @@ do { \ #undef assign_pointers /* Now do the gets. */ - *first_mfn = __get_gfn_type_access(p2m_get_hostp2m(rval->first_domain), - gfn_x(rval->first_gfn), first_t, - first_a, q, NULL, lock); - *second_mfn = __get_gfn_type_access(p2m_get_hostp2m(rval->second_domain), - gfn_x(rval->second_gfn), second_t, - second_a, q, NULL, lock); + *first_mfn = p2m_get_gfn_type_access(p2m_get_hostp2m(rval->first_domain), + rval->first_gfn, first_t, + first_a, q, NULL, lock); + *second_mfn = p2m_get_gfn_type_access(p2m_get_hostp2m(rval->second_domain), + rval->second_gfn, second_t, + second_a, q, NULL, lock); } static void put_two_gfns(const struct two_gfns *arg) @@ -936,8 +936,8 @@ static int nominate_page(struct domain *d, gfn_t gfn, if ( !ap2m ) continue; - amfn = __get_gfn_type_access(ap2m, gfn_x(gfn), &ap2mt, &ap2ma, - 0, NULL, false); + amfn = p2m_get_gfn_type_access(ap2m, gfn, &ap2mt, &ap2ma, + 0, NULL, false); if ( mfn_valid(amfn) && (!mfn_eq(amfn, mfn) || ap2ma != p2ma) ) { altp2m_list_unlock(d); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index c3653b013d..169f733d83 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -286,25 +286,13 @@ void p2m_unlock_and_tlb_flush(struct p2m_domain *p2m) mm_write_unlock(&p2m->lock); } -mfn_t __get_gfn_type_access(struct p2m_domain *p2m, unsigned long gfn_l, - p2m_type_t *t, p2m_access_t *a, p2m_query_t q, - unsigned int *page_order, bool_t locked) -{ #ifdef CONFIG_HVM - mfn_t mfn; - gfn_t gfn = _gfn(gfn_l); - if ( !p2m || !paging_mode_translate(p2m->domain) ) - { -#endif - /* - * Not necessarily true, but for non-translated guests we claim - * it's the most generic kind of memory. - */ - *t = p2m_ram_rw; - return _mfn(gfn_l); -#ifdef CONFIG_HVM - } +mfn_t p2m_get_gfn_type_access(struct p2m_domain *p2m, gfn_t gfn, + p2m_type_t *t, p2m_access_t *a, p2m_query_t q, + unsigned int *page_order, bool_t locked) +{ + mfn_t mfn; /* Unshare makes no sense without populate. */ if ( q & P2M_UNSHARE ) @@ -329,8 +317,8 @@ mfn_t __get_gfn_type_access(struct p2m_domain *p2m, unsigned long gfn_l, * Try to unshare. If we fail, communicate ENOMEM without * sleeping. */ - if ( mem_sharing_unshare_page(p2m->domain, gfn_l) < 0 ) - mem_sharing_notify_enomem(p2m->domain, gfn_l, false); + if ( mem_sharing_unshare_page(p2m->domain, gfn_x(gfn)) < 0 ) + mem_sharing_notify_enomem(p2m->domain, gfn_x(gfn), false); mfn = p2m->get_entry(p2m, gfn, t, a, q, page_order, NULL); } @@ -343,9 +331,10 @@ mfn_t __get_gfn_type_access(struct p2m_domain *p2m, unsigned long gfn_l, } return mfn; -#endif } +#endif /* CONFIG_HVM */ + void __put_gfn(struct p2m_domain *p2m, unsigned long gfn) { if ( !p2m || !paging_mode_translate(p2m->domain) ) @@ -377,7 +366,7 @@ struct page_info *p2m_get_page_from_gfn( { /* Fast path: look up and get out */ p2m_read_lock(p2m); - mfn = __get_gfn_type_access(p2m, gfn_x(gfn), t, a, 0, NULL, 0); + mfn = p2m_get_gfn_type_access(p2m, gfn, t, a, 0, NULL, 0); if ( p2m_is_any_ram(*t) && mfn_valid(mfn) && !((q & P2M_UNSHARE) && p2m_is_shared(*t)) ) { @@ -1775,8 +1764,8 @@ int altp2m_get_effective_entry(struct p2m_domain *ap2m, gfn_t gfn, mfn_t *mfn, unsigned int page_order; int rc; - *mfn = __get_gfn_type_access(hp2m, gfn_x(gfn), t, a, - P2M_ALLOC | P2M_UNSHARE, &page_order, 0); + *mfn = p2m_get_gfn_type_access(hp2m, gfn, t, a, P2M_ALLOC | P2M_UNSHARE, + &page_order, 0); rc = -ESRCH; if ( !mfn_valid(*mfn) || *t != p2m_ram_rw ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 12:56:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 12:56:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301533.514610 (Exim 4.92) (envelope-from ) id 1nco9l-0000cy-Hw; Fri, 08 Apr 2022 12:56:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301533.514610; Fri, 08 Apr 2022 12:56:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9l-0000cp-Ek; Fri, 08 Apr 2022 12:56:05 +0000 Received: by outflank-mailman (input) for mailman id 301533; Fri, 08 Apr 2022 12:56:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9k-0000cd-Ut for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9k-0002KZ-U4 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nco9k-0002F1-T9 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VA9iloHEoDWbOX8AiVuahk95HeU6rgTe+hfomvoeh20=; b=klR8KEHAh+YU6q1ato3I8bIvsG w6L5bj65hiq7drHdaAF50k2mU3bvq+kgbFL7DYi/+Z0s9R7RP88QpnN7U+xHrRDO+9p2kdIOW/tgd /xwfSNxYckfwem2IX+rThw3P7BncnfIP9sukP6ey08/SmwOH0PVCYQwlQcG5icrtZk4g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/p2m: re-arrange {,__}put_gfn() Message-Id: Date: Fri, 08 Apr 2022 12:56:04 +0000 commit 819cdc5a7301222f0f5f9260cfe8cd9c87d81f2f Author: Jan Beulich AuthorDate: Fri Apr 8 14:47:11 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:47:11 2022 +0200 x86/p2m: re-arrange {,__}put_gfn() All explicit callers of __put_gfn() are in HVM-only code and hold a valid P2M pointer in their hands. Move the paging_mode_translate() check out of there into put_gfn(), renaming __put_gfn() and making its GFN parameter type-safe. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/hvm/hvm.c | 8 ++++---- xen/arch/x86/include/asm/p2m.h | 11 +++++++++-- xen/arch/x86/mm/hap/nested_hap.c | 2 +- xen/arch/x86/mm/p2m.c | 20 ++++++-------------- 4 files changed, 20 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 709a4191ef..5b16fb4cd8 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1962,9 +1962,9 @@ int hvm_hap_nested_page_fault(paddr_t gpa, unsigned long gla, * altp2m_list lock. */ if ( p2m != hostp2m ) - __put_gfn(p2m, gfn); + p2m_put_gfn(p2m, _gfn(gfn)); p2m_change_type_one(currd, gfn, p2m_ram_logdirty, p2m_ram_rw); - __put_gfn(hostp2m, gfn); + p2m_put_gfn(hostp2m, _gfn(gfn)); goto out; } @@ -1986,8 +1986,8 @@ int hvm_hap_nested_page_fault(paddr_t gpa, unsigned long gla, out_put_gfn: if ( p2m != hostp2m ) - __put_gfn(p2m, gfn); - __put_gfn(hostp2m, gfn); + p2m_put_gfn(p2m, _gfn(gfn)); + p2m_put_gfn(hostp2m, _gfn(gfn)); out: /* * All of these are delayed until we exit, since we might diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 789d5a4464..cd5cd1c3a3 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -509,9 +509,16 @@ static inline mfn_t __nonnull(3) get_gfn_type( P2M_ALLOC | P2M_UNSHARE) /* Will release the p2m_lock for this gfn entry. */ -void __put_gfn(struct p2m_domain *p2m, unsigned long gfn); +void p2m_put_gfn(struct p2m_domain *p2m, gfn_t gfn); -#define put_gfn(d, gfn) __put_gfn(p2m_get_hostp2m((d)), (gfn)) +static inline void put_gfn(struct domain *d, unsigned long gfn) +{ + if ( !paging_mode_translate(d) ) + /* Nothing to do in this case */ + return; + + p2m_put_gfn(p2m_get_hostp2m(d), _gfn(gfn)); +} /* The intent of the "unlocked" accessor is to have the caller not worry about * put_gfn. They apply to very specific situations: debug printk's, dumps diff --git a/xen/arch/x86/mm/hap/nested_hap.c b/xen/arch/x86/mm/hap/nested_hap.c index dbe5ad23a1..b19f657c27 100644 --- a/xen/arch/x86/mm/hap/nested_hap.c +++ b/xen/arch/x86/mm/hap/nested_hap.c @@ -149,7 +149,7 @@ static int nestedhap_walk_L0_p2m( direct_mmio_out: *L0_gpa = (mfn_x(mfn) << PAGE_SHIFT) + (L1_gpa & ~PAGE_MASK); out: - __put_gfn(p2m, L1_gpa >> PAGE_SHIFT); + p2m_put_gfn(p2m, gaddr_to_gfn(L1_gpa)); return rc; } diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 169f733d83..6b73a5b632 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -333,21 +333,13 @@ mfn_t p2m_get_gfn_type_access(struct p2m_domain *p2m, gfn_t gfn, return mfn; } -#endif /* CONFIG_HVM */ - -void __put_gfn(struct p2m_domain *p2m, unsigned long gfn) +void p2m_put_gfn(struct p2m_domain *p2m, gfn_t gfn) { - if ( !p2m || !paging_mode_translate(p2m->domain) ) - /* Nothing to do in this case */ - return; - - ASSERT(gfn_locked_by_me(p2m, gfn)); + ASSERT(gfn_locked_by_me(p2m, gfn_x(gfn))); - gfn_unlock(p2m, gfn, 0); + gfn_unlock(p2m, gfn_x(gfn), 0); } -#ifdef CONFIG_HVM - /* Atomically look up a GFN and take a reference count on the backing page. */ struct page_info *p2m_get_page_from_gfn( struct p2m_domain *p2m, gfn_t gfn, @@ -2222,10 +2214,10 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, if ( !ret ) ret = rc; - __put_gfn(p2m, gfn_x(gfn)); + p2m_put_gfn(p2m, gfn); } else - __put_gfn(p2m, gfn_x(gfn)); + p2m_put_gfn(p2m, gfn); } altp2m_list_unlock(d); @@ -2310,7 +2302,7 @@ void audit_p2m(struct domain *d, * blow away the m2p entry. */ set_gpfn_from_mfn(mfn, INVALID_M2P_ENTRY); } - __put_gfn(p2m, gfn); + p2m_put_gfn(p2m, _gfn(gfn)); P2M_PRINTK("OK: mfn=%#lx, gfn=%#lx, p2mfn=%#lx\n", mfn, gfn, mfn_x(p2mfn)); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 12:56:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 12:56:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301534.514615 (Exim 4.92) (envelope-from ) id 1nco9v-0000fs-JV; Fri, 08 Apr 2022 12:56:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301534.514615; Fri, 08 Apr 2022 12:56:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9v-0000fk-GH; Fri, 08 Apr 2022 12:56:15 +0000 Received: by outflank-mailman (input) for mailman id 301534; Fri, 08 Apr 2022 12:56:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9v-0000fY-1k for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nco9v-0002Kj-0w for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nco9v-0002Fc-09 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ae5RKe2PJa1ROAoDtapJ6xf8ipf9OsSv/LQeOFRBCsY=; b=oPWJGZPBVlY9pKdF0VglgYvgiu yI9SZdNtiwtQNs4UycTihe/wuV7MgU4PWSFgrbbjcd2Wji8BgiFKKTL00PSllO/C7tj6AnDXoXy9u nHJiEWTmTJnRXAkLsCYlOo7/PWQqb3fKohVdtu5+y6zgOS4Pio7Ytu69+LJp7EKkOoIs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] shr_pages field is MEM_SHARING-only Message-Id: Date: Fri, 08 Apr 2022 12:56:15 +0000 commit 5ca3be305d2a970db1731f5651374d60abdd322f Author: Jan Beulich AuthorDate: Fri Apr 8 14:47:56 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:47:56 2022 +0200 shr_pages field is MEM_SHARING-only Conditionalize it and its uses accordingly. The main goal though is to demonstrate that x86's p2m_teardown() is now empty when !HVM, which in particular means the last remaining use of p2m_lock() in this cases goes away. Signed-off-by: Jan Beulich Reviewed-by: Tamas K Lengyel Reviewed-by: George Dunlap --- xen/arch/x86/mm/p2m-basic.c | 6 +++--- xen/common/domctl.c | 2 ++ xen/common/keyhandler.c | 13 ++++++++++--- xen/include/xen/sched.h | 4 ++++ 4 files changed, 19 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/mm/p2m-basic.c b/xen/arch/x86/mm/p2m-basic.c index be4a08b9cb..89ae041244 100644 --- a/xen/arch/x86/mm/p2m-basic.c +++ b/xen/arch/x86/mm/p2m-basic.c @@ -159,7 +159,6 @@ void p2m_teardown(struct p2m_domain *p2m) { #ifdef CONFIG_HVM struct page_info *pg; -#endif struct domain *d; if ( !p2m ) @@ -169,16 +168,17 @@ void p2m_teardown(struct p2m_domain *p2m) p2m_lock(p2m); +#ifdef CONFIG_MEM_SHARING ASSERT(atomic_read(&d->shr_pages) == 0); +#endif -#ifdef CONFIG_HVM p2m->phys_table = pagetable_null(); while ( (pg = page_list_remove_head(&p2m->pages)) ) d->arch.paging.free_page(d, pg); -#endif p2m_unlock(p2m); +#endif } void p2m_final_teardown(struct domain *d) diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 9606fa4f1a..540a03e075 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -109,7 +109,9 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info) info->tot_pages = domain_tot_pages(d); info->max_pages = d->max_pages; info->outstanding_pages = d->outstanding_pages; +#ifdef CONFIG_MEM_SHARING info->shr_pages = atomic_read(&d->shr_pages); +#endif info->paged_pages = atomic_read(&d->paged_pages); info->shared_info_frame = gfn_x(mfn_to_gfn(d, _mfn(virt_to_mfn(d->shared_info)))); diff --git a/xen/common/keyhandler.c b/xen/common/keyhandler.c index b6e22d8120..256b394057 100644 --- a/xen/common/keyhandler.c +++ b/xen/common/keyhandler.c @@ -277,9 +277,16 @@ static void cf_check dump_domains(unsigned char key) printk(" refcnt=%d dying=%d pause_count=%d\n", atomic_read(&d->refcnt), d->is_dying, atomic_read(&d->pause_count)); - printk(" nr_pages=%d xenheap_pages=%d shared_pages=%u paged_pages=%u " - "dirty_cpus={%*pbl} max_pages=%u\n", - domain_tot_pages(d), d->xenheap_pages, atomic_read(&d->shr_pages), + printk(" nr_pages=%u xenheap_pages=%u" +#ifdef CONFIG_MEM_SHARING + " shared_pages=%u" +#endif + " paged_pages=%u" + " dirty_cpus={%*pbl} max_pages=%u\n", + domain_tot_pages(d), d->xenheap_pages, +#ifdef CONFIG_MEM_SHARING + atomic_read(&d->shr_pages), +#endif atomic_read(&d->paged_pages), CPUMASK_PR(d->dirty_cpumask), d->max_pages); printk(" handle=%02x%02x%02x%02x-%02x%02x-%02x%02x-" diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 406d9bc610..18404b3c98 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -387,7 +387,11 @@ struct domain unsigned int outstanding_pages; /* pages claimed but not possessed */ unsigned int max_pages; /* maximum value for domain_tot_pages() */ unsigned int extra_pages; /* pages not included in domain_tot_pages() */ + +#ifdef CONFIG_MEM_SHARING atomic_t shr_pages; /* shared pages */ +#endif + atomic_t paged_pages; /* paged-out pages */ /* Scheduling. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 12:56:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 12:56:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301535.514619 (Exim 4.92) (envelope-from ) id 1ncoA6-0000iY-LB; Fri, 08 Apr 2022 12:56:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301535.514619; Fri, 08 Apr 2022 12:56:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoA6-0000iQ-Hw; Fri, 08 Apr 2022 12:56:26 +0000 Received: by outflank-mailman (input) for mailman id 301535; Fri, 08 Apr 2022 12:56:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoA5-0000iD-6S for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoA5-0002Ku-5i for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoA5-0002GR-3W for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KezH8h0qmem0o44gGPXwOvYUwcjrpHJbh84Wzvoeqto=; b=kzGDyPVcsHSNzg7Kydg0vuYz3J Nd37DjhB1S+9xZQHSH9WJeaQFTYUbbizqW1VI5O+sCH2EM3sKiQ+/OTSQ+HkMzQ3cNZ9fTWNlTalM KpjPN9R5epNlOfUB6/ml2zMkp9sci6cRro3sSzJ22R7Ev0WGNivRrJ8ryM7Ub3YEqL7w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] paged_pages field is MEM_PAGING-only Message-Id: Date: Fri, 08 Apr 2022 12:56:25 +0000 commit 512699aa5196d8e4a03af5969802f7bd2843ab03 Author: Jan Beulich AuthorDate: Fri Apr 8 14:48:45 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:48:45 2022 +0200 paged_pages field is MEM_PAGING-only Conditionalize it and its uses accordingly. Signed-off-by: Jan Beulich Reviewed-by: Tamas K Lengyel Reviewed-by: George Dunlap --- xen/arch/x86/mm/mem_sharing.c | 2 ++ xen/arch/x86/mm/p2m.c | 2 ++ xen/common/domctl.c | 2 ++ xen/common/keyhandler.c | 8 ++++++-- xen/include/xen/sched.h | 2 ++ 5 files changed, 14 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index 703b1c06dc..a5c16b4429 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -1213,6 +1213,7 @@ int add_to_physmap(struct domain *sd, unsigned long sgfn, shr_handle_t sh, } else { +#ifdef CONFIG_MEM_PAGING /* * There is a chance we're plugging a hole where a paged out * page was. @@ -1238,6 +1239,7 @@ int add_to_physmap(struct domain *sd, unsigned long sgfn, shr_handle_t sh, put_page(cpage); } } +#endif } atomic_inc(&nr_saved_mfns); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 6b73a5b632..fb9d10b820 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -691,11 +691,13 @@ p2m_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, /* Count how man PoD entries we'll be replacing if successful */ pod_count++; } +#ifdef CONFIG_MEM_PAGING else if ( p2m_is_paging(ot) && (ot != p2m_ram_paging_out) ) { /* We're plugging a hole in the physmap where a paged out page was */ atomic_dec(&d->paged_pages); } +#endif } /* Then, look for m->p mappings for this range and deal with them */ diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 540a03e075..57135d4478 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -112,7 +112,9 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info) #ifdef CONFIG_MEM_SHARING info->shr_pages = atomic_read(&d->shr_pages); #endif +#ifdef CONFIG_MEM_PAGING info->paged_pages = atomic_read(&d->paged_pages); +#endif info->shared_info_frame = gfn_x(mfn_to_gfn(d, _mfn(virt_to_mfn(d->shared_info)))); BUG_ON(SHARED_M2P(info->shared_info_frame)); diff --git a/xen/common/keyhandler.c b/xen/common/keyhandler.c index 256b394057..ca9ee07901 100644 --- a/xen/common/keyhandler.c +++ b/xen/common/keyhandler.c @@ -281,14 +281,18 @@ static void cf_check dump_domains(unsigned char key) #ifdef CONFIG_MEM_SHARING " shared_pages=%u" #endif +#ifdef CONFIG_MEM_PAGING " paged_pages=%u" +#endif " dirty_cpus={%*pbl} max_pages=%u\n", domain_tot_pages(d), d->xenheap_pages, #ifdef CONFIG_MEM_SHARING atomic_read(&d->shr_pages), #endif - atomic_read(&d->paged_pages), CPUMASK_PR(d->dirty_cpumask), - d->max_pages); +#ifdef CONFIG_MEM_PAGING + atomic_read(&d->paged_pages), +#endif + CPUMASK_PR(d->dirty_cpumask), d->max_pages); printk(" handle=%02x%02x%02x%02x-%02x%02x-%02x%02x-" "%02x%02x-%02x%02x%02x%02x%02x%02x vm_assist=%08lx\n", d->handle[ 0], d->handle[ 1], d->handle[ 2], d->handle[ 3], diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 18404b3c98..ed8539f6d2 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -392,7 +392,9 @@ struct domain atomic_t shr_pages; /* shared pages */ #endif +#ifdef CONFIG_MEM_PAGING atomic_t paged_pages; /* paged-out pages */ +#endif /* Scheduling. */ void *sched_priv; /* scheduler-specific data */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 12:56:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 12:56:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301536.514623 (Exim 4.92) (envelope-from ) id 1ncoAG-0000ly-Nn; Fri, 08 Apr 2022 12:56:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301536.514623; Fri, 08 Apr 2022 12:56:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoAG-0000lq-Kv; Fri, 08 Apr 2022 12:56:36 +0000 Received: by outflank-mailman (input) for mailman id 301536; Fri, 08 Apr 2022 12:56:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoAF-0000lb-9s for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoAF-0002L6-8x for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoAF-0002HE-8D for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JoRRKh1SufqVeeu4L1l4HDOKPJ0rFgSseb2q+U3Hj+k=; b=UHzA/WtM59a1hOTJKj/X799lgh 7yDZgUxnyHIw0FgRZjscN/6ufXaphTT62jXj5k2ZeURFgVHSInN60AnImxDBmoQZ5sBFRLQI0Yjeo 0P0DXzHt3CIVbO0WZjY/BX/CMeOa+eTjoVVx0VgsbeVc9v/4UBwsfbjzovLgu4/8TnFI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/P2M: p2m.c is HVM-only Message-Id: Date: Fri, 08 Apr 2022 12:56:35 +0000 commit c479415610f0448bb07d39185e72ef36e08ebec0 Author: Jan Beulich AuthorDate: Fri Apr 8 14:50:29 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:50:29 2022 +0200 x86/P2M: p2m.c is HVM-only This only requires moving p2m_percpu_rwlock elsewhere (ultimately I think all P2M locking should go away as well when !HVM, but this looks to require further code juggling). The two other unguarded functions are already unneeded (by virtue of DCE) when !HVM. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/mm/Makefile | 2 +- xen/arch/x86/mm/p2m-basic.c | 2 ++ xen/arch/x86/mm/p2m.c | 10 ---------- 3 files changed, 3 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/Makefile b/xen/arch/x86/mm/Makefile index c6eca5ac82..0803ac9297 100644 --- a/xen/arch/x86/mm/Makefile +++ b/xen/arch/x86/mm/Makefile @@ -8,7 +8,7 @@ obj-$(CONFIG_MEM_ACCESS) += mem_access.o obj-$(CONFIG_MEM_PAGING) += mem_paging.o obj-$(CONFIG_MEM_SHARING) += mem_sharing.o obj-$(CONFIG_HVM) += nested.o -obj-y += p2m.o +obj-$(CONFIG_HVM) += p2m.o obj-y += p2m-basic.o obj-$(CONFIG_HVM) += p2m-ept.o p2m-pod.o p2m-pt.o obj-y += paging.o diff --git a/xen/arch/x86/mm/p2m-basic.c b/xen/arch/x86/mm/p2m-basic.c index 89ae041244..dcf94dbc7f 100644 --- a/xen/arch/x86/mm/p2m-basic.c +++ b/xen/arch/x86/mm/p2m-basic.c @@ -28,6 +28,8 @@ #include "mm-locks.h" #include "p2m.h" +DEFINE_PERCPU_RWLOCK_GLOBAL(p2m_percpu_rwlock); + /* Init the datastructures for later use by the p2m code */ static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) { diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index fb9d10b820..493702ce9b 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -53,10 +53,6 @@ bool_t __initdata opt_hap_1gb = 1, __initdata opt_hap_2mb = 1; boolean_param("hap_1gb", opt_hap_1gb); boolean_param("hap_2mb", opt_hap_2mb); -DEFINE_PERCPU_RWLOCK_GLOBAL(p2m_percpu_rwlock); - -#ifdef CONFIG_HVM - int p2m_init_logdirty(struct p2m_domain *p2m) { if ( p2m->logdirty_ranges ) @@ -258,8 +254,6 @@ void p2m_flush_hardware_cached_dirty(struct domain *d) } } -#endif /* CONFIG_HVM */ - /* * Force a synchronous P2M TLB flush if a deferred flush is pending. * @@ -286,8 +280,6 @@ void p2m_unlock_and_tlb_flush(struct p2m_domain *p2m) mm_write_unlock(&p2m->lock); } -#ifdef CONFIG_HVM - mfn_t p2m_get_gfn_type_access(struct p2m_domain *p2m, gfn_t gfn, p2m_type_t *t, p2m_access_t *a, p2m_query_t q, unsigned int *page_order, bool_t locked) @@ -2718,8 +2710,6 @@ int p2m_set_altp2m_view_visibility(struct domain *d, unsigned int altp2m_idx, return rc; } -#endif /* CONFIG_HVM */ - /* * Local variables: * mode: C -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 12:56:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 12:56:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301537.514627 (Exim 4.92) (envelope-from ) id 1ncoAQ-0000os-PN; Fri, 08 Apr 2022 12:56:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301537.514627; Fri, 08 Apr 2022 12:56:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoAQ-0000ok-MU; Fri, 08 Apr 2022 12:56:46 +0000 Received: by outflank-mailman (input) for mailman id 301537; Fri, 08 Apr 2022 12:56:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoAP-0000oU-DB for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoAP-0002LA-CO for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoAP-0002ID-Bl for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xg3Z3dlEdXyLttqY2GuiubxVO1liRM50lQ6eQV0EJkM=; b=eokgqoQKROPPelFalUpTeKH4uv 2edNwWXaLUGEkMotKKcREJef/JxHJvWvyQS/eYHqmQPowmUiUTjwssqxvZ6pOVAOITToJaO1LReuT qKa2P9CaAU7JZhPo9izA0dsgc/82hNYroCNi7aQymRxwrNAlTKMh8oFSP2KsALlMoAJE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/P2M: the majority for struct p2m_domain's fields are HVM-only Message-Id: Date: Fri, 08 Apr 2022 12:56:45 +0000 commit 347d36c2ec2b6f78cd1023f30b8426f2b1444ecc Author: Jan Beulich AuthorDate: Fri Apr 8 14:51:06 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:51:06 2022 +0200 x86/P2M: the majority for struct p2m_domain's fields are HVM-only ..., as are the majority of the locks involved. Conditionalize things accordingly. Also adjust the ioreq field's indentation at this occasion. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: George Dunlap --- xen/arch/x86/include/asm/p2m.h | 58 +++++++++++++++++++++++-------------- xen/arch/x86/mm.c | 3 ++ xen/arch/x86/mm/mm-locks.h | 4 +++ xen/arch/x86/mm/p2m-basic.c | 7 ++--- xen/arch/x86/mm/p2m.c | 2 ++ xen/drivers/passthrough/x86/iommu.c | 2 +- 6 files changed, 49 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index cd5cd1c3a3..6f14e7b46d 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -205,8 +205,10 @@ typedef enum { /* Per-p2m-table state */ struct p2m_domain { +#ifdef CONFIG_HVM /* Lock that protects updates to the p2m */ mm_rwlock_t lock; +#endif /* * Same as a domain's dirty_cpumask but limited to @@ -226,13 +228,14 @@ struct p2m_domain { */ p2m_access_t default_access; +#ifdef CONFIG_HVM + /* Host p2m: Log-dirty ranges registered for the domain. */ struct rangeset *logdirty_ranges; /* Host p2m: Global log-dirty mode enabled for the domain. */ bool global_logdirty; -#ifdef CONFIG_HVM /* Translated domain: p2m mapping */ pagetable_t phys_table; @@ -275,7 +278,6 @@ struct p2m_domain { unsigned int level); void (*write_p2m_entry_post)(struct p2m_domain *p2m, unsigned int oflags); -#endif #if P2M_AUDIT long (*audit_p2m)(struct p2m_domain *p2m); #endif @@ -310,7 +312,6 @@ struct p2m_domain { unsigned long min_remapped_gfn; unsigned long max_remapped_gfn; -#ifdef CONFIG_HVM /* Populate-on-demand variables * All variables are protected with the pod lock. We cannot rely on * the p2m lock if it's turned into a fine-grained lock. @@ -367,27 +368,27 @@ struct p2m_domain { * threaded on in LRU order. */ struct list_head np2m_list; -#endif union { struct ept_data ept; /* NPT-equivalent structure could be added here. */ }; - struct { - spinlock_t lock; - /* - * ioreq server who's responsible for the emulation of - * gfns with specific p2m type(for now, p2m_ioreq_server). - */ - struct ioreq_server *server; - /* - * flags specifies whether read, write or both operations - * are to be emulated by an ioreq server. - */ - unsigned int flags; - unsigned long entry_count; - } ioreq; + struct { + spinlock_t lock; + /* + * ioreq server who's responsible for the emulation of + * gfns with specific p2m type(for now, p2m_ioreq_server). + */ + struct ioreq_server *server; + /* + * flags specifies whether read, write or both operations + * are to be emulated by an ioreq server. + */ + unsigned int flags; + unsigned long entry_count; + } ioreq; +#endif /* CONFIG_HVM */ }; /* get host p2m table */ @@ -651,6 +652,15 @@ int p2m_finish_type_change(struct domain *d, gfn_t first_gfn, unsigned long max_nr); +static inline bool p2m_is_global_logdirty(const struct domain *d) +{ +#ifdef CONFIG_HVM + return p2m_get_hostp2m(d)->global_logdirty; +#else + return false; +#endif +} + int p2m_is_logdirty_range(struct p2m_domain *, unsigned long start, unsigned long end); @@ -792,6 +802,8 @@ extern void audit_p2m(struct domain *d, #define P2M_DEBUG(f, a...) do { (void)(f); } while(0) #endif +#ifdef CONFIG_HVM + /* * Functions specific to the p2m-pt implementation */ @@ -852,7 +864,7 @@ void cf_check nestedp2m_write_p2m_entry_post( /* * Alternate p2m: shadow p2m tables used for alternate memory views */ -#ifdef CONFIG_HVM + /* get current alternate p2m table */ static inline struct p2m_domain *p2m_get_altp2m(struct vcpu *v) { @@ -905,10 +917,10 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, /* Set a specific p2m view visibility */ int p2m_set_altp2m_view_visibility(struct domain *d, unsigned int idx, uint8_t visible); -#else +#else /* !CONFIG_HVM */ struct p2m_domain *p2m_get_altp2m(struct vcpu *v); static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} -#endif +#endif /* CONFIG_HVM */ /* p2m access to IOMMU flags */ static inline unsigned int p2m_access_to_iommu_flags(p2m_access_t p2ma) @@ -972,6 +984,8 @@ static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, return flags; } +#ifdef CONFIG_HVM + int p2m_set_ioreq_server(struct domain *d, unsigned int flags, struct ioreq_server *s); struct ioreq_server *p2m_get_ioreq_server(struct domain *d, @@ -1036,6 +1050,8 @@ static inline int p2m_entry_modify(struct p2m_domain *p2m, p2m_type_t nt, return 0; } +#endif /* CONFIG_HVM */ + #endif /* _XEN_ASM_X86_P2M_H */ /* diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index e90789085b..c271e383b5 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -480,8 +480,11 @@ unsigned int page_get_ram_type(mfn_t mfn) unsigned long domain_get_maximum_gpfn(struct domain *d) { +#ifdef CONFIG_HVM if ( is_hvm_domain(d) ) return p2m_get_hostp2m(d)->max_mapped_pfn; +#endif + /* NB. PV guests specify nr_pfns rather than max_pfn so we adjust here. */ return (arch_get_max_pfn(d) ?: 1) - 1; } diff --git a/xen/arch/x86/mm/mm-locks.h b/xen/arch/x86/mm/mm-locks.h index 831e56d281..c1523aeccf 100644 --- a/xen/arch/x86/mm/mm-locks.h +++ b/xen/arch/x86/mm/mm-locks.h @@ -237,6 +237,8 @@ static inline void mm_enforce_order_unlock(int unlock_level, * * ************************************************************************/ +#ifdef CONFIG_HVM + /* Nested P2M lock (per-domain) * * A per-domain lock that protects the mapping from nested-CR3 to @@ -354,6 +356,8 @@ declare_mm_lock(pod) #define pod_unlock(p) mm_unlock(&(p)->pod.lock) #define pod_locked_by_me(p) mm_locked_by_me(&(p)->pod.lock) +#endif /* CONFIG_HVM */ + /* Page alloc lock (per-domain) * * This is an external lock, not represented by an mm_lock_t. However, diff --git a/xen/arch/x86/mm/p2m-basic.c b/xen/arch/x86/mm/p2m-basic.c index dcf94dbc7f..9130fc2a70 100644 --- a/xen/arch/x86/mm/p2m-basic.c +++ b/xen/arch/x86/mm/p2m-basic.c @@ -28,16 +28,15 @@ #include "mm-locks.h" #include "p2m.h" -DEFINE_PERCPU_RWLOCK_GLOBAL(p2m_percpu_rwlock); - /* Init the datastructures for later use by the p2m code */ static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) { int ret = 0; - mm_rwlock_init(&p2m->lock); #ifdef CONFIG_HVM + mm_rwlock_init(&p2m->lock); INIT_PAGE_LIST_HEAD(&p2m->pages); + spin_lock_init(&p2m->ioreq.lock); #endif p2m->domain = d; @@ -55,8 +54,6 @@ static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) else p2m_pt_init(p2m); - spin_lock_init(&p2m->ioreq.lock); - return ret; } diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 493702ce9b..a2446f0c41 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -48,6 +48,8 @@ #undef virt_to_mfn #define virt_to_mfn(v) _mfn(__virt_to_mfn(v)) +DEFINE_PERCPU_RWLOCK_GLOBAL(p2m_percpu_rwlock); + /* Turn on/off host superpage page table support for hap, default on. */ bool_t __initdata opt_hap_1gb = 1, __initdata opt_hap_2mb = 1; boolean_param("hap_1gb", opt_hap_1gb); diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 209aeb8c2f..d5bf4d3241 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -518,7 +518,7 @@ bool arch_iommu_use_permitted(const struct domain *d) return d == dom_io || (likely(!mem_sharing_enabled(d)) && likely(!mem_paging_enabled(d)) && - likely(!p2m_get_hostp2m(d)->global_logdirty)); + likely(!p2m_is_global_logdirty(d))); } static int __init cf_check adjust_irq_affinities(void) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 12:56:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 12:56:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301538.514631 (Exim 4.92) (envelope-from ) id 1ncoAa-0000ro-RA; Fri, 08 Apr 2022 12:56:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301538.514631; Fri, 08 Apr 2022 12:56:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoAa-0000re-Ny; Fri, 08 Apr 2022 12:56:56 +0000 Received: by outflank-mailman (input) for mailman id 301538; Fri, 08 Apr 2022 12:56:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoAZ-0000rQ-G7 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoAZ-0002Lc-FM for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoAZ-0002J2-Em for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 12:56:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vrUvOi5qHUOq0KIbQkYe3fEA8xf/Wo1NVkymVuY+G54=; b=RmunOZQIBkDZfdpIQqpd51JL/I grC+G+LwqiAKQErZKMw4QPUEGPPU7cTN3XdtRloNhCpvAJGM3fSqtkcQ/mq4Gi8Ybljprpjdb4TRs 65bon26SDzyvFFkZPsPOxXadfo+dnSuEWtElcvfqIbn12rDCNySFoD5EzUc9pNi8od5M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/irq: skip unmap_domain_pirq XSM during destruction Message-Id: Date: Fri, 08 Apr 2022 12:56:55 +0000 commit 2e6f95a942d1927a53f077c301db0b799c54c05a Author: Jason Andryuk AuthorDate: Fri Apr 8 14:51:52 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:51:52 2022 +0200 x86/irq: skip unmap_domain_pirq XSM during destruction xsm_unmap_domain_irq was seen denying unmap_domain_pirq when called from complete_domain_destroy as an RCU callback. The source context was an unexpected, random domain. Since this is a xen-internal operation, going through the XSM hook is inapproriate. Check d->is_dying and skip the XSM hook when set since this is a cleanup operation for a domain being destroyed. Suggested-by: Roger Pau MonnĂ© Signed-off-by: Jason Andryuk Reviewed-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/irq.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 285ac399fb..de30ee7779 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -2340,8 +2340,14 @@ int unmap_domain_pirq(struct domain *d, int pirq) nr = msi_desc->msi.nvec; } - ret = xsm_unmap_domain_irq(XSM_HOOK, d, irq, - msi_desc ? msi_desc->dev : NULL); + /* + * When called by complete_domain_destroy via RCU, current is a random + * domain. Skip the XSM check since this is a Xen-initiated action. + */ + if ( !d->is_dying ) + ret = xsm_unmap_domain_irq(XSM_HOOK, d, irq, + msi_desc ? msi_desc->dev : NULL); + if ( ret ) goto done; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:00:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:00:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301545.514648 (Exim 4.92) (envelope-from ) id 1ncoDe-0002VX-D9; Fri, 08 Apr 2022 13:00:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301545.514648; Fri, 08 Apr 2022 13:00:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoDe-0002VO-8k; Fri, 08 Apr 2022 13:00:06 +0000 Received: by outflank-mailman (input) for mailman id 301545; Fri, 08 Apr 2022 13:00:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoDd-0002R6-FK for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoDd-0002Rn-Cp for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoDd-0002is-Bu for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DKvqcPiOoELPc96DL0S5iFyEvjiXhiIzd4IsGlLkFUY=; b=DUAc6Iq9XGeAGDcTYxq6o6UndD GNd7TwcSsGO/BoJHFtdnzOydJu8QZOGPKLpIb53DG+cCXCsRfrzm7c7SUz502lSxT6ErDUJ08bu+v MHs9vnmBLIR2MZmFGCybbq4gjDSAF8OepNjho11w2kqglSqnIpNbCa9rGwDFjsPNxgL8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] VT-d: don't needlessly look up DID Message-Id: Date: Fri, 08 Apr 2022 13:00:05 +0000 commit ab6f4a11629bd06b860c036f8ec604f7cd9fba68 Author: Jan Beulich AuthorDate: Fri Apr 8 14:55:55 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:55:55 2022 +0200 VT-d: don't needlessly look up DID If get_iommu_domid() in domain_context_unmap_one() fails, we better wouldn't clear the context entry in the first place, as we're then unable to issue the corresponding flush. However, we have no need to look up the DID in the first place: What needs flushing is very specifically the DID that was in the context entry before our clearing of it. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 445ab9852d69d8957467f0036098ebec75fec092 master date: 2022-04-07 12:29:03 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 22242ab208..bdb7489d73 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1828,18 +1828,12 @@ int domain_context_unmap_one( return 0; } + iommu_domid = context_domain_id(*context); + context_clear_present(*context); context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); - if ( iommu_domid == -1 ) - { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return -EINVAL; - } - rc = iommu_flush_context_device(iommu, iommu_domid, PCI_BDF2(bus, devfn), DMA_CCMD_MASK_NOBIT, 0); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:00:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:00:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301546.514650 (Exim 4.92) (envelope-from ) id 1ncoDo-0002cH-Dl; Fri, 08 Apr 2022 13:00:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301546.514650; Fri, 08 Apr 2022 13:00:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoDo-0002c9-AL; Fri, 08 Apr 2022 13:00:16 +0000 Received: by outflank-mailman (input) for mailman id 301546; Fri, 08 Apr 2022 13:00:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoDn-0002c1-Gv for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoDn-0002Ry-G1 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoDn-0002k6-FG for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Mdv2UP3h6hOpg6mjkpChmaN+b4JQ4EIYPZ/Fv2Hqqs4=; b=wrxzeyq2ZNf3pjcpImGhk7hS2z +I+JjFi2Na7Kg0/hjU9l1PtzarjkHSJin1BsA9+PFPnsCdkkZ4qWz0E9f0pc+yUjzG1JQdEukb/lN 8fgs7UBrfEZaYG/vMehKcryEbXLdgXpdI7H4paBVyZhQdiTYpDbbu+DzUc2BwlakU3C4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] VT-d: avoid NULL deref on domain_context_mapping_one() error paths Message-Id: Date: Fri, 08 Apr 2022 13:00:15 +0000 commit 0497023ae57649a23cde211dd022522724f993b6 Author: Jan Beulich AuthorDate: Fri Apr 8 14:56:54 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:56:54 2022 +0200 VT-d: avoid NULL deref on domain_context_mapping_one() error paths First there's a printk() which actually wrongly uses pdev in the first place: We want to log the coordinates of the (perhaps fake) device acted upon, which may not be pdev. Then it was quite pointless for eb19326a328d ("VT-d: prepare for per- device quarantine page tables (part I)") to add a domid_t parameter to domain_context_unmap_one(): It's only used to pass back here via me_wifi_quirk() -> map_me_phantom_function(). Drop the parameter again. Finally there's the invocation of domain_context_mapping_one(), which needs to be passed the correct domain ID. Avoid taking that path when pdev is NULL and the quarantine state is what would need restoring to. This means we can't security-support non-PCI-Express devices with RMRRs (if such exist in practice) any longer; note that as of trhe 1st of the two commits referenced below assigning them to DomU-s is unsupported anyway. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Fixes: 14dd241aad8a ("IOMMU/x86: use per-device page tables for quarantining") Coverity ID: 1503784 Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 608394b906e71587f02e6662597bc985bad33a5a master date: 2022-04-07 12:30:19 +0200 --- xen/drivers/passthrough/vtd/extern.h | 2 +- xen/drivers/passthrough/vtd/iommu.c | 34 +++++++++++++++++++--------------- xen/drivers/passthrough/vtd/quirks.c | 2 +- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 2f79b22a74..01e010a10d 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -88,7 +88,7 @@ int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, const struct pci_dev *pdev, domid_t domid, paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid); + uint8_t bus, uint8_t devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index bdb7489d73..a66e527ae8 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1531,7 +1531,7 @@ int domain_context_mapping_one( check_cleanup_domid_map(domain, pdev, iommu); printk(XENLOG_ERR "%pp: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), + &PCI_SBDF3(seg, bus, devfn), (uint64_t)(res >> 64), (uint64_t)res, (uint64_t)(old >> 64), (uint64_t)old); rc = -EILSEQ; @@ -1599,9 +1599,14 @@ int domain_context_mapping_one( if ( rc ) { - if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + if ( !prev_dom || + /* + * Unmapping here means DEV_TYPE_PCI devices with RMRRs (if such + * exist) would cause problems if such a region was actually + * accessed. + */ + (prev_dom == dom_io && !pdev) ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), @@ -1742,7 +1747,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, * Strictly speaking if the device is the only one behind this bridge * and the only one with this (secbus,0,0) tuple, it could be allowed * to be re-assigned regardless of RMRR presence. But let's deal with - * that case only if it is actually found in the wild. + * that case only if it is actually found in the wild. Note that + * dealing with this just here would still not render the operation + * secure. */ else if ( prev_present && (mode & MAP_WITH_RMRR) && domain != pdev->domain ) @@ -1807,7 +1814,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid) + uint8_t bus, uint8_t devfn) { struct context_entry *context, *context_entries; u64 maddr; @@ -1859,7 +1866,8 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, DOMID_INVALID, 0, + UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1908,8 +1916,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1922,8 +1929,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( ret ) break; @@ -1946,12 +1952,10 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); /* PCIe to PCI/PCIx bridge */ if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, secbus, 0); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index a1a164222c..7b8d0f4c63 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -427,7 +427,7 @@ static int __must_check map_me_phantom_function(struct domain *domain, domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), domid); + PCI_DEVFN(dev, 7)); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:00:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:00:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301547.514654 (Exim 4.92) (envelope-from ) id 1ncoDz-0002g6-HT; Fri, 08 Apr 2022 13:00:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301547.514654; Fri, 08 Apr 2022 13:00:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoDz-0002g1-EL; Fri, 08 Apr 2022 13:00:27 +0000 Received: by outflank-mailman (input) for mailman id 301547; Fri, 08 Apr 2022 13:00:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoDx-0002fN-K5 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoDx-0002SD-JI for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoDx-0002lF-IU for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3T60CHEI3qpeXYakwJGNY6UeBa7vwjSwjldCWFvhdac=; b=jhfHxb0A7RnIIQxtb2k6ZF38CN /uoXGa4nBvoh9+kK0gRJB2+B0U0Lnxx3xCvQ//OotxI5ycwqPduHySiosJNg8Mtzr6tpUp3YgJxbb vruaEUI87JZhCusewEqjMor1pXJMqgU2oz5oQQm8EO8XD0kBwPS+eHnkxSfi84Gao9DE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] VT-d: avoid infinite recursion on domain_context_mapping_one() error path Message-Id: Date: Fri, 08 Apr 2022 13:00:25 +0000 commit eedc5acfb32ec35c38e9b5fcaa3d28d8b0971855 Author: Jan Beulich AuthorDate: Fri Apr 8 14:57:25 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:57:25 2022 +0200 VT-d: avoid infinite recursion on domain_context_mapping_one() error path Despite the comment there infinite recursion was still possible, by flip-flopping between two domains. This is because prev_dom is derived from the DID found in the context entry, which was already updated by the time error recovery is invoked. Simply introduce yet another mode flag to prevent rolling back an in-progress roll-back of a prior mapping attempt. Also drop the existing recursion prevention for having been dead anyway: Earlier in the function we already bail when prev_dom == domain. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 99d829dba1390b98a3ca07b365713e62182ee7ca master date: 2022-04-07 12:31:16 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 9 ++++----- xen/drivers/passthrough/vtd/vtd.h | 3 ++- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index a66e527ae8..93dd8aa643 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1597,7 +1597,7 @@ int domain_context_mapping_one( if ( !seg && !rc ) rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); - if ( rc ) + if ( rc && !(mode & MAP_ERROR_RECOVERY) ) { if ( !prev_dom || /* @@ -1607,13 +1607,12 @@ int domain_context_mapping_one( */ (prev_dom == dom_io && !pdev) ) ret = domain_context_unmap_one(domain, iommu, bus, devfn); - else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + else ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), DEVICE_PGTABLE(prev_dom, pdev), - mode & MAP_WITH_RMRR) < 0; - else - ret = 1; + (mode & MAP_WITH_RMRR) | + MAP_ERROR_RECOVERY) < 0; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index e4ab242fee..cb2df76eed 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -29,7 +29,8 @@ #define MAP_WITH_RMRR (1u << 0) #define MAP_OWNER_DYING (1u << 1) #define MAP_SINGLE_DEVICE (1u << 2) -#define UNMAP_ME_PHANTOM_FUNC (1u << 3) +#define MAP_ERROR_RECOVERY (1u << 3) +#define UNMAP_ME_PHANTOM_FUNC (1u << 4) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:00:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:00:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301548.514658 (Exim 4.92) (envelope-from ) id 1ncoE9-0002j1-J3; Fri, 08 Apr 2022 13:00:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301548.514658; Fri, 08 Apr 2022 13:00:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoE9-0002it-G7; Fri, 08 Apr 2022 13:00:37 +0000 Received: by outflank-mailman (input) for mailman id 301548; Fri, 08 Apr 2022 13:00:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoE7-0002iZ-N5 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoE7-0002SO-MD for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoE7-0002m9-LT for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KzWxaiIa7X0kzHuDRD8c/bmbquhfnoZcOAv3yLU48Lo=; b=IWYe0Xozx6Sz6vocBC2C/8tX4m cXQsZv6rq1ILkWXtA2o9rYYBreWwkYkb37Ud73x2AptiZ2R4OC8ZmSE5VEHm6fZmlhrcsupz0rp0n PDJntSQN/QQCg60BHy4NgP2qFG3cPEGF4a4ingKq+ZKwCqFt3mRI4eCHanPw+LEHSWEI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies Message-Id: Date: Fri, 08 Apr 2022 13:00:35 +0000 commit 5a4935bff50d51cf26a4ae2a1c08663e853e47dc Author: Andrew Cooper AuthorDate: Fri Apr 8 14:57:54 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:57:54 2022 +0200 x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies c/s 1a914256dca5 increased the AMD max leaf from 0x8000001c to 0x80000021, but did not adjust anything in the calculate_*_policy() chain. As a result, on hardware supporting these leaves, we read the real hardware values into the raw policy, then copy into host, and all the way into the PV/HVM default policies. All 4 of these leaves have enable bits (first two by TopoExt, next by SEV, next by PQOS), so any software following the rules is fine and will leave them alone. However, leaf 0x8000001d takes a subleaf input and at least two userspace utilities have been observed to loop indefinitely under Xen (clearly waiting for eax to report "no more cache levels"). Such userspace is buggy, but Xen's behaviour isn't great either. In the short term, clobber all information in these leaves. This is a giant bodge, but there are complexities with implementing all of these leaves properly. Fixes: 1a914256dca5 ("x86/cpuid: support LFENCE always serialising CPUID bit") Link: https://github.com/QubesOS/qubes-issues/issues/7392 Reported-by: fosslinux Reported-by: Marek Marczykowski-GĂ³recki Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: d4012d50082c2eae2f3cbe7770be13b9227fbc3f master date: 2022-04-07 11:36:45 +0100 --- xen/arch/x86/cpuid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index c7f07ef7a6..ff335f1639 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -291,8 +291,15 @@ static void recalculate_misc(struct cpuid_policy *p) zero_leaves(p->extd.raw, 0xb, 0x18); + /* 0x19 - TLB details. Pass through. */ + /* 0x1a - Perf hints. Pass through. */ + p->extd.raw[0x1b] = EMPTY_LEAF; /* IBS - not supported. */ p->extd.raw[0x1c] = EMPTY_LEAF; /* LWP - not supported. */ + p->extd.raw[0x1d] = EMPTY_LEAF; /* TopoExt Cache */ + p->extd.raw[0x1e] = EMPTY_LEAF; /* TopoExt APIC ID/Core/Node */ + p->extd.raw[0x1f] = EMPTY_LEAF; /* SEV */ + p->extd.raw[0x20] = EMPTY_LEAF; /* Platform QoS */ break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:00:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:00:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301549.514662 (Exim 4.92) (envelope-from ) id 1ncoEJ-0002n2-Ke; Fri, 08 Apr 2022 13:00:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301549.514662; Fri, 08 Apr 2022 13:00:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoEJ-0002mu-Hc; Fri, 08 Apr 2022 13:00:47 +0000 Received: by outflank-mailman (input) for mailman id 301549; Fri, 08 Apr 2022 13:00:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoEH-0002mZ-QW for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoEH-0002SY-Pi for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoEH-0002nD-Ol for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sW6TYZuQuTbLwGMS8MsxnlP3I9imM5VlJe6xE0k4Qy0=; b=evniIGgP1MoYQEd6x7PIV09znA x1gCmIUgtwvVs2GoMzPxXhPoF2PgcC1DDKSORzeWNTHaGr3NNojdhbSghLDdRHOm6TtZ//lhQj58b /Usp/V3raAgrOumZ1jg3MWkmbvRZOxiMo+JrJtkYgYh4aXXWMAybOoSEwHwSDXGPtFHc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] vPCI: fix MSI-X PBA read/write gprintk()s Message-Id: Date: Fri, 08 Apr 2022 13:00:45 +0000 commit 44aae670cc28e0533cd893da408878c80a579876 Author: Jan Beulich AuthorDate: Fri Apr 8 14:58:25 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:58:25 2022 +0200 vPCI: fix MSI-X PBA read/write gprintk()s %pp wants the address of an SBDF, not that of a PCI device. Fixes: b4f211606011 ("vpci/msix: fix PBA accesses") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: d3f61beea4255e2d86ae82303384c57a3262435e master date: 2022-04-07 18:01:24 +0200 --- xen/drivers/vpci/msix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index ac5de98f6d..ea5d73a02a 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -247,7 +247,7 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, { gprintk(XENLOG_WARNING, "%pp: unable to map MSI-X PBA, report all pending\n", - msix->pdev); + &msix->pdev->sbdf); return X86EMUL_OKAY; } @@ -331,7 +331,7 @@ static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, /* Unable to map the PBA, ignore write. */ gprintk(XENLOG_WARNING, "%pp: unable to map MSI-X PBA, write ignored\n", - msix->pdev); + &msix->pdev->sbdf); return X86EMUL_OKAY; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:00:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:00:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301550.514666 (Exim 4.92) (envelope-from ) id 1ncoET-0002pf-M5; Fri, 08 Apr 2022 13:00:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301550.514666; Fri, 08 Apr 2022 13:00:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoET-0002pX-JI; Fri, 08 Apr 2022 13:00:57 +0000 Received: by outflank-mailman (input) for mailman id 301550; Fri, 08 Apr 2022 13:00:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoER-0002pK-U7 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoER-0002T6-T7 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoER-0002nv-SH for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:00:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DYACyNKfA9eMl7c4o+d8S1L/lSrryJVtH4xvU4Y1kNI=; b=c81mL2PRbkx119yvsuUWelb50f /m2DYD5Ogw7GjvKv5HVonNSK6f9287DIedKdymSFjp4KQfdht/+QE1BAUbg6YkrEIhAqMQvy+58lx gtnyYxg694noZNLGbrmC2rgVBbzA8J4vu+1crtNGYNpPJ7syW7iKhnTv/0E9lTxlRchE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] livepatch: do not ignore sections with 0 size Message-Id: Date: Fri, 08 Apr 2022 13:00:55 +0000 commit 46d80ba371b20a5201b7168a4fee924ba3f80303 Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 14:58:57 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:58:57 2022 +0200 livepatch: do not ignore sections with 0 size A side effect of ignoring such sections is that symbols belonging to them won't be resolved, and that could make relocations belonging to other sections that reference those symbols fail. For example it's likely to have an empty .altinstr_replacement with symbols pointing to it, and marking the section as ignored will prevent the symbols from being resolved, which in turn will cause any relocations against them to fail. In order to solve this do not ignore sections with 0 size, only ignore sections that don't have the SHF_ALLOC flag set. Special case such empty sections in move_payload so they are not taken into account in order to decide whether a livepatch can be safely re-applied after a revert. Fixes: 98b728a7b2 ('livepatch: Disallow applying after an revert') Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Ross Lagerwall master commit: 0dc1f929e8fed681dec09ca3ea8de38202d5bf30 master date: 2022-04-08 10:24:10 +0200 --- xen/common/livepatch.c | 16 +++++++++++----- xen/include/xen/livepatch_elf.h | 2 +- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 329b01c1e8..65c7e37c4f 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -301,9 +301,6 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) * and .shstrtab. For the non-relocate we allocate and copy these * via other means - and the .rel we can ignore as we only use it * once during loading. - * - * Also ignore sections with zero size. Those can be for example: - * data, or .bss. */ if ( livepatch_elf_ignore_section(elf->sec[i].sec) ) offset[i] = UINT_MAX; @@ -362,8 +359,17 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) else if ( elf->sec[i].sec->sh_flags & SHF_WRITE ) { buf = rw_buf; - rw_buf_sec = i; - rw_buf_cnt++; + if ( elf->sec[i].sec->sh_size ) + { + /* + * Special handling of RW empty regions: do not account for + * them in order to decide whether a patch can safely be + * re-applied, but assign them a load address so symbol + * resolution and relocations work. + */ + rw_buf_sec = i; + rw_buf_cnt++; + } } else buf = ro_buf; diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 9ad499ee8b..5b1ec469da 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -48,7 +48,7 @@ int livepatch_elf_perform_relocs(struct livepatch_elf *elf); static inline bool livepatch_elf_ignore_section(const Elf_Shdr *sec) { - return !(sec->sh_flags & SHF_ALLOC) || sec->sh_size == 0; + return !(sec->sh_flags & SHF_ALLOC); } #endif /* __XEN_LIVEPATCH_ELF_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:01:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:01:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301551.514670 (Exim 4.92) (envelope-from ) id 1ncoEe-0002t0-Ni; Fri, 08 Apr 2022 13:01:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301551.514670; Fri, 08 Apr 2022 13:01:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoEe-0002ss-Kp; Fri, 08 Apr 2022 13:01:08 +0000 Received: by outflank-mailman (input) for mailman id 301551; Fri, 08 Apr 2022 13:01:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoEd-0002se-Az for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:01:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoEd-0002TT-A5 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:01:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoEc-0002vX-Vg for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:01:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tkMOuh5SXLSfOM4q2UJfetzU1w7tZ73YMOyhmcSdtio=; b=Ffx04m3DZMI5EkmteYYROO5cVn OBjWsbLA1Hu9Zset/c67qgxyOsI+FTTUHXXqFq8Arp7F9JcBXhSA31cGyMTa5XRlfKt9ZmRNzmFcS qs5JsU3eFaGoXTOXemwaPn5snSsik1ipL0Iy7qNZJZvo7nGgYsBRw1ie88ZnrJvw4IIc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] livepatch: avoid relocations referencing ignored section symbols Message-Id: Date: Fri, 08 Apr 2022 13:01:06 +0000 commit b953760d0b564478e232e7e64823d2a1506e92b5 Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 14:59:27 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:59:27 2022 +0200 livepatch: avoid relocations referencing ignored section symbols Track whether symbols belong to ignored sections in order to avoid applying relocations referencing those symbols. The address of such symbols won't be resolved and thus the relocation will likely fail or write garbage to the destination. Return an error in that case, as leaving unresolved relocations would lead to malfunctioning payload code. Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Jan Beulich Reviewed-by: Ross Lagerwall master commit: 9120b5737f517fe9d2a3936c38d3a2211630323b master date: 2022-04-08 10:27:11 +0200 --- xen/arch/arm/arm32/livepatch.c | 7 +++++++ xen/arch/arm/arm64/livepatch.c | 7 +++++++ xen/arch/x86/livepatch.c | 7 +++++++ xen/common/livepatch_elf.c | 6 ++++++ xen/include/xen/livepatch_elf.h | 1 + 5 files changed, 28 insertions(+) diff --git a/xen/arch/arm/arm32/livepatch.c b/xen/arch/arm/arm32/livepatch.c index 5a06467008..3c50283b2a 100644 --- a/xen/arch/arm/arm32/livepatch.c +++ b/xen/arch/arm/arm32/livepatch.c @@ -272,6 +272,13 @@ int arch_livepatch_perform(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value; /* S */ diff --git a/xen/arch/arm/arm64/livepatch.c b/xen/arch/arm/arm64/livepatch.c index 6ec8dc60f0..62d2ef373a 100644 --- a/xen/arch/arm/arm64/livepatch.c +++ b/xen/arch/arm/arm64/livepatch.c @@ -270,6 +270,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value + r->r_addend; /* S+A */ diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index a3cb63a7ea..0172610ebf 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -290,6 +290,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = r->r_addend + elf->sym[symndx].sym->st_value; diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c index b089cacb1c..45d73912a3 100644 --- a/xen/common/livepatch_elf.c +++ b/xen/common/livepatch_elf.c @@ -334,7 +334,13 @@ int livepatch_elf_resolve_symbols(struct livepatch_elf *elf) } if ( livepatch_elf_ignore_section(elf->sec[idx].sec) ) + { + dprintk(XENLOG_DEBUG, LIVEPATCH + "%s: Symbol %s from section %s ignored\n", + elf->name, elf->sym[i].name, elf->sec[idx].name); + elf->sym[i].ignored = true; break; + } st_value += (unsigned long)elf->sec[idx].load_addr; if ( elf->sym[i].name ) diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 5b1ec469da..7116deaddc 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -22,6 +22,7 @@ struct livepatch_elf_sec { struct livepatch_elf_sym { const Elf_Sym *sym; const char *name; + bool ignored; }; struct livepatch_elf { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:11:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:11:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301552.514674 (Exim 4.92) (envelope-from ) id 1ncoOI-000454-G0; Fri, 08 Apr 2022 13:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301552.514674; Fri, 08 Apr 2022 13:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOI-00044w-D2; Fri, 08 Apr 2022 13:11:06 +0000 Received: by outflank-mailman (input) for mailman id 301552; Fri, 08 Apr 2022 13:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOG-00044q-KA for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOG-0002dp-H4 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoOG-00044Y-G6 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hg7hVvtdgCOGjzUucgrWIm4rl/zAPxXb/wuA7DBWFM8=; b=i5cU6nny/Zzp1k2bzcCyfHlPg/ XTQ+IT9UuFqkF8DDTjmHaFWM6EUsSJKz2ne7Rp1/UnjgeTSfv0hfdbX77LK0jVBDfY7+fcELvaNaW 6ENocGJaOuCmOgF1wjUlyczcM23OOXolLUfSL+7Y9B/uyoHuqefQwny+v2br8E91QUj8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] VT-d: don't needlessly look up DID Message-Id: Date: Fri, 08 Apr 2022 13:11:04 +0000 commit a5b52c357c3b411c0b9ba9bad173e467c2c1027d Author: Jan Beulich AuthorDate: Fri Apr 8 15:00:29 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:00:29 2022 +0200 VT-d: don't needlessly look up DID If get_iommu_domid() in domain_context_unmap_one() fails, we better wouldn't clear the context entry in the first place, as we're then unable to issue the corresponding flush. However, we have no need to look up the DID in the first place: What needs flushing is very specifically the DID that was in the context entry before our clearing of it. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 445ab9852d69d8957467f0036098ebec75fec092 master date: 2022-04-07 12:29:03 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index c1ae66c8ef..cf5f15fe01 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1815,18 +1815,12 @@ int domain_context_unmap_one( return 0; } + iommu_domid = context_domain_id(*context); + context_clear_present(*context); context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); - if ( iommu_domid == -1 ) - { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return -EINVAL; - } - rc = iommu_flush_context_device(iommu, iommu_domid, PCI_BDF2(bus, devfn), DMA_CCMD_MASK_NOBIT, 0); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:11:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301553.514680 (Exim 4.92) (envelope-from ) id 1ncoOS-00047D-IX; Fri, 08 Apr 2022 13:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301553.514680; Fri, 08 Apr 2022 13:11:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOS-000475-EZ; Fri, 08 Apr 2022 13:11:16 +0000 Received: by outflank-mailman (input) for mailman id 301553; Fri, 08 Apr 2022 13:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOQ-00046t-MS for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOQ-0002e6-LY for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoOQ-00045O-JT for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZpzYS0SXRohXXGdZWBTQsfIZCyKozR7sCFnXaX2l29E=; b=aEeBVN2Zpn0GJCA/uXGXHeSIjs 7MJ/YMtgocBgSADYUEpzCovzf2pTX6Yt8h3C3BfMEZucpfHKrSF9WM9f9i104soG92gil3kimpZu8 RAyijHp+fKMAjM8RW2tVBMdIhZODXKyVOgoLfnZiMzOvT+ZpGnw9cYx9wWGU8hd4tz14=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] VT-d: avoid NULL deref on domain_context_mapping_one() error paths Message-Id: Date: Fri, 08 Apr 2022 13:11:14 +0000 commit 3ecdd44f288782ffd7e81d200c9071c723113f1e Author: Jan Beulich AuthorDate: Fri Apr 8 15:01:07 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:01:07 2022 +0200 VT-d: avoid NULL deref on domain_context_mapping_one() error paths First there's a printk() which actually wrongly uses pdev in the first place: We want to log the coordinates of the (perhaps fake) device acted upon, which may not be pdev. Then it was quite pointless for eb19326a328d ("VT-d: prepare for per- device quarantine page tables (part I)") to add a domid_t parameter to domain_context_unmap_one(): It's only used to pass back here via me_wifi_quirk() -> map_me_phantom_function(). Drop the parameter again. Finally there's the invocation of domain_context_mapping_one(), which needs to be passed the correct domain ID. Avoid taking that path when pdev is NULL and the quarantine state is what would need restoring to. This means we can't security-support non-PCI-Express devices with RMRRs (if such exist in practice) any longer; note that as of trhe 1st of the two commits referenced below assigning them to DomU-s is unsupported anyway. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Fixes: 14dd241aad8a ("IOMMU/x86: use per-device page tables for quarantining") Coverity ID: 1503784 Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 608394b906e71587f02e6662597bc985bad33a5a master date: 2022-04-07 12:30:19 +0200 --- xen/drivers/passthrough/vtd/extern.h | 2 +- xen/drivers/passthrough/vtd/iommu.c | 34 +++++++++++++++++++--------------- xen/drivers/passthrough/vtd/quirks.c | 2 +- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 9a11278b98..cf4d2218fa 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -88,7 +88,7 @@ int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, const struct pci_dev *pdev, domid_t domid, paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid); + uint8_t bus, uint8_t devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index cf5f15fe01..e9b6ed64e9 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1520,7 +1520,7 @@ int domain_context_mapping_one( check_cleanup_domid_map(domain, pdev, iommu); printk(XENLOG_ERR "%pp: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), + &PCI_SBDF3(seg, bus, devfn), (uint64_t)(res >> 64), (uint64_t)res, (uint64_t)(old >> 64), (uint64_t)old); rc = -EILSEQ; @@ -1588,9 +1588,14 @@ int domain_context_mapping_one( if ( rc ) { - if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + if ( !prev_dom || + /* + * Unmapping here means DEV_TYPE_PCI devices with RMRRs (if such + * exist) would cause problems if such a region was actually + * accessed. + */ + (prev_dom == dom_io && !pdev) ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), @@ -1729,7 +1734,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, * Strictly speaking if the device is the only one behind this bridge * and the only one with this (secbus,0,0) tuple, it could be allowed * to be re-assigned regardless of RMRR presence. But let's deal with - * that case only if it is actually found in the wild. + * that case only if it is actually found in the wild. Note that + * dealing with this just here would still not render the operation + * secure. */ else if ( prev_present && (mode & MAP_WITH_RMRR) && domain != pdev->domain ) @@ -1794,7 +1801,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid) + uint8_t bus, uint8_t devfn) { struct context_entry *context, *context_entries; u64 maddr; @@ -1846,7 +1853,8 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, DOMID_INVALID, 0, + UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1899,8 +1907,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1910,8 +1917,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( ret ) break; @@ -1934,12 +1940,10 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); /* PCIe to PCI/PCIx bridge */ if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, secbus, 0); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index b51b2bd1c5..f218e78681 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -364,7 +364,7 @@ static int __must_check map_me_phantom_function(struct domain *domain, domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), domid); + PCI_DEVFN(dev, 7)); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301554.514682 (Exim 4.92) (envelope-from ) id 1ncoOc-0004Ar-LE; Fri, 08 Apr 2022 13:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301554.514682; Fri, 08 Apr 2022 13:11:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOc-0004Ai-ID; Fri, 08 Apr 2022 13:11:26 +0000 Received: by outflank-mailman (input) for mailman id 301554; Fri, 08 Apr 2022 13:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOa-0004AF-PS for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOa-0002eI-Ob for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoOa-00045r-Nq for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3oeSyCzrPzQpdV1Y2QemhGEw/lkEHwU59BOZztZ+9I0=; b=fovY5tuyO+MNatBT1OELPPDnvK 5/pmO+2xA3hPv2DnNdzgnDhEP7N6NVWScv9Yan+8WBcONyNENqHLbdaAs82se3sca3THbEkTfRYAt LLGyGIZl/B/p4QH9vghzgL92oG63hB28HFJ12ggEG76+RO8KJN1s08Hr2x/qRkMPnSwA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] VT-d: avoid infinite recursion on domain_context_mapping_one() error path Message-Id: Date: Fri, 08 Apr 2022 13:11:24 +0000 commit b3ee746000f37f38b41bfec97d37dbb1d4f3eca4 Author: Jan Beulich AuthorDate: Fri Apr 8 15:01:42 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:01:42 2022 +0200 VT-d: avoid infinite recursion on domain_context_mapping_one() error path Despite the comment there infinite recursion was still possible, by flip-flopping between two domains. This is because prev_dom is derived from the DID found in the context entry, which was already updated by the time error recovery is invoked. Simply introduce yet another mode flag to prevent rolling back an in-progress roll-back of a prior mapping attempt. Also drop the existing recursion prevention for having been dead anyway: Earlier in the function we already bail when prev_dom == domain. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 99d829dba1390b98a3ca07b365713e62182ee7ca master date: 2022-04-07 12:31:16 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 9 ++++----- xen/drivers/passthrough/vtd/vtd.h | 3 ++- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index e9b6ed64e9..68dd2f5500 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1586,7 +1586,7 @@ int domain_context_mapping_one( if ( !seg && !rc ) rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); - if ( rc ) + if ( rc && !(mode & MAP_ERROR_RECOVERY) ) { if ( !prev_dom || /* @@ -1596,13 +1596,12 @@ int domain_context_mapping_one( */ (prev_dom == dom_io && !pdev) ) ret = domain_context_unmap_one(domain, iommu, bus, devfn); - else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + else ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), DEVICE_PGTABLE(prev_dom, pdev), - mode & MAP_WITH_RMRR) < 0; - else - ret = 1; + (mode & MAP_WITH_RMRR) | + MAP_ERROR_RECOVERY) < 0; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index e4ab242fee..cb2df76eed 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -29,7 +29,8 @@ #define MAP_WITH_RMRR (1u << 0) #define MAP_OWNER_DYING (1u << 1) #define MAP_SINGLE_DEVICE (1u << 2) -#define UNMAP_ME_PHANTOM_FUNC (1u << 3) +#define MAP_ERROR_RECOVERY (1u << 3) +#define UNMAP_ME_PHANTOM_FUNC (1u << 4) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:11:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:11:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301555.514686 (Exim 4.92) (envelope-from ) id 1ncoOm-0004Dp-Mw; Fri, 08 Apr 2022 13:11:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301555.514686; Fri, 08 Apr 2022 13:11:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOm-0004Dh-Jj; Fri, 08 Apr 2022 13:11:36 +0000 Received: by outflank-mailman (input) for mailman id 301555; Fri, 08 Apr 2022 13:11:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOk-0004DR-Se for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOk-0002eT-Rn for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoOk-00046M-Qn for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=U48veXQqy1XSJWTPQyqQOj7lWIVhpFV8J0ItrGPa7Dk=; b=DmQt276kyadQrcemuothHWfO2f wAh9D2vUGiLmxW06UN0JJ/t27izJbguL2roC/S13MjfcALLCKJOD1JHOWljmjg+EJyjcYv45dPvmu p//SA0K9GWjhypC+bXBbMKl4WLcNI7aTfx22SH7YhIL16Jb5U8qyz0THKV28OxsSKo2Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies Message-Id: Date: Fri, 08 Apr 2022 13:11:34 +0000 commit d32c347edb73521dabc543934aa3da9be79f9052 Author: Andrew Cooper AuthorDate: Fri Apr 8 15:02:12 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:02:12 2022 +0200 x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies c/s 1a914256dca5 increased the AMD max leaf from 0x8000001c to 0x80000021, but did not adjust anything in the calculate_*_policy() chain. As a result, on hardware supporting these leaves, we read the real hardware values into the raw policy, then copy into host, and all the way into the PV/HVM default policies. All 4 of these leaves have enable bits (first two by TopoExt, next by SEV, next by PQOS), so any software following the rules is fine and will leave them alone. However, leaf 0x8000001d takes a subleaf input and at least two userspace utilities have been observed to loop indefinitely under Xen (clearly waiting for eax to report "no more cache levels"). Such userspace is buggy, but Xen's behaviour isn't great either. In the short term, clobber all information in these leaves. This is a giant bodge, but there are complexities with implementing all of these leaves properly. Fixes: 1a914256dca5 ("x86/cpuid: support LFENCE always serialising CPUID bit") Link: https://github.com/QubesOS/qubes-issues/issues/7392 Reported-by: fosslinux Reported-by: Marek Marczykowski-GĂ³recki Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: d4012d50082c2eae2f3cbe7770be13b9227fbc3f master date: 2022-04-07 11:36:45 +0100 --- xen/arch/x86/cpuid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 880480208b..ee2c4ea03a 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -289,8 +289,15 @@ static void recalculate_misc(struct cpuid_policy *p) zero_leaves(p->extd.raw, 0xb, 0x18); + /* 0x19 - TLB details. Pass through. */ + /* 0x1a - Perf hints. Pass through. */ + p->extd.raw[0x1b] = EMPTY_LEAF; /* IBS - not supported. */ p->extd.raw[0x1c] = EMPTY_LEAF; /* LWP - not supported. */ + p->extd.raw[0x1d] = EMPTY_LEAF; /* TopoExt Cache */ + p->extd.raw[0x1e] = EMPTY_LEAF; /* TopoExt APIC ID/Core/Node */ + p->extd.raw[0x1f] = EMPTY_LEAF; /* SEV */ + p->extd.raw[0x20] = EMPTY_LEAF; /* Platform QoS */ break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:11:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:11:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301556.514690 (Exim 4.92) (envelope-from ) id 1ncoOv-0004Gt-ON; Fri, 08 Apr 2022 13:11:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301556.514690; Fri, 08 Apr 2022 13:11:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOv-0004Gl-LK; Fri, 08 Apr 2022 13:11:45 +0000 Received: by outflank-mailman (input) for mailman id 301556; Fri, 08 Apr 2022 13:11:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOu-0004Gd-Ve for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoOu-0002ed-Ur for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoOu-000475-Tx for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ngsWysPSfCPOYnQE+G/NB/C0Yl6E15OedvX5nHlxnrs=; b=e/2jTSBlgOFOvg6dA6YbyD3QxL vJ7OBaKfmuQNhLg4nx7BPrT24CHzBbgM8hkE/D+1Wxs9+42VumT/vIJJ7uN1GEnVWdKwqE7FhZNcY SRFf+8UBkvhPP3iKR5NUG2mPG5wzK0VvW3slrdbFSBbactYNrsxC79cumxXilrWTKk/s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] vPCI: fix MSI-X PBA read/write gprintk()s Message-Id: Date: Fri, 08 Apr 2022 13:11:44 +0000 commit 2119c91edb6f6df8014c04b94a920f4cbf32f2fa Author: Jan Beulich AuthorDate: Fri Apr 8 15:02:45 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:02:45 2022 +0200 vPCI: fix MSI-X PBA read/write gprintk()s %pp wants the address of an SBDF, not that of a PCI device. Fixes: b4f211606011 ("vpci/msix: fix PBA accesses") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: d3f61beea4255e2d86ae82303384c57a3262435e master date: 2022-04-07 18:01:24 +0200 --- xen/drivers/vpci/msix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index ac5de98f6d..ea5d73a02a 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -247,7 +247,7 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, { gprintk(XENLOG_WARNING, "%pp: unable to map MSI-X PBA, report all pending\n", - msix->pdev); + &msix->pdev->sbdf); return X86EMUL_OKAY; } @@ -331,7 +331,7 @@ static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, /* Unable to map the PBA, ignore write. */ gprintk(XENLOG_WARNING, "%pp: unable to map MSI-X PBA, write ignored\n", - msix->pdev); + &msix->pdev->sbdf); return X86EMUL_OKAY; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:11:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:11:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301557.514694 (Exim 4.92) (envelope-from ) id 1ncoP5-0004Jn-PV; Fri, 08 Apr 2022 13:11:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301557.514694; Fri, 08 Apr 2022 13:11:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoP5-0004Jf-Mn; Fri, 08 Apr 2022 13:11:55 +0000 Received: by outflank-mailman (input) for mailman id 301557; Fri, 08 Apr 2022 13:11:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoP5-0004JY-2i for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoP5-0002f8-1r for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoP5-00047g-14 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:11:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uo4GEnGQmB0XEctr5z+RdtpfnjMZpO0+jB5QvOo0d+8=; b=Lwhe/y1CZFLujdbMFA62aYUqTz R1p3qF7COITzdRm/c1i0o0Is9wQC33BXqp4xLKm0fKEQYa3fGFoXKnGjzWjgS+aB2b9VVBfr2024r iMOEYN2/MWGbZsX+KT/Ox48N7xaNHsfPzmxHmaFp/vI8KV4DRkR8reNx1EZqhmOhioH4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] livepatch: do not ignore sections with 0 size Message-Id: Date: Fri, 08 Apr 2022 13:11:55 +0000 commit cf395f82c90b59367f01f96a2532e444b4257b74 Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 15:03:15 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:03:15 2022 +0200 livepatch: do not ignore sections with 0 size A side effect of ignoring such sections is that symbols belonging to them won't be resolved, and that could make relocations belonging to other sections that reference those symbols fail. For example it's likely to have an empty .altinstr_replacement with symbols pointing to it, and marking the section as ignored will prevent the symbols from being resolved, which in turn will cause any relocations against them to fail. In order to solve this do not ignore sections with 0 size, only ignore sections that don't have the SHF_ALLOC flag set. Special case such empty sections in move_payload so they are not taken into account in order to decide whether a livepatch can be safely re-applied after a revert. Fixes: 98b728a7b2 ('livepatch: Disallow applying after an revert') Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Ross Lagerwall master commit: 0dc1f929e8fed681dec09ca3ea8de38202d5bf30 master date: 2022-04-08 10:24:10 +0200 --- xen/common/livepatch.c | 16 +++++++++++----- xen/include/xen/livepatch_elf.h | 2 +- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 329b01c1e8..65c7e37c4f 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -301,9 +301,6 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) * and .shstrtab. For the non-relocate we allocate and copy these * via other means - and the .rel we can ignore as we only use it * once during loading. - * - * Also ignore sections with zero size. Those can be for example: - * data, or .bss. */ if ( livepatch_elf_ignore_section(elf->sec[i].sec) ) offset[i] = UINT_MAX; @@ -362,8 +359,17 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) else if ( elf->sec[i].sec->sh_flags & SHF_WRITE ) { buf = rw_buf; - rw_buf_sec = i; - rw_buf_cnt++; + if ( elf->sec[i].sec->sh_size ) + { + /* + * Special handling of RW empty regions: do not account for + * them in order to decide whether a patch can safely be + * re-applied, but assign them a load address so symbol + * resolution and relocations work. + */ + rw_buf_sec = i; + rw_buf_cnt++; + } } else buf = ro_buf; diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 9ad499ee8b..5b1ec469da 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -48,7 +48,7 @@ int livepatch_elf_perform_relocs(struct livepatch_elf *elf); static inline bool livepatch_elf_ignore_section(const Elf_Shdr *sec) { - return !(sec->sh_flags & SHF_ALLOC) || sec->sh_size == 0; + return !(sec->sh_flags & SHF_ALLOC); } #endif /* __XEN_LIVEPATCH_ELF_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:12:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:12:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301558.514697 (Exim 4.92) (envelope-from ) id 1ncoPF-0004Me-RB; Fri, 08 Apr 2022 13:12:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301558.514697; Fri, 08 Apr 2022 13:12:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPF-0004MX-OL; Fri, 08 Apr 2022 13:12:05 +0000 Received: by outflank-mailman (input) for mailman id 301558; Fri, 08 Apr 2022 13:12:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPF-0004MM-7B for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPF-0002fV-6O for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoPF-00048W-4H for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UwSEdWtlrjeP22QcsvQPPeuB8ZgmXoQdEG99Mok+BUE=; b=AH1LztkNumlpmW6km4Xnc5Tw6n XjkGqBL60CMFgQBazUqKBvyiHzraKY41mfQfaj2Dw7rqayARjo2s2uhiNyO8+Gvl/T/Xx9w5+jebc B8xgVFMdh2GbIqgWKeSaLFBmH8Fi17k7fhOaU4jNWeXkiiIS6UdSX8Q+0HD9NMfGipOk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] livepatch: avoid relocations referencing ignored section symbols Message-Id: Date: Fri, 08 Apr 2022 13:12:05 +0000 commit d9e73f6320b311d739546d6325e530f07392c100 Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 15:03:46 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:03:46 2022 +0200 livepatch: avoid relocations referencing ignored section symbols Track whether symbols belong to ignored sections in order to avoid applying relocations referencing those symbols. The address of such symbols won't be resolved and thus the relocation will likely fail or write garbage to the destination. Return an error in that case, as leaving unresolved relocations would lead to malfunctioning payload code. Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Jan Beulich Reviewed-by: Ross Lagerwall master commit: 9120b5737f517fe9d2a3936c38d3a2211630323b master date: 2022-04-08 10:27:11 +0200 --- xen/arch/arm/arm32/livepatch.c | 7 +++++++ xen/arch/arm/arm64/livepatch.c | 7 +++++++ xen/arch/x86/livepatch.c | 7 +++++++ xen/common/livepatch_elf.c | 6 ++++++ xen/include/xen/livepatch_elf.h | 1 + 5 files changed, 28 insertions(+) diff --git a/xen/arch/arm/arm32/livepatch.c b/xen/arch/arm/arm32/livepatch.c index 5a06467008..3c50283b2a 100644 --- a/xen/arch/arm/arm32/livepatch.c +++ b/xen/arch/arm/arm32/livepatch.c @@ -272,6 +272,13 @@ int arch_livepatch_perform(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value; /* S */ diff --git a/xen/arch/arm/arm64/livepatch.c b/xen/arch/arm/arm64/livepatch.c index 6ec8dc60f0..62d2ef373a 100644 --- a/xen/arch/arm/arm64/livepatch.c +++ b/xen/arch/arm/arm64/livepatch.c @@ -270,6 +270,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value + r->r_addend; /* S+A */ diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index a3cb63a7ea..0172610ebf 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -290,6 +290,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = r->r_addend + elf->sym[symndx].sym->st_value; diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c index b089cacb1c..45d73912a3 100644 --- a/xen/common/livepatch_elf.c +++ b/xen/common/livepatch_elf.c @@ -334,7 +334,13 @@ int livepatch_elf_resolve_symbols(struct livepatch_elf *elf) } if ( livepatch_elf_ignore_section(elf->sec[idx].sec) ) + { + dprintk(XENLOG_DEBUG, LIVEPATCH + "%s: Symbol %s from section %s ignored\n", + elf->name, elf->sym[i].name, elf->sec[idx].name); + elf->sym[i].ignored = true; break; + } st_value += (unsigned long)elf->sec[idx].load_addr; if ( elf->sym[i].name ) diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 5b1ec469da..7116deaddc 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -22,6 +22,7 @@ struct livepatch_elf_sec { struct livepatch_elf_sym { const Elf_Sym *sym; const char *name; + bool ignored; }; struct livepatch_elf { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:12:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:12:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301559.514701 (Exim 4.92) (envelope-from ) id 1ncoPQ-0004PU-T5; Fri, 08 Apr 2022 13:12:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301559.514701; Fri, 08 Apr 2022 13:12:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPQ-0004PL-Q4; Fri, 08 Apr 2022 13:12:16 +0000 Received: by outflank-mailman (input) for mailman id 301559; Fri, 08 Apr 2022 13:12:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPP-0004PD-Lg for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPP-0002fi-Kt for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoPP-0004Be-K3 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FqnqjfiGa2dzVv8dI7FqxRcXUkiOcnm9E3QA8RHlanY=; b=JY+7gm4uCfaKItaNz1DYe57Fx1 97uY0TRle0Q/fnHlTSJN58BI3zj1+NQbi0mU0K3qCmkGItJf8mNGfKlKcUCPvLS6Cn7OK9QwERN1F GJQgRkY+HSzgaEsomvEkc6V1EIvzbQiN4svB8EhQyf74YHFpUkS0tOhjsGhEGFcdrpN4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] VT-d: don't needlessly look up DID Message-Id: Date: Fri, 08 Apr 2022 13:12:15 +0000 commit d3568578ba9d776733b123487ea6e3e0bff0717f Author: Jan Beulich AuthorDate: Fri Apr 8 15:05:16 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:05:16 2022 +0200 VT-d: don't needlessly look up DID If get_iommu_domid() in domain_context_unmap_one() fails, we better wouldn't clear the context entry in the first place, as we're then unable to issue the corresponding flush. However, we have no need to look up the DID in the first place: What needs flushing is very specifically the DID that was in the context entry before our clearing of it. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 445ab9852d69d8957467f0036098ebec75fec092 master date: 2022-04-07 12:29:03 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 391a815d30..6f4cd48855 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1829,18 +1829,12 @@ int domain_context_unmap_one( return 0; } + iommu_domid = context_domain_id(*context); + context_clear_present(*context); context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); - if ( iommu_domid == -1 ) - { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return -EINVAL; - } - rc = iommu_flush_context_device(iommu, iommu_domid, PCI_BDF2(bus, devfn), DMA_CCMD_MASK_NOBIT, 0); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:12:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:12:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301560.514706 (Exim 4.92) (envelope-from ) id 1ncoPa-0004SI-Uk; Fri, 08 Apr 2022 13:12:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301560.514706; Fri, 08 Apr 2022 13:12:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPa-0004S7-Re; Fri, 08 Apr 2022 13:12:26 +0000 Received: by outflank-mailman (input) for mailman id 301560; Fri, 08 Apr 2022 13:12:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPa-0004Rz-BA for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPZ-0002fm-O5 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoPZ-0004CP-NE for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=A9O0B4W93nOvfCAZV1eh3eqXbCvl7ugifnx6U9T5chA=; b=uWr0sjYyiDC45h6VdiaiRGcBvs cnZAdIilSdKI6LsmL2+pbgXBOH2hAs392TC8AJnWfqSJTsnA/l/OU2dp9Uu22+kMyR3H58auxs1b2 vfWRemfVrKETK+3bP2OHmT9LBsx59NwiqgF1wx1wqhy4QmAxj56tLDPRQwswJ24qZ7qI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] VT-d: avoid NULL deref on domain_context_mapping_one() error paths Message-Id: Date: Fri, 08 Apr 2022 13:12:25 +0000 commit 78630ac4be0076ba65bfed4a59bbd0b0ca0bbf1d Author: Jan Beulich AuthorDate: Fri Apr 8 15:05:56 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:05:56 2022 +0200 VT-d: avoid NULL deref on domain_context_mapping_one() error paths First there's a printk() which actually wrongly uses pdev in the first place: We want to log the coordinates of the (perhaps fake) device acted upon, which may not be pdev. Then it was quite pointless for eb19326a328d ("VT-d: prepare for per- device quarantine page tables (part I)") to add a domid_t parameter to domain_context_unmap_one(): It's only used to pass back here via me_wifi_quirk() -> map_me_phantom_function(). Drop the parameter again. Finally there's the invocation of domain_context_mapping_one(), which needs to be passed the correct domain ID. Avoid taking that path when pdev is NULL and the quarantine state is what would need restoring to. This means we can't security-support non-PCI-Express devices with RMRRs (if such exist in practice) any longer; note that as of trhe 1st of the two commits referenced below assigning them to DomU-s is unsupported anyway. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Fixes: 14dd241aad8a ("IOMMU/x86: use per-device page tables for quarantining") Coverity ID: 1503784 Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 608394b906e71587f02e6662597bc985bad33a5a master date: 2022-04-07 12:30:19 +0200 --- xen/drivers/passthrough/vtd/extern.h | 2 +- xen/drivers/passthrough/vtd/iommu.c | 34 +++++++++++++++++++--------------- xen/drivers/passthrough/vtd/quirks.c | 2 +- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 897dcff9ff..fbe951b2fa 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -89,7 +89,7 @@ int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, const struct pci_dev *pdev, domid_t domid, paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid); + uint8_t bus, uint8_t devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 6f4cd48855..567ac62983 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1530,7 +1530,7 @@ int domain_context_mapping_one( check_cleanup_domid_map(domain, pdev, iommu); printk(XENLOG_ERR "%04x:%02x:%02x.%u: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", - pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), (uint64_t)(res >> 64), (uint64_t)res, (uint64_t)(old >> 64), (uint64_t)old); rc = -EILSEQ; @@ -1598,9 +1598,14 @@ int domain_context_mapping_one( if ( rc ) { - if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + if ( !prev_dom || + /* + * Unmapping here means DEV_TYPE_PCI devices with RMRRs (if such + * exist) would cause problems if such a region was actually + * accessed. + */ + (prev_dom == dom_io && !pdev) ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), @@ -1742,7 +1747,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, * Strictly speaking if the device is the only one behind this bridge * and the only one with this (secbus,0,0) tuple, it could be allowed * to be re-assigned regardless of RMRR presence. But let's deal with - * that case only if it is actually found in the wild. + * that case only if it is actually found in the wild. Note that + * dealing with this just here would still not render the operation + * secure. */ else if ( prev_present && (mode & MAP_WITH_RMRR) && domain != pdev->domain ) @@ -1808,7 +1815,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid) + uint8_t bus, uint8_t devfn) { struct context_entry *context, *context_entries; u64 maddr; @@ -1860,7 +1867,8 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, DOMID_INVALID, 0, + UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1915,8 +1923,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "d%d:PCIe: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1926,8 +1933,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( ret ) break; @@ -1950,12 +1956,10 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); /* PCIe to PCI/PCIx bridge */ if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, secbus, 0); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index c0deef556b..40a6167248 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -364,7 +364,7 @@ static int __must_check map_me_phantom_function(struct domain *domain, domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), domid); + PCI_DEVFN(dev, 7)); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:12:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:12:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301561.514710 (Exim 4.92) (envelope-from ) id 1ncoPl-0004Vx-1K; Fri, 08 Apr 2022 13:12:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301561.514710; Fri, 08 Apr 2022 13:12:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPk-0004Vp-UY; Fri, 08 Apr 2022 13:12:36 +0000 Received: by outflank-mailman (input) for mailman id 301561; Fri, 08 Apr 2022 13:12:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPj-0004Vh-Ri for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPj-0002fq-Qt for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoPj-0004DB-QK for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=t31NlrcWrneGO0mzhcrEi3YRhk+DAQtRaF1vOcS+ENo=; b=DKKsQ0A+FyROitQYnFtSy2p0kD hPur3qL1DBtNx4IMgY06A3Tu6Vs7rQmno4KXXU2MafFVLlHpTxEAZUMB6W2TTiwzeH0S7JCfd+Bet xV/sGHKz5iIB45cnoAoI65lDUm2leWSNFUbXKYe29miZ9EWRgora86mAVp4g8dKHak38=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] VT-d: avoid infinite recursion on domain_context_mapping_one() error path Message-Id: Date: Fri, 08 Apr 2022 13:12:35 +0000 commit 140a95dd0693b7feb810c23cdaee311f546256f8 Author: Jan Beulich AuthorDate: Fri Apr 8 15:06:26 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:06:26 2022 +0200 VT-d: avoid infinite recursion on domain_context_mapping_one() error path Despite the comment there infinite recursion was still possible, by flip-flopping between two domains. This is because prev_dom is derived from the DID found in the context entry, which was already updated by the time error recovery is invoked. Simply introduce yet another mode flag to prevent rolling back an in-progress roll-back of a prior mapping attempt. Also drop the existing recursion prevention for having been dead anyway: Earlier in the function we already bail when prev_dom == domain. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 99d829dba1390b98a3ca07b365713e62182ee7ca master date: 2022-04-07 12:31:16 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 9 ++++----- xen/drivers/passthrough/vtd/vtd.h | 3 ++- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 567ac62983..cc088cd9ff 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1596,7 +1596,7 @@ int domain_context_mapping_one( if ( !seg && !rc ) rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); - if ( rc ) + if ( rc && !(mode & MAP_ERROR_RECOVERY) ) { if ( !prev_dom || /* @@ -1606,13 +1606,12 @@ int domain_context_mapping_one( */ (prev_dom == dom_io && !pdev) ) ret = domain_context_unmap_one(domain, iommu, bus, devfn); - else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + else ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), DEVICE_PGTABLE(prev_dom, pdev), - mode & MAP_WITH_RMRR) < 0; - else - ret = 1; + (mode & MAP_WITH_RMRR) | + MAP_ERROR_RECOVERY) < 0; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index e4ab242fee..cb2df76eed 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -29,7 +29,8 @@ #define MAP_WITH_RMRR (1u << 0) #define MAP_OWNER_DYING (1u << 1) #define MAP_SINGLE_DEVICE (1u << 2) -#define UNMAP_ME_PHANTOM_FUNC (1u << 3) +#define MAP_ERROR_RECOVERY (1u << 3) +#define UNMAP_ME_PHANTOM_FUNC (1u << 4) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:12:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:12:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301562.514714 (Exim 4.92) (envelope-from ) id 1ncoPv-0004Yn-2z; Fri, 08 Apr 2022 13:12:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301562.514714; Fri, 08 Apr 2022 13:12:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPv-0004Yf-00; Fri, 08 Apr 2022 13:12:47 +0000 Received: by outflank-mailman (input) for mailman id 301562; Fri, 08 Apr 2022 13:12:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPt-0004YW-Um for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoPt-0002fu-U3 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoPt-0004Do-TD for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E7PnlrsDilAuBXZYGlYTmaHJ1mrXyUeu+uozcXd3eZE=; b=DuAewQiclqF8kuv2D9CRtKD7QN Tv07z9PMfvfy6b+yaq5diZUluoDwT+AIeLZfOqYXzyFafoJTg6owzaSESa0UI6Q1+wT+jLf4ZVIyu YjWHgprq5hxiyOYF+wsdMMAPbkASRYOnCW0jYikU+NIf1k29nUfl5m9Q1DFFh3UjmDrw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies Message-Id: Date: Fri, 08 Apr 2022 13:12:45 +0000 commit 9c4d3fbf1a08151451731c072fb0df8f9a2cadb2 Author: Andrew Cooper AuthorDate: Fri Apr 8 15:06:54 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:06:54 2022 +0200 x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies c/s 1a914256dca5 increased the AMD max leaf from 0x8000001c to 0x80000021, but did not adjust anything in the calculate_*_policy() chain. As a result, on hardware supporting these leaves, we read the real hardware values into the raw policy, then copy into host, and all the way into the PV/HVM default policies. All 4 of these leaves have enable bits (first two by TopoExt, next by SEV, next by PQOS), so any software following the rules is fine and will leave them alone. However, leaf 0x8000001d takes a subleaf input and at least two userspace utilities have been observed to loop indefinitely under Xen (clearly waiting for eax to report "no more cache levels"). Such userspace is buggy, but Xen's behaviour isn't great either. In the short term, clobber all information in these leaves. This is a giant bodge, but there are complexities with implementing all of these leaves properly. Fixes: 1a914256dca5 ("x86/cpuid: support LFENCE always serialising CPUID bit") Link: https://github.com/QubesOS/qubes-issues/issues/7392 Reported-by: fosslinux Reported-by: Marek Marczykowski-GĂ³recki Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: d4012d50082c2eae2f3cbe7770be13b9227fbc3f master date: 2022-04-07 11:36:45 +0100 --- xen/arch/x86/cpuid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index cdd18f51ed..587de66545 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -289,8 +289,15 @@ static void recalculate_misc(struct cpuid_policy *p) zero_leaves(p->extd.raw, 0xb, 0x18); + /* 0x19 - TLB details. Pass through. */ + /* 0x1a - Perf hints. Pass through. */ + p->extd.raw[0x1b] = EMPTY_LEAF; /* IBS - not supported. */ p->extd.raw[0x1c] = EMPTY_LEAF; /* LWP - not supported. */ + p->extd.raw[0x1d] = EMPTY_LEAF; /* TopoExt Cache */ + p->extd.raw[0x1e] = EMPTY_LEAF; /* TopoExt APIC ID/Core/Node */ + p->extd.raw[0x1f] = EMPTY_LEAF; /* SEV */ + p->extd.raw[0x20] = EMPTY_LEAF; /* Platform QoS */ break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:12:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:12:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301563.514718 (Exim 4.92) (envelope-from ) id 1ncoQ5-0004bY-4U; Fri, 08 Apr 2022 13:12:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301563.514718; Fri, 08 Apr 2022 13:12:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoQ5-0004bQ-1U; Fri, 08 Apr 2022 13:12:57 +0000 Received: by outflank-mailman (input) for mailman id 301563; Fri, 08 Apr 2022 13:12:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoQ4-0004bH-1z for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoQ4-0002gO-17 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoQ4-0004EL-0H for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:12:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=f/RJWAW2raIcDte0xFALz+zVJg/PBBPQx9M5/+mo1FQ=; b=350/cMSvIXBGQ/pjN8Qfo2+lFW 4oQtlMhFKQXjLrHZ5E1/N5Bz1sB90P00DRPpEEm5PwJ6Ksj0hIDskpivpNU8+Gq3C22GOSpyfitzp d5OkIHO5jQW3WiXs5o4ekHkwpQTKezZdJxmglx9ZwL4WHmTexfq0cw2YrjObC4Q2ahjw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] vPCI: replace %pp Message-Id: Date: Fri, 08 Apr 2022 13:12:56 +0000 commit 019e56a05239d6764748b81bdc6ed3c841cf70f5 Author: Jan Beulich AuthorDate: Fri Apr 8 15:07:21 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:07:21 2022 +0200 vPCI: replace %pp 4.14 doesn't know of this format specifier extension yet. Fixes: 47188b2fdcc6 ("vpci/msix: fix PBA accesses") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/vpci/msix.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index d9c08d0df5..e54124f3f3 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -258,8 +258,9 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, if ( !pba ) { gprintk(XENLOG_WARNING, - "%pp: unable to map MSI-X PBA, report all pending\n", - msix->pdev); + "%04x:%02x:%02x.%u: unable to map MSI-X PBA, report all pending\n", + msix->pdev->seg, msix->pdev->bus, PCI_SLOT(msix->pdev->devfn), + PCI_FUNC(msix->pdev->devfn)); return X86EMUL_OKAY; } @@ -342,8 +343,10 @@ static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, { /* Unable to map the PBA, ignore write. */ gprintk(XENLOG_WARNING, - "%pp: unable to map MSI-X PBA, write ignored\n", - msix->pdev); + "%04x:%02x:%02x.%u: unable to map MSI-X PBA, write ignored\n", + msix->pdev->seg, msix->pdev->bus, + PCI_SLOT(msix->pdev->devfn), + PCI_FUNC(msix->pdev->devfn)); return X86EMUL_OKAY; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:13:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:13:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301564.514721 (Exim 4.92) (envelope-from ) id 1ncoQF-0004eI-5u; Fri, 08 Apr 2022 13:13:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301564.514721; Fri, 08 Apr 2022 13:13:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoQF-0004eA-2x; Fri, 08 Apr 2022 13:13:07 +0000 Received: by outflank-mailman (input) for mailman id 301564; Fri, 08 Apr 2022 13:13:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoQE-0004dv-57 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:13:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoQE-0002gl-4J for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:13:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoQE-0004FB-3Q for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:13:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3x8o1vIhng6JMGhFfXbb2tw7rikCUbGsV3eSLTGo/74=; b=5a2IOjmgqJhiZH2aj7vZvnBfmd Wss7d5v6qHNjinCa5kiZxe2JsYq539ITM0EsnD4OnhPYAJljjgr9f2WhOIAWAVwjJ2GLtc3lUmxda LJAOgBY/w9ma1BIHzY1ybsfu7mds6SLkUoZlOn0a0Bt1bnGBAdHFsMCrFl7+LlFm++qM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] livepatch: do not ignore sections with 0 size Message-Id: Date: Fri, 08 Apr 2022 13:13:06 +0000 commit 97258d8819a8b1ccafc47e3c688ab4f7bac2082c Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 15:07:51 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:07:51 2022 +0200 livepatch: do not ignore sections with 0 size A side effect of ignoring such sections is that symbols belonging to them won't be resolved, and that could make relocations belonging to other sections that reference those symbols fail. For example it's likely to have an empty .altinstr_replacement with symbols pointing to it, and marking the section as ignored will prevent the symbols from being resolved, which in turn will cause any relocations against them to fail. In order to solve this do not ignore sections with 0 size, only ignore sections that don't have the SHF_ALLOC flag set. Special case such empty sections in move_payload so they are not taken into account in order to decide whether a livepatch can be safely re-applied after a revert. Fixes: 98b728a7b2 ('livepatch: Disallow applying after an revert') Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Ross Lagerwall master commit: 0dc1f929e8fed681dec09ca3ea8de38202d5bf30 master date: 2022-04-08 10:24:10 +0200 --- xen/common/livepatch.c | 16 +++++++++++----- xen/include/xen/livepatch_elf.h | 2 +- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index cc2ee9a94a..8a949ccf61 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -301,9 +301,6 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) * and .shstrtab. For the non-relocate we allocate and copy these * via other means - and the .rel we can ignore as we only use it * once during loading. - * - * Also ignore sections with zero size. Those can be for example: - * data, or .bss. */ if ( livepatch_elf_ignore_section(elf->sec[i].sec) ) offset[i] = UINT_MAX; @@ -362,8 +359,17 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) else if ( elf->sec[i].sec->sh_flags & SHF_WRITE ) { buf = rw_buf; - rw_buf_sec = i; - rw_buf_cnt++; + if ( elf->sec[i].sec->sh_size ) + { + /* + * Special handling of RW empty regions: do not account for + * them in order to decide whether a patch can safely be + * re-applied, but assign them a load address so symbol + * resolution and relocations work. + */ + rw_buf_sec = i; + rw_buf_cnt++; + } } else buf = ro_buf; diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 9ad499ee8b..5b1ec469da 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -48,7 +48,7 @@ int livepatch_elf_perform_relocs(struct livepatch_elf *elf); static inline bool livepatch_elf_ignore_section(const Elf_Shdr *sec) { - return !(sec->sh_flags & SHF_ALLOC) || sec->sh_size == 0; + return !(sec->sh_flags & SHF_ALLOC); } #endif /* __XEN_LIVEPATCH_ELF_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:13:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:13:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301565.514726 (Exim 4.92) (envelope-from ) id 1ncoQP-0004h8-7X; Fri, 08 Apr 2022 13:13:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301565.514726; Fri, 08 Apr 2022 13:13:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoQP-0004gz-4U; Fri, 08 Apr 2022 13:13:17 +0000 Received: by outflank-mailman (input) for mailman id 301565; Fri, 08 Apr 2022 13:13:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoQO-0004gm-8F for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:13:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoQO-0002gv-7N for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:13:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoQO-0004Fz-6f for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:13:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=H8vCxRZVIHrpQjYGy9TgWVF7dS6154Wduk/TulBlsOY=; b=bF2sBxh9msOCj7vRowt0RCMW3S d4fPX87E95SMkaQPiTyJc3W0oRpkmrosyATpKsEvblYXyWDCtVbfWcCKpeij3JnPiOR6qGqwXyllE f/VvR1eo/UQe6vCFSGKPNtJEGYmyI36nJzixXqp+2/VJNQzo4XeLzJV4VPv9sUY2cioc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] livepatch: avoid relocations referencing ignored section symbols Message-Id: Date: Fri, 08 Apr 2022 13:13:16 +0000 commit eeaf24ccedf79941a4d1511daca4966b4e03cb91 Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 15:08:19 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:08:19 2022 +0200 livepatch: avoid relocations referencing ignored section symbols Track whether symbols belong to ignored sections in order to avoid applying relocations referencing those symbols. The address of such symbols won't be resolved and thus the relocation will likely fail or write garbage to the destination. Return an error in that case, as leaving unresolved relocations would lead to malfunctioning payload code. Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Jan Beulich Reviewed-by: Ross Lagerwall master commit: 9120b5737f517fe9d2a3936c38d3a2211630323b master date: 2022-04-08 10:27:11 +0200 --- xen/arch/arm/arm32/livepatch.c | 7 +++++++ xen/arch/arm/arm64/livepatch.c | 7 +++++++ xen/arch/x86/livepatch.c | 7 +++++++ xen/common/livepatch_elf.c | 6 ++++++ xen/include/xen/livepatch_elf.h | 1 + 5 files changed, 28 insertions(+) diff --git a/xen/arch/arm/arm32/livepatch.c b/xen/arch/arm/arm32/livepatch.c index 5a06467008..3c50283b2a 100644 --- a/xen/arch/arm/arm32/livepatch.c +++ b/xen/arch/arm/arm32/livepatch.c @@ -272,6 +272,13 @@ int arch_livepatch_perform(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value; /* S */ diff --git a/xen/arch/arm/arm64/livepatch.c b/xen/arch/arm/arm64/livepatch.c index 6ec8dc60f0..62d2ef373a 100644 --- a/xen/arch/arm/arm64/livepatch.c +++ b/xen/arch/arm/arm64/livepatch.c @@ -270,6 +270,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value + r->r_addend; /* S+A */ diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index a3cb63a7ea..0172610ebf 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -290,6 +290,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = r->r_addend + elf->sym[symndx].sym->st_value; diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c index b089cacb1c..45d73912a3 100644 --- a/xen/common/livepatch_elf.c +++ b/xen/common/livepatch_elf.c @@ -334,7 +334,13 @@ int livepatch_elf_resolve_symbols(struct livepatch_elf *elf) } if ( livepatch_elf_ignore_section(elf->sec[idx].sec) ) + { + dprintk(XENLOG_DEBUG, LIVEPATCH + "%s: Symbol %s from section %s ignored\n", + elf->name, elf->sym[i].name, elf->sec[idx].name); + elf->sym[i].ignored = true; break; + } st_value += (unsigned long)elf->sec[idx].load_addr; if ( elf->sym[i].name ) diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 5b1ec469da..7116deaddc 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -22,6 +22,7 @@ struct livepatch_elf_sec { struct livepatch_elf_sym { const Elf_Sym *sym; const char *name; + bool ignored; }; struct livepatch_elf { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:33:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301601.514795 (Exim 4.92) (envelope-from ) id 1ncoja-0002CP-IK; Fri, 08 Apr 2022 13:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301601.514795; Fri, 08 Apr 2022 13:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoja-0002CI-Fb; Fri, 08 Apr 2022 13:33:06 +0000 Received: by outflank-mailman (input) for mailman id 301601; Fri, 08 Apr 2022 13:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncojY-0002C5-GP for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncojY-00032h-Dn for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncojY-0005Vz-Cl for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EAZlkXlLI/3eqsdvS8DCMKeHKEsV8uxhiSYJdJScnpk=; b=MvGl74Wf0MC/AjP4LQcpdz5MXp XCqbSLKaupI3kIw9A0Jj0P6DKJ5fj0zH9I6BuKI32m4U5WLHgfPIiePlxis/lMiIiNJcd3qule0gV x4xy5SpoV1C9AyGAaKWQBV5w7ZNNmD3Rb8C1gIC3Un0ODFiO1kmaH1QbP4Tq0ugkGhA0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] VT-d: don't needlessly look up DID Message-Id: Date: Fri, 08 Apr 2022 13:33:04 +0000 commit a6902a65160aac72a1889a268fd5f3cebb159d8e Author: Jan Beulich AuthorDate: Fri Apr 8 15:20:21 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:20:21 2022 +0200 VT-d: don't needlessly look up DID If get_iommu_domid() in domain_context_unmap_one() fails, we better wouldn't clear the context entry in the first place, as we're then unable to issue the corresponding flush. However, we have no need to look up the DID in the first place: What needs flushing is very specifically the DID that was in the context entry before our clearing of it. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 445ab9852d69d8957467f0036098ebec75fec092 master date: 2022-04-07 12:29:03 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 6571b5dde4..4b0d6a873c 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1821,18 +1821,12 @@ int domain_context_unmap_one( return 0; } + iommu_domid = context_domain_id(*context); + context_clear_present(*context); context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); - if ( iommu_domid == -1 ) - { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return -EINVAL; - } - rc = iommu_flush_context_device(iommu, iommu_domid, PCI_BDF2(bus, devfn), DMA_CCMD_MASK_NOBIT, 0); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:33:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:33:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301602.514799 (Exim 4.92) (envelope-from ) id 1ncojk-0002GU-K6; Fri, 08 Apr 2022 13:33:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301602.514799; Fri, 08 Apr 2022 13:33:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncojk-0002GM-H1; Fri, 08 Apr 2022 13:33:16 +0000 Received: by outflank-mailman (input) for mailman id 301602; Fri, 08 Apr 2022 13:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoji-0002Fr-Hv for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncoji-00032r-H9 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncoji-0005We-GB for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Rk5oAp0Oc4rJwEftIM4JGyacmn7lxtIiLBPrtkbgruQ=; b=o761DkRj83NyHLlRBIffay/wr8 NMDV8ki4mjeS13Puq9Byre0mRQC25nXERbbkfexAZvnaCChTTQUAAvlecHcpJ2jG1taFO+/FYcTec 32dW1EnbhxPpm9VB43sTZIjMuoMkzc7rbs/RHtSZjRB4T4ttS+LRK5Lctkq6N0coDE+Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] VT-d: avoid NULL deref on domain_context_mapping_one() error paths Message-Id: Date: Fri, 08 Apr 2022 13:33:14 +0000 commit d64d46685c776b39d5c640a0ad2727fa0938273c Author: Jan Beulich AuthorDate: Fri Apr 8 15:21:33 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:21:33 2022 +0200 VT-d: avoid NULL deref on domain_context_mapping_one() error paths First there's a printk() which actually wrongly uses pdev in the first place: We want to log the coordinates of the (perhaps fake) device acted upon, which may not be pdev. Then it was quite pointless for eb19326a328d ("VT-d: prepare for per- device quarantine page tables (part I)") to add a domid_t parameter to domain_context_unmap_one(): It's only used to pass back here via me_wifi_quirk() -> map_me_phantom_function(). Drop the parameter again. Finally there's the invocation of domain_context_mapping_one(), which needs to be passed the correct domain ID. Avoid taking that path when pdev is NULL and the quarantine state is what would need restoring to. This means we can't security-support non-PCI-Express devices with RMRRs (if such exist in practice) any longer; note that as of trhe 1st of the two commits referenced below assigning them to DomU-s is unsupported anyway. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Fixes: 14dd241aad8a ("IOMMU/x86: use per-device page tables for quarantining") Coverity ID: 1503784 Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 608394b906e71587f02e6662597bc985bad33a5a master date: 2022-04-07 12:30:19 +0200 --- xen/drivers/passthrough/vtd/extern.h | 2 +- xen/drivers/passthrough/vtd/iommu.c | 34 +++++++++++++++++++--------------- xen/drivers/passthrough/vtd/quirks.c | 2 +- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 897dcff9ff..fbe951b2fa 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -89,7 +89,7 @@ int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, const struct pci_dev *pdev, domid_t domid, paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid); + uint8_t bus, uint8_t devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 4b0d6a873c..cb3ba3e409 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1527,7 +1527,7 @@ int domain_context_mapping_one( check_cleanup_domid_map(domain, pdev, iommu); printk(XENLOG_ERR "%04x:%02x:%02x.%u: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", - pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), (uint64_t)(res >> 64), (uint64_t)res, (uint64_t)(old >> 64), (uint64_t)old); rc = -EILSEQ; @@ -1595,9 +1595,14 @@ int domain_context_mapping_one( if ( rc ) { - if ( !prev_dom ) - domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + if ( !prev_dom || + /* + * Unmapping here means DEV_TYPE_PCI devices with RMRRs (if such + * exist) would cause problems if such a region was actually + * accessed. + */ + (prev_dom == dom_io && !pdev) ) + domain_context_unmap_one(domain, iommu, bus, devfn); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), @@ -1734,7 +1739,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, * Strictly speaking if the device is the only one behind this bridge * and the only one with this (secbus,0,0) tuple, it could be allowed * to be re-assigned regardless of RMRR presence. But let's deal with - * that case only if it is actually found in the wild. + * that case only if it is actually found in the wild. Note that + * dealing with this just here would still not render the operation + * secure. */ else if ( prev_present && (mode & MAP_WITH_RMRR) && domain != pdev->domain ) @@ -1800,7 +1807,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid) + uint8_t bus, uint8_t devfn) { struct context_entry *context, *context_entries; u64 maddr; @@ -1852,7 +1859,8 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, DOMID_INVALID, 0, + UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1906,8 +1914,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "d%d:PCIe: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1917,8 +1924,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( ret ) break; @@ -1941,12 +1947,10 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); /* PCIe to PCI/PCIx bridge */ if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, secbus, 0); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 4d54c21136..2b8a2bd9c6 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -363,7 +363,7 @@ static int __must_check map_me_phantom_function(struct domain *domain, domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), domid); + PCI_DEVFN(dev, 7)); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:33:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:33:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301603.514804 (Exim 4.92) (envelope-from ) id 1ncojt-0002Lu-N1; Fri, 08 Apr 2022 13:33:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301603.514804; Fri, 08 Apr 2022 13:33:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncojt-0002Lm-K2; Fri, 08 Apr 2022 13:33:25 +0000 Received: by outflank-mailman (input) for mailman id 301603; Fri, 08 Apr 2022 13:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncojs-0002LY-LG for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncojs-000332-KS for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncojs-0005XN-JV for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jYPpZjN5zlg31kP0C1p4b8roBv3fOUqNPCh7WMPWlIY=; b=OLU4piaNtPLuLr7UZoVfrmILPH K8WTMrQ7ZNzDbPDIy4f1M0kGBar2A0IDryvl5Hpfso2LpcwNo+iXeeNryHA1qOE3RDRfXVEoMhBgY p8sQYUFcT4LtYf1QV3v8bbTJU9VUhfvHWy7xiAtB+sSq+L/up8YM3tJczgO61Ih/lt8M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] VT-d: avoid infinite recursion on domain_context_mapping_one() error path Message-Id: Date: Fri, 08 Apr 2022 13:33:24 +0000 commit fe97133b5deef58bd1422f4d87821131c66b1d0e Author: Jan Beulich AuthorDate: Fri Apr 8 15:22:49 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:22:49 2022 +0200 VT-d: avoid infinite recursion on domain_context_mapping_one() error path Despite the comment there infinite recursion was still possible, by flip-flopping between two domains. This is because prev_dom is derived from the DID found in the context entry, which was already updated by the time error recovery is invoked. Simply introduce yet another mode flag to prevent rolling back an in-progress roll-back of a prior mapping attempt. Also drop the existing recursion prevention for having been dead anyway: Earlier in the function we already bail when prev_dom == domain. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 99d829dba1390b98a3ca07b365713e62182ee7ca master date: 2022-04-07 12:31:16 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 7 ++++--- xen/drivers/passthrough/vtd/vtd.h | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index cb3ba3e409..f051a55764 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1593,7 +1593,7 @@ int domain_context_mapping_one( if ( !seg && !rc ) rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); - if ( rc ) + if ( rc && !(mode & MAP_ERROR_RECOVERY) ) { if ( !prev_dom || /* @@ -1603,11 +1603,12 @@ int domain_context_mapping_one( */ (prev_dom == dom_io && !pdev) ) domain_context_unmap_one(domain, iommu, bus, devfn); - else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + else domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), DEVICE_PGTABLE(prev_dom, pdev), - mode & MAP_WITH_RMRR); + (mode & MAP_WITH_RMRR) + | MAP_ERROR_RECOVERY); } if ( prev_dom ) diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index e4ab242fee..cb2df76eed 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -29,7 +29,8 @@ #define MAP_WITH_RMRR (1u << 0) #define MAP_OWNER_DYING (1u << 1) #define MAP_SINGLE_DEVICE (1u << 2) -#define UNMAP_ME_PHANTOM_FUNC (1u << 3) +#define MAP_ERROR_RECOVERY (1u << 3) +#define UNMAP_ME_PHANTOM_FUNC (1u << 4) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:33:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:33:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301604.514808 (Exim 4.92) (envelope-from ) id 1ncok3-0002Qj-Ou; Fri, 08 Apr 2022 13:33:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301604.514808; Fri, 08 Apr 2022 13:33:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncok3-0002Qa-Ld; Fri, 08 Apr 2022 13:33:35 +0000 Received: by outflank-mailman (input) for mailman id 301604; Fri, 08 Apr 2022 13:33:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncok3-0002QS-2I for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncok3-00033C-1V for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncok3-0005YX-0Q for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5Vh/1uAEVr5bS8Xz5Nfzh3Hgp+1uX/YQ0M1Xe+QZaqI=; b=cWv7mdY31J+Vxb0RBKaFlra4Mz pxMkhltglJ659+Avc+0B/yyt9WoeYs9Yhqfy7h+Dp0TDnVSTmSpgVrDSuFdrc4AaNOcm1HpqkMiK4 /lx95d/RiTTiEZGukvL2MNNC2FG4UD+8wYDNfegD0luOaeZ6NEcbuQYny2uhhztpHpm8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] VT-d: don't needlessly look up DID Message-Id: Date: Fri, 08 Apr 2022 13:33:35 +0000 commit 92e4beecd36e92d7a628738aa35a31e6781bb4cd Author: Jan Beulich AuthorDate: Fri Apr 8 15:24:23 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:24:23 2022 +0200 VT-d: don't needlessly look up DID If get_iommu_domid() in domain_context_unmap_one() fails, we better wouldn't clear the context entry in the first place, as we're then unable to issue the corresponding flush. However, we have no need to look up the DID in the first place: What needs flushing is very specifically the DID that was in the context entry before our clearing of it. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 445ab9852d69d8957467f0036098ebec75fec092 master date: 2022-04-07 12:29:03 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 5ca1d02981..6c06baa939 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1852,18 +1852,12 @@ int domain_context_unmap_one( return 0; } + iommu_domid = context_domain_id(*context); + context_clear_present(*context); context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); - if ( iommu_domid == -1 ) - { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return -EINVAL; - } - rc = iommu_flush_context_device(iommu, iommu_domid, PCI_BDF2(bus, devfn), DMA_CCMD_MASK_NOBIT, 0); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:33:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:33:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301605.514812 (Exim 4.92) (envelope-from ) id 1ncokD-0002To-QI; Fri, 08 Apr 2022 13:33:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301605.514812; Fri, 08 Apr 2022 13:33:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncokD-0002Th-NJ; Fri, 08 Apr 2022 13:33:45 +0000 Received: by outflank-mailman (input) for mailman id 301605; Fri, 08 Apr 2022 13:33:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncokD-0002TT-6u for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncokD-00033M-63 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncokD-0005ZR-3s for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=w5Zakdn7veMCrH8uUobRjWnyOUmvXfYNosddGv4xePM=; b=Z3aO3uUvUeh2Io/VU6/T4yF9gz eXdaync2m7Rg8LVI8+y4fcYH13MrTg98G/JJc/bbS3WLbIiOOcdf0HQ/hWwnSgTEME0SKVIQbnLFf jjFUn/voKweeO9Lv0s28s17hv+T0dVTsMaL3yunMfO0UmawvYQUXSJvSJLsJUHoWOudo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] VT-d: avoid NULL deref on domain_context_mapping_one() error paths Message-Id: Date: Fri, 08 Apr 2022 13:33:45 +0000 commit 02d095b2d3e00597409f2574b632ded6d733ec2a Author: Jan Beulich AuthorDate: Fri Apr 8 15:27:36 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:27:36 2022 +0200 VT-d: avoid NULL deref on domain_context_mapping_one() error paths First there's a printk() which actually wrongly uses pdev in the first place: We want to log the coordinates of the (perhaps fake) device acted upon, which may not be pdev. Then it was quite pointless for eb19326a328d ("VT-d: prepare for per- device quarantine page tables (part I)") to add a domid_t parameter to domain_context_unmap_one(): It's only used to pass back here via me_wifi_quirk() -> map_me_phantom_function(). Drop the parameter again. Finally there's the invocation of domain_context_mapping_one(), which needs to be passed the correct domain ID. Avoid taking that path when pdev is NULL and the quarantine state is what would need restoring to. This means we can't security-support non-PCI-Express devices with RMRRs (if such exist in practice) any longer; note that as of trhe 1st of the two commits referenced below assigning them to DomU-s is unsupported anyway. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Fixes: 14dd241aad8a ("IOMMU/x86: use per-device page tables for quarantining") Coverity ID: 1503784 Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 608394b906e71587f02e6662597bc985bad33a5a master date: 2022-04-07 12:30:19 +0200 --- xen/drivers/passthrough/vtd/extern.h | 2 +- xen/drivers/passthrough/vtd/iommu.c | 34 +++++++++++++++++++--------------- xen/drivers/passthrough/vtd/quirks.c | 2 +- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index e45650eba0..69867578bc 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -75,7 +75,7 @@ int domain_context_mapping_one(struct domain *domain, struct iommu *iommu, const struct pci_dev *pdev, domid_t domid, paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid); + uint8_t bus, uint8_t devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 6c06baa939..4da09bbcc8 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1570,7 +1570,7 @@ int domain_context_mapping_one( check_cleanup_domid_map(domain, pdev, iommu); printk(XENLOG_ERR "%04x:%02x:%02x.%u: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", - pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), (uint64_t)(res >> 64), (uint64_t)res, (uint64_t)(old >> 64), (uint64_t)old); rc = -EILSEQ; @@ -1638,9 +1638,14 @@ int domain_context_mapping_one( if ( rc ) { - if ( !prev_dom ) - domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + if ( !prev_dom || + /* + * Unmapping here means DEV_TYPE_PCI devices with RMRRs (if such + * exist) would cause problems if such a region was actually + * accessed. + */ + (prev_dom == dom_io && !pdev) ) + domain_context_unmap_one(domain, iommu, bus, devfn); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), @@ -1765,7 +1770,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, * Strictly speaking if the device is the only one behind this bridge * and the only one with this (secbus,0,0) tuple, it could be allowed * to be re-assigned regardless of RMRR presence. But let's deal with - * that case only if it is actually found in the wild. + * that case only if it is actually found in the wild. Note that + * dealing with this just here would still not render the operation + * secure. */ if ( prev_present && (mode & MAP_WITH_RMRR) && domain != pdev->domain ) @@ -1831,7 +1838,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid) + uint8_t bus, uint8_t devfn) { struct context_entry *context, *context_entries; u64 maddr; @@ -1883,7 +1890,8 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->intel->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, DOMID_INVALID, 0, + UNMAP_ME_PHANTOM_FUNC); return rc; } @@ -1924,8 +1932,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "d%d:PCIe: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1935,8 +1942,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( ret ) break; @@ -1945,12 +1951,10 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( find_upstream_bridge(seg, &tmp_bus, &tmp_devfn, &secbus) < 1 ) break; - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); /* PCIe to PCI/PCIx bridge */ if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, secbus, 0); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 5373930c0f..50ebbf3e44 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -350,7 +350,7 @@ static int __must_check map_me_phantom_function(struct domain *domain, domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), domid); + PCI_DEVFN(dev, 7)); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 13:33:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 13:33:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301606.514816 (Exim 4.92) (envelope-from ) id 1ncokN-0002Wu-SI; Fri, 08 Apr 2022 13:33:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301606.514816; Fri, 08 Apr 2022 13:33:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncokN-0002Wm-Oz; Fri, 08 Apr 2022 13:33:55 +0000 Received: by outflank-mailman (input) for mailman id 301606; Fri, 08 Apr 2022 13:33:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncokN-0002Wd-9u for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncokN-00033p-96 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncokN-0005a8-8Q for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 13:33:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dAKJasRlihgBUS8crRaUpTYKIvMpIbrDok7gzCm7FpM=; b=B0RXVpT8VIMhWqo9rwidn0IeN5 i+NQXC3OvOPXWzD3RYIgDW5gJpxwh7UTFiTPnIpgJDbVbhjV5+u08wKWl5wP7SMjxjzmoOUawEJzz CoCV49ABEZ4adQzsn0dgfvFqU6SAuScG3PjxtNCT0Nlb/6f2N/llwua6H26nRXd+XU24=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] VT-d: avoid infinite recursion on domain_context_mapping_one() error path Message-Id: Date: Fri, 08 Apr 2022 13:33:55 +0000 commit efea4bdbd183e1f1e3cbb2b33623680419199542 Author: Jan Beulich AuthorDate: Fri Apr 8 15:28:36 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:28:36 2022 +0200 VT-d: avoid infinite recursion on domain_context_mapping_one() error path Despite the comment there infinite recursion was still possible, by flip-flopping between two domains. This is because prev_dom is derived from the DID found in the context entry, which was already updated by the time error recovery is invoked. Simply introduce yet another mode flag to prevent rolling back an in-progress roll-back of a prior mapping attempt. Also drop the existing recursion prevention for having been dead anyway: Earlier in the function we already bail when prev_dom == domain. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 99d829dba1390b98a3ca07b365713e62182ee7ca master date: 2022-04-07 12:31:16 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 7 ++++--- xen/drivers/passthrough/vtd/vtd.h | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 4da09bbcc8..1b1b11cb04 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1636,7 +1636,7 @@ int domain_context_mapping_one( if ( !seg && !rc ) rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); - if ( rc ) + if ( rc && !(mode & MAP_ERROR_RECOVERY) ) { if ( !prev_dom || /* @@ -1646,11 +1646,12 @@ int domain_context_mapping_one( */ (prev_dom == dom_io && !pdev) ) domain_context_unmap_one(domain, iommu, bus, devfn); - else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + else domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), DEVICE_PGTABLE(prev_dom, pdev), - mode & MAP_WITH_RMRR); + (mode & MAP_WITH_RMRR) + | MAP_ERROR_RECOVERY); } if ( prev_dom ) diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index e4ab242fee..cb2df76eed 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -29,7 +29,8 @@ #define MAP_WITH_RMRR (1u << 0) #define MAP_OWNER_DYING (1u << 1) #define MAP_SINGLE_DEVICE (1u << 2) -#define UNMAP_ME_PHANTOM_FUNC (1u << 3) +#define MAP_ERROR_RECOVERY (1u << 3) +#define UNMAP_ME_PHANTOM_FUNC (1u << 4) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 19:44:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 19:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301767.515048 (Exim 4.92) (envelope-from ) id 1ncuWa-0007am-Lc; Fri, 08 Apr 2022 19:44:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301767.515048; Fri, 08 Apr 2022 19:44:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuWa-0007ad-IH; Fri, 08 Apr 2022 19:44:04 +0000 Received: by outflank-mailman (input) for mailman id 301767; Fri, 08 Apr 2022 19:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuWY-0007aX-GW for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuWY-0001Zy-CS for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncuWY-0001gj-B4 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BmhUFePUPD+ezKt0RkFaUQgRJX0ugKf1y/edkbbrESI=; b=OvCK9mY9cMW9D5+V5yvUdVhqWg oryLeQsF/EuhXMtsTUMIfo7/em6Y1eJjkc/gZU/T/6DNobj4fVo7emUob2E8DZ4g27pKVgJkZpsJ5 +niN0Jw0oM5Ijr+2U4fyLI8lmmI1C/n+Dw4VfJ7vYrYYFhc+u+1PpBgnOUziKTn7ft6g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: replace $(BASEDIR) by $(objtree) Message-Id: Date: Fri, 08 Apr 2022 19:44:02 +0000 commit 915e67b75c06367c061a63146cf5c0829366b7ac Author: Anthony PERARD AuthorDate: Thu Apr 7 17:54:42 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 17:54:42 2022 +0200 build: replace $(BASEDIR) by $(objtree) We need to differentiate between source files and generated/built files. We will be replacing $(BASEDIR) by $(objtree) for files that are generated. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich Acked-by: Julien Grall Acked-by: Ross Lagerwall --- xen/Rules.mk | 2 +- xen/arch/arm/Makefile | 10 +++++----- xen/arch/x86/Makefile | 28 ++++++++++++++-------------- xen/common/Makefile | 2 +- xen/test/livepatch/Makefile | 12 ++++++------ 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index abeba1ab74..7712bfa063 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -12,7 +12,7 @@ src := $(obj) PHONY := __build __build: --include $(BASEDIR)/include/config/auto.conf +-include $(objtree)/include/config/auto.conf include $(XEN_ROOT)/Config.mk include $(BASEDIR)/scripts/Kbuild.include diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index 51ec2ba928..1d862351d1 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -90,21 +90,21 @@ ifeq ($(CONFIG_ARM_64),y) ln -sf $(@F) $@.efi endif -$(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds +$(TARGET)-syms: $(objtree)/prelink.o $(obj)/xen.lds $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< \ - $(BASEDIR)/common/symbols-dummy.o -o $(@D)/.$(@F).0 + $(objtree)/common/symbols-dummy.o -o $(@D)/.$(@F).0 $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ - | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0.S + | $(objtree)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0.S $(MAKE) $(build)=$(@D) $(@D)/.$(@F).0.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ - | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1.S + | $(objtree)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1.S $(MAKE) $(build)=$(@D) $(@D)/.$(@F).1.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ - | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ + | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \ >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index b6b082ee1d..7cea79ed2f 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -92,8 +92,8 @@ ifneq ($(CONFIG_HVM),y) $(obj)/x86_emulate.o: CFLAGS-y += -Wno-unused-label endif -efi-y := $(shell if [ ! -r $(BASEDIR)/include/xen/compile.h -o \ - -O $(BASEDIR)/include/xen/compile.h ]; then \ +efi-y := $(shell if [ ! -r $(objtree)/include/xen/compile.h -o \ + -O $(objtree)/include/xen/compile.h ]; then \ echo '$(TARGET).efi'; fi) \ $(space) efi-$(CONFIG_PV_SHIM_EXCLUSIVE) := @@ -133,23 +133,23 @@ $(TARGET): $(TARGET)-syms $(efi-y) $(obj)/boot/mkelf32 CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI -$(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds +$(TARGET)-syms: $(objtree)/prelink.o $(obj)/xen.lds $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ - $(BASEDIR)/common/symbols-dummy.o -o $(@D)/.$(@F).0 + $(objtree)/common/symbols-dummy.o -o $(@D)/.$(@F).0 $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ - | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort \ + | $(objtree)/tools/symbols $(all_symbols) --sysv --sort \ >$(@D)/.$(@F).0.S $(MAKE) $(build)=$(@D) $(@D)/.$(@F).0.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ - | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort $(syms-warn-dup-y) \ + | $(objtree)/tools/symbols $(all_symbols) --sysv --sort $(syms-warn-dup-y) \ >$(@D)/.$(@F).1.S $(MAKE) $(build)=$(@D) $(@D)/.$(@F).1.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(orphan-handling-y) $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ - | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ + | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \ >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* ifeq ($(CONFIG_XEN_IBT),y) @@ -202,28 +202,28 @@ note_file_option ?= $(note_file) extra-$(XEN_BUILD_PE) += efi.lds ifeq ($(XEN_BUILD_PE),y) -$(TARGET).efi: $(BASEDIR)/prelink.o $(note_file) $(obj)/efi.lds $(obj)/efi/relocs-dummy.o $(obj)/efi/mkreloc +$(TARGET).efi: $(objtree)/prelink.o $(note_file) $(obj)/efi.lds $(obj)/efi/relocs-dummy.o $(obj)/efi/mkreloc ifeq ($(CONFIG_DEBUG_INFO),y) $(if $(filter --strip-debug,$(EFI_LDFLAGS)),echo,:) "Will strip debug info from $(@F)" endif $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ $(LD) $(call EFI_LDFLAGS,$(base)) -T $(obj)/efi.lds -N $< $(relocs-dummy) \ - $(BASEDIR)/common/symbols-dummy.o $(note_file_option) -o $(@D)/.$(@F).$(base).0 &&) : + $(objtree)/common/symbols-dummy.o $(note_file_option) -o $(@D)/.$(@F).$(base).0 &&) : $(MKRELOC) $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).0) >$(@D)/.$(@F).0r.S $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).0 \ - | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S + | $(objtree)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S $(MAKE) $(build)=$(@D) .$(@F).0r.o .$(@F).0s.o $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ $(LD) $(call EFI_LDFLAGS,$(base)) -T $(obj)/efi.lds -N $< \ $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(note_file_option) -o $(@D)/.$(@F).$(base).1 &&) : $(MKRELOC) $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).1) >$(@D)/.$(@F).1r.S $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).1 \ - | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S + | $(objtree)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S $(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds -N $< \ $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(orphan-handling-y) $(note_file_option) -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ - | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map + | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* ifeq ($(CONFIG_XEN_IBT),y) $(SHELL) $(BASEDIR)/tools/check-endbr.sh $@ @@ -238,11 +238,11 @@ endif $(obj)/efi/buildid.o $(obj)/efi/relocs-dummy.o: ; .PHONY: include -include: $(BASEDIR)/arch/x86/include/asm/asm-macros.h +include: $(objtree)/arch/x86/include/asm/asm-macros.h $(obj)/asm-macros.i: CFLAGS-y += -D__ASSEMBLY__ -P -$(BASEDIR)/arch/x86/include/asm/asm-macros.h: $(obj)/asm-macros.i $(src)/Makefile +$(objtree)/arch/x86/include/asm/asm-macros.h: $(obj)/asm-macros.i $(src)/Makefile $(call filechk,asm-macros.h) define filechk_asm-macros.h diff --git a/xen/common/Makefile b/xen/common/Makefile index dc8d3a13f5..30641a7372 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -74,7 +74,7 @@ obj-$(CONFIG_UBSAN) += ubsan/ obj-$(CONFIG_NEEDS_LIBELF) += libelf/ obj-$(CONFIG_HAS_DEVICE_TREE) += libfdt/ -CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(BASEDIR)/)$(KCONFIG_CONFIG) +CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(objtree)/)$(KCONFIG_CONFIG) $(obj)/config.gz: $(CONF_FILE) gzip -n -c $< >$@ diff --git a/xen/test/livepatch/Makefile b/xen/test/livepatch/Makefile index e6fee84b69..ddb0737131 100644 --- a/xen/test/livepatch/Makefile +++ b/xen/test/livepatch/Makefile @@ -22,9 +22,9 @@ $(obj)/xen_hello_world.o: $(obj)/config.h $(obj)/config.h: $(obj)/xen_hello_world_func.o (set -e; \ echo "#define NEW_CODE_SZ $(call CODE_SZ,$<,xen_hello_world)"; \ - echo "#define MINOR_VERSION_SZ $(call CODE_SZ,$(BASEDIR)/xen-syms,xen_minor_version)"; \ - echo "#define MINOR_VERSION_ADDR $(call CODE_ADDR,$(BASEDIR)/xen-syms,xen_minor_version)"; \ - echo "#define OLD_CODE_SZ $(call CODE_SZ,$(BASEDIR)/xen-syms,xen_extra_version)") > $@ + echo "#define MINOR_VERSION_SZ $(call CODE_SZ,$(objtree)/xen-syms,xen_minor_version)"; \ + echo "#define MINOR_VERSION_ADDR $(call CODE_ADDR,$(objtree)/xen-syms,xen_minor_version)"; \ + echo "#define OLD_CODE_SZ $(call CODE_SZ,$(objtree)/xen-syms,xen_extra_version)") > $@ $(obj)/modinfo.o: (set -e; \ @@ -42,7 +42,7 @@ $(obj)/modinfo.o: # not be built (it is for EFI builds), and that we do not have # the note.o.bin to muck with (as it gets deleted) # -$(obj)/note.o: $(BASEDIR)/xen-syms +$(obj)/note.o: $(objtree)/xen-syms $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin $(OBJCOPY) $(OBJCOPY_MAGIC) \ --rename-section=.data=.livepatch.depends,alloc,load,readonly,data,contents -S $@.bin $@ @@ -52,7 +52,7 @@ $(obj)/note.o: $(BASEDIR)/xen-syms # Append .livepatch.xen_depends section # with Xen build-id derived from xen-syms. # -$(obj)/xen_note.o: $(BASEDIR)/xen-syms +$(obj)/xen_note.o: $(objtree)/xen-syms $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin $(OBJCOPY) $(OBJCOPY_MAGIC) \ --rename-section=.data=.livepatch.xen_depends,alloc,load,readonly,data,contents -S $@.bin $@ @@ -125,7 +125,7 @@ xen_action_hooks_norevert-objs := xen_action_hooks_marker.o xen_hello_world_func EXPECT_BYTES_COUNT := 8 CODE_GET_EXPECT=$(shell $(OBJDUMP) -d --insn-width=1 $(1) | sed -n -e '/<'$(2)'>:$$/,/^$$/ p' | tail -n +2 | head -n $(EXPECT_BYTES_COUNT) | awk '{$$0=$$2; printf "%s", substr($$0,length-1)}' | sed 's/.\{2\}/0x&,/g' | sed 's/^/{/;s/,$$/}/g') -$(obj)/expect_config.h: $(BASEDIR)/xen-syms +$(obj)/expect_config.h: $(objtree)/xen-syms (set -e; \ echo "#define EXPECT_BYTES $(call CODE_GET_EXPECT,$<,xen_extra_version)"; \ echo "#define EXPECT_BYTES_COUNT $(EXPECT_BYTES_COUNT)") > $@ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 19:44:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 19:44:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301768.515052 (Exim 4.92) (envelope-from ) id 1ncuWk-0007dL-P0; Fri, 08 Apr 2022 19:44:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301768.515052; Fri, 08 Apr 2022 19:44:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuWk-0007dC-LB; Fri, 08 Apr 2022 19:44:14 +0000 Received: by outflank-mailman (input) for mailman id 301768; Fri, 08 Apr 2022 19:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuWi-0007d3-HN for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuWi-0001a2-GT for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncuWi-0001hg-FM for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Fkz2oq+FbmBtO6CfvWbyY6mIXIQVmb7vKyHTl3AEGms=; b=v22QAZXGeSf8PHuHsCSCpvRd6p SBDRFHXstjPPY7Z451DPiMadlmwPulIcPTRluHbZU1ree5CkWLNcbjO+XJPPOLogK9nNpsVa3Exnk fbuh66rzdX5nIUgFbihUs3hujAGw89ExJm17K/a5D/uwuWyQjt5j6/2MdjczoOoustb8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: replace $(BASEDIR) and use $(srctree) Message-Id: Date: Fri, 08 Apr 2022 19:44:12 +0000 commit bc8d05dd2dceb6569799965a4bd0aeff7a5827d4 Author: Anthony PERARD AuthorDate: Thu Apr 7 17:56:00 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 17:56:00 2022 +0200 build: replace $(BASEDIR) and use $(srctree) $(srctree) is a better description for the source directory than $(BASEDIR) that has been used for both source and build directory (which where the same). This adds $(srctree) to a few path where make's VPATH=$(srctree) won't apply. And replace $(BASEDIR) by $(srctree). Introduce "$(srcdir)" as a shortcut for "$(srctree)/$(src)" as the later is used often enough. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich Reviewed-by: Daniel P. Smith # XSM --- xen/Kconfig | 4 ++-- xen/Makefile | 7 +++---- xen/Rules.mk | 9 ++++++--- xen/arch/x86/Makefile | 4 ++-- xen/arch/x86/arch.mk | 2 +- xen/build.mk | 4 ++-- xen/common/Makefile | 2 +- xen/common/libfdt/Makefile | 2 +- xen/include/Makefile | 14 +++++++------- xen/scripts/Kconfig.include | 2 +- xen/scripts/Makefile.clean | 5 ++++- xen/xsm/flask/Makefile | 10 +++++----- 12 files changed, 35 insertions(+), 30 deletions(-) diff --git a/xen/Kconfig b/xen/Kconfig index d134397a0b..ec2bd9fbcf 100644 --- a/xen/Kconfig +++ b/xen/Kconfig @@ -14,14 +14,14 @@ config CC_IS_GCC config GCC_VERSION int - default $(shell,$(BASEDIR)/scripts/gcc-version.sh $(CC)) + default $(shell,$(srctree)/scripts/gcc-version.sh $(CC)) config CC_IS_CLANG def_bool $(success,$(CC) --version | head -n 1 | grep -q clang) config CLANG_VERSION int - default $(shell,$(BASEDIR)/scripts/clang-version.sh $(CC)) + default $(shell,$(srctree)/scripts/clang-version.sh $(CC)) # -fvisibility=hidden reduces -fpic cost, if it's available config CC_HAS_VISIBILITY_ATTRIBUTE diff --git a/xen/Makefile b/xen/Makefile index 51d8c3b530..e78d681baa 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -19,8 +19,7 @@ export PYTHON ?= $(PYTHON_INTERPRETER) export CHECKPOLICY ?= checkpolicy -export BASEDIR := $(CURDIR) -export XEN_ROOT := $(BASEDIR)/.. +export XEN_ROOT := $(CURDIR)/.. abs_objtree := $(CURDIR) abs_srctree := $(CURDIR) @@ -189,7 +188,7 @@ ifeq ($(TARGET_ARCH),x86) t1 = $(call as-insn,$(CC),".L0: .L1: .skip (.L1 - .L0)",,-no-integrated-as) # Check whether clang asm()-s support .include. -t2 = $(call as-insn,$(CC) -I$(BASEDIR)/arch/x86/include,".include \"asm/asm-defns.h\"",,-no-integrated-as) +t2 = $(call as-insn,$(CC) -I$(srctree)/arch/x86/include,".include \"asm/asm-defns.h\"",,-no-integrated-as) # Check whether clang keeps .macro-s between asm()-s: # https://bugs.llvm.org/show_bug.cgi?id=36110 @@ -326,7 +325,7 @@ ALL_OBJS-$(CONFIG_CRYPTO) += crypto/built_in.o ALL_LIBS-y := lib/lib.a -include $(BASEDIR)/arch/$(TARGET_ARCH)/arch.mk +include $(srctree)/arch/$(TARGET_ARCH)/arch.mk # define new variables to avoid the ones defined in Config.mk export XEN_CFLAGS := $(CFLAGS) diff --git a/xen/Rules.mk b/xen/Rules.mk index 7712bfa063..57a0294555 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -9,13 +9,16 @@ endif src := $(obj) +# shortcuts +srcdir := $(srctree)/$(src) + PHONY := __build __build: -include $(objtree)/include/config/auto.conf include $(XEN_ROOT)/Config.mk -include $(BASEDIR)/scripts/Kbuild.include +include $(srctree)/scripts/Kbuild.include # Initialise some variables obj-y := @@ -58,7 +61,7 @@ cmd_objcopy = $(OBJCOPY) $(OBJCOPYFLAGS) $< $@ # binfile # use e.g. $(call if_changed,binfile,binary-file varname) quiet_cmd_binfile = BINFILE $@ -cmd_binfile = $(SHELL) $(BASEDIR)/tools/binfile $(BINFILE_FLAGS) $@ $(2) +cmd_binfile = $(SHELL) $(srctree)/tools/binfile $(BINFILE_FLAGS) $@ $(2) # Figure out what we need to build from the various variables # =========================================================================== @@ -177,7 +180,7 @@ cpp_flags = $(filter-out -Wa$(comma)% -flto,$(1)) c_flags = -MMD -MP -MF $(depfile) $(XEN_CFLAGS) a_flags = -MMD -MP -MF $(depfile) $(XEN_AFLAGS) -include $(BASEDIR)/arch/$(TARGET_ARCH)/Rules.mk +include $(srctree)/arch/$(TARGET_ARCH)/Rules.mk c_flags += $(_c_flags) a_flags += $(_c_flags) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 7cea79ed2f..717bcbcac7 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -153,7 +153,7 @@ $(TARGET)-syms: $(objtree)/prelink.o $(obj)/xen.lds >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* ifeq ($(CONFIG_XEN_IBT),y) - $(SHELL) $(BASEDIR)/tools/check-endbr.sh $@ + $(SHELL) $(srctree)/tools/check-endbr.sh $@ endif $(obj)/note.o: $(TARGET)-syms @@ -226,7 +226,7 @@ endif | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* ifeq ($(CONFIG_XEN_IBT),y) - $(SHELL) $(BASEDIR)/tools/check-endbr.sh $@ + $(SHELL) $(srctree)/tools/check-endbr.sh $@ endif else $(TARGET).efi: FORCE diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index c90e56aeab..cfde143053 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -78,7 +78,7 @@ ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y) efi-check := arch/x86/efi/check # Check if the compiler supports the MS ABI. -XEN_BUILD_EFI := $(call if-success,$(CC) $(CFLAGS) -c $(efi-check).c -o $(efi-check).o,y) +XEN_BUILD_EFI := $(call if-success,$(CC) $(CFLAGS) -c $(srctree)/$(efi-check).c -o $(efi-check).o,y) # Check if the linker supports PE. EFI_LDFLAGS := $(patsubst -m%,-mi386pep,$(LDFLAGS)) --subsystem=10 diff --git a/xen/build.mk b/xen/build.mk index e718743ef7..758590c68e 100644 --- a/xen/build.mk +++ b/xen/build.mk @@ -27,9 +27,9 @@ define cmd_compile.h -e 's/@@version@@/$(XEN_VERSION)/g' \ -e 's/@@subversion@@/$(XEN_SUBVERSION)/g' \ -e 's/@@extraversion@@/$(XEN_EXTRAVERSION)/g' \ - -e 's!@@changeset@@!$(shell tools/scmversion $(XEN_ROOT) || echo "unavailable")!g' \ + -e 's!@@changeset@@!$(shell $(srctree)/tools/scmversion $(XEN_ROOT) || echo "unavailable")!g' \ < $< > $(dot-target).tmp; \ - sed -rf tools/process-banner.sed < .banner >> $(dot-target).tmp; \ + sed -rf $(srctree)/tools/process-banner.sed < .banner >> $(dot-target).tmp; \ mv -f $(dot-target).tmp $@; \ fi endef diff --git a/xen/common/Makefile b/xen/common/Makefile index 30641a7372..b1e076c30b 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -80,7 +80,7 @@ $(obj)/config.gz: $(CONF_FILE) $(obj)/config_data.o: $(obj)/config.gz -$(obj)/config_data.S: $(BASEDIR)/tools/binfile FORCE +$(obj)/config_data.S: $(srctree)/tools/binfile FORCE $(call if_changed,binfile,$(obj)/config.gz xen_config_data) targets += config_data.S diff --git a/xen/common/libfdt/Makefile b/xen/common/libfdt/Makefile index 6708af12e5..75aaefa2e3 100644 --- a/xen/common/libfdt/Makefile +++ b/xen/common/libfdt/Makefile @@ -6,7 +6,7 @@ OBJCOPYFLAGS := $(foreach s,$(SECTIONS),--rename-section .$(s)=.init.$(s)) obj-y += libfdt.o nocov-y += libfdt.o -CFLAGS-y += -I$(BASEDIR)/include/xen/libfdt/ +CFLAGS-y += -I$(srctree)/include/xen/libfdt/ $(obj)/libfdt.o: $(obj)/libfdt-temp.o FORCE $(call if_changed,objcopy) diff --git a/xen/include/Makefile b/xen/include/Makefile index a3c2511f5f..5a2b4c9f65 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -45,22 +45,22 @@ public-$(CONFIG_ARM) := $(wildcard $(src)/public/arch-arm/*.h $(src)/public/arch .PHONY: all all: $(addprefix $(obj)/,$(headers-y)) -$(obj)/compat/%.h: $(obj)/compat/%.i $(src)/Makefile $(BASEDIR)/tools/compat-build-header.py - $(PYTHON) $(BASEDIR)/tools/compat-build-header.py <$< $(patsubst $(obj)/%,%,$@) >>$@.new; \ +$(obj)/compat/%.h: $(obj)/compat/%.i $(src)/Makefile $(srctree)/tools/compat-build-header.py + $(PYTHON) $(srctree)/tools/compat-build-header.py <$< $(patsubst $(obj)/%,%,$@) >>$@.new; \ mv -f $@.new $@ $(obj)/compat/%.i: $(obj)/compat/%.c $(src)/Makefile $(CPP) $(filter-out -Wa$(comma)% -include %/include/xen/config.h,$(XEN_CFLAGS)) $(cppflags-y) -o $@ $< -$(obj)/compat/%.c: $(src)/public/%.h $(src)/xlat.lst $(src)/Makefile $(BASEDIR)/tools/compat-build-source.py +$(obj)/compat/%.c: $(src)/public/%.h $(src)/xlat.lst $(src)/Makefile $(srctree)/tools/compat-build-source.py mkdir -p $(@D) - $(PYTHON) $(BASEDIR)/tools/compat-build-source.py $(src)/xlat.lst <$< >$@.new + $(PYTHON) $(srctree)/tools/compat-build-source.py $(srcdir)/xlat.lst <$< >$@.new mv -f $@.new $@ -$(obj)/compat/.xlat/%.h: $(obj)/compat/%.h $(obj)/compat/.xlat/%.lst $(BASEDIR)/tools/get-fields.sh $(src)/Makefile +$(obj)/compat/.xlat/%.h: $(obj)/compat/%.h $(obj)/compat/.xlat/%.lst $(srctree)/tools/get-fields.sh $(src)/Makefile export PYTHON=$(PYTHON); \ while read what name; do \ - $(SHELL) $(BASEDIR)/tools/get-fields.sh "$$what" compat_$$name $< || exit $$?; \ + $(SHELL) $(srctree)/tools/get-fields.sh "$$what" compat_$$name $< || exit $$?; \ done <$(patsubst $(obj)/compat/%,$(obj)/compat/.xlat/%,$(basename $<)).lst >$@.new mv -f $@.new $@ @@ -70,7 +70,7 @@ $(obj)/compat/.xlat/%.lst: $(src)/xlat.lst $(src)/Makefile grep -v '^[[:blank:]]*#' $< | sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,[[:blank:]]+$*\.h[[:blank:]]*$$,,p' >$@.new $(call move-if-changed,$@.new,$@) -xlat-y := $(shell sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,^[?!][[:blank:]]+[^[:blank:]]+[[:blank:]]+,,p' $(src)/xlat.lst | uniq) +xlat-y := $(shell sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,^[?!][[:blank:]]+[^[:blank:]]+[[:blank:]]+,,p' $(srcdir)/xlat.lst | uniq) xlat-y := $(filter $(patsubst compat/%,%,$(headers-y)),$(xlat-y)) $(obj)/compat/xlat.h: $(addprefix $(obj)/compat/.xlat/,$(xlat-y)) $(obj)/config/auto.conf $(src)/Makefile diff --git a/xen/scripts/Kconfig.include b/xen/scripts/Kconfig.include index e1f13e1720..389a690a12 100644 --- a/xen/scripts/Kconfig.include +++ b/xen/scripts/Kconfig.include @@ -40,4 +40,4 @@ $(error-if,$(failure,command -v $(CC)),compiler '$(CC)' not found) $(error-if,$(failure,command -v $(LD)),linker '$(LD)' not found) # gcc version including patch level -gcc-version := $(shell,$(BASEDIR)/scripts/gcc-version.sh $(CC)) +gcc-version := $(shell,$(srctree)/scripts/gcc-version.sh $(CC)) diff --git a/xen/scripts/Makefile.clean b/xen/scripts/Makefile.clean index 4eed319745..f97ecd3b8e 100644 --- a/xen/scripts/Makefile.clean +++ b/xen/scripts/Makefile.clean @@ -5,9 +5,12 @@ src := $(obj) +# shortcuts +srcdir := $(srctree)/$(src) + clean:: -include $(BASEDIR)/scripts/Kbuild.include +include $(srctree)/scripts/Kbuild.include include $(src)/Makefile diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index 4ac6fb8778..a99038cb57 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -8,8 +8,8 @@ CFLAGS-y += -I$(obj)/include AWK = awk -FLASK_H_DEPEND := $(addprefix $(src)/policy/,security_classes initial_sids) -AV_H_DEPEND = $(src)/policy/access_vectors +FLASK_H_DEPEND := $(addprefix $(srcdir)/policy/,security_classes initial_sids) +AV_H_DEPEND := $(srcdir)/policy/access_vectors FLASK_H_FILES := flask.h class_to_string.h initial_sid_to_string.h AV_H_FILES := av_perm_to_string.h av_permissions.h @@ -18,14 +18,14 @@ ALL_H_FILES := $(addprefix include/,$(FLASK_H_FILES) $(AV_H_FILES)) $(addprefix $(obj)/,$(obj-y)) $(obj)/ss/built_in.o: $(addprefix $(obj)/,$(ALL_H_FILES)) extra-y += $(ALL_H_FILES) -mkflask := $(src)/policy/mkflask.sh +mkflask := $(srcdir)/policy/mkflask.sh quiet_cmd_mkflask = MKFLASK $@ cmd_mkflask = $(SHELL) $(mkflask) $(AWK) $(obj)/include $(FLASK_H_DEPEND) $(addprefix $(obj)/%/,$(FLASK_H_FILES)): $(FLASK_H_DEPEND) $(mkflask) FORCE $(call if_changed,mkflask) -mkaccess := $(src)/policy/mkaccess_vector.sh +mkaccess := $(srcdir)/policy/mkaccess_vector.sh quiet_cmd_mkaccess = MKACCESS VECTOR $@ cmd_mkaccess = $(SHELL) $(mkaccess) $(AWK) $(obj)/include $(AV_H_DEPEND) @@ -36,7 +36,7 @@ obj-bin-$(CONFIG_XSM_FLASK_POLICY) += flask-policy.o $(obj)/flask-policy.o: $(obj)/policy.bin $(obj)/flask-policy.S: BINFILE_FLAGS := -i -$(obj)/flask-policy.S: $(BASEDIR)/tools/binfile FORCE +$(obj)/flask-policy.S: $(srctree)/tools/binfile FORCE $(call if_changed,binfile,$(obj)/policy.bin xsm_flask_init_policy) targets += flask-policy.S -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 19:44:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 19:44:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301772.515066 (Exim 4.92) (envelope-from ) id 1ncuWu-0007yj-2H; Fri, 08 Apr 2022 19:44:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301772.515066; Fri, 08 Apr 2022 19:44:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuWt-0007yb-VF; Fri, 08 Apr 2022 19:44:23 +0000 Received: by outflank-mailman (input) for mailman id 301772; Fri, 08 Apr 2022 19:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuWs-0007xo-KO for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuWs-0001aR-JV for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncuWs-0001jY-Ig for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=I6jt/in+wpl4YpxnGyFNA346Lpiw+2cK9XEtWhs+RsU=; b=ye2aBmNgnzmXXTfhzYwdyWPVuR mm9hAI/BKHdbEROSJOXqsiyCHErFLS7UgjgsBGIHMpeb+DeSJXoWUUZTkgy0my838UbhnvNbnr/ZE tQZtcQEZMvgBXcIy+JDw1Mk3aSpLNnE8qaBPLiPXaTHaqvM8wf51o6O3QDMpO0QWvykg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: rework "headers*.chk" prerequisite in include/ Message-Id: Date: Fri, 08 Apr 2022 19:44:22 +0000 commit d55a3043401a82f1ff0f40bbf9a212753aa46781 Author: Anthony PERARD AuthorDate: Thu Apr 7 17:56:53 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 17:56:53 2022 +0200 build: rework "headers*.chk" prerequisite in include/ Listing public headers when out-of-tree build are involved becomes more annoying where every path to every headers needs to start with "$(srctree)/$(src)", or $(wildcard ) will not work. This means more repetition. ( "$(srcdir)" is a shortcut for "$(srctree)/$(src)" ) This patch attempt to reduce the amount of duplication and make better use of make's meta programming capability. The filters are now listed in a variable and don't have to repeat the path to the headers files as this is added later as needed. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/include/Makefile | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/xen/include/Makefile b/xen/include/Makefile index 5a2b4c9f65..fddf5a575b 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -39,8 +39,8 @@ cppflags-$(CONFIG_X86) += -m32 endif -public-$(CONFIG_X86) := $(wildcard $(src)/public/arch-x86/*.h $(src)/public/arch-x86/*/*.h) -public-$(CONFIG_ARM) := $(wildcard $(src)/public/arch-arm/*.h $(src)/public/arch-arm/*/*.h) +public-$(CONFIG_X86) := $(wildcard $(srcdir)/public/arch-x86/*.h $(srcdir)/public/arch-x86/*/*.h) +public-$(CONFIG_ARM) := $(wildcard $(srcdir)/public/arch-arm/*.h $(srcdir)/public/arch-arm/*/*.h) .PHONY: all all: $(addprefix $(obj)/,$(headers-y)) @@ -81,10 +81,23 @@ ifeq ($(XEN_TARGET_ARCH),$(XEN_COMPILE_ARCH)) all: $(obj)/headers.chk $(obj)/headers99.chk $(obj)/headers++.chk -PUBLIC_HEADERS := $(filter-out $(src)/public/arch-% $(src)/public/dom0_ops.h, $(wildcard $(src)/public/*.h $(src)/public/*/*.h) $(public-y)) +public-hdrs-path := $(srcdir)/public -PUBLIC_C99_HEADERS := $(src)/public/io/9pfs.h $(src)/public/io/pvcalls.h -PUBLIC_ANSI_HEADERS := $(filter-out $(src)/public/%ctl.h $(src)/public/xsm/% $(src)/public/%hvm/save.h $(PUBLIC_C99_HEADERS), $(PUBLIC_HEADERS)) +public-list-headers = $(wildcard $1/*.h $1/*/*.h) +public-filter-headers = $(filter-out $(addprefix $(public-hdrs-path)/, $($1-filter)), $($1)) + +public-headers := $(call public-list-headers, $(public-hdrs-path)) $(public-y) +public-ansi-headers := $(public-headers) +public-c99-headers := $(addprefix $(public-hdrs-path)/, io/9pfs.h io/pvcalls.h) + +public-headers-filter := dom0_ops.h arch-% +public-ansi-headers-filter := %ctl.h xsm/% %hvm/save.h $(public-headers-filter) \ + $(patsubst $(public-hdrs-path)/%,%,$(public-c99-headers)) +public-c99-headers-filter := + +PUBLIC_HEADERS := $(call public-filter-headers,public-headers) +PUBLIC_ANSI_HEADERS := $(call public-filter-headers,public-ansi-headers) +PUBLIC_C99_HEADERS := $(call public-filter-headers,public-c99-headers) $(src)/public/io/9pfs.h-prereq := string $(src)/public/io/pvcalls.h-prereq := string -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 19:44:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 19:44:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301775.515072 (Exim 4.92) (envelope-from ) id 1ncuX4-00089I-4k; Fri, 08 Apr 2022 19:44:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301775.515072; Fri, 08 Apr 2022 19:44:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuX4-000896-19; Fri, 08 Apr 2022 19:44:34 +0000 Received: by outflank-mailman (input) for mailman id 301775; Fri, 08 Apr 2022 19:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuX2-000858-NU for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuX2-0001ad-MV for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncuX2-0001lb-Lh for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=A4TuADbqYDYNvGDzj+e1YJwLKmfU3I8QklnbOk3NW7g=; b=J1ea054W/wGTnoP9DAJHF3XryH XzarS+vHoHReM8/mrREsApEJgBhH5Od5QlSoLyBMQdVy80uEJfdvfMkwLqOICqyQ4A5asQA8tyjzi 2ggQrvHdsbg4V2EvXQTa5PmOYkjHNt75oxI2f+EE35wkoPaQOtrZHhmxy4fc888sdviM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: specify source tree in include/ for prerequisite Message-Id: Date: Fri, 08 Apr 2022 19:44:32 +0000 commit 1188c24ef7a12d1375ad628f93dd685f5a2fab5d Author: Anthony PERARD AuthorDate: Thu Apr 7 17:57:44 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 17:57:44 2022 +0200 build: specify source tree in include/ for prerequisite When doing an out-of-tree build, and thus setting VPATH, GNU Make 3.81 on Ubuntu Trusty complains about Circular dependency of include/Makefile and include/xlat.lst and drop them. The build fails later due to headers malformed. This might be due to bug #13529 "Incorrect circular dependancy" https://savannah.gnu.org/bugs/?13529 which was fixed in 3.82. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/include/Makefile | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/include/Makefile b/xen/include/Makefile index fddf5a575b..c8c4bcd93b 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -45,19 +45,19 @@ public-$(CONFIG_ARM) := $(wildcard $(srcdir)/public/arch-arm/*.h $(srcdir)/publi .PHONY: all all: $(addprefix $(obj)/,$(headers-y)) -$(obj)/compat/%.h: $(obj)/compat/%.i $(src)/Makefile $(srctree)/tools/compat-build-header.py +$(obj)/compat/%.h: $(obj)/compat/%.i $(srcdir)/Makefile $(srctree)/tools/compat-build-header.py $(PYTHON) $(srctree)/tools/compat-build-header.py <$< $(patsubst $(obj)/%,%,$@) >>$@.new; \ mv -f $@.new $@ -$(obj)/compat/%.i: $(obj)/compat/%.c $(src)/Makefile +$(obj)/compat/%.i: $(obj)/compat/%.c $(srcdir)/Makefile $(CPP) $(filter-out -Wa$(comma)% -include %/include/xen/config.h,$(XEN_CFLAGS)) $(cppflags-y) -o $@ $< -$(obj)/compat/%.c: $(src)/public/%.h $(src)/xlat.lst $(src)/Makefile $(srctree)/tools/compat-build-source.py +$(obj)/compat/%.c: $(src)/public/%.h $(srcdir)/xlat.lst $(srcdir)/Makefile $(srctree)/tools/compat-build-source.py mkdir -p $(@D) $(PYTHON) $(srctree)/tools/compat-build-source.py $(srcdir)/xlat.lst <$< >$@.new mv -f $@.new $@ -$(obj)/compat/.xlat/%.h: $(obj)/compat/%.h $(obj)/compat/.xlat/%.lst $(srctree)/tools/get-fields.sh $(src)/Makefile +$(obj)/compat/.xlat/%.h: $(obj)/compat/%.h $(obj)/compat/.xlat/%.lst $(srctree)/tools/get-fields.sh $(srcdir)/Makefile export PYTHON=$(PYTHON); \ while read what name; do \ $(SHELL) $(srctree)/tools/get-fields.sh "$$what" compat_$$name $< || exit $$?; \ @@ -65,7 +65,7 @@ $(obj)/compat/.xlat/%.h: $(obj)/compat/%.h $(obj)/compat/.xlat/%.lst $(srctree)/ mv -f $@.new $@ .PRECIOUS: $(obj)/compat/.xlat/%.lst -$(obj)/compat/.xlat/%.lst: $(src)/xlat.lst $(src)/Makefile +$(obj)/compat/.xlat/%.lst: $(srcdir)/xlat.lst $(srcdir)/Makefile mkdir -p $(@D) grep -v '^[[:blank:]]*#' $< | sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,[[:blank:]]+$*\.h[[:blank:]]*$$,,p' >$@.new $(call move-if-changed,$@.new,$@) @@ -73,7 +73,7 @@ $(obj)/compat/.xlat/%.lst: $(src)/xlat.lst $(src)/Makefile xlat-y := $(shell sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,^[?!][[:blank:]]+[^[:blank:]]+[[:blank:]]+,,p' $(srcdir)/xlat.lst | uniq) xlat-y := $(filter $(patsubst compat/%,%,$(headers-y)),$(xlat-y)) -$(obj)/compat/xlat.h: $(addprefix $(obj)/compat/.xlat/,$(xlat-y)) $(obj)/config/auto.conf $(src)/Makefile +$(obj)/compat/xlat.h: $(addprefix $(obj)/compat/.xlat/,$(xlat-y)) $(obj)/config/auto.conf $(srcdir)/Makefile cat $(filter %.h,$^) >$@.new mv -f $@.new $@ @@ -102,7 +102,7 @@ PUBLIC_C99_HEADERS := $(call public-filter-headers,public-c99-headers) $(src)/public/io/9pfs.h-prereq := string $(src)/public/io/pvcalls.h-prereq := string -$(obj)/headers.chk: $(PUBLIC_ANSI_HEADERS) $(src)/Makefile +$(obj)/headers.chk: $(PUBLIC_ANSI_HEADERS) $(srcdir)/Makefile for i in $(filter %.h,$^); do \ $(CC) -x c -ansi -Wall -Werror -include stdint.h \ -S -o /dev/null $$i || exit 1; \ @@ -110,7 +110,7 @@ $(obj)/headers.chk: $(PUBLIC_ANSI_HEADERS) $(src)/Makefile done >$@.new mv $@.new $@ -$(obj)/headers99.chk: $(PUBLIC_C99_HEADERS) $(src)/Makefile +$(obj)/headers99.chk: $(PUBLIC_C99_HEADERS) $(srcdir)/Makefile rm -f $@.new $(foreach i, $(filter %.h,$^), \ echo "#include "\"$(i)\" \ @@ -120,7 +120,7 @@ $(obj)/headers99.chk: $(PUBLIC_C99_HEADERS) $(src)/Makefile || exit $$?; echo $(i) >> $@.new;) mv $@.new $@ -$(obj)/headers++.chk: $(PUBLIC_HEADERS) $(src)/Makefile +$(obj)/headers++.chk: $(PUBLIC_HEADERS) $(srcdir)/Makefile rm -f $@.new if ! $(CXX) -v >/dev/null 2>&1; then \ touch $@.new; \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 19:44:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 19:44:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301776.515074 (Exim 4.92) (envelope-from ) id 1ncuXE-0008HM-5d; Fri, 08 Apr 2022 19:44:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301776.515074; Fri, 08 Apr 2022 19:44:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuXE-0008HE-2f; Fri, 08 Apr 2022 19:44:44 +0000 Received: by outflank-mailman (input) for mailman id 301776; Fri, 08 Apr 2022 19:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuXC-0008Gu-QC for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuXC-0001an-PR for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncuXC-0001nf-Oe for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Dpi6HhaOExKsIJCAcXD57PeXG7emLlm6oNQDSBMEklA=; b=K3ZgrMq6uWzwyIWtvqN0FsAJhl 6p1WMNNhDGXBcpp///u6czTEH2vjEB6DsmxP0lLMUOpV/sBkvVWpM1PEsdFfDWEvHrjCckbf52wzS lyp7qzCrlAtjKE4UJelogU1hj85E1TEgaRSC/gK3dEjChgonT0bNVOgCAJrC6zWmaHWU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: shuffle main Makefile Message-Id: Date: Fri, 08 Apr 2022 19:44:42 +0000 commit 15a0578ca4b02c8daf8d36c94e5955cfc5885424 Author: Anthony PERARD AuthorDate: Thu Apr 7 17:58:44 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 17:58:44 2022 +0200 build: shuffle main Makefile Reorganize a bit the Makefile ahead of patch "build: adding out-of-tree support to the xen build" We are going to want to calculate all the $(*srctree) and $(*objtree) once, when we can calculate them. This can happen within the "$(root-make-done)" guard, in an out-of-tree build scenario, so move those variable there. $(XEN_ROOT) is going to depends on the value of $(abs_srctree) so needs to move as well. "Kbuild.include" also depends on $(srctree). Next, "Config.mk" depends on $(XEN_ROOT) and $(TARGET_*ARCH) depends on "Config.mk" so those needs to move as well. This should only be code movement without functional changes. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/Makefile | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index e78d681baa..ebc7854c08 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -19,17 +19,6 @@ export PYTHON ?= $(PYTHON_INTERPRETER) export CHECKPOLICY ?= checkpolicy -export XEN_ROOT := $(CURDIR)/.. - -abs_objtree := $(CURDIR) -abs_srctree := $(CURDIR) - -export abs_srctree abs_objtree - -srctree := . -objtree := . -export srctree objtree - # Do not use make's built-in rules and variables MAKEFLAGS += -rR @@ -41,16 +30,6 @@ SRCARCH=$(shell echo $(ARCH) | \ -e s'/riscv.*/riscv/g') export ARCH SRCARCH -# Don't break if the build process wasn't called from the top level -# we need XEN_TARGET_ARCH to generate the proper config -include $(XEN_ROOT)/Config.mk - -# Set ARCH/SUBARCH appropriately. -export TARGET_SUBARCH := $(XEN_TARGET_ARCH) -export TARGET_ARCH := $(shell echo $(XEN_TARGET_ARCH) | \ - sed -e 's/x86.*/x86/' -e s'/arm\(32\|64\)/arm/g' \ - -e s'/riscv.*/riscv/g') - # Allow someone to change their config file export KCONFIG_CONFIG ?= .config @@ -64,8 +43,6 @@ default: build .PHONY: dist dist: install -include scripts/Kbuild.include - ifneq ($(root-make-done),y) # section to run before calling Rules.mk, but only once. @@ -141,6 +118,17 @@ endif export quiet Q KBUILD_VERBOSE +abs_objtree := $(CURDIR) +abs_srctree := $(CURDIR) + +export abs_srctree abs_objtree + +srctree := . +objtree := . +export srctree objtree + +export XEN_ROOT := $(CURDIR)/.. + # To make sure we do not include .config for any of the *config targets # catch them early, and hand them over to tools/kconfig/Makefile @@ -163,6 +151,18 @@ ifneq ($(filter %config,$(MAKECMDGOALS)),) config-build := y endif +include scripts/Kbuild.include + +# Don't break if the build process wasn't called from the top level +# we need XEN_TARGET_ARCH to generate the proper config +include $(XEN_ROOT)/Config.mk + +# Set ARCH/SUBARCH appropriately. +export TARGET_SUBARCH := $(XEN_TARGET_ARCH) +export TARGET_ARCH := $(shell echo $(XEN_TARGET_ARCH) | \ + sed -e 's/x86.*/x86/' -e s'/arm\(32\|64\)/arm/g' \ + -e s'/riscv.*/riscv/g') + export CONFIG_SHELL := $(SHELL) export YACC = $(if $(BISON),$(BISON),bison) export LEX = $(if $(FLEX),$(FLEX),flex) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 19:44:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 19:44:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301778.515077 (Exim 4.92) (envelope-from ) id 1ncuXO-0008Me-8l; Fri, 08 Apr 2022 19:44:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301778.515077; Fri, 08 Apr 2022 19:44:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuXO-0008MW-5Z; Fri, 08 Apr 2022 19:44:54 +0000 Received: by outflank-mailman (input) for mailman id 301778; Fri, 08 Apr 2022 19:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuXM-0008MF-TW for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuXM-0001cV-Sg for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncuXM-0001oI-Rm for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:44:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=snSF8q0tG8pBTH3FWxwRn3zwzjRnnQqhzPnnrmoUA7E=; b=coPhN0sJiLYa50QhM5FDmoMLJh qBMbRG4yHSRSwf6rUij9WV87G376Wo4fcDVXlrfQ27YOdHBNCHwd9I9aMGrx+yU72uMI5L78u+qLK 9VEShuINS6k4ktkm0tQsTLcKC+wYnOmli9aXzf36k4SkP/nnte79anaqN+m+m6TxSvHM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] vPCI: fix MSI-X PBA read/write gprintk()s Message-Id: Date: Fri, 08 Apr 2022 19:44:52 +0000 commit d3f61beea4255e2d86ae82303384c57a3262435e Author: Jan Beulich AuthorDate: Thu Apr 7 18:01:24 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 7 18:01:24 2022 +0200 vPCI: fix MSI-X PBA read/write gprintk()s %pp wants the address of an SBDF, not that of a PCI device. Fixes: b4f211606011 ("vpci/msix: fix PBA accesses") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/vpci/msix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index 63f162cf5a..ab758a1ddf 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -247,7 +247,7 @@ static int cf_check msix_read( { gprintk(XENLOG_WARNING, "%pp: unable to map MSI-X PBA, report all pending\n", - msix->pdev); + &msix->pdev->sbdf); return X86EMUL_OKAY; } @@ -332,7 +332,7 @@ static int cf_check msix_write( /* Unable to map the PBA, ignore write. */ gprintk(XENLOG_WARNING, "%pp: unable to map MSI-X PBA, write ignored\n", - msix->pdev); + &msix->pdev->sbdf); return X86EMUL_OKAY; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 19:45:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 19:45:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301780.515082 (Exim 4.92) (envelope-from ) id 1ncuXb-0008QM-A7; Fri, 08 Apr 2022 19:45:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301780.515082; Fri, 08 Apr 2022 19:45:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuXb-0008QE-75; Fri, 08 Apr 2022 19:45:07 +0000 Received: by outflank-mailman (input) for mailman id 301780; Fri, 08 Apr 2022 19:45:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuXa-0008Q4-4L for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:45:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncuXa-0001dO-3X for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:45:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncuXa-0001y7-2n for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 19:45:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NIH9uJkIAs9UckAYrtOaj6mBHuri41/Znxw/SQS6/IU=; b=eT2DjbEzXS7bQ0FOZg3KT3j85f E9cmlXZOk0yO3jfi4EsIUA/D47rMuiAYcSAiF/poU6zBDc9VPYYsBWk0SuFQkVeDjos2RMucDPIoC KMI8Wbcu4wWT5hNqEB8eNUa/hECHdbTPdqZT0QHMOGrJNUxYLjeS7RhpiN2sKJtAcx5s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] SUPPORT.md: add Dom0less as Supported Message-Id: Date: Fri, 08 Apr 2022 19:45:06 +0000 commit 8847ec08fd0eecbe3da944fdd49ca3d755e8a9bf Author: Stefano Stabellini AuthorDate: Thu Apr 7 17:10:37 2022 -0700 Commit: Stefano Stabellini CommitDate: Fri Apr 8 12:36:10 2022 -0700 SUPPORT.md: add Dom0less as Supported Add Dom0less to SUPPORT.md to clarify its support status. The feature is mature enough and small enough to make it security supported. Clarify that dom0less DomUs memory is not scrubbed at boot when bootscrub=on or bootscrub=off are passed as Xen command line parameters, and no XSAs will be issued for that. Also see XSA-372: 371347c5b64da and fd5dc41ceaed. Signed-off-by: Stefano Stabellini Reviewed-by: Bertrand Marquis Acked-by: Julien Grall --- SUPPORT.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/SUPPORT.md b/SUPPORT.md index 32fb0aa8de..088dda9561 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -882,6 +882,17 @@ OVMF firmware implements the UEFI boot protocol. Status, qemu-xen: Supported +## Dom0less + +Guest creation from the hypervisor at boot without Dom0 intervention. + + Status, ARM: Supported + +Memory of dom0less DomUs is not scrubbed at boot when bootscrub=on or +bootscrub=off are passed as Xen command line parameters. (Memory should +be scrubbed with bootscrub=idle.) No XSAs will be issues due to +unscrubbed memory. + # Format and definitions This file contains prose, and machine-readable fragments. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 23:55:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 23:55:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301849.515207 (Exim 4.92) (envelope-from ) id 1ncyRS-0001Y6-QS; Fri, 08 Apr 2022 23:55:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301849.515207; Fri, 08 Apr 2022 23:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyRS-0001Xy-Nc; Fri, 08 Apr 2022 23:55:02 +0000 Received: by outflank-mailman (input) for mailman id 301849; Fri, 08 Apr 2022 23:55:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyRR-0001Xi-IB for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyRR-0005pv-HG for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncyRR-00011p-GK for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HxH43vyyJAHhBCpAtWyLNAPTmYP/UKikj2IqN7J/aXg=; b=MnEzqy6n0mI5D/LXGu/MNAd35k i26r+I7XnvT3gFxZ2aGFEXLMTjBFS6NehOEOkTZM+gTCgUw8hCH644qVMLKILyt530YMRQddnkbyq 6lPHQkk9GekEdRh7FnH729j8ZcOjjAAAOHrxt/P0bQJxvJO/IWL1BAP7rbbabscC+Syc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] VT-d: don't needlessly look up DID Message-Id: Date: Fri, 08 Apr 2022 23:55:01 +0000 commit a5b52c357c3b411c0b9ba9bad173e467c2c1027d Author: Jan Beulich AuthorDate: Fri Apr 8 15:00:29 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:00:29 2022 +0200 VT-d: don't needlessly look up DID If get_iommu_domid() in domain_context_unmap_one() fails, we better wouldn't clear the context entry in the first place, as we're then unable to issue the corresponding flush. However, we have no need to look up the DID in the first place: What needs flushing is very specifically the DID that was in the context entry before our clearing of it. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 445ab9852d69d8957467f0036098ebec75fec092 master date: 2022-04-07 12:29:03 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index c1ae66c8ef..cf5f15fe01 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1815,18 +1815,12 @@ int domain_context_unmap_one( return 0; } + iommu_domid = context_domain_id(*context); + context_clear_present(*context); context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); - if ( iommu_domid == -1 ) - { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return -EINVAL; - } - rc = iommu_flush_context_device(iommu, iommu_domid, PCI_BDF2(bus, devfn), DMA_CCMD_MASK_NOBIT, 0); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 23:55:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 23:55:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301851.515212 (Exim 4.92) (envelope-from ) id 1ncyRc-0001aZ-SF; Fri, 08 Apr 2022 23:55:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301851.515212; Fri, 08 Apr 2022 23:55:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyRc-0001aP-P2; Fri, 08 Apr 2022 23:55:12 +0000 Received: by outflank-mailman (input) for mailman id 301851; Fri, 08 Apr 2022 23:55:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyRb-0001aD-LS for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyRb-0005ri-Kc for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncyRb-00012S-Jh for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=X52wQTK2WIRwZPz1lD0Q1OK/cTmf/QKkXixON6EK3b4=; b=UxPCFCLOhNYrmqB4HhStRxGIg2 51UrkpW4bqUS+4BSVoapYs0+yoL17UKWjgxV/OkRHKhJCLCWDgsubUPHfis0G5tOH14ShFu34zrGu so/at2YEXzG1+PuS6GSDM9zs7EzU0P25tbXrWIC8zfU5hXfcsIkqR9+so95iNh8jS+0g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] VT-d: avoid NULL deref on domain_context_mapping_one() error paths Message-Id: Date: Fri, 08 Apr 2022 23:55:11 +0000 commit 3ecdd44f288782ffd7e81d200c9071c723113f1e Author: Jan Beulich AuthorDate: Fri Apr 8 15:01:07 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:01:07 2022 +0200 VT-d: avoid NULL deref on domain_context_mapping_one() error paths First there's a printk() which actually wrongly uses pdev in the first place: We want to log the coordinates of the (perhaps fake) device acted upon, which may not be pdev. Then it was quite pointless for eb19326a328d ("VT-d: prepare for per- device quarantine page tables (part I)") to add a domid_t parameter to domain_context_unmap_one(): It's only used to pass back here via me_wifi_quirk() -> map_me_phantom_function(). Drop the parameter again. Finally there's the invocation of domain_context_mapping_one(), which needs to be passed the correct domain ID. Avoid taking that path when pdev is NULL and the quarantine state is what would need restoring to. This means we can't security-support non-PCI-Express devices with RMRRs (if such exist in practice) any longer; note that as of trhe 1st of the two commits referenced below assigning them to DomU-s is unsupported anyway. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Fixes: 14dd241aad8a ("IOMMU/x86: use per-device page tables for quarantining") Coverity ID: 1503784 Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 608394b906e71587f02e6662597bc985bad33a5a master date: 2022-04-07 12:30:19 +0200 --- xen/drivers/passthrough/vtd/extern.h | 2 +- xen/drivers/passthrough/vtd/iommu.c | 34 +++++++++++++++++++--------------- xen/drivers/passthrough/vtd/quirks.c | 2 +- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 9a11278b98..cf4d2218fa 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -88,7 +88,7 @@ int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, const struct pci_dev *pdev, domid_t domid, paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid); + uint8_t bus, uint8_t devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index cf5f15fe01..e9b6ed64e9 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1520,7 +1520,7 @@ int domain_context_mapping_one( check_cleanup_domid_map(domain, pdev, iommu); printk(XENLOG_ERR "%pp: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), + &PCI_SBDF3(seg, bus, devfn), (uint64_t)(res >> 64), (uint64_t)res, (uint64_t)(old >> 64), (uint64_t)old); rc = -EILSEQ; @@ -1588,9 +1588,14 @@ int domain_context_mapping_one( if ( rc ) { - if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + if ( !prev_dom || + /* + * Unmapping here means DEV_TYPE_PCI devices with RMRRs (if such + * exist) would cause problems if such a region was actually + * accessed. + */ + (prev_dom == dom_io && !pdev) ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), @@ -1729,7 +1734,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, * Strictly speaking if the device is the only one behind this bridge * and the only one with this (secbus,0,0) tuple, it could be allowed * to be re-assigned regardless of RMRR presence. But let's deal with - * that case only if it is actually found in the wild. + * that case only if it is actually found in the wild. Note that + * dealing with this just here would still not render the operation + * secure. */ else if ( prev_present && (mode & MAP_WITH_RMRR) && domain != pdev->domain ) @@ -1794,7 +1801,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid) + uint8_t bus, uint8_t devfn) { struct context_entry *context, *context_entries; u64 maddr; @@ -1846,7 +1853,8 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, DOMID_INVALID, 0, + UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1899,8 +1907,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1910,8 +1917,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( ret ) break; @@ -1934,12 +1940,10 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); /* PCIe to PCI/PCIx bridge */ if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, secbus, 0); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index b51b2bd1c5..f218e78681 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -364,7 +364,7 @@ static int __must_check map_me_phantom_function(struct domain *domain, domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), domid); + PCI_DEVFN(dev, 7)); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 23:55:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 23:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301852.515215 (Exim 4.92) (envelope-from ) id 1ncyRn-0001dw-TP; Fri, 08 Apr 2022 23:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301852.515215; Fri, 08 Apr 2022 23:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyRn-0001do-QR; Fri, 08 Apr 2022 23:55:23 +0000 Received: by outflank-mailman (input) for mailman id 301852; Fri, 08 Apr 2022 23:55:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyRl-0001db-Ol for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyRl-0005s0-Nt for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncyRl-000139-N0 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HVkcnY+bd/ZOxPj1DPmlzUfEiSvODIRa4LiMK2tiLro=; b=Nf3r2kPWk2yrJlejc/Xb3W7pZW a/EcTIT5XywYrtNTIspf29jVDBChBdh6OsurhMmJJCepDip5SXbYydYN5CpSQ6LwNY1oOJ0OY+32M 0WWcXJRwnxVx+yLadjC8lzi6aP1IrADeXiXaWsLYIZ2DuNCrXT6axiMWSTivvq7jNVw8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] VT-d: avoid infinite recursion on domain_context_mapping_one() error path Message-Id: Date: Fri, 08 Apr 2022 23:55:21 +0000 commit b3ee746000f37f38b41bfec97d37dbb1d4f3eca4 Author: Jan Beulich AuthorDate: Fri Apr 8 15:01:42 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:01:42 2022 +0200 VT-d: avoid infinite recursion on domain_context_mapping_one() error path Despite the comment there infinite recursion was still possible, by flip-flopping between two domains. This is because prev_dom is derived from the DID found in the context entry, which was already updated by the time error recovery is invoked. Simply introduce yet another mode flag to prevent rolling back an in-progress roll-back of a prior mapping attempt. Also drop the existing recursion prevention for having been dead anyway: Earlier in the function we already bail when prev_dom == domain. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 99d829dba1390b98a3ca07b365713e62182ee7ca master date: 2022-04-07 12:31:16 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 9 ++++----- xen/drivers/passthrough/vtd/vtd.h | 3 ++- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index e9b6ed64e9..68dd2f5500 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1586,7 +1586,7 @@ int domain_context_mapping_one( if ( !seg && !rc ) rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); - if ( rc ) + if ( rc && !(mode & MAP_ERROR_RECOVERY) ) { if ( !prev_dom || /* @@ -1596,13 +1596,12 @@ int domain_context_mapping_one( */ (prev_dom == dom_io && !pdev) ) ret = domain_context_unmap_one(domain, iommu, bus, devfn); - else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + else ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), DEVICE_PGTABLE(prev_dom, pdev), - mode & MAP_WITH_RMRR) < 0; - else - ret = 1; + (mode & MAP_WITH_RMRR) | + MAP_ERROR_RECOVERY) < 0; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index e4ab242fee..cb2df76eed 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -29,7 +29,8 @@ #define MAP_WITH_RMRR (1u << 0) #define MAP_OWNER_DYING (1u << 1) #define MAP_SINGLE_DEVICE (1u << 2) -#define UNMAP_ME_PHANTOM_FUNC (1u << 3) +#define MAP_ERROR_RECOVERY (1u << 3) +#define UNMAP_ME_PHANTOM_FUNC (1u << 4) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 23:55:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 23:55:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301854.515218 (Exim 4.92) (envelope-from ) id 1ncyRx-0001gT-VG; Fri, 08 Apr 2022 23:55:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301854.515218; Fri, 08 Apr 2022 23:55:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyRx-0001gL-S0; Fri, 08 Apr 2022 23:55:33 +0000 Received: by outflank-mailman (input) for mailman id 301854; Fri, 08 Apr 2022 23:55:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyRv-0001fw-S1 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyRv-0005sD-RG for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncyRv-00013w-QI for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nAEApUoahtf/s2Rbq21MJFXtQpe+cbWBSjKGD/S2/Rw=; b=OWIvuv0YkumtRh+9UrLHCu14/S 5weHv9W6FS3E3qB+ojT2lqQ9QCPJ7Xe2rZRiNYulqA/YtI+oEIp0za/jjtMhuLiN8DJK+HaIMDE1g 3kXo3vJrc7jTNPXDO4Oe1WJGrMQQnv3SuWWgefdIN1Zhnhq6FjVn7pIKaqpXJqSFYCV4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies Message-Id: Date: Fri, 08 Apr 2022 23:55:31 +0000 commit d32c347edb73521dabc543934aa3da9be79f9052 Author: Andrew Cooper AuthorDate: Fri Apr 8 15:02:12 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:02:12 2022 +0200 x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies c/s 1a914256dca5 increased the AMD max leaf from 0x8000001c to 0x80000021, but did not adjust anything in the calculate_*_policy() chain. As a result, on hardware supporting these leaves, we read the real hardware values into the raw policy, then copy into host, and all the way into the PV/HVM default policies. All 4 of these leaves have enable bits (first two by TopoExt, next by SEV, next by PQOS), so any software following the rules is fine and will leave them alone. However, leaf 0x8000001d takes a subleaf input and at least two userspace utilities have been observed to loop indefinitely under Xen (clearly waiting for eax to report "no more cache levels"). Such userspace is buggy, but Xen's behaviour isn't great either. In the short term, clobber all information in these leaves. This is a giant bodge, but there are complexities with implementing all of these leaves properly. Fixes: 1a914256dca5 ("x86/cpuid: support LFENCE always serialising CPUID bit") Link: https://github.com/QubesOS/qubes-issues/issues/7392 Reported-by: fosslinux Reported-by: Marek Marczykowski-GĂ³recki Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: d4012d50082c2eae2f3cbe7770be13b9227fbc3f master date: 2022-04-07 11:36:45 +0100 --- xen/arch/x86/cpuid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 880480208b..ee2c4ea03a 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -289,8 +289,15 @@ static void recalculate_misc(struct cpuid_policy *p) zero_leaves(p->extd.raw, 0xb, 0x18); + /* 0x19 - TLB details. Pass through. */ + /* 0x1a - Perf hints. Pass through. */ + p->extd.raw[0x1b] = EMPTY_LEAF; /* IBS - not supported. */ p->extd.raw[0x1c] = EMPTY_LEAF; /* LWP - not supported. */ + p->extd.raw[0x1d] = EMPTY_LEAF; /* TopoExt Cache */ + p->extd.raw[0x1e] = EMPTY_LEAF; /* TopoExt APIC ID/Core/Node */ + p->extd.raw[0x1f] = EMPTY_LEAF; /* SEV */ + p->extd.raw[0x20] = EMPTY_LEAF; /* Platform QoS */ break; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 23:55:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 23:55:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301855.515223 (Exim 4.92) (envelope-from ) id 1ncyS7-0001lw-2c; Fri, 08 Apr 2022 23:55:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301855.515223; Fri, 08 Apr 2022 23:55:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyS6-0001lo-W1; Fri, 08 Apr 2022 23:55:42 +0000 Received: by outflank-mailman (input) for mailman id 301855; Fri, 08 Apr 2022 23:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyS5-0001lc-VK for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:41 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncyS5-0005sO-Ua for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncyS5-00014c-Tc for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2EzNsjAomrkIV/1xOBgEwnvpoB6cSUgruFyB8rSsJ1g=; b=ZLXynvg4Fagt0Xew+5Y2lbChpF KG/R7s3hVcRbyp7hTgaqou35qZyfAsDJH6VeN8N8nIKUteuRKr6FhZefoE+W9RdWMwPDoHHBALLUv k/25RF0tbjZcSEzHvSfjeTju3VcxmQlKLvG12irAV0o+I63F2xynUyZru2HHHczQ4Its=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] vPCI: fix MSI-X PBA read/write gprintk()s Message-Id: Date: Fri, 08 Apr 2022 23:55:41 +0000 commit 2119c91edb6f6df8014c04b94a920f4cbf32f2fa Author: Jan Beulich AuthorDate: Fri Apr 8 15:02:45 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:02:45 2022 +0200 vPCI: fix MSI-X PBA read/write gprintk()s %pp wants the address of an SBDF, not that of a PCI device. Fixes: b4f211606011 ("vpci/msix: fix PBA accesses") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: d3f61beea4255e2d86ae82303384c57a3262435e master date: 2022-04-07 18:01:24 +0200 --- xen/drivers/vpci/msix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index ac5de98f6d..ea5d73a02a 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -247,7 +247,7 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, { gprintk(XENLOG_WARNING, "%pp: unable to map MSI-X PBA, report all pending\n", - msix->pdev); + &msix->pdev->sbdf); return X86EMUL_OKAY; } @@ -331,7 +331,7 @@ static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, /* Unable to map the PBA, ignore write. */ gprintk(XENLOG_WARNING, "%pp: unable to map MSI-X PBA, write ignored\n", - msix->pdev); + &msix->pdev->sbdf); return X86EMUL_OKAY; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 23:55:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 23:55:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301856.515227 (Exim 4.92) (envelope-from ) id 1ncySH-0001pv-4T; Fri, 08 Apr 2022 23:55:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301856.515227; Fri, 08 Apr 2022 23:55:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncySH-0001pl-16; Fri, 08 Apr 2022 23:55:53 +0000 Received: by outflank-mailman (input) for mailman id 301856; Fri, 08 Apr 2022 23:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncySG-0001pU-2L for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncySG-0005sg-1V for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncySG-00015K-0b for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7BqcD8RdMPB5LvOHULxe//bitig1RvJzka2W8g14LF4=; b=dF2QaaohlpPtIiWYPTgpB+v2hV +8ERiFC5WPMoovBQpdsCmpcLVJ7DRM2mEi6mQedOCxoU7Scj5OCAN3Y5mw4lK4WRyOPSyJFtJ5Ibw HfMaEyHOn7lvaMacdNAsEGQx8rPkDaMbcXQJsHN3hxZqefFJA/1yCqes1jxzq9RHsCP8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] livepatch: do not ignore sections with 0 size Message-Id: Date: Fri, 08 Apr 2022 23:55:52 +0000 commit cf395f82c90b59367f01f96a2532e444b4257b74 Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 15:03:15 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:03:15 2022 +0200 livepatch: do not ignore sections with 0 size A side effect of ignoring such sections is that symbols belonging to them won't be resolved, and that could make relocations belonging to other sections that reference those symbols fail. For example it's likely to have an empty .altinstr_replacement with symbols pointing to it, and marking the section as ignored will prevent the symbols from being resolved, which in turn will cause any relocations against them to fail. In order to solve this do not ignore sections with 0 size, only ignore sections that don't have the SHF_ALLOC flag set. Special case such empty sections in move_payload so they are not taken into account in order to decide whether a livepatch can be safely re-applied after a revert. Fixes: 98b728a7b2 ('livepatch: Disallow applying after an revert') Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Ross Lagerwall master commit: 0dc1f929e8fed681dec09ca3ea8de38202d5bf30 master date: 2022-04-08 10:24:10 +0200 --- xen/common/livepatch.c | 16 +++++++++++----- xen/include/xen/livepatch_elf.h | 2 +- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 329b01c1e8..65c7e37c4f 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -301,9 +301,6 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) * and .shstrtab. For the non-relocate we allocate and copy these * via other means - and the .rel we can ignore as we only use it * once during loading. - * - * Also ignore sections with zero size. Those can be for example: - * data, or .bss. */ if ( livepatch_elf_ignore_section(elf->sec[i].sec) ) offset[i] = UINT_MAX; @@ -362,8 +359,17 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) else if ( elf->sec[i].sec->sh_flags & SHF_WRITE ) { buf = rw_buf; - rw_buf_sec = i; - rw_buf_cnt++; + if ( elf->sec[i].sec->sh_size ) + { + /* + * Special handling of RW empty regions: do not account for + * them in order to decide whether a patch can safely be + * re-applied, but assign them a load address so symbol + * resolution and relocations work. + */ + rw_buf_sec = i; + rw_buf_cnt++; + } } else buf = ro_buf; diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 9ad499ee8b..5b1ec469da 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -48,7 +48,7 @@ int livepatch_elf_perform_relocs(struct livepatch_elf *elf); static inline bool livepatch_elf_ignore_section(const Elf_Shdr *sec) { - return !(sec->sh_flags & SHF_ALLOC) || sec->sh_size == 0; + return !(sec->sh_flags & SHF_ALLOC); } #endif /* __XEN_LIVEPATCH_ELF_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Apr 08 23:56:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Apr 2022 23:56:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.301857.515232 (Exim 4.92) (envelope-from ) id 1ncySR-0001tT-69; Fri, 08 Apr 2022 23:56:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 301857.515232; Fri, 08 Apr 2022 23:56:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncySR-0001tJ-2a; Fri, 08 Apr 2022 23:56:03 +0000 Received: by outflank-mailman (input) for mailman id 301857; Fri, 08 Apr 2022 23:56:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncySQ-0001t8-5o for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:56:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ncySQ-0005tW-4v for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:56:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ncySQ-00016H-41 for xen-changelog@lists.xenproject.org; Fri, 08 Apr 2022 23:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XjjpHHgSuQUFj+40hEl92PI6ZwT2qwAaNa6pJ5shJZU=; b=2Wm7L+it7As36P6TF2h6eS5TsR hYo/25UqhAIPC4FEUqqEb6vD3pGyCyLVDgh1+l/L4FZAHEVOLykUFe2cJ70IpVqyTxmwy2scphxmE pPWlyIt41fEIOdi0LMvFi9RPakshvn1vujfUWHKyxIhWi4FyLHaTsTbhN5BJCZAnDtbE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] livepatch: avoid relocations referencing ignored section symbols Message-Id: Date: Fri, 08 Apr 2022 23:56:02 +0000 commit d9e73f6320b311d739546d6325e530f07392c100 Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 15:03:46 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:03:46 2022 +0200 livepatch: avoid relocations referencing ignored section symbols Track whether symbols belong to ignored sections in order to avoid applying relocations referencing those symbols. The address of such symbols won't be resolved and thus the relocation will likely fail or write garbage to the destination. Return an error in that case, as leaving unresolved relocations would lead to malfunctioning payload code. Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Jan Beulich Reviewed-by: Ross Lagerwall master commit: 9120b5737f517fe9d2a3936c38d3a2211630323b master date: 2022-04-08 10:27:11 +0200 --- xen/arch/arm/arm32/livepatch.c | 7 +++++++ xen/arch/arm/arm64/livepatch.c | 7 +++++++ xen/arch/x86/livepatch.c | 7 +++++++ xen/common/livepatch_elf.c | 6 ++++++ xen/include/xen/livepatch_elf.h | 1 + 5 files changed, 28 insertions(+) diff --git a/xen/arch/arm/arm32/livepatch.c b/xen/arch/arm/arm32/livepatch.c index 5a06467008..3c50283b2a 100644 --- a/xen/arch/arm/arm32/livepatch.c +++ b/xen/arch/arm/arm32/livepatch.c @@ -272,6 +272,13 @@ int arch_livepatch_perform(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value; /* S */ diff --git a/xen/arch/arm/arm64/livepatch.c b/xen/arch/arm/arm64/livepatch.c index 6ec8dc60f0..62d2ef373a 100644 --- a/xen/arch/arm/arm64/livepatch.c +++ b/xen/arch/arm/arm64/livepatch.c @@ -270,6 +270,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value + r->r_addend; /* S+A */ diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index a3cb63a7ea..0172610ebf 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -290,6 +290,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = r->r_addend + elf->sym[symndx].sym->st_value; diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c index b089cacb1c..45d73912a3 100644 --- a/xen/common/livepatch_elf.c +++ b/xen/common/livepatch_elf.c @@ -334,7 +334,13 @@ int livepatch_elf_resolve_symbols(struct livepatch_elf *elf) } if ( livepatch_elf_ignore_section(elf->sec[idx].sec) ) + { + dprintk(XENLOG_DEBUG, LIVEPATCH + "%s: Symbol %s from section %s ignored\n", + elf->name, elf->sym[i].name, elf->sec[idx].name); + elf->sym[i].ignored = true; break; + } st_value += (unsigned long)elf->sec[idx].load_addr; if ( elf->sym[i].name ) diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 5b1ec469da..7116deaddc 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -22,6 +22,7 @@ struct livepatch_elf_sec { struct livepatch_elf_sym { const Elf_Sym *sym; const char *name; + bool ignored; }; struct livepatch_elf { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 06:00:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 06:00:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302056.515580 (Exim 4.92) (envelope-from ) id 1nd48u-0006fw-Nc; Sat, 09 Apr 2022 06:00:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302056.515580; Sat, 09 Apr 2022 06:00:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd48u-0006fo-JF; Sat, 09 Apr 2022 06:00:16 +0000 Received: by outflank-mailman (input) for mailman id 302056; Sat, 09 Apr 2022 06:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd48q-0006fc-Ba for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 06:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd48q-0005p2-Ah for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 06:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nd48q-0007NC-9g for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 06:00:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YmonfR57oocybuUgtK2bALajNMF6CWLsJcXaMElUYMY=; b=1CAFC2Xvk6RGq3OWU2HzGC6LGn +XPPm1W8htNDjY3yhLQt1hu/esrpYDv8ByaRSlQzW0naYgRzgptBy5KE+QlON5imG0+skBlJRvq36 KqefESajDuy38bYpVyQwfGSmwbsx7NMnTiREgrQofk8psal/iHDdFm3GkNGDpR32dKzY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] VT-d: avoid NULL deref on domain_context_mapping_one() error paths Message-Id: Date: Sat, 09 Apr 2022 06:00:12 +0000 commit 02d095b2d3e00597409f2574b632ded6d733ec2a Author: Jan Beulich AuthorDate: Fri Apr 8 15:27:36 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:27:36 2022 +0200 VT-d: avoid NULL deref on domain_context_mapping_one() error paths First there's a printk() which actually wrongly uses pdev in the first place: We want to log the coordinates of the (perhaps fake) device acted upon, which may not be pdev. Then it was quite pointless for eb19326a328d ("VT-d: prepare for per- device quarantine page tables (part I)") to add a domid_t parameter to domain_context_unmap_one(): It's only used to pass back here via me_wifi_quirk() -> map_me_phantom_function(). Drop the parameter again. Finally there's the invocation of domain_context_mapping_one(), which needs to be passed the correct domain ID. Avoid taking that path when pdev is NULL and the quarantine state is what would need restoring to. This means we can't security-support non-PCI-Express devices with RMRRs (if such exist in practice) any longer; note that as of trhe 1st of the two commits referenced below assigning them to DomU-s is unsupported anyway. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Fixes: 14dd241aad8a ("IOMMU/x86: use per-device page tables for quarantining") Coverity ID: 1503784 Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 608394b906e71587f02e6662597bc985bad33a5a master date: 2022-04-07 12:30:19 +0200 --- xen/drivers/passthrough/vtd/extern.h | 2 +- xen/drivers/passthrough/vtd/iommu.c | 34 +++++++++++++++++++--------------- xen/drivers/passthrough/vtd/quirks.c | 2 +- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index e45650eba0..69867578bc 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -75,7 +75,7 @@ int domain_context_mapping_one(struct domain *domain, struct iommu *iommu, const struct pci_dev *pdev, domid_t domid, paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid); + uint8_t bus, uint8_t devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 6c06baa939..4da09bbcc8 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1570,7 +1570,7 @@ int domain_context_mapping_one( check_cleanup_domid_map(domain, pdev, iommu); printk(XENLOG_ERR "%04x:%02x:%02x.%u: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", - pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), (uint64_t)(res >> 64), (uint64_t)res, (uint64_t)(old >> 64), (uint64_t)old); rc = -EILSEQ; @@ -1638,9 +1638,14 @@ int domain_context_mapping_one( if ( rc ) { - if ( !prev_dom ) - domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + if ( !prev_dom || + /* + * Unmapping here means DEV_TYPE_PCI devices with RMRRs (if such + * exist) would cause problems if such a region was actually + * accessed. + */ + (prev_dom == dom_io && !pdev) ) + domain_context_unmap_one(domain, iommu, bus, devfn); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), @@ -1765,7 +1770,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, * Strictly speaking if the device is the only one behind this bridge * and the only one with this (secbus,0,0) tuple, it could be allowed * to be re-assigned regardless of RMRR presence. But let's deal with - * that case only if it is actually found in the wild. + * that case only if it is actually found in the wild. Note that + * dealing with this just here would still not render the operation + * secure. */ if ( prev_present && (mode & MAP_WITH_RMRR) && domain != pdev->domain ) @@ -1831,7 +1838,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid) + uint8_t bus, uint8_t devfn) { struct context_entry *context, *context_entries; u64 maddr; @@ -1883,7 +1890,8 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->intel->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, DOMID_INVALID, 0, + UNMAP_ME_PHANTOM_FUNC); return rc; } @@ -1924,8 +1932,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "d%d:PCIe: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1935,8 +1942,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( ret ) break; @@ -1945,12 +1951,10 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( find_upstream_bridge(seg, &tmp_bus, &tmp_devfn, &secbus) < 1 ) break; - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); /* PCIe to PCI/PCIx bridge */ if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, secbus, 0); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 5373930c0f..50ebbf3e44 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -350,7 +350,7 @@ static int __must_check map_me_phantom_function(struct domain *domain, domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), domid); + PCI_DEVFN(dev, 7)); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 06:00:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 06:00:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302057.515585 (Exim 4.92) (envelope-from ) id 1nd48u-0006gJ-Qo; Sat, 09 Apr 2022 06:00:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302057.515585; Sat, 09 Apr 2022 06:00:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd48u-0006fz-KZ; Sat, 09 Apr 2022 06:00:16 +0000 Received: by outflank-mailman (input) for mailman id 302057; Sat, 09 Apr 2022 06:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd48g-00065F-B6 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 06:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd48g-0005oy-7A for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 06:00:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nd48g-0007L1-6C for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 06:00:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=efePqzgHMokq3QNbbCznsvvwS0Ms5ovXVoxPCgL51Rk=; b=ZyJdAhzKOUDkaiMUInXsIOcc3I 0hZI1KqoI+17kZC5U5cW4tlTir/COzi9ZM12t6oJopJEOYtJYcZii/LOed3z33JgDLKIEhdeJjl2m 68/3z4YzUraSaPxEHU41557Tqn1PiM1LMfLlKBpnftBMq04+O/Cp3wLObPy3ww6h7TpY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] VT-d: don't needlessly look up DID Message-Id: Date: Sat, 09 Apr 2022 06:00:02 +0000 commit 92e4beecd36e92d7a628738aa35a31e6781bb4cd Author: Jan Beulich AuthorDate: Fri Apr 8 15:24:23 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:24:23 2022 +0200 VT-d: don't needlessly look up DID If get_iommu_domid() in domain_context_unmap_one() fails, we better wouldn't clear the context entry in the first place, as we're then unable to issue the corresponding flush. However, we have no need to look up the DID in the first place: What needs flushing is very specifically the DID that was in the context entry before our clearing of it. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 445ab9852d69d8957467f0036098ebec75fec092 master date: 2022-04-07 12:29:03 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 5ca1d02981..6c06baa939 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1852,18 +1852,12 @@ int domain_context_unmap_one( return 0; } + iommu_domid = context_domain_id(*context); + context_clear_present(*context); context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); - if ( iommu_domid == -1 ) - { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return -EINVAL; - } - rc = iommu_flush_context_device(iommu, iommu_domid, PCI_BDF2(bus, devfn), DMA_CCMD_MASK_NOBIT, 0); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 06:00:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 06:00:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302058.515587 (Exim 4.92) (envelope-from ) id 1nd491-0006j1-PE; Sat, 09 Apr 2022 06:00:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302058.515587; Sat, 09 Apr 2022 06:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd491-0006is-Lv; Sat, 09 Apr 2022 06:00:23 +0000 Received: by outflank-mailman (input) for mailman id 302058; Sat, 09 Apr 2022 06:00:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd490-0006iU-Ey for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 06:00:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd490-0005pB-E7 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 06:00:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nd490-0007Nv-D2 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 06:00:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Lcx6OQwENB6lH+LYiAaRAAneMHaVC4CAht6rx54Z+/M=; b=gVRLE3tSaiGcCFn+Dz7oG23kNl DKI45xPj9qM7vtKBjjPhqBpaeq7roLnlRIVN2oS3MmHEmp84zWjZYikVYfNj9rgYmthGPlme59WPb KBgOGC/q5vNQ4VLnGCMjsqv5Hakp9EM5g16ymB+sp/l8usM21tjQUrCe+y1gvsR69Wyg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] VT-d: avoid infinite recursion on domain_context_mapping_one() error path Message-Id: Date: Sat, 09 Apr 2022 06:00:22 +0000 commit efea4bdbd183e1f1e3cbb2b33623680419199542 Author: Jan Beulich AuthorDate: Fri Apr 8 15:28:36 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:28:36 2022 +0200 VT-d: avoid infinite recursion on domain_context_mapping_one() error path Despite the comment there infinite recursion was still possible, by flip-flopping between two domains. This is because prev_dom is derived from the DID found in the context entry, which was already updated by the time error recovery is invoked. Simply introduce yet another mode flag to prevent rolling back an in-progress roll-back of a prior mapping attempt. Also drop the existing recursion prevention for having been dead anyway: Earlier in the function we already bail when prev_dom == domain. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 99d829dba1390b98a3ca07b365713e62182ee7ca master date: 2022-04-07 12:31:16 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 7 ++++--- xen/drivers/passthrough/vtd/vtd.h | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 4da09bbcc8..1b1b11cb04 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1636,7 +1636,7 @@ int domain_context_mapping_one( if ( !seg && !rc ) rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); - if ( rc ) + if ( rc && !(mode & MAP_ERROR_RECOVERY) ) { if ( !prev_dom || /* @@ -1646,11 +1646,12 @@ int domain_context_mapping_one( */ (prev_dom == dom_io && !pdev) ) domain_context_unmap_one(domain, iommu, bus, devfn); - else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + else domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), DEVICE_PGTABLE(prev_dom, pdev), - mode & MAP_WITH_RMRR); + (mode & MAP_WITH_RMRR) + | MAP_ERROR_RECOVERY); } if ( prev_dom ) diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index e4ab242fee..cb2df76eed 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -29,7 +29,8 @@ #define MAP_WITH_RMRR (1u << 0) #define MAP_OWNER_DYING (1u << 1) #define MAP_SINGLE_DEVICE (1u << 2) -#define UNMAP_ME_PHANTOM_FUNC (1u << 3) +#define MAP_ERROR_RECOVERY (1u << 3) +#define UNMAP_ME_PHANTOM_FUNC (1u << 4) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 09:00:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 09:00:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302106.515647 (Exim 4.92) (envelope-from ) id 1nd6ws-0005CP-VO; Sat, 09 Apr 2022 09:00:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302106.515647; Sat, 09 Apr 2022 09:00:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd6ws-0005C2-SM; Sat, 09 Apr 2022 09:00:02 +0000 Received: by outflank-mailman (input) for mailman id 302106; Sat, 09 Apr 2022 09:00:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd6wr-000534-Mi for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 09:00:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd6wr-00019s-Li for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 09:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nd6wr-0002I5-Kf for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 09:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bOJdNsLVApYlYiZb+UUaPKx6f1qduQbRj+/cBPL62Kk=; b=udNrIWWzaJPcUcbedi4juJWytF 1BgECQbF/EpUWXd3Lu1AhuqY2uyMINJIdg1uR74mfhIoAu+5xF0e1L+qLNYVNmz0TquIPPpl5odCp Im8pEzjkfwHMgMjW4RnC0PMqe/m7w6FByG5HB7aK2tyD29kDbcnLfq0Uf8zcgUNFRSG8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] VT-d: don't needlessly look up DID Message-Id: Date: Sat, 09 Apr 2022 09:00:01 +0000 commit a6902a65160aac72a1889a268fd5f3cebb159d8e Author: Jan Beulich AuthorDate: Fri Apr 8 15:20:21 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:20:21 2022 +0200 VT-d: don't needlessly look up DID If get_iommu_domid() in domain_context_unmap_one() fails, we better wouldn't clear the context entry in the first place, as we're then unable to issue the corresponding flush. However, we have no need to look up the DID in the first place: What needs flushing is very specifically the DID that was in the context entry before our clearing of it. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 445ab9852d69d8957467f0036098ebec75fec092 master date: 2022-04-07 12:29:03 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 6571b5dde4..4b0d6a873c 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1821,18 +1821,12 @@ int domain_context_unmap_one( return 0; } + iommu_domid = context_domain_id(*context); + context_clear_present(*context); context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); - if ( iommu_domid == -1 ) - { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return -EINVAL; - } - rc = iommu_flush_context_device(iommu, iommu_domid, PCI_BDF2(bus, devfn), DMA_CCMD_MASK_NOBIT, 0); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 09:00:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 09:00:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302107.515651 (Exim 4.92) (envelope-from ) id 1nd6x4-0005rs-0l; Sat, 09 Apr 2022 09:00:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302107.515651; Sat, 09 Apr 2022 09:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd6x3-0005rk-Ty; Sat, 09 Apr 2022 09:00:13 +0000 Received: by outflank-mailman (input) for mailman id 302107; Sat, 09 Apr 2022 09:00:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd6x1-0005rS-SA for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 09:00:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd6x1-0001AJ-PR for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 09:00:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nd6x1-0002JV-ON for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 09:00:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jjByL3qxj+BR6LmpDveaq6jaMo9LwrmoUz/Zh9FSafo=; b=i0eJIafq3nuva8WJchjQzaICfD xsvgDBl4JYs3WeN4tcq5KEKQqPw1tfe08LhhJGFidIxHhZy72CunBPTykjeEmhHQAs27lm6rlF+IT YFm5uojyxqIOahs1yZ4JHZgLvS1O3pyXb0viatXX48XehXY8EQrXL8AKBEnt0NVUeNJw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] VT-d: avoid NULL deref on domain_context_mapping_one() error paths Message-Id: Date: Sat, 09 Apr 2022 09:00:11 +0000 commit d64d46685c776b39d5c640a0ad2727fa0938273c Author: Jan Beulich AuthorDate: Fri Apr 8 15:21:33 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:21:33 2022 +0200 VT-d: avoid NULL deref on domain_context_mapping_one() error paths First there's a printk() which actually wrongly uses pdev in the first place: We want to log the coordinates of the (perhaps fake) device acted upon, which may not be pdev. Then it was quite pointless for eb19326a328d ("VT-d: prepare for per- device quarantine page tables (part I)") to add a domid_t parameter to domain_context_unmap_one(): It's only used to pass back here via me_wifi_quirk() -> map_me_phantom_function(). Drop the parameter again. Finally there's the invocation of domain_context_mapping_one(), which needs to be passed the correct domain ID. Avoid taking that path when pdev is NULL and the quarantine state is what would need restoring to. This means we can't security-support non-PCI-Express devices with RMRRs (if such exist in practice) any longer; note that as of trhe 1st of the two commits referenced below assigning them to DomU-s is unsupported anyway. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Fixes: 14dd241aad8a ("IOMMU/x86: use per-device page tables for quarantining") Coverity ID: 1503784 Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 608394b906e71587f02e6662597bc985bad33a5a master date: 2022-04-07 12:30:19 +0200 --- xen/drivers/passthrough/vtd/extern.h | 2 +- xen/drivers/passthrough/vtd/iommu.c | 34 +++++++++++++++++++--------------- xen/drivers/passthrough/vtd/quirks.c | 2 +- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 897dcff9ff..fbe951b2fa 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -89,7 +89,7 @@ int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, const struct pci_dev *pdev, domid_t domid, paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid); + uint8_t bus, uint8_t devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 4b0d6a873c..cb3ba3e409 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1527,7 +1527,7 @@ int domain_context_mapping_one( check_cleanup_domid_map(domain, pdev, iommu); printk(XENLOG_ERR "%04x:%02x:%02x.%u: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", - pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), (uint64_t)(res >> 64), (uint64_t)res, (uint64_t)(old >> 64), (uint64_t)old); rc = -EILSEQ; @@ -1595,9 +1595,14 @@ int domain_context_mapping_one( if ( rc ) { - if ( !prev_dom ) - domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + if ( !prev_dom || + /* + * Unmapping here means DEV_TYPE_PCI devices with RMRRs (if such + * exist) would cause problems if such a region was actually + * accessed. + */ + (prev_dom == dom_io && !pdev) ) + domain_context_unmap_one(domain, iommu, bus, devfn); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), @@ -1734,7 +1739,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, * Strictly speaking if the device is the only one behind this bridge * and the only one with this (secbus,0,0) tuple, it could be allowed * to be re-assigned regardless of RMRR presence. But let's deal with - * that case only if it is actually found in the wild. + * that case only if it is actually found in the wild. Note that + * dealing with this just here would still not render the operation + * secure. */ else if ( prev_present && (mode & MAP_WITH_RMRR) && domain != pdev->domain ) @@ -1800,7 +1807,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid) + uint8_t bus, uint8_t devfn) { struct context_entry *context, *context_entries; u64 maddr; @@ -1852,7 +1859,8 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, DOMID_INVALID, 0, + UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1906,8 +1914,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "d%d:PCIe: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1917,8 +1924,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( ret ) break; @@ -1941,12 +1947,10 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); /* PCIe to PCI/PCIx bridge */ if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, secbus, 0); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 4d54c21136..2b8a2bd9c6 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -363,7 +363,7 @@ static int __must_check map_me_phantom_function(struct domain *domain, domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), domid); + PCI_DEVFN(dev, 7)); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 09:00:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 09:00:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302108.515655 (Exim 4.92) (envelope-from ) id 1nd6xE-0005uj-2F; Sat, 09 Apr 2022 09:00:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302108.515655; Sat, 09 Apr 2022 09:00:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd6xD-0005ub-VX; Sat, 09 Apr 2022 09:00:23 +0000 Received: by outflank-mailman (input) for mailman id 302108; Sat, 09 Apr 2022 09:00:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd6xB-0005uL-Tu for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 09:00:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd6xB-0001AW-T5 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 09:00:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nd6xB-0002KM-S4 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 09:00:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MxgwSLsIz/2+Mxz/f/xKjzdpFuuhVsgggfdQ/EWtwjY=; b=L2UEdDDpO46OKxlb/GQMdaL2Fu yhwTS3hq0bPaUiny5sO9gEM9QR9ihvjb3dNP0/4XoLrLnoDXYEu+FU071wEMW9IAZJhCMMEFfx0Ak 7ruc0frnITUORqQ2phgZc9ihaHpCnGkwQ6qPFrFQB9WNuk4vT/TihlDRa2wvYcdVIXvw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] VT-d: avoid infinite recursion on domain_context_mapping_one() error path Message-Id: Date: Sat, 09 Apr 2022 09:00:21 +0000 commit fe97133b5deef58bd1422f4d87821131c66b1d0e Author: Jan Beulich AuthorDate: Fri Apr 8 15:22:49 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:22:49 2022 +0200 VT-d: avoid infinite recursion on domain_context_mapping_one() error path Despite the comment there infinite recursion was still possible, by flip-flopping between two domains. This is because prev_dom is derived from the DID found in the context entry, which was already updated by the time error recovery is invoked. Simply introduce yet another mode flag to prevent rolling back an in-progress roll-back of a prior mapping attempt. Also drop the existing recursion prevention for having been dead anyway: Earlier in the function we already bail when prev_dom == domain. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 99d829dba1390b98a3ca07b365713e62182ee7ca master date: 2022-04-07 12:31:16 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 7 ++++--- xen/drivers/passthrough/vtd/vtd.h | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index cb3ba3e409..f051a55764 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1593,7 +1593,7 @@ int domain_context_mapping_one( if ( !seg && !rc ) rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); - if ( rc ) + if ( rc && !(mode & MAP_ERROR_RECOVERY) ) { if ( !prev_dom || /* @@ -1603,11 +1603,12 @@ int domain_context_mapping_one( */ (prev_dom == dom_io && !pdev) ) domain_context_unmap_one(domain, iommu, bus, devfn); - else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + else domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), DEVICE_PGTABLE(prev_dom, pdev), - mode & MAP_WITH_RMRR); + (mode & MAP_WITH_RMRR) + | MAP_ERROR_RECOVERY); } if ( prev_dom ) diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index e4ab242fee..cb2df76eed 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -29,7 +29,8 @@ #define MAP_WITH_RMRR (1u << 0) #define MAP_OWNER_DYING (1u << 1) #define MAP_SINGLE_DEVICE (1u << 2) -#define UNMAP_ME_PHANTOM_FUNC (1u << 3) +#define MAP_ERROR_RECOVERY (1u << 3) +#define UNMAP_ME_PHANTOM_FUNC (1u << 4) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 11:33:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 11:33:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302151.515736 (Exim 4.92) (envelope-from ) id 1nd9Kx-0002Jh-ST; Sat, 09 Apr 2022 11:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302151.515736; Sat, 09 Apr 2022 11:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9Kx-0002JZ-Pc; Sat, 09 Apr 2022 11:33:03 +0000 Received: by outflank-mailman (input) for mailman id 302151; Sat, 09 Apr 2022 11:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9Kv-0002JT-VM for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9Kv-0003qI-T7 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nd9Kv-00047u-S0 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pUYV7ASY5843SqsyZOJ6eQ0avHNhchaocZVBKlcaUgA=; b=h4fiykEbfRJes9QnipA/kevVxB vGVvMavp8PnDJBwR+5NRJRj8fvh3OJXGv4//guLf/AImwlMMZHKuJNZX6S1CRUwQoFhy3T2BCOrZO kgdq4gazmo2RkZD9AknggE5xpIHLElSju0Pwfs9hHOQ0G+nuahVNN0bOVh+Sh1iKYc64=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] VT-d: don't needlessly look up DID Message-Id: Date: Sat, 09 Apr 2022 11:33:01 +0000 commit d3568578ba9d776733b123487ea6e3e0bff0717f Author: Jan Beulich AuthorDate: Fri Apr 8 15:05:16 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:05:16 2022 +0200 VT-d: don't needlessly look up DID If get_iommu_domid() in domain_context_unmap_one() fails, we better wouldn't clear the context entry in the first place, as we're then unable to issue the corresponding flush. However, we have no need to look up the DID in the first place: What needs flushing is very specifically the DID that was in the context entry before our clearing of it. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 445ab9852d69d8957467f0036098ebec75fec092 master date: 2022-04-07 12:29:03 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 391a815d30..6f4cd48855 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1829,18 +1829,12 @@ int domain_context_unmap_one( return 0; } + iommu_domid = context_domain_id(*context); + context_clear_present(*context); context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); - if ( iommu_domid == -1 ) - { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return -EINVAL; - } - rc = iommu_flush_context_device(iommu, iommu_domid, PCI_BDF2(bus, devfn), DMA_CCMD_MASK_NOBIT, 0); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 11:33:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 11:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302152.515740 (Exim 4.92) (envelope-from ) id 1nd9L7-0002LP-U6; Sat, 09 Apr 2022 11:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302152.515740; Sat, 09 Apr 2022 11:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9L7-0002LH-R7; Sat, 09 Apr 2022 11:33:13 +0000 Received: by outflank-mailman (input) for mailman id 302152; Sat, 09 Apr 2022 11:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9L6-0002L6-10 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9L6-0003qg-0A for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nd9L5-00048k-VS for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zoPkrThYJB3R5oqqFRmUDUYKIGmc8HEQSsOwbAQ4k1c=; b=Z+R3UXBTEOXENdetDSQIUpqmdM EYBWgyhmcyORdHerUVgsn7kVPhTmj9Xf2CHdGY1FvfYlPuYf63H1eSfnA/K694fmnBja+lp7zs+yM 95ZxTy6dIxRwSwfnLKMMOSRYccXdnyLiAsJLSGkRlDlZVeCtbtw2t7jGL4RVWMeWVPLM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] VT-d: avoid NULL deref on domain_context_mapping_one() error paths Message-Id: Date: Sat, 09 Apr 2022 11:33:11 +0000 commit 78630ac4be0076ba65bfed4a59bbd0b0ca0bbf1d Author: Jan Beulich AuthorDate: Fri Apr 8 15:05:56 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:05:56 2022 +0200 VT-d: avoid NULL deref on domain_context_mapping_one() error paths First there's a printk() which actually wrongly uses pdev in the first place: We want to log the coordinates of the (perhaps fake) device acted upon, which may not be pdev. Then it was quite pointless for eb19326a328d ("VT-d: prepare for per- device quarantine page tables (part I)") to add a domid_t parameter to domain_context_unmap_one(): It's only used to pass back here via me_wifi_quirk() -> map_me_phantom_function(). Drop the parameter again. Finally there's the invocation of domain_context_mapping_one(), which needs to be passed the correct domain ID. Avoid taking that path when pdev is NULL and the quarantine state is what would need restoring to. This means we can't security-support non-PCI-Express devices with RMRRs (if such exist in practice) any longer; note that as of trhe 1st of the two commits referenced below assigning them to DomU-s is unsupported anyway. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Fixes: 14dd241aad8a ("IOMMU/x86: use per-device page tables for quarantining") Coverity ID: 1503784 Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 608394b906e71587f02e6662597bc985bad33a5a master date: 2022-04-07 12:30:19 +0200 --- xen/drivers/passthrough/vtd/extern.h | 2 +- xen/drivers/passthrough/vtd/iommu.c | 34 +++++++++++++++++++--------------- xen/drivers/passthrough/vtd/quirks.c | 2 +- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 897dcff9ff..fbe951b2fa 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -89,7 +89,7 @@ int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, const struct pci_dev *pdev, domid_t domid, paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid); + uint8_t bus, uint8_t devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 6f4cd48855..567ac62983 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1530,7 +1530,7 @@ int domain_context_mapping_one( check_cleanup_domid_map(domain, pdev, iommu); printk(XENLOG_ERR "%04x:%02x:%02x.%u: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", - pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn), (uint64_t)(res >> 64), (uint64_t)res, (uint64_t)(old >> 64), (uint64_t)old); rc = -EILSEQ; @@ -1598,9 +1598,14 @@ int domain_context_mapping_one( if ( rc ) { - if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + if ( !prev_dom || + /* + * Unmapping here means DEV_TYPE_PCI devices with RMRRs (if such + * exist) would cause problems if such a region was actually + * accessed. + */ + (prev_dom == dom_io && !pdev) ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), @@ -1742,7 +1747,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, * Strictly speaking if the device is the only one behind this bridge * and the only one with this (secbus,0,0) tuple, it could be allowed * to be re-assigned regardless of RMRR presence. But let's deal with - * that case only if it is actually found in the wild. + * that case only if it is actually found in the wild. Note that + * dealing with this just here would still not render the operation + * secure. */ else if ( prev_present && (mode & MAP_WITH_RMRR) && domain != pdev->domain ) @@ -1808,7 +1815,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid) + uint8_t bus, uint8_t devfn) { struct context_entry *context, *context_entries; u64 maddr; @@ -1860,7 +1867,8 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, DOMID_INVALID, 0, + UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1915,8 +1923,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( printk(VTDPREFIX "d%d:PCIe: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1926,8 +1933,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "d%d:PCI: unmap %04x:%02x:%02x.%u\n", domain->domain_id, seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( ret ) break; @@ -1950,12 +1956,10 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); /* PCIe to PCI/PCIx bridge */ if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, secbus, 0); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index c0deef556b..40a6167248 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -364,7 +364,7 @@ static int __must_check map_me_phantom_function(struct domain *domain, domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), domid); + PCI_DEVFN(dev, 7)); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 11:33:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 11:33:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302153.515743 (Exim 4.92) (envelope-from ) id 1nd9LI-0002P4-13; Sat, 09 Apr 2022 11:33:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302153.515743; Sat, 09 Apr 2022 11:33:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9LH-0002Ow-UO; Sat, 09 Apr 2022 11:33:23 +0000 Received: by outflank-mailman (input) for mailman id 302153; Sat, 09 Apr 2022 11:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9LG-0002OP-4E for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9LG-0003qy-3T for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nd9LG-00049J-2X for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JCXR/GoUBNuWwVr3O5X/1U3/NbsfS+DFUbIC8A4J9hU=; b=U+8poUQ57LA+nz1K56+8/yWlYE WO3ewt7O1TvDvh7ANGzkNQvLKuABzgSkhrwoTasn26dW5LZtci7JDxmPPdDcdO7CVy+2PQsGlQHH6 IGt1Bb06kc/nEgxaoE2PX39gJlSejmC5LuJdxesYxX8WaPw7yp2iAzymd58h0AvVHvgQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] VT-d: avoid infinite recursion on domain_context_mapping_one() error path Message-Id: Date: Sat, 09 Apr 2022 11:33:22 +0000 commit 140a95dd0693b7feb810c23cdaee311f546256f8 Author: Jan Beulich AuthorDate: Fri Apr 8 15:06:26 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:06:26 2022 +0200 VT-d: avoid infinite recursion on domain_context_mapping_one() error path Despite the comment there infinite recursion was still possible, by flip-flopping between two domains. This is because prev_dom is derived from the DID found in the context entry, which was already updated by the time error recovery is invoked. Simply introduce yet another mode flag to prevent rolling back an in-progress roll-back of a prior mapping attempt. Also drop the existing recursion prevention for having been dead anyway: Earlier in the function we already bail when prev_dom == domain. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 99d829dba1390b98a3ca07b365713e62182ee7ca master date: 2022-04-07 12:31:16 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 9 ++++----- xen/drivers/passthrough/vtd/vtd.h | 3 ++- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 567ac62983..cc088cd9ff 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1596,7 +1596,7 @@ int domain_context_mapping_one( if ( !seg && !rc ) rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); - if ( rc ) + if ( rc && !(mode & MAP_ERROR_RECOVERY) ) { if ( !prev_dom || /* @@ -1606,13 +1606,12 @@ int domain_context_mapping_one( */ (prev_dom == dom_io && !pdev) ) ret = domain_context_unmap_one(domain, iommu, bus, devfn); - else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + else ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), DEVICE_PGTABLE(prev_dom, pdev), - mode & MAP_WITH_RMRR) < 0; - else - ret = 1; + (mode & MAP_WITH_RMRR) | + MAP_ERROR_RECOVERY) < 0; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index e4ab242fee..cb2df76eed 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -29,7 +29,8 @@ #define MAP_WITH_RMRR (1u << 0) #define MAP_OWNER_DYING (1u << 1) #define MAP_SINGLE_DEVICE (1u << 2) -#define UNMAP_ME_PHANTOM_FUNC (1u << 3) +#define MAP_ERROR_RECOVERY (1u << 3) +#define UNMAP_ME_PHANTOM_FUNC (1u << 4) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 11:33:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 11:33:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302154.515747 (Exim 4.92) (envelope-from ) id 1nd9LR-0002S0-2N; Sat, 09 Apr 2022 11:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302154.515747; Sat, 09 Apr 2022 11:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9LQ-0002Rs-Vq; Sat, 09 Apr 2022 11:33:32 +0000 Received: by outflank-mailman (input) for mailman id 302154; Sat, 09 Apr 2022 11:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9LQ-0002Rm-7F for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9LQ-0003r8-6W for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nd9LQ-00049y-5e for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zIivFZxbm9UnCro2aU/sjnLV3WmZmYCOUcHvVjpS+mg=; b=apxiKsCrbP84zBeDtkBxd1Ppr2 JVI2hBo+iInA0u1wZl0RfYFsd+nA+dOs4yhAAz16B9PnrPCUwVj4sSKJR7XZJkpIaD8ZET95DR453 q0cyMZ/Rjbumn0+db6+SE/i1dnWgTmW4Goov2gzy+WI/6zjJu8leaR5IfD7PRieZoSv8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies Message-Id: Date: Sat, 09 Apr 2022 11:33:32 +0000 commit 9c4d3fbf1a08151451731c072fb0df8f9a2cadb2 Author: Andrew Cooper AuthorDate: Fri Apr 8 15:06:54 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:06:54 2022 +0200 x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies c/s 1a914256dca5 increased the AMD max leaf from 0x8000001c to 0x80000021, but did not adjust anything in the calculate_*_policy() chain. As a result, on hardware supporting these leaves, we read the real hardware values into the raw policy, then copy into host, and all the way into the PV/HVM default policies. All 4 of these leaves have enable bits (first two by TopoExt, next by SEV, next by PQOS), so any software following the rules is fine and will leave them alone. However, leaf 0x8000001d takes a subleaf input and at least two userspace utilities have been observed to loop indefinitely under Xen (clearly waiting for eax to report "no more cache levels"). Such userspace is buggy, but Xen's behaviour isn't great either. In the short term, clobber all information in these leaves. This is a giant bodge, but there are complexities with implementing all of these leaves properly. Fixes: 1a914256dca5 ("x86/cpuid: support LFENCE always serialising CPUID bit") Link: https://github.com/QubesOS/qubes-issues/issues/7392 Reported-by: fosslinux Reported-by: Marek Marczykowski-GĂ³recki Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: d4012d50082c2eae2f3cbe7770be13b9227fbc3f master date: 2022-04-07 11:36:45 +0100 --- xen/arch/x86/cpuid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index cdd18f51ed..587de66545 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -289,8 +289,15 @@ static void recalculate_misc(struct cpuid_policy *p) zero_leaves(p->extd.raw, 0xb, 0x18); + /* 0x19 - TLB details. Pass through. */ + /* 0x1a - Perf hints. Pass through. */ + p->extd.raw[0x1b] = EMPTY_LEAF; /* IBS - not supported. */ p->extd.raw[0x1c] = EMPTY_LEAF; /* LWP - not supported. */ + p->extd.raw[0x1d] = EMPTY_LEAF; /* TopoExt Cache */ + p->extd.raw[0x1e] = EMPTY_LEAF; /* TopoExt APIC ID/Core/Node */ + p->extd.raw[0x1f] = EMPTY_LEAF; /* SEV */ + p->extd.raw[0x20] = EMPTY_LEAF; /* Platform QoS */ break; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 11:33:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 11:33:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302155.515752 (Exim 4.92) (envelope-from ) id 1nd9Lb-0002VP-4O; Sat, 09 Apr 2022 11:33:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302155.515752; Sat, 09 Apr 2022 11:33:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9Lb-0002VH-1M; Sat, 09 Apr 2022 11:33:43 +0000 Received: by outflank-mailman (input) for mailman id 302155; Sat, 09 Apr 2022 11:33:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9La-0002Uu-AO for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9La-0003rK-9X for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nd9La-0004AZ-8k for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6aZN2xyu9/GlRFXS/stXEtmyhl4LVvkyTxGCWpe8bv4=; b=qwzIUMSzdpr9GvZvu2FJhTnN3w QpHKCr+ZJR253Uucb2tGhJi/vI0kq3aZmm1r+lqJrHw1spq3lXIL+PfPDzhSSafaLokBiq1MjSI48 8ew2ZgubK7vGSSg/R/1URan66BFgbv9/Fb0RAh7fOIZ8M5ioBrfAplRXL9fEl7Yi9/R0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] vPCI: replace %pp Message-Id: Date: Sat, 09 Apr 2022 11:33:42 +0000 commit 019e56a05239d6764748b81bdc6ed3c841cf70f5 Author: Jan Beulich AuthorDate: Fri Apr 8 15:07:21 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:07:21 2022 +0200 vPCI: replace %pp 4.14 doesn't know of this format specifier extension yet. Fixes: 47188b2fdcc6 ("vpci/msix: fix PBA accesses") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/vpci/msix.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index d9c08d0df5..e54124f3f3 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -258,8 +258,9 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, if ( !pba ) { gprintk(XENLOG_WARNING, - "%pp: unable to map MSI-X PBA, report all pending\n", - msix->pdev); + "%04x:%02x:%02x.%u: unable to map MSI-X PBA, report all pending\n", + msix->pdev->seg, msix->pdev->bus, PCI_SLOT(msix->pdev->devfn), + PCI_FUNC(msix->pdev->devfn)); return X86EMUL_OKAY; } @@ -342,8 +343,10 @@ static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, { /* Unable to map the PBA, ignore write. */ gprintk(XENLOG_WARNING, - "%pp: unable to map MSI-X PBA, write ignored\n", - msix->pdev); + "%04x:%02x:%02x.%u: unable to map MSI-X PBA, write ignored\n", + msix->pdev->seg, msix->pdev->bus, + PCI_SLOT(msix->pdev->devfn), + PCI_FUNC(msix->pdev->devfn)); return X86EMUL_OKAY; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 11:33:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 11:33:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302156.515756 (Exim 4.92) (envelope-from ) id 1nd9Ll-0002YF-6H; Sat, 09 Apr 2022 11:33:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302156.515756; Sat, 09 Apr 2022 11:33:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9Ll-0002Y8-31; Sat, 09 Apr 2022 11:33:53 +0000 Received: by outflank-mailman (input) for mailman id 302156; Sat, 09 Apr 2022 11:33:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9Lk-0002Xy-DF for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9Lk-0003rX-CW for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nd9Lk-0004BE-Bj for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:33:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XWptXR2cB33RZ9dDE99iH4LetP56FGxtdR9Zn5gcCWk=; b=RO/oCd1CfPa6l+iZWUQbGzUlmM s31qzHFgvp88KE82LZWox0Bfpim5KP75ZBPlztPnneRthjsLXQ72b+8QxjRfzBXxSkdPDdObaXmt7 C4OHFmKVsHzWhawx5PbyEx4IWXbrbJMmVci4mWVKQI6Q5/Vufyuc6xANRLGKoPZXaczc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] livepatch: do not ignore sections with 0 size Message-Id: Date: Sat, 09 Apr 2022 11:33:52 +0000 commit 97258d8819a8b1ccafc47e3c688ab4f7bac2082c Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 15:07:51 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:07:51 2022 +0200 livepatch: do not ignore sections with 0 size A side effect of ignoring such sections is that symbols belonging to them won't be resolved, and that could make relocations belonging to other sections that reference those symbols fail. For example it's likely to have an empty .altinstr_replacement with symbols pointing to it, and marking the section as ignored will prevent the symbols from being resolved, which in turn will cause any relocations against them to fail. In order to solve this do not ignore sections with 0 size, only ignore sections that don't have the SHF_ALLOC flag set. Special case such empty sections in move_payload so they are not taken into account in order to decide whether a livepatch can be safely re-applied after a revert. Fixes: 98b728a7b2 ('livepatch: Disallow applying after an revert') Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Ross Lagerwall master commit: 0dc1f929e8fed681dec09ca3ea8de38202d5bf30 master date: 2022-04-08 10:24:10 +0200 --- xen/common/livepatch.c | 16 +++++++++++----- xen/include/xen/livepatch_elf.h | 2 +- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index cc2ee9a94a..8a949ccf61 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -301,9 +301,6 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) * and .shstrtab. For the non-relocate we allocate and copy these * via other means - and the .rel we can ignore as we only use it * once during loading. - * - * Also ignore sections with zero size. Those can be for example: - * data, or .bss. */ if ( livepatch_elf_ignore_section(elf->sec[i].sec) ) offset[i] = UINT_MAX; @@ -362,8 +359,17 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) else if ( elf->sec[i].sec->sh_flags & SHF_WRITE ) { buf = rw_buf; - rw_buf_sec = i; - rw_buf_cnt++; + if ( elf->sec[i].sec->sh_size ) + { + /* + * Special handling of RW empty regions: do not account for + * them in order to decide whether a patch can safely be + * re-applied, but assign them a load address so symbol + * resolution and relocations work. + */ + rw_buf_sec = i; + rw_buf_cnt++; + } } else buf = ro_buf; diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 9ad499ee8b..5b1ec469da 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -48,7 +48,7 @@ int livepatch_elf_perform_relocs(struct livepatch_elf *elf); static inline bool livepatch_elf_ignore_section(const Elf_Shdr *sec) { - return !(sec->sh_flags & SHF_ALLOC) || sec->sh_size == 0; + return !(sec->sh_flags & SHF_ALLOC); } #endif /* __XEN_LIVEPATCH_ELF_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 11:34:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 11:34:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302160.515771 (Exim 4.92) (envelope-from ) id 1nd9Lv-0002rK-HR; Sat, 09 Apr 2022 11:34:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302160.515771; Sat, 09 Apr 2022 11:34:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9Lv-0002rD-EH; Sat, 09 Apr 2022 11:34:03 +0000 Received: by outflank-mailman (input) for mailman id 302160; Sat, 09 Apr 2022 11:34:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9Lu-0002qp-GQ for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:34:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nd9Lu-0003rz-Fd for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:34:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nd9Lu-0004CA-Ey for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 11:34:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=A/O6jnAwIT2FSynQmpMPklAmFoc8IvTNxlBGkDsW6rg=; b=X0E90R+QASV7PyQ/YzFtIPTAtG 0pfZjVi++efdwxTFMoVx4LDO1CSCTMIi/e820CpIDYcAFr4/bFEyrmpFQpXQSJaw4rQfjVJmXGStc XPMfpIaaGCiQl0w9hvt7MA8cI0nSzuE1QJuPvoVBfVoBQjxWSLlTwyewunZL643bQlo8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] livepatch: avoid relocations referencing ignored section symbols Message-Id: Date: Sat, 09 Apr 2022 11:34:02 +0000 commit eeaf24ccedf79941a4d1511daca4966b4e03cb91 Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 15:08:19 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 15:08:19 2022 +0200 livepatch: avoid relocations referencing ignored section symbols Track whether symbols belong to ignored sections in order to avoid applying relocations referencing those symbols. The address of such symbols won't be resolved and thus the relocation will likely fail or write garbage to the destination. Return an error in that case, as leaving unresolved relocations would lead to malfunctioning payload code. Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Jan Beulich Reviewed-by: Ross Lagerwall master commit: 9120b5737f517fe9d2a3936c38d3a2211630323b master date: 2022-04-08 10:27:11 +0200 --- xen/arch/arm/arm32/livepatch.c | 7 +++++++ xen/arch/arm/arm64/livepatch.c | 7 +++++++ xen/arch/x86/livepatch.c | 7 +++++++ xen/common/livepatch_elf.c | 6 ++++++ xen/include/xen/livepatch_elf.h | 1 + 5 files changed, 28 insertions(+) diff --git a/xen/arch/arm/arm32/livepatch.c b/xen/arch/arm/arm32/livepatch.c index 5a06467008..3c50283b2a 100644 --- a/xen/arch/arm/arm32/livepatch.c +++ b/xen/arch/arm/arm32/livepatch.c @@ -272,6 +272,13 @@ int arch_livepatch_perform(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value; /* S */ diff --git a/xen/arch/arm/arm64/livepatch.c b/xen/arch/arm/arm64/livepatch.c index 6ec8dc60f0..62d2ef373a 100644 --- a/xen/arch/arm/arm64/livepatch.c +++ b/xen/arch/arm/arm64/livepatch.c @@ -270,6 +270,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value + r->r_addend; /* S+A */ diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index a3cb63a7ea..0172610ebf 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -290,6 +290,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = r->r_addend + elf->sym[symndx].sym->st_value; diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c index b089cacb1c..45d73912a3 100644 --- a/xen/common/livepatch_elf.c +++ b/xen/common/livepatch_elf.c @@ -334,7 +334,13 @@ int livepatch_elf_resolve_symbols(struct livepatch_elf *elf) } if ( livepatch_elf_ignore_section(elf->sec[idx].sec) ) + { + dprintk(XENLOG_DEBUG, LIVEPATCH + "%s: Symbol %s from section %s ignored\n", + elf->name, elf->sym[i].name, elf->sec[idx].name); + elf->sym[i].ignored = true; break; + } st_value += (unsigned long)elf->sec[idx].load_addr; if ( elf->sym[i].name ) diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 5b1ec469da..7116deaddc 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -22,6 +22,7 @@ struct livepatch_elf_sec { struct livepatch_elf_sym { const Elf_Sym *sym; const char *name; + bool ignored; }; struct livepatch_elf { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 20:55:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 20:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302252.515830 (Exim 4.92) (envelope-from ) id 1ndI6o-0004Mj-S1; Sat, 09 Apr 2022 20:55:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302252.515830; Sat, 09 Apr 2022 20:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI6o-0004Mb-Ot; Sat, 09 Apr 2022 20:55:02 +0000 Received: by outflank-mailman (input) for mailman id 302252; Sat, 09 Apr 2022 20:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI6o-0004MV-0L for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI6n-0005ry-Ul for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndI6n-0002CV-Tc for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WESRi1EKRSUP3mbFhks6IB0rp14wJ9yddoEQexxYskI=; b=cc/O2dEj0QEOBhptry/K6Q0MHU QKT6s5LtkYkSAv2/a3xyhYr9ogl3zch7kpcUlYCWsAyiTVU0VsSuZ39NwlV1EjbgGxaDAODpUwWFD u0+FDFiO7irQqmnwT+JefF78RYu6JjDQdZrbqBZ+mlGj7tJ0lWxw6hNA7BRD4TUwx4L8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] livepatch: do not ignore sections with 0 size Message-Id: Date: Sat, 09 Apr 2022 20:55:01 +0000 commit 0dc1f929e8fed681dec09ca3ea8de38202d5bf30 Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 10:24:10 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 10:24:10 2022 +0200 livepatch: do not ignore sections with 0 size A side effect of ignoring such sections is that symbols belonging to them won't be resolved, and that could make relocations belonging to other sections that reference those symbols fail. For example it's likely to have an empty .altinstr_replacement with symbols pointing to it, and marking the section as ignored will prevent the symbols from being resolved, which in turn will cause any relocations against them to fail. In order to solve this do not ignore sections with 0 size, only ignore sections that don't have the SHF_ALLOC flag set. Special case such empty sections in move_payload so they are not taken into account in order to decide whether a livepatch can be safely re-applied after a revert. Fixes: 98b728a7b2 ('livepatch: Disallow applying after an revert') Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Ross Lagerwall --- xen/common/livepatch.c | 16 +++++++++++----- xen/include/xen/livepatch_elf.h | 2 +- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index edf56a357f..d385f882c6 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -300,9 +300,6 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) * and .shstrtab. For the non-relocate we allocate and copy these * via other means - and the .rel we can ignore as we only use it * once during loading. - * - * Also ignore sections with zero size. Those can be for example: - * data, or .bss. */ if ( livepatch_elf_ignore_section(elf->sec[i].sec) ) offset[i] = UINT_MAX; @@ -361,8 +358,17 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) else if ( elf->sec[i].sec->sh_flags & SHF_WRITE ) { buf = rw_buf; - rw_buf_sec = i; - rw_buf_cnt++; + if ( elf->sec[i].sec->sh_size ) + { + /* + * Special handling of RW empty regions: do not account for + * them in order to decide whether a patch can safely be + * re-applied, but assign them a load address so symbol + * resolution and relocations work. + */ + rw_buf_sec = i; + rw_buf_cnt++; + } } else buf = ro_buf; diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 9ad499ee8b..5b1ec469da 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -48,7 +48,7 @@ int livepatch_elf_perform_relocs(struct livepatch_elf *elf); static inline bool livepatch_elf_ignore_section(const Elf_Shdr *sec) { - return !(sec->sh_flags & SHF_ALLOC) || sec->sh_size == 0; + return !(sec->sh_flags & SHF_ALLOC); } #endif /* __XEN_LIVEPATCH_ELF_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 20:55:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 20:55:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302253.515834 (Exim 4.92) (envelope-from ) id 1ndI6y-0004OU-TL; Sat, 09 Apr 2022 20:55:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302253.515834; Sat, 09 Apr 2022 20:55:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI6y-0004OM-QP; Sat, 09 Apr 2022 20:55:12 +0000 Received: by outflank-mailman (input) for mailman id 302253; Sat, 09 Apr 2022 20:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI6y-0004OB-2d for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI6y-0005sL-1i for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndI6y-0002DA-0x for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PgAjAFBzVXVnyHYorK39808/PELj9C8yTZoiJQ9tmk0=; b=cZqp6l1QBOAMYhFaT5pHjAm1kr 3bnQOYx27G892nl84EvpzjcVuYLcksz5bg3YA5CI3csxPJz9+rikzCNcBqEYVtgL0trZgWSgLi8ys Ye9Vt9pfDlzqJo3x/mUtvtwnkNmt0XgAANtoisuzBuij7g12Nw8gbm8tfdcjKfjFT9DY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] livepatch: avoid relocations referencing ignored section symbols Message-Id: Date: Sat, 09 Apr 2022 20:55:12 +0000 commit 9120b5737f517fe9d2a3936c38d3a2211630323b Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 10:27:11 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 10:27:11 2022 +0200 livepatch: avoid relocations referencing ignored section symbols Track whether symbols belong to ignored sections in order to avoid applying relocations referencing those symbols. The address of such symbols won't be resolved and thus the relocation will likely fail or write garbage to the destination. Return an error in that case, as leaving unresolved relocations would lead to malfunctioning payload code. Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Jan Beulich Reviewed-by: Ross Lagerwall --- xen/arch/arm/arm32/livepatch.c | 7 +++++++ xen/arch/arm/arm64/livepatch.c | 7 +++++++ xen/arch/x86/livepatch.c | 7 +++++++ xen/common/livepatch_elf.c | 6 ++++++ xen/include/xen/livepatch_elf.h | 1 + 5 files changed, 28 insertions(+) diff --git a/xen/arch/arm/arm32/livepatch.c b/xen/arch/arm/arm32/livepatch.c index 5a06467008..3c50283b2a 100644 --- a/xen/arch/arm/arm32/livepatch.c +++ b/xen/arch/arm/arm32/livepatch.c @@ -272,6 +272,13 @@ int arch_livepatch_perform(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value; /* S */ diff --git a/xen/arch/arm/arm64/livepatch.c b/xen/arch/arm/arm64/livepatch.c index 6ec8dc60f0..62d2ef373a 100644 --- a/xen/arch/arm/arm64/livepatch.c +++ b/xen/arch/arm/arm64/livepatch.c @@ -270,6 +270,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value + r->r_addend; /* S+A */ diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index 78c35f1fef..f2d783fdc5 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -291,6 +291,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = r->r_addend + elf->sym[symndx].sym->st_value; diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c index b089cacb1c..45d73912a3 100644 --- a/xen/common/livepatch_elf.c +++ b/xen/common/livepatch_elf.c @@ -334,7 +334,13 @@ int livepatch_elf_resolve_symbols(struct livepatch_elf *elf) } if ( livepatch_elf_ignore_section(elf->sec[idx].sec) ) + { + dprintk(XENLOG_DEBUG, LIVEPATCH + "%s: Symbol %s from section %s ignored\n", + elf->name, elf->sym[i].name, elf->sec[idx].name); + elf->sym[i].ignored = true; break; + } st_value += (unsigned long)elf->sec[idx].load_addr; if ( elf->sym[i].name ) diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 5b1ec469da..7116deaddc 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -22,6 +22,7 @@ struct livepatch_elf_sec { struct livepatch_elf_sym { const Elf_Sym *sym; const char *name; + bool ignored; }; struct livepatch_elf { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 20:55:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 20:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302254.515837 (Exim 4.92) (envelope-from ) id 1ndI79-0004Rs-Ux; Sat, 09 Apr 2022 20:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302254.515837; Sat, 09 Apr 2022 20:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI79-0004Rk-S6; Sat, 09 Apr 2022 20:55:23 +0000 Received: by outflank-mailman (input) for mailman id 302254; Sat, 09 Apr 2022 20:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI78-0004R6-63 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI78-0005sh-5D for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndI78-0002Dn-4H for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/nXAMPch+hC21Q7gGtRwj68/bnSUv9BrgNGNW/sGMVA=; b=V7fDIiRjdQaO7stXOOCKl6jVKB BbUCWYZVlXT1pWc07QBwblFFsfr34V5Jipj2MrpOCXSZambt55nQm9OhXEJugKx5J6w+z+MiC8bAE X8fAfao/kcdBDBXgRy4V8vk+VEaCEmq+a3i8UvzMgPi37HYnyt0D2VkxSpUDJ2jItW3c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/mm: split set_identity_p2m_entry() into PV and HVM parts Message-Id: Date: Sat, 09 Apr 2022 20:55:22 +0000 commit 21e9f2e212e6f022340dfc2c43810fcc66415c9c Author: Jan Beulich AuthorDate: Fri Apr 8 14:39:43 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:39:43 2022 +0200 x86/mm: split set_identity_p2m_entry() into PV and HVM parts ..., moving the former into the new physmap.c. Also call the new functions directly from arch_iommu_hwdom_init() and vpci_make_msix_hole(), as the PV/HVM split is explicit there. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/include/asm/p2m.h | 4 ++++ xen/arch/x86/mm/p2m.c | 28 ++++++---------------------- xen/arch/x86/mm/physmap.c | 28 ++++++++++++++++++++++++++++ xen/drivers/passthrough/x86/iommu.c | 2 +- xen/drivers/vpci/msix.c | 2 +- 5 files changed, 40 insertions(+), 24 deletions(-) diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 84d19e871e..2d0783693e 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -637,6 +637,10 @@ int set_mmio_p2m_entry(struct domain *d, gfn_t gfn, mfn_t mfn, int set_identity_p2m_entry(struct domain *d, unsigned long gfn, p2m_access_t p2ma, unsigned int flag); int clear_identity_p2m_entry(struct domain *d, unsigned long gfn); +/* HVM-only callers can use these directly: */ +int p2m_add_identity_entry(struct domain *d, unsigned long gfn, + p2m_access_t p2ma, unsigned int flag); +int p2m_remove_identity_entry(struct domain *d, unsigned long gfn); /* * Populate-on-demand diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index a01e42ee61..4f739e27e4 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1473,12 +1473,9 @@ static int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn_l, return rc; } -#endif /* CONFIG_HVM */ - -int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, +int p2m_add_identity_entry(struct domain *d, unsigned long gfn_l, p2m_access_t p2ma, unsigned int flag) { -#ifdef CONFIG_HVM p2m_type_t p2mt; p2m_access_t a; gfn_t gfn = _gfn(gfn_l); @@ -1488,13 +1485,8 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, if ( !paging_mode_translate(d) ) { -#endif - if ( !is_iommu_enabled(d) ) - return 0; - return iommu_legacy_map(d, _dfn(gfn_l), _mfn(gfn_l), - 1ul << PAGE_ORDER_4K, - p2m_access_to_iommu_flags(p2ma)); -#ifdef CONFIG_HVM + ASSERT_UNREACHABLE(); + return -EPERM; } gfn_lock(p2m, gfn, 0); @@ -1520,12 +1512,10 @@ int set_identity_p2m_entry(struct domain *d, unsigned long gfn_l, gfn_unlock(p2m, gfn, 0); return ret; -#endif } -int clear_identity_p2m_entry(struct domain *d, unsigned long gfn_l) +int p2m_remove_identity_entry(struct domain *d, unsigned long gfn_l) { -#ifdef CONFIG_HVM p2m_type_t p2mt; p2m_access_t a; gfn_t gfn = _gfn(gfn_l); @@ -1535,11 +1525,8 @@ int clear_identity_p2m_entry(struct domain *d, unsigned long gfn_l) if ( !paging_mode_translate(d) ) { -#endif - if ( !is_iommu_enabled(d) ) - return 0; - return iommu_legacy_unmap(d, _dfn(gfn_l), 1ul << PAGE_ORDER_4K); -#ifdef CONFIG_HVM + ASSERT_UNREACHABLE(); + return -EPERM; } gfn_lock(p2m, gfn, 0); @@ -1561,7 +1548,6 @@ int clear_identity_p2m_entry(struct domain *d, unsigned long gfn_l) } return ret; -#endif } #ifdef CONFIG_MEM_SHARING @@ -1606,8 +1592,6 @@ int set_shared_p2m_entry(struct domain *d, unsigned long gfn_l, mfn_t mfn) #endif /* CONFIG_MEM_SHARING */ -#ifdef CONFIG_HVM - static struct p2m_domain * p2m_getlru_nestedp2m(struct domain *d, struct p2m_domain *p2m) { diff --git a/xen/arch/x86/mm/physmap.c b/xen/arch/x86/mm/physmap.c index ea82a07283..2d267b42f7 100644 --- a/xen/arch/x86/mm/physmap.c +++ b/xen/arch/x86/mm/physmap.c @@ -21,6 +21,7 @@ * along with this program; If not, see . */ +#include #include #include "mm-locks.h" @@ -75,6 +76,33 @@ guest_physmap_remove_page(struct domain *d, gfn_t gfn, return p2m_remove_page(d, gfn, mfn, page_order); } +int set_identity_p2m_entry(struct domain *d, unsigned long gfn, + p2m_access_t p2ma, unsigned int flag) +{ + if ( !paging_mode_translate(d) ) + { + if ( !is_iommu_enabled(d) ) + return 0; + return iommu_legacy_map(d, _dfn(gfn), _mfn(gfn), + 1ul << PAGE_ORDER_4K, + p2m_access_to_iommu_flags(p2ma)); + } + + return p2m_add_identity_entry(d, gfn, p2ma, flag); +} + +int clear_identity_p2m_entry(struct domain *d, unsigned long gfn) +{ + if ( !paging_mode_translate(d) ) + { + if ( !is_iommu_enabled(d) ) + return 0; + return iommu_legacy_unmap(d, _dfn(gfn), 1ul << PAGE_ORDER_4K); + } + + return p2m_remove_identity_entry(d, gfn); +} + /* * Local variables: * mode: C diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index b942f2119e..209aeb8c2f 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -373,7 +373,7 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) if ( !hwdom_iommu_map(d, pfn, max_pfn) ) rc = 0; else if ( paging_mode_translate(d) ) - rc = set_identity_p2m_entry(d, pfn, p2m_access_rw, 0); + rc = p2m_add_identity_entry(d, pfn, p2m_access_rw, 0); else rc = iommu_map(d, _dfn(pfn), _mfn(pfn), 1ul << PAGE_ORDER_4K, IOMMUF_readable | IOMMUF_writable, &flush_flags); diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index ab758a1ddf..bea0cc7aed 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -466,7 +466,7 @@ int vpci_make_msix_hole(const struct pci_dev *pdev) case p2m_mmio_direct: if ( mfn_x(mfn) == start ) { - clear_identity_p2m_entry(d, start); + p2m_remove_identity_entry(d, start); break; } /* fallthrough. */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 20:55:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 20:55:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302255.515841 (Exim 4.92) (envelope-from ) id 1ndI7K-0004Us-0H; Sat, 09 Apr 2022 20:55:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302255.515841; Sat, 09 Apr 2022 20:55:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7J-0004Uk-TY; Sat, 09 Apr 2022 20:55:33 +0000 Received: by outflank-mailman (input) for mailman id 302255; Sat, 09 Apr 2022 20:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7I-0004UY-9e for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7I-0005st-8n for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndI7I-0002EG-7q for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4MAJ3YheKZggQKQ4BqBUWFm+Ruw5x9Iq904SGHX7tCU=; b=Lw+wWTxxgSC+3ZivLvusLK+Vt0 /nr5k9SGk91VLeS11m4gUZCtSDcBUmNXdRfHxTh+TNcCGPl21w+AGXtyNTps2zqVNjDtZxb/nFVq2 DGCTrozWIghDq1QAcgIA4PCYcOvHkQMw7C4dDl51ByKOccJKaHTQkuQS1n+JGwhv43Fc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/P2M: p2m_{alloc,free}_ptp() and p2m_alloc_table() are HVM-only Message-Id: Date: Sat, 09 Apr 2022 20:55:32 +0000 commit 033ff90aa9c17306ae0026fd10f6532b2ea3fca2 Author: Jan Beulich AuthorDate: Fri Apr 8 14:40:46 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:40:46 2022 +0200 x86/P2M: p2m_{alloc,free}_ptp() and p2m_alloc_table() are HVM-only This also includes the two p2m related fields. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: George Dunlap --- xen/arch/x86/include/asm/p2m.h | 12 ++++++------ xen/arch/x86/mm/p2m.c | 13 ++++++++++++- xen/arch/x86/mm/shadow/common.c | 2 ++ xen/drivers/passthrough/vtd/iommu.c | 2 ++ 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 2d0783693e..30236daba3 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -208,9 +208,6 @@ struct p2m_domain { /* Lock that protects updates to the p2m */ mm_rwlock_t lock; - /* Shadow translated domain: p2m mapping */ - pagetable_t phys_table; - /* * Same as a domain's dirty_cpumask but limited to * this p2m and those physical cpus whose vcpu's are in @@ -229,9 +226,6 @@ struct p2m_domain { */ p2m_access_t default_access; - /* Pages used to construct the p2m */ - struct page_list_head pages; - /* Host p2m: Log-dirty ranges registered for the domain. */ struct rangeset *logdirty_ranges; @@ -239,6 +233,12 @@ struct p2m_domain { bool global_logdirty; #ifdef CONFIG_HVM + /* Translated domain: p2m mapping */ + pagetable_t phys_table; + + /* Pages used to construct the p2m */ + struct page_list_head pages; + /* Alternate p2m: count of vcpu's currently using this p2m. */ atomic_t active_vcpus; diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 4f739e27e4..48bff44a6a 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -93,7 +93,9 @@ static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) int ret = 0; mm_rwlock_init(&p2m->lock); +#ifdef CONFIG_HVM INIT_PAGE_LIST_HEAD(&p2m->pages); +#endif p2m->domain = d; p2m->default_access = p2m_access_rwx; @@ -627,6 +629,7 @@ struct page_info *p2m_get_page_from_gfn( } #ifdef CONFIG_HVM + /* Returns: 0 for success, -errno for failure */ int p2m_set_entry(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, unsigned int page_order, p2m_type_t p2mt, p2m_access_t p2ma) @@ -666,7 +669,6 @@ int p2m_set_entry(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, return rc; } -#endif mfn_t p2m_alloc_ptp(struct p2m_domain *p2m, unsigned int level) { @@ -745,6 +747,8 @@ int p2m_alloc_table(struct p2m_domain *p2m) return 0; } +#endif /* CONFIG_HVM */ + /* * hvm fixme: when adding support for pvh non-hardware domains, this path must * cleanup any foreign p2m types (release refcnts on them). @@ -753,7 +757,9 @@ void p2m_teardown(struct p2m_domain *p2m) /* Return all the p2m pages to Xen. * We know we don't have any extra mappings to these pages */ { +#ifdef CONFIG_HVM struct page_info *pg; +#endif struct domain *d; if (p2m == NULL) @@ -762,11 +768,16 @@ void p2m_teardown(struct p2m_domain *p2m) d = p2m->domain; p2m_lock(p2m); + ASSERT(atomic_read(&d->shr_pages) == 0); + +#ifdef CONFIG_HVM p2m->phys_table = pagetable_null(); while ( (pg = page_list_remove_head(&p2m->pages)) ) d->arch.paging.free_page(d, pg); +#endif + p2m_unlock(p2m); } diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 8f11190173..06a0f22906 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -2701,8 +2701,10 @@ int shadow_enable(struct domain *d, u32 mode) out_locked: paging_unlock(d); out_unlocked: +#ifdef CONFIG_HVM if ( rv != 0 && !pagetable_is_null(p2m_get_pagetable(p2m)) ) p2m_teardown(p2m); +#endif if ( rv != 0 && pg != NULL ) { pg->count_info &= ~PGC_count_mask; diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 069427abb2..42b76af73f 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -374,6 +374,7 @@ static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, if ( pgd_maddr ) /* nothing */; +#ifdef CONFIG_HVM else if ( iommu_use_hap_pt(d) ) { pagetable_t pgt = p2m_get_pagetable(p2m_get_hostp2m(d)); @@ -381,6 +382,7 @@ static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, pgd_maddr = pagetable_get_paddr(pgt); } else +#endif { if ( !hd->arch.vtd.pgd_maddr ) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 20:55:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 20:55:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302256.515845 (Exim 4.92) (envelope-from ) id 1ndI7U-0004Z9-2D; Sat, 09 Apr 2022 20:55:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302256.515845; Sat, 09 Apr 2022 20:55:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7T-0004Z1-V1; Sat, 09 Apr 2022 20:55:43 +0000 Received: by outflank-mailman (input) for mailman id 302256; Sat, 09 Apr 2022 20:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7S-0004Yj-D0 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7S-0005t3-C8 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndI7S-0002Eo-BS for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3zfzUJz42LTvHds1/PfhteiQ7QlaZeq6uAstOHfLWPE=; b=Y8QHQL7IMn1I4/Ckzq/2KPtaX/ en7x1j6Ax96oFzRX3FLHoIVX6mMQmivviSLMQTSUzJNgtAMzP1rDSqPtWrJ9BrGGVFqyZPsnnoLba LLy+GrHvhnw4aDpK7aSk6WWtVyj2MfBT4eme54Yw3tPJnWJYHXfxaJIa/s0EPistOPKU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/P2M: PoD, altp2m, and nested-p2m are HVM-only Message-Id: Date: Sat, 09 Apr 2022 20:55:42 +0000 commit 26c719f67e71d5ff4cabc44cba37de2155204cbb Author: Jan Beulich AuthorDate: Fri Apr 8 14:41:51 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:41:51 2022 +0200 x86/P2M: PoD, altp2m, and nested-p2m are HVM-only There's no need to initialize respective data for PV domains. Note that p2m_teardown_{alt,nested}p2m() will handle the lack-of-initialization case fine. As a result, despite PV domains having a host P2M associated with them and hence using XENMEM_get_pod_target on such may not be a real problem, calling p2m_pod_set_mem_target() for a PV domain is surely wrong, even if benign at present. Add a guard there as well. In p2m_pod_demand_populate() the situation is a little different: This function is reachable only for HVM domains anyway, but following from other PoD functions only ever acting on the host P2M (and hence PoD entries only ever existing in host P2Ms), assert and bail from there for non-host-P2Ms. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/include/asm/p2m.h | 4 ---- xen/arch/x86/mm.c | 4 +++- xen/arch/x86/mm/p2m-pod.c | 7 +++++++ xen/arch/x86/mm/p2m.c | 6 +++++- xen/arch/x86/mm/p2m.h | 27 +++++++++++++++++++++++++++ 5 files changed, 42 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 30236daba3..44c953c83a 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -679,8 +679,6 @@ static inline long p2m_pod_entry_count(const struct p2m_domain *p2m) return p2m->pod.entry_count; } -void p2m_pod_init(struct p2m_domain *p2m); - #else static inline bool @@ -709,8 +707,6 @@ static inline long p2m_pod_entry_count(const struct p2m_domain *p2m) return 0; } -static inline void p2m_pod_init(struct p2m_domain *p2m) {} - #endif diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 6cc73187ac..e90789085b 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4810,7 +4810,9 @@ long arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -ESRCH; - if ( cmd == XENMEM_set_pod_target ) + if ( !is_hvm_domain(d) ) + rc = -EINVAL; + else if ( cmd == XENMEM_set_pod_target ) { rc = xsm_set_pod_target(XSM_PRIV, d); if ( rc ) diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index afee09ab40..fd12f8ca73 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -30,6 +30,7 @@ #include #include "mm-locks.h" +#include "p2m.h" #define superpage_aligned(_x) (((_x)&(SUPERPAGE_PAGES-1))==0) @@ -1162,6 +1163,12 @@ p2m_pod_demand_populate(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn; unsigned long i; + if ( !p2m_is_hostp2m(p2m) ) + { + ASSERT_UNREACHABLE(); + return false; + } + ASSERT(gfn_locked_by_me(p2m, gfn)); pod_lock(p2m); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 48bff44a6a..1f1eddac48 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -43,6 +43,7 @@ #include #include "mm-locks.h" +#include "p2m.h" /* Override macro from asm/page.h to make work with mfn_t */ #undef virt_to_mfn @@ -101,6 +102,9 @@ static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) p2m->default_access = p2m_access_rwx; p2m->p2m_class = p2m_host; + if ( !is_hvm_domain(d) ) + return 0; + p2m_pod_init(p2m); p2m_nestedp2m_init(p2m); @@ -258,7 +262,7 @@ int p2m_init(struct domain *d) int rc; rc = p2m_init_hostp2m(d); - if ( rc ) + if ( rc || !is_hvm_domain(d) ) return rc; #ifdef CONFIG_HVM diff --git a/xen/arch/x86/mm/p2m.h b/xen/arch/x86/mm/p2m.h new file mode 100644 index 0000000000..ec1d54f915 --- /dev/null +++ b/xen/arch/x86/mm/p2m.h @@ -0,0 +1,27 @@ +/****************************************************************************** + * arch/x86/mm/p2m.h + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + */ + +void p2m_pod_init(struct p2m_domain *p2m); + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 20:55:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 20:55:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302257.515850 (Exim 4.92) (envelope-from ) id 1ndI7e-0004cq-4n; Sat, 09 Apr 2022 20:55:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302257.515850; Sat, 09 Apr 2022 20:55:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7e-0004ci-1p; Sat, 09 Apr 2022 20:55:54 +0000 Received: by outflank-mailman (input) for mailman id 302257; Sat, 09 Apr 2022 20:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7c-0004cU-GB for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7c-0005tL-FK for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndI7c-0002FO-Eb for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DNe0uPQQwfU1zWHumwhZPEFpgUCD24SYEK5Pajy2xRA=; b=GLbPanIwXM9rLYFKLi6g+lIA89 8uJla84ddz9FpXJXb54sy0tMOrtOLVnCNr/73be0ptbP0IMoVAPQ3OSy71eEahe2VquDA4tig4O6L l6az183hf8cPKvQuxwRYzF7MNX+PlZ1QwnTtCSXMM8wZjdNafc10QFfh8NRTCI27jan8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/P2M: split out init/teardown functions Message-Id: Date: Sat, 09 Apr 2022 20:55:52 +0000 commit e2b2ff6779580a3a56f338a81e8d74ec30eead8c Author: Jan Beulich AuthorDate: Fri Apr 8 14:44:05 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:44:05 2022 +0200 x86/P2M: split out init/teardown functions Mostly just code movement, and certainly no functional change intended. In p2m_final_teardown() the calls to p2m_teardown_{alt,nested}p2m() need to be guarded by an is_hvm_domain() check now, though. This matches p2m_init(). And p2m_is_logdirty_range() also gets moved inside the (so far) adjacent #ifdef. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/include/asm/hvm/vmx/vmx.h | 4 - xen/arch/x86/mm/Makefile | 2 + xen/arch/x86/mm/altp2m.c | 40 +++++ xen/arch/x86/mm/mm-locks.h | 2 - xen/arch/x86/mm/nested.c | 74 +++++++++ xen/arch/x86/mm/p2m-basic.c | 207 +++++++++++++++++++++++++ xen/arch/x86/mm/p2m-ept.c | 1 + xen/arch/x86/mm/p2m.c | 265 +-------------------------------- xen/arch/x86/mm/p2m.h | 22 +++ 9 files changed, 348 insertions(+), 269 deletions(-) diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/asm/hvm/vmx/vmx.h index c2ebdd6864..8eedf59155 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h @@ -594,15 +594,11 @@ unsigned int vmx_get_cpl(void); void vmx_inject_extint(int trap, uint8_t source); void vmx_inject_nmi(void); -int ept_p2m_init(struct p2m_domain *p2m); -void ept_p2m_uninit(struct p2m_domain *p2m); - void ept_walk_table(struct domain *d, unsigned long gfn); bool_t ept_handle_misconfig(uint64_t gpa); int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn, unsigned int order, bool *ipat, p2m_type_t type); void setup_ept_dump(void); -void p2m_init_altp2m_ept(struct domain *d, unsigned int i); /* Locate an alternate p2m by its EPTP */ unsigned int p2m_find_altp2m_by_eptp(struct domain *d, uint64_t eptp); diff --git a/xen/arch/x86/mm/Makefile b/xen/arch/x86/mm/Makefile index a47ef5fd9f..c6eca5ac82 100644 --- a/xen/arch/x86/mm/Makefile +++ b/xen/arch/x86/mm/Makefile @@ -7,7 +7,9 @@ obj-$(CONFIG_SHADOW_PAGING) += guest_walk_4.o obj-$(CONFIG_MEM_ACCESS) += mem_access.o obj-$(CONFIG_MEM_PAGING) += mem_paging.o obj-$(CONFIG_MEM_SHARING) += mem_sharing.o +obj-$(CONFIG_HVM) += nested.o obj-y += p2m.o +obj-y += p2m-basic.o obj-$(CONFIG_HVM) += p2m-ept.o p2m-pod.o p2m-pt.o obj-y += paging.o obj-y += physmap.o diff --git a/xen/arch/x86/mm/altp2m.c b/xen/arch/x86/mm/altp2m.c index c091b03ea3..8be6eaf242 100644 --- a/xen/arch/x86/mm/altp2m.c +++ b/xen/arch/x86/mm/altp2m.c @@ -19,6 +19,8 @@ #include #include #include +#include "mm-locks.h" +#include "p2m.h" void altp2m_vcpu_initialise(struct vcpu *v) @@ -123,6 +125,44 @@ void altp2m_vcpu_disable_ve(struct vcpu *v) } } +int p2m_init_altp2m(struct domain *d) +{ + unsigned int i; + struct p2m_domain *p2m; + struct p2m_domain *hostp2m = p2m_get_hostp2m(d); + + mm_lock_init(&d->arch.altp2m_list_lock); + for ( i = 0; i < MAX_ALTP2M; i++ ) + { + d->arch.altp2m_p2m[i] = p2m = p2m_init_one(d); + if ( p2m == NULL ) + { + p2m_teardown_altp2m(d); + return -ENOMEM; + } + p2m->p2m_class = p2m_alternate; + p2m->access_required = hostp2m->access_required; + _atomic_set(&p2m->active_vcpus, 0); + } + + return 0; +} + +void p2m_teardown_altp2m(struct domain *d) +{ + unsigned int i; + struct p2m_domain *p2m; + + for ( i = 0; i < MAX_ALTP2M; i++ ) + { + if ( !d->arch.altp2m_p2m[i] ) + continue; + p2m = d->arch.altp2m_p2m[i]; + d->arch.altp2m_p2m[i] = NULL; + p2m_free_one(p2m); + } +} + /* * Local variables: * mode: C diff --git a/xen/arch/x86/mm/mm-locks.h b/xen/arch/x86/mm/mm-locks.h index fcfd4706ba..831e56d281 100644 --- a/xen/arch/x86/mm/mm-locks.h +++ b/xen/arch/x86/mm/mm-locks.h @@ -25,8 +25,6 @@ #ifndef _MM_LOCKS_H #define _MM_LOCKS_H -#include - /* Per-CPU variable for enforcing the lock ordering */ DECLARE_PER_CPU(int, mm_lock_level); diff --git a/xen/arch/x86/mm/nested.c b/xen/arch/x86/mm/nested.c new file mode 100644 index 0000000000..fab62b2b2d --- /dev/null +++ b/xen/arch/x86/mm/nested.c @@ -0,0 +1,74 @@ +/****************************************************************************** + * arch/x86/mm/nested.c + * + * Parts of this code are Copyright (c) 2009 by Citrix Systems, Inc. (Patrick Colp) + * Parts of this code are Copyright (c) 2007 by Advanced Micro Devices. + * Parts of this code are Copyright (c) 2006-2007 by XenSource Inc. + * Parts of this code are Copyright (c) 2006 by Michael A Fetterman + * Parts based on earlier work by Michael A Fetterman, Ian Pratt et al. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + */ + +#include +#include +#include "mm-locks.h" +#include "p2m.h" + +void p2m_nestedp2m_init(struct p2m_domain *p2m) +{ + INIT_LIST_HEAD(&p2m->np2m_list); + + p2m->np2m_base = P2M_BASE_EADDR; + p2m->np2m_generation = 0; +} + +int p2m_init_nestedp2m(struct domain *d) +{ + unsigned int i; + struct p2m_domain *p2m; + + mm_lock_init(&d->arch.nested_p2m_lock); + for ( i = 0; i < MAX_NESTEDP2M; i++ ) + { + d->arch.nested_p2m[i] = p2m = p2m_init_one(d); + if ( p2m == NULL ) + { + p2m_teardown_nestedp2m(d); + return -ENOMEM; + } + p2m->p2m_class = p2m_nested; + p2m->write_p2m_entry_pre = NULL; + p2m->write_p2m_entry_post = nestedp2m_write_p2m_entry_post; + list_add(&p2m->np2m_list, &p2m_get_hostp2m(d)->np2m_list); + } + + return 0; +} + +void p2m_teardown_nestedp2m(struct domain *d) +{ + unsigned int i; + struct p2m_domain *p2m; + + for ( i = 0; i < MAX_NESTEDP2M; i++ ) + { + if ( !d->arch.nested_p2m[i] ) + continue; + p2m = d->arch.nested_p2m[i]; + list_del(&p2m->np2m_list); + p2m_free_one(p2m); + d->arch.nested_p2m[i] = NULL; + } +} diff --git a/xen/arch/x86/mm/p2m-basic.c b/xen/arch/x86/mm/p2m-basic.c new file mode 100644 index 0000000000..be4a08b9cb --- /dev/null +++ b/xen/arch/x86/mm/p2m-basic.c @@ -0,0 +1,207 @@ +/****************************************************************************** + * arch/x86/mm/p2m-basic.c + * + * Basic P2M management largely applicable to all domain types. + * + * Parts of this code are Copyright (c) 2009 by Citrix Systems, Inc. (Patrick Colp) + * Parts of this code are Copyright (c) 2007 by Advanced Micro Devices. + * Parts of this code are Copyright (c) 2006-2007 by XenSource Inc. + * Parts of this code are Copyright (c) 2006 by Michael A Fetterman + * Parts based on earlier work by Michael A Fetterman, Ian Pratt et al. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + */ + +#include +#include +#include "mm-locks.h" +#include "p2m.h" + +/* Init the datastructures for later use by the p2m code */ +static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) +{ + int ret = 0; + + mm_rwlock_init(&p2m->lock); +#ifdef CONFIG_HVM + INIT_PAGE_LIST_HEAD(&p2m->pages); +#endif + + p2m->domain = d; + p2m->default_access = p2m_access_rwx; + p2m->p2m_class = p2m_host; + + if ( !is_hvm_domain(d) ) + return 0; + + p2m_pod_init(p2m); + p2m_nestedp2m_init(p2m); + + if ( hap_enabled(d) && cpu_has_vmx ) + ret = ept_p2m_init(p2m); + else + p2m_pt_init(p2m); + + spin_lock_init(&p2m->ioreq.lock); + + return ret; +} + +struct p2m_domain *p2m_init_one(struct domain *d) +{ + struct p2m_domain *p2m = xzalloc(struct p2m_domain); + + if ( !p2m ) + return NULL; + + if ( !zalloc_cpumask_var(&p2m->dirty_cpumask) ) + goto free_p2m; + + if ( p2m_initialise(d, p2m) ) + goto free_cpumask; + return p2m; + + free_cpumask: + free_cpumask_var(p2m->dirty_cpumask); + free_p2m: + xfree(p2m); + return NULL; +} + +void p2m_free_one(struct p2m_domain *p2m) +{ + p2m_free_logdirty(p2m); + if ( hap_enabled(p2m->domain) && cpu_has_vmx ) + ept_p2m_uninit(p2m); + free_cpumask_var(p2m->dirty_cpumask); + xfree(p2m); +} + +static int p2m_init_hostp2m(struct domain *d) +{ + struct p2m_domain *p2m = p2m_init_one(d); + int rc; + + if ( !p2m ) + return -ENOMEM; + + rc = p2m_init_logdirty(p2m); + + if ( !rc ) + d->arch.p2m = p2m; + else + p2m_free_one(p2m); + + return rc; +} + +static void p2m_teardown_hostp2m(struct domain *d) +{ + /* Iterate over all p2m tables per domain */ + struct p2m_domain *p2m = p2m_get_hostp2m(d); + + if ( p2m ) + { + p2m_free_one(p2m); + d->arch.p2m = NULL; + } +} + +int p2m_init(struct domain *d) +{ + int rc; + + rc = p2m_init_hostp2m(d); + if ( rc || !is_hvm_domain(d) ) + return rc; + + /* + * Must initialise nestedp2m unconditionally + * since nestedhvm_enabled(d) returns false here. + * (p2m_init runs too early for HVM_PARAM_* options) + */ + rc = p2m_init_nestedp2m(d); + if ( rc ) + { + p2m_teardown_hostp2m(d); + return rc; + } + + rc = p2m_init_altp2m(d); + if ( rc ) + { + p2m_teardown_hostp2m(d); + p2m_teardown_nestedp2m(d); + } + + return rc; +} + +/* + * Return all the p2m pages to Xen. + * We know we don't have any extra mappings to these pages. + * + * hvm fixme: when adding support for pvh non-hardware domains, this path must + * cleanup any foreign p2m types (release refcnts on them). + */ +void p2m_teardown(struct p2m_domain *p2m) +{ +#ifdef CONFIG_HVM + struct page_info *pg; +#endif + struct domain *d; + + if ( !p2m ) + return; + + d = p2m->domain; + + p2m_lock(p2m); + + ASSERT(atomic_read(&d->shr_pages) == 0); + +#ifdef CONFIG_HVM + p2m->phys_table = pagetable_null(); + + while ( (pg = page_list_remove_head(&p2m->pages)) ) + d->arch.paging.free_page(d, pg); +#endif + + p2m_unlock(p2m); +} + +void p2m_final_teardown(struct domain *d) +{ + if ( is_hvm_domain(d) ) + { + /* + * We must tear down both of them unconditionally because + * we initialise them unconditionally. + */ + p2m_teardown_altp2m(d); + p2m_teardown_nestedp2m(d); + } + + /* Iterate over all p2m tables per domain */ + p2m_teardown_hostp2m(d); +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index 70a401c3a7..b04ca6dbe8 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -35,6 +35,7 @@ #include #include "mm-locks.h" +#include "p2m.h" #define atomic_read_ept_entry(__pepte) \ ( (ept_entry_t) { .epte = read_atomic(&(__pepte)->epte) } ) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 1f1eddac48..6498cd460b 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -35,7 +35,6 @@ #include #include #include -#include /* ept_p2m_init() */ #include #include #include @@ -56,17 +55,9 @@ boolean_param("hap_2mb", opt_hap_2mb); DEFINE_PERCPU_RWLOCK_GLOBAL(p2m_percpu_rwlock); -static void p2m_nestedp2m_init(struct p2m_domain *p2m) -{ #ifdef CONFIG_HVM - INIT_LIST_HEAD(&p2m->np2m_list); - - p2m->np2m_base = P2M_BASE_EADDR; - p2m->np2m_generation = 0; -#endif -} -static int p2m_init_logdirty(struct p2m_domain *p2m) +int p2m_init_logdirty(struct p2m_domain *p2m) { if ( p2m->logdirty_ranges ) return 0; @@ -79,7 +70,7 @@ static int p2m_init_logdirty(struct p2m_domain *p2m) return 0; } -static void p2m_free_logdirty(struct p2m_domain *p2m) +void p2m_free_logdirty(struct p2m_domain *p2m) { if ( !p2m->logdirty_ranges ) return; @@ -88,205 +79,6 @@ static void p2m_free_logdirty(struct p2m_domain *p2m) p2m->logdirty_ranges = NULL; } -/* Init the datastructures for later use by the p2m code */ -static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) -{ - int ret = 0; - - mm_rwlock_init(&p2m->lock); -#ifdef CONFIG_HVM - INIT_PAGE_LIST_HEAD(&p2m->pages); -#endif - - p2m->domain = d; - p2m->default_access = p2m_access_rwx; - p2m->p2m_class = p2m_host; - - if ( !is_hvm_domain(d) ) - return 0; - - p2m_pod_init(p2m); - p2m_nestedp2m_init(p2m); - - if ( hap_enabled(d) && cpu_has_vmx ) - ret = ept_p2m_init(p2m); - else - p2m_pt_init(p2m); - - spin_lock_init(&p2m->ioreq.lock); - - return ret; -} - -static struct p2m_domain *p2m_init_one(struct domain *d) -{ - struct p2m_domain *p2m = xzalloc(struct p2m_domain); - - if ( !p2m ) - return NULL; - - if ( !zalloc_cpumask_var(&p2m->dirty_cpumask) ) - goto free_p2m; - - if ( p2m_initialise(d, p2m) ) - goto free_cpumask; - return p2m; - -free_cpumask: - free_cpumask_var(p2m->dirty_cpumask); -free_p2m: - xfree(p2m); - return NULL; -} - -static void p2m_free_one(struct p2m_domain *p2m) -{ - p2m_free_logdirty(p2m); - if ( hap_enabled(p2m->domain) && cpu_has_vmx ) - ept_p2m_uninit(p2m); - free_cpumask_var(p2m->dirty_cpumask); - xfree(p2m); -} - -static int p2m_init_hostp2m(struct domain *d) -{ - struct p2m_domain *p2m = p2m_init_one(d); - int rc; - - if ( !p2m ) - return -ENOMEM; - - rc = p2m_init_logdirty(p2m); - - if ( !rc ) - d->arch.p2m = p2m; - else - p2m_free_one(p2m); - - return rc; -} - -static void p2m_teardown_hostp2m(struct domain *d) -{ - /* Iterate over all p2m tables per domain */ - struct p2m_domain *p2m = p2m_get_hostp2m(d); - - if ( p2m ) - { - p2m_free_one(p2m); - d->arch.p2m = NULL; - } -} - -#ifdef CONFIG_HVM -static void p2m_teardown_nestedp2m(struct domain *d) -{ - unsigned int i; - struct p2m_domain *p2m; - - for ( i = 0; i < MAX_NESTEDP2M; i++ ) - { - if ( !d->arch.nested_p2m[i] ) - continue; - p2m = d->arch.nested_p2m[i]; - list_del(&p2m->np2m_list); - p2m_free_one(p2m); - d->arch.nested_p2m[i] = NULL; - } -} - -static int p2m_init_nestedp2m(struct domain *d) -{ - unsigned int i; - struct p2m_domain *p2m; - - mm_lock_init(&d->arch.nested_p2m_lock); - for ( i = 0; i < MAX_NESTEDP2M; i++ ) - { - d->arch.nested_p2m[i] = p2m = p2m_init_one(d); - if ( p2m == NULL ) - { - p2m_teardown_nestedp2m(d); - return -ENOMEM; - } - p2m->p2m_class = p2m_nested; - p2m->write_p2m_entry_pre = NULL; - p2m->write_p2m_entry_post = nestedp2m_write_p2m_entry_post; - list_add(&p2m->np2m_list, &p2m_get_hostp2m(d)->np2m_list); - } - - return 0; -} - -static void p2m_teardown_altp2m(struct domain *d) -{ - unsigned int i; - struct p2m_domain *p2m; - - for ( i = 0; i < MAX_ALTP2M; i++ ) - { - if ( !d->arch.altp2m_p2m[i] ) - continue; - p2m = d->arch.altp2m_p2m[i]; - d->arch.altp2m_p2m[i] = NULL; - p2m_free_one(p2m); - } -} - -static int p2m_init_altp2m(struct domain *d) -{ - unsigned int i; - struct p2m_domain *p2m; - struct p2m_domain *hostp2m = p2m_get_hostp2m(d); - - mm_lock_init(&d->arch.altp2m_list_lock); - for ( i = 0; i < MAX_ALTP2M; i++ ) - { - d->arch.altp2m_p2m[i] = p2m = p2m_init_one(d); - if ( p2m == NULL ) - { - p2m_teardown_altp2m(d); - return -ENOMEM; - } - p2m->p2m_class = p2m_alternate; - p2m->access_required = hostp2m->access_required; - _atomic_set(&p2m->active_vcpus, 0); - } - - return 0; -} -#endif - -int p2m_init(struct domain *d) -{ - int rc; - - rc = p2m_init_hostp2m(d); - if ( rc || !is_hvm_domain(d) ) - return rc; - -#ifdef CONFIG_HVM - /* Must initialise nestedp2m unconditionally - * since nestedhvm_enabled(d) returns false here. - * (p2m_init runs too early for HVM_PARAM_* options) */ - rc = p2m_init_nestedp2m(d); - if ( rc ) - { - p2m_teardown_hostp2m(d); - return rc; - } - - rc = p2m_init_altp2m(d); - if ( rc ) - { - p2m_teardown_hostp2m(d); - p2m_teardown_nestedp2m(d); - } -#endif - - return rc; -} - int p2m_is_logdirty_range(struct p2m_domain *p2m, unsigned long start, unsigned long end) { @@ -298,8 +90,6 @@ int p2m_is_logdirty_range(struct p2m_domain *p2m, unsigned long start, return 0; } -#ifdef CONFIG_HVM - static void change_entry_type_global(struct p2m_domain *p2m, p2m_type_t ot, p2m_type_t nt) { @@ -751,57 +541,6 @@ int p2m_alloc_table(struct p2m_domain *p2m) return 0; } -#endif /* CONFIG_HVM */ - -/* - * hvm fixme: when adding support for pvh non-hardware domains, this path must - * cleanup any foreign p2m types (release refcnts on them). - */ -void p2m_teardown(struct p2m_domain *p2m) -/* Return all the p2m pages to Xen. - * We know we don't have any extra mappings to these pages */ -{ -#ifdef CONFIG_HVM - struct page_info *pg; -#endif - struct domain *d; - - if (p2m == NULL) - return; - - d = p2m->domain; - - p2m_lock(p2m); - - ASSERT(atomic_read(&d->shr_pages) == 0); - -#ifdef CONFIG_HVM - p2m->phys_table = pagetable_null(); - - while ( (pg = page_list_remove_head(&p2m->pages)) ) - d->arch.paging.free_page(d, pg); -#endif - - p2m_unlock(p2m); -} - -void p2m_final_teardown(struct domain *d) -{ -#ifdef CONFIG_HVM - /* - * We must teardown both of them unconditionally because - * we initialise them unconditionally. - */ - p2m_teardown_altp2m(d); - p2m_teardown_nestedp2m(d); -#endif - - /* Iterate over all p2m tables per domain */ - p2m_teardown_hostp2m(d); -} - -#ifdef CONFIG_HVM - static int __must_check p2m_remove_entry(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, unsigned int page_order) diff --git a/xen/arch/x86/mm/p2m.h b/xen/arch/x86/mm/p2m.h index ec1d54f915..cc0f6766e4 100644 --- a/xen/arch/x86/mm/p2m.h +++ b/xen/arch/x86/mm/p2m.h @@ -15,8 +15,30 @@ * along with this program; If not, see . */ +struct p2m_domain *p2m_init_one(struct domain *d); +void p2m_free_one(struct p2m_domain *p2m); + void p2m_pod_init(struct p2m_domain *p2m); +#ifdef CONFIG_HVM +int p2m_init_logdirty(struct p2m_domain *p2m); +void p2m_free_logdirty(struct p2m_domain *p2m); +#else +static inline int p2m_init_logdirty(struct p2m_domain *p2m) { return 0; } +static inline void p2m_free_logdirty(struct p2m_domain *p2m) {} +#endif + +int p2m_init_altp2m(struct domain *d); +void p2m_teardown_altp2m(struct domain *d); + +void p2m_nestedp2m_init(struct p2m_domain *p2m); +int p2m_init_nestedp2m(struct domain *d); +void p2m_teardown_nestedp2m(struct domain *d); + +int ept_p2m_init(struct p2m_domain *p2m); +void ept_p2m_uninit(struct p2m_domain *p2m); +void p2m_init_altp2m_ept(struct domain *d, unsigned int i); + /* * Local variables: * mode: C -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 20:56:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 20:56:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302258.515854 (Exim 4.92) (envelope-from ) id 1ndI7o-0004fL-6R; Sat, 09 Apr 2022 20:56:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302258.515854; Sat, 09 Apr 2022 20:56:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7o-0004fD-3Z; Sat, 09 Apr 2022 20:56:04 +0000 Received: by outflank-mailman (input) for mailman id 302258; Sat, 09 Apr 2022 20:56:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7m-0004et-JQ for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7m-0005tc-Ib for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndI7m-0002GA-Hk for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sVgAWSrwo8IJyGkQka5RJa4/4XWJ7ER07FEA8ffztiI=; b=rebw+0/Tl2n/itatsiiDK9waXn ZwaL6sDJLkqkxfJFZ2B1TuOIaElVZXenqF7yFRwXYJJJuSAY/NMLzensiV6NpVeex4GrVsBBr/ciB 0ho3qyUVk5AfiY7eN4TvXlyPFv2lcBNyn0Q8dS2FZQV5AWfyGJvf1q+if3F5vwXpmg44=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/P2M: p2m_get_page_from_gfn() is HVM-only Message-Id: Date: Sat, 09 Apr 2022 20:56:02 +0000 commit c9e802e916423111652424a93d98f67ae7135afc Author: Jan Beulich AuthorDate: Fri Apr 8 14:45:37 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:45:37 2022 +0200 x86/P2M: p2m_get_page_from_gfn() is HVM-only This function is the wrong layer to go through for PV guests. It happens to work, but produces results which aren't fully consistent with get_page_from_gfn(). The latter function, however, cannot be used in map_domain_gfn() as it may not be the host P2M we mean to act on. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/mm/guest_walk.c | 4 +++- xen/arch/x86/mm/p2m.c | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/mm/guest_walk.c b/xen/arch/x86/mm/guest_walk.c index 35d543ca5f..70dacc477f 100644 --- a/xen/arch/x86/mm/guest_walk.c +++ b/xen/arch/x86/mm/guest_walk.c @@ -551,7 +551,9 @@ void *map_domain_gfn(struct p2m_domain *p2m, gfn_t gfn, mfn_t *mfn, } /* Translate the gfn, unsharing if shared. */ - page = p2m_get_page_from_gfn(p2m, gfn, &p2mt, NULL, q); + page = paging_mode_translate(p2m->domain) + ? p2m_get_page_from_gfn(p2m, gfn, &p2mt, NULL, q) + : get_page_from_gfn(p2m->domain, gfn_x(gfn), &p2mt, q); if ( p2m_is_paging(p2mt) ) { ASSERT(p2m_is_hostp2m(p2m)); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 6498cd460b..c3653b013d 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -357,6 +357,8 @@ void __put_gfn(struct p2m_domain *p2m, unsigned long gfn) gfn_unlock(p2m, gfn, 0); } +#ifdef CONFIG_HVM + /* Atomically look up a GFN and take a reference count on the backing page. */ struct page_info *p2m_get_page_from_gfn( struct p2m_domain *p2m, gfn_t gfn, @@ -422,8 +424,6 @@ struct page_info *p2m_get_page_from_gfn( return page; } -#ifdef CONFIG_HVM - /* Returns: 0 for success, -errno for failure */ int p2m_set_entry(struct p2m_domain *p2m, gfn_t gfn, mfn_t mfn, unsigned int page_order, p2m_type_t p2mt, p2m_access_t p2ma) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 20:56:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 20:56:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302259.515858 (Exim 4.92) (envelope-from ) id 1ndI7y-0004iO-8H; Sat, 09 Apr 2022 20:56:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302259.515858; Sat, 09 Apr 2022 20:56:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7y-0004iE-53; Sat, 09 Apr 2022 20:56:14 +0000 Received: by outflank-mailman (input) for mailman id 302259; Sat, 09 Apr 2022 20:56:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7w-0004hz-Mz for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI7w-0005u3-M5 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndI7w-0002Gf-LJ for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KI/Z3BiNHq8Yql3cYXfBBjSGQ12fPuY8oGX97HLnnRk=; b=lfTuNIeOMlbBVWA3jWBNvJyIap 5iOCfrHuf5QfE9fhfB3E7VKOW9+PLoxf2YF5YhI0B8i/kEqRmpm66QRg0c2L13UM/qn77QLCCEiaQ 1a0Z1apwRxKgRxAsGdm7fmrJvdPEjMmVxWbmG6YmOYoIqr9U3ZhcVhH8rIgqfiiEYYAg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/P2M: derive HVM-only variant from __get_gfn_type_access() Message-Id: Date: Sat, 09 Apr 2022 20:56:12 +0000 commit aa70b8959915b67b4e7a2516f743ab6ffe0f8a1b Author: Jan Beulich AuthorDate: Fri Apr 8 14:46:30 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:46:30 2022 +0200 x86/P2M: derive HVM-only variant from __get_gfn_type_access() Introduce an inline wrapper dealing with the non-translated-domain case, while stripping that logic from the main function, which gets renamed to p2m_get_gfn_type_access(). HVM-only callers can then directly use the main function. Along with renaming the main function also make its and the new inline helper's GFN parameters type-safe. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/hvm/svm/svm.c | 4 ++-- xen/arch/x86/include/asm/p2m.h | 26 ++++++++++++++++++++++---- xen/arch/x86/mm/mem_access.c | 5 +++-- xen/arch/x86/mm/mem_sharing.c | 16 ++++++++-------- xen/arch/x86/mm/p2m.c | 35 ++++++++++++----------------------- 5 files changed, 47 insertions(+), 39 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 64a45045da..2455835eda 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1712,7 +1712,7 @@ static void svm_do_nested_pgfault(struct vcpu *v, } _d; p2m = p2m_get_p2m(v); - mfn = __get_gfn_type_access(p2m, gfn, &p2mt, &p2ma, 0, NULL, 0); + mfn = p2m_get_gfn_type_access(p2m, _gfn(gfn), &p2mt, &p2ma, 0, NULL, 0); _d.gpa = gpa; _d.qualification = 0; @@ -1737,7 +1737,7 @@ static void svm_do_nested_pgfault(struct vcpu *v, if ( p2m == NULL ) { p2m = p2m_get_p2m(v); - mfn = __get_gfn_type_access(p2m, gfn, &p2mt, &p2ma, 0, NULL, 0); + mfn = p2m_get_gfn_type_access(p2m, _gfn(gfn), &p2mt, &p2ma, 0, NULL, 0); } gdprintk(XENLOG_ERR, "SVM violation gpa %#"PRIpaddr", mfn %#lx, type %i\n", diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 44c953c83a..789d5a4464 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -459,10 +459,27 @@ void p2m_unlock_and_tlb_flush(struct p2m_domain *p2m); * After calling any of the variants below, caller needs to use * put_gfn. ****/ -mfn_t __nonnull(3, 4) __get_gfn_type_access( - struct p2m_domain *p2m, unsigned long gfn, p2m_type_t *t, +mfn_t __nonnull(3, 4) p2m_get_gfn_type_access( + struct p2m_domain *p2m, gfn_t gfn, p2m_type_t *t, p2m_access_t *a, p2m_query_t q, unsigned int *page_order, bool_t locked); +static inline mfn_t __nonnull(3, 4) _get_gfn_type_access( + struct p2m_domain *p2m, gfn_t gfn, p2m_type_t *t, + p2m_access_t *a, p2m_query_t q, unsigned int *page_order, bool_t locked) +{ + if ( !p2m || !paging_mode_translate(p2m->domain) ) + { + /* + * Not necessarily true, but for non-translated guests we claim + * it's the most generic kind of memory. + */ + *t = p2m_ram_rw; + return _mfn(gfn_x(gfn)); + } + + return p2m_get_gfn_type_access(p2m, gfn, t, a, q, page_order, locked); +} + /* Read a particular P2M table, mapping pages as we go. Most callers * should _not_ call this directly; use the other get_gfn* functions * below unless you know you want to walk a p2m that isn't a domain's @@ -474,7 +491,7 @@ static inline mfn_t __nonnull(3, 4) get_gfn_type_access( struct p2m_domain *p2m, unsigned long gfn, p2m_type_t *t, p2m_access_t *a, p2m_query_t q, unsigned int *page_order) { - return __get_gfn_type_access(p2m, gfn, t, a, q, page_order, true); + return _get_gfn_type_access(p2m, _gfn(gfn), t, a, q, page_order, true); } /* General conversion function from gfn to mfn */ @@ -515,7 +532,8 @@ static inline mfn_t get_gfn_query_unlocked(struct domain *d, p2m_type_t *t) { p2m_access_t a; - return __get_gfn_type_access(p2m_get_hostp2m(d), gfn, t, &a, 0, NULL, 0); + return _get_gfn_type_access(p2m_get_hostp2m(d), _gfn(gfn), t, &a, 0, + NULL, 0); } /* Atomically look up a GFN and take a reference count on the backing page. diff --git a/xen/arch/x86/mm/mem_access.c b/xen/arch/x86/mm/mem_access.c index 7750b81cd4..f3aed9fcc9 100644 --- a/xen/arch/x86/mm/mem_access.c +++ b/xen/arch/x86/mm/mem_access.c @@ -299,8 +299,9 @@ static int set_mem_access(struct domain *d, struct p2m_domain *p2m, { p2m_access_t _a; p2m_type_t t; - mfn_t mfn = __get_gfn_type_access(p2m, gfn_x(gfn), &t, &_a, - P2M_ALLOC, NULL, false); + mfn_t mfn = p2m_get_gfn_type_access(p2m, gfn, &t, &_a, + P2M_ALLOC, NULL, false); + rc = p2m->set_entry(p2m, gfn, mfn, PAGE_ORDER_4K, t, a, -1); } diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index 15e6a7ed81..703b1c06dc 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -478,12 +478,12 @@ do { \ #undef assign_pointers /* Now do the gets. */ - *first_mfn = __get_gfn_type_access(p2m_get_hostp2m(rval->first_domain), - gfn_x(rval->first_gfn), first_t, - first_a, q, NULL, lock); - *second_mfn = __get_gfn_type_access(p2m_get_hostp2m(rval->second_domain), - gfn_x(rval->second_gfn), second_t, - second_a, q, NULL, lock); + *first_mfn = p2m_get_gfn_type_access(p2m_get_hostp2m(rval->first_domain), + rval->first_gfn, first_t, + first_a, q, NULL, lock); + *second_mfn = p2m_get_gfn_type_access(p2m_get_hostp2m(rval->second_domain), + rval->second_gfn, second_t, + second_a, q, NULL, lock); } static void put_two_gfns(const struct two_gfns *arg) @@ -936,8 +936,8 @@ static int nominate_page(struct domain *d, gfn_t gfn, if ( !ap2m ) continue; - amfn = __get_gfn_type_access(ap2m, gfn_x(gfn), &ap2mt, &ap2ma, - 0, NULL, false); + amfn = p2m_get_gfn_type_access(ap2m, gfn, &ap2mt, &ap2ma, + 0, NULL, false); if ( mfn_valid(amfn) && (!mfn_eq(amfn, mfn) || ap2ma != p2ma) ) { altp2m_list_unlock(d); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index c3653b013d..169f733d83 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -286,25 +286,13 @@ void p2m_unlock_and_tlb_flush(struct p2m_domain *p2m) mm_write_unlock(&p2m->lock); } -mfn_t __get_gfn_type_access(struct p2m_domain *p2m, unsigned long gfn_l, - p2m_type_t *t, p2m_access_t *a, p2m_query_t q, - unsigned int *page_order, bool_t locked) -{ #ifdef CONFIG_HVM - mfn_t mfn; - gfn_t gfn = _gfn(gfn_l); - if ( !p2m || !paging_mode_translate(p2m->domain) ) - { -#endif - /* - * Not necessarily true, but for non-translated guests we claim - * it's the most generic kind of memory. - */ - *t = p2m_ram_rw; - return _mfn(gfn_l); -#ifdef CONFIG_HVM - } +mfn_t p2m_get_gfn_type_access(struct p2m_domain *p2m, gfn_t gfn, + p2m_type_t *t, p2m_access_t *a, p2m_query_t q, + unsigned int *page_order, bool_t locked) +{ + mfn_t mfn; /* Unshare makes no sense without populate. */ if ( q & P2M_UNSHARE ) @@ -329,8 +317,8 @@ mfn_t __get_gfn_type_access(struct p2m_domain *p2m, unsigned long gfn_l, * Try to unshare. If we fail, communicate ENOMEM without * sleeping. */ - if ( mem_sharing_unshare_page(p2m->domain, gfn_l) < 0 ) - mem_sharing_notify_enomem(p2m->domain, gfn_l, false); + if ( mem_sharing_unshare_page(p2m->domain, gfn_x(gfn)) < 0 ) + mem_sharing_notify_enomem(p2m->domain, gfn_x(gfn), false); mfn = p2m->get_entry(p2m, gfn, t, a, q, page_order, NULL); } @@ -343,9 +331,10 @@ mfn_t __get_gfn_type_access(struct p2m_domain *p2m, unsigned long gfn_l, } return mfn; -#endif } +#endif /* CONFIG_HVM */ + void __put_gfn(struct p2m_domain *p2m, unsigned long gfn) { if ( !p2m || !paging_mode_translate(p2m->domain) ) @@ -377,7 +366,7 @@ struct page_info *p2m_get_page_from_gfn( { /* Fast path: look up and get out */ p2m_read_lock(p2m); - mfn = __get_gfn_type_access(p2m, gfn_x(gfn), t, a, 0, NULL, 0); + mfn = p2m_get_gfn_type_access(p2m, gfn, t, a, 0, NULL, 0); if ( p2m_is_any_ram(*t) && mfn_valid(mfn) && !((q & P2M_UNSHARE) && p2m_is_shared(*t)) ) { @@ -1775,8 +1764,8 @@ int altp2m_get_effective_entry(struct p2m_domain *ap2m, gfn_t gfn, mfn_t *mfn, unsigned int page_order; int rc; - *mfn = __get_gfn_type_access(hp2m, gfn_x(gfn), t, a, - P2M_ALLOC | P2M_UNSHARE, &page_order, 0); + *mfn = p2m_get_gfn_type_access(hp2m, gfn, t, a, P2M_ALLOC | P2M_UNSHARE, + &page_order, 0); rc = -ESRCH; if ( !mfn_valid(*mfn) || *t != p2m_ram_rw ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 20:56:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 20:56:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302260.515862 (Exim 4.92) (envelope-from ) id 1ndI88-0004lC-BR; Sat, 09 Apr 2022 20:56:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302260.515862; Sat, 09 Apr 2022 20:56:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI88-0004l5-87; Sat, 09 Apr 2022 20:56:24 +0000 Received: by outflank-mailman (input) for mailman id 302260; Sat, 09 Apr 2022 20:56:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI86-0004kt-QO for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI86-0005u8-Pa for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndI86-0002HG-On for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zsov/bPFBWJuxbypBVU7bBSSyNnJsmquO9LyfxIyVfY=; b=b+J7MDjWjALWBDLE/BfJTOfK4x puioUAKzgM1EJ+VetdodlWHrnZEOneel2ifPZ0gwZu/qDorMsUO2pTHJqMfBOVtjfWrcBD3BBAyOK Eb8g2XPkGYxWBEMRrYeOMwT0CuR4imsNp+4A65b+7Qn/WWxV/JSBMink9QbQWCrzI1us=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/p2m: re-arrange {,__}put_gfn() Message-Id: Date: Sat, 09 Apr 2022 20:56:22 +0000 commit 819cdc5a7301222f0f5f9260cfe8cd9c87d81f2f Author: Jan Beulich AuthorDate: Fri Apr 8 14:47:11 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:47:11 2022 +0200 x86/p2m: re-arrange {,__}put_gfn() All explicit callers of __put_gfn() are in HVM-only code and hold a valid P2M pointer in their hands. Move the paging_mode_translate() check out of there into put_gfn(), renaming __put_gfn() and making its GFN parameter type-safe. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/hvm/hvm.c | 8 ++++---- xen/arch/x86/include/asm/p2m.h | 11 +++++++++-- xen/arch/x86/mm/hap/nested_hap.c | 2 +- xen/arch/x86/mm/p2m.c | 20 ++++++-------------- 4 files changed, 20 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 709a4191ef..5b16fb4cd8 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1962,9 +1962,9 @@ int hvm_hap_nested_page_fault(paddr_t gpa, unsigned long gla, * altp2m_list lock. */ if ( p2m != hostp2m ) - __put_gfn(p2m, gfn); + p2m_put_gfn(p2m, _gfn(gfn)); p2m_change_type_one(currd, gfn, p2m_ram_logdirty, p2m_ram_rw); - __put_gfn(hostp2m, gfn); + p2m_put_gfn(hostp2m, _gfn(gfn)); goto out; } @@ -1986,8 +1986,8 @@ int hvm_hap_nested_page_fault(paddr_t gpa, unsigned long gla, out_put_gfn: if ( p2m != hostp2m ) - __put_gfn(p2m, gfn); - __put_gfn(hostp2m, gfn); + p2m_put_gfn(p2m, _gfn(gfn)); + p2m_put_gfn(hostp2m, _gfn(gfn)); out: /* * All of these are delayed until we exit, since we might diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 789d5a4464..cd5cd1c3a3 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -509,9 +509,16 @@ static inline mfn_t __nonnull(3) get_gfn_type( P2M_ALLOC | P2M_UNSHARE) /* Will release the p2m_lock for this gfn entry. */ -void __put_gfn(struct p2m_domain *p2m, unsigned long gfn); +void p2m_put_gfn(struct p2m_domain *p2m, gfn_t gfn); -#define put_gfn(d, gfn) __put_gfn(p2m_get_hostp2m((d)), (gfn)) +static inline void put_gfn(struct domain *d, unsigned long gfn) +{ + if ( !paging_mode_translate(d) ) + /* Nothing to do in this case */ + return; + + p2m_put_gfn(p2m_get_hostp2m(d), _gfn(gfn)); +} /* The intent of the "unlocked" accessor is to have the caller not worry about * put_gfn. They apply to very specific situations: debug printk's, dumps diff --git a/xen/arch/x86/mm/hap/nested_hap.c b/xen/arch/x86/mm/hap/nested_hap.c index dbe5ad23a1..b19f657c27 100644 --- a/xen/arch/x86/mm/hap/nested_hap.c +++ b/xen/arch/x86/mm/hap/nested_hap.c @@ -149,7 +149,7 @@ static int nestedhap_walk_L0_p2m( direct_mmio_out: *L0_gpa = (mfn_x(mfn) << PAGE_SHIFT) + (L1_gpa & ~PAGE_MASK); out: - __put_gfn(p2m, L1_gpa >> PAGE_SHIFT); + p2m_put_gfn(p2m, gaddr_to_gfn(L1_gpa)); return rc; } diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 169f733d83..6b73a5b632 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -333,21 +333,13 @@ mfn_t p2m_get_gfn_type_access(struct p2m_domain *p2m, gfn_t gfn, return mfn; } -#endif /* CONFIG_HVM */ - -void __put_gfn(struct p2m_domain *p2m, unsigned long gfn) +void p2m_put_gfn(struct p2m_domain *p2m, gfn_t gfn) { - if ( !p2m || !paging_mode_translate(p2m->domain) ) - /* Nothing to do in this case */ - return; - - ASSERT(gfn_locked_by_me(p2m, gfn)); + ASSERT(gfn_locked_by_me(p2m, gfn_x(gfn))); - gfn_unlock(p2m, gfn, 0); + gfn_unlock(p2m, gfn_x(gfn), 0); } -#ifdef CONFIG_HVM - /* Atomically look up a GFN and take a reference count on the backing page. */ struct page_info *p2m_get_page_from_gfn( struct p2m_domain *p2m, gfn_t gfn, @@ -2222,10 +2214,10 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, if ( !ret ) ret = rc; - __put_gfn(p2m, gfn_x(gfn)); + p2m_put_gfn(p2m, gfn); } else - __put_gfn(p2m, gfn_x(gfn)); + p2m_put_gfn(p2m, gfn); } altp2m_list_unlock(d); @@ -2310,7 +2302,7 @@ void audit_p2m(struct domain *d, * blow away the m2p entry. */ set_gpfn_from_mfn(mfn, INVALID_M2P_ENTRY); } - __put_gfn(p2m, gfn); + p2m_put_gfn(p2m, _gfn(gfn)); P2M_PRINTK("OK: mfn=%#lx, gfn=%#lx, p2mfn=%#lx\n", mfn, gfn, mfn_x(p2mfn)); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 20:56:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 20:56:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302261.515866 (Exim 4.92) (envelope-from ) id 1ndI8I-0004o2-Cg; Sat, 09 Apr 2022 20:56:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302261.515866; Sat, 09 Apr 2022 20:56:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8I-0004nu-9m; Sat, 09 Apr 2022 20:56:34 +0000 Received: by outflank-mailman (input) for mailman id 302261; Sat, 09 Apr 2022 20:56:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8G-0004nd-T9 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8G-0005uK-SN for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndI8G-0002Hv-Rt for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6F9Y9qxkMBxY8RyK+7w4go+KVbY373/5p1mr4KIk3ek=; b=4RRY2qbR2XnT2vIccuk6q6suv6 7BMpk5XsiI0d2kfhfgr8xCp+lK7rPtESS7D/wECTXDSCjST3iWKLz1/MSZCc4vQItlnpXkpxdzdZr 0+osrN9otFImWzfh75BO/BlYjnVCUPUgXSQ6/4cTb6iWHuDPtaKkjLsN168y11HbMwNA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] shr_pages field is MEM_SHARING-only Message-Id: Date: Sat, 09 Apr 2022 20:56:32 +0000 commit 5ca3be305d2a970db1731f5651374d60abdd322f Author: Jan Beulich AuthorDate: Fri Apr 8 14:47:56 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:47:56 2022 +0200 shr_pages field is MEM_SHARING-only Conditionalize it and its uses accordingly. The main goal though is to demonstrate that x86's p2m_teardown() is now empty when !HVM, which in particular means the last remaining use of p2m_lock() in this cases goes away. Signed-off-by: Jan Beulich Reviewed-by: Tamas K Lengyel Reviewed-by: George Dunlap --- xen/arch/x86/mm/p2m-basic.c | 6 +++--- xen/common/domctl.c | 2 ++ xen/common/keyhandler.c | 13 ++++++++++--- xen/include/xen/sched.h | 4 ++++ 4 files changed, 19 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/mm/p2m-basic.c b/xen/arch/x86/mm/p2m-basic.c index be4a08b9cb..89ae041244 100644 --- a/xen/arch/x86/mm/p2m-basic.c +++ b/xen/arch/x86/mm/p2m-basic.c @@ -159,7 +159,6 @@ void p2m_teardown(struct p2m_domain *p2m) { #ifdef CONFIG_HVM struct page_info *pg; -#endif struct domain *d; if ( !p2m ) @@ -169,16 +168,17 @@ void p2m_teardown(struct p2m_domain *p2m) p2m_lock(p2m); +#ifdef CONFIG_MEM_SHARING ASSERT(atomic_read(&d->shr_pages) == 0); +#endif -#ifdef CONFIG_HVM p2m->phys_table = pagetable_null(); while ( (pg = page_list_remove_head(&p2m->pages)) ) d->arch.paging.free_page(d, pg); -#endif p2m_unlock(p2m); +#endif } void p2m_final_teardown(struct domain *d) diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 9606fa4f1a..540a03e075 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -109,7 +109,9 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info) info->tot_pages = domain_tot_pages(d); info->max_pages = d->max_pages; info->outstanding_pages = d->outstanding_pages; +#ifdef CONFIG_MEM_SHARING info->shr_pages = atomic_read(&d->shr_pages); +#endif info->paged_pages = atomic_read(&d->paged_pages); info->shared_info_frame = gfn_x(mfn_to_gfn(d, _mfn(virt_to_mfn(d->shared_info)))); diff --git a/xen/common/keyhandler.c b/xen/common/keyhandler.c index b6e22d8120..256b394057 100644 --- a/xen/common/keyhandler.c +++ b/xen/common/keyhandler.c @@ -277,9 +277,16 @@ static void cf_check dump_domains(unsigned char key) printk(" refcnt=%d dying=%d pause_count=%d\n", atomic_read(&d->refcnt), d->is_dying, atomic_read(&d->pause_count)); - printk(" nr_pages=%d xenheap_pages=%d shared_pages=%u paged_pages=%u " - "dirty_cpus={%*pbl} max_pages=%u\n", - domain_tot_pages(d), d->xenheap_pages, atomic_read(&d->shr_pages), + printk(" nr_pages=%u xenheap_pages=%u" +#ifdef CONFIG_MEM_SHARING + " shared_pages=%u" +#endif + " paged_pages=%u" + " dirty_cpus={%*pbl} max_pages=%u\n", + domain_tot_pages(d), d->xenheap_pages, +#ifdef CONFIG_MEM_SHARING + atomic_read(&d->shr_pages), +#endif atomic_read(&d->paged_pages), CPUMASK_PR(d->dirty_cpumask), d->max_pages); printk(" handle=%02x%02x%02x%02x-%02x%02x-%02x%02x-" diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 406d9bc610..18404b3c98 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -387,7 +387,11 @@ struct domain unsigned int outstanding_pages; /* pages claimed but not possessed */ unsigned int max_pages; /* maximum value for domain_tot_pages() */ unsigned int extra_pages; /* pages not included in domain_tot_pages() */ + +#ifdef CONFIG_MEM_SHARING atomic_t shr_pages; /* shared pages */ +#endif + atomic_t paged_pages; /* paged-out pages */ /* Scheduling. */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 20:56:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 20:56:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302262.515870 (Exim 4.92) (envelope-from ) id 1ndI8S-0004qx-E9; Sat, 09 Apr 2022 20:56:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302262.515870; Sat, 09 Apr 2022 20:56:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8S-0004qp-BH; Sat, 09 Apr 2022 20:56:44 +0000 Received: by outflank-mailman (input) for mailman id 302262; Sat, 09 Apr 2022 20:56:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8R-0004qf-09 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8Q-0005vt-Vh for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndI8Q-0002Id-Uw for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZOg9bUTKgym0P9wA9plYeUXbyQoW3cb/2py9vNK2R5Y=; b=JCiCIkatRsQbknsUZoIItAl0As CYDnNH6ndSySZ4eVzhW7FUt88EWO1U0EyU9yBK68KgPtzPnm/dPRKtKjSXk3OVvTA2kTvzLZKF3ad TlmmSywUxtC2UfBhs2P8lKvXbCzxJuhQKxaXGzdHLZ7J1+sU2Y6S+LSgNGBy96nl4I+Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] paged_pages field is MEM_PAGING-only Message-Id: Date: Sat, 09 Apr 2022 20:56:42 +0000 commit 512699aa5196d8e4a03af5969802f7bd2843ab03 Author: Jan Beulich AuthorDate: Fri Apr 8 14:48:45 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:48:45 2022 +0200 paged_pages field is MEM_PAGING-only Conditionalize it and its uses accordingly. Signed-off-by: Jan Beulich Reviewed-by: Tamas K Lengyel Reviewed-by: George Dunlap --- xen/arch/x86/mm/mem_sharing.c | 2 ++ xen/arch/x86/mm/p2m.c | 2 ++ xen/common/domctl.c | 2 ++ xen/common/keyhandler.c | 8 ++++++-- xen/include/xen/sched.h | 2 ++ 5 files changed, 14 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index 703b1c06dc..a5c16b4429 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -1213,6 +1213,7 @@ int add_to_physmap(struct domain *sd, unsigned long sgfn, shr_handle_t sh, } else { +#ifdef CONFIG_MEM_PAGING /* * There is a chance we're plugging a hole where a paged out * page was. @@ -1238,6 +1239,7 @@ int add_to_physmap(struct domain *sd, unsigned long sgfn, shr_handle_t sh, put_page(cpage); } } +#endif } atomic_inc(&nr_saved_mfns); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 6b73a5b632..fb9d10b820 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -691,11 +691,13 @@ p2m_add_page(struct domain *d, gfn_t gfn, mfn_t mfn, /* Count how man PoD entries we'll be replacing if successful */ pod_count++; } +#ifdef CONFIG_MEM_PAGING else if ( p2m_is_paging(ot) && (ot != p2m_ram_paging_out) ) { /* We're plugging a hole in the physmap where a paged out page was */ atomic_dec(&d->paged_pages); } +#endif } /* Then, look for m->p mappings for this range and deal with them */ diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 540a03e075..57135d4478 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -112,7 +112,9 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info) #ifdef CONFIG_MEM_SHARING info->shr_pages = atomic_read(&d->shr_pages); #endif +#ifdef CONFIG_MEM_PAGING info->paged_pages = atomic_read(&d->paged_pages); +#endif info->shared_info_frame = gfn_x(mfn_to_gfn(d, _mfn(virt_to_mfn(d->shared_info)))); BUG_ON(SHARED_M2P(info->shared_info_frame)); diff --git a/xen/common/keyhandler.c b/xen/common/keyhandler.c index 256b394057..ca9ee07901 100644 --- a/xen/common/keyhandler.c +++ b/xen/common/keyhandler.c @@ -281,14 +281,18 @@ static void cf_check dump_domains(unsigned char key) #ifdef CONFIG_MEM_SHARING " shared_pages=%u" #endif +#ifdef CONFIG_MEM_PAGING " paged_pages=%u" +#endif " dirty_cpus={%*pbl} max_pages=%u\n", domain_tot_pages(d), d->xenheap_pages, #ifdef CONFIG_MEM_SHARING atomic_read(&d->shr_pages), #endif - atomic_read(&d->paged_pages), CPUMASK_PR(d->dirty_cpumask), - d->max_pages); +#ifdef CONFIG_MEM_PAGING + atomic_read(&d->paged_pages), +#endif + CPUMASK_PR(d->dirty_cpumask), d->max_pages); printk(" handle=%02x%02x%02x%02x-%02x%02x-%02x%02x-" "%02x%02x-%02x%02x%02x%02x%02x%02x vm_assist=%08lx\n", d->handle[ 0], d->handle[ 1], d->handle[ 2], d->handle[ 3], diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 18404b3c98..ed8539f6d2 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -392,7 +392,9 @@ struct domain atomic_t shr_pages; /* shared pages */ #endif +#ifdef CONFIG_MEM_PAGING atomic_t paged_pages; /* paged-out pages */ +#endif /* Scheduling. */ void *sched_priv; /* scheduler-specific data */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 20:56:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 20:56:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302263.515874 (Exim 4.92) (envelope-from ) id 1ndI8c-0004tu-Fg; Sat, 09 Apr 2022 20:56:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302263.515874; Sat, 09 Apr 2022 20:56:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8c-0004tm-Cq; Sat, 09 Apr 2022 20:56:54 +0000 Received: by outflank-mailman (input) for mailman id 302263; Sat, 09 Apr 2022 20:56:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8b-0004ta-3C for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8b-0005w0-2S for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndI8b-0002JE-1q for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:56:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=T8XtsYMUgShI6Zd4akzDcPk+ugKkzKWvSk9W2VDcdPE=; b=lxSgUdR7WPcf+uavJm1w/EakR3 IY/xdD9HsqFx18mU2upckSV/11GqWZf6AmKuRpNacvia1PODP8ior8K9L3NgFnoO/4GYazNtd7v+E xcMMP2sxNyjuF+WDge/rLtR0XJrY0pMTHPeRKY/IjWpY7BC5Wj8h9ul7vgTr1GOCLVlg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/P2M: p2m.c is HVM-only Message-Id: Date: Sat, 09 Apr 2022 20:56:53 +0000 commit c479415610f0448bb07d39185e72ef36e08ebec0 Author: Jan Beulich AuthorDate: Fri Apr 8 14:50:29 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:50:29 2022 +0200 x86/P2M: p2m.c is HVM-only This only requires moving p2m_percpu_rwlock elsewhere (ultimately I think all P2M locking should go away as well when !HVM, but this looks to require further code juggling). The two other unguarded functions are already unneeded (by virtue of DCE) when !HVM. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/mm/Makefile | 2 +- xen/arch/x86/mm/p2m-basic.c | 2 ++ xen/arch/x86/mm/p2m.c | 10 ---------- 3 files changed, 3 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/Makefile b/xen/arch/x86/mm/Makefile index c6eca5ac82..0803ac9297 100644 --- a/xen/arch/x86/mm/Makefile +++ b/xen/arch/x86/mm/Makefile @@ -8,7 +8,7 @@ obj-$(CONFIG_MEM_ACCESS) += mem_access.o obj-$(CONFIG_MEM_PAGING) += mem_paging.o obj-$(CONFIG_MEM_SHARING) += mem_sharing.o obj-$(CONFIG_HVM) += nested.o -obj-y += p2m.o +obj-$(CONFIG_HVM) += p2m.o obj-y += p2m-basic.o obj-$(CONFIG_HVM) += p2m-ept.o p2m-pod.o p2m-pt.o obj-y += paging.o diff --git a/xen/arch/x86/mm/p2m-basic.c b/xen/arch/x86/mm/p2m-basic.c index 89ae041244..dcf94dbc7f 100644 --- a/xen/arch/x86/mm/p2m-basic.c +++ b/xen/arch/x86/mm/p2m-basic.c @@ -28,6 +28,8 @@ #include "mm-locks.h" #include "p2m.h" +DEFINE_PERCPU_RWLOCK_GLOBAL(p2m_percpu_rwlock); + /* Init the datastructures for later use by the p2m code */ static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) { diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index fb9d10b820..493702ce9b 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -53,10 +53,6 @@ bool_t __initdata opt_hap_1gb = 1, __initdata opt_hap_2mb = 1; boolean_param("hap_1gb", opt_hap_1gb); boolean_param("hap_2mb", opt_hap_2mb); -DEFINE_PERCPU_RWLOCK_GLOBAL(p2m_percpu_rwlock); - -#ifdef CONFIG_HVM - int p2m_init_logdirty(struct p2m_domain *p2m) { if ( p2m->logdirty_ranges ) @@ -258,8 +254,6 @@ void p2m_flush_hardware_cached_dirty(struct domain *d) } } -#endif /* CONFIG_HVM */ - /* * Force a synchronous P2M TLB flush if a deferred flush is pending. * @@ -286,8 +280,6 @@ void p2m_unlock_and_tlb_flush(struct p2m_domain *p2m) mm_write_unlock(&p2m->lock); } -#ifdef CONFIG_HVM - mfn_t p2m_get_gfn_type_access(struct p2m_domain *p2m, gfn_t gfn, p2m_type_t *t, p2m_access_t *a, p2m_query_t q, unsigned int *page_order, bool_t locked) @@ -2718,8 +2710,6 @@ int p2m_set_altp2m_view_visibility(struct domain *d, unsigned int altp2m_idx, return rc; } -#endif /* CONFIG_HVM */ - /* * Local variables: * mode: C -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 20:57:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 20:57:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302264.515878 (Exim 4.92) (envelope-from ) id 1ndI8m-0004xC-Hp; Sat, 09 Apr 2022 20:57:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302264.515878; Sat, 09 Apr 2022 20:57:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8m-0004x4-EJ; Sat, 09 Apr 2022 20:57:04 +0000 Received: by outflank-mailman (input) for mailman id 302264; Sat, 09 Apr 2022 20:57:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8l-0004wq-6k for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:57:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8l-0005wL-5t for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:57:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndI8l-0002K4-5F for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:57:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vdIvMxDyw2/PsvAPLRv0ZVUpkEd0ypItViLKdfCSNvY=; b=Myv2imDz+pfTVKngS8/zTepqf5 oIBLFCGd1JB1xTpbPAVrGVFEA8Dh1JjZBv2Q8t2Ulw6HXNNkBxI/FIPASoTcq7IOHT915Im2IxLSo yO3WgWNgBUDTvBHlj/qJuT6dkzO1/WvVSrQpjXHT+IHuQKv21XN4rhHIno9icDBkq5CI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/P2M: the majority for struct p2m_domain's fields are HVM-only Message-Id: Date: Sat, 09 Apr 2022 20:57:03 +0000 commit 347d36c2ec2b6f78cd1023f30b8426f2b1444ecc Author: Jan Beulich AuthorDate: Fri Apr 8 14:51:06 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:51:06 2022 +0200 x86/P2M: the majority for struct p2m_domain's fields are HVM-only ..., as are the majority of the locks involved. Conditionalize things accordingly. Also adjust the ioreq field's indentation at this occasion. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: George Dunlap --- xen/arch/x86/include/asm/p2m.h | 58 +++++++++++++++++++++++-------------- xen/arch/x86/mm.c | 3 ++ xen/arch/x86/mm/mm-locks.h | 4 +++ xen/arch/x86/mm/p2m-basic.c | 7 ++--- xen/arch/x86/mm/p2m.c | 2 ++ xen/drivers/passthrough/x86/iommu.c | 2 +- 6 files changed, 49 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index cd5cd1c3a3..6f14e7b46d 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -205,8 +205,10 @@ typedef enum { /* Per-p2m-table state */ struct p2m_domain { +#ifdef CONFIG_HVM /* Lock that protects updates to the p2m */ mm_rwlock_t lock; +#endif /* * Same as a domain's dirty_cpumask but limited to @@ -226,13 +228,14 @@ struct p2m_domain { */ p2m_access_t default_access; +#ifdef CONFIG_HVM + /* Host p2m: Log-dirty ranges registered for the domain. */ struct rangeset *logdirty_ranges; /* Host p2m: Global log-dirty mode enabled for the domain. */ bool global_logdirty; -#ifdef CONFIG_HVM /* Translated domain: p2m mapping */ pagetable_t phys_table; @@ -275,7 +278,6 @@ struct p2m_domain { unsigned int level); void (*write_p2m_entry_post)(struct p2m_domain *p2m, unsigned int oflags); -#endif #if P2M_AUDIT long (*audit_p2m)(struct p2m_domain *p2m); #endif @@ -310,7 +312,6 @@ struct p2m_domain { unsigned long min_remapped_gfn; unsigned long max_remapped_gfn; -#ifdef CONFIG_HVM /* Populate-on-demand variables * All variables are protected with the pod lock. We cannot rely on * the p2m lock if it's turned into a fine-grained lock. @@ -367,27 +368,27 @@ struct p2m_domain { * threaded on in LRU order. */ struct list_head np2m_list; -#endif union { struct ept_data ept; /* NPT-equivalent structure could be added here. */ }; - struct { - spinlock_t lock; - /* - * ioreq server who's responsible for the emulation of - * gfns with specific p2m type(for now, p2m_ioreq_server). - */ - struct ioreq_server *server; - /* - * flags specifies whether read, write or both operations - * are to be emulated by an ioreq server. - */ - unsigned int flags; - unsigned long entry_count; - } ioreq; + struct { + spinlock_t lock; + /* + * ioreq server who's responsible for the emulation of + * gfns with specific p2m type(for now, p2m_ioreq_server). + */ + struct ioreq_server *server; + /* + * flags specifies whether read, write or both operations + * are to be emulated by an ioreq server. + */ + unsigned int flags; + unsigned long entry_count; + } ioreq; +#endif /* CONFIG_HVM */ }; /* get host p2m table */ @@ -651,6 +652,15 @@ int p2m_finish_type_change(struct domain *d, gfn_t first_gfn, unsigned long max_nr); +static inline bool p2m_is_global_logdirty(const struct domain *d) +{ +#ifdef CONFIG_HVM + return p2m_get_hostp2m(d)->global_logdirty; +#else + return false; +#endif +} + int p2m_is_logdirty_range(struct p2m_domain *, unsigned long start, unsigned long end); @@ -792,6 +802,8 @@ extern void audit_p2m(struct domain *d, #define P2M_DEBUG(f, a...) do { (void)(f); } while(0) #endif +#ifdef CONFIG_HVM + /* * Functions specific to the p2m-pt implementation */ @@ -852,7 +864,7 @@ void cf_check nestedp2m_write_p2m_entry_post( /* * Alternate p2m: shadow p2m tables used for alternate memory views */ -#ifdef CONFIG_HVM + /* get current alternate p2m table */ static inline struct p2m_domain *p2m_get_altp2m(struct vcpu *v) { @@ -905,10 +917,10 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, /* Set a specific p2m view visibility */ int p2m_set_altp2m_view_visibility(struct domain *d, unsigned int idx, uint8_t visible); -#else +#else /* !CONFIG_HVM */ struct p2m_domain *p2m_get_altp2m(struct vcpu *v); static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) {} -#endif +#endif /* CONFIG_HVM */ /* p2m access to IOMMU flags */ static inline unsigned int p2m_access_to_iommu_flags(p2m_access_t p2ma) @@ -972,6 +984,8 @@ static inline unsigned int p2m_get_iommu_flags(p2m_type_t p2mt, return flags; } +#ifdef CONFIG_HVM + int p2m_set_ioreq_server(struct domain *d, unsigned int flags, struct ioreq_server *s); struct ioreq_server *p2m_get_ioreq_server(struct domain *d, @@ -1036,6 +1050,8 @@ static inline int p2m_entry_modify(struct p2m_domain *p2m, p2m_type_t nt, return 0; } +#endif /* CONFIG_HVM */ + #endif /* _XEN_ASM_X86_P2M_H */ /* diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index e90789085b..c271e383b5 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -480,8 +480,11 @@ unsigned int page_get_ram_type(mfn_t mfn) unsigned long domain_get_maximum_gpfn(struct domain *d) { +#ifdef CONFIG_HVM if ( is_hvm_domain(d) ) return p2m_get_hostp2m(d)->max_mapped_pfn; +#endif + /* NB. PV guests specify nr_pfns rather than max_pfn so we adjust here. */ return (arch_get_max_pfn(d) ?: 1) - 1; } diff --git a/xen/arch/x86/mm/mm-locks.h b/xen/arch/x86/mm/mm-locks.h index 831e56d281..c1523aeccf 100644 --- a/xen/arch/x86/mm/mm-locks.h +++ b/xen/arch/x86/mm/mm-locks.h @@ -237,6 +237,8 @@ static inline void mm_enforce_order_unlock(int unlock_level, * * ************************************************************************/ +#ifdef CONFIG_HVM + /* Nested P2M lock (per-domain) * * A per-domain lock that protects the mapping from nested-CR3 to @@ -354,6 +356,8 @@ declare_mm_lock(pod) #define pod_unlock(p) mm_unlock(&(p)->pod.lock) #define pod_locked_by_me(p) mm_locked_by_me(&(p)->pod.lock) +#endif /* CONFIG_HVM */ + /* Page alloc lock (per-domain) * * This is an external lock, not represented by an mm_lock_t. However, diff --git a/xen/arch/x86/mm/p2m-basic.c b/xen/arch/x86/mm/p2m-basic.c index dcf94dbc7f..9130fc2a70 100644 --- a/xen/arch/x86/mm/p2m-basic.c +++ b/xen/arch/x86/mm/p2m-basic.c @@ -28,16 +28,15 @@ #include "mm-locks.h" #include "p2m.h" -DEFINE_PERCPU_RWLOCK_GLOBAL(p2m_percpu_rwlock); - /* Init the datastructures for later use by the p2m code */ static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) { int ret = 0; - mm_rwlock_init(&p2m->lock); #ifdef CONFIG_HVM + mm_rwlock_init(&p2m->lock); INIT_PAGE_LIST_HEAD(&p2m->pages); + spin_lock_init(&p2m->ioreq.lock); #endif p2m->domain = d; @@ -55,8 +54,6 @@ static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) else p2m_pt_init(p2m); - spin_lock_init(&p2m->ioreq.lock); - return ret; } diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 493702ce9b..a2446f0c41 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -48,6 +48,8 @@ #undef virt_to_mfn #define virt_to_mfn(v) _mfn(__virt_to_mfn(v)) +DEFINE_PERCPU_RWLOCK_GLOBAL(p2m_percpu_rwlock); + /* Turn on/off host superpage page table support for hap, default on. */ bool_t __initdata opt_hap_1gb = 1, __initdata opt_hap_2mb = 1; boolean_param("hap_1gb", opt_hap_1gb); diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 209aeb8c2f..d5bf4d3241 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -518,7 +518,7 @@ bool arch_iommu_use_permitted(const struct domain *d) return d == dom_io || (likely(!mem_sharing_enabled(d)) && likely(!mem_paging_enabled(d)) && - likely(!p2m_get_hostp2m(d)->global_logdirty)); + likely(!p2m_is_global_logdirty(d))); } static int __init cf_check adjust_irq_affinities(void) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 20:57:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 20:57:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302265.515881 (Exim 4.92) (envelope-from ) id 1ndI8w-00050Z-KR; Sat, 09 Apr 2022 20:57:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302265.515881; Sat, 09 Apr 2022 20:57:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8w-00050R-HJ; Sat, 09 Apr 2022 20:57:14 +0000 Received: by outflank-mailman (input) for mailman id 302265; Sat, 09 Apr 2022 20:57:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8v-00050E-9u for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:57:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndI8v-0005wv-91 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:57:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndI8v-0002LU-8A for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 20:57:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=D63PKr3Y8ZZy60uTKxvQi9sINb3TcgryZgpkLdNHbB0=; b=OfnmD73CSTdrF9plpBJatjd3MD 9zlFMcsUL9pgm2GpU1tXhuhCYUP8bjFnrrB7V+nbEtDjrjgN72wOYKnuRMlQxRC6PbMhqYL4c+FlI m1pChOEM3KNoQQPiAgdsxAyhk07TULfnGOirADvVPsdLmWuB4w4qZ11D4kOPuE5x400Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/irq: skip unmap_domain_pirq XSM during destruction Message-Id: Date: Sat, 09 Apr 2022 20:57:13 +0000 commit 2e6f95a942d1927a53f077c301db0b799c54c05a Author: Jason Andryuk AuthorDate: Fri Apr 8 14:51:52 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:51:52 2022 +0200 x86/irq: skip unmap_domain_pirq XSM during destruction xsm_unmap_domain_irq was seen denying unmap_domain_pirq when called from complete_domain_destroy as an RCU callback. The source context was an unexpected, random domain. Since this is a xen-internal operation, going through the XSM hook is inapproriate. Check d->is_dying and skip the XSM hook when set since this is a cleanup operation for a domain being destroyed. Suggested-by: Roger Pau MonnĂ© Signed-off-by: Jason Andryuk Reviewed-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/irq.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 285ac399fb..de30ee7779 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -2340,8 +2340,14 @@ int unmap_domain_pirq(struct domain *d, int pirq) nr = msi_desc->msi.nvec; } - ret = xsm_unmap_domain_irq(XSM_HOOK, d, irq, - msi_desc ? msi_desc->dev : NULL); + /* + * When called by complete_domain_destroy via RCU, current is a random + * domain. Skip the XSM check since this is a Xen-initiated action. + */ + if ( !d->is_dying ) + ret = xsm_unmap_domain_irq(XSM_HOOK, d, irq, + msi_desc ? msi_desc->dev : NULL); + if ( ret ) goto done; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 23:22:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 23:22:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302296.515922 (Exim 4.92) (envelope-from ) id 1ndKP4-0007CE-RD; Sat, 09 Apr 2022 23:22:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302296.515922; Sat, 09 Apr 2022 23:22:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKP4-0007C6-OP; Sat, 09 Apr 2022 23:22:02 +0000 Received: by outflank-mailman (input) for mailman id 302296; Sat, 09 Apr 2022 23:22:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKP3-0007C0-Pn for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKP3-0008UX-Mf for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndKP3-0003SC-La for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+7MV77pMr1t10iJz2t4LGlZgK3BsnIIHg15F/V/nTzg=; b=1JECxbZkTiQAOeK42cgmMtXtRw k2d9hg50zYmOU06M7W3uqrkWKF1BvCb+AkkQ7EvUy8YYbFMXmfrINtrNAtg9jIqzKjhP+4AIgJYIu IDhBey0MSP2QllASCXYscQ3L94anAD/yQTBYM1W3PWNXp2Ywzti+lB28D4n6zhvkNJV4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] VT-d: don't needlessly look up DID Message-Id: Date: Sat, 09 Apr 2022 23:22:01 +0000 commit ab6f4a11629bd06b860c036f8ec604f7cd9fba68 Author: Jan Beulich AuthorDate: Fri Apr 8 14:55:55 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:55:55 2022 +0200 VT-d: don't needlessly look up DID If get_iommu_domid() in domain_context_unmap_one() fails, we better wouldn't clear the context entry in the first place, as we're then unable to issue the corresponding flush. However, we have no need to look up the DID in the first place: What needs flushing is very specifically the DID that was in the context entry before our clearing of it. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 445ab9852d69d8957467f0036098ebec75fec092 master date: 2022-04-07 12:29:03 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 22242ab208..bdb7489d73 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1828,18 +1828,12 @@ int domain_context_unmap_one( return 0; } + iommu_domid = context_domain_id(*context); + context_clear_present(*context); context_clear_entry(*context); iommu_sync_cache(context, sizeof(struct context_entry)); - iommu_domid = get_iommu_did(domid, iommu, !domain->is_dying); - if ( iommu_domid == -1 ) - { - spin_unlock(&iommu->lock); - unmap_vtd_domain_page(context_entries); - return -EINVAL; - } - rc = iommu_flush_context_device(iommu, iommu_domid, PCI_BDF2(bus, devfn), DMA_CCMD_MASK_NOBIT, 0); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 23:22:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 23:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302297.515926 (Exim 4.92) (envelope-from ) id 1ndKPE-0007Dt-Sq; Sat, 09 Apr 2022 23:22:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302297.515926; Sat, 09 Apr 2022 23:22:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPE-0007Dm-Pw; Sat, 09 Apr 2022 23:22:12 +0000 Received: by outflank-mailman (input) for mailman id 302297; Sat, 09 Apr 2022 23:22:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPD-0007De-Qy for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPD-0008Uu-Q2 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndKPD-0003Sq-P6 for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZgrugmVoRm/h6rRblwfkC/hj3ZCPJTb/V0j4knKnzxY=; b=g3EF8rrqup+IcEkZVBrQpcxwON r+lJNaaL7Fjg1qjWgW5Nv4TNvxHfTahZE1TqKpyEwtuqaGlRih13S649LIxeTKTSl4xY68Q6fqJ7k rHZr8bU68Quwi+n4hOB2UPlR2Ty7bojrgFAxN5NbUEytK0H7LaHnMZq/7WUN/0D1EFdw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] VT-d: avoid NULL deref on domain_context_mapping_one() error paths Message-Id: Date: Sat, 09 Apr 2022 23:22:11 +0000 commit 0497023ae57649a23cde211dd022522724f993b6 Author: Jan Beulich AuthorDate: Fri Apr 8 14:56:54 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:56:54 2022 +0200 VT-d: avoid NULL deref on domain_context_mapping_one() error paths First there's a printk() which actually wrongly uses pdev in the first place: We want to log the coordinates of the (perhaps fake) device acted upon, which may not be pdev. Then it was quite pointless for eb19326a328d ("VT-d: prepare for per- device quarantine page tables (part I)") to add a domid_t parameter to domain_context_unmap_one(): It's only used to pass back here via me_wifi_quirk() -> map_me_phantom_function(). Drop the parameter again. Finally there's the invocation of domain_context_mapping_one(), which needs to be passed the correct domain ID. Avoid taking that path when pdev is NULL and the quarantine state is what would need restoring to. This means we can't security-support non-PCI-Express devices with RMRRs (if such exist in practice) any longer; note that as of trhe 1st of the two commits referenced below assigning them to DomU-s is unsupported anyway. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Fixes: 14dd241aad8a ("IOMMU/x86: use per-device page tables for quarantining") Coverity ID: 1503784 Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 608394b906e71587f02e6662597bc985bad33a5a master date: 2022-04-07 12:30:19 +0200 --- xen/drivers/passthrough/vtd/extern.h | 2 +- xen/drivers/passthrough/vtd/iommu.c | 34 +++++++++++++++++++--------------- xen/drivers/passthrough/vtd/quirks.c | 2 +- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 2f79b22a74..01e010a10d 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -88,7 +88,7 @@ int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, const struct pci_dev *pdev, domid_t domid, paddr_t pgd_maddr, unsigned int mode); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid); + uint8_t bus, uint8_t devfn); int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index bdb7489d73..a66e527ae8 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1531,7 +1531,7 @@ int domain_context_mapping_one( check_cleanup_domid_map(domain, pdev, iommu); printk(XENLOG_ERR "%pp: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), + &PCI_SBDF3(seg, bus, devfn), (uint64_t)(res >> 64), (uint64_t)res, (uint64_t)(old >> 64), (uint64_t)old); rc = -EILSEQ; @@ -1599,9 +1599,14 @@ int domain_context_mapping_one( if ( rc ) { - if ( !prev_dom ) - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + if ( !prev_dom || + /* + * Unmapping here means DEV_TYPE_PCI devices with RMRRs (if such + * exist) would cause problems if such a region was actually + * accessed. + */ + (prev_dom == dom_io && !pdev) ) + ret = domain_context_unmap_one(domain, iommu, bus, devfn); else if ( prev_dom != domain ) /* Avoid infinite recursion. */ ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), @@ -1742,7 +1747,9 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, * Strictly speaking if the device is the only one behind this bridge * and the only one with this (secbus,0,0) tuple, it could be allowed * to be re-assigned regardless of RMRR presence. But let's deal with - * that case only if it is actually found in the wild. + * that case only if it is actually found in the wild. Note that + * dealing with this just here would still not render the operation + * secure. */ else if ( prev_present && (mode & MAP_WITH_RMRR) && domain != pdev->domain ) @@ -1807,7 +1814,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, int domain_context_unmap_one( struct domain *domain, struct vtd_iommu *iommu, - uint8_t bus, uint8_t devfn, domid_t domid) + uint8_t bus, uint8_t devfn) { struct context_entry *context, *context_entries; u64 maddr; @@ -1859,7 +1866,8 @@ int domain_context_unmap_one( unmap_vtd_domain_page(context_entries); if ( !iommu->drhd->segment && !rc ) - rc = me_wifi_quirk(domain, bus, devfn, domid, 0, UNMAP_ME_PHANTOM_FUNC); + rc = me_wifi_quirk(domain, bus, devfn, DOMID_INVALID, 0, + UNMAP_ME_PHANTOM_FUNC); if ( rc && !is_hardware_domain(domain) && domain != dom_io ) { @@ -1908,8 +1916,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1922,8 +1929,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", domain, &PCI_SBDF3(seg, bus, devfn)); - ret = domain_context_unmap_one(domain, iommu, bus, devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( ret ) break; @@ -1946,12 +1952,10 @@ static const struct acpi_drhd_unit *domain_context_unmap( break; } - ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, tmp_bus, tmp_devfn); /* PCIe to PCI/PCIx bridge */ if ( !ret && pdev_type(seg, tmp_bus, tmp_devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - ret = domain_context_unmap_one(domain, iommu, secbus, 0, - DEVICE_DOMID(domain, pdev)); + ret = domain_context_unmap_one(domain, iommu, secbus, 0); break; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index a1a164222c..7b8d0f4c63 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -427,7 +427,7 @@ static int __must_check map_me_phantom_function(struct domain *domain, domid, pgd_maddr, mode); else rc = domain_context_unmap_one(domain, drhd->iommu, 0, - PCI_DEVFN(dev, 7), domid); + PCI_DEVFN(dev, 7)); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 23:22:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 23:22:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302298.515930 (Exim 4.92) (envelope-from ) id 1ndKPO-0007H2-UQ; Sat, 09 Apr 2022 23:22:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302298.515930; Sat, 09 Apr 2022 23:22:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPO-0007Gs-RV; Sat, 09 Apr 2022 23:22:22 +0000 Received: by outflank-mailman (input) for mailman id 302298; Sat, 09 Apr 2022 23:22:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPN-0007GX-UG for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPN-0008VR-TU for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndKPN-0003Uw-SQ for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=B1uh+/cvhuT5uNP4R73ICPf/ZdHsQhc/5G+DZ8ErfdA=; b=ZTHwpf1fbA+5rycl3RyFaSltNQ PSVdVZis2yN0TdcxMWSbD86RSphqfLekR0C+lAWChLXCA2zF7qnKsfFb+TzxMCsUsTomDFR62RYTa nm1Xqamq/EbHTZlXMXWCmklKKSeeaz9R7S19R8tNtXKeVEPUAUYPJmnFKb2syS4wuZho=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] VT-d: avoid infinite recursion on domain_context_mapping_one() error path Message-Id: Date: Sat, 09 Apr 2022 23:22:21 +0000 commit eedc5acfb32ec35c38e9b5fcaa3d28d8b0971855 Author: Jan Beulich AuthorDate: Fri Apr 8 14:57:25 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:57:25 2022 +0200 VT-d: avoid infinite recursion on domain_context_mapping_one() error path Despite the comment there infinite recursion was still possible, by flip-flopping between two domains. This is because prev_dom is derived from the DID found in the context entry, which was already updated by the time error recovery is invoked. Simply introduce yet another mode flag to prevent rolling back an in-progress roll-back of a prior mapping attempt. Also drop the existing recursion prevention for having been dead anyway: Earlier in the function we already bail when prev_dom == domain. Fixes: 8f41e481b485 ("VT-d: re-assign devices directly") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: 99d829dba1390b98a3ca07b365713e62182ee7ca master date: 2022-04-07 12:31:16 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 9 ++++----- xen/drivers/passthrough/vtd/vtd.h | 3 ++- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index a66e527ae8..93dd8aa643 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1597,7 +1597,7 @@ int domain_context_mapping_one( if ( !seg && !rc ) rc = me_wifi_quirk(domain, bus, devfn, domid, pgd_maddr, mode); - if ( rc ) + if ( rc && !(mode & MAP_ERROR_RECOVERY) ) { if ( !prev_dom || /* @@ -1607,13 +1607,12 @@ int domain_context_mapping_one( */ (prev_dom == dom_io && !pdev) ) ret = domain_context_unmap_one(domain, iommu, bus, devfn); - else if ( prev_dom != domain ) /* Avoid infinite recursion. */ + else ret = domain_context_mapping_one(prev_dom, iommu, bus, devfn, pdev, DEVICE_DOMID(prev_dom, pdev), DEVICE_PGTABLE(prev_dom, pdev), - mode & MAP_WITH_RMRR) < 0; - else - ret = 1; + (mode & MAP_WITH_RMRR) | + MAP_ERROR_RECOVERY) < 0; if ( !ret && pdev && pdev->devfn == devfn ) check_cleanup_domid_map(domain, pdev, iommu); diff --git a/xen/drivers/passthrough/vtd/vtd.h b/xen/drivers/passthrough/vtd/vtd.h index e4ab242fee..cb2df76eed 100644 --- a/xen/drivers/passthrough/vtd/vtd.h +++ b/xen/drivers/passthrough/vtd/vtd.h @@ -29,7 +29,8 @@ #define MAP_WITH_RMRR (1u << 0) #define MAP_OWNER_DYING (1u << 1) #define MAP_SINGLE_DEVICE (1u << 2) -#define UNMAP_ME_PHANTOM_FUNC (1u << 3) +#define MAP_ERROR_RECOVERY (1u << 3) +#define UNMAP_ME_PHANTOM_FUNC (1u << 4) /* Allow for both IOAPIC and IOSAPIC. */ #define IO_xAPIC_route_entry IO_APIC_route_entry -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 23:22:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 23:22:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302299.515934 (Exim 4.92) (envelope-from ) id 1ndKPY-0007K0-Vt; Sat, 09 Apr 2022 23:22:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302299.515934; Sat, 09 Apr 2022 23:22:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPY-0007Js-T4; Sat, 09 Apr 2022 23:22:32 +0000 Received: by outflank-mailman (input) for mailman id 302299; Sat, 09 Apr 2022 23:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPY-0007Jb-2Q for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPY-0008Vc-1a for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndKPX-0003Vh-Vh for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O3AtNL6JffPirRqL8oJAIc083kaZ3ZC4srFM8XDGj9Q=; b=U7aZCUfAtow6sHn7opPVlKbYUC XDT774q31cdyeFDueMN6dwB9bmrhU+JlRp5JLUodGtykASJcWKL5ZDt/fdZaDsXZJKHJ5Sg9AvIWD zEcLgNNTKjvJn9RvSzOIgvmKm5FJhJV92zrjLjsIzM35nMaTCAbDBXVIoq4ToGskfAzA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies Message-Id: Date: Sat, 09 Apr 2022 23:22:31 +0000 commit 5a4935bff50d51cf26a4ae2a1c08663e853e47dc Author: Andrew Cooper AuthorDate: Fri Apr 8 14:57:54 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:57:54 2022 +0200 x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies c/s 1a914256dca5 increased the AMD max leaf from 0x8000001c to 0x80000021, but did not adjust anything in the calculate_*_policy() chain. As a result, on hardware supporting these leaves, we read the real hardware values into the raw policy, then copy into host, and all the way into the PV/HVM default policies. All 4 of these leaves have enable bits (first two by TopoExt, next by SEV, next by PQOS), so any software following the rules is fine and will leave them alone. However, leaf 0x8000001d takes a subleaf input and at least two userspace utilities have been observed to loop indefinitely under Xen (clearly waiting for eax to report "no more cache levels"). Such userspace is buggy, but Xen's behaviour isn't great either. In the short term, clobber all information in these leaves. This is a giant bodge, but there are complexities with implementing all of these leaves properly. Fixes: 1a914256dca5 ("x86/cpuid: support LFENCE always serialising CPUID bit") Link: https://github.com/QubesOS/qubes-issues/issues/7392 Reported-by: fosslinux Reported-by: Marek Marczykowski-GĂ³recki Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: d4012d50082c2eae2f3cbe7770be13b9227fbc3f master date: 2022-04-07 11:36:45 +0100 --- xen/arch/x86/cpuid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index c7f07ef7a6..ff335f1639 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -291,8 +291,15 @@ static void recalculate_misc(struct cpuid_policy *p) zero_leaves(p->extd.raw, 0xb, 0x18); + /* 0x19 - TLB details. Pass through. */ + /* 0x1a - Perf hints. Pass through. */ + p->extd.raw[0x1b] = EMPTY_LEAF; /* IBS - not supported. */ p->extd.raw[0x1c] = EMPTY_LEAF; /* LWP - not supported. */ + p->extd.raw[0x1d] = EMPTY_LEAF; /* TopoExt Cache */ + p->extd.raw[0x1e] = EMPTY_LEAF; /* TopoExt APIC ID/Core/Node */ + p->extd.raw[0x1f] = EMPTY_LEAF; /* SEV */ + p->extd.raw[0x20] = EMPTY_LEAF; /* Platform QoS */ break; } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 23:22:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 23:22:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302300.515938 (Exim 4.92) (envelope-from ) id 1ndKPj-0007N3-1D; Sat, 09 Apr 2022 23:22:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302300.515938; Sat, 09 Apr 2022 23:22:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPi-0007Mv-UX; Sat, 09 Apr 2022 23:22:42 +0000 Received: by outflank-mailman (input) for mailman id 302300; Sat, 09 Apr 2022 23:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPi-0007Mm-5T for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPi-0008Vm-4c for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndKPi-0003WG-3l for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tgh515geBWfgiFMbKXtRseDJCU8t/SeP0ZnjrqAyurI=; b=OPUahotf1d5NeCidiWwyiml13u UJ3k3T+z1C7QVGnPTbLUeAQIXQkJwEnyvVPWYUILgHdK8GCGhoZMeoQ1T8PH/7N4bg8Us91vaWXDq 1JD6vAy+PwxCi2eUmTNYe6uv+qYbFMmAq9AeKEYfdyxe/wjn76aXUazsawIL/VgmKR8Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] vPCI: fix MSI-X PBA read/write gprintk()s Message-Id: Date: Sat, 09 Apr 2022 23:22:42 +0000 commit 44aae670cc28e0533cd893da408878c80a579876 Author: Jan Beulich AuthorDate: Fri Apr 8 14:58:25 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:58:25 2022 +0200 vPCI: fix MSI-X PBA read/write gprintk()s %pp wants the address of an SBDF, not that of a PCI device. Fixes: b4f211606011 ("vpci/msix: fix PBA accesses") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© master commit: d3f61beea4255e2d86ae82303384c57a3262435e master date: 2022-04-07 18:01:24 +0200 --- xen/drivers/vpci/msix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index ac5de98f6d..ea5d73a02a 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -247,7 +247,7 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, { gprintk(XENLOG_WARNING, "%pp: unable to map MSI-X PBA, report all pending\n", - msix->pdev); + &msix->pdev->sbdf); return X86EMUL_OKAY; } @@ -331,7 +331,7 @@ static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, /* Unable to map the PBA, ignore write. */ gprintk(XENLOG_WARNING, "%pp: unable to map MSI-X PBA, write ignored\n", - msix->pdev); + &msix->pdev->sbdf); return X86EMUL_OKAY; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 23:22:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 23:22:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302301.515942 (Exim 4.92) (envelope-from ) id 1ndKPt-0007Qn-4P; Sat, 09 Apr 2022 23:22:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302301.515942; Sat, 09 Apr 2022 23:22:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPt-0007Qf-1K; Sat, 09 Apr 2022 23:22:53 +0000 Received: by outflank-mailman (input) for mailman id 302301; Sat, 09 Apr 2022 23:22:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPs-0007QY-8H for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKPs-0008Vw-7V for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndKPs-0003Wl-6r for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:22:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VTrKPqgGyGK/5C0+pOrqJa8ks/IB5tRJToe6ciQ35xY=; b=6u1E9dvw1Ocz55a9CKAv0gsmpP mydtF9TPX09E6CAf4Taxqbl/JMz6WKbNLkzQHE531T1l40lyGu1Qnay4Ci9uioF4goxGh16rFuf9J Ht2LD3bb3N8syi3PeeB+aCFIEIPdo1SYwjlCFNl0G5zIYGyJJzz41+Flwy35gvTsq+PY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] livepatch: do not ignore sections with 0 size Message-Id: Date: Sat, 09 Apr 2022 23:22:52 +0000 commit 46d80ba371b20a5201b7168a4fee924ba3f80303 Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 14:58:57 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:58:57 2022 +0200 livepatch: do not ignore sections with 0 size A side effect of ignoring such sections is that symbols belonging to them won't be resolved, and that could make relocations belonging to other sections that reference those symbols fail. For example it's likely to have an empty .altinstr_replacement with symbols pointing to it, and marking the section as ignored will prevent the symbols from being resolved, which in turn will cause any relocations against them to fail. In order to solve this do not ignore sections with 0 size, only ignore sections that don't have the SHF_ALLOC flag set. Special case such empty sections in move_payload so they are not taken into account in order to decide whether a livepatch can be safely re-applied after a revert. Fixes: 98b728a7b2 ('livepatch: Disallow applying after an revert') Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Ross Lagerwall master commit: 0dc1f929e8fed681dec09ca3ea8de38202d5bf30 master date: 2022-04-08 10:24:10 +0200 --- xen/common/livepatch.c | 16 +++++++++++----- xen/include/xen/livepatch_elf.h | 2 +- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 329b01c1e8..65c7e37c4f 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -301,9 +301,6 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) * and .shstrtab. For the non-relocate we allocate and copy these * via other means - and the .rel we can ignore as we only use it * once during loading. - * - * Also ignore sections with zero size. Those can be for example: - * data, or .bss. */ if ( livepatch_elf_ignore_section(elf->sec[i].sec) ) offset[i] = UINT_MAX; @@ -362,8 +359,17 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) else if ( elf->sec[i].sec->sh_flags & SHF_WRITE ) { buf = rw_buf; - rw_buf_sec = i; - rw_buf_cnt++; + if ( elf->sec[i].sec->sh_size ) + { + /* + * Special handling of RW empty regions: do not account for + * them in order to decide whether a patch can safely be + * re-applied, but assign them a load address so symbol + * resolution and relocations work. + */ + rw_buf_sec = i; + rw_buf_cnt++; + } } else buf = ro_buf; diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 9ad499ee8b..5b1ec469da 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -48,7 +48,7 @@ int livepatch_elf_perform_relocs(struct livepatch_elf *elf); static inline bool livepatch_elf_ignore_section(const Elf_Shdr *sec) { - return !(sec->sh_flags & SHF_ALLOC) || sec->sh_size == 0; + return !(sec->sh_flags & SHF_ALLOC); } #endif /* __XEN_LIVEPATCH_ELF_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Apr 09 23:23:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Apr 2022 23:23:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302302.515946 (Exim 4.92) (envelope-from ) id 1ndKQ3-0007Tg-5o; Sat, 09 Apr 2022 23:23:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302302.515946; Sat, 09 Apr 2022 23:23:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKQ3-0007TY-30; Sat, 09 Apr 2022 23:23:03 +0000 Received: by outflank-mailman (input) for mailman id 302302; Sat, 09 Apr 2022 23:23:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKQ2-0007TN-BX for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:23:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndKQ2-0008WM-Aa for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:23:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndKQ2-0003XT-9n for xen-changelog@lists.xenproject.org; Sat, 09 Apr 2022 23:23:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=irp1SuViZVc9cvIrjsFWJ4QkkTKBi1VYhm52oJQaLKk=; b=s0cT5oDASto8O9Eb+BNP5dfp// RYFr0LueuAkZiq7BMGFsxpR2hDmu8uuzGX5j5Dpg3BAWiqhrdwffvbxc1Pfr+lYMSEb182bZP6muy Q0YDmQt3CFt70e8Ek9caiB6iUfm1udxtcRoiPCLbDC8b+2Gmom57GfEnmJy7s1Qk9Zpo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] livepatch: avoid relocations referencing ignored section symbols Message-Id: Date: Sat, 09 Apr 2022 23:23:02 +0000 commit b953760d0b564478e232e7e64823d2a1506e92b5 Author: Roger Pau MonnĂ© AuthorDate: Fri Apr 8 14:59:27 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 8 14:59:27 2022 +0200 livepatch: avoid relocations referencing ignored section symbols Track whether symbols belong to ignored sections in order to avoid applying relocations referencing those symbols. The address of such symbols won't be resolved and thus the relocation will likely fail or write garbage to the destination. Return an error in that case, as leaving unresolved relocations would lead to malfunctioning payload code. Signed-off-by: Roger Pau MonnĂ© Tested-by: Bjoern Doebel Reviewed-by: Jan Beulich Reviewed-by: Ross Lagerwall master commit: 9120b5737f517fe9d2a3936c38d3a2211630323b master date: 2022-04-08 10:27:11 +0200 --- xen/arch/arm/arm32/livepatch.c | 7 +++++++ xen/arch/arm/arm64/livepatch.c | 7 +++++++ xen/arch/x86/livepatch.c | 7 +++++++ xen/common/livepatch_elf.c | 6 ++++++ xen/include/xen/livepatch_elf.h | 1 + 5 files changed, 28 insertions(+) diff --git a/xen/arch/arm/arm32/livepatch.c b/xen/arch/arm/arm32/livepatch.c index 5a06467008..3c50283b2a 100644 --- a/xen/arch/arm/arm32/livepatch.c +++ b/xen/arch/arm/arm32/livepatch.c @@ -272,6 +272,13 @@ int arch_livepatch_perform(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value; /* S */ diff --git a/xen/arch/arm/arm64/livepatch.c b/xen/arch/arm/arm64/livepatch.c index 6ec8dc60f0..62d2ef373a 100644 --- a/xen/arch/arm/arm64/livepatch.c +++ b/xen/arch/arm/arm64/livepatch.c @@ -270,6 +270,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = elf->sym[symndx].sym->st_value + r->r_addend; /* S+A */ diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index a3cb63a7ea..0172610ebf 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -290,6 +290,13 @@ int arch_livepatch_perform_rela(struct livepatch_elf *elf, elf->name, symndx); return -EINVAL; } + else if ( elf->sym[symndx].ignored ) + { + printk(XENLOG_ERR LIVEPATCH + "%s: Relocation against ignored symbol %s cannot be resolved\n", + elf->name, elf->sym[symndx].name); + return -EINVAL; + } val = r->r_addend + elf->sym[symndx].sym->st_value; diff --git a/xen/common/livepatch_elf.c b/xen/common/livepatch_elf.c index b089cacb1c..45d73912a3 100644 --- a/xen/common/livepatch_elf.c +++ b/xen/common/livepatch_elf.c @@ -334,7 +334,13 @@ int livepatch_elf_resolve_symbols(struct livepatch_elf *elf) } if ( livepatch_elf_ignore_section(elf->sec[idx].sec) ) + { + dprintk(XENLOG_DEBUG, LIVEPATCH + "%s: Symbol %s from section %s ignored\n", + elf->name, elf->sym[i].name, elf->sec[idx].name); + elf->sym[i].ignored = true; break; + } st_value += (unsigned long)elf->sec[idx].load_addr; if ( elf->sym[i].name ) diff --git a/xen/include/xen/livepatch_elf.h b/xen/include/xen/livepatch_elf.h index 5b1ec469da..7116deaddc 100644 --- a/xen/include/xen/livepatch_elf.h +++ b/xen/include/xen/livepatch_elf.h @@ -22,6 +22,7 @@ struct livepatch_elf_sec { struct livepatch_elf_sym { const Elf_Sym *sym; const char *name; + bool ignored; }; struct livepatch_elf { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sun Apr 10 07:22:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 10 Apr 2022 07:22:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302384.516038 (Exim 4.92) (envelope-from ) id 1ndRta-0002au-WB; Sun, 10 Apr 2022 07:22:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302384.516038; Sun, 10 Apr 2022 07:22:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndRta-0002ak-T9; Sun, 10 Apr 2022 07:22:02 +0000 Received: by outflank-mailman (input) for mailman id 302384; Sun, 10 Apr 2022 07:22:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndRtZ-0002ae-Gy for xen-changelog@lists.xenproject.org; Sun, 10 Apr 2022 07:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndRtZ-0002Lt-FB for xen-changelog@lists.xenproject.org; Sun, 10 Apr 2022 07:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndRtZ-0003NX-E5 for xen-changelog@lists.xenproject.org; Sun, 10 Apr 2022 07:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RmiVOwG32hkWgOp7XUUhqivuXI76ilVAasyxdG4xk5o=; b=iWjnokodQ2CSK+xuO8H57mydqI dninFavg4K0we8lgDUIjgupbCWa5200BfMBUX6JyFzsQB9PMz+q1cKTxBKsyeGXl4CbztZxid+CFR kgSMgcIfgo1jC3Z0iRfMD4XnW50cTUfSP0YeT1p+YQaIEHbC1tNEUm9t5t5efnMMnvBI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] SUPPORT.md: add Dom0less as Supported Message-Id: Date: Sun, 10 Apr 2022 07:22:01 +0000 commit 8847ec08fd0eecbe3da944fdd49ca3d755e8a9bf Author: Stefano Stabellini AuthorDate: Thu Apr 7 17:10:37 2022 -0700 Commit: Stefano Stabellini CommitDate: Fri Apr 8 12:36:10 2022 -0700 SUPPORT.md: add Dom0less as Supported Add Dom0less to SUPPORT.md to clarify its support status. The feature is mature enough and small enough to make it security supported. Clarify that dom0less DomUs memory is not scrubbed at boot when bootscrub=on or bootscrub=off are passed as Xen command line parameters, and no XSAs will be issued for that. Also see XSA-372: 371347c5b64da and fd5dc41ceaed. Signed-off-by: Stefano Stabellini Reviewed-by: Bertrand Marquis Acked-by: Julien Grall --- SUPPORT.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/SUPPORT.md b/SUPPORT.md index 32fb0aa8de..088dda9561 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -882,6 +882,17 @@ OVMF firmware implements the UEFI boot protocol. Status, qemu-xen: Supported +## Dom0less + +Guest creation from the hypervisor at boot without Dom0 intervention. + + Status, ARM: Supported + +Memory of dom0less DomUs is not scrubbed at boot when bootscrub=on or +bootscrub=off are passed as Xen command line parameters. (Memory should +be scrubbed with bootscrub=idle.) No XSAs will be issues due to +unscrubbed memory. + # Format and definitions This file contains prose, and machine-readable fragments. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 11 10:33:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Apr 2022 10:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302936.516825 (Exim 4.92) (envelope-from ) id 1ndrM1-0005Wz-8M; Mon, 11 Apr 2022 10:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302936.516825; Mon, 11 Apr 2022 10:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrM1-0005Wr-57; Mon, 11 Apr 2022 10:33:05 +0000 Received: by outflank-mailman (input) for mailman id 302936; Mon, 11 Apr 2022 10:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrM0-0005Wb-7K for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrM0-0003mU-6W for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndrM0-0002r2-5h for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lE8PbI1rrVtXcfGEqYNWHHvRIfTlLVN4VFiYw/gFtw4=; b=h0z0E7Pyxt9+0RVL3l+R4wZMJh +n3/G9BlKpVjh7BH49OXDojDFg0GJZiKSZ5pHmRWtbH8f2yUNdx8jIKBbNuWdmk3SsGxm/BfRGPKz pJbkSSWGWnBSJutE+t3VQ+v0i/mRPaNeivKZR5DmeYkYqgL/vydh7Yn3jez98h4Y0iuQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: Introduce a header to store common linker scripts content Message-Id: Date: Mon, 11 Apr 2022 10:33:04 +0000 commit 6af59c45a44a013c42e6e9d45d73c7edadb4e531 Author: Michal Orzel AuthorDate: Mon Apr 11 09:02:59 2022 +0200 Commit: Julien Grall CommitDate: Mon Apr 11 11:26:06 2022 +0100 xen: Introduce a header to store common linker scripts content Both x86 and arm linker scripts share quite a lot of common content. It is difficult to keep syncing them up, thus introduce a new header in include/xen called xen.lds.h to store the internals mutual to all the linker scripts. Include this header in linker scripts for x86 and arm. This patch serves as an intermediate step before populating xen.lds.h and making use of its content in the linker scripts later on. Signed-off-by: Michal Orzel Acked-by: Jan Beulich Acked-by: Julien Grall --- xen/arch/arm/xen.lds.S | 1 + xen/arch/x86/xen.lds.S | 1 + xen/include/xen/xen.lds.h | 8 ++++++++ 3 files changed, 10 insertions(+) diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S index ad7f966f0e..d20e5e94e4 100644 --- a/xen/arch/arm/xen.lds.S +++ b/xen/arch/arm/xen.lds.S @@ -4,6 +4,7 @@ #include #include +#include #include #undef ENTRY #undef ALIGN diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 6926e88e54..1fcd8ab7c5 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -3,6 +3,7 @@ #include #include +#include #include #undef ENTRY #undef ALIGN diff --git a/xen/include/xen/xen.lds.h b/xen/include/xen/xen.lds.h new file mode 100644 index 0000000000..dd292fa7dc --- /dev/null +++ b/xen/include/xen/xen.lds.h @@ -0,0 +1,8 @@ +#ifndef __XEN_LDS_H__ +#define __XEN_LDS_H__ + +/* + * Common macros to be used in architecture specific linker scripts. + */ + +#endif /* __XEN_LDS_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 11 10:33:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Apr 2022 10:33:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302938.516829 (Exim 4.92) (envelope-from ) id 1ndrMC-0005Zz-AH; Mon, 11 Apr 2022 10:33:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302938.516829; Mon, 11 Apr 2022 10:33:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrMC-0005Zo-6h; Mon, 11 Apr 2022 10:33:16 +0000 Received: by outflank-mailman (input) for mailman id 302938; Mon, 11 Apr 2022 10:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrMA-0005ZL-AI for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrMA-0003mj-9Z for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndrMA-0002sF-8f for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/tWcrrcJ4Dq3jvo7mrKExVt54heU+t0a9hnhDiVeakg=; b=RfBXYT8k9Nox22Zsr6Wl5WPd8J 2Cmku5nqynX+jeuB3OrIqpmbx6Rs6cEZycvLQFbJI13hiD2H0dxdvHaaqimki7RwfJz0N72DFWAKV G1KBVU70gICZl8d3vdMwT9x5VAtQqUqWcfLi37LOnibhDAksZB2LJy1XXQm+rlbcYtlc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: Populate xen.lds.h and make use of its macros Message-Id: Date: Mon, 11 Apr 2022 10:33:14 +0000 commit 5e3a6606be4ac58786ded130e73ae82f572c27fb Author: Michal Orzel AuthorDate: Mon Apr 11 09:03:00 2022 +0200 Commit: Julien Grall CommitDate: Mon Apr 11 11:26:23 2022 +0100 xen: Populate xen.lds.h and make use of its macros Populate header file xen.lds.h with the first portion of macros storing constructs common to x86 and arm linker scripts. Replace the original constructs with these helpers. No functional improvements to x86 linker script. Making use of common macros improves arm linker script with: - explicit list of debug sections that otherwise are seen as "orphans" by the linker. This will allow to fix issues after enabling linker option --orphan-handling one day, - extended list of discarded section to include: .discard, destructors related sections, .fini_array which can reference .text.exit, - sections not related to debugging that are placed by ld.lld. Even though we do not support linking with LLD on Arm, these sections do not cause problem to GNU ld, As we are replacing hardcoded boundary specified as an argument to ALIGN function with POINTER_ALIGN, this changes the alignment in HYPFS_PARAM construct for arm32 from 8 to 4. It is fine as there are no 64bit values used in struct param_hypfs. Please note that this patch does not aim to perform the full sync up between the linker scripts. It creates a base for further work. Signed-off-by: Michal Orzel Reviewed-by: Jan Beulich Reviewed-by: Julien Grall --- xen/arch/arm/xen.lds.S | 44 ++++------------ xen/arch/x86/xen.lds.S | 96 +++------------------------------- xen/include/xen/xen.lds.h | 129 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 147 insertions(+), 122 deletions(-) diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S index d20e5e94e4..1e986e211f 100644 --- a/xen/arch/arm/xen.lds.S +++ b/xen/arch/arm/xen.lds.S @@ -69,12 +69,7 @@ SECTIONS *(.proc.info) __proc_info_end = .; -#ifdef CONFIG_HAS_VPCI - . = ALIGN(POINTER_ALIGN); - __start_vpci_array = .; - *(SORT(.data.vpci.*)) - __end_vpci_array = .; -#endif + VPCI_ARRAY } :text #if defined(BUILD_ID) @@ -110,12 +105,7 @@ SECTIONS *(.data.schedulers) __end_schedulers_array = .; -#ifdef CONFIG_HYPFS - . = ALIGN(8); - __paramhypfs_start = .; - *(.data.paramhypfs) - __paramhypfs_end = .; -#endif + HYPFS_PARAM *(.data .data.*) CONSTRUCTORS @@ -179,12 +169,7 @@ SECTIONS *(.altinstructions) __alt_instructions_end = .; -#ifdef CONFIG_DEBUG_LOCK_PROFILE - . = ALIGN(POINTER_ALIGN); - __lock_profile_start = .; - *(.lockprofile.data) - __lock_profile_end = .; -#endif + LOCK_PROFILE_DATA *(.init.data) *(.init.data.rel) @@ -223,22 +208,13 @@ SECTIONS /* Section for the device tree blob (if any). */ .dtb : { *(.dtb) } :text - /* Sections to be discarded */ - /DISCARD/ : { - *(.exit.text) - *(.exit.data) - *(.exitcall.exit) - *(.eh_frame) - } - - /* Stabs debugging sections. */ - .stab 0 : { *(.stab) } - .stabstr 0 : { *(.stabstr) } - .stab.excl 0 : { *(.stab.excl) } - .stab.exclstr 0 : { *(.stab.exclstr) } - .stab.index 0 : { *(.stab.index) } - .stab.indexstr 0 : { *(.stab.indexstr) } - .comment 0 : { *(.comment) } + DWARF2_DEBUG_SECTIONS + + DISCARD_SECTIONS + + STABS_DEBUG_SECTIONS + + ELF_DETAILS_SECTIONS } /* diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 1fcd8ab7c5..68501c7186 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -14,13 +14,6 @@ #undef __XEN_VIRT_START #define __XEN_VIRT_START __image_base__ #define DECL_SECTION(x) x : -/* - * Use the NOLOAD directive, despite currently ignored by (at least) GNU ld - * for PE output, in order to record that we'd prefer these sections to not - * be loaded into memory. - */ -#define DECL_DEBUG(x, a) #x ALIGN(a) (NOLOAD) : { *(x) } -#define DECL_DEBUG2(x, y, a) #x ALIGN(a) (NOLOAD) : { *(x) *(y) } ENTRY(efi_start) @@ -28,8 +21,6 @@ ENTRY(efi_start) #define FORMAT "elf64-x86-64" #define DECL_SECTION(x) #x : AT(ADDR(#x) - __XEN_VIRT_START) -#define DECL_DEBUG(x, a) #x 0 : { *(x) } -#define DECL_DEBUG2(x, y, a) #x 0 : { *(x) *(y) } ENTRY(start_pa) @@ -160,12 +151,7 @@ SECTIONS *(.note.gnu.build-id) __note_gnu_build_id_end = .; #endif -#ifdef CONFIG_HAS_VPCI - . = ALIGN(POINTER_ALIGN); - __start_vpci_array = .; - *(SORT(.data.vpci.*)) - __end_vpci_array = .; -#endif + VPCI_ARRAY } PHDR(text) #if defined(CONFIG_PVH_GUEST) && !defined(EFI) @@ -279,12 +265,7 @@ SECTIONS *(.altinstructions) __alt_instructions_end = .; -#ifdef CONFIG_DEBUG_LOCK_PROFILE - . = ALIGN(POINTER_ALIGN); - __lock_profile_start = .; - *(.lockprofile.data) - __lock_profile_end = .; -#endif + LOCK_PROFILE_DATA . = ALIGN(8); __ctors_start = .; @@ -336,12 +317,7 @@ SECTIONS *(.data.schedulers) __end_schedulers_array = .; -#ifdef CONFIG_HYPFS - . = ALIGN(8); - __paramhypfs_start = .; - *(.data.paramhypfs) - __paramhypfs_end = .; -#endif + HYPFS_PARAM } PHDR(text) DECL_SECTION(.data) { @@ -388,33 +364,7 @@ SECTIONS efi = .; #endif - /* - * Explicitly list debug sections, first of all to avoid these sections being - * viewed as "orphan" by the linker. - * - * For the PE output this is further necessary so that they don't end up at - * VA 0, which is below image base and thus invalid. Note that we're past - * _end here, so if these sections get loaded they'll be discarded at runtime - * anyway. - */ - DECL_DEBUG(.debug_abbrev, 1) - DECL_DEBUG2(.debug_info, .gnu.linkonce.wi.*, 1) - DECL_DEBUG(.debug_types, 1) - DECL_DEBUG(.debug_str, 1) - DECL_DEBUG2(.debug_line, .debug_line.*, 1) - DECL_DEBUG(.debug_line_str, 1) - DECL_DEBUG(.debug_names, 4) - DECL_DEBUG(.debug_frame, 4) - DECL_DEBUG(.debug_loc, 1) - DECL_DEBUG(.debug_loclists, 4) - DECL_DEBUG(.debug_macinfo, 1) - DECL_DEBUG(.debug_macro, 1) - DECL_DEBUG(.debug_ranges, 8) - DECL_DEBUG(.debug_rnglists, 4) - DECL_DEBUG(.debug_addr, 8) - DECL_DEBUG(.debug_aranges, 1) - DECL_DEBUG(.debug_pubnames, 1) - DECL_DEBUG(.debug_pubtypes, 1) + DWARF2_DEBUG_SECTIONS #ifdef EFI /* Trick the linker into setting the image size to no less than 16Mb. */ @@ -428,42 +378,12 @@ SECTIONS hv_hcall_page = ABSOLUTE(HV_HCALL_PAGE - XEN_VIRT_START + __XEN_VIRT_START); #endif - /* Sections to be discarded */ - /DISCARD/ : { - *(.text.exit) - *(.exit.text) - *(.exit.data) - *(.exitcall.exit) - *(.discard) - *(.discard.*) - *(.eh_frame) - *(.dtors) - *(.dtors.*) - *(.fini_array) - *(.fini_array.*) -#ifdef EFI - *(.comment) - *(.comment.*) - *(.note.*) -#endif - } + DISCARD_SECTIONS #ifndef EFI - /* Stabs debugging sections. */ - .stab 0 : { *(.stab) } - .stabstr 0 : { *(.stabstr) } - .stab.excl 0 : { *(.stab.excl) } - .stab.exclstr 0 : { *(.stab.exclstr) } - .stab.index 0 : { *(.stab.index) } - .stab.indexstr 0 : { *(.stab.indexstr) } - .comment 0 : { *(.comment) *(.comment.*) } - /* - * LLVM ld also wants .symtab, .strtab, and .shstrtab placed. These look to - * be benign to GNU ld, so we can have them here unconditionally. - */ - .symtab 0 : { *(.symtab) } - .strtab 0 : { *(.strtab) } - .shstrtab 0 : { *(.shstrtab) } + STABS_DEBUG_SECTIONS + + ELF_DETAILS_SECTIONS #endif } diff --git a/xen/include/xen/xen.lds.h b/xen/include/xen/xen.lds.h index dd292fa7dc..fc47bb1ccc 100644 --- a/xen/include/xen/xen.lds.h +++ b/xen/include/xen/xen.lds.h @@ -5,4 +5,133 @@ * Common macros to be used in architecture specific linker scripts. */ +/* + * To avoid any confusion, please note that the EFI macro does not correspond + * to EFI support and is used when linking a native EFI (i.e. PE/COFF) binary, + * hence its usage in this header. + */ + +/* Macros to declare debug sections. */ +#ifdef EFI +/* + * Use the NOLOAD directive, despite currently ignored by (at least) GNU ld + * for PE output, in order to record that we'd prefer these sections to not + * be loaded into memory. + */ +#define DECL_DEBUG(x, a) #x ALIGN(a) (NOLOAD) : { *(x) } +#define DECL_DEBUG2(x, y, a) #x ALIGN(a) (NOLOAD) : { *(x) *(y) } +#else +#define DECL_DEBUG(x, a) #x 0 : { *(x) } +#define DECL_DEBUG2(x, y, a) #x 0 : { *(x) *(y) } +#endif + +/* + * DWARF2+ debug sections. + * Explicitly list debug sections, first of all to avoid these sections being + * viewed as "orphan" by the linker. + * + * For the PE output this is further necessary so that they don't end up at + * VA 0, which is below image base and thus invalid. Note that this macro is + * to be used after _end, so if these sections get loaded they'll be discarded + * at runtime anyway. + */ +#define DWARF2_DEBUG_SECTIONS \ + DECL_DEBUG(.debug_abbrev, 1) \ + DECL_DEBUG2(.debug_info, .gnu.linkonce.wi.*, 1) \ + DECL_DEBUG(.debug_types, 1) \ + DECL_DEBUG(.debug_str, 1) \ + DECL_DEBUG2(.debug_line, .debug_line.*, 1) \ + DECL_DEBUG(.debug_line_str, 1) \ + DECL_DEBUG(.debug_names, 4) \ + DECL_DEBUG(.debug_frame, 4) \ + DECL_DEBUG(.debug_loc, 1) \ + DECL_DEBUG(.debug_loclists, 4) \ + DECL_DEBUG(.debug_macinfo, 1) \ + DECL_DEBUG(.debug_macro, 1) \ + DECL_DEBUG(.debug_ranges, POINTER_ALIGN) \ + DECL_DEBUG(.debug_rnglists, 4) \ + DECL_DEBUG(.debug_addr, POINTER_ALIGN) \ + DECL_DEBUG(.debug_aranges, 1) \ + DECL_DEBUG(.debug_pubnames, 1) \ + DECL_DEBUG(.debug_pubtypes, 1) + +/* Stabs debug sections. */ +#define STABS_DEBUG_SECTIONS \ + .stab 0 : { *(.stab) } \ + .stabstr 0 : { *(.stabstr) } \ + .stab.excl 0 : { *(.stab.excl) } \ + .stab.exclstr 0 : { *(.stab.exclstr) } \ + .stab.index 0 : { *(.stab.index) } \ + .stab.indexstr 0 : { *(.stab.indexstr) } + +/* + * ELF sections. + * + * LLVM ld also wants .symtab, .strtab, and .shstrtab placed. These look to + * be benign to GNU ld, so we can have them here unconditionally. + */ +#define ELF_DETAILS_SECTIONS \ + .comment 0 : { *(.comment) *(.comment.*) } \ + .symtab 0 : { *(.symtab) } \ + .strtab 0 : { *(.strtab) } \ + .shstrtab 0 : { *(.shstrtab) } + +#ifdef EFI +#define DISCARD_EFI_SECTIONS \ + *(.comment) \ + *(.comment.*) \ + *(.note.*) +#else +#define DISCARD_EFI_SECTIONS +#endif + +/* Sections to be discarded. */ +#define DISCARD_SECTIONS \ + /DISCARD/ : { \ + *(.text.exit) \ + *(.exit.text) \ + *(.exit.data) \ + *(.exitcall.exit) \ + *(.discard) \ + *(.discard.*) \ + *(.eh_frame) \ + *(.dtors) \ + *(.dtors.*) \ + *(.fini_array) \ + *(.fini_array.*) \ + DISCARD_EFI_SECTIONS \ + } + +/* List of constructs other than *_SECTIONS in alphabetical order. */ + +#ifdef CONFIG_HYPFS +#define HYPFS_PARAM \ + . = ALIGN(POINTER_ALIGN); \ + __paramhypfs_start = .; \ + *(.data.paramhypfs) \ + __paramhypfs_end = .; +#else +#define HYPFS_PARAM +#endif + +#ifdef CONFIG_DEBUG_LOCK_PROFILE +#define LOCK_PROFILE_DATA \ + . = ALIGN(POINTER_ALIGN); \ + __lock_profile_start = .; \ + *(.lockprofile.data) \ + __lock_profile_end = .; +#else +#define LOCK_PROFILE_DATA +#endif + +#ifdef CONFIG_HAS_VPCI +#define VPCI_ARRAY \ + . = ALIGN(POINTER_ALIGN); \ + __start_vpci_array = .; \ + *(SORT(.data.vpci.*)) \ + __end_vpci_array = .; +#else +#define VPCI_ARRAY +#endif + #endif /* __XEN_LDS_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 11 10:44:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Apr 2022 10:44:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302943.516845 (Exim 4.92) (envelope-from ) id 1ndrWg-00077N-Bd; Mon, 11 Apr 2022 10:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302943.516845; Mon, 11 Apr 2022 10:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrWg-00077F-8Z; Mon, 11 Apr 2022 10:44:06 +0000 Received: by outflank-mailman (input) for mailman id 302943; Mon, 11 Apr 2022 10:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrWe-00076y-AQ for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrWe-00041l-7G for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndrWe-0003fQ-6D for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XfPEoxIWrs/md9y6xIDdAGbjx2n06/zZdYIvVEXg09M=; b=U0Q1BCsq/CatREqFF8PXRe2aaq phb1yvJDA2Aax+/YPkw6D7AxzMxIl+ayWGY17T3ek7ra6rfbbKDYWzjlVHIwI6crvauZeqEuOx/x2 PDeGj6G8qpi7nMBUduPTGili92OOagAQkmtJwYpSnTbHZhc+zUxYIKQ++Ept4rkzFPg8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/boot: make "vga=current" work with graphics modes Message-Id: Date: Mon, 11 Apr 2022 10:44:04 +0000 commit 927aee59826fbebb87f099cc95b945f1dcb1ba5c Author: Jan Beulich AuthorDate: Mon Apr 11 12:29:14 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 11 12:29:14 2022 +0200 x86/boot: make "vga=current" work with graphics modes GrUB2 can be told to leave the screen in the graphics mode it has been using (or any other one), via "set gfxpayload=keep" (or suitable variants thereof). In this case we can avoid doing another mode switch ourselves. This in particular avoids possibly setting the screen to a less desirable mode: On one of my test systems the set of modes reported available by the VESA BIOS depends on whether the interposed KVM switch has that machine set as the active one. If it's not active, only modes up to 1024x768 get reported, while when active 1280x1024 modes are also included. For things to always work with an explicitly specified mode (via the "vga=" option), that mode therefore needs be a 1024x768 one. For some reason this only works for me with "multiboot2" (and "module2"); "multiboot" (and "module") still forces the screen into text mode, despite my reading of the sources suggesting otherwise. For starters I'm limiting this to graphics modes; I do think this ought to also work for text modes, but - I can't tell whether GrUB2 can set any text mode other than 80x25 (I've only found plain "text" to be valid as a "gfxpayload" setting), - I'm uncertain whether supporting that is worth it, since I'm uncertain how many people would be running their systems/screens in text mode, - I'd like to limit the amount of code added to the realmode trampoline. For starters I'm also limiting mode information retrieval to raw BIOS accesses. This will allow things to work (in principle) also with other boot environments where a graphics mode can be left in place. The downside is that this then still is dependent upon switching back to real mode, so retrieving the needed information from multiboot info is likely going to be desirable down the road. Signed-off-by: Jan Beulich Acked-by: Roger Pau MonnĂ© Acked-by: Henry Wang --- CHANGELOG.md | 4 ++++ xen/arch/x86/boot/video.S | 34 +++++++++++++++++++++++++++++++++- 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 83d85fad5b..6a7755d7b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## [unstable UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - TBD +### Changed + - On x86 "vga=current" can now be used together with GrUB2's gfxpayload setting. Note that + this requires use of "multiboot2" (and "module2") as the GrUB commands loading Xen. + ### Removed / support downgraded - dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S index ee993e1073..1b3f363fc4 100644 --- a/xen/arch/x86/boot/video.S +++ b/xen/arch/x86/boot/video.S @@ -566,7 +566,6 @@ set14: movw $0x1111, %ax # Use 9x14 font movb $0x01, %ah # Define cursor scan lines 11-12 movw $0x0b0c, %cx int $0x10 -set_current: stc ret @@ -680,6 +679,39 @@ vga_modes: .word VIDEO_80x60, 0x50,0x3c,0 # 80x60 vga_modes_end: +# If the current mode is a VESA graphics one, obtain its parameters. +set_current: + leaw vesa_glob_info, %di + movw $0x4f00, %ax + int $0x10 + cmpw $0x004f, %ax + jne .Lsetc_done + + movw $0x4f03, %ax + int $0x10 + cmpw $0x004f, %ax + jne .Lsetc_done + + leaw vesa_mode_info, %di # Get mode information structure + movw %bx, %cx + movw $0x4f01, %ax + int $0x10 + cmpw $0x004f, %ax + jne .Lsetc_done + + movb (%di), %al # Check mode attributes + andb $0x9b, %al + cmpb $0x9b, %al + jne .Lsetc_done # Doh! No linear frame buffer + + movb $1, bootsym(graphic_mode) + movw %bx, bootsym(boot_vid_mode) + movw %bx, bootsym(video_mode) + +.Lsetc_done: + stc + ret + # Detect VESA modes. vesa_modes: movw %di, %bp # BP=original mode table end -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 11 10:44:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Apr 2022 10:44:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302945.516849 (Exim 4.92) (envelope-from ) id 1ndrWq-0007Az-DL; Mon, 11 Apr 2022 10:44:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302945.516849; Mon, 11 Apr 2022 10:44:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrWq-0007Ar-A3; Mon, 11 Apr 2022 10:44:16 +0000 Received: by outflank-mailman (input) for mailman id 302945; Mon, 11 Apr 2022 10:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrWo-00079Q-BF for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrWo-00041w-AV for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndrWo-0003g5-9X for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Aq35yFcyvMvWr+fV9Eam2zoo0LwK6nssC8NzXDRqKzk=; b=418mO6e7qLeIKtG26Mh3pk5vkf kN2pT1wRskg2wGspHznD2lMoBoFGeqIIAdxDPU7Yv2/nnunj4iOBKrVzjav2bKPaRtYn5A2daW/wb D3vMtKdu3V0h+NMUoEUt8tL6axX6zm5GF5a7XpmqsnbdledUWCwlgo0Tj7nv+0dkiyFo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/boot: obtain video info from boot loader Message-Id: Date: Mon, 11 Apr 2022 10:44:14 +0000 commit 0faf37e7434ea08ed99d804aad98fcddf74852e7 Author: Jan Beulich AuthorDate: Mon Apr 11 12:30:09 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 11 12:30:09 2022 +0200 x86/boot: obtain video info from boot loader With MB2 the boot loader may provide this information, allowing us to obtain it without needing to enter real mode (assuming we don't need to set a new mode from "vga=", but can instead inherit the one the bootloader may have established). Signed-off-by: Jan Beulich Acked-by: Roger Pau MonnĂ© --- xen/arch/x86/boot/defs.h | 1 + xen/arch/x86/boot/head.S | 10 ++++- xen/arch/x86/boot/reloc.c | 98 ++++++++++++++++++++++++++++++++++++++++---- xen/arch/x86/boot/video.h | 41 ++++++++++++++++++ xen/arch/x86/setup.c | 30 +------------- xen/include/xen/multiboot2.h | 53 ++++++++++++++++++++++++ 6 files changed, 195 insertions(+), 38 deletions(-) diff --git a/xen/arch/x86/boot/defs.h b/xen/arch/x86/boot/defs.h index 21d292cd73..f9840044ec 100644 --- a/xen/arch/x86/boot/defs.h +++ b/xen/arch/x86/boot/defs.h @@ -53,6 +53,7 @@ typedef unsigned int u32; typedef unsigned long long u64; typedef unsigned int size_t; typedef u8 uint8_t; +typedef u16 uint16_t; typedef u32 uint32_t; typedef u64 uint64_t; diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index 92d73345f0..3db47197b8 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -562,12 +562,18 @@ trampoline_setup: mov %esi, sym_esi(xen_phys_start) mov %esi, sym_esi(trampoline_xen_phys_start) - mov sym_esi(trampoline_phys), %ecx - /* Get bottom-most low-memory stack address. */ + mov sym_esi(trampoline_phys), %ecx add $TRAMPOLINE_SPACE,%ecx +#ifdef CONFIG_VIDEO + lea sym_esi(boot_vid_info), %edx +#else + xor %edx, %edx +#endif + /* Save Multiboot / PVH info struct (after relocation) for later use. */ + push %edx /* Boot video info to be filled from MB2. */ push %ecx /* Bottom-most low-memory stack address. */ push %ebx /* Multiboot / PVH information address. */ push %eax /* Magic number. */ diff --git a/xen/arch/x86/boot/reloc.c b/xen/arch/x86/boot/reloc.c index 4f4039bb7c..e22bb974bf 100644 --- a/xen/arch/x86/boot/reloc.c +++ b/xen/arch/x86/boot/reloc.c @@ -14,9 +14,10 @@ /* * This entry point is entered from xen/arch/x86/boot/head.S with: - * - 0x4(%esp) = MAGIC, - * - 0x8(%esp) = INFORMATION_ADDRESS, - * - 0xc(%esp) = TOPMOST_LOW_MEMORY_STACK_ADDRESS. + * - 0x04(%esp) = MAGIC, + * - 0x08(%esp) = INFORMATION_ADDRESS, + * - 0x0c(%esp) = TOPMOST_LOW_MEMORY_STACK_ADDRESS. + * - 0x10(%esp) = BOOT_VIDEO_INFO_ADDRESS. */ asm ( " .text \n" @@ -32,6 +33,39 @@ asm ( #include "../../../include/xen/kconfig.h" #include +#ifdef CONFIG_VIDEO +# include "video.h" + +/* VESA control information */ +struct __packed vesa_ctrl_info { + uint8_t signature[4]; + uint16_t version; + uint32_t oem_name; + uint32_t capabilities; + uint32_t mode_list; + uint16_t mem_size; + /* We don't use any further fields. */ +}; + +/* VESA 2.0 mode information */ +struct vesa_mode_info { + uint16_t attrib; + uint8_t window[14]; /* We don't use the individual fields. */ + uint16_t bytes_per_line; + uint16_t width; + uint16_t height; + uint8_t cell_width; + uint8_t cell_height; + uint8_t nr_planes; + uint8_t depth; + uint8_t memory[5]; /* We don't use the individual fields. */ + struct boot_video_colors colors; + uint8_t direct_color; + uint32_t base; + /* We don't use any further fields. */ +}; +#endif /* CONFIG_VIDEO */ + #define get_mb2_data(tag, type, member) (((multiboot2_tag_##type##_t *)(tag))->member) #define get_mb2_string(tag, type, member) ((u32)get_mb2_data(tag, type, member)) @@ -146,7 +180,7 @@ static multiboot_info_t *mbi_reloc(u32 mbi_in) return mbi_out; } -static multiboot_info_t *mbi2_reloc(u32 mbi_in) +static multiboot_info_t *mbi2_reloc(uint32_t mbi_in, uint32_t video_out) { const multiboot2_fixed_t *mbi_fix = _p(mbi_in); const multiboot2_memory_map_t *mmap_src; @@ -154,6 +188,9 @@ static multiboot_info_t *mbi2_reloc(u32 mbi_in) module_t *mbi_out_mods = NULL; memory_map_t *mmap_dst; multiboot_info_t *mbi_out; +#ifdef CONFIG_VIDEO + struct boot_video_info *video = NULL; +#endif u32 ptr; unsigned int i, mod_idx = 0; @@ -254,17 +291,64 @@ static multiboot_info_t *mbi2_reloc(u32 mbi_in) ++mod_idx; break; +#ifdef CONFIG_VIDEO + case MULTIBOOT2_TAG_TYPE_VBE: + if ( video_out ) + { + const struct vesa_ctrl_info *ci; + const struct vesa_mode_info *mi; + + video = _p(video_out); + ci = (void *)get_mb2_data(tag, vbe, vbe_control_info); + mi = (void *)get_mb2_data(tag, vbe, vbe_mode_info); + + if ( ci->version >= 0x0200 && (mi->attrib & 0x9b) == 0x9b ) + { + video->capabilities = ci->capabilities; + video->lfb_linelength = mi->bytes_per_line; + video->lfb_width = mi->width; + video->lfb_height = mi->height; + video->lfb_depth = mi->depth; + video->lfb_base = mi->base; + video->lfb_size = ci->mem_size; + video->colors = mi->colors; + video->vesa_attrib = mi->attrib; + } + + video->vesapm.seg = get_mb2_data(tag, vbe, vbe_interface_seg); + video->vesapm.off = get_mb2_data(tag, vbe, vbe_interface_off); + } + break; + + case MULTIBOOT2_TAG_TYPE_FRAMEBUFFER: + if ( (get_mb2_data(tag, framebuffer, framebuffer_type) != + MULTIBOOT2_FRAMEBUFFER_TYPE_RGB) ) + { + video_out = 0; + video = NULL; + } + break; +#endif /* CONFIG_VIDEO */ + case MULTIBOOT2_TAG_TYPE_END: - return mbi_out; + goto end; /* Cannot "break;" here. */ default: break; } + end: + +#ifdef CONFIG_VIDEO + if ( video ) + video->orig_video_isVGA = 0x23; +#endif + return mbi_out; } -void * __stdcall reloc(u32 magic, u32 in, u32 trampoline) +void *__stdcall reloc(uint32_t magic, uint32_t in, uint32_t trampoline, + uint32_t video_info) { alloc = trampoline; @@ -274,7 +358,7 @@ void * __stdcall reloc(u32 magic, u32 in, u32 trampoline) return mbi_reloc(in); case MULTIBOOT2_BOOTLOADER_MAGIC: - return mbi2_reloc(in); + return mbi2_reloc(in, video_info); case XEN_HVM_START_MAGIC_VALUE: if ( IS_ENABLED(CONFIG_PVH_GUEST) ) diff --git a/xen/arch/x86/boot/video.h b/xen/arch/x86/boot/video.h index 4026954196..6a7775d242 100644 --- a/xen/arch/x86/boot/video.h +++ b/xen/arch/x86/boot/video.h @@ -28,4 +28,45 @@ /* The "recalculate timings" flag */ #define VIDEO_RECALC 0x8000 +#ifndef __ASSEMBLY__ +struct boot_video_info { + uint8_t orig_x; /* 0x00 */ + uint8_t orig_y; /* 0x01 */ + uint8_t orig_video_mode; /* 0x02 */ + uint8_t orig_video_cols; /* 0x03 */ + uint8_t orig_video_lines; /* 0x04 */ + uint8_t orig_video_isVGA; /* 0x05 */ + uint16_t orig_video_points; /* 0x06 */ + + /* VESA graphic mode -- linear frame buffer */ + uint32_t capabilities; /* 0x08 */ + uint16_t lfb_linelength; /* 0x0c */ + uint16_t lfb_width; /* 0x0e */ + uint16_t lfb_height; /* 0x10 */ + uint16_t lfb_depth; /* 0x12 */ + uint32_t lfb_base; /* 0x14 */ + uint32_t lfb_size; /* 0x18 */ + union { + struct { + uint8_t red_size; /* 0x1c */ + uint8_t red_pos; /* 0x1d */ + uint8_t green_size; /* 0x1e */ + uint8_t green_pos; /* 0x1f */ + uint8_t blue_size; /* 0x20 */ + uint8_t blue_pos; /* 0x21 */ + uint8_t rsvd_size; /* 0x22 */ + uint8_t rsvd_pos; /* 0x23 */ + }; + struct boot_video_colors { + uint8_t rgbr[8]; + } colors; + }; + struct { + uint16_t seg; /* 0x24 */ + uint16_t off; /* 0x26 */ + } vesapm; + uint16_t vesa_attrib; /* 0x28 */ +}; +#endif /* __ASSEMBLY__ */ + #endif /* __BOOT_VIDEO_H__ */ diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index a0ee8d206f..6f20e17892 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -532,35 +532,7 @@ static void __init setup_max_pdx(unsigned long top_page) static struct e820map __initdata boot_e820; #ifdef CONFIG_VIDEO -struct boot_video_info { - u8 orig_x; /* 0x00 */ - u8 orig_y; /* 0x01 */ - u8 orig_video_mode; /* 0x02 */ - u8 orig_video_cols; /* 0x03 */ - u8 orig_video_lines; /* 0x04 */ - u8 orig_video_isVGA; /* 0x05 */ - u16 orig_video_points; /* 0x06 */ - - /* VESA graphic mode -- linear frame buffer */ - u32 capabilities; /* 0x08 */ - u16 lfb_linelength; /* 0x0c */ - u16 lfb_width; /* 0x0e */ - u16 lfb_height; /* 0x10 */ - u16 lfb_depth; /* 0x12 */ - u32 lfb_base; /* 0x14 */ - u32 lfb_size; /* 0x18 */ - u8 red_size; /* 0x1c */ - u8 red_pos; /* 0x1d */ - u8 green_size; /* 0x1e */ - u8 green_pos; /* 0x1f */ - u8 blue_size; /* 0x20 */ - u8 blue_pos; /* 0x21 */ - u8 rsvd_size; /* 0x22 */ - u8 rsvd_pos; /* 0x23 */ - u16 vesapm_seg; /* 0x24 */ - u16 vesapm_off; /* 0x26 */ - u16 vesa_attrib; /* 0x28 */ -}; +# include "boot/video.h" extern struct boot_video_info boot_vid_info; #endif diff --git a/xen/include/xen/multiboot2.h b/xen/include/xen/multiboot2.h index 5acd225044..f792040205 100644 --- a/xen/include/xen/multiboot2.h +++ b/xen/include/xen/multiboot2.h @@ -158,6 +158,59 @@ typedef struct { multiboot2_memory_map_t entries[]; } multiboot2_tag_mmap_t; +typedef struct +{ + uint32_t type; + uint32_t size; + uint16_t vbe_mode; + uint16_t vbe_interface_seg; + uint16_t vbe_interface_off; + uint16_t vbe_interface_len; + uint8_t vbe_control_info[512]; + uint8_t vbe_mode_info[256]; +} multiboot2_tag_vbe_t; + +typedef struct +{ + uint8_t red; + uint8_t green; + uint8_t blue; +} multiboot2_color_t; + +typedef struct +{ + uint32_t type; + uint32_t size; + uint64_t framebuffer_addr; + uint32_t framebuffer_pitch; + uint32_t framebuffer_width; + uint32_t framebuffer_height; + uint8_t framebuffer_bpp; +#define MULTIBOOT2_FRAMEBUFFER_TYPE_INDEXED 0 +#define MULTIBOOT2_FRAMEBUFFER_TYPE_RGB 1 +#define MULTIBOOT2_FRAMEBUFFER_TYPE_EGA_TEXT 2 + uint8_t framebuffer_type; + uint16_t reserved; + + union + { + struct + { + uint16_t framebuffer_palette_num_colors; + multiboot2_color_t framebuffer_palette[]; + }; + struct + { + uint8_t framebuffer_red_field_position; + uint8_t framebuffer_red_mask_size; + uint8_t framebuffer_green_field_position; + uint8_t framebuffer_green_mask_size; + uint8_t framebuffer_blue_field_position; + uint8_t framebuffer_blue_mask_size; + }; + }; +} multiboot2_tag_framebuffer_t; + typedef struct { u32 type; u32 size; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 11 10:44:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Apr 2022 10:44:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302946.516852 (Exim 4.92) (envelope-from ) id 1ndrWz-0007G4-HA; Mon, 11 Apr 2022 10:44:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302946.516852; Mon, 11 Apr 2022 10:44:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrWz-0007Fw-E8; Mon, 11 Apr 2022 10:44:25 +0000 Received: by outflank-mailman (input) for mailman id 302946; Mon, 11 Apr 2022 10:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrWy-0007Fk-EQ for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrWy-00042P-Dg for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndrWy-0003gz-Cj for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1Ffyf8pIhq80kY7GiXEa3Ero+iKHg18B7/rEc2COZ1A=; b=zhNYH9+nfSXyT6xEU3R0i1r4/g HhaCuDI3OE1yYjYQQo3b8sz6vxjAZbnULmJzyEXRAhqWiQX7JLivlP6CsfA05Tn7siEtG82cH7HLQ qdY/O8CKQRJ/+uAti6OzL6SKbvqyzP2MBiTQzEkwrIfgypAgcAtlKp4zll6Fg3t/qkzQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Merge branch 'staging' of xenbits.xen.org:/home/xen/git/xen into staging Message-Id: Date: Mon, 11 Apr 2022 10:44:24 +0000 commit 76c7367d761a91e0f8e6d923d873d29c228e947b Merge: 0faf37e7434ea08ed99d804aad98fcddf74852e7 5e3a6606be4ac58786ded130e73ae82f572c27fb Author: Jan Beulich AuthorDate: Mon Apr 11 12:30:37 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 11 12:30:37 2022 +0200 Merge branch 'staging' of xenbits.xen.org:/home/xen/git/xen into staging xen/arch/arm/xen.lds.S | 45 ++++----------- xen/arch/x86/xen.lds.S | 97 +++----------------------------- xen/include/xen/xen.lds.h | 137 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 157 insertions(+), 122 deletions(-) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 11 10:44:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Apr 2022 10:44:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302947.516857 (Exim 4.92) (envelope-from ) id 1ndrX9-0007J2-Il; Mon, 11 Apr 2022 10:44:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302947.516857; Mon, 11 Apr 2022 10:44:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrX9-0007Iu-Fd; Mon, 11 Apr 2022 10:44:35 +0000 Received: by outflank-mailman (input) for mailman id 302947; Mon, 11 Apr 2022 10:44:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrX8-0007Ii-HF for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrX8-00042e-GT for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndrX8-0003hY-Fj for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UdUEIES/sHkinA/omayu+yn/woB7mc7ntccCH0rnyhw=; b=bBwW+A74aevBjBnHB3FdxUiqEH xHCTpRltbAbKkhaPGie/NN+vFEvLH0K0VuSK8VLJihGsSywCiali+XpoWFeWgTGMEegEMxvDCXlMY 9bEcv73jqaeVcBQsKiNb4ROw4w1yNKMeZEh9w7/J7x02A95TB+g5aywoUvYqNYZ5zgIc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/boot: LEA -> MOV in video handling code Message-Id: Date: Mon, 11 Apr 2022 10:44:34 +0000 commit a859b0b0d75e9321f4d98afeb92082857ce30541 Author: Jan Beulich AuthorDate: Mon Apr 11 12:31:02 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 11 12:31:02 2022 +0200 x86/boot: LEA -> MOV in video handling code Replace most LEA instances with (one byte shorter) MOV. Signed-off-by: Jan Beulich Acked-by: Roger Pau MonnĂ© --- xen/arch/x86/boot/video.S | 58 +++++++++++++++++++++++------------------------ 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S index 1b3f363fc4..0ae04f270f 100644 --- a/xen/arch/x86/boot/video.S +++ b/xen/arch/x86/boot/video.S @@ -60,7 +60,7 @@ video: xorw %ax, %ax call mode_set # Set the mode jc vid1 - leaw bootsym(badmdt), %si # Invalid mode ID + movw $bootsym(badmdt), %si # Invalid mode ID call prtstr vid2: call mode_menu vid1: call store_edid @@ -113,7 +113,7 @@ mopar2: movb %al, _param(PARAM_VIDEO_LINES) # Fetching of VESA frame buffer parameters mopar_gr: - leaw vesa_mode_info, %di + movw $vesa_mode_info, %di movb $0x23, _param(PARAM_HAVE_VGA) movw 16(%di), %ax movw %ax, _param(PARAM_LFB_LINELENGTH) @@ -133,7 +133,7 @@ mopar_gr: movw %ax, _param(PARAM_VESA_ATTRIB) # get video mem size - leaw vesa_glob_info, %di + movw $vesa_glob_info, %di movzwl 18(%di), %eax movl %eax, _param(PARAM_LFB_SIZE) @@ -189,7 +189,7 @@ no_pm: pushw %ds # The video mode menu mode_menu: - leaw bootsym(keymsg), %si # "Return/Space/Timeout" message + movw $bootsym(keymsg), %si # "Return/Space/Timeout" message call prtstr call flush nokey: call getkt @@ -206,22 +206,22 @@ nokey: call getkt defmd1: ret # No mode chosen? Default 80x25 listm: call mode_table # List mode table -listm0: leaw bootsym(name_bann), %si # Print adapter name +listm0: movw $bootsym(name_bann), %si # Print adapter name call prtstr movw bootsym(card_name), %si orw %si, %si jnz an2 - leaw bootsym(vga_name), %si + movw $bootsym(vga_name), %si jmp an1 an2: call prtstr - leaw bootsym(svga_name), %si + movw $bootsym(svga_name), %si an1: call prtstr - leaw bootsym(listhdr), %si # Table header + movw $bootsym(listhdr), %si # Table header call prtstr movb $0x30, %dl # DL holds mode number - leaw modelist, %si + movw $modelist, %si lm1: cmpw $ASK_VGA, (%si) # End? jz lm2 @@ -240,7 +240,7 @@ lm1: cmpw $ASK_VGA, (%si) # End? testb $0xff,(%si) jnz 1f push %si - leaw bootsym(textmode), %si + movw $bootsym(textmode), %si call prtstr pop %si lodsw @@ -257,7 +257,7 @@ lm1: cmpw $ASK_VGA, (%si) # End? cmpb $'z'+1, %dl jnz skip_bail - leaw bootsym(menu_bail_msg), %si + movw $bootsym(menu_bail_msg), %si call prtstr jmp lm2 @@ -266,13 +266,13 @@ skip_bail: jnz skip_pause push %si push %dx - leaw bootsym(menu_more_msg), %si # '' + movw $bootsym(menu_more_msg), %si # '' call prtstr call flush 1: call getkey cmpb $0x20, %al # SPACE ? jne 1b # yes - manual mode selection - leaw bootsym(crlft), %si + movw $bootsym(crlft), %si call prtstr pop %dx pop %si @@ -283,9 +283,9 @@ skip_pause: movb $'a', %dl jmp lm1 -lm2: leaw bootsym(prompt), %si # Mode prompt +lm2: movw $bootsym(prompt), %si # Mode prompt call prtstr - leaw bootsym(edit_buf), %di # Editor buffer + movw $bootsym(edit_buf), %di # Editor buffer lm3: call getkey cmpb $0x0d, %al # Enter? jz lment @@ -315,9 +315,9 @@ lmbs: cmpw $bootsym(edit_buf), %di # Backspace jmp lm3 lment: movb $0, (%di) - leaw bootsym(crlft), %si + movw $bootsym(crlft), %si call prtstr - leaw bootsym(edit_buf), %si + movw $bootsym(edit_buf), %si cmpb $0, (%si) # Empty string = default mode jz lmdef @@ -373,7 +373,7 @@ mnusel: lodsb # Menu selection lmuse: call mode_set jc lmdef -lmbad: leaw bootsym(unknt), %si +lmbad: movw $bootsym(unknt), %si call prtstr jmp mode_menu lmdef: ret @@ -424,13 +424,13 @@ setmenu: jmp mode_set check_vesa: - leaw vesa_glob_info, %di + movw $vesa_glob_info, %di movw $0x4f00, %ax int $0x10 cmpw $0x004f, %ax jnz setbad - leaw vesa_mode_info, %di # Get mode information structure + movw $vesa_mode_info, %di # Get mode information structure leaw -VIDEO_FIRST_VESA(%bx), %cx movw $0x4f01, %ax int $0x10 @@ -497,7 +497,7 @@ inidx: outb %al, %dx # Read from indexed VGA register setvesabysize: call mode_table - leaw modelist,%si + movw $modelist,%si 1: add $8,%si movw -8(%si),%bx cmpw $ASK_VGA,%bx # End? @@ -656,8 +656,8 @@ mode_table: orw %di, %di jnz mtab1 - leaw modelist, %di # Store standard modes: - leaw bootsym(vga_modes), %si # All modes for std VGA + movw $modelist, %di # Store standard modes: + movw $bootsym(vga_modes), %si # All modes for std VGA movw $vga_modes_end-vga_modes, %cx rep movsb @@ -665,7 +665,7 @@ mode_table: movw $ASK_VGA, (%di) # End marker movw %di, bootsym(mt_end) -mtab1: leaw modelist, %si # SI=mode list, DI=list end +mtab1: movw $modelist, %si # SI=mode list, DI=list end ret0: ret # Modes usable on all standard VGAs @@ -681,7 +681,7 @@ vga_modes_end: # If the current mode is a VESA graphics one, obtain its parameters. set_current: - leaw vesa_glob_info, %di + movw $vesa_glob_info, %di movw $0x4f00, %ax int $0x10 cmpw $0x004f, %ax @@ -692,7 +692,7 @@ set_current: cmpw $0x004f, %ax jne .Lsetc_done - leaw vesa_mode_info, %di # Get mode information structure + movw $vesa_mode_info, %di # Get mode information structure movw %bx, %cx movw $0x4f01, %ax int $0x10 @@ -715,7 +715,7 @@ set_current: # Detect VESA modes. vesa_modes: movw %di, %bp # BP=original mode table end - leaw vesa_glob_info, %di + movw $vesa_glob_info, %di movw $0x4f00, %ax # VESA Get card info call int $0x10 movw %di, %si @@ -772,7 +772,7 @@ vesa2: pushw %cx addw $8, %di # The mode is valid. Store it. vesan: loop vesa1 # Next mode. Limit exceeded => error -vesae: leaw bootsym(vesaer), %si +vesae: movw $bootsym(vesaer), %si call prtstr movw %bp, %di # Discard already found modes. vesar: popw %gs @@ -917,7 +917,7 @@ store_edid: cmpb $1, %al # EDID disabled on cmdline (edid=no)? je .Lno_edid - leaw vesa_glob_info, %di + movw $vesa_glob_info, %di movw $0x4f00, %ax int $0x10 cmpw $0x004f, %ax -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 11 10:44:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Apr 2022 10:44:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.302949.516872 (Exim 4.92) (envelope-from ) id 1ndrXK-0007dp-1a; Mon, 11 Apr 2022 10:44:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 302949.516872; Mon, 11 Apr 2022 10:44:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrXJ-0007db-UO; Mon, 11 Apr 2022 10:44:45 +0000 Received: by outflank-mailman (input) for mailman id 302949; Mon, 11 Apr 2022 10:44:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrXI-0007cu-KK for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ndrXI-00042q-Jc for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ndrXI-0003iD-IY for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 10:44:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LoXUYd/H/U91GmA6aAd7gKXhOGBNuah4aObg5BiAaSk=; b=0d31iufHzVXHm4j91PPTvpkrJ2 9S80JNTovTb6oGXZG7Yv5i24pM6FHgj1/I5tjMmSUAKPXI1LwgKY/vWSUbzE/A6WT0VA3BVLf9Oj9 0MjGNm+IYRLVWTYnzMjw9np6JmrwbTr0aQdW+B2yUuHo0OzObW6nsGa/9bKN6zMX1zLw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/xl: fix vif and vcpupin parse tests Message-Id: Date: Mon, 11 Apr 2022 10:44:44 +0000 commit f44201124e8713f6eff80f349351b5740001c6fc Author: Roger Pau MonnĂ© AuthorDate: Mon Apr 11 12:33:02 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 11 12:33:02 2022 +0200 tools/xl: fix vif and vcpupin parse tests Current vif and vcpupin parse tests are out of sync. First of all, xl returns 1 on failure, so replace the expected error code. Secondly fix the expected output from some vif tests, as xl will no longer print the unpopulated fields. Signed-off-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD --- tools/xl/check-xl-vcpupin-parse | 2 +- tools/xl/check-xl-vif-parse | 52 +---------------------------------------- 2 files changed, 2 insertions(+), 52 deletions(-) diff --git a/tools/xl/check-xl-vcpupin-parse b/tools/xl/check-xl-vcpupin-parse index 21f8421ad0..633616a597 100755 --- a/tools/xl/check-xl-vcpupin-parse +++ b/tools/xl/check-xl-vcpupin-parse @@ -158,7 +158,7 @@ END RANDOM=$seed echo "# Testing a wrong configuration" >> $outfile -write foo 255 "" +write foo 1 "" echo "# Testing the 'all' syntax" >> $outfile write "all" 0 "cpumap: all" diff --git a/tools/xl/check-xl-vif-parse b/tools/xl/check-xl-vif-parse index 02c6dbaeb6..04bd9463d8 100755 --- a/tools/xl/check-xl-vif-parse +++ b/tools/xl/check-xl-vif-parse @@ -40,7 +40,7 @@ complete () { fi } -e=255 +e=1 #---------- test data ---------- @@ -62,16 +62,6 @@ one $e rate=10ZB/m # test b/s and B/s rate units expected < Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Apr 2022 21:55:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.303247.517349 (Exim 4.92) (envelope-from ) id 1ne1zz-0004NR-BO; Mon, 11 Apr 2022 21:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 303247.517349; Mon, 11 Apr 2022 21:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne1zz-0004NK-8c; Mon, 11 Apr 2022 21:55:03 +0000 Received: by outflank-mailman (input) for mailman id 303247; Mon, 11 Apr 2022 21:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne1zy-0004NE-CB for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne1zy-00011W-Ah for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ne1zy-0004bs-9l for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7Ek78y8MLYb0NN8BzDiTFU96DRySmvsFQ4GIsyypUQU=; b=Y7mqetjcpoK5IFNp69FnY70MlD D/FcHY4q/7z9G01rYwvIzS0J88kFgqMSvPEpeb3Txd2mwYUXq11FIS7Q+c1JAUWv9gDjrmS/SfwdU /FxKxm9WnST7vUihUMJaRCqFOHck3f+CjaY+6kZWojA3j1hAd5S8z6DXwazCfhbgEDCk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/boot: make "vga=current" work with graphics modes Message-Id: Date: Mon, 11 Apr 2022 21:55:02 +0000 commit 927aee59826fbebb87f099cc95b945f1dcb1ba5c Author: Jan Beulich AuthorDate: Mon Apr 11 12:29:14 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 11 12:29:14 2022 +0200 x86/boot: make "vga=current" work with graphics modes GrUB2 can be told to leave the screen in the graphics mode it has been using (or any other one), via "set gfxpayload=keep" (or suitable variants thereof). In this case we can avoid doing another mode switch ourselves. This in particular avoids possibly setting the screen to a less desirable mode: On one of my test systems the set of modes reported available by the VESA BIOS depends on whether the interposed KVM switch has that machine set as the active one. If it's not active, only modes up to 1024x768 get reported, while when active 1280x1024 modes are also included. For things to always work with an explicitly specified mode (via the "vga=" option), that mode therefore needs be a 1024x768 one. For some reason this only works for me with "multiboot2" (and "module2"); "multiboot" (and "module") still forces the screen into text mode, despite my reading of the sources suggesting otherwise. For starters I'm limiting this to graphics modes; I do think this ought to also work for text modes, but - I can't tell whether GrUB2 can set any text mode other than 80x25 (I've only found plain "text" to be valid as a "gfxpayload" setting), - I'm uncertain whether supporting that is worth it, since I'm uncertain how many people would be running their systems/screens in text mode, - I'd like to limit the amount of code added to the realmode trampoline. For starters I'm also limiting mode information retrieval to raw BIOS accesses. This will allow things to work (in principle) also with other boot environments where a graphics mode can be left in place. The downside is that this then still is dependent upon switching back to real mode, so retrieving the needed information from multiboot info is likely going to be desirable down the road. Signed-off-by: Jan Beulich Acked-by: Roger Pau MonnĂ© Acked-by: Henry Wang --- CHANGELOG.md | 4 ++++ xen/arch/x86/boot/video.S | 34 +++++++++++++++++++++++++++++++++- 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 83d85fad5b..6a7755d7b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## [unstable UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - TBD +### Changed + - On x86 "vga=current" can now be used together with GrUB2's gfxpayload setting. Note that + this requires use of "multiboot2" (and "module2") as the GrUB commands loading Xen. + ### Removed / support downgraded - dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S index ee993e1073..1b3f363fc4 100644 --- a/xen/arch/x86/boot/video.S +++ b/xen/arch/x86/boot/video.S @@ -566,7 +566,6 @@ set14: movw $0x1111, %ax # Use 9x14 font movb $0x01, %ah # Define cursor scan lines 11-12 movw $0x0b0c, %cx int $0x10 -set_current: stc ret @@ -680,6 +679,39 @@ vga_modes: .word VIDEO_80x60, 0x50,0x3c,0 # 80x60 vga_modes_end: +# If the current mode is a VESA graphics one, obtain its parameters. +set_current: + leaw vesa_glob_info, %di + movw $0x4f00, %ax + int $0x10 + cmpw $0x004f, %ax + jne .Lsetc_done + + movw $0x4f03, %ax + int $0x10 + cmpw $0x004f, %ax + jne .Lsetc_done + + leaw vesa_mode_info, %di # Get mode information structure + movw %bx, %cx + movw $0x4f01, %ax + int $0x10 + cmpw $0x004f, %ax + jne .Lsetc_done + + movb (%di), %al # Check mode attributes + andb $0x9b, %al + cmpb $0x9b, %al + jne .Lsetc_done # Doh! No linear frame buffer + + movb $1, bootsym(graphic_mode) + movw %bx, bootsym(boot_vid_mode) + movw %bx, bootsym(video_mode) + +.Lsetc_done: + stc + ret + # Detect VESA modes. vesa_modes: movw %di, %bp # BP=original mode table end -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 11 21:55:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Apr 2022 21:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.303248.517353 (Exim 4.92) (envelope-from ) id 1ne209-0004PP-D6; Mon, 11 Apr 2022 21:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 303248.517353; Mon, 11 Apr 2022 21:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne209-0004PH-A6; Mon, 11 Apr 2022 21:55:13 +0000 Received: by outflank-mailman (input) for mailman id 303248; Mon, 11 Apr 2022 21:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne208-0004P5-F4 for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne208-00011g-EC for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ne208-0004cp-DF for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qrslQZiyK4L5BLaCUZVZ3G3ePr08E3CE/7NCjv6Oj+0=; b=c+kNrhPsCYX4IqEEYEaDJtmMPx hDiZiVD560IaBHGyE7iCL7zLd1Aup4xVv4S+CwWhRt3in7ZxDk6aVLOn8FXn1PNPDJsPZyWanp1YV Dx/jZT2nNh256iLARlojYYFXNazL3q3hBJ11/h1aw8IlOoxPpCXgrtwH59rw22xze7Co=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/boot: obtain video info from boot loader Message-Id: Date: Mon, 11 Apr 2022 21:55:12 +0000 commit 0faf37e7434ea08ed99d804aad98fcddf74852e7 Author: Jan Beulich AuthorDate: Mon Apr 11 12:30:09 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 11 12:30:09 2022 +0200 x86/boot: obtain video info from boot loader With MB2 the boot loader may provide this information, allowing us to obtain it without needing to enter real mode (assuming we don't need to set a new mode from "vga=", but can instead inherit the one the bootloader may have established). Signed-off-by: Jan Beulich Acked-by: Roger Pau MonnĂ© --- xen/arch/x86/boot/defs.h | 1 + xen/arch/x86/boot/head.S | 10 ++++- xen/arch/x86/boot/reloc.c | 98 ++++++++++++++++++++++++++++++++++++++++---- xen/arch/x86/boot/video.h | 41 ++++++++++++++++++ xen/arch/x86/setup.c | 30 +------------- xen/include/xen/multiboot2.h | 53 ++++++++++++++++++++++++ 6 files changed, 195 insertions(+), 38 deletions(-) diff --git a/xen/arch/x86/boot/defs.h b/xen/arch/x86/boot/defs.h index 21d292cd73..f9840044ec 100644 --- a/xen/arch/x86/boot/defs.h +++ b/xen/arch/x86/boot/defs.h @@ -53,6 +53,7 @@ typedef unsigned int u32; typedef unsigned long long u64; typedef unsigned int size_t; typedef u8 uint8_t; +typedef u16 uint16_t; typedef u32 uint32_t; typedef u64 uint64_t; diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index 92d73345f0..3db47197b8 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -562,12 +562,18 @@ trampoline_setup: mov %esi, sym_esi(xen_phys_start) mov %esi, sym_esi(trampoline_xen_phys_start) - mov sym_esi(trampoline_phys), %ecx - /* Get bottom-most low-memory stack address. */ + mov sym_esi(trampoline_phys), %ecx add $TRAMPOLINE_SPACE,%ecx +#ifdef CONFIG_VIDEO + lea sym_esi(boot_vid_info), %edx +#else + xor %edx, %edx +#endif + /* Save Multiboot / PVH info struct (after relocation) for later use. */ + push %edx /* Boot video info to be filled from MB2. */ push %ecx /* Bottom-most low-memory stack address. */ push %ebx /* Multiboot / PVH information address. */ push %eax /* Magic number. */ diff --git a/xen/arch/x86/boot/reloc.c b/xen/arch/x86/boot/reloc.c index 4f4039bb7c..e22bb974bf 100644 --- a/xen/arch/x86/boot/reloc.c +++ b/xen/arch/x86/boot/reloc.c @@ -14,9 +14,10 @@ /* * This entry point is entered from xen/arch/x86/boot/head.S with: - * - 0x4(%esp) = MAGIC, - * - 0x8(%esp) = INFORMATION_ADDRESS, - * - 0xc(%esp) = TOPMOST_LOW_MEMORY_STACK_ADDRESS. + * - 0x04(%esp) = MAGIC, + * - 0x08(%esp) = INFORMATION_ADDRESS, + * - 0x0c(%esp) = TOPMOST_LOW_MEMORY_STACK_ADDRESS. + * - 0x10(%esp) = BOOT_VIDEO_INFO_ADDRESS. */ asm ( " .text \n" @@ -32,6 +33,39 @@ asm ( #include "../../../include/xen/kconfig.h" #include +#ifdef CONFIG_VIDEO +# include "video.h" + +/* VESA control information */ +struct __packed vesa_ctrl_info { + uint8_t signature[4]; + uint16_t version; + uint32_t oem_name; + uint32_t capabilities; + uint32_t mode_list; + uint16_t mem_size; + /* We don't use any further fields. */ +}; + +/* VESA 2.0 mode information */ +struct vesa_mode_info { + uint16_t attrib; + uint8_t window[14]; /* We don't use the individual fields. */ + uint16_t bytes_per_line; + uint16_t width; + uint16_t height; + uint8_t cell_width; + uint8_t cell_height; + uint8_t nr_planes; + uint8_t depth; + uint8_t memory[5]; /* We don't use the individual fields. */ + struct boot_video_colors colors; + uint8_t direct_color; + uint32_t base; + /* We don't use any further fields. */ +}; +#endif /* CONFIG_VIDEO */ + #define get_mb2_data(tag, type, member) (((multiboot2_tag_##type##_t *)(tag))->member) #define get_mb2_string(tag, type, member) ((u32)get_mb2_data(tag, type, member)) @@ -146,7 +180,7 @@ static multiboot_info_t *mbi_reloc(u32 mbi_in) return mbi_out; } -static multiboot_info_t *mbi2_reloc(u32 mbi_in) +static multiboot_info_t *mbi2_reloc(uint32_t mbi_in, uint32_t video_out) { const multiboot2_fixed_t *mbi_fix = _p(mbi_in); const multiboot2_memory_map_t *mmap_src; @@ -154,6 +188,9 @@ static multiboot_info_t *mbi2_reloc(u32 mbi_in) module_t *mbi_out_mods = NULL; memory_map_t *mmap_dst; multiboot_info_t *mbi_out; +#ifdef CONFIG_VIDEO + struct boot_video_info *video = NULL; +#endif u32 ptr; unsigned int i, mod_idx = 0; @@ -254,17 +291,64 @@ static multiboot_info_t *mbi2_reloc(u32 mbi_in) ++mod_idx; break; +#ifdef CONFIG_VIDEO + case MULTIBOOT2_TAG_TYPE_VBE: + if ( video_out ) + { + const struct vesa_ctrl_info *ci; + const struct vesa_mode_info *mi; + + video = _p(video_out); + ci = (void *)get_mb2_data(tag, vbe, vbe_control_info); + mi = (void *)get_mb2_data(tag, vbe, vbe_mode_info); + + if ( ci->version >= 0x0200 && (mi->attrib & 0x9b) == 0x9b ) + { + video->capabilities = ci->capabilities; + video->lfb_linelength = mi->bytes_per_line; + video->lfb_width = mi->width; + video->lfb_height = mi->height; + video->lfb_depth = mi->depth; + video->lfb_base = mi->base; + video->lfb_size = ci->mem_size; + video->colors = mi->colors; + video->vesa_attrib = mi->attrib; + } + + video->vesapm.seg = get_mb2_data(tag, vbe, vbe_interface_seg); + video->vesapm.off = get_mb2_data(tag, vbe, vbe_interface_off); + } + break; + + case MULTIBOOT2_TAG_TYPE_FRAMEBUFFER: + if ( (get_mb2_data(tag, framebuffer, framebuffer_type) != + MULTIBOOT2_FRAMEBUFFER_TYPE_RGB) ) + { + video_out = 0; + video = NULL; + } + break; +#endif /* CONFIG_VIDEO */ + case MULTIBOOT2_TAG_TYPE_END: - return mbi_out; + goto end; /* Cannot "break;" here. */ default: break; } + end: + +#ifdef CONFIG_VIDEO + if ( video ) + video->orig_video_isVGA = 0x23; +#endif + return mbi_out; } -void * __stdcall reloc(u32 magic, u32 in, u32 trampoline) +void *__stdcall reloc(uint32_t magic, uint32_t in, uint32_t trampoline, + uint32_t video_info) { alloc = trampoline; @@ -274,7 +358,7 @@ void * __stdcall reloc(u32 magic, u32 in, u32 trampoline) return mbi_reloc(in); case MULTIBOOT2_BOOTLOADER_MAGIC: - return mbi2_reloc(in); + return mbi2_reloc(in, video_info); case XEN_HVM_START_MAGIC_VALUE: if ( IS_ENABLED(CONFIG_PVH_GUEST) ) diff --git a/xen/arch/x86/boot/video.h b/xen/arch/x86/boot/video.h index 4026954196..6a7775d242 100644 --- a/xen/arch/x86/boot/video.h +++ b/xen/arch/x86/boot/video.h @@ -28,4 +28,45 @@ /* The "recalculate timings" flag */ #define VIDEO_RECALC 0x8000 +#ifndef __ASSEMBLY__ +struct boot_video_info { + uint8_t orig_x; /* 0x00 */ + uint8_t orig_y; /* 0x01 */ + uint8_t orig_video_mode; /* 0x02 */ + uint8_t orig_video_cols; /* 0x03 */ + uint8_t orig_video_lines; /* 0x04 */ + uint8_t orig_video_isVGA; /* 0x05 */ + uint16_t orig_video_points; /* 0x06 */ + + /* VESA graphic mode -- linear frame buffer */ + uint32_t capabilities; /* 0x08 */ + uint16_t lfb_linelength; /* 0x0c */ + uint16_t lfb_width; /* 0x0e */ + uint16_t lfb_height; /* 0x10 */ + uint16_t lfb_depth; /* 0x12 */ + uint32_t lfb_base; /* 0x14 */ + uint32_t lfb_size; /* 0x18 */ + union { + struct { + uint8_t red_size; /* 0x1c */ + uint8_t red_pos; /* 0x1d */ + uint8_t green_size; /* 0x1e */ + uint8_t green_pos; /* 0x1f */ + uint8_t blue_size; /* 0x20 */ + uint8_t blue_pos; /* 0x21 */ + uint8_t rsvd_size; /* 0x22 */ + uint8_t rsvd_pos; /* 0x23 */ + }; + struct boot_video_colors { + uint8_t rgbr[8]; + } colors; + }; + struct { + uint16_t seg; /* 0x24 */ + uint16_t off; /* 0x26 */ + } vesapm; + uint16_t vesa_attrib; /* 0x28 */ +}; +#endif /* __ASSEMBLY__ */ + #endif /* __BOOT_VIDEO_H__ */ diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index a0ee8d206f..6f20e17892 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -532,35 +532,7 @@ static void __init setup_max_pdx(unsigned long top_page) static struct e820map __initdata boot_e820; #ifdef CONFIG_VIDEO -struct boot_video_info { - u8 orig_x; /* 0x00 */ - u8 orig_y; /* 0x01 */ - u8 orig_video_mode; /* 0x02 */ - u8 orig_video_cols; /* 0x03 */ - u8 orig_video_lines; /* 0x04 */ - u8 orig_video_isVGA; /* 0x05 */ - u16 orig_video_points; /* 0x06 */ - - /* VESA graphic mode -- linear frame buffer */ - u32 capabilities; /* 0x08 */ - u16 lfb_linelength; /* 0x0c */ - u16 lfb_width; /* 0x0e */ - u16 lfb_height; /* 0x10 */ - u16 lfb_depth; /* 0x12 */ - u32 lfb_base; /* 0x14 */ - u32 lfb_size; /* 0x18 */ - u8 red_size; /* 0x1c */ - u8 red_pos; /* 0x1d */ - u8 green_size; /* 0x1e */ - u8 green_pos; /* 0x1f */ - u8 blue_size; /* 0x20 */ - u8 blue_pos; /* 0x21 */ - u8 rsvd_size; /* 0x22 */ - u8 rsvd_pos; /* 0x23 */ - u16 vesapm_seg; /* 0x24 */ - u16 vesapm_off; /* 0x26 */ - u16 vesa_attrib; /* 0x28 */ -}; +# include "boot/video.h" extern struct boot_video_info boot_vid_info; #endif diff --git a/xen/include/xen/multiboot2.h b/xen/include/xen/multiboot2.h index 5acd225044..f792040205 100644 --- a/xen/include/xen/multiboot2.h +++ b/xen/include/xen/multiboot2.h @@ -158,6 +158,59 @@ typedef struct { multiboot2_memory_map_t entries[]; } multiboot2_tag_mmap_t; +typedef struct +{ + uint32_t type; + uint32_t size; + uint16_t vbe_mode; + uint16_t vbe_interface_seg; + uint16_t vbe_interface_off; + uint16_t vbe_interface_len; + uint8_t vbe_control_info[512]; + uint8_t vbe_mode_info[256]; +} multiboot2_tag_vbe_t; + +typedef struct +{ + uint8_t red; + uint8_t green; + uint8_t blue; +} multiboot2_color_t; + +typedef struct +{ + uint32_t type; + uint32_t size; + uint64_t framebuffer_addr; + uint32_t framebuffer_pitch; + uint32_t framebuffer_width; + uint32_t framebuffer_height; + uint8_t framebuffer_bpp; +#define MULTIBOOT2_FRAMEBUFFER_TYPE_INDEXED 0 +#define MULTIBOOT2_FRAMEBUFFER_TYPE_RGB 1 +#define MULTIBOOT2_FRAMEBUFFER_TYPE_EGA_TEXT 2 + uint8_t framebuffer_type; + uint16_t reserved; + + union + { + struct + { + uint16_t framebuffer_palette_num_colors; + multiboot2_color_t framebuffer_palette[]; + }; + struct + { + uint8_t framebuffer_red_field_position; + uint8_t framebuffer_red_mask_size; + uint8_t framebuffer_green_field_position; + uint8_t framebuffer_green_mask_size; + uint8_t framebuffer_blue_field_position; + uint8_t framebuffer_blue_mask_size; + }; + }; +} multiboot2_tag_framebuffer_t; + typedef struct { u32 type; u32 size; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 11 21:55:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Apr 2022 21:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.303249.517357 (Exim 4.92) (envelope-from ) id 1ne20J-0004SN-Ej; Mon, 11 Apr 2022 21:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 303249.517357; Mon, 11 Apr 2022 21:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20J-0004SE-BY; Mon, 11 Apr 2022 21:55:23 +0000 Received: by outflank-mailman (input) for mailman id 303249; Mon, 11 Apr 2022 21:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20I-0004S0-JR for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20I-00011u-Ie for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ne20I-0004e4-Hj for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aFFZZ+dfadpTVG+chNFh5Iw8ReWt15pIWU/bBWIR8BU=; b=CZ+a9r2lMAAetVSM/WLAIYG7P4 wIQ4dhEASS2RqTwCYEQJgtFfX2PeKhRU1n+nUj6I2Duv5MYHn1L64UQbShjWQNuCMx5bYuuhJzJPV bqPfpOXftnMqppnsKPnbeCEiZquGyRfUHTKuCwvEfMfUWnDuQtWxmg0U0w1sIVvwFAss=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: Introduce a header to store common linker scripts content Message-Id: Date: Mon, 11 Apr 2022 21:55:22 +0000 commit 6af59c45a44a013c42e6e9d45d73c7edadb4e531 Author: Michal Orzel AuthorDate: Mon Apr 11 09:02:59 2022 +0200 Commit: Julien Grall CommitDate: Mon Apr 11 11:26:06 2022 +0100 xen: Introduce a header to store common linker scripts content Both x86 and arm linker scripts share quite a lot of common content. It is difficult to keep syncing them up, thus introduce a new header in include/xen called xen.lds.h to store the internals mutual to all the linker scripts. Include this header in linker scripts for x86 and arm. This patch serves as an intermediate step before populating xen.lds.h and making use of its content in the linker scripts later on. Signed-off-by: Michal Orzel Acked-by: Jan Beulich Acked-by: Julien Grall --- xen/arch/arm/xen.lds.S | 1 + xen/arch/x86/xen.lds.S | 1 + xen/include/xen/xen.lds.h | 8 ++++++++ 3 files changed, 10 insertions(+) diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S index ad7f966f0e..d20e5e94e4 100644 --- a/xen/arch/arm/xen.lds.S +++ b/xen/arch/arm/xen.lds.S @@ -4,6 +4,7 @@ #include #include +#include #include #undef ENTRY #undef ALIGN diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 6926e88e54..1fcd8ab7c5 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -3,6 +3,7 @@ #include #include +#include #include #undef ENTRY #undef ALIGN diff --git a/xen/include/xen/xen.lds.h b/xen/include/xen/xen.lds.h new file mode 100644 index 0000000000..dd292fa7dc --- /dev/null +++ b/xen/include/xen/xen.lds.h @@ -0,0 +1,8 @@ +#ifndef __XEN_LDS_H__ +#define __XEN_LDS_H__ + +/* + * Common macros to be used in architecture specific linker scripts. + */ + +#endif /* __XEN_LDS_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 11 21:55:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Apr 2022 21:55:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.303250.517361 (Exim 4.92) (envelope-from ) id 1ne20U-0004VR-Gb; Mon, 11 Apr 2022 21:55:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 303250.517361; Mon, 11 Apr 2022 21:55:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20U-0004VJ-D8; Mon, 11 Apr 2022 21:55:34 +0000 Received: by outflank-mailman (input) for mailman id 303250; Mon, 11 Apr 2022 21:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20S-0004Uz-MP for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20S-00012Y-LU for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ne20S-0004er-Kk for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SIbWcPMZsj/Lq49QPC1rrL2vWg6EqKckN+pj2ApcPOk=; b=XQQZvH+bTD8bUhjjBHYVts/05t CWpELsIEy0f4I1jMfL5E+9Xz/pXDspeiP3etkXVrKvVcsMkspAKZkTDqfKjZcbuK3ZLEcLVZQaQH2 a9X8+wD2Vky5RDpptF/cVCH7Xc0WZIkGZrryYAMKIl7NN/1NQsfzLcHgc9Pk3TplimEE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: Populate xen.lds.h and make use of its macros Message-Id: Date: Mon, 11 Apr 2022 21:55:32 +0000 commit 5e3a6606be4ac58786ded130e73ae82f572c27fb Author: Michal Orzel AuthorDate: Mon Apr 11 09:03:00 2022 +0200 Commit: Julien Grall CommitDate: Mon Apr 11 11:26:23 2022 +0100 xen: Populate xen.lds.h and make use of its macros Populate header file xen.lds.h with the first portion of macros storing constructs common to x86 and arm linker scripts. Replace the original constructs with these helpers. No functional improvements to x86 linker script. Making use of common macros improves arm linker script with: - explicit list of debug sections that otherwise are seen as "orphans" by the linker. This will allow to fix issues after enabling linker option --orphan-handling one day, - extended list of discarded section to include: .discard, destructors related sections, .fini_array which can reference .text.exit, - sections not related to debugging that are placed by ld.lld. Even though we do not support linking with LLD on Arm, these sections do not cause problem to GNU ld, As we are replacing hardcoded boundary specified as an argument to ALIGN function with POINTER_ALIGN, this changes the alignment in HYPFS_PARAM construct for arm32 from 8 to 4. It is fine as there are no 64bit values used in struct param_hypfs. Please note that this patch does not aim to perform the full sync up between the linker scripts. It creates a base for further work. Signed-off-by: Michal Orzel Reviewed-by: Jan Beulich Reviewed-by: Julien Grall --- xen/arch/arm/xen.lds.S | 44 ++++------------ xen/arch/x86/xen.lds.S | 96 +++------------------------------- xen/include/xen/xen.lds.h | 129 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 147 insertions(+), 122 deletions(-) diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S index d20e5e94e4..1e986e211f 100644 --- a/xen/arch/arm/xen.lds.S +++ b/xen/arch/arm/xen.lds.S @@ -69,12 +69,7 @@ SECTIONS *(.proc.info) __proc_info_end = .; -#ifdef CONFIG_HAS_VPCI - . = ALIGN(POINTER_ALIGN); - __start_vpci_array = .; - *(SORT(.data.vpci.*)) - __end_vpci_array = .; -#endif + VPCI_ARRAY } :text #if defined(BUILD_ID) @@ -110,12 +105,7 @@ SECTIONS *(.data.schedulers) __end_schedulers_array = .; -#ifdef CONFIG_HYPFS - . = ALIGN(8); - __paramhypfs_start = .; - *(.data.paramhypfs) - __paramhypfs_end = .; -#endif + HYPFS_PARAM *(.data .data.*) CONSTRUCTORS @@ -179,12 +169,7 @@ SECTIONS *(.altinstructions) __alt_instructions_end = .; -#ifdef CONFIG_DEBUG_LOCK_PROFILE - . = ALIGN(POINTER_ALIGN); - __lock_profile_start = .; - *(.lockprofile.data) - __lock_profile_end = .; -#endif + LOCK_PROFILE_DATA *(.init.data) *(.init.data.rel) @@ -223,22 +208,13 @@ SECTIONS /* Section for the device tree blob (if any). */ .dtb : { *(.dtb) } :text - /* Sections to be discarded */ - /DISCARD/ : { - *(.exit.text) - *(.exit.data) - *(.exitcall.exit) - *(.eh_frame) - } - - /* Stabs debugging sections. */ - .stab 0 : { *(.stab) } - .stabstr 0 : { *(.stabstr) } - .stab.excl 0 : { *(.stab.excl) } - .stab.exclstr 0 : { *(.stab.exclstr) } - .stab.index 0 : { *(.stab.index) } - .stab.indexstr 0 : { *(.stab.indexstr) } - .comment 0 : { *(.comment) } + DWARF2_DEBUG_SECTIONS + + DISCARD_SECTIONS + + STABS_DEBUG_SECTIONS + + ELF_DETAILS_SECTIONS } /* diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 1fcd8ab7c5..68501c7186 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -14,13 +14,6 @@ #undef __XEN_VIRT_START #define __XEN_VIRT_START __image_base__ #define DECL_SECTION(x) x : -/* - * Use the NOLOAD directive, despite currently ignored by (at least) GNU ld - * for PE output, in order to record that we'd prefer these sections to not - * be loaded into memory. - */ -#define DECL_DEBUG(x, a) #x ALIGN(a) (NOLOAD) : { *(x) } -#define DECL_DEBUG2(x, y, a) #x ALIGN(a) (NOLOAD) : { *(x) *(y) } ENTRY(efi_start) @@ -28,8 +21,6 @@ ENTRY(efi_start) #define FORMAT "elf64-x86-64" #define DECL_SECTION(x) #x : AT(ADDR(#x) - __XEN_VIRT_START) -#define DECL_DEBUG(x, a) #x 0 : { *(x) } -#define DECL_DEBUG2(x, y, a) #x 0 : { *(x) *(y) } ENTRY(start_pa) @@ -160,12 +151,7 @@ SECTIONS *(.note.gnu.build-id) __note_gnu_build_id_end = .; #endif -#ifdef CONFIG_HAS_VPCI - . = ALIGN(POINTER_ALIGN); - __start_vpci_array = .; - *(SORT(.data.vpci.*)) - __end_vpci_array = .; -#endif + VPCI_ARRAY } PHDR(text) #if defined(CONFIG_PVH_GUEST) && !defined(EFI) @@ -279,12 +265,7 @@ SECTIONS *(.altinstructions) __alt_instructions_end = .; -#ifdef CONFIG_DEBUG_LOCK_PROFILE - . = ALIGN(POINTER_ALIGN); - __lock_profile_start = .; - *(.lockprofile.data) - __lock_profile_end = .; -#endif + LOCK_PROFILE_DATA . = ALIGN(8); __ctors_start = .; @@ -336,12 +317,7 @@ SECTIONS *(.data.schedulers) __end_schedulers_array = .; -#ifdef CONFIG_HYPFS - . = ALIGN(8); - __paramhypfs_start = .; - *(.data.paramhypfs) - __paramhypfs_end = .; -#endif + HYPFS_PARAM } PHDR(text) DECL_SECTION(.data) { @@ -388,33 +364,7 @@ SECTIONS efi = .; #endif - /* - * Explicitly list debug sections, first of all to avoid these sections being - * viewed as "orphan" by the linker. - * - * For the PE output this is further necessary so that they don't end up at - * VA 0, which is below image base and thus invalid. Note that we're past - * _end here, so if these sections get loaded they'll be discarded at runtime - * anyway. - */ - DECL_DEBUG(.debug_abbrev, 1) - DECL_DEBUG2(.debug_info, .gnu.linkonce.wi.*, 1) - DECL_DEBUG(.debug_types, 1) - DECL_DEBUG(.debug_str, 1) - DECL_DEBUG2(.debug_line, .debug_line.*, 1) - DECL_DEBUG(.debug_line_str, 1) - DECL_DEBUG(.debug_names, 4) - DECL_DEBUG(.debug_frame, 4) - DECL_DEBUG(.debug_loc, 1) - DECL_DEBUG(.debug_loclists, 4) - DECL_DEBUG(.debug_macinfo, 1) - DECL_DEBUG(.debug_macro, 1) - DECL_DEBUG(.debug_ranges, 8) - DECL_DEBUG(.debug_rnglists, 4) - DECL_DEBUG(.debug_addr, 8) - DECL_DEBUG(.debug_aranges, 1) - DECL_DEBUG(.debug_pubnames, 1) - DECL_DEBUG(.debug_pubtypes, 1) + DWARF2_DEBUG_SECTIONS #ifdef EFI /* Trick the linker into setting the image size to no less than 16Mb. */ @@ -428,42 +378,12 @@ SECTIONS hv_hcall_page = ABSOLUTE(HV_HCALL_PAGE - XEN_VIRT_START + __XEN_VIRT_START); #endif - /* Sections to be discarded */ - /DISCARD/ : { - *(.text.exit) - *(.exit.text) - *(.exit.data) - *(.exitcall.exit) - *(.discard) - *(.discard.*) - *(.eh_frame) - *(.dtors) - *(.dtors.*) - *(.fini_array) - *(.fini_array.*) -#ifdef EFI - *(.comment) - *(.comment.*) - *(.note.*) -#endif - } + DISCARD_SECTIONS #ifndef EFI - /* Stabs debugging sections. */ - .stab 0 : { *(.stab) } - .stabstr 0 : { *(.stabstr) } - .stab.excl 0 : { *(.stab.excl) } - .stab.exclstr 0 : { *(.stab.exclstr) } - .stab.index 0 : { *(.stab.index) } - .stab.indexstr 0 : { *(.stab.indexstr) } - .comment 0 : { *(.comment) *(.comment.*) } - /* - * LLVM ld also wants .symtab, .strtab, and .shstrtab placed. These look to - * be benign to GNU ld, so we can have them here unconditionally. - */ - .symtab 0 : { *(.symtab) } - .strtab 0 : { *(.strtab) } - .shstrtab 0 : { *(.shstrtab) } + STABS_DEBUG_SECTIONS + + ELF_DETAILS_SECTIONS #endif } diff --git a/xen/include/xen/xen.lds.h b/xen/include/xen/xen.lds.h index dd292fa7dc..fc47bb1ccc 100644 --- a/xen/include/xen/xen.lds.h +++ b/xen/include/xen/xen.lds.h @@ -5,4 +5,133 @@ * Common macros to be used in architecture specific linker scripts. */ +/* + * To avoid any confusion, please note that the EFI macro does not correspond + * to EFI support and is used when linking a native EFI (i.e. PE/COFF) binary, + * hence its usage in this header. + */ + +/* Macros to declare debug sections. */ +#ifdef EFI +/* + * Use the NOLOAD directive, despite currently ignored by (at least) GNU ld + * for PE output, in order to record that we'd prefer these sections to not + * be loaded into memory. + */ +#define DECL_DEBUG(x, a) #x ALIGN(a) (NOLOAD) : { *(x) } +#define DECL_DEBUG2(x, y, a) #x ALIGN(a) (NOLOAD) : { *(x) *(y) } +#else +#define DECL_DEBUG(x, a) #x 0 : { *(x) } +#define DECL_DEBUG2(x, y, a) #x 0 : { *(x) *(y) } +#endif + +/* + * DWARF2+ debug sections. + * Explicitly list debug sections, first of all to avoid these sections being + * viewed as "orphan" by the linker. + * + * For the PE output this is further necessary so that they don't end up at + * VA 0, which is below image base and thus invalid. Note that this macro is + * to be used after _end, so if these sections get loaded they'll be discarded + * at runtime anyway. + */ +#define DWARF2_DEBUG_SECTIONS \ + DECL_DEBUG(.debug_abbrev, 1) \ + DECL_DEBUG2(.debug_info, .gnu.linkonce.wi.*, 1) \ + DECL_DEBUG(.debug_types, 1) \ + DECL_DEBUG(.debug_str, 1) \ + DECL_DEBUG2(.debug_line, .debug_line.*, 1) \ + DECL_DEBUG(.debug_line_str, 1) \ + DECL_DEBUG(.debug_names, 4) \ + DECL_DEBUG(.debug_frame, 4) \ + DECL_DEBUG(.debug_loc, 1) \ + DECL_DEBUG(.debug_loclists, 4) \ + DECL_DEBUG(.debug_macinfo, 1) \ + DECL_DEBUG(.debug_macro, 1) \ + DECL_DEBUG(.debug_ranges, POINTER_ALIGN) \ + DECL_DEBUG(.debug_rnglists, 4) \ + DECL_DEBUG(.debug_addr, POINTER_ALIGN) \ + DECL_DEBUG(.debug_aranges, 1) \ + DECL_DEBUG(.debug_pubnames, 1) \ + DECL_DEBUG(.debug_pubtypes, 1) + +/* Stabs debug sections. */ +#define STABS_DEBUG_SECTIONS \ + .stab 0 : { *(.stab) } \ + .stabstr 0 : { *(.stabstr) } \ + .stab.excl 0 : { *(.stab.excl) } \ + .stab.exclstr 0 : { *(.stab.exclstr) } \ + .stab.index 0 : { *(.stab.index) } \ + .stab.indexstr 0 : { *(.stab.indexstr) } + +/* + * ELF sections. + * + * LLVM ld also wants .symtab, .strtab, and .shstrtab placed. These look to + * be benign to GNU ld, so we can have them here unconditionally. + */ +#define ELF_DETAILS_SECTIONS \ + .comment 0 : { *(.comment) *(.comment.*) } \ + .symtab 0 : { *(.symtab) } \ + .strtab 0 : { *(.strtab) } \ + .shstrtab 0 : { *(.shstrtab) } + +#ifdef EFI +#define DISCARD_EFI_SECTIONS \ + *(.comment) \ + *(.comment.*) \ + *(.note.*) +#else +#define DISCARD_EFI_SECTIONS +#endif + +/* Sections to be discarded. */ +#define DISCARD_SECTIONS \ + /DISCARD/ : { \ + *(.text.exit) \ + *(.exit.text) \ + *(.exit.data) \ + *(.exitcall.exit) \ + *(.discard) \ + *(.discard.*) \ + *(.eh_frame) \ + *(.dtors) \ + *(.dtors.*) \ + *(.fini_array) \ + *(.fini_array.*) \ + DISCARD_EFI_SECTIONS \ + } + +/* List of constructs other than *_SECTIONS in alphabetical order. */ + +#ifdef CONFIG_HYPFS +#define HYPFS_PARAM \ + . = ALIGN(POINTER_ALIGN); \ + __paramhypfs_start = .; \ + *(.data.paramhypfs) \ + __paramhypfs_end = .; +#else +#define HYPFS_PARAM +#endif + +#ifdef CONFIG_DEBUG_LOCK_PROFILE +#define LOCK_PROFILE_DATA \ + . = ALIGN(POINTER_ALIGN); \ + __lock_profile_start = .; \ + *(.lockprofile.data) \ + __lock_profile_end = .; +#else +#define LOCK_PROFILE_DATA +#endif + +#ifdef CONFIG_HAS_VPCI +#define VPCI_ARRAY \ + . = ALIGN(POINTER_ALIGN); \ + __start_vpci_array = .; \ + *(SORT(.data.vpci.*)) \ + __end_vpci_array = .; +#else +#define VPCI_ARRAY +#endif + #endif /* __XEN_LDS_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 11 21:55:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Apr 2022 21:55:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.303251.517364 (Exim 4.92) (envelope-from ) id 1ne20e-0004Yd-JU; Mon, 11 Apr 2022 21:55:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 303251.517364; Mon, 11 Apr 2022 21:55:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20e-0004YV-Gg; Mon, 11 Apr 2022 21:55:44 +0000 Received: by outflank-mailman (input) for mailman id 303251; Mon, 11 Apr 2022 21:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20c-0004YH-PK for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20c-00012i-OY for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ne20c-0004fa-Ni for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=k51lfYtN4W5wf7aVdAewyC8ZgYVvwZOvP9KFk05IEbA=; b=QbUcOwCgfA5lXnWphGZm8Hi9Xa pwgBaEtQe0XDFU9xnCVPnWSrw/3MvfN0V2jwrzsP2EYIVf/L2EEmoSsARoFfOR8aYFfNxr5SNah8v aq02n/smT+W65PGY7yOwM1yMX8V0lbbVizrx/+0XS4MEuFoGWB1JAVbDVKE0Amb4Q+iU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] Merge branch 'staging' of xenbits.xen.org:/home/xen/git/xen into staging Message-Id: Date: Mon, 11 Apr 2022 21:55:42 +0000 commit 76c7367d761a91e0f8e6d923d873d29c228e947b Merge: 0faf37e7434ea08ed99d804aad98fcddf74852e7 5e3a6606be4ac58786ded130e73ae82f572c27fb Author: Jan Beulich AuthorDate: Mon Apr 11 12:30:37 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 11 12:30:37 2022 +0200 Merge branch 'staging' of xenbits.xen.org:/home/xen/git/xen into staging xen/arch/arm/xen.lds.S | 45 ++++----------- xen/arch/x86/xen.lds.S | 97 +++----------------------------- xen/include/xen/xen.lds.h | 137 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 157 insertions(+), 122 deletions(-) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 11 21:55:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Apr 2022 21:55:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.303252.517369 (Exim 4.92) (envelope-from ) id 1ne20o-0004dc-L7; Mon, 11 Apr 2022 21:55:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 303252.517369; Mon, 11 Apr 2022 21:55:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20o-0004dU-I7; Mon, 11 Apr 2022 21:55:54 +0000 Received: by outflank-mailman (input) for mailman id 303252; Mon, 11 Apr 2022 21:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20m-0004cN-SK for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20m-00012u-Ra for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ne20m-0004g9-Qj for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DmGSChO8Lisujk8zQT8xzp0K2IkJTt4rBJFHeCMvAcI=; b=eZACC4fLnmxeJSygouVI+HH3J9 LCGycF9QFPt8a+owbqVK8xxQp+bwrDuSuqg5KN2/g2pSKpRK7BeZG5th7hIjEFTLuwgqXk2RtOMmR WLqWXJapQypZs1mC7Vd77j/jd5Ekghun3oixAsBsIB4hwVQn4yfC834J96DafSoHkwYU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/boot: LEA -> MOV in video handling code Message-Id: Date: Mon, 11 Apr 2022 21:55:52 +0000 commit a859b0b0d75e9321f4d98afeb92082857ce30541 Author: Jan Beulich AuthorDate: Mon Apr 11 12:31:02 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 11 12:31:02 2022 +0200 x86/boot: LEA -> MOV in video handling code Replace most LEA instances with (one byte shorter) MOV. Signed-off-by: Jan Beulich Acked-by: Roger Pau MonnĂ© --- xen/arch/x86/boot/video.S | 58 +++++++++++++++++++++++------------------------ 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S index 1b3f363fc4..0ae04f270f 100644 --- a/xen/arch/x86/boot/video.S +++ b/xen/arch/x86/boot/video.S @@ -60,7 +60,7 @@ video: xorw %ax, %ax call mode_set # Set the mode jc vid1 - leaw bootsym(badmdt), %si # Invalid mode ID + movw $bootsym(badmdt), %si # Invalid mode ID call prtstr vid2: call mode_menu vid1: call store_edid @@ -113,7 +113,7 @@ mopar2: movb %al, _param(PARAM_VIDEO_LINES) # Fetching of VESA frame buffer parameters mopar_gr: - leaw vesa_mode_info, %di + movw $vesa_mode_info, %di movb $0x23, _param(PARAM_HAVE_VGA) movw 16(%di), %ax movw %ax, _param(PARAM_LFB_LINELENGTH) @@ -133,7 +133,7 @@ mopar_gr: movw %ax, _param(PARAM_VESA_ATTRIB) # get video mem size - leaw vesa_glob_info, %di + movw $vesa_glob_info, %di movzwl 18(%di), %eax movl %eax, _param(PARAM_LFB_SIZE) @@ -189,7 +189,7 @@ no_pm: pushw %ds # The video mode menu mode_menu: - leaw bootsym(keymsg), %si # "Return/Space/Timeout" message + movw $bootsym(keymsg), %si # "Return/Space/Timeout" message call prtstr call flush nokey: call getkt @@ -206,22 +206,22 @@ nokey: call getkt defmd1: ret # No mode chosen? Default 80x25 listm: call mode_table # List mode table -listm0: leaw bootsym(name_bann), %si # Print adapter name +listm0: movw $bootsym(name_bann), %si # Print adapter name call prtstr movw bootsym(card_name), %si orw %si, %si jnz an2 - leaw bootsym(vga_name), %si + movw $bootsym(vga_name), %si jmp an1 an2: call prtstr - leaw bootsym(svga_name), %si + movw $bootsym(svga_name), %si an1: call prtstr - leaw bootsym(listhdr), %si # Table header + movw $bootsym(listhdr), %si # Table header call prtstr movb $0x30, %dl # DL holds mode number - leaw modelist, %si + movw $modelist, %si lm1: cmpw $ASK_VGA, (%si) # End? jz lm2 @@ -240,7 +240,7 @@ lm1: cmpw $ASK_VGA, (%si) # End? testb $0xff,(%si) jnz 1f push %si - leaw bootsym(textmode), %si + movw $bootsym(textmode), %si call prtstr pop %si lodsw @@ -257,7 +257,7 @@ lm1: cmpw $ASK_VGA, (%si) # End? cmpb $'z'+1, %dl jnz skip_bail - leaw bootsym(menu_bail_msg), %si + movw $bootsym(menu_bail_msg), %si call prtstr jmp lm2 @@ -266,13 +266,13 @@ skip_bail: jnz skip_pause push %si push %dx - leaw bootsym(menu_more_msg), %si # '' + movw $bootsym(menu_more_msg), %si # '' call prtstr call flush 1: call getkey cmpb $0x20, %al # SPACE ? jne 1b # yes - manual mode selection - leaw bootsym(crlft), %si + movw $bootsym(crlft), %si call prtstr pop %dx pop %si @@ -283,9 +283,9 @@ skip_pause: movb $'a', %dl jmp lm1 -lm2: leaw bootsym(prompt), %si # Mode prompt +lm2: movw $bootsym(prompt), %si # Mode prompt call prtstr - leaw bootsym(edit_buf), %di # Editor buffer + movw $bootsym(edit_buf), %di # Editor buffer lm3: call getkey cmpb $0x0d, %al # Enter? jz lment @@ -315,9 +315,9 @@ lmbs: cmpw $bootsym(edit_buf), %di # Backspace jmp lm3 lment: movb $0, (%di) - leaw bootsym(crlft), %si + movw $bootsym(crlft), %si call prtstr - leaw bootsym(edit_buf), %si + movw $bootsym(edit_buf), %si cmpb $0, (%si) # Empty string = default mode jz lmdef @@ -373,7 +373,7 @@ mnusel: lodsb # Menu selection lmuse: call mode_set jc lmdef -lmbad: leaw bootsym(unknt), %si +lmbad: movw $bootsym(unknt), %si call prtstr jmp mode_menu lmdef: ret @@ -424,13 +424,13 @@ setmenu: jmp mode_set check_vesa: - leaw vesa_glob_info, %di + movw $vesa_glob_info, %di movw $0x4f00, %ax int $0x10 cmpw $0x004f, %ax jnz setbad - leaw vesa_mode_info, %di # Get mode information structure + movw $vesa_mode_info, %di # Get mode information structure leaw -VIDEO_FIRST_VESA(%bx), %cx movw $0x4f01, %ax int $0x10 @@ -497,7 +497,7 @@ inidx: outb %al, %dx # Read from indexed VGA register setvesabysize: call mode_table - leaw modelist,%si + movw $modelist,%si 1: add $8,%si movw -8(%si),%bx cmpw $ASK_VGA,%bx # End? @@ -656,8 +656,8 @@ mode_table: orw %di, %di jnz mtab1 - leaw modelist, %di # Store standard modes: - leaw bootsym(vga_modes), %si # All modes for std VGA + movw $modelist, %di # Store standard modes: + movw $bootsym(vga_modes), %si # All modes for std VGA movw $vga_modes_end-vga_modes, %cx rep movsb @@ -665,7 +665,7 @@ mode_table: movw $ASK_VGA, (%di) # End marker movw %di, bootsym(mt_end) -mtab1: leaw modelist, %si # SI=mode list, DI=list end +mtab1: movw $modelist, %si # SI=mode list, DI=list end ret0: ret # Modes usable on all standard VGAs @@ -681,7 +681,7 @@ vga_modes_end: # If the current mode is a VESA graphics one, obtain its parameters. set_current: - leaw vesa_glob_info, %di + movw $vesa_glob_info, %di movw $0x4f00, %ax int $0x10 cmpw $0x004f, %ax @@ -692,7 +692,7 @@ set_current: cmpw $0x004f, %ax jne .Lsetc_done - leaw vesa_mode_info, %di # Get mode information structure + movw $vesa_mode_info, %di # Get mode information structure movw %bx, %cx movw $0x4f01, %ax int $0x10 @@ -715,7 +715,7 @@ set_current: # Detect VESA modes. vesa_modes: movw %di, %bp # BP=original mode table end - leaw vesa_glob_info, %di + movw $vesa_glob_info, %di movw $0x4f00, %ax # VESA Get card info call int $0x10 movw %di, %si @@ -772,7 +772,7 @@ vesa2: pushw %cx addw $8, %di # The mode is valid. Store it. vesan: loop vesa1 # Next mode. Limit exceeded => error -vesae: leaw bootsym(vesaer), %si +vesae: movw $bootsym(vesaer), %si call prtstr movw %bp, %di # Discard already found modes. vesar: popw %gs @@ -917,7 +917,7 @@ store_edid: cmpb $1, %al # EDID disabled on cmdline (edid=no)? je .Lno_edid - leaw vesa_glob_info, %di + movw $vesa_glob_info, %di movw $0x4f00, %ax int $0x10 cmpw $0x004f, %ax -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 11 21:56:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Apr 2022 21:56:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.303253.517373 (Exim 4.92) (envelope-from ) id 1ne20y-0004gQ-Mc; Mon, 11 Apr 2022 21:56:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 303253.517373; Mon, 11 Apr 2022 21:56:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20y-0004gI-Ji; Mon, 11 Apr 2022 21:56:04 +0000 Received: by outflank-mailman (input) for mailman id 303253; Mon, 11 Apr 2022 21:56:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20w-0004g3-VL for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:56:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne20w-00013M-Uc for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:56:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ne20w-0004gv-Tp for xen-changelog@lists.xenproject.org; Mon, 11 Apr 2022 21:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E06zYhQ9gdSaEyiJPGLen/y1UmCNh/puAPHqs8rBqlo=; b=NJVtl5ivhYMMhC9taAX/C/2b5A hPI06lud8LjfY0bLJ1VMp/6NK5Jspd3uv27WtgUvukTUtp9VhpZtq9HvH8yyrxt/JmlkfqzmuzM4a Q4sJ+kGZvwVrevJUiOShQ/we/iq+v4eYDzuZtr7P6jPXWGyp2suG5ADtvjAyMuUtaFuQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/xl: fix vif and vcpupin parse tests Message-Id: Date: Mon, 11 Apr 2022 21:56:02 +0000 commit f44201124e8713f6eff80f349351b5740001c6fc Author: Roger Pau MonnĂ© AuthorDate: Mon Apr 11 12:33:02 2022 +0200 Commit: Jan Beulich CommitDate: Mon Apr 11 12:33:02 2022 +0200 tools/xl: fix vif and vcpupin parse tests Current vif and vcpupin parse tests are out of sync. First of all, xl returns 1 on failure, so replace the expected error code. Secondly fix the expected output from some vif tests, as xl will no longer print the unpopulated fields. Signed-off-by: Roger Pau MonnĂ© Acked-by: Anthony PERARD --- tools/xl/check-xl-vcpupin-parse | 2 +- tools/xl/check-xl-vif-parse | 52 +---------------------------------------- 2 files changed, 2 insertions(+), 52 deletions(-) diff --git a/tools/xl/check-xl-vcpupin-parse b/tools/xl/check-xl-vcpupin-parse index 21f8421ad0..633616a597 100755 --- a/tools/xl/check-xl-vcpupin-parse +++ b/tools/xl/check-xl-vcpupin-parse @@ -158,7 +158,7 @@ END RANDOM=$seed echo "# Testing a wrong configuration" >> $outfile -write foo 255 "" +write foo 1 "" echo "# Testing the 'all' syntax" >> $outfile write "all" 0 "cpumap: all" diff --git a/tools/xl/check-xl-vif-parse b/tools/xl/check-xl-vif-parse index 02c6dbaeb6..04bd9463d8 100755 --- a/tools/xl/check-xl-vif-parse +++ b/tools/xl/check-xl-vif-parse @@ -40,7 +40,7 @@ complete () { fi } -e=255 +e=1 #---------- test data ---------- @@ -62,16 +62,6 @@ one $e rate=10ZB/m # test b/s and B/s rate units expected < Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Apr 2022 01:44:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.303340.517421 (Exim 4.92) (envelope-from ) id 1ne5Ze-00022U-6L; Tue, 12 Apr 2022 01:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 303340.517421; Tue, 12 Apr 2022 01:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne5Ze-00022L-3A; Tue, 12 Apr 2022 01:44:06 +0000 Received: by outflank-mailman (input) for mailman id 303340; Tue, 12 Apr 2022 01:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne5Zc-00022F-Ky for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 01:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ne5Zc-0003pG-El for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 01:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ne5Zc-0004ti-Dj for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 01:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fG2sYD7QuOsfCgiHqhdaG0+P1mfppmAIgELwq0nx2Ps=; b=eBX7qowqg8LkEC32TGkzub2X+5 DCW6ay0j0u1j4Z7i18KQKLxUNe2PWZqycLFV30uTbbgnWuAXMSHizUkKa/CyCUmsY/ELc0GO9sTVO Omy5RBLC/aYbpVD8xbOhGhHtNj5o1dJyxRy642FJ2poLKbMMsOEe0+O1q6+mHVLatg68=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] MAINTAINERS: add myself as Continuous Integration maintainer Message-Id: Date: Tue, 12 Apr 2022 01:44:04 +0000 commit 5b752808ff37b7c819a26fd76329ef329c42774f Author: Stefano Stabellini AuthorDate: Thu Apr 7 17:00:47 2022 -0700 Commit: Stefano Stabellini CommitDate: Mon Apr 11 18:41:30 2022 -0700 MAINTAINERS: add myself as Continuous Integration maintainer I have contributed all the ARM tests to gitlab-ci. After checking with Doug, I am happy to volunteer to co-maintain Continuous Integration. Also take the opportunity to remove the stale travis-ci entries. Signed-off-by: Stefano Stabellini Acked-by: Doug Goldstein Acked-by: Anthony PERARD --- MAINTAINERS | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 6a097b43eb..2a47fafe85 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -262,11 +262,10 @@ F: CHANGELOG.md Continuous Integration (CI) M: Doug Goldstein +M: Stefano Stabellini W: https://gitlab.com/xen-project/xen -W: https://travis-ci.org/xen-project/xen S: Supported F: .gitlab-ci.yml -F: .travis.yml F: automation/ F: scripts/travis-build -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 12 10:33:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Apr 2022 10:33:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.303602.517968 (Exim 4.92) (envelope-from ) id 1neDpa-0005vA-2l; Tue, 12 Apr 2022 10:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 303602.517968; Tue, 12 Apr 2022 10:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neDpZ-0005v1-W0; Tue, 12 Apr 2022 10:33:05 +0000 Received: by outflank-mailman (input) for mailman id 303602; Tue, 12 Apr 2022 10:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neDpY-0005uv-8I for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 10:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neDpY-0007UE-6X for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 10:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1neDpY-0001rY-4Y for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 10:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sxMoaW+c8kbQWblYAabX3fUeds12VKZKOgOc8gOuWys=; b=28JtguTccTZCYPyjkG14jmsmg6 tB5ZFAvgJu3ILNElwKHnfe+c/KBaV8bVQDoL1KZHKP6qIEMQYHK0R0rn+J5oqUGkZZ8revfr5FpGg 3/KTEz/9ICz0VhEv4oVgiz2BgnPG44gQgLUptSKiIzqhRjVlNK5RiqERGvsK9D717tL0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] update Xen version to 4.14.5 Message-Id: Date: Tue, 12 Apr 2022 10:33:04 +0000 commit 17848dfed47f52b479c4e7eb412671aec5757329 Author: Jan Beulich AuthorDate: Tue Apr 12 12:29:44 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 12 12:29:44 2022 +0200 update Xen version to 4.14.5 --- Config.mk | 6 +++--- xen/Makefile | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Config.mk b/Config.mk index 51910c53b5..ba5eb4ea3c 100644 --- a/Config.mk +++ b/Config.mk @@ -244,15 +244,15 @@ SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= 20d2e5a125e34fc8501026613a71549b2a1a3e54 -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.14.4 -MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.14.4 +QEMU_UPSTREAM_REVISION ?= qemu-xen-4.14.5 +MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.14.5 SEABIOS_UPSTREAM_REVISION ?= rel-1.13.0 ETHERBOOT_NICS ?= rtl8139 8086100e -QEMU_TRADITIONAL_REVISION ?= xen-4.14.4 +QEMU_TRADITIONAL_REVISION ?= xen-4.14.5 # Specify which qemu-dm to use. This may be `ioemu' to use the old # Mercurial in-tree version, or a local directory, or a git URL. diff --git a/xen/Makefile b/xen/Makefile index 7c98e4ae15..46c8177d74 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 14 -export XEN_EXTRAVERSION ?= .5-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .5$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 12 12:22:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Apr 2022 12:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.303643.518049 (Exim 4.92) (envelope-from ) id 1neFX3-0003LM-Q4; Tue, 12 Apr 2022 12:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 303643.518049; Tue, 12 Apr 2022 12:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neFX3-0003LE-NN; Tue, 12 Apr 2022 12:22:05 +0000 Received: by outflank-mailman (input) for mailman id 303643; Tue, 12 Apr 2022 12:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neFX2-0003L8-Nb for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 12:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neFX2-0001DP-JV for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 12:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1neFX2-0001FZ-IY for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 12:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lagbWTW2075T+Rlzb5d2aweUoWy15+UgpHGzc1pYbVg=; b=O2lLiZdQUUuJetkMfH0mtCfXML xtruap8Su2+sg9/o1gsnEfB8lkHGRdV4mrj2FQeJVV7aA69TmgdHxGE8pJ+YVuqpdBV7nmdRKfpC8 baUFuKd+zpSrtQMS150jdAgytQc+6vyncMQpXXvWsMpqufGa6aqVi8ex3jhsNdyjzzM0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] update Xen version to 4.16.1 Message-Id: Date: Tue, 12 Apr 2022 12:22:04 +0000 commit f26544492298cb82d66f9bf36e29d2f75b3133f2 Author: Jan Beulich AuthorDate: Tue Apr 12 14:21:23 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 12 14:21:23 2022 +0200 update Xen version to 4.16.1 --- Config.mk | 6 +++--- xen/Makefile | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Config.mk b/Config.mk index 5c177e73de..5909d3a451 100644 --- a/Config.mk +++ b/Config.mk @@ -238,15 +238,15 @@ SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= 7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5 -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.16.0 -MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.16.0 +QEMU_UPSTREAM_REVISION ?= qemu-xen-4.16.1 +MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.16.1 SEABIOS_UPSTREAM_REVISION ?= rel-1.14.0 ETHERBOOT_NICS ?= rtl8139 8086100e -QEMU_TRADITIONAL_REVISION ?= xen-4.16.0 +QEMU_TRADITIONAL_REVISION ?= xen-4.16.1 # Specify which qemu-dm to use. This may be `ioemu' to use the old # Mercurial in-tree version, or a local directory, or a git URL. diff --git a/xen/Makefile b/xen/Makefile index e3e281177c..8abc71cf73 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 16 -export XEN_EXTRAVERSION ?= .1-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .1$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 12 18:44:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Apr 2022 18:44:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.303769.518209 (Exim 4.92) (envelope-from ) id 1neLUh-00045M-GE; Tue, 12 Apr 2022 18:44:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 303769.518209; Tue, 12 Apr 2022 18:44:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neLUh-00045E-DR; Tue, 12 Apr 2022 18:44:03 +0000 Received: by outflank-mailman (input) for mailman id 303769; Tue, 12 Apr 2022 18:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neLUg-000458-3q for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 18:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neLUg-0006MA-1J for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 18:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1neLUg-0007qA-0M for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 18:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vkDCaWkPbQW5mlQJMokCm9zI98RrlKCIeAOmpgLtsfQ=; b=TNEBabEI4W4i9Ui+fZ8lF17r4i +Q37ZlRr94GlHUWwHFzB9t1TXqcdRGqiCHHXmDRd1NH72LzLYwt9fVEOvdz0Nt0SdiQpqfY84FTCM AsVBh/UUGoT2ZfwxyNXqgta8VPjNmQ7XR/Uyj06m2ZX+kHQ2anc0nTyXsZrMpZj9dSPU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] MAINTAINERS: add myself as Continuous Integration maintainer Message-Id: Date: Tue, 12 Apr 2022 18:44:02 +0000 commit 5b752808ff37b7c819a26fd76329ef329c42774f Author: Stefano Stabellini AuthorDate: Thu Apr 7 17:00:47 2022 -0700 Commit: Stefano Stabellini CommitDate: Mon Apr 11 18:41:30 2022 -0700 MAINTAINERS: add myself as Continuous Integration maintainer I have contributed all the ARM tests to gitlab-ci. After checking with Doug, I am happy to volunteer to co-maintain Continuous Integration. Also take the opportunity to remove the stale travis-ci entries. Signed-off-by: Stefano Stabellini Acked-by: Doug Goldstein Acked-by: Anthony PERARD --- MAINTAINERS | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 6a097b43eb..2a47fafe85 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -262,11 +262,10 @@ F: CHANGELOG.md Continuous Integration (CI) M: Doug Goldstein +M: Stefano Stabellini W: https://gitlab.com/xen-project/xen -W: https://travis-ci.org/xen-project/xen S: Supported F: .gitlab-ci.yml -F: .travis.yml F: automation/ F: scripts/travis-build -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Apr 12 18:55:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Apr 2022 18:55:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.303790.518234 (Exim 4.92) (envelope-from ) id 1neLfK-0006HW-Vf; Tue, 12 Apr 2022 18:55:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 303790.518234; Tue, 12 Apr 2022 18:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neLfK-0006HO-Sr; Tue, 12 Apr 2022 18:55:02 +0000 Received: by outflank-mailman (input) for mailman id 303790; Tue, 12 Apr 2022 18:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neLfK-0006HI-0C for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 18:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neLfJ-0006ak-Vd for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 18:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1neLfJ-0000KA-UT for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 18:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=libGDSidwXdImR2Y1hV4yGr5XfSiowSAIW8qW1boAJM=; b=ufFz4HMdOdNfA8HYHnQfkvHlPn wQicaFsd+X47Sjd6zre9EVNp5YPi1TeXe86+OfdMqQESMq5kkWC6rwDhmStFOf3LtDeCWmo5Hc0tW PXrSw5grDwAHAviQ4QoTxUC6LeIUY0muPuvphxpzVVtigoQ9x/4QMvX3+MZgoF8NrhtY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] update Xen version to 4.14.5 Message-Id: Date: Tue, 12 Apr 2022 18:55:01 +0000 commit 17848dfed47f52b479c4e7eb412671aec5757329 Author: Jan Beulich AuthorDate: Tue Apr 12 12:29:44 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 12 12:29:44 2022 +0200 update Xen version to 4.14.5 --- Config.mk | 6 +++--- xen/Makefile | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Config.mk b/Config.mk index 51910c53b5..ba5eb4ea3c 100644 --- a/Config.mk +++ b/Config.mk @@ -244,15 +244,15 @@ SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= 20d2e5a125e34fc8501026613a71549b2a1a3e54 -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.14.4 -MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.14.4 +QEMU_UPSTREAM_REVISION ?= qemu-xen-4.14.5 +MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.14.5 SEABIOS_UPSTREAM_REVISION ?= rel-1.13.0 ETHERBOOT_NICS ?= rtl8139 8086100e -QEMU_TRADITIONAL_REVISION ?= xen-4.14.4 +QEMU_TRADITIONAL_REVISION ?= xen-4.14.5 # Specify which qemu-dm to use. This may be `ioemu' to use the old # Mercurial in-tree version, or a local directory, or a git URL. diff --git a/xen/Makefile b/xen/Makefile index 7c98e4ae15..46c8177d74 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 14 -export XEN_EXTRAVERSION ?= .5-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .5$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Apr 12 23:00:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Apr 2022 23:00:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.303820.518272 (Exim 4.92) (envelope-from ) id 1nePUQ-0004oW-RS; Tue, 12 Apr 2022 23:00:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 303820.518272; Tue, 12 Apr 2022 23:00:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nePUQ-0004oC-OG; Tue, 12 Apr 2022 23:00:02 +0000 Received: by outflank-mailman (input) for mailman id 303820; Tue, 12 Apr 2022 23:00:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nePUP-0004dX-Nu for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 23:00:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nePUP-0003Qj-Kp for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 23:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nePUP-00011D-JV for xen-changelog@lists.xenproject.org; Tue, 12 Apr 2022 23:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vn1M2R1Bq1Cfco7xjzl+v1NHieX+C9QJkarakXF/mcA=; b=D/E5QM/EZRyojtS8l5h0zOYgqo XXEctqGzComgF95YXQGZ3vaZ+w07hs5VIH+Z42UJfYHUGIGgETjiwZaSkzJScuJtpMrFCXnl6hq4L T1Jth1wCKbELdgBTZqvojgaUZMtALTkiugX1u5V6QEormM/ws8Q51ECSqzTPf2/2pyl0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] update Xen version to 4.16.1 Message-Id: Date: Tue, 12 Apr 2022 23:00:01 +0000 commit f26544492298cb82d66f9bf36e29d2f75b3133f2 Author: Jan Beulich AuthorDate: Tue Apr 12 14:21:23 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 12 14:21:23 2022 +0200 update Xen version to 4.16.1 --- Config.mk | 6 +++--- xen/Makefile | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Config.mk b/Config.mk index 5c177e73de..5909d3a451 100644 --- a/Config.mk +++ b/Config.mk @@ -238,15 +238,15 @@ SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= 7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5 -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.16.0 -MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.16.0 +QEMU_UPSTREAM_REVISION ?= qemu-xen-4.16.1 +MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.16.1 SEABIOS_UPSTREAM_REVISION ?= rel-1.14.0 ETHERBOOT_NICS ?= rtl8139 8086100e -QEMU_TRADITIONAL_REVISION ?= xen-4.16.0 +QEMU_TRADITIONAL_REVISION ?= xen-4.16.1 # Specify which qemu-dm to use. This may be `ioemu' to use the old # Mercurial in-tree version, or a local directory, or a git URL. diff --git a/xen/Makefile b/xen/Makefile index e3e281177c..8abc71cf73 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 16 -export XEN_EXTRAVERSION ?= .1-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .1$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 13 10:44:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Apr 2022 10:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.304053.518568 (Exim 4.92) (envelope-from ) id 1neaTl-0000vH-Uz; Wed, 13 Apr 2022 10:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 304053.518568; Wed, 13 Apr 2022 10:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neaTl-0000v9-S4; Wed, 13 Apr 2022 10:44:05 +0000 Received: by outflank-mailman (input) for mailman id 304053; Wed, 13 Apr 2022 10:44:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neaTl-0000v3-AB for xen-changelog@lists.xenproject.org; Wed, 13 Apr 2022 10:44:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neaTl-00085q-6n for xen-changelog@lists.xenproject.org; Wed, 13 Apr 2022 10:44:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1neaTl-0002b1-5h for xen-changelog@lists.xenproject.org; Wed, 13 Apr 2022 10:44:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bmK2dSxLRh9qZq6IGPhsHREDBDBSu1g/5Y+6pZoHns0=; b=tloMGUbKADsiVtCRWy39OgGmN6 f8ngIDbv2oH8qYJRduDMVHM3la6rr4aJnEzemTpE0digZ5TBuwXZRvT+coqBwLbNYCWZ9AA7xfH6Y rvkvUPwRyudPeo/AsuNj5aZmGLA6BjsiW8LNnDVpaLtvq3j1u0Lab4y0uD2h1lk7IbHc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: adding out-of-tree support to the xen build Message-Id: Date: Wed, 13 Apr 2022 10:44:05 +0000 commit 7115fa562fe79c8a8733f6b821d4eea62ed56516 Author: Anthony PERARD AuthorDate: Wed Apr 13 12:33:21 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 13 12:33:21 2022 +0200 build: adding out-of-tree support to the xen build This implement out-of-tree support, there's two ways to create an out-of-tree build tree (after that, `make` in that new directory works): make O=build mkdir build; cd build; make -f ../Makefile also works with an absolute path for both. This implementation only works if the source tree is clean, as we use VPATH. This patch copies most new code with handling out-of-tree build from Linux v5.12. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich Reviewed-by: Daniel P. Smith Acked-by: Julien Grall Tested-by: Julien Grall Acked-by: Ross Lagerwall # livepatch --- .gitignore | 1 + xen/Makefile | 143 ++++++++++++++++++++++++++++++++++++++----- xen/Rules.mk | 11 +++- xen/arch/x86/arch.mk | 5 +- xen/arch/x86/boot/Makefile | 6 ++ xen/common/efi/efi-common.mk | 3 +- xen/include/Makefile | 11 ++-- xen/test/livepatch/Makefile | 2 + xen/xsm/flask/Makefile | 3 +- xen/xsm/flask/ss/Makefile | 1 + 10 files changed, 164 insertions(+), 22 deletions(-) diff --git a/.gitignore b/.gitignore index d425be4bd9..c6d2c4b4f1 100644 --- a/.gitignore +++ b/.gitignore @@ -325,6 +325,7 @@ xen/include/xen/*.new xen/include/xen/acm_policy.h xen/include/xen/compile.h xen/include/xen/lib/x86/cpuid-autogen.h +xen/source xen/test/livepatch/config.h xen/test/livepatch/expect_config.h xen/test/livepatch/*.livepatch diff --git a/xen/Makefile b/xen/Makefile index ebc7854c08..dd05672ff4 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -1,3 +1,7 @@ +# $(lastword,) for GNU Make older than 3.81 +lastword = $(word $(words $(1)),$(1)) +this-makefile := $(call lastword,$(MAKEFILE_LIST)) + # This is the correct place to edit the build version. # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 @@ -19,6 +23,13 @@ export PYTHON ?= $(PYTHON_INTERPRETER) export CHECKPOLICY ?= checkpolicy +$(if $(filter __%, $(MAKECMDGOALS)), \ + $(error targets prefixed with '__' are only for internal use)) + +# That's our default target when none is given on the command line +PHONY := __all +__all: + # Do not use make's built-in rules and variables MAKEFLAGS += -rR @@ -37,9 +48,6 @@ export CC CXX LD NM OBJCOPY OBJDUMP ADDR2LINE export TARGET := xen -.PHONY: default -default: build - .PHONY: dist dist: install @@ -118,16 +126,88 @@ endif export quiet Q KBUILD_VERBOSE +# $(realpath,) for GNU Make older than 3.81 +realpath = $(wildcard $(foreach file,$(1),$(shell cd -P $(dir $(file)) && echo "$$PWD/$(notdir $(file))"))) + +ifeq ("$(origin O)", "command line") + KBUILD_OUTPUT := $(O) +endif + +ifneq ($(KBUILD_OUTPUT),) +# Make's built-in functions such as $(abspath ...), $(realpath ...) cannot +# expand a shell special character '~'. We use a somewhat tedious way here. +abs_objtree := $(shell mkdir -p $(KBUILD_OUTPUT) && cd $(KBUILD_OUTPUT) && pwd) +$(if $(abs_objtree),, \ + $(error failed to create output directory "$(KBUILD_OUTPUT)")) + +# $(realpath ...) resolves symlinks +abs_objtree := $(call realpath,$(abs_objtree)) +else abs_objtree := $(CURDIR) -abs_srctree := $(CURDIR) +endif + +ifeq ($(abs_objtree),$(CURDIR)) +# Suppress "Entering directory ..." unless we are changing the work directory. +MAKEFLAGS += --no-print-directory +else +need-sub-make := 1 +endif + +abs_srctree := $(call realpath,$(dir $(this-makefile))) + +ifneq ($(words $(subst :, ,$(abs_srctree))), 1) +$(error source directory cannot contain spaces or colons) +endif + +ifneq ($(abs_srctree),$(abs_objtree)) +# Look for make include files relative to root of kernel src +# +# This does not become effective immediately because MAKEFLAGS is re-parsed +# once after the Makefile is read. We need to invoke sub-make. +MAKEFLAGS += --include-dir=$(abs_srctree) +need-sub-make := 1 +endif export abs_srctree abs_objtree +export root-make-done := y + +ifeq ($(need-sub-make),1) + +PHONY += $(MAKECMDGOALS) __sub-make + +$(filter-out $(this-makefile), $(MAKECMDGOALS)) __all: __sub-make + @: + +# Invoke a second make in the output directory, passing relevant variables +__sub-make: + $(Q)$(MAKE) -C $(abs_objtree) -f $(abs_srctree)/Makefile $(MAKECMDGOALS) + +endif # need-sub-make +endif # root-make-done + +# We process the rest of the Makefile if this is the final invocation of make +ifeq ($(need-sub-make),) + +ifeq ($(abs_srctree),$(abs_objtree)) + # building in the source tree + srctree := . + building_out_of_srctree := +else + ifeq ($(abs_srctree)/,$(dir $(abs_objtree))) + # building in a subdirectory of the source tree + srctree := .. + else + srctree := $(abs_srctree) + endif + building_out_of_srctree := 1 +endif -srctree := . objtree := . -export srctree objtree +VPATH := $(srctree) + +export building_out_of_srctree srctree objtree VPATH -export XEN_ROOT := $(CURDIR)/.. +export XEN_ROOT := $(abs_srctree)/.. # To make sure we do not include .config for any of the *config targets # catch them early, and hand them over to tools/kconfig/Makefile @@ -204,9 +284,6 @@ endif export XEN_HAS_CHECKPOLICY := $(call success,$(CHECKPOLICY) -h 2>&1 | grep -q xen) -export root-make-done := y -endif # root-make-done - # =========================================================================== # Rules shared between *config targets and build targets @@ -214,6 +291,37 @@ PHONY += tools_fixdep tools_fixdep: $(Q)$(MAKE) $(build)=tools tools/fixdep +PHONY += outputmakefile +# Before starting out-of-tree build, make sure the source tree is clean. +# outputmakefile generates a Makefile in the output directory, if using a +# separate output directory. This allows convenient use of make in the +# output directory. +# At the same time when output Makefile generated, generate .gitignore to +# ignore whole output directory + +quiet_cmd_makefile = GEN Makefile +cmd_makefile = { \ + echo "\# Automatically generated by $(srctree)/Makefile: don't edit"; \ + echo "include $(srctree)/Makefile"; \ + } > Makefile + +outputmakefile: + $(Q)ln -fsn $(srctree) source +ifdef building_out_of_srctree + $(Q)if [ -f $(srctree)/.config -o \ + -d $(srctree)/include/config -o \ + -d $(srctree)/include/generated ]; then \ + echo >&2 "***"; \ + echo >&2 "*** The source tree is not clean, please run 'make$(if $(findstring command line, $(origin XEN_TARGET_ARCH)), XEN_TARGET_ARCH=$(XEN_TARGET_ARCH)) distclean'"; \ + echo >&2 "*** in $(abs_srctree)";\ + echo >&2 "***"; \ + false; \ + fi + $(call cmd,makefile) + $(Q)test -e .gitignore || \ + { echo "# this is build directory, ignore it"; echo "*"; } > .gitignore +endif + ifeq ($(config-build),y) # =========================================================================== # *config targets only - make sure prerequisites are updated, and descend @@ -229,13 +337,13 @@ filechk_kconfig_allconfig = \ .allconfig.tmp: FORCE set -e; { $(call filechk_kconfig_allconfig); } > $@ -config: tools_fixdep FORCE +config: tools_fixdep outputmakefile FORCE $(Q)$(MAKE) $(build)=tools/kconfig $@ # Config.mk tries to include .config file, don't try to remake it %/.config: ; -%config: .allconfig.tmp tools_fixdep FORCE +%config: .allconfig.tmp tools_fixdep outputmakefile FORCE $(Q)$(MAKE) $(build)=tools/kconfig KCONFIG_ALLCONFIG=$< $@ else # !config-build @@ -312,6 +420,10 @@ CFLAGS += -flto LDFLAGS-$(CONFIG_CC_IS_CLANG) += -plugin LLVMgold.so endif +ifdef building_out_of_srctree + CFLAGS += -I$(objtree)/include + CFLAGS += -I$(objtree)/arch/$(TARGET_ARCH)/include +endif CFLAGS += -I$(srctree)/include CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include @@ -335,6 +447,8 @@ export CFLAGS_UBSAN endif # need-config +__all: build + main-targets := build install uninstall clean distclean MAP .PHONY: $(main-targets) ifneq ($(XEN_TARGET_ARCH),x86_32) @@ -431,13 +545,13 @@ _clean: .PHONY: _distclean _distclean: clean - rm -f tags TAGS cscope.files cscope.in.out cscope.out cscope.po.out GTAGS GPATH GRTAGS GSYMS .config + rm -f tags TAGS cscope.files cscope.in.out cscope.out cscope.po.out GTAGS GPATH GRTAGS GSYMS .config source $(TARGET).gz: $(TARGET) gzip -n -f -9 < $< > $@.new mv $@.new $@ -$(TARGET): FORCE +$(TARGET): outputmakefile FORCE $(Q)$(MAKE) $(build)=tools $(Q)$(MAKE) $(build)=. include/xen/compile.h $(Q)$(MAKE) $(build)=include all @@ -506,6 +620,7 @@ cloc: done | cloc --list-file=- endif #config-build +endif # need-sub-make PHONY += FORCE FORCE: diff --git a/xen/Rules.mk b/xen/Rules.mk index 57a0294555..70b7489ea8 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -37,7 +37,7 @@ SPECIAL_DATA_SECTIONS := rodata $(foreach a,1 2 4 8 16, \ $(foreach r,rel rel.ro,data.$(r).local) # The filename build.mk has precedence over Makefile -include $(firstword $(wildcard $(src)/build.mk) $(src)/Makefile) +include $(firstword $(wildcard $(srcdir)/build.mk) $(srcdir)/Makefile) # Linking # --------------------------------------------------------------------------- @@ -328,6 +328,15 @@ existing-targets := $(wildcard $(sort $(targets))) -include $(foreach f,$(existing-targets),$(dir $(f)).$(notdir $(f)).cmd) +# Create directories for object files if they do not exist +obj-dirs := $(sort $(patsubst %/,%, $(dir $(targets)))) +# If targets exist, their directories apparently exist. Skip mkdir. +existing-dirs := $(sort $(patsubst %/,%, $(dir $(existing-targets)))) +obj-dirs := $(strip $(filter-out $(existing-dirs), $(obj-dirs))) +ifneq ($(obj-dirs),) +$(shell mkdir -p $(obj-dirs)) +endif + # Declare the contents of the PHONY variable as phony. We keep that # information in a variable so we can use it in if_changed and friends. .PHONY: $(PHONY) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index cfde143053..fce2ef5b67 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -77,6 +77,9 @@ ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y) efi-check := arch/x86/efi/check +# Create the directory for out-of-tree build +$(shell mkdir -p $(dir $(efi-check))) + # Check if the compiler supports the MS ABI. XEN_BUILD_EFI := $(call if-success,$(CC) $(CFLAGS) -c $(srctree)/$(efi-check).c -o $(efi-check).o,y) @@ -116,4 +119,4 @@ export EFI_LDFLAGS endif # Set up the assembler include path properly for older toolchains. -CFLAGS += -Wa,-I$(srctree)/include +CFLAGS += -Wa,-I$(objtree)/include -Wa,-I$(srctree)/include diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index ca8001c72b..784655f5e2 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -7,11 +7,17 @@ targets += $(head-srcs:.S=.o) head-srcs := $(addprefix $(obj)/, $(head-srcs)) +ifdef building_out_of_srctree +$(obj)/head.o: CFLAGS-y += -iquote $(obj) +endif $(obj)/head.o: $(head-srcs) CFLAGS_x86_32 := $(subst -m64,-m32 -march=i686,$(XEN_TREEWIDE_CFLAGS)) $(call cc-options-add,CFLAGS_x86_32,CC,$(EMBEDDED_EXTRA_CFLAGS)) CFLAGS_x86_32 += -Werror -fno-builtin -g0 -msoft-float +ifdef building_out_of_srctree +CFLAGS_x86_32 += -I$(objtree)/include +endif CFLAGS_x86_32 += -I$(srctree)/include # override for 32bit binaries diff --git a/xen/common/efi/efi-common.mk b/xen/common/efi/efi-common.mk index 960d44a6d5..4298ceaee7 100644 --- a/xen/common/efi/efi-common.mk +++ b/xen/common/efi/efi-common.mk @@ -3,12 +3,13 @@ EFIOBJ-$(CONFIG_COMPAT) += compat.o CFLAGS-y += -fshort-wchar CFLAGS-y += -iquote $(srctree)/common/efi +CFLAGS-y += -iquote $(srcdir) # Part of the command line transforms $(obj) # e.g.: It transforms "dir/foo/bar" into successively # "dir foo bar", ".. .. ..", "../../.." $(obj)/%.c: $(srctree)/common/efi/%.c FORCE - $(Q)ln -nfs $(subst $(space),/,$(patsubst %,..,$(subst /, ,$(obj))))/common/efi/$(> $@.new;) mv $@.new $@ @@ -129,8 +130,9 @@ $(obj)/headers++.chk: $(PUBLIC_HEADERS) $(srcdir)/Makefile $(foreach i, $(filter %.h,$^), \ echo "#include "\"$(i)\" \ | $(CXX) -x c++ -std=gnu++98 -Wall -Werror -D__XEN_TOOLS__ \ - -include stdint.h -include $(src)/public/xen.h \ - $(foreach j, $($(i)-prereq), -include c$(j)) -S -o /dev/null - \ + -include stdint.h -include $(srcdir)/public/xen.h \ + $(foreach j, $($(patsubst $(srctree)/%,%,$i)-prereq), -include c$(j)) \ + -S -o /dev/null - \ || exit $$?; echo $(i) >> $@.new;) mv $@.new $@ @@ -139,7 +141,8 @@ endif ifeq ($(XEN_TARGET_ARCH),x86_64) .PHONY: lib-x86-all lib-x86-all: - $(MAKE) -C $(obj)/xen/lib/x86 all + @mkdir -p $(obj)/xen/lib/x86 + $(MAKE) -C $(obj)/xen/lib/x86 -f $(abs_srctree)/$(src)/xen/lib/x86/Makefile all all: lib-x86-all endif diff --git a/xen/test/livepatch/Makefile b/xen/test/livepatch/Makefile index ddb0737131..c258ab0b59 100644 --- a/xen/test/livepatch/Makefile +++ b/xen/test/livepatch/Makefile @@ -11,6 +11,8 @@ endif CODE_ADDR=$(shell nm --defined $(1) | grep $(2) | awk '{print "0x"$$1}') CODE_SZ=$(shell nm --defined -S $(1) | grep $(2) | awk '{ print "0x"$$2}') +CFLAGS-y += -iquote $(obj) + extra-y += xen_hello_world.livepatch xen_hello_world-objs := xen_hello_world_func.o xen_hello_world.o note.o xen_note.o modinfo.o $(obj)/xen_hello_world.o: $(obj)/config.h diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index a99038cb57..d25312f4fa 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -4,7 +4,8 @@ obj-y += flask_op.o obj-y += ss/ -CFLAGS-y += -I$(obj)/include +CFLAGS-y += -iquote $(obj)/include +CFLAGS-y += -I$(srcdir)/include AWK = awk diff --git a/xen/xsm/flask/ss/Makefile b/xen/xsm/flask/ss/Makefile index aba1339f38..ffe92ec19e 100644 --- a/xen/xsm/flask/ss/Makefile +++ b/xen/xsm/flask/ss/Makefile @@ -8,4 +8,5 @@ obj-y += services.o obj-y += conditional.o obj-y += mls.o +CFLAGS-y += -iquote $(objtree)/xsm/flask/include CFLAGS-y += -I$(srctree)/xsm/flask/include -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 13 10:44:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Apr 2022 10:44:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.304054.518573 (Exim 4.92) (envelope-from ) id 1neaTw-0000xe-1t; Wed, 13 Apr 2022 10:44:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 304054.518573; Wed, 13 Apr 2022 10:44:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neaTv-0000xW-V0; Wed, 13 Apr 2022 10:44:15 +0000 Received: by outflank-mailman (input) for mailman id 304054; Wed, 13 Apr 2022 10:44:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neaTv-0000xO-Aw for xen-changelog@lists.xenproject.org; Wed, 13 Apr 2022 10:44:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neaTv-00085u-A8 for xen-changelog@lists.xenproject.org; Wed, 13 Apr 2022 10:44:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1neaTv-0002bn-93 for xen-changelog@lists.xenproject.org; Wed, 13 Apr 2022 10:44:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FdX+EpL6zFGVmxB2Yqirro1M7isS46aEKALM6G0dSIU=; b=zJidWBZ2+24RHbAuJYFoyAd+0I DCGys0OyeWA9u44dSB0EmOPoE/vFGmAR/OvoFGxZ9XY9PUGGIm5srexP+y0Ytz/jAdpmohDE56B5/ AC30rFBc7fiCx/sgCP6/qSgdbY7H8Cq6xAOeb8kqqBQsS9rNcUcia/ArEqJ5xq2JojOc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: replace a few PCI_BDF2() Message-Id: Date: Wed, 13 Apr 2022 10:44:15 +0000 commit e687e72174b73bb1d23ff79f9ef580201243d35f Author: Jan Beulich AuthorDate: Wed Apr 13 12:35:17 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 13 12:35:17 2022 +0200 AMD/IOMMU: replace a few PCI_BDF2() struct pci_dev has the wanted value directly available; use it. Note that this fixes a - imo benign - mistake in reassign_device(): The unity map removal ought to be based on the passed in devfn (as is the case on the establishing side). This is benign because the mappings would be removed anyway a little later, when the "main" device gets processed. While there also limit the scope of two variables in that function. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/amd/iommu_cmd.c | 2 +- xen/drivers/passthrough/amd/iommu_intr.c | 2 +- xen/drivers/passthrough/amd/pci_amd_iommu.c | 18 ++++++++---------- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_cmd.c b/xen/drivers/passthrough/amd/iommu_cmd.c index 809d93b89f..000ae1bf59 100644 --- a/xen/drivers/passthrough/amd/iommu_cmd.c +++ b/xen/drivers/passthrough/amd/iommu_cmd.c @@ -287,7 +287,7 @@ void amd_iommu_flush_iotlb(u8 devfn, const struct pci_dev *pdev, if ( !pci_ats_enabled(pdev->seg, pdev->bus, pdev->devfn) ) return; - iommu = find_iommu_for_device(pdev->seg, PCI_BDF2(pdev->bus, pdev->devfn)); + iommu = find_iommu_for_device(pdev->seg, pdev->sbdf.bdf); if ( !iommu ) { diff --git a/xen/drivers/passthrough/amd/iommu_intr.c b/xen/drivers/passthrough/amd/iommu_intr.c index cebf9ceca7..464c3279a0 100644 --- a/xen/drivers/passthrough/amd/iommu_intr.c +++ b/xen/drivers/passthrough/amd/iommu_intr.c @@ -617,7 +617,7 @@ int cf_check amd_iommu_msi_msg_update_ire( unsigned int i, nr = 1; u32 data; - bdf = pdev ? PCI_BDF2(pdev->bus, pdev->devfn) : hpet_sbdf.bdf; + bdf = pdev ? pdev->sbdf.bdf : hpet_sbdf.bdf; seg = pdev ? pdev->seg : hpet_sbdf.seg; iommu = _find_iommu_for_device(seg, bdf); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index dee51efd1a..84858dea1f 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -455,11 +455,9 @@ static int cf_check reassign_device( struct pci_dev *pdev) { struct amd_iommu *iommu; - int bdf, rc; - const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + int rc; - bdf = PCI_BDF2(pdev->bus, pdev->devfn); - iommu = find_iommu_for_device(pdev->seg, bdf); + iommu = find_iommu_for_device(pdev->seg, pdev->sbdf.bdf); if ( !iommu ) { AMD_IOMMU_WARN("failed to find IOMMU: %pp cannot be assigned to %pd\n", @@ -489,6 +487,9 @@ static int cf_check reassign_device( */ if ( !is_hardware_domain(source) ) { + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + unsigned int bdf = PCI_BDF2(pdev->bus, devfn); + rc = amd_iommu_reserve_domain_unity_unmap( source, ivrs_mappings[get_dma_requestor_id(pdev->seg, bdf)].unity_map); @@ -558,13 +559,11 @@ static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - bdf = PCI_BDF2(pdev->bus, pdev->devfn); - for_each_amd_iommu(iommu) - if ( pdev->seg == iommu->seg && bdf == iommu->bdf ) + if ( pdev->seg == iommu->seg && pdev->sbdf.bdf == iommu->bdf ) return is_hardware_domain(pdev->domain) ? 0 : -ENODEV; - iommu = find_iommu_for_device(pdev->seg, bdf); + iommu = find_iommu_for_device(pdev->seg, pdev->sbdf.bdf); if ( unlikely(!iommu) ) { /* Filter bridge devices. */ @@ -648,8 +647,7 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - bdf = PCI_BDF2(pdev->bus, pdev->devfn); - iommu = find_iommu_for_device(pdev->seg, bdf); + iommu = find_iommu_for_device(pdev->seg, pdev->sbdf.bdf); if ( !iommu ) { AMD_IOMMU_WARN("failed to find IOMMU: %pp cannot be removed from %pd\n", -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 13 10:44:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Apr 2022 10:44:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.304055.518577 (Exim 4.92) (envelope-from ) id 1neaU6-00010f-3O; Wed, 13 Apr 2022 10:44:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 304055.518577; Wed, 13 Apr 2022 10:44:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neaU6-00010X-0P; Wed, 13 Apr 2022 10:44:26 +0000 Received: by outflank-mailman (input) for mailman id 304055; Wed, 13 Apr 2022 10:44:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neaU5-00010R-Dy for xen-changelog@lists.xenproject.org; Wed, 13 Apr 2022 10:44:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neaU5-00086C-DA for xen-changelog@lists.xenproject.org; Wed, 13 Apr 2022 10:44:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1neaU5-0002cd-CJ for xen-changelog@lists.xenproject.org; Wed, 13 Apr 2022 10:44:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fI84kDR1/iUXvnckqCsT+MArZ2mhOFxd1uBCi1zjUSo=; b=ZYZ9ff/8W7N2c6b8cjmXVDJw5t MeYZvy6MAmosnOGXwQRi57UNhS3fToBgy47fiMOgYXOrz82kuUrFQ5mHEOl1sUXd2NfliLf5AgQnR yRVE+TzwiHmrCJoaBZJyvj6+Dhu4rIA8bP2qMn/zZB6TFsesU8ryFB6/Es0hF4WxQQVg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU: log appropriate SBDF Message-Id: Date: Wed, 13 Apr 2022 10:44:25 +0000 commit e509b5f932608e74deac96048b28a5e9b210c647 Author: Jan Beulich AuthorDate: Wed Apr 13 12:36:03 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 13 12:36:03 2022 +0200 IOMMU: log appropriate SBDF To handle phantom devices, several functions are passed separate "devfn" arguments besides a PCI device. In such cases we want to log the phantom device's coordinates instead of the main one's. (Note that not all of the instances being changed are fallout from the referenced commit.) Fixes: 1ee1441835f4 ("print: introduce a format specifier for pci_sbdf_t") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/amd/iommu_cmd.c | 3 ++- xen/drivers/passthrough/amd/pci_amd_iommu.c | 14 +++++++------- xen/drivers/passthrough/pci.c | 5 +++-- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_cmd.c b/xen/drivers/passthrough/amd/iommu_cmd.c index 000ae1bf59..c26ad9e7d7 100644 --- a/xen/drivers/passthrough/amd/iommu_cmd.c +++ b/xen/drivers/passthrough/amd/iommu_cmd.c @@ -291,7 +291,8 @@ void amd_iommu_flush_iotlb(u8 devfn, const struct pci_dev *pdev, if ( !iommu ) { - AMD_IOMMU_WARN("can't find IOMMU for %pp\n", &pdev->sbdf); + AMD_IOMMU_WARN("can't find IOMMU for %pp\n", + &PCI_SBDF3(pdev->seg, pdev->bus, devfn)); return; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 84858dea1f..3430e39a29 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -461,7 +461,7 @@ static int cf_check reassign_device( if ( !iommu ) { AMD_IOMMU_WARN("failed to find IOMMU: %pp cannot be assigned to %pd\n", - &pdev->sbdf, target); + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), target); return -ENODEV; } @@ -497,8 +497,8 @@ static int cf_check reassign_device( return rc; } - AMD_IOMMU_DEBUG("Re-assign %pp from dom%d to dom%d\n", - &pdev->sbdf, source->domain_id, target->domain_id); + AMD_IOMMU_DEBUG("Re-assign %pp from %pd to %pd\n", + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), source, target); return 0; } @@ -575,7 +575,7 @@ static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) } AMD_IOMMU_WARN("no IOMMU for %pp; cannot be handed to %pd\n", - &pdev->sbdf, pdev->domain); + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), pdev->domain); return -ENODEV; } @@ -618,7 +618,7 @@ static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) ivrs_mappings[ivrs_mappings[bdf].dte_requestor_id].unity_map, 0) ) AMD_IOMMU_WARN("%pd: unity mapping failed for %pp\n", - pdev->domain, &pdev->sbdf); + pdev->domain, &PCI_SBDF2(pdev->seg, bdf)); if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) { @@ -651,7 +651,7 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) if ( !iommu ) { AMD_IOMMU_WARN("failed to find IOMMU: %pp cannot be removed from %pd\n", - &pdev->sbdf, pdev->domain); + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), pdev->domain); return -ENODEV; } @@ -664,7 +664,7 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) pdev->domain, ivrs_mappings[ivrs_mappings[bdf].dte_requestor_id].unity_map) ) AMD_IOMMU_WARN("%pd: unity unmapping failed for %pp\n", - pdev->domain, &pdev->sbdf); + pdev->domain, &PCI_SBDF2(pdev->seg, bdf)); amd_iommu_quarantine_teardown(pdev); diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index d86ae67ae2..136cc8ae3d 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1406,7 +1406,7 @@ static int iommu_add_device(struct pci_dev *pdev) rc = iommu_call(hd->platform_ops, add_device, devfn, pci_to_dev(pdev)); if ( rc ) printk(XENLOG_WARNING "IOMMU: add %pp failed (%d)\n", - &pdev->sbdf, rc); + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), rc); } } @@ -1451,7 +1451,8 @@ static int iommu_remove_device(struct pci_dev *pdev) if ( !rc ) continue; - printk(XENLOG_ERR "IOMMU: remove %pp failed (%d)\n", &pdev->sbdf, rc); + printk(XENLOG_ERR "IOMMU: remove %pp failed (%d)\n", + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), rc); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 14 01:11:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 14 Apr 2022 01:11:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.304426.519045 (Exim 4.92) (envelope-from ) id 1neo0k-00039o-Sx; Thu, 14 Apr 2022 01:11:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 304426.519045; Thu, 14 Apr 2022 01:11:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neo0k-00039g-Q5; Thu, 14 Apr 2022 01:11:02 +0000 Received: by outflank-mailman (input) for mailman id 304426; Thu, 14 Apr 2022 01:11:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neo0j-00039a-LP for xen-changelog@lists.xenproject.org; Thu, 14 Apr 2022 01:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neo0j-00057v-Kb for xen-changelog@lists.xenproject.org; Thu, 14 Apr 2022 01:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1neo0j-0005J1-Jf for xen-changelog@lists.xenproject.org; Thu, 14 Apr 2022 01:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=icdbmM0nECGA3Mm/z3d48fvGzyNzULIUho9pPjTfThY=; b=vn+Z2kVUt3RcZd0+zjnJyrwA1Z 7ilidFwmxjn1MdXVZXhp5I2FiN0VS24n5pvO5Y/mSiuTTfvNDs3YXe+Dna4L77PVparzRjBrS0N+n lMigMRTIc7LFYisc8x/DsgO3Uk9nKCejFm31W0NuiA3I1FdXF2wphnTqXcrCjzggMx5k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: adding out-of-tree support to the xen build Message-Id: Date: Thu, 14 Apr 2022 01:11:01 +0000 commit 7115fa562fe79c8a8733f6b821d4eea62ed56516 Author: Anthony PERARD AuthorDate: Wed Apr 13 12:33:21 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 13 12:33:21 2022 +0200 build: adding out-of-tree support to the xen build This implement out-of-tree support, there's two ways to create an out-of-tree build tree (after that, `make` in that new directory works): make O=build mkdir build; cd build; make -f ../Makefile also works with an absolute path for both. This implementation only works if the source tree is clean, as we use VPATH. This patch copies most new code with handling out-of-tree build from Linux v5.12. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich Reviewed-by: Daniel P. Smith Acked-by: Julien Grall Tested-by: Julien Grall Acked-by: Ross Lagerwall # livepatch --- .gitignore | 1 + xen/Makefile | 143 ++++++++++++++++++++++++++++++++++++++----- xen/Rules.mk | 11 +++- xen/arch/x86/arch.mk | 5 +- xen/arch/x86/boot/Makefile | 6 ++ xen/common/efi/efi-common.mk | 3 +- xen/include/Makefile | 11 ++-- xen/test/livepatch/Makefile | 2 + xen/xsm/flask/Makefile | 3 +- xen/xsm/flask/ss/Makefile | 1 + 10 files changed, 164 insertions(+), 22 deletions(-) diff --git a/.gitignore b/.gitignore index d425be4bd9..c6d2c4b4f1 100644 --- a/.gitignore +++ b/.gitignore @@ -325,6 +325,7 @@ xen/include/xen/*.new xen/include/xen/acm_policy.h xen/include/xen/compile.h xen/include/xen/lib/x86/cpuid-autogen.h +xen/source xen/test/livepatch/config.h xen/test/livepatch/expect_config.h xen/test/livepatch/*.livepatch diff --git a/xen/Makefile b/xen/Makefile index ebc7854c08..dd05672ff4 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -1,3 +1,7 @@ +# $(lastword,) for GNU Make older than 3.81 +lastword = $(word $(words $(1)),$(1)) +this-makefile := $(call lastword,$(MAKEFILE_LIST)) + # This is the correct place to edit the build version. # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 @@ -19,6 +23,13 @@ export PYTHON ?= $(PYTHON_INTERPRETER) export CHECKPOLICY ?= checkpolicy +$(if $(filter __%, $(MAKECMDGOALS)), \ + $(error targets prefixed with '__' are only for internal use)) + +# That's our default target when none is given on the command line +PHONY := __all +__all: + # Do not use make's built-in rules and variables MAKEFLAGS += -rR @@ -37,9 +48,6 @@ export CC CXX LD NM OBJCOPY OBJDUMP ADDR2LINE export TARGET := xen -.PHONY: default -default: build - .PHONY: dist dist: install @@ -118,16 +126,88 @@ endif export quiet Q KBUILD_VERBOSE +# $(realpath,) for GNU Make older than 3.81 +realpath = $(wildcard $(foreach file,$(1),$(shell cd -P $(dir $(file)) && echo "$$PWD/$(notdir $(file))"))) + +ifeq ("$(origin O)", "command line") + KBUILD_OUTPUT := $(O) +endif + +ifneq ($(KBUILD_OUTPUT),) +# Make's built-in functions such as $(abspath ...), $(realpath ...) cannot +# expand a shell special character '~'. We use a somewhat tedious way here. +abs_objtree := $(shell mkdir -p $(KBUILD_OUTPUT) && cd $(KBUILD_OUTPUT) && pwd) +$(if $(abs_objtree),, \ + $(error failed to create output directory "$(KBUILD_OUTPUT)")) + +# $(realpath ...) resolves symlinks +abs_objtree := $(call realpath,$(abs_objtree)) +else abs_objtree := $(CURDIR) -abs_srctree := $(CURDIR) +endif + +ifeq ($(abs_objtree),$(CURDIR)) +# Suppress "Entering directory ..." unless we are changing the work directory. +MAKEFLAGS += --no-print-directory +else +need-sub-make := 1 +endif + +abs_srctree := $(call realpath,$(dir $(this-makefile))) + +ifneq ($(words $(subst :, ,$(abs_srctree))), 1) +$(error source directory cannot contain spaces or colons) +endif + +ifneq ($(abs_srctree),$(abs_objtree)) +# Look for make include files relative to root of kernel src +# +# This does not become effective immediately because MAKEFLAGS is re-parsed +# once after the Makefile is read. We need to invoke sub-make. +MAKEFLAGS += --include-dir=$(abs_srctree) +need-sub-make := 1 +endif export abs_srctree abs_objtree +export root-make-done := y + +ifeq ($(need-sub-make),1) + +PHONY += $(MAKECMDGOALS) __sub-make + +$(filter-out $(this-makefile), $(MAKECMDGOALS)) __all: __sub-make + @: + +# Invoke a second make in the output directory, passing relevant variables +__sub-make: + $(Q)$(MAKE) -C $(abs_objtree) -f $(abs_srctree)/Makefile $(MAKECMDGOALS) + +endif # need-sub-make +endif # root-make-done + +# We process the rest of the Makefile if this is the final invocation of make +ifeq ($(need-sub-make),) + +ifeq ($(abs_srctree),$(abs_objtree)) + # building in the source tree + srctree := . + building_out_of_srctree := +else + ifeq ($(abs_srctree)/,$(dir $(abs_objtree))) + # building in a subdirectory of the source tree + srctree := .. + else + srctree := $(abs_srctree) + endif + building_out_of_srctree := 1 +endif -srctree := . objtree := . -export srctree objtree +VPATH := $(srctree) + +export building_out_of_srctree srctree objtree VPATH -export XEN_ROOT := $(CURDIR)/.. +export XEN_ROOT := $(abs_srctree)/.. # To make sure we do not include .config for any of the *config targets # catch them early, and hand them over to tools/kconfig/Makefile @@ -204,9 +284,6 @@ endif export XEN_HAS_CHECKPOLICY := $(call success,$(CHECKPOLICY) -h 2>&1 | grep -q xen) -export root-make-done := y -endif # root-make-done - # =========================================================================== # Rules shared between *config targets and build targets @@ -214,6 +291,37 @@ PHONY += tools_fixdep tools_fixdep: $(Q)$(MAKE) $(build)=tools tools/fixdep +PHONY += outputmakefile +# Before starting out-of-tree build, make sure the source tree is clean. +# outputmakefile generates a Makefile in the output directory, if using a +# separate output directory. This allows convenient use of make in the +# output directory. +# At the same time when output Makefile generated, generate .gitignore to +# ignore whole output directory + +quiet_cmd_makefile = GEN Makefile +cmd_makefile = { \ + echo "\# Automatically generated by $(srctree)/Makefile: don't edit"; \ + echo "include $(srctree)/Makefile"; \ + } > Makefile + +outputmakefile: + $(Q)ln -fsn $(srctree) source +ifdef building_out_of_srctree + $(Q)if [ -f $(srctree)/.config -o \ + -d $(srctree)/include/config -o \ + -d $(srctree)/include/generated ]; then \ + echo >&2 "***"; \ + echo >&2 "*** The source tree is not clean, please run 'make$(if $(findstring command line, $(origin XEN_TARGET_ARCH)), XEN_TARGET_ARCH=$(XEN_TARGET_ARCH)) distclean'"; \ + echo >&2 "*** in $(abs_srctree)";\ + echo >&2 "***"; \ + false; \ + fi + $(call cmd,makefile) + $(Q)test -e .gitignore || \ + { echo "# this is build directory, ignore it"; echo "*"; } > .gitignore +endif + ifeq ($(config-build),y) # =========================================================================== # *config targets only - make sure prerequisites are updated, and descend @@ -229,13 +337,13 @@ filechk_kconfig_allconfig = \ .allconfig.tmp: FORCE set -e; { $(call filechk_kconfig_allconfig); } > $@ -config: tools_fixdep FORCE +config: tools_fixdep outputmakefile FORCE $(Q)$(MAKE) $(build)=tools/kconfig $@ # Config.mk tries to include .config file, don't try to remake it %/.config: ; -%config: .allconfig.tmp tools_fixdep FORCE +%config: .allconfig.tmp tools_fixdep outputmakefile FORCE $(Q)$(MAKE) $(build)=tools/kconfig KCONFIG_ALLCONFIG=$< $@ else # !config-build @@ -312,6 +420,10 @@ CFLAGS += -flto LDFLAGS-$(CONFIG_CC_IS_CLANG) += -plugin LLVMgold.so endif +ifdef building_out_of_srctree + CFLAGS += -I$(objtree)/include + CFLAGS += -I$(objtree)/arch/$(TARGET_ARCH)/include +endif CFLAGS += -I$(srctree)/include CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include @@ -335,6 +447,8 @@ export CFLAGS_UBSAN endif # need-config +__all: build + main-targets := build install uninstall clean distclean MAP .PHONY: $(main-targets) ifneq ($(XEN_TARGET_ARCH),x86_32) @@ -431,13 +545,13 @@ _clean: .PHONY: _distclean _distclean: clean - rm -f tags TAGS cscope.files cscope.in.out cscope.out cscope.po.out GTAGS GPATH GRTAGS GSYMS .config + rm -f tags TAGS cscope.files cscope.in.out cscope.out cscope.po.out GTAGS GPATH GRTAGS GSYMS .config source $(TARGET).gz: $(TARGET) gzip -n -f -9 < $< > $@.new mv $@.new $@ -$(TARGET): FORCE +$(TARGET): outputmakefile FORCE $(Q)$(MAKE) $(build)=tools $(Q)$(MAKE) $(build)=. include/xen/compile.h $(Q)$(MAKE) $(build)=include all @@ -506,6 +620,7 @@ cloc: done | cloc --list-file=- endif #config-build +endif # need-sub-make PHONY += FORCE FORCE: diff --git a/xen/Rules.mk b/xen/Rules.mk index 57a0294555..70b7489ea8 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -37,7 +37,7 @@ SPECIAL_DATA_SECTIONS := rodata $(foreach a,1 2 4 8 16, \ $(foreach r,rel rel.ro,data.$(r).local) # The filename build.mk has precedence over Makefile -include $(firstword $(wildcard $(src)/build.mk) $(src)/Makefile) +include $(firstword $(wildcard $(srcdir)/build.mk) $(srcdir)/Makefile) # Linking # --------------------------------------------------------------------------- @@ -328,6 +328,15 @@ existing-targets := $(wildcard $(sort $(targets))) -include $(foreach f,$(existing-targets),$(dir $(f)).$(notdir $(f)).cmd) +# Create directories for object files if they do not exist +obj-dirs := $(sort $(patsubst %/,%, $(dir $(targets)))) +# If targets exist, their directories apparently exist. Skip mkdir. +existing-dirs := $(sort $(patsubst %/,%, $(dir $(existing-targets)))) +obj-dirs := $(strip $(filter-out $(existing-dirs), $(obj-dirs))) +ifneq ($(obj-dirs),) +$(shell mkdir -p $(obj-dirs)) +endif + # Declare the contents of the PHONY variable as phony. We keep that # information in a variable so we can use it in if_changed and friends. .PHONY: $(PHONY) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index cfde143053..fce2ef5b67 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -77,6 +77,9 @@ ifneq ($(CONFIG_PV_SHIM_EXCLUSIVE),y) efi-check := arch/x86/efi/check +# Create the directory for out-of-tree build +$(shell mkdir -p $(dir $(efi-check))) + # Check if the compiler supports the MS ABI. XEN_BUILD_EFI := $(call if-success,$(CC) $(CFLAGS) -c $(srctree)/$(efi-check).c -o $(efi-check).o,y) @@ -116,4 +119,4 @@ export EFI_LDFLAGS endif # Set up the assembler include path properly for older toolchains. -CFLAGS += -Wa,-I$(srctree)/include +CFLAGS += -Wa,-I$(objtree)/include -Wa,-I$(srctree)/include diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index ca8001c72b..784655f5e2 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -7,11 +7,17 @@ targets += $(head-srcs:.S=.o) head-srcs := $(addprefix $(obj)/, $(head-srcs)) +ifdef building_out_of_srctree +$(obj)/head.o: CFLAGS-y += -iquote $(obj) +endif $(obj)/head.o: $(head-srcs) CFLAGS_x86_32 := $(subst -m64,-m32 -march=i686,$(XEN_TREEWIDE_CFLAGS)) $(call cc-options-add,CFLAGS_x86_32,CC,$(EMBEDDED_EXTRA_CFLAGS)) CFLAGS_x86_32 += -Werror -fno-builtin -g0 -msoft-float +ifdef building_out_of_srctree +CFLAGS_x86_32 += -I$(objtree)/include +endif CFLAGS_x86_32 += -I$(srctree)/include # override for 32bit binaries diff --git a/xen/common/efi/efi-common.mk b/xen/common/efi/efi-common.mk index 960d44a6d5..4298ceaee7 100644 --- a/xen/common/efi/efi-common.mk +++ b/xen/common/efi/efi-common.mk @@ -3,12 +3,13 @@ EFIOBJ-$(CONFIG_COMPAT) += compat.o CFLAGS-y += -fshort-wchar CFLAGS-y += -iquote $(srctree)/common/efi +CFLAGS-y += -iquote $(srcdir) # Part of the command line transforms $(obj) # e.g.: It transforms "dir/foo/bar" into successively # "dir foo bar", ".. .. ..", "../../.." $(obj)/%.c: $(srctree)/common/efi/%.c FORCE - $(Q)ln -nfs $(subst $(space),/,$(patsubst %,..,$(subst /, ,$(obj))))/common/efi/$(> $@.new;) mv $@.new $@ @@ -129,8 +130,9 @@ $(obj)/headers++.chk: $(PUBLIC_HEADERS) $(srcdir)/Makefile $(foreach i, $(filter %.h,$^), \ echo "#include "\"$(i)\" \ | $(CXX) -x c++ -std=gnu++98 -Wall -Werror -D__XEN_TOOLS__ \ - -include stdint.h -include $(src)/public/xen.h \ - $(foreach j, $($(i)-prereq), -include c$(j)) -S -o /dev/null - \ + -include stdint.h -include $(srcdir)/public/xen.h \ + $(foreach j, $($(patsubst $(srctree)/%,%,$i)-prereq), -include c$(j)) \ + -S -o /dev/null - \ || exit $$?; echo $(i) >> $@.new;) mv $@.new $@ @@ -139,7 +141,8 @@ endif ifeq ($(XEN_TARGET_ARCH),x86_64) .PHONY: lib-x86-all lib-x86-all: - $(MAKE) -C $(obj)/xen/lib/x86 all + @mkdir -p $(obj)/xen/lib/x86 + $(MAKE) -C $(obj)/xen/lib/x86 -f $(abs_srctree)/$(src)/xen/lib/x86/Makefile all all: lib-x86-all endif diff --git a/xen/test/livepatch/Makefile b/xen/test/livepatch/Makefile index ddb0737131..c258ab0b59 100644 --- a/xen/test/livepatch/Makefile +++ b/xen/test/livepatch/Makefile @@ -11,6 +11,8 @@ endif CODE_ADDR=$(shell nm --defined $(1) | grep $(2) | awk '{print "0x"$$1}') CODE_SZ=$(shell nm --defined -S $(1) | grep $(2) | awk '{ print "0x"$$2}') +CFLAGS-y += -iquote $(obj) + extra-y += xen_hello_world.livepatch xen_hello_world-objs := xen_hello_world_func.o xen_hello_world.o note.o xen_note.o modinfo.o $(obj)/xen_hello_world.o: $(obj)/config.h diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index a99038cb57..d25312f4fa 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -4,7 +4,8 @@ obj-y += flask_op.o obj-y += ss/ -CFLAGS-y += -I$(obj)/include +CFLAGS-y += -iquote $(obj)/include +CFLAGS-y += -I$(srcdir)/include AWK = awk diff --git a/xen/xsm/flask/ss/Makefile b/xen/xsm/flask/ss/Makefile index aba1339f38..ffe92ec19e 100644 --- a/xen/xsm/flask/ss/Makefile +++ b/xen/xsm/flask/ss/Makefile @@ -8,4 +8,5 @@ obj-y += services.o obj-y += conditional.o obj-y += mls.o +CFLAGS-y += -iquote $(objtree)/xsm/flask/include CFLAGS-y += -I$(srctree)/xsm/flask/include -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 14 01:11:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 14 Apr 2022 01:11:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.304427.519049 (Exim 4.92) (envelope-from ) id 1neo0u-0003D0-UN; Thu, 14 Apr 2022 01:11:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 304427.519049; Thu, 14 Apr 2022 01:11:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neo0u-0003Cs-Rc; Thu, 14 Apr 2022 01:11:12 +0000 Received: by outflank-mailman (input) for mailman id 304427; Thu, 14 Apr 2022 01:11:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neo0t-0003Ch-OX for xen-changelog@lists.xenproject.org; Thu, 14 Apr 2022 01:11:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neo0t-00058M-No for xen-changelog@lists.xenproject.org; Thu, 14 Apr 2022 01:11:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1neo0t-0005Je-Mx for xen-changelog@lists.xenproject.org; Thu, 14 Apr 2022 01:11:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wh+OIY5H3moeAWFX4DUCHDHO5Y0F49pEgV03dCyvpTA=; b=Dkd4ViD7l4PF64mA7kodji+IlG sc6gt9cV/q/n9fPwfnVWQtT/9vHi4yRN6GDHDDqQDcwvgZfo+NWmPU88bO/DuycCcR9HsH1MTkYGK 4Umyf/wTGfrpu7XnGCK4qkct8x+jAGg6XxCFWBk63sXAmfey91KauZLgFAv9o7t6TOAs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: replace a few PCI_BDF2() Message-Id: Date: Thu, 14 Apr 2022 01:11:11 +0000 commit e687e72174b73bb1d23ff79f9ef580201243d35f Author: Jan Beulich AuthorDate: Wed Apr 13 12:35:17 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 13 12:35:17 2022 +0200 AMD/IOMMU: replace a few PCI_BDF2() struct pci_dev has the wanted value directly available; use it. Note that this fixes a - imo benign - mistake in reassign_device(): The unity map removal ought to be based on the passed in devfn (as is the case on the establishing side). This is benign because the mappings would be removed anyway a little later, when the "main" device gets processed. While there also limit the scope of two variables in that function. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/amd/iommu_cmd.c | 2 +- xen/drivers/passthrough/amd/iommu_intr.c | 2 +- xen/drivers/passthrough/amd/pci_amd_iommu.c | 18 ++++++++---------- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_cmd.c b/xen/drivers/passthrough/amd/iommu_cmd.c index 809d93b89f..000ae1bf59 100644 --- a/xen/drivers/passthrough/amd/iommu_cmd.c +++ b/xen/drivers/passthrough/amd/iommu_cmd.c @@ -287,7 +287,7 @@ void amd_iommu_flush_iotlb(u8 devfn, const struct pci_dev *pdev, if ( !pci_ats_enabled(pdev->seg, pdev->bus, pdev->devfn) ) return; - iommu = find_iommu_for_device(pdev->seg, PCI_BDF2(pdev->bus, pdev->devfn)); + iommu = find_iommu_for_device(pdev->seg, pdev->sbdf.bdf); if ( !iommu ) { diff --git a/xen/drivers/passthrough/amd/iommu_intr.c b/xen/drivers/passthrough/amd/iommu_intr.c index cebf9ceca7..464c3279a0 100644 --- a/xen/drivers/passthrough/amd/iommu_intr.c +++ b/xen/drivers/passthrough/amd/iommu_intr.c @@ -617,7 +617,7 @@ int cf_check amd_iommu_msi_msg_update_ire( unsigned int i, nr = 1; u32 data; - bdf = pdev ? PCI_BDF2(pdev->bus, pdev->devfn) : hpet_sbdf.bdf; + bdf = pdev ? pdev->sbdf.bdf : hpet_sbdf.bdf; seg = pdev ? pdev->seg : hpet_sbdf.seg; iommu = _find_iommu_for_device(seg, bdf); diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index dee51efd1a..84858dea1f 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -455,11 +455,9 @@ static int cf_check reassign_device( struct pci_dev *pdev) { struct amd_iommu *iommu; - int bdf, rc; - const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + int rc; - bdf = PCI_BDF2(pdev->bus, pdev->devfn); - iommu = find_iommu_for_device(pdev->seg, bdf); + iommu = find_iommu_for_device(pdev->seg, pdev->sbdf.bdf); if ( !iommu ) { AMD_IOMMU_WARN("failed to find IOMMU: %pp cannot be assigned to %pd\n", @@ -489,6 +487,9 @@ static int cf_check reassign_device( */ if ( !is_hardware_domain(source) ) { + const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); + unsigned int bdf = PCI_BDF2(pdev->bus, devfn); + rc = amd_iommu_reserve_domain_unity_unmap( source, ivrs_mappings[get_dma_requestor_id(pdev->seg, bdf)].unity_map); @@ -558,13 +559,11 @@ static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - bdf = PCI_BDF2(pdev->bus, pdev->devfn); - for_each_amd_iommu(iommu) - if ( pdev->seg == iommu->seg && bdf == iommu->bdf ) + if ( pdev->seg == iommu->seg && pdev->sbdf.bdf == iommu->bdf ) return is_hardware_domain(pdev->domain) ? 0 : -ENODEV; - iommu = find_iommu_for_device(pdev->seg, bdf); + iommu = find_iommu_for_device(pdev->seg, pdev->sbdf.bdf); if ( unlikely(!iommu) ) { /* Filter bridge devices. */ @@ -648,8 +647,7 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) if ( !pdev->domain ) return -EINVAL; - bdf = PCI_BDF2(pdev->bus, pdev->devfn); - iommu = find_iommu_for_device(pdev->seg, bdf); + iommu = find_iommu_for_device(pdev->seg, pdev->sbdf.bdf); if ( !iommu ) { AMD_IOMMU_WARN("failed to find IOMMU: %pp cannot be removed from %pd\n", -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 14 01:11:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 14 Apr 2022 01:11:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.304428.519053 (Exim 4.92) (envelope-from ) id 1neo14-0003Fu-Vy; Thu, 14 Apr 2022 01:11:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 304428.519053; Thu, 14 Apr 2022 01:11:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neo14-0003Fk-T4; Thu, 14 Apr 2022 01:11:22 +0000 Received: by outflank-mailman (input) for mailman id 304428; Thu, 14 Apr 2022 01:11:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neo13-0003FU-Rq for xen-changelog@lists.xenproject.org; Thu, 14 Apr 2022 01:11:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1neo13-00058i-Qw for xen-changelog@lists.xenproject.org; Thu, 14 Apr 2022 01:11:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1neo13-0005KS-Py for xen-changelog@lists.xenproject.org; Thu, 14 Apr 2022 01:11:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rWpFquaxvjOj18bzHiePzvzZ28QyX6kWhPGBnkVwmPs=; b=5mv3kISIXYQleij2aSwAOdYEzc 8SwTPg8qLmwQ8CIYSmJDAR/v4iFIophL7n5GG86geT3FOesgodwA95qSi8Orfartll6E8r97pU2jR 0gSAsMCcLfL+WKcmqdRSTKfDEW5kT0h3IDxLpUPJbqesksWY53ZtmiktE1qp4VEWRAqo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU: log appropriate SBDF Message-Id: Date: Thu, 14 Apr 2022 01:11:21 +0000 commit e509b5f932608e74deac96048b28a5e9b210c647 Author: Jan Beulich AuthorDate: Wed Apr 13 12:36:03 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 13 12:36:03 2022 +0200 IOMMU: log appropriate SBDF To handle phantom devices, several functions are passed separate "devfn" arguments besides a PCI device. In such cases we want to log the phantom device's coordinates instead of the main one's. (Note that not all of the instances being changed are fallout from the referenced commit.) Fixes: 1ee1441835f4 ("print: introduce a format specifier for pci_sbdf_t") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/amd/iommu_cmd.c | 3 ++- xen/drivers/passthrough/amd/pci_amd_iommu.c | 14 +++++++------- xen/drivers/passthrough/pci.c | 5 +++-- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_cmd.c b/xen/drivers/passthrough/amd/iommu_cmd.c index 000ae1bf59..c26ad9e7d7 100644 --- a/xen/drivers/passthrough/amd/iommu_cmd.c +++ b/xen/drivers/passthrough/amd/iommu_cmd.c @@ -291,7 +291,8 @@ void amd_iommu_flush_iotlb(u8 devfn, const struct pci_dev *pdev, if ( !iommu ) { - AMD_IOMMU_WARN("can't find IOMMU for %pp\n", &pdev->sbdf); + AMD_IOMMU_WARN("can't find IOMMU for %pp\n", + &PCI_SBDF3(pdev->seg, pdev->bus, devfn)); return; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 84858dea1f..3430e39a29 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -461,7 +461,7 @@ static int cf_check reassign_device( if ( !iommu ) { AMD_IOMMU_WARN("failed to find IOMMU: %pp cannot be assigned to %pd\n", - &pdev->sbdf, target); + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), target); return -ENODEV; } @@ -497,8 +497,8 @@ static int cf_check reassign_device( return rc; } - AMD_IOMMU_DEBUG("Re-assign %pp from dom%d to dom%d\n", - &pdev->sbdf, source->domain_id, target->domain_id); + AMD_IOMMU_DEBUG("Re-assign %pp from %pd to %pd\n", + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), source, target); return 0; } @@ -575,7 +575,7 @@ static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) } AMD_IOMMU_WARN("no IOMMU for %pp; cannot be handed to %pd\n", - &pdev->sbdf, pdev->domain); + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), pdev->domain); return -ENODEV; } @@ -618,7 +618,7 @@ static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) ivrs_mappings[ivrs_mappings[bdf].dte_requestor_id].unity_map, 0) ) AMD_IOMMU_WARN("%pd: unity mapping failed for %pp\n", - pdev->domain, &pdev->sbdf); + pdev->domain, &PCI_SBDF2(pdev->seg, bdf)); if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) { @@ -651,7 +651,7 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) if ( !iommu ) { AMD_IOMMU_WARN("failed to find IOMMU: %pp cannot be removed from %pd\n", - &pdev->sbdf, pdev->domain); + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), pdev->domain); return -ENODEV; } @@ -664,7 +664,7 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) pdev->domain, ivrs_mappings[ivrs_mappings[bdf].dte_requestor_id].unity_map) ) AMD_IOMMU_WARN("%pd: unity unmapping failed for %pp\n", - pdev->domain, &pdev->sbdf); + pdev->domain, &PCI_SBDF2(pdev->seg, bdf)); amd_iommu_quarantine_teardown(pdev); diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index d86ae67ae2..136cc8ae3d 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1406,7 +1406,7 @@ static int iommu_add_device(struct pci_dev *pdev) rc = iommu_call(hd->platform_ops, add_device, devfn, pci_to_dev(pdev)); if ( rc ) printk(XENLOG_WARNING "IOMMU: add %pp failed (%d)\n", - &pdev->sbdf, rc); + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), rc); } } @@ -1451,7 +1451,8 @@ static int iommu_remove_device(struct pci_dev *pdev) if ( !rc ) continue; - printk(XENLOG_ERR "IOMMU: remove %pp failed (%d)\n", &pdev->sbdf, rc); + printk(XENLOG_ERR "IOMMU: remove %pp failed (%d)\n", + &PCI_SBDF3(pdev->seg, pdev->bus, devfn), rc); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Apr 19 09:33:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Apr 2022 09:33:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.307963.523390 (Exim 4.92) (envelope-from ) id 1ngkEL-0001M1-NT; Tue, 19 Apr 2022 09:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 307963.523390; Tue, 19 Apr 2022 09:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngkEL-0001Lt-KY; Tue, 19 Apr 2022 09:33:05 +0000 Received: by outflank-mailman (input) for mailman id 307963; Tue, 19 Apr 2022 09:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngkEK-0001Ln-Jt for xen-changelog@lists.xenproject.org; Tue, 19 Apr 2022 09:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngkEK-0002uT-IG for xen-changelog@lists.xenproject.org; Tue, 19 Apr 2022 09:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ngkEK-0004GQ-HD for xen-changelog@lists.xenproject.org; Tue, 19 Apr 2022 09:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zswxu8LrxeGAHw56pmA4eoykXMt4IiTLXtKGZjVfZec=; b=rd+oikMwU0xb0+agfm9DMUzsaU DFy+RcvHNADi6SkWJHk7U5VNoqRX8J9sEg3KTpkZgCUKO38KeO07YwjnEPx8q0rbNjTXZvPVGU4G2 t524h7A0VeiQa4esan06OB5BUajGbsaToP98saMMbd8DspjlQICTnR4Z9Jm5e4nm+QFc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/debug: Drop unnecessary include of compile.h Message-Id: Date: Tue, 19 Apr 2022 09:33:04 +0000 commit b881cb95cb034466d3dd9be52f5a7e6594148a90 Author: Andrew Cooper AuthorDate: Thu Apr 14 10:01:53 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 14 17:09:01 2022 +0100 x86/debug: Drop unnecessary include of compile.h compile.h changes across incremental builds, but nothing in debug.c uses it. This avoids debug.c getting rebuilt on every incremental build. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/debug.c | 1 - 1 file changed, 1 deletion(-) diff --git a/xen/arch/x86/debug.c b/xen/arch/x86/debug.c index d90dc93056..d16f6e6f8d 100644 --- a/xen/arch/x86/debug.c +++ b/xen/arch/x86/debug.c @@ -15,7 +15,6 @@ */ #include -#include #include #include #include -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 19 17:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Apr 2022 17:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.308405.524135 (Exim 4.92) (envelope-from ) id 1ngrNZ-00063w-U9; Tue, 19 Apr 2022 17:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 308405.524135; Tue, 19 Apr 2022 17:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngrNZ-00063o-R6; Tue, 19 Apr 2022 17:11:05 +0000 Received: by outflank-mailman (input) for mailman id 308405; Tue, 19 Apr 2022 17:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngrNY-00063d-Py for xen-changelog@lists.xenproject.org; Tue, 19 Apr 2022 17:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngrNY-0003Ry-NR for xen-changelog@lists.xenproject.org; Tue, 19 Apr 2022 17:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ngrNY-0005BS-MJ for xen-changelog@lists.xenproject.org; Tue, 19 Apr 2022 17:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=X5eED+G3colUZuqP2GD6CTWyJUMfJ8DEIhqhNx2gSLk=; b=ZyKLWb9apkFIT/5i1PE2B1+XFD ZK5WrYNgf1RZhMF6cGQ3h5Fgf+FyVrGYFL83Paf4RGfxAdw0wSnQ6e7l5A8GCpSEjcBUeRVLb+q/j 29NzmCJnYIARAFoF7YJ+ZMkaQcneSskYP1PtO8TMqiExKMzEhNkK43mhjC9H4AJc/QPg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: fix XEN_DOMCTL_gdbsx_guestmemio crash Message-Id: Date: Tue, 19 Apr 2022 17:11:04 +0000 commit f00daf1fb3213a9b0335d9dcd90fe9cb5c02b7a9 Author: Juergen Gross AuthorDate: Tue Apr 19 15:52:52 2022 +0200 Commit: Andrew Cooper CommitDate: Tue Apr 19 17:07:08 2022 +0100 xen: fix XEN_DOMCTL_gdbsx_guestmemio crash A hypervisor built without CONFIG_GDBSX will crash in case the XEN_DOMCTL_gdbsx_guestmemio domctl is being called, as the call will end up in iommu_do_domctl() with d == NULL: (XEN) CPU: 6 (XEN) RIP: e008:[] iommu_do_domctl+0x4/0x30 (XEN) RFLAGS: 0000000000010202 CONTEXT: hypervisor (d0v0) (XEN) rax: 00000000000003e8 rbx: ffff830856277ef8 rcx: ffff830856277fff ... (XEN) Xen call trace: (XEN) [] R iommu_do_domctl+0x4/0x30 (XEN) [] S arch_do_domctl+0x7f/0x2330 (XEN) [] S do_domctl+0xe56/0x1930 (XEN) [] S do_domctl+0/0x1930 (XEN) [] S pv_hypercall+0x99/0x110 (XEN) [] S arch/x86/pv/domain.c#_toggle_guest_pt+0x11/0x90 (XEN) [] S lstar_enter+0x128/0x130 (XEN) (XEN) Pagetable walk from 0000000000000144: (XEN) L4[0x000] = 0000000000000000 ffffffffffffffff (XEN) (XEN) **************************************** (XEN) Panic on CPU 6: (XEN) FATAL PAGE FAULT (XEN) [error_code=0000] (XEN) Faulting linear address: 0000000000000144 (XEN) **************************************** It used to be permitted to pass DOMID_IDLE to dbg_rw_mem(), which is why the special case skipping the domid checks exists. Now that it is only permitted to pass proper domids, remove the special case, making 'd' always valid. Reported-by: Cheyenne Wills Fixes: e726a82ca0dc ("xen: make gdbsx support configurable") Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/common/domctl.c | 1 - 1 file changed, 1 deletion(-) diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 57135d4478..5879117580 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -308,7 +308,6 @@ long cf_check do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) if ( op->domain == DOMID_INVALID ) { case XEN_DOMCTL_createdomain: - case XEN_DOMCTL_gdbsx_guestmemio: d = NULL; break; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 19 17:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Apr 2022 17:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.308406.524139 (Exim 4.92) (envelope-from ) id 1ngrNj-00066L-VI; Tue, 19 Apr 2022 17:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 308406.524139; Tue, 19 Apr 2022 17:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngrNj-00066D-SY; Tue, 19 Apr 2022 17:11:15 +0000 Received: by outflank-mailman (input) for mailman id 308406; Tue, 19 Apr 2022 17:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngrNi-000662-RM for xen-changelog@lists.xenproject.org; Tue, 19 Apr 2022 17:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngrNi-0003S6-QW for xen-changelog@lists.xenproject.org; Tue, 19 Apr 2022 17:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ngrNi-0005C7-Pb for xen-changelog@lists.xenproject.org; Tue, 19 Apr 2022 17:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iTtiP7QoK4VK/DILOnI/M7+PZRFb+82OLbAfOD2eJmk=; b=ngQYoWR1uOMOKl9Uwa4dS27XT4 RHVRonb3FlA6PJvWZPUJ9He/aeGxFBhcpBwZYHqh1ID4qsi7mjH6VgYC0CGB6X9Lb2QrGEVVfSVxT BFHZJD51lN9S4oSSeQAzalX2G1A4ib+yxkJEd5AsC+zdRF39PmeO/bCQF/3sY2OdBebY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: cleanup gdbsx_guest_mem_io() call Message-Id: Date: Tue, 19 Apr 2022 17:11:14 +0000 commit 2ce9afd68e0bacc15b5570a983fa626cc4de9dbd Author: Juergen Gross AuthorDate: Tue Apr 19 15:52:53 2022 +0200 Commit: Andrew Cooper CommitDate: Tue Apr 19 17:10:15 2022 +0100 xen: cleanup gdbsx_guest_mem_io() call Modify the gdbsx_guest_mem_io() interface to take the already known domain pointer as parameter instead of the domid. This enables to remove some more code further down the call tree. Suggested-by: Jan Beulich Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/debug.c | 12 +++--------- xen/arch/x86/domctl.c | 6 +++--- xen/arch/x86/include/asm/debugger.h | 2 +- 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/debug.c b/xen/arch/x86/debug.c index d16f6e6f8d..91034a852e 100644 --- a/xen/arch/x86/debug.c +++ b/xen/arch/x86/debug.c @@ -158,17 +158,11 @@ static unsigned int dbg_rw_guest_mem(struct domain *dp, unsigned long addr, * Returns: number of bytes remaining to be copied. */ unsigned int dbg_rw_mem(unsigned long gva, XEN_GUEST_HANDLE_PARAM(void) buf, - unsigned int len, domid_t domid, bool toaddr, + unsigned int len, struct domain *d, bool toaddr, uint64_t pgd3) { - struct domain *d = rcu_lock_domain_by_id(domid); - - if ( d ) - { - if ( !d->is_dying ) - len = dbg_rw_guest_mem(d, gva, buf, len, toaddr, pgd3); - rcu_unlock_domain(d); - } + if ( d && !d->is_dying ) + len = dbg_rw_guest_mem(d, gva, buf, len, toaddr, pgd3); return len; } diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index e49f9e91b9..a6aae500a3 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -38,10 +38,10 @@ #include #ifdef CONFIG_GDBSX -static int gdbsx_guest_mem_io(domid_t domid, struct xen_domctl_gdbsx_memio *iop) +static int gdbsx_guest_mem_io(struct domain *d, struct xen_domctl_gdbsx_memio *iop) { iop->remain = dbg_rw_mem(iop->gva, guest_handle_from_ptr(iop->uva, void), - iop->len, domid, iop->gwr, iop->pgd3val); + iop->len, d, iop->gwr, iop->pgd3val); return iop->remain ? -EFAULT : 0; } @@ -828,7 +828,7 @@ long arch_do_domctl( #ifdef CONFIG_GDBSX case XEN_DOMCTL_gdbsx_guestmemio: domctl->u.gdbsx_guest_memio.remain = domctl->u.gdbsx_guest_memio.len; - ret = gdbsx_guest_mem_io(domctl->domain, &domctl->u.gdbsx_guest_memio); + ret = gdbsx_guest_mem_io(d, &domctl->u.gdbsx_guest_memio); if ( !ret ) copyback = true; break; diff --git a/xen/arch/x86/include/asm/debugger.h b/xen/arch/x86/include/asm/debugger.h index 99803bfd0c..221bcde137 100644 --- a/xen/arch/x86/include/asm/debugger.h +++ b/xen/arch/x86/include/asm/debugger.h @@ -94,7 +94,7 @@ static inline bool debugger_trap_entry( #ifdef CONFIG_GDBSX unsigned int dbg_rw_mem(unsigned long gva, XEN_GUEST_HANDLE_PARAM(void) buf, - unsigned int len, domid_t domid, bool toaddr, + unsigned int len, struct domain *d, bool toaddr, uint64_t pgd3); #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 19 20:44:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Apr 2022 20:44:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.308446.524198 (Exim 4.92) (envelope-from ) id 1nguhf-0005yx-FI; Tue, 19 Apr 2022 20:44:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 308446.524198; Tue, 19 Apr 2022 20:44:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nguhf-0005yp-CQ; Tue, 19 Apr 2022 20:44:03 +0000 Received: by outflank-mailman (input) for mailman id 308446; Tue, 19 Apr 2022 20:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nguhd-0005yj-WC for xen-changelog@lists.xenproject.org; Tue, 19 Apr 2022 20:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nguhd-0007e2-U6 for xen-changelog@lists.xenproject.org; Tue, 19 Apr 2022 20:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nguhd-0002hd-T5 for xen-changelog@lists.xenproject.org; Tue, 19 Apr 2022 20:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XiAJbc3GGUsP2eY3nN8dRVvL++lBzZ5BQfKC0U/fPok=; b=TGZQAVsveSbc2yZM2U7q3mjtPU FP5BKSIXVvKX3iYgFZlyOPzAba4Xnb+nKRLWfeXZIgf7n4+pdyfpJwUb8lCXZGbwL2ZpXwyC7DvTC 14ATW65lm2sIYBYAFEXBcBZQ/H04q7sDjYbXjNRtw4nrBcMSkR1FGcXTUG/0pCMYAYhM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/debug: Drop unnecessary include of compile.h Message-Id: Date: Tue, 19 Apr 2022 20:44:01 +0000 commit b881cb95cb034466d3dd9be52f5a7e6594148a90 Author: Andrew Cooper AuthorDate: Thu Apr 14 10:01:53 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 14 17:09:01 2022 +0100 x86/debug: Drop unnecessary include of compile.h compile.h changes across incremental builds, but nothing in debug.c uses it. This avoids debug.c getting rebuilt on every incremental build. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/debug.c | 1 - 1 file changed, 1 deletion(-) diff --git a/xen/arch/x86/debug.c b/xen/arch/x86/debug.c index d90dc93056..d16f6e6f8d 100644 --- a/xen/arch/x86/debug.c +++ b/xen/arch/x86/debug.c @@ -15,7 +15,6 @@ */ #include -#include #include #include #include -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 20 00:44:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Apr 2022 00:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.308532.524312 (Exim 4.92) (envelope-from ) id 1ngyRx-0003ZP-SZ; Wed, 20 Apr 2022 00:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 308532.524312; Wed, 20 Apr 2022 00:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngyRx-0003ZH-Pn; Wed, 20 Apr 2022 00:44:05 +0000 Received: by outflank-mailman (input) for mailman id 308532; Wed, 20 Apr 2022 00:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngyRw-0003ZB-U6 for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 00:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngyRw-0003wV-ST for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 00:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ngyRw-0001Mx-RU for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 00:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QmTAlu9jRjRUOjwz+xLERNLRHcRzlCZF3/IE21+FvJA=; b=zyVqeXu/rm01nAt060KyYdDkci OQ5eQ74IhAnrYoQkjjuTxNnTURVVaVEaM1ZNunp4MIKQF5hbKwi3wSY3y/K0KmNxoqnjpU/gqN7O7 1yMMnYCMxGWx+nq3SAFB3sQNiMoZFzV3xKYLI6ZtcmT+E2nXCwBCOIvJKhd/SCyN7dKo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Make use of DT_MATCH_TIMER in make_timer_node Message-Id: Date: Wed, 20 Apr 2022 00:44:04 +0000 commit 7e2a2defeb4f82efaf316396165de353130f6a4b Author: Michal Orzel AuthorDate: Thu Apr 14 11:58:43 2022 +0200 Commit: Stefano Stabellini CommitDate: Tue Apr 19 17:34:33 2022 -0700 xen/arm: Make use of DT_MATCH_TIMER in make_timer_node DT_MATCH_TIMER stores the compatible timer ids and as such should be used in all the places where we need to refer to them. make_timer_node explicitly lists the same ids as the ones defined in DT_MATCH_TIMER so make use of this macro instead. Signed-off-by: Michal Orzel Reviewed-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 8be01678de..1472ca4972 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -1672,8 +1672,7 @@ static int __init make_timer_node(const struct kernel_info *kinfo) void *fdt = kinfo->fdt; static const struct dt_device_match timer_ids[] __initconst = { - DT_MATCH_COMPATIBLE("arm,armv7-timer"), - DT_MATCH_COMPATIBLE("arm,armv8-timer"), + DT_MATCH_TIMER, { /* sentinel */ }, }; struct dt_device_node *dev; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 20 00:44:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Apr 2022 00:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.308533.524316 (Exim 4.92) (envelope-from ) id 1ngyS7-0003bb-Tx; Wed, 20 Apr 2022 00:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 308533.524316; Wed, 20 Apr 2022 00:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngyS7-0003bT-RC; Wed, 20 Apr 2022 00:44:15 +0000 Received: by outflank-mailman (input) for mailman id 308533; Wed, 20 Apr 2022 00:44:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngyS7-0003bJ-04 for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 00:44:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngyS6-0003wf-VY for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 00:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ngyS6-0001Nq-UW for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 00:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DsPfOPqwn9Z6IRhETneZ9335OY5OYq7xY2XiwTy7jsY=; b=AOcWNObnR8YFY2nfHzcIMHSPJM coxCCm7ztyDyiTBbu7k94lz4W893b7z/ktfVf3aJLDVykEs9tDRgki9uQi87cmoa4+sRQ5KI37CyE yv4lYf3EhTt16KXFNMeZzv1ocMSTsdAwqkNttaIw/U2nEIeu7DYzzUY2x1ONEz1mTc3w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Add i.MX lpuart driver Message-Id: Date: Wed, 20 Apr 2022 00:44:14 +0000 commit 44e17aa60d47a7c219cb1bf3bf1caf3f2eab3b2c Author: Peng Fan AuthorDate: Tue Apr 19 12:39:26 2022 +0800 Commit: Stefano Stabellini CommitDate: Tue Apr 19 17:35:58 2022 -0700 xen/arm: Add i.MX lpuart driver The i.MX LPUART Documentation: https://www.nxp.com/webapp/Download?colCode=IMX8QMIEC Chatper 13.6 Low Power Universal Asynchronous Receiver/ Transmitter (LPUART) Tested-by: Henry Wang Signed-off-by: Peng Fan Reviewed-by: Michal Orzel Acked-by: Stefano Stabellini --- xen/arch/arm/include/asm/imx-lpuart.h | 64 ++++++++ xen/drivers/char/Kconfig | 7 + xen/drivers/char/Makefile | 1 + xen/drivers/char/imx-lpuart.c | 275 ++++++++++++++++++++++++++++++++++ 4 files changed, 347 insertions(+) diff --git a/xen/arch/arm/include/asm/imx-lpuart.h b/xen/arch/arm/include/asm/imx-lpuart.h new file mode 100644 index 0000000000..fe859045dc --- /dev/null +++ b/xen/arch/arm/include/asm/imx-lpuart.h @@ -0,0 +1,64 @@ +/* + * xen/arch/arm/include/asm/imx-lpuart.h + * + * Common constant definition between early printk and the LPUART driver + * + * Peng Fan + * Copyright 2022 NXP + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef __ASM_ARM_IMX_LPUART_H__ +#define __ASM_ARM_IMX_LPUART_H__ + +/* 32-bit register definition */ +#define UARTBAUD (0x10) +#define UARTSTAT (0x14) +#define UARTCTRL (0x18) +#define UARTDATA (0x1C) +#define UARTMATCH (0x20) +#define UARTMODIR (0x24) +#define UARTFIFO (0x28) +#define UARTWATER (0x2c) + +#define UARTSTAT_TDRE BIT(23, UL) +#define UARTSTAT_TC BIT(22, UL) +#define UARTSTAT_RDRF BIT(21, UL) +#define UARTSTAT_OR BIT(19, UL) + +#define UARTBAUD_OSR_SHIFT (24) +#define UARTBAUD_OSR_MASK (0x1f) +#define UARTBAUD_SBR_MASK (0x1fff) +#define UARTBAUD_BOTHEDGE (0x00020000) +#define UARTBAUD_TDMAE (0x00800000) +#define UARTBAUD_RDMAE (0x00200000) + +#define UARTCTRL_TIE BIT(23, UL) +#define UARTCTRL_TCIE BIT(22, UL) +#define UARTCTRL_RIE BIT(21, UL) +#define UARTCTRL_ILIE BIT(20, UL) +#define UARTCTRL_TE BIT(19, UL) +#define UARTCTRL_RE BIT(18, UL) +#define UARTCTRL_M BIT(4, UL) + +#define UARTWATER_RXCNT_OFF 24 + +#endif /* __ASM_ARM_IMX_LPUART_H__ */ + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/drivers/char/Kconfig b/xen/drivers/char/Kconfig index 2ff5b288e2..e5f7b1d8eb 100644 --- a/xen/drivers/char/Kconfig +++ b/xen/drivers/char/Kconfig @@ -13,6 +13,13 @@ config HAS_CADENCE_UART This selects the Xilinx Zynq Cadence UART. If you have a Xilinx Zynq based board, say Y. +config HAS_IMX_LPUART + bool "i.MX LPUART driver" + default y + depends on ARM_64 + help + This selects the i.MX LPUART. If you have i.MX8QM based board, say Y. + config HAS_MVEBU bool "Marvell MVEBU UART driver" default y diff --git a/xen/drivers/char/Makefile b/xen/drivers/char/Makefile index 7c646d771c..14e67cf072 100644 --- a/xen/drivers/char/Makefile +++ b/xen/drivers/char/Makefile @@ -8,6 +8,7 @@ obj-$(CONFIG_HAS_MVEBU) += mvebu-uart.o obj-$(CONFIG_HAS_OMAP) += omap-uart.o obj-$(CONFIG_HAS_SCIF) += scif-uart.o obj-$(CONFIG_HAS_EHCI) += ehci-dbgp.o +obj-$(CONFIG_HAS_IMX_LPUART) += imx-lpuart.o obj-$(CONFIG_ARM) += arm-uart.o obj-y += serial.o obj-$(CONFIG_XEN_GUEST) += xen_pv_console.o diff --git a/xen/drivers/char/imx-lpuart.c b/xen/drivers/char/imx-lpuart.c new file mode 100644 index 0000000000..2709136081 --- /dev/null +++ b/xen/drivers/char/imx-lpuart.c @@ -0,0 +1,275 @@ +/* + * xen/drivers/char/imx-lpuart.c + * + * Driver for i.MX LPUART. + * + * Peng Fan + * Copyright 2022 NXP + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#define imx_lpuart_read(uart, off) readl((uart)->regs + off) +#define imx_lpuart_write(uart, off, val) writel((val), (uart)->regs + off) + +static struct imx_lpuart { + uint32_t baud, clock_hz, data_bits, parity, stop_bits, fifo_size; + uint32_t irq; + char __iomem *regs; + struct irqaction irqaction; + struct vuart_info vuart; +} imx8_com; + +static void imx_lpuart_interrupt(int irq, void *data, + struct cpu_user_regs *regs) +{ + struct serial_port *port = data; + struct imx_lpuart *uart = port->uart; + uint32_t sts, rxcnt; + + sts = imx_lpuart_read(uart, UARTSTAT); + rxcnt = imx_lpuart_read(uart, UARTWATER) >> UARTWATER_RXCNT_OFF; + + if ( (sts & UARTSTAT_RDRF) || (rxcnt > 0) ) + serial_rx_interrupt(port, regs); + + if ( sts & UARTSTAT_TDRE ) + serial_tx_interrupt(port, regs); + + imx_lpuart_write(uart, UARTSTAT, sts); +} + +static void __init imx_lpuart_init_preirq(struct serial_port *port) +{ + struct imx_lpuart *uart = port->uart; + uint32_t ctrl, old_ctrl, bd; + + old_ctrl = imx_lpuart_read(uart, UARTCTRL); + ctrl = (old_ctrl & ~UARTCTRL_M) | UARTCTRL_TE | UARTCTRL_RE; + bd = imx_lpuart_read(uart, UARTBAUD); + + while ( !(imx_lpuart_read(uart, UARTSTAT) & UARTSTAT_TC) ) + cpu_relax(); + + /* Disable transmit and receive */ + imx_lpuart_write(uart, UARTCTRL, old_ctrl & ~(UARTCTRL_TE | UARTCTRL_RE)); + + /* Reuse firmware baudrate settings, only disable DMA here */ + bd &= ~(UARTBAUD_TDMAE | UARTBAUD_RDMAE); + + imx_lpuart_write(uart, UARTMODIR, 0); + imx_lpuart_write(uart, UARTBAUD, bd); + imx_lpuart_write(uart, UARTCTRL, ctrl); +} + +static void __init imx_lpuart_init_postirq(struct serial_port *port) +{ + struct imx_lpuart *uart = port->uart; + uint32_t temp; + + uart->irqaction.handler = imx_lpuart_interrupt; + uart->irqaction.name = "imx_lpuart"; + uart->irqaction.dev_id = port; + + if ( setup_irq(uart->irq, 0, &uart->irqaction) != 0 ) + { + dprintk(XENLOG_ERR, "Failed to allocate imx_lpuart IRQ %d\n", + uart->irq); + return; + } + + /* Enable interrupts */ + temp = imx_lpuart_read(uart, UARTCTRL); + temp |= (UARTCTRL_RIE | UARTCTRL_TIE); + temp |= UARTCTRL_ILIE; + imx_lpuart_write(uart, UARTCTRL, temp); +} + +static void imx_lpuart_suspend(struct serial_port *port) +{ + BUG(); +} + +static void imx_lpuart_resume(struct serial_port *port) +{ + BUG(); +} + +static int imx_lpuart_tx_ready(struct serial_port *port) +{ + struct imx_lpuart *uart = port->uart; + + return imx_lpuart_read(uart, UARTSTAT) & UARTSTAT_TC; +} + +static void imx_lpuart_putc(struct serial_port *port, char c) +{ + struct imx_lpuart *uart = port->uart; + + while ( !(imx_lpuart_read(uart, UARTSTAT) & UARTSTAT_TDRE) ) + cpu_relax(); + + imx_lpuart_write(uart, UARTDATA, c); +} + +static int imx_lpuart_getc(struct serial_port *port, char *pc) +{ + struct imx_lpuart *uart = port->uart; + int ch; + + while ( !(imx_lpuart_read(uart, UARTSTAT) & UARTSTAT_RDRF) ) + return 0; + + ch = imx_lpuart_read(uart, UARTDATA); + *pc = ch & 0xff; + + if ( imx_lpuart_read(uart, UARTSTAT) & UARTSTAT_OR ) + imx_lpuart_write(uart, UARTSTAT, UARTSTAT_OR); + + return 1; +} + +static int __init imx_lpuart_irq(struct serial_port *port) +{ + struct imx_lpuart *uart = port->uart; + + return ((uart->irq > 0) ? uart->irq : -1); +} + +static const struct vuart_info *imx_lpuart_vuart_info(struct serial_port *port) +{ + struct imx_lpuart *uart = port->uart; + + return &uart->vuart; +} + +static void imx_lpuart_start_tx(struct serial_port *port) +{ + struct imx_lpuart *uart = port->uart; + uint32_t temp; + + /* Wait until empty */ + while ( !(imx_lpuart_read(uart, UARTSTAT) & UARTSTAT_TDRE) ) + cpu_relax(); + + temp = imx_lpuart_read(uart, UARTCTRL); + imx_lpuart_write(uart, UARTCTRL, (temp | UARTCTRL_TIE)); +} + +static void imx_lpuart_stop_tx(struct serial_port *port) +{ + struct imx_lpuart *uart = port->uart; + uint32_t temp; + + temp = imx_lpuart_read(uart, UARTCTRL); + temp &= ~(UARTCTRL_TIE | UARTCTRL_TCIE); + imx_lpuart_write(uart, UARTCTRL, temp); +} + +static struct uart_driver __read_mostly imx_lpuart_driver = { + .init_preirq = imx_lpuart_init_preirq, + .init_postirq = imx_lpuart_init_postirq, + .endboot = NULL, + .suspend = imx_lpuart_suspend, + .resume = imx_lpuart_resume, + .tx_ready = imx_lpuart_tx_ready, + .putc = imx_lpuart_putc, + .getc = imx_lpuart_getc, + .irq = imx_lpuart_irq, + .start_tx = imx_lpuart_start_tx, + .stop_tx = imx_lpuart_stop_tx, + .vuart_info = imx_lpuart_vuart_info, +}; + +static int __init imx_lpuart_init(struct dt_device_node *dev, + const void *data) +{ + const char *config = data; + struct imx_lpuart *uart; + int res; + u64 addr, size; + + if ( strcmp(config, "") ) + printk("WARNING: UART configuration is not supported\n"); + + uart = &imx8_com; + + uart->baud = 115200; + uart->data_bits = 8; + uart->parity = 0; + uart->stop_bits = 1; + + res = dt_device_get_address(dev, 0, &addr, &size); + if ( res ) + { + printk("imx8-lpuart: Unable to retrieve the base" + " address of the UART\n"); + return res; + } + + res = platform_get_irq(dev, 0); + if ( res < 0 ) + { + printk("imx8-lpuart: Unable to retrieve the IRQ\n"); + return -EINVAL; + } + uart->irq = res; + + uart->regs = ioremap_nocache(addr, size); + if ( !uart->regs ) + { + printk("imx8-lpuart: Unable to map the UART memory\n"); + return -ENOMEM; + } + + uart->vuart.base_addr = addr; + uart->vuart.size = size; + uart->vuart.data_off = UARTDATA; + /* tmp from uboot */ + uart->vuart.status_off = UARTSTAT; + uart->vuart.status = UARTSTAT_TDRE; + + /* Register with generic serial driver */ + serial_register_uart(SERHND_DTUART, &imx_lpuart_driver, uart); + + dt_device_set_used_by(dev, DOMID_XEN); + + return 0; +} + +static const struct dt_device_match imx_lpuart_dt_compat[] __initconst = +{ + DT_MATCH_COMPATIBLE("fsl,imx8qm-lpuart"), + { /* sentinel */ }, +}; + +DT_DEVICE_START(imx_lpuart, "i.MX LPUART", DEVICE_SERIAL) + .dt_match = imx_lpuart_dt_compat, + .init = imx_lpuart_init, +DT_DEVICE_END + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 20 00:44:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Apr 2022 00:44:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.308534.524320 (Exim 4.92) (envelope-from ) id 1ngySI-0003f4-0e; Wed, 20 Apr 2022 00:44:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 308534.524320; Wed, 20 Apr 2022 00:44:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngySH-0003ew-U1; Wed, 20 Apr 2022 00:44:25 +0000 Received: by outflank-mailman (input) for mailman id 308534; Wed, 20 Apr 2022 00:44:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngySH-0003em-3D for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 00:44:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ngySH-0003wt-2T for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 00:44:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ngySH-0001Om-1S for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 00:44:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+eOZlVh8VK3TzZtG3s6GxkD6pGseKobyTmOrSKDTI5U=; b=0OtxB8k3JKmKZtCwXVyhvd3LWp udc1SDBf2++uFtM7n9Y/Z4WAjr1xrdWBthm0Fqlq22wKAXA1tIzqHQ1Hi4jSyPN8ix1//pgNYijAE GD04U1+MkCqB4jFPzndVrt/nBMGm/tZ5SgU6OKMuymdn5PVKjS2gbz3RU84b2w2jF3UI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Add i.MX lpuart early printk support Message-Id: Date: Wed, 20 Apr 2022 00:44:25 +0000 commit e9935146cd695188e70c10a6dda9f24ef9b63e30 Author: Peng Fan AuthorDate: Tue Apr 19 12:39:27 2022 +0800 Commit: Stefano Stabellini CommitDate: Tue Apr 19 17:38:53 2022 -0700 xen/arm: Add i.MX lpuart early printk support Signed-off-by: Peng Fan Reviewed-by: Michal Orzel Acked-by: Bertrand Marquis Acked-by: Stefano Stabellini --- xen/arch/arm/Kconfig.debug | 14 ++++++++++ xen/arch/arm/arm64/debug-imx-lpuart.inc | 48 +++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/xen/arch/arm/Kconfig.debug b/xen/arch/arm/Kconfig.debug index 35ccd13273..842d768280 100644 --- a/xen/arch/arm/Kconfig.debug +++ b/xen/arch/arm/Kconfig.debug @@ -58,6 +58,16 @@ choice This option is preferred over the platform specific options; the platform specific options are deprecated and will soon be removed. + config EARLY_UART_CHOICE_IMX_LPUART + select EARLY_UART_IMX_LPUART + depends on ARM_64 + bool "Early printk via i.MX LPUART" + help + Say Y here if you wish the early printk to direct their + output to a i.MX LPUART. You can use this option to + provide the parameters for the i.MX LPUART rather than + selecting one of the platform specific options below if + you know the parameters for the port. config EARLY_UART_CHOICE_MESON select EARLY_UART_MESON depends on ARM_64 @@ -186,6 +196,9 @@ config EARLY_UART_CADENCE config EARLY_UART_EXYNOS4210 select EARLY_PRINTK bool +config EARLY_UART_IMX_LPUART + select EARLY_PRINTK + bool config EARLY_UART_MESON select EARLY_PRINTK bool @@ -283,6 +296,7 @@ config EARLY_PRINTK_INC default "debug-8250.inc" if EARLY_UART_8250 default "debug-cadence.inc" if EARLY_UART_CADENCE default "debug-exynos4210.inc" if EARLY_UART_EXYNOS4210 + default "debug-imx-lpuart.inc" if EARLY_UART_IMX_LPUART default "debug-meson.inc" if EARLY_UART_MESON default "debug-mvebu.inc" if EARLY_UART_MVEBU default "debug-pl011.inc" if EARLY_UART_PL011 diff --git a/xen/arch/arm/arm64/debug-imx-lpuart.inc b/xen/arch/arm/arm64/debug-imx-lpuart.inc new file mode 100644 index 0000000000..b169332932 --- /dev/null +++ b/xen/arch/arm/arm64/debug-imx-lpuart.inc @@ -0,0 +1,48 @@ +/* + * xen/arch/arm/arm64/debug-imx-lpuart.inc + * + * i.MX8QM specific debug code + * + * Peng Fan + * Copyright 2022 NXP + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include + +/* + * Wait LPUART to be ready to transmit + * rb: register which contains the UART base address + * rc: scratch register + */ +.macro early_uart_ready xb, c +1: + ldr w\c, [\xb, #UARTSTAT] /* <- Flag register */ + tst w\c, #UARTSTAT_TDRE /* Check FIFO EMPTY bit */ + beq 1b /* Wait for the UART to be ready */ +.endm + +/* + * LPUART transmit character + * rb: register which contains the UART base address + * rt: register which contains the character to transmit + */ +.macro early_uart_transmit xb, wt + str \wt, [\xb, #UARTDATA] /* -> Data Register */ +.endm + +/* + * Local variables: + * mode: ASM + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 20 08:55:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Apr 2022 08:55:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.309011.524972 (Exim 4.92) (envelope-from ) id 1nh675-0005Om-1S; Wed, 20 Apr 2022 08:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 309011.524972; Wed, 20 Apr 2022 08:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh674-0005Oe-Ur; Wed, 20 Apr 2022 08:55:02 +0000 Received: by outflank-mailman (input) for mailman id 309011; Wed, 20 Apr 2022 08:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh674-0005OV-4y for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh674-0003UZ-3G for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nh674-0007Ft-2S for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=q5FpBOWvo1W+SatGQgT1X4DWM47dHKme/5w2p8WxqpA=; b=yGCpnwGffCX+UFzU6jHz0fMTea Syvq/8jGOmHKJTF3UNLedl9of5srYvfAqgGv4qHApoaiBqsBMEkBMN8vCcfUFDJoZw4cL+d2lB5z5 RGkjOGFw/ILG9t6tZie27cC+PhjigtxW3/ZivzTO9nLgL2w9AIUeQqDrJs5Fp2y2yM+I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: fix XEN_DOMCTL_gdbsx_guestmemio crash Message-Id: Date: Wed, 20 Apr 2022 08:55:02 +0000 commit f00daf1fb3213a9b0335d9dcd90fe9cb5c02b7a9 Author: Juergen Gross AuthorDate: Tue Apr 19 15:52:52 2022 +0200 Commit: Andrew Cooper CommitDate: Tue Apr 19 17:07:08 2022 +0100 xen: fix XEN_DOMCTL_gdbsx_guestmemio crash A hypervisor built without CONFIG_GDBSX will crash in case the XEN_DOMCTL_gdbsx_guestmemio domctl is being called, as the call will end up in iommu_do_domctl() with d == NULL: (XEN) CPU: 6 (XEN) RIP: e008:[] iommu_do_domctl+0x4/0x30 (XEN) RFLAGS: 0000000000010202 CONTEXT: hypervisor (d0v0) (XEN) rax: 00000000000003e8 rbx: ffff830856277ef8 rcx: ffff830856277fff ... (XEN) Xen call trace: (XEN) [] R iommu_do_domctl+0x4/0x30 (XEN) [] S arch_do_domctl+0x7f/0x2330 (XEN) [] S do_domctl+0xe56/0x1930 (XEN) [] S do_domctl+0/0x1930 (XEN) [] S pv_hypercall+0x99/0x110 (XEN) [] S arch/x86/pv/domain.c#_toggle_guest_pt+0x11/0x90 (XEN) [] S lstar_enter+0x128/0x130 (XEN) (XEN) Pagetable walk from 0000000000000144: (XEN) L4[0x000] = 0000000000000000 ffffffffffffffff (XEN) (XEN) **************************************** (XEN) Panic on CPU 6: (XEN) FATAL PAGE FAULT (XEN) [error_code=0000] (XEN) Faulting linear address: 0000000000000144 (XEN) **************************************** It used to be permitted to pass DOMID_IDLE to dbg_rw_mem(), which is why the special case skipping the domid checks exists. Now that it is only permitted to pass proper domids, remove the special case, making 'd' always valid. Reported-by: Cheyenne Wills Fixes: e726a82ca0dc ("xen: make gdbsx support configurable") Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/common/domctl.c | 1 - 1 file changed, 1 deletion(-) diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 57135d4478..5879117580 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -308,7 +308,6 @@ long cf_check do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) if ( op->domain == DOMID_INVALID ) { case XEN_DOMCTL_createdomain: - case XEN_DOMCTL_gdbsx_guestmemio: d = NULL; break; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 20 08:55:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Apr 2022 08:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.309016.524988 (Exim 4.92) (envelope-from ) id 1nh67F-0005jb-CJ; Wed, 20 Apr 2022 08:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 309016.524988; Wed, 20 Apr 2022 08:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67F-0005jR-9F; Wed, 20 Apr 2022 08:55:13 +0000 Received: by outflank-mailman (input) for mailman id 309016; Wed, 20 Apr 2022 08:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67E-0005ir-77 for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67E-0003Us-6R for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nh67E-0007Gn-5S for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=c1ohFAmJ7l4VJ0Ovoybkpkv6P8sntNXYt+4ZftOgWPg=; b=BTBxeWSXgwoxUnW97kcegtyL3R WDE7TH2nipRi+2WRpHaHPbOdr9Epv1QJiOJ9X/0s9k/vwp6yxKDd3XuGLKxbkohc3KokqbwFl8JzD KgdL4u5dbQFCwTmcnMg6PzTu6LOM42VESYSeR14T3GeXDece8UjQ++RGuikgllyCHlGI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: cleanup gdbsx_guest_mem_io() call Message-Id: Date: Wed, 20 Apr 2022 08:55:12 +0000 commit 2ce9afd68e0bacc15b5570a983fa626cc4de9dbd Author: Juergen Gross AuthorDate: Tue Apr 19 15:52:53 2022 +0200 Commit: Andrew Cooper CommitDate: Tue Apr 19 17:10:15 2022 +0100 xen: cleanup gdbsx_guest_mem_io() call Modify the gdbsx_guest_mem_io() interface to take the already known domain pointer as parameter instead of the domid. This enables to remove some more code further down the call tree. Suggested-by: Jan Beulich Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/debug.c | 12 +++--------- xen/arch/x86/domctl.c | 6 +++--- xen/arch/x86/include/asm/debugger.h | 2 +- 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/debug.c b/xen/arch/x86/debug.c index d16f6e6f8d..91034a852e 100644 --- a/xen/arch/x86/debug.c +++ b/xen/arch/x86/debug.c @@ -158,17 +158,11 @@ static unsigned int dbg_rw_guest_mem(struct domain *dp, unsigned long addr, * Returns: number of bytes remaining to be copied. */ unsigned int dbg_rw_mem(unsigned long gva, XEN_GUEST_HANDLE_PARAM(void) buf, - unsigned int len, domid_t domid, bool toaddr, + unsigned int len, struct domain *d, bool toaddr, uint64_t pgd3) { - struct domain *d = rcu_lock_domain_by_id(domid); - - if ( d ) - { - if ( !d->is_dying ) - len = dbg_rw_guest_mem(d, gva, buf, len, toaddr, pgd3); - rcu_unlock_domain(d); - } + if ( d && !d->is_dying ) + len = dbg_rw_guest_mem(d, gva, buf, len, toaddr, pgd3); return len; } diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index e49f9e91b9..a6aae500a3 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -38,10 +38,10 @@ #include #ifdef CONFIG_GDBSX -static int gdbsx_guest_mem_io(domid_t domid, struct xen_domctl_gdbsx_memio *iop) +static int gdbsx_guest_mem_io(struct domain *d, struct xen_domctl_gdbsx_memio *iop) { iop->remain = dbg_rw_mem(iop->gva, guest_handle_from_ptr(iop->uva, void), - iop->len, domid, iop->gwr, iop->pgd3val); + iop->len, d, iop->gwr, iop->pgd3val); return iop->remain ? -EFAULT : 0; } @@ -828,7 +828,7 @@ long arch_do_domctl( #ifdef CONFIG_GDBSX case XEN_DOMCTL_gdbsx_guestmemio: domctl->u.gdbsx_guest_memio.remain = domctl->u.gdbsx_guest_memio.len; - ret = gdbsx_guest_mem_io(domctl->domain, &domctl->u.gdbsx_guest_memio); + ret = gdbsx_guest_mem_io(d, &domctl->u.gdbsx_guest_memio); if ( !ret ) copyback = true; break; diff --git a/xen/arch/x86/include/asm/debugger.h b/xen/arch/x86/include/asm/debugger.h index 99803bfd0c..221bcde137 100644 --- a/xen/arch/x86/include/asm/debugger.h +++ b/xen/arch/x86/include/asm/debugger.h @@ -94,7 +94,7 @@ static inline bool debugger_trap_entry( #ifdef CONFIG_GDBSX unsigned int dbg_rw_mem(unsigned long gva, XEN_GUEST_HANDLE_PARAM(void) buf, - unsigned int len, domid_t domid, bool toaddr, + unsigned int len, struct domain *d, bool toaddr, uint64_t pgd3); #endif -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 20 08:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Apr 2022 08:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.309019.524992 (Exim 4.92) (envelope-from ) id 1nh67S-0005tn-ET; Wed, 20 Apr 2022 08:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 309019.524992; Wed, 20 Apr 2022 08:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67S-0005tg-BU; Wed, 20 Apr 2022 08:55:26 +0000 Received: by outflank-mailman (input) for mailman id 309019; Wed, 20 Apr 2022 08:55:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67R-0005ry-8U for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67R-0003V8-7h for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nh67R-0007S6-6r for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qhjDR7XzqUpL69Sw6uNY/DDysCuX5aJBZjXsSNPQ3Ak=; b=rM5HQypOintHKr1FLCHsy+JWNm V6OugQFzmWmbYB30xuPqyuDXRsfgyMhx+mVDiiA8HSfqt3n3nHanJQEatqUu2VJfShvuRXIbOne2I 0kKu6vtyT9RAfp/+B3sU8pwAKWlo5l+xRSbgvzK8EToANPI9fAJzIBqYcg47aHvCP2wg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] include/public: add command result definitions to vscsiif.h Message-Id: Date: Wed, 20 Apr 2022 08:55:25 +0000 commit 075817681c2e9cc1d0d9ac51e45f7a7dd86123f6 Author: Juergen Gross AuthorDate: Wed Apr 20 10:51:26 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 20 10:51:26 2022 +0200 include/public: add command result definitions to vscsiif.h The result field of struct vscsiif_response is lacking a detailed definition. Today the Linux kernel internal scsi definitions are being used, which is not a sane interface for a PV device driver. Add macros to change that by using today's values in the XEN namespace. Signed-off-by: Juergen Gross Reviewed-by: Luca Fancellu --- xen/include/public/io/vscsiif.h | 51 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/xen/include/public/io/vscsiif.h b/xen/include/public/io/vscsiif.h index c9ceb1884d..8553b17cc6 100644 --- a/xen/include/public/io/vscsiif.h +++ b/xen/include/public/io/vscsiif.h @@ -315,6 +315,57 @@ struct vscsiif_response { }; typedef struct vscsiif_response vscsiif_response_t; +/* SCSI I/O status from vscsiif_response->rslt */ +#define XEN_VSCSIIF_RSLT_STATUS(x) ((x) & 0x00ff) + +/* Host I/O status from vscsiif_response->rslt */ +#define XEN_VSCSIIF_RSLT_HOST(x) (((x) & 0x00ff0000) >> 16) +#define XEN_VSCSIIF_RSLT_HOST_OK 0 +/* Couldn't connect before timeout */ +#define XEN_VSCSIIF_RSLT_HOST_NO_CONNECT 1 +/* Bus busy through timeout */ +#define XEN_VSCSIIF_RSLT_HOST_BUS_BUSY 2 +/* Timed out for other reason */ +#define XEN_VSCSIIF_RSLT_HOST_TIME_OUT 3 +/* Bad target */ +#define XEN_VSCSIIF_RSLT_HOST_BAD_TARGET 4 +/* Abort for some other reason */ +#define XEN_VSCSIIF_RSLT_HOST_ABORT 5 +/* Parity error */ +#define XEN_VSCSIIF_RSLT_HOST_PARITY 6 +/* Internal error */ +#define XEN_VSCSIIF_RSLT_HOST_ERROR 7 +/* Reset by somebody */ +#define XEN_VSCSIIF_RSLT_HOST_RESET 8 +/* Unexpected interrupt */ +#define XEN_VSCSIIF_RSLT_HOST_BAD_INTR 9 +/* Force command past mid-layer */ +#define XEN_VSCSIIF_RSLT_HOST_PASSTHROUGH 10 +/* Retry requested */ +#define XEN_VSCSIIF_RSLT_HOST_SOFT_ERROR 11 +/* Hidden retry requested */ +#define XEN_VSCSIIF_RSLT_HOST_IMM_RETRY 12 +/* Requeue command requested */ +#define XEN_VSCSIIF_RSLT_HOST_REQUEUE 13 +/* Transport error disrupted I/O */ +#define XEN_VSCSIIF_RSLT_HOST_TRANSPORT_DISRUPTED 14 +/* Transport class fastfailed */ +#define XEN_VSCSIIF_RSLT_HOST_TRANSPORT_FAILFAST 15 +/* Permanent target failure */ +#define XEN_VSCSIIF_RSLT_HOST_TARGET_FAILURE 16 +/* Permanent nexus failure on path */ +#define XEN_VSCSIIF_RSLT_HOST_NEXUS_FAILURE 17 +/* Space allocation on device failed */ +#define XEN_VSCSIIF_RSLT_HOST_ALLOC_FAILURE 18 +/* Medium error */ +#define XEN_VSCSIIF_RSLT_HOST_MEDIUM_ERROR 19 +/* Transport marginal errors */ +#define XEN_VSCSIIF_RSLT_HOST_TRANSPORT_MARGINAL 20 + +/* Result values of reset operations */ +#define XEN_VSCSIIF_RSLT_RESET_SUCCESS 0x2002 +#define XEN_VSCSIIF_RSLT_RESET_FAILED 0x2003 + DEFINE_RING_TYPES(vscsiif, struct vscsiif_request, struct vscsiif_response); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 20 08:55:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Apr 2022 08:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.309020.524996 (Exim 4.92) (envelope-from ) id 1nh67c-000619-G3; Wed, 20 Apr 2022 08:55:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 309020.524996; Wed, 20 Apr 2022 08:55:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67c-000611-DF; Wed, 20 Apr 2022 08:55:36 +0000 Received: by outflank-mailman (input) for mailman id 309020; Wed, 20 Apr 2022 08:55:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67b-00060n-Bs for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67b-0003VT-B8 for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nh67b-0007Sz-AE for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ty/y1e6gyWmR6HgNWtc5Kdv7a7aL/EsVF3dDGOnL5Cs=; b=Xr4K4d0We8Rxuh35p50ubgGF1u ooHbcJ/zd246vdlsHW0GJ7447otKMS7mqSlie1ug2BEczfs9pJ/O4VkBHch7HREu+nVhN8At7PH3D E79wgwDNdhtxlI75Dl7ehrRDBO+DMPibq5vZZ6fR4bokoJGIGOV/BGaS0O5aU9DvB/vo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU/x86: drop locking from quarantine_init() hooks Message-Id: Date: Wed, 20 Apr 2022 08:55:35 +0000 commit 02b0e2d0303869a222bb8c2a888756394e99d15b Author: Jan Beulich AuthorDate: Wed Apr 20 10:52:13 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 20 10:52:13 2022 +0200 IOMMU/x86: drop locking from quarantine_init() hooks Prior extension of these functions to enable per-device quarantine page tables already didn't add more locking there, but merely left in place what had been there before. But really locking is unnecessary here: We're running with pcidevs_lock held (i.e. multiple invocations of the same function [or their teardown equivalents] are impossible, and hence there are no "local" races), while all consuming of the data being populated here can't race anyway due to happening sequentially afterwards, and unlike ordinary domains' page tables quarantine ones are never modified once fully constructed. See also the comment in struct arch_pci_dev. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian --- xen/drivers/passthrough/amd/iommu_map.c | 4 ---- xen/drivers/passthrough/vtd/iommu.c | 4 ---- 2 files changed, 8 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 1f5eae9b7d..6d42bcea0e 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -699,15 +699,11 @@ int cf_check amd_iommu_quarantine_init(struct pci_dev *pdev, bool scratch_page) union amd_iommu_pte *root; struct page_info *pgs[IOMMU_MAX_PT_LEVELS] = {}; - spin_lock(&hd->arch.mapping_lock); - root = __map_domain_page(pdev->arch.amd.root_table); rc = fill_qpt(root, level - 1, pgs); unmap_domain_page(root); pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); - - spin_unlock(&hd->arch.mapping_lock); } page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 42b76af73f..dbff56fe6a 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -3054,15 +3054,11 @@ static int cf_check intel_iommu_quarantine_init(struct pci_dev *pdev, struct dma_pte *root; struct page_info *pgs[6] = {}; - spin_lock(&hd->arch.mapping_lock); - root = map_vtd_domain_page(pdev->arch.vtd.pgd_maddr); rc = fill_qpt(root, level - 1, pgs); unmap_vtd_domain_page(root); pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); - - spin_unlock(&hd->arch.mapping_lock); } page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 20 08:55:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Apr 2022 08:55:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.309022.525000 (Exim 4.92) (envelope-from ) id 1nh67m-000653-HZ; Wed, 20 Apr 2022 08:55:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 309022.525000; Wed, 20 Apr 2022 08:55:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67m-00064v-Eh; Wed, 20 Apr 2022 08:55:46 +0000 Received: by outflank-mailman (input) for mailman id 309022; Wed, 20 Apr 2022 08:55:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67l-00064d-Er for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67l-0003Vt-E7 for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nh67l-0007Ti-DC for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YOwpc7QrrGRh31kPCUuI4g4Luwg5/U4VekoLNBPS918=; b=1v4W1BfujZbhokgSE5COomqQCc c9/kwrHRdzcENksyfSgzQlKY/biZKQu8RAGP5aJSSGEQ69cUQqJAAH9MkrEuRVhH0SASz5AxWLmku cvKk7X0u65CFl2eBBlUdfosIAyUPirUQk4iiTv9LV0eiQRbDqC4oIHABNAg+PkXITkS8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: drop ROOT_ENTRY_NR Message-Id: Date: Wed, 20 Apr 2022 08:55:45 +0000 commit d94a9973794c2fb8c754be0cdd9ffe0edf1b0a8b Author: Jan Beulich AuthorDate: Wed Apr 20 10:53:19 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 20 10:53:19 2022 +0200 VT-d: drop ROOT_ENTRY_NR It's not only misplaced, but entirely unused. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.h | 1 - 1 file changed, 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index aca055f577..09ec09fe27 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -204,7 +204,6 @@ struct context_entry { __uint128_t full; }; }; -#define ROOT_ENTRY_NR (PAGE_SIZE_4K/sizeof(struct root_entry)) #define context_present(c) ((c).lo & 1) #define context_fault_disable(c) (((c).lo >> 1) & 1) #define context_translation_type(c) (((c).lo >> 2) & 3) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 20 08:55:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Apr 2022 08:55:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.309024.525005 (Exim 4.92) (envelope-from ) id 1nh67w-0006AQ-JR; Wed, 20 Apr 2022 08:55:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 309024.525005; Wed, 20 Apr 2022 08:55:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67w-0006AI-GA; Wed, 20 Apr 2022 08:55:56 +0000 Received: by outflank-mailman (input) for mailman id 309024; Wed, 20 Apr 2022 08:55:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67v-0006A2-Hk for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh67v-0003Vx-H4 for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nh67v-0007UJ-GI for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:55:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KjDpWzI3oRPSbGg1C0v8qyZphKD0jkRjZpudxZ5xExA=; b=gtGPmw+SI6mZGIV7xHs7SUR7f0 HPWyaalGH5ZSskZ1jPprdkOw9Qr0fbMKYEPkMTJYVhXEuDYOdoQ6CoWE6KhM9/05RJJL0ka+S/aMK SdCRw+WIBumorHgvaXTgYf2UnFZgTlxczpbMcssXGbTlGrn0NT6LB9JPWpGlwzDKj9Vs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: plug memory leaks in iommu_alloc() Message-Id: Date: Wed, 20 Apr 2022 08:55:55 +0000 commit 376f0c1b69a626b45bb9d418517d0e17f9df474b Author: Jan Beulich AuthorDate: Wed Apr 20 10:53:57 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 20 10:53:57 2022 +0200 VT-d: plug memory leaks in iommu_alloc() While 97af062b89d5 ("IOMMU/x86: maintain a per-device pseudo domain ID") took care of not making things worse, plugging pre-existing leaks wasn't the purpose of that change; they're not security relevant after all. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index dbff56fe6a..1e309dedf4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1238,8 +1238,9 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) drhd->iommu = iommu; iommu->reg = ioremap(drhd->address, PAGE_SIZE); + rc = -ENOMEM; if ( !iommu->reg ) - return -ENOMEM; + goto free; iommu->index = nr_iommus++; iommu->cap = dmar_readq(iommu->reg, DMAR_CAP_REG); @@ -1260,8 +1261,9 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) printk(VTDPREFIX "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap); } + rc = -ENODEV; if ( !(iommu->cap + 1) || !(iommu->ecap + 1) ) - return -ENODEV; + goto free; quirk_iommu_caps(iommu); @@ -1272,7 +1274,8 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { printk(XENLOG_ERR VTDPREFIX "IOMMU: unsupported\n"); print_iommu_regs(drhd); - return -ENODEV; + rc = -ENODEV; + goto free; } /* Calculate number of pagetable levels: 3 or 4. */ @@ -1283,7 +1286,8 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { printk(XENLOG_ERR VTDPREFIX "IOMMU: unsupported sagaw %x\n", sagaw); print_iommu_regs(drhd); - return -ENODEV; + rc = -ENODEV; + goto free; } iommu->nr_pt_levels = agaw_to_level(agaw); @@ -1298,8 +1302,9 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) iommu->domid_bitmap = xzalloc_array(unsigned long, BITS_TO_LONGS(nr_dom)); iommu->domid_map = xzalloc_array(domid_t, nr_dom); + rc = -ENOMEM; if ( !iommu->domid_bitmap || !iommu->domid_map ) - return -ENOMEM; + goto free; /* * If Caching mode is set, then invalid translations are tagged -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 20 08:56:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Apr 2022 08:56:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.309025.525008 (Exim 4.92) (envelope-from ) id 1nh686-0006F9-M0; Wed, 20 Apr 2022 08:56:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 309025.525008; Wed, 20 Apr 2022 08:56:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh686-0006F1-J5; Wed, 20 Apr 2022 08:56:06 +0000 Received: by outflank-mailman (input) for mailman id 309025; Wed, 20 Apr 2022 08:56:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh685-0006Ep-Km for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:56:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh685-0003WJ-K3 for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:56:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nh685-0007VO-JF for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:56:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WA2S2BTl/caE2grxRGSpuasLClYEJXoqv/iR6jdMS2o=; b=VgTFygamJ6UkzGV05//cVsiUI2 Eab3QH2KGlPLPUYp/hlEQl5n97nzqcRY1IEqnuNKz0EUcC+QSORRxmBL3JXua9KterBlgx+xJtgVu VAtDkl8gaM9pGS7tsaHIQEzulR8ItCLxl3SkfGsIFEEFLZH0EWU/sL9M8rE1DjGIinNA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: refuse to use IOMMU with reserved CAP.ND value Message-Id: Date: Wed, 20 Apr 2022 08:56:05 +0000 commit a1545fbf45c689aff39ce76a6eaa609d32ef72a7 Author: Jan Beulich AuthorDate: Wed Apr 20 10:54:26 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 20 10:54:26 2022 +0200 VT-d: refuse to use IOMMU with reserved CAP.ND value The field taking the value 7 (resulting in 18-bit DIDs when using the calculation in cap_ndoms(), when the DID fields are only 16 bits wide) is reserved. Instead of misbehaving in case we would encounter such an IOMMU, refuse to use it. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 1e309dedf4..657e805987 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1267,8 +1267,11 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) quirk_iommu_caps(iommu); + nr_dom = cap_ndoms(iommu->cap); + if ( cap_fault_reg_offset(iommu->cap) + cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN > PAGE_SIZE || + ((nr_dom - 1) >> 16) /* I.e. cap.nd > 6 */ || (has_register_based_invalidation(iommu) && ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE) ) { @@ -1294,8 +1297,6 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) if ( !ecap_coherent(iommu->ecap) ) iommu_non_coherent = true; - nr_dom = cap_ndoms(iommu->cap); - if ( nr_dom <= DOMID_MASK * 2 + cap_caching_mode(iommu->cap) ) { /* Allocate domain id (bit) maps. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 20 08:56:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Apr 2022 08:56:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.309026.525012 (Exim 4.92) (envelope-from ) id 1nh68H-0006J3-Nq; Wed, 20 Apr 2022 08:56:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 309026.525012; Wed, 20 Apr 2022 08:56:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh68H-0006Iv-KY; Wed, 20 Apr 2022 08:56:17 +0000 Received: by outflank-mailman (input) for mailman id 309026; Wed, 20 Apr 2022 08:56:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh68F-0006Ic-P9 for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:56:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nh68F-0003WR-OD for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:56:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nh68F-0007WI-NN for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 08:56:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=cmVzPVfDtZfryM9XGuY3PP2tF4tAMkNFonhLWhDKaA0=; b=Xz/ZQ4IRCFN/iyVLPUTKLYebce 6z87CWfwBi5xX0c/EsjU91qNu2J4XxoWGpZJoZU0HF/aaQuU3fUeJDs0Kh3tiqNhaMzLoncLp8rYR 3GosAR9SwvpK3qjTZQpmkiqwfV3yKLp0o72n7AzAVHuCNDq8ba0zDUwKZRVYttZ0WewE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mm: avoid inadvertently degrading a TLB flush to local only Message-Id: Date: Wed, 20 Apr 2022 08:56:15 +0000 commit 78e072bc375043e81691a59454e09f0b38241ddd Author: David Vrabel AuthorDate: Wed Apr 20 10:55:01 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 20 10:55:01 2022 +0200 x86/mm: avoid inadvertently degrading a TLB flush to local only If the direct map is incorrectly modified with interrupts disabled, the required TLB flushes are degraded to flushing the local CPU only. This could lead to very hard to diagnose problems as different CPUs will end up with different views of memory. Although, no such issues have yet been identified. Change the check in the flush_area() macro to look at system_state instead. This defers the switch from local to all later in the boot (see xen/arch/x86/setup.c:__start_xen()). This is fine because additional PCPUs are not brought up until after the system state is SYS_STATE_smp_boot. Signed-off-by: David Vrabel Reviewed-by: Jan Beulich --- xen/arch/x86/mm.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index c271e383b5..72dbce43b1 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -5071,11 +5071,10 @@ l1_pgentry_t *virt_to_xen_l1e(unsigned long v) #define lNf_to_l1f(f) (((f) & _PAGE_PRESENT) ? ((f) & ~_PAGE_PSE) : (f)) /* - * map_pages_to_xen() can be called with interrupts disabled during - * early bootstrap. In this case it is safe to use flush_area_local() - * and avoid locking because only the local CPU is online. + * map_pages_to_xen() can be called early in boot before any other + * CPUs are online. Use flush_area_local() in this case. */ -#define flush_area(v,f) (!local_irq_is_enabled() ? \ +#define flush_area(v,f) (system_state < SYS_STATE_smp_boot ? \ flush_area_local((const void *)v, f) : \ flush_area_all((const void *)v, f)) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 20 18:22:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Apr 2022 18:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.309557.525884 (Exim 4.92) (envelope-from ) id 1nhExq-0005R0-R2; Wed, 20 Apr 2022 18:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 309557.525884; Wed, 20 Apr 2022 18:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhExq-0005Qs-O3; Wed, 20 Apr 2022 18:22:06 +0000 Received: by outflank-mailman (input) for mailman id 309557; Wed, 20 Apr 2022 18:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhExo-0005Qm-Tf for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 18:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhExo-00063a-PZ for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 18:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhExo-0006IA-OP for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 18:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OovyOELWNDeJfZdaeAXqivcir2gljXibRlNYwYpbw8U=; b=RJR4IsgVZ2/J2JW/LM8DvN7WIL GswIkW5dgkZhbxwUI8yzj+wQT2RTD/SMQq+s3F6N4ZL5biEJhIwAYjVH5Qavy4ow1XWvLSc6IvOSV u53T1WlSgxPbspencsquJ7nx/AkwC3usTDLAHzVo5hjLsXiR08W2dFjxr5Waoj5TgpQQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/build: Fix dependency for the MAP rule Message-Id: Date: Wed, 20 Apr 2022 18:22:04 +0000 commit e1e72198213b80b7a82bdc90f96ed05ae4f53e20 Author: Andrew Cooper AuthorDate: Thu Apr 14 17:04:54 2022 +0100 Commit: Andrew Cooper CommitDate: Wed Apr 20 19:10:59 2022 +0100 xen/build: Fix dependency for the MAP rule Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index dd05672ff4..3a4e3bdd0f 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -599,7 +599,7 @@ cscope: cscope -k -b -q .PHONY: _MAP -_MAP: +_MAP: $(TARGET) $(NM) -n $(TARGET)-syms | grep -v '\(compiled\)\|\(\.o$$\)\|\( [aUw] \)\|\(\.\.ng$$\)\|\(LASH[RL]DI\)' > System.map %.o %.i %.s: %.c tools_fixdep FORCE -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 20 18:22:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Apr 2022 18:22:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.309558.525888 (Exim 4.92) (envelope-from ) id 1nhEy0-0005T6-SO; Wed, 20 Apr 2022 18:22:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 309558.525888; Wed, 20 Apr 2022 18:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhEy0-0005Sy-PX; Wed, 20 Apr 2022 18:22:16 +0000 Received: by outflank-mailman (input) for mailman id 309558; Wed, 20 Apr 2022 18:22:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhExy-0005Sh-Uk for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 18:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhExy-00063f-Tt for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 18:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhExy-0006In-Rm for xen-changelog@lists.xenproject.org; Wed, 20 Apr 2022 18:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qs3GhDDc+M711SUi7cUTBdE4TKS9D/sxJsgqP4KOWJY=; b=D5NGV+JbD4zKVoo1uNHveeCKyb WQ/Myej3ROnGsZFvY/+ZKGfb9k/ANaDWie8moH0Y0qnhQyxi3GqGsJqPt6Jp0lMrksfmyTMpmQI3O ennNdWf5N6SXOop0Ioc0ny6i0qPll+LoVHkwA9M72LOlFnQ8tZGmm3we+zlQnl0y3AaE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/build: Rework binary conversion for boot/{cmdline,reloc}.c Message-Id: Date: Wed, 20 Apr 2022 18:22:14 +0000 commit fdef107edd4459375f9c0e6e377f30e82d498747 Author: Andrew Cooper AuthorDate: Thu Apr 14 10:33:01 2022 +0100 Commit: Andrew Cooper CommitDate: Wed Apr 20 19:11:48 2022 +0100 x86/build: Rework binary conversion for boot/{cmdline,reloc}.c There is no need to opencode .got.plt size check; it can be done with linker asserts instead. Extend the checking to all dynamic linkage sections, and drop the $(OBJDUMP) pass. Furthermore, instead of removing .got.plt specifically, take only .text when converting to a flat binary. This makes the process invariant of .text's position relative to the start of the binary, which avoids needing to discard all sections, and removes the need to work around sections that certain linkers are unhappy discarding. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/boot/Makefile | 13 +--------- xen/arch/x86/boot/build32.lds | 58 +++++++++++++++++++------------------------ 2 files changed, 26 insertions(+), 45 deletions(-) diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index 784655f5e2..a5dd094836 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -28,19 +28,8 @@ $(head-srcs): %.S: %.bin (od -v -t x $< | tr -s ' ' | awk 'NR > 1 {print s} {s=$$0}' | \ sed 's/ /,0x/g' | sed 's/,0x$$//' | sed 's/^[0-9]*,/ .long /') >$@ -# Drop .got.plt during conversion to plain binary format. -# Please check build32.lds for more details. %.bin: %.lnk - $(OBJDUMP) -h $< | sed -n '/[0-9]/{s,00*,0,g;p;}' | \ - while read idx name sz rest; do \ - case "$$name" in \ - .got.plt) \ - test $$sz != 0c || continue; \ - echo "Error: non-empty $$name: 0x$$sz" >&2; \ - exit $$(expr $$idx + 1);; \ - esac; \ - done - $(OBJCOPY) -O binary -R .got.plt $< $@ + $(OBJCOPY) -j .text -O binary $< $@ %.lnk: %.o $(src)/build32.lds $(LD) $(subst x86_64,i386,$(LDFLAGS_DIRECT)) -N -T $(filter %.lds,$^) -o $@ $< diff --git a/xen/arch/x86/boot/build32.lds b/xen/arch/x86/boot/build32.lds index 1ab9418793..56edaa727b 100644 --- a/xen/arch/x86/boot/build32.lds +++ b/xen/arch/x86/boot/build32.lds @@ -31,44 +31,36 @@ SECTIONS *(.bss.*) } + /* Dynamic linkage sections. Collected simply so we can check they're empty. */ + .got : { + *(.got) + } .got.plt : { - /* - * PIC/PIE executable contains .got.plt section even if it is not linked - * with dynamic libraries. In such case it is just placeholder for - * _GLOBAL_OFFSET_TABLE_ symbol and .PLT0. .PLT0 is filled by dynamic - * linker and our code is not supposed to be loaded by dynamic linker. - * So, from our point of view .PLT0 is unused. This means that there is - * pretty good chance that we can safely drop .got.plt as a whole here. - * Sadly this is not true. _GLOBAL_OFFSET_TABLE_ is used as a reference - * for relative addressing (and only for that thing) and ld complains if - * we remove .got.plt section here because it cannot find required symbol. - * However, _GLOBAL_OFFSET_TABLE_ is no longer needed in final output. - * So, drop .got.plt section during conversion to plain binary format. - * - * Please check build32.mk for more details. - */ *(.got.plt) } - - /* - * Discarding .shstrtab is not supported by LLD (LLVM LD) and will trigger an - * error. Also keep the rest of the control sections to match GNU LD behavior. - */ - .shstrtab : { - *(.shstrtab) + .igot.plt : { + *(.igot.plt) } - .strtab : { - *(.strtab) + .iplt : { + *(.iplt) } - .symtab : { - *(.symtab) + .plt : { + *(.plt) } - - /DISCARD/ : { - /* - * Discard everything else, to prevent linkers from putting - * orphaned sections ahead of .text, which needs to be first. - */ - *(*) + .rel : { + *(.rel.*) } } + +ASSERT(SIZEOF(.got) == 0, ".got non-empty") +/* + * At least GNU ld 2.30 and earlier fail to discard the generic part of + * .got.plt when no actual entries were allocated. Permit this case alongside + * the section being empty. + */ +ASSERT(SIZEOF(.got.plt) == 0 || + SIZEOF(.got.plt) == 3 * 4, "unexpected .got.plt size") +ASSERT(SIZEOF(.igot.plt) == 0, ".igot.plt non-empty") +ASSERT(SIZEOF(.iplt) == 0, ".iplt non-empty") +ASSERT(SIZEOF(.plt) == 0, ".plt non-empty") +ASSERT(SIZEOF(.rel) == 0, "leftover relocations") -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 21 00:22:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Apr 2022 00:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.309689.526112 (Exim 4.92) (envelope-from ) id 1nhKaB-0006w3-Qw; Thu, 21 Apr 2022 00:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 309689.526112; Thu, 21 Apr 2022 00:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhKaB-0006vv-O6; Thu, 21 Apr 2022 00:22:03 +0000 Received: by outflank-mailman (input) for mailman id 309689; Thu, 21 Apr 2022 00:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhKaA-0006vp-5K for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 00:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhKaA-0004d3-21 for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 00:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhKaA-0005JP-1A for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 00:22:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Gd8H8p0VBkVJSl208iO1GyL2/MiYkZvTXqGv9t5h1kM=; b=Ty7urShQvGyvtvgDRx8W/ynWlF r24ZIXCVXuUAZ8GYc/v7TevEhdjxaVZ9q74LWHW7rPgZI0/ma9bX39IlDxLf68KDkIFkniBWUNSkm 65drmnLTB1k5DhXZmrrZdpQYJXGxfIxWaHigtlmsumXY3DRGCKzyCPt2v2/znpKpzCAw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Make use of DT_MATCH_TIMER in make_timer_node Message-Id: Date: Thu, 21 Apr 2022 00:22:02 +0000 commit 7e2a2defeb4f82efaf316396165de353130f6a4b Author: Michal Orzel AuthorDate: Thu Apr 14 11:58:43 2022 +0200 Commit: Stefano Stabellini CommitDate: Tue Apr 19 17:34:33 2022 -0700 xen/arm: Make use of DT_MATCH_TIMER in make_timer_node DT_MATCH_TIMER stores the compatible timer ids and as such should be used in all the places where we need to refer to them. make_timer_node explicitly lists the same ids as the ones defined in DT_MATCH_TIMER so make use of this macro instead. Signed-off-by: Michal Orzel Reviewed-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 8be01678de..1472ca4972 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -1672,8 +1672,7 @@ static int __init make_timer_node(const struct kernel_info *kinfo) void *fdt = kinfo->fdt; static const struct dt_device_match timer_ids[] __initconst = { - DT_MATCH_COMPATIBLE("arm,armv7-timer"), - DT_MATCH_COMPATIBLE("arm,armv8-timer"), + DT_MATCH_TIMER, { /* sentinel */ }, }; struct dt_device_node *dev; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 21 00:22:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Apr 2022 00:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.309690.526116 (Exim 4.92) (envelope-from ) id 1nhKaL-0006y4-Sc; Thu, 21 Apr 2022 00:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 309690.526116; Thu, 21 Apr 2022 00:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhKaL-0006xw-Pd; Thu, 21 Apr 2022 00:22:13 +0000 Received: by outflank-mailman (input) for mailman id 309690; Thu, 21 Apr 2022 00:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhKaK-0006xl-69 for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 00:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhKaK-0004d7-5O for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 00:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhKaK-0005K0-4E for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 00:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jW+SHobaqlwGg2hEk2ClHw/zCeZ+bIiVkqW392nYusM=; b=RDDxaOcgrQPh+1VbUoHCwJoR+v XFc7A8O0jz5TLk4FlWTprVNKbVU7l/P7yQMiHgvXwjI7gKstWyXNaR6qOQKYOCJtsp87tlcuBC/mW dqhjHHPx/3qk2x+6ZLLHeEjySO5pjZZai+s58PXwtmFus98KC7aBQ5luXDm6YpErhOc0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Add i.MX lpuart driver Message-Id: Date: Thu, 21 Apr 2022 00:22:12 +0000 commit 44e17aa60d47a7c219cb1bf3bf1caf3f2eab3b2c Author: Peng Fan AuthorDate: Tue Apr 19 12:39:26 2022 +0800 Commit: Stefano Stabellini CommitDate: Tue Apr 19 17:35:58 2022 -0700 xen/arm: Add i.MX lpuart driver The i.MX LPUART Documentation: https://www.nxp.com/webapp/Download?colCode=IMX8QMIEC Chatper 13.6 Low Power Universal Asynchronous Receiver/ Transmitter (LPUART) Tested-by: Henry Wang Signed-off-by: Peng Fan Reviewed-by: Michal Orzel Acked-by: Stefano Stabellini --- xen/arch/arm/include/asm/imx-lpuart.h | 64 ++++++++ xen/drivers/char/Kconfig | 7 + xen/drivers/char/Makefile | 1 + xen/drivers/char/imx-lpuart.c | 275 ++++++++++++++++++++++++++++++++++ 4 files changed, 347 insertions(+) diff --git a/xen/arch/arm/include/asm/imx-lpuart.h b/xen/arch/arm/include/asm/imx-lpuart.h new file mode 100644 index 0000000000..fe859045dc --- /dev/null +++ b/xen/arch/arm/include/asm/imx-lpuart.h @@ -0,0 +1,64 @@ +/* + * xen/arch/arm/include/asm/imx-lpuart.h + * + * Common constant definition between early printk and the LPUART driver + * + * Peng Fan + * Copyright 2022 NXP + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef __ASM_ARM_IMX_LPUART_H__ +#define __ASM_ARM_IMX_LPUART_H__ + +/* 32-bit register definition */ +#define UARTBAUD (0x10) +#define UARTSTAT (0x14) +#define UARTCTRL (0x18) +#define UARTDATA (0x1C) +#define UARTMATCH (0x20) +#define UARTMODIR (0x24) +#define UARTFIFO (0x28) +#define UARTWATER (0x2c) + +#define UARTSTAT_TDRE BIT(23, UL) +#define UARTSTAT_TC BIT(22, UL) +#define UARTSTAT_RDRF BIT(21, UL) +#define UARTSTAT_OR BIT(19, UL) + +#define UARTBAUD_OSR_SHIFT (24) +#define UARTBAUD_OSR_MASK (0x1f) +#define UARTBAUD_SBR_MASK (0x1fff) +#define UARTBAUD_BOTHEDGE (0x00020000) +#define UARTBAUD_TDMAE (0x00800000) +#define UARTBAUD_RDMAE (0x00200000) + +#define UARTCTRL_TIE BIT(23, UL) +#define UARTCTRL_TCIE BIT(22, UL) +#define UARTCTRL_RIE BIT(21, UL) +#define UARTCTRL_ILIE BIT(20, UL) +#define UARTCTRL_TE BIT(19, UL) +#define UARTCTRL_RE BIT(18, UL) +#define UARTCTRL_M BIT(4, UL) + +#define UARTWATER_RXCNT_OFF 24 + +#endif /* __ASM_ARM_IMX_LPUART_H__ */ + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/drivers/char/Kconfig b/xen/drivers/char/Kconfig index 2ff5b288e2..e5f7b1d8eb 100644 --- a/xen/drivers/char/Kconfig +++ b/xen/drivers/char/Kconfig @@ -13,6 +13,13 @@ config HAS_CADENCE_UART This selects the Xilinx Zynq Cadence UART. If you have a Xilinx Zynq based board, say Y. +config HAS_IMX_LPUART + bool "i.MX LPUART driver" + default y + depends on ARM_64 + help + This selects the i.MX LPUART. If you have i.MX8QM based board, say Y. + config HAS_MVEBU bool "Marvell MVEBU UART driver" default y diff --git a/xen/drivers/char/Makefile b/xen/drivers/char/Makefile index 7c646d771c..14e67cf072 100644 --- a/xen/drivers/char/Makefile +++ b/xen/drivers/char/Makefile @@ -8,6 +8,7 @@ obj-$(CONFIG_HAS_MVEBU) += mvebu-uart.o obj-$(CONFIG_HAS_OMAP) += omap-uart.o obj-$(CONFIG_HAS_SCIF) += scif-uart.o obj-$(CONFIG_HAS_EHCI) += ehci-dbgp.o +obj-$(CONFIG_HAS_IMX_LPUART) += imx-lpuart.o obj-$(CONFIG_ARM) += arm-uart.o obj-y += serial.o obj-$(CONFIG_XEN_GUEST) += xen_pv_console.o diff --git a/xen/drivers/char/imx-lpuart.c b/xen/drivers/char/imx-lpuart.c new file mode 100644 index 0000000000..2709136081 --- /dev/null +++ b/xen/drivers/char/imx-lpuart.c @@ -0,0 +1,275 @@ +/* + * xen/drivers/char/imx-lpuart.c + * + * Driver for i.MX LPUART. + * + * Peng Fan + * Copyright 2022 NXP + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#define imx_lpuart_read(uart, off) readl((uart)->regs + off) +#define imx_lpuart_write(uart, off, val) writel((val), (uart)->regs + off) + +static struct imx_lpuart { + uint32_t baud, clock_hz, data_bits, parity, stop_bits, fifo_size; + uint32_t irq; + char __iomem *regs; + struct irqaction irqaction; + struct vuart_info vuart; +} imx8_com; + +static void imx_lpuart_interrupt(int irq, void *data, + struct cpu_user_regs *regs) +{ + struct serial_port *port = data; + struct imx_lpuart *uart = port->uart; + uint32_t sts, rxcnt; + + sts = imx_lpuart_read(uart, UARTSTAT); + rxcnt = imx_lpuart_read(uart, UARTWATER) >> UARTWATER_RXCNT_OFF; + + if ( (sts & UARTSTAT_RDRF) || (rxcnt > 0) ) + serial_rx_interrupt(port, regs); + + if ( sts & UARTSTAT_TDRE ) + serial_tx_interrupt(port, regs); + + imx_lpuart_write(uart, UARTSTAT, sts); +} + +static void __init imx_lpuart_init_preirq(struct serial_port *port) +{ + struct imx_lpuart *uart = port->uart; + uint32_t ctrl, old_ctrl, bd; + + old_ctrl = imx_lpuart_read(uart, UARTCTRL); + ctrl = (old_ctrl & ~UARTCTRL_M) | UARTCTRL_TE | UARTCTRL_RE; + bd = imx_lpuart_read(uart, UARTBAUD); + + while ( !(imx_lpuart_read(uart, UARTSTAT) & UARTSTAT_TC) ) + cpu_relax(); + + /* Disable transmit and receive */ + imx_lpuart_write(uart, UARTCTRL, old_ctrl & ~(UARTCTRL_TE | UARTCTRL_RE)); + + /* Reuse firmware baudrate settings, only disable DMA here */ + bd &= ~(UARTBAUD_TDMAE | UARTBAUD_RDMAE); + + imx_lpuart_write(uart, UARTMODIR, 0); + imx_lpuart_write(uart, UARTBAUD, bd); + imx_lpuart_write(uart, UARTCTRL, ctrl); +} + +static void __init imx_lpuart_init_postirq(struct serial_port *port) +{ + struct imx_lpuart *uart = port->uart; + uint32_t temp; + + uart->irqaction.handler = imx_lpuart_interrupt; + uart->irqaction.name = "imx_lpuart"; + uart->irqaction.dev_id = port; + + if ( setup_irq(uart->irq, 0, &uart->irqaction) != 0 ) + { + dprintk(XENLOG_ERR, "Failed to allocate imx_lpuart IRQ %d\n", + uart->irq); + return; + } + + /* Enable interrupts */ + temp = imx_lpuart_read(uart, UARTCTRL); + temp |= (UARTCTRL_RIE | UARTCTRL_TIE); + temp |= UARTCTRL_ILIE; + imx_lpuart_write(uart, UARTCTRL, temp); +} + +static void imx_lpuart_suspend(struct serial_port *port) +{ + BUG(); +} + +static void imx_lpuart_resume(struct serial_port *port) +{ + BUG(); +} + +static int imx_lpuart_tx_ready(struct serial_port *port) +{ + struct imx_lpuart *uart = port->uart; + + return imx_lpuart_read(uart, UARTSTAT) & UARTSTAT_TC; +} + +static void imx_lpuart_putc(struct serial_port *port, char c) +{ + struct imx_lpuart *uart = port->uart; + + while ( !(imx_lpuart_read(uart, UARTSTAT) & UARTSTAT_TDRE) ) + cpu_relax(); + + imx_lpuart_write(uart, UARTDATA, c); +} + +static int imx_lpuart_getc(struct serial_port *port, char *pc) +{ + struct imx_lpuart *uart = port->uart; + int ch; + + while ( !(imx_lpuart_read(uart, UARTSTAT) & UARTSTAT_RDRF) ) + return 0; + + ch = imx_lpuart_read(uart, UARTDATA); + *pc = ch & 0xff; + + if ( imx_lpuart_read(uart, UARTSTAT) & UARTSTAT_OR ) + imx_lpuart_write(uart, UARTSTAT, UARTSTAT_OR); + + return 1; +} + +static int __init imx_lpuart_irq(struct serial_port *port) +{ + struct imx_lpuart *uart = port->uart; + + return ((uart->irq > 0) ? uart->irq : -1); +} + +static const struct vuart_info *imx_lpuart_vuart_info(struct serial_port *port) +{ + struct imx_lpuart *uart = port->uart; + + return &uart->vuart; +} + +static void imx_lpuart_start_tx(struct serial_port *port) +{ + struct imx_lpuart *uart = port->uart; + uint32_t temp; + + /* Wait until empty */ + while ( !(imx_lpuart_read(uart, UARTSTAT) & UARTSTAT_TDRE) ) + cpu_relax(); + + temp = imx_lpuart_read(uart, UARTCTRL); + imx_lpuart_write(uart, UARTCTRL, (temp | UARTCTRL_TIE)); +} + +static void imx_lpuart_stop_tx(struct serial_port *port) +{ + struct imx_lpuart *uart = port->uart; + uint32_t temp; + + temp = imx_lpuart_read(uart, UARTCTRL); + temp &= ~(UARTCTRL_TIE | UARTCTRL_TCIE); + imx_lpuart_write(uart, UARTCTRL, temp); +} + +static struct uart_driver __read_mostly imx_lpuart_driver = { + .init_preirq = imx_lpuart_init_preirq, + .init_postirq = imx_lpuart_init_postirq, + .endboot = NULL, + .suspend = imx_lpuart_suspend, + .resume = imx_lpuart_resume, + .tx_ready = imx_lpuart_tx_ready, + .putc = imx_lpuart_putc, + .getc = imx_lpuart_getc, + .irq = imx_lpuart_irq, + .start_tx = imx_lpuart_start_tx, + .stop_tx = imx_lpuart_stop_tx, + .vuart_info = imx_lpuart_vuart_info, +}; + +static int __init imx_lpuart_init(struct dt_device_node *dev, + const void *data) +{ + const char *config = data; + struct imx_lpuart *uart; + int res; + u64 addr, size; + + if ( strcmp(config, "") ) + printk("WARNING: UART configuration is not supported\n"); + + uart = &imx8_com; + + uart->baud = 115200; + uart->data_bits = 8; + uart->parity = 0; + uart->stop_bits = 1; + + res = dt_device_get_address(dev, 0, &addr, &size); + if ( res ) + { + printk("imx8-lpuart: Unable to retrieve the base" + " address of the UART\n"); + return res; + } + + res = platform_get_irq(dev, 0); + if ( res < 0 ) + { + printk("imx8-lpuart: Unable to retrieve the IRQ\n"); + return -EINVAL; + } + uart->irq = res; + + uart->regs = ioremap_nocache(addr, size); + if ( !uart->regs ) + { + printk("imx8-lpuart: Unable to map the UART memory\n"); + return -ENOMEM; + } + + uart->vuart.base_addr = addr; + uart->vuart.size = size; + uart->vuart.data_off = UARTDATA; + /* tmp from uboot */ + uart->vuart.status_off = UARTSTAT; + uart->vuart.status = UARTSTAT_TDRE; + + /* Register with generic serial driver */ + serial_register_uart(SERHND_DTUART, &imx_lpuart_driver, uart); + + dt_device_set_used_by(dev, DOMID_XEN); + + return 0; +} + +static const struct dt_device_match imx_lpuart_dt_compat[] __initconst = +{ + DT_MATCH_COMPATIBLE("fsl,imx8qm-lpuart"), + { /* sentinel */ }, +}; + +DT_DEVICE_START(imx_lpuart, "i.MX LPUART", DEVICE_SERIAL) + .dt_match = imx_lpuart_dt_compat, + .init = imx_lpuart_init, +DT_DEVICE_END + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 21 00:22:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Apr 2022 00:22:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.309691.526120 (Exim 4.92) (envelope-from ) id 1nhKaV-00071W-UK; Thu, 21 Apr 2022 00:22:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 309691.526120; Thu, 21 Apr 2022 00:22:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhKaV-00071O-RJ; Thu, 21 Apr 2022 00:22:23 +0000 Received: by outflank-mailman (input) for mailman id 309691; Thu, 21 Apr 2022 00:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhKaU-000718-9J for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 00:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhKaU-0004dR-8V for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 00:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhKaU-0005KX-7e for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 00:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WZCa7ek2s6thGo/+KGBi6d1RN3gFGkWb51zvjkjYCbg=; b=MYMrdSYPwMuSdSc30lMf4Jy5Cn yJAC4XGFO1a7px4kEYJPu6cWm6eBmTnIhx3GqX+Z4HgAI+nuyerUDCWv6RqqesKxFPbhpCI22mmAq n7gekOCei5wLFwaF4Sx+gr87GQZdlHuWkrRJqNHqk5LdP2q3ULWT9sxtxslKTs5M9A+s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Add i.MX lpuart early printk support Message-Id: Date: Thu, 21 Apr 2022 00:22:22 +0000 commit e9935146cd695188e70c10a6dda9f24ef9b63e30 Author: Peng Fan AuthorDate: Tue Apr 19 12:39:27 2022 +0800 Commit: Stefano Stabellini CommitDate: Tue Apr 19 17:38:53 2022 -0700 xen/arm: Add i.MX lpuart early printk support Signed-off-by: Peng Fan Reviewed-by: Michal Orzel Acked-by: Bertrand Marquis Acked-by: Stefano Stabellini --- xen/arch/arm/Kconfig.debug | 14 ++++++++++ xen/arch/arm/arm64/debug-imx-lpuart.inc | 48 +++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/xen/arch/arm/Kconfig.debug b/xen/arch/arm/Kconfig.debug index 35ccd13273..842d768280 100644 --- a/xen/arch/arm/Kconfig.debug +++ b/xen/arch/arm/Kconfig.debug @@ -58,6 +58,16 @@ choice This option is preferred over the platform specific options; the platform specific options are deprecated and will soon be removed. + config EARLY_UART_CHOICE_IMX_LPUART + select EARLY_UART_IMX_LPUART + depends on ARM_64 + bool "Early printk via i.MX LPUART" + help + Say Y here if you wish the early printk to direct their + output to a i.MX LPUART. You can use this option to + provide the parameters for the i.MX LPUART rather than + selecting one of the platform specific options below if + you know the parameters for the port. config EARLY_UART_CHOICE_MESON select EARLY_UART_MESON depends on ARM_64 @@ -186,6 +196,9 @@ config EARLY_UART_CADENCE config EARLY_UART_EXYNOS4210 select EARLY_PRINTK bool +config EARLY_UART_IMX_LPUART + select EARLY_PRINTK + bool config EARLY_UART_MESON select EARLY_PRINTK bool @@ -283,6 +296,7 @@ config EARLY_PRINTK_INC default "debug-8250.inc" if EARLY_UART_8250 default "debug-cadence.inc" if EARLY_UART_CADENCE default "debug-exynos4210.inc" if EARLY_UART_EXYNOS4210 + default "debug-imx-lpuart.inc" if EARLY_UART_IMX_LPUART default "debug-meson.inc" if EARLY_UART_MESON default "debug-mvebu.inc" if EARLY_UART_MVEBU default "debug-pl011.inc" if EARLY_UART_PL011 diff --git a/xen/arch/arm/arm64/debug-imx-lpuart.inc b/xen/arch/arm/arm64/debug-imx-lpuart.inc new file mode 100644 index 0000000000..b169332932 --- /dev/null +++ b/xen/arch/arm/arm64/debug-imx-lpuart.inc @@ -0,0 +1,48 @@ +/* + * xen/arch/arm/arm64/debug-imx-lpuart.inc + * + * i.MX8QM specific debug code + * + * Peng Fan + * Copyright 2022 NXP + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include + +/* + * Wait LPUART to be ready to transmit + * rb: register which contains the UART base address + * rc: scratch register + */ +.macro early_uart_ready xb, c +1: + ldr w\c, [\xb, #UARTSTAT] /* <- Flag register */ + tst w\c, #UARTSTAT_TDRE /* Check FIFO EMPTY bit */ + beq 1b /* Wait for the UART to be ready */ +.endm + +/* + * LPUART transmit character + * rb: register which contains the UART base address + * rt: register which contains the character to transmit + */ +.macro early_uart_transmit xb, wt + str \wt, [\xb, #UARTDATA] /* -> Data Register */ +.endm + +/* + * Local variables: + * mode: ASM + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 21 11:11:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Apr 2022 11:11:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310038.526631 (Exim 4.92) (envelope-from ) id 1nhUiF-0005bq-MT; Thu, 21 Apr 2022 11:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310038.526631; Thu, 21 Apr 2022 11:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUiF-0005bg-JK; Thu, 21 Apr 2022 11:11:03 +0000 Received: by outflank-mailman (input) for mailman id 310038; Thu, 21 Apr 2022 11:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUiE-0005bY-9E for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUiE-0006i3-7g for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhUiE-0006Je-6i for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sH/EpOoRv1Q49GN9UvEtfo1tGtoxpGx+VD7LPYUNd9s=; b=WaOdIOgUJRi54O95l/mnI8Abei W45i7sjX/hd3WJHlwFtqm93gibfSD85C9eWs1HQyfit1LCLOOkIk9gxVYqwi+RJHWVnb9jipLveGa VZEwOJwZ6qC0+q/CtsvCs1A94qewfI7WMOoty7UEet19Z9JGpnMUiWGoObeHCiWzb9pw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] include/public: add command result definitions to vscsiif.h Message-Id: Date: Thu, 21 Apr 2022 11:11:02 +0000 commit 075817681c2e9cc1d0d9ac51e45f7a7dd86123f6 Author: Juergen Gross AuthorDate: Wed Apr 20 10:51:26 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 20 10:51:26 2022 +0200 include/public: add command result definitions to vscsiif.h The result field of struct vscsiif_response is lacking a detailed definition. Today the Linux kernel internal scsi definitions are being used, which is not a sane interface for a PV device driver. Add macros to change that by using today's values in the XEN namespace. Signed-off-by: Juergen Gross Reviewed-by: Luca Fancellu --- xen/include/public/io/vscsiif.h | 51 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/xen/include/public/io/vscsiif.h b/xen/include/public/io/vscsiif.h index c9ceb1884d..8553b17cc6 100644 --- a/xen/include/public/io/vscsiif.h +++ b/xen/include/public/io/vscsiif.h @@ -315,6 +315,57 @@ struct vscsiif_response { }; typedef struct vscsiif_response vscsiif_response_t; +/* SCSI I/O status from vscsiif_response->rslt */ +#define XEN_VSCSIIF_RSLT_STATUS(x) ((x) & 0x00ff) + +/* Host I/O status from vscsiif_response->rslt */ +#define XEN_VSCSIIF_RSLT_HOST(x) (((x) & 0x00ff0000) >> 16) +#define XEN_VSCSIIF_RSLT_HOST_OK 0 +/* Couldn't connect before timeout */ +#define XEN_VSCSIIF_RSLT_HOST_NO_CONNECT 1 +/* Bus busy through timeout */ +#define XEN_VSCSIIF_RSLT_HOST_BUS_BUSY 2 +/* Timed out for other reason */ +#define XEN_VSCSIIF_RSLT_HOST_TIME_OUT 3 +/* Bad target */ +#define XEN_VSCSIIF_RSLT_HOST_BAD_TARGET 4 +/* Abort for some other reason */ +#define XEN_VSCSIIF_RSLT_HOST_ABORT 5 +/* Parity error */ +#define XEN_VSCSIIF_RSLT_HOST_PARITY 6 +/* Internal error */ +#define XEN_VSCSIIF_RSLT_HOST_ERROR 7 +/* Reset by somebody */ +#define XEN_VSCSIIF_RSLT_HOST_RESET 8 +/* Unexpected interrupt */ +#define XEN_VSCSIIF_RSLT_HOST_BAD_INTR 9 +/* Force command past mid-layer */ +#define XEN_VSCSIIF_RSLT_HOST_PASSTHROUGH 10 +/* Retry requested */ +#define XEN_VSCSIIF_RSLT_HOST_SOFT_ERROR 11 +/* Hidden retry requested */ +#define XEN_VSCSIIF_RSLT_HOST_IMM_RETRY 12 +/* Requeue command requested */ +#define XEN_VSCSIIF_RSLT_HOST_REQUEUE 13 +/* Transport error disrupted I/O */ +#define XEN_VSCSIIF_RSLT_HOST_TRANSPORT_DISRUPTED 14 +/* Transport class fastfailed */ +#define XEN_VSCSIIF_RSLT_HOST_TRANSPORT_FAILFAST 15 +/* Permanent target failure */ +#define XEN_VSCSIIF_RSLT_HOST_TARGET_FAILURE 16 +/* Permanent nexus failure on path */ +#define XEN_VSCSIIF_RSLT_HOST_NEXUS_FAILURE 17 +/* Space allocation on device failed */ +#define XEN_VSCSIIF_RSLT_HOST_ALLOC_FAILURE 18 +/* Medium error */ +#define XEN_VSCSIIF_RSLT_HOST_MEDIUM_ERROR 19 +/* Transport marginal errors */ +#define XEN_VSCSIIF_RSLT_HOST_TRANSPORT_MARGINAL 20 + +/* Result values of reset operations */ +#define XEN_VSCSIIF_RSLT_RESET_SUCCESS 0x2002 +#define XEN_VSCSIIF_RSLT_RESET_FAILED 0x2003 + DEFINE_RING_TYPES(vscsiif, struct vscsiif_request, struct vscsiif_response); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 21 11:11:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Apr 2022 11:11:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310039.526634 (Exim 4.92) (envelope-from ) id 1nhUiO-0005dt-O2; Thu, 21 Apr 2022 11:11:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310039.526634; Thu, 21 Apr 2022 11:11:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUiO-0005dl-Km; Thu, 21 Apr 2022 11:11:12 +0000 Received: by outflank-mailman (input) for mailman id 310039; Thu, 21 Apr 2022 11:11:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUiO-0005da-Bl for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUiO-0006i7-Az for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhUiO-0006KD-9y for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=F801iJThJFNEEWTgmCgNYotUW1y+0gyUqDkfASpEfqQ=; b=wTFOhg7LqES0hFmj6aFEqXQ9d5 t+dfdRXtVsV3f07U8LLcjVO8hibtgm3/6Rkmq0KOpKCmzhiUS0hV4ZAbx6IBszlkA25BpTPnhlmfo xrdFOcEJTHkONoYOJOKyU1gC233m/b76T1bWORxrHNOCycRasqyFIkUNwL+RAgv8baeQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU/x86: drop locking from quarantine_init() hooks Message-Id: Date: Thu, 21 Apr 2022 11:11:12 +0000 commit 02b0e2d0303869a222bb8c2a888756394e99d15b Author: Jan Beulich AuthorDate: Wed Apr 20 10:52:13 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 20 10:52:13 2022 +0200 IOMMU/x86: drop locking from quarantine_init() hooks Prior extension of these functions to enable per-device quarantine page tables already didn't add more locking there, but merely left in place what had been there before. But really locking is unnecessary here: We're running with pcidevs_lock held (i.e. multiple invocations of the same function [or their teardown equivalents] are impossible, and hence there are no "local" races), while all consuming of the data being populated here can't race anyway due to happening sequentially afterwards, and unlike ordinary domains' page tables quarantine ones are never modified once fully constructed. See also the comment in struct arch_pci_dev. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian --- xen/drivers/passthrough/amd/iommu_map.c | 4 ---- xen/drivers/passthrough/vtd/iommu.c | 4 ---- 2 files changed, 8 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 1f5eae9b7d..6d42bcea0e 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -699,15 +699,11 @@ int cf_check amd_iommu_quarantine_init(struct pci_dev *pdev, bool scratch_page) union amd_iommu_pte *root; struct page_info *pgs[IOMMU_MAX_PT_LEVELS] = {}; - spin_lock(&hd->arch.mapping_lock); - root = __map_domain_page(pdev->arch.amd.root_table); rc = fill_qpt(root, level - 1, pgs); unmap_domain_page(root); pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); - - spin_unlock(&hd->arch.mapping_lock); } page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 42b76af73f..dbff56fe6a 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -3054,15 +3054,11 @@ static int cf_check intel_iommu_quarantine_init(struct pci_dev *pdev, struct dma_pte *root; struct page_info *pgs[6] = {}; - spin_lock(&hd->arch.mapping_lock); - root = map_vtd_domain_page(pdev->arch.vtd.pgd_maddr); rc = fill_qpt(root, level - 1, pgs); unmap_vtd_domain_page(root); pdev->arch.leaf_mfn = page_to_mfn(pgs[0]); - - spin_unlock(&hd->arch.mapping_lock); } page_list_move(&pdev->arch.pgtables_list, &hd->arch.pgtables.list); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 21 11:11:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Apr 2022 11:11:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310040.526638 (Exim 4.92) (envelope-from ) id 1nhUiY-0005hD-PF; Thu, 21 Apr 2022 11:11:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310040.526638; Thu, 21 Apr 2022 11:11:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUiY-0005h5-MM; Thu, 21 Apr 2022 11:11:22 +0000 Received: by outflank-mailman (input) for mailman id 310040; Thu, 21 Apr 2022 11:11:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUiY-0005gx-Eg for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUiY-0006iS-Dx for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhUiY-0006Kw-Cy for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AIchE7e9NZZS30bs+NKnQAaMstpgcADwxzaQNQlpHr4=; b=MTt2JYK9HcVNTqr3+p1LDcU7J7 olwdotwSD6Ui+KF1ZH0r06ZkBUwbI81f5syUwNbTGODd3ce/UU2PoLAB3yTBTeKvNaaMWrFvaem4m +dTotDpzTZT2qSp/KvPKLTmd//egM16+Wh3i1iah+feXE/dVVqYtjQ5B1xIFjXk8fYD4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: drop ROOT_ENTRY_NR Message-Id: Date: Thu, 21 Apr 2022 11:11:22 +0000 commit d94a9973794c2fb8c754be0cdd9ffe0edf1b0a8b Author: Jan Beulich AuthorDate: Wed Apr 20 10:53:19 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 20 10:53:19 2022 +0200 VT-d: drop ROOT_ENTRY_NR It's not only misplaced, but entirely unused. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.h | 1 - 1 file changed, 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index aca055f577..09ec09fe27 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -204,7 +204,6 @@ struct context_entry { __uint128_t full; }; }; -#define ROOT_ENTRY_NR (PAGE_SIZE_4K/sizeof(struct root_entry)) #define context_present(c) ((c).lo & 1) #define context_fault_disable(c) (((c).lo >> 1) & 1) #define context_translation_type(c) (((c).lo >> 2) & 3) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 21 11:11:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Apr 2022 11:11:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310041.526643 (Exim 4.92) (envelope-from ) id 1nhUij-0005kC-RA; Thu, 21 Apr 2022 11:11:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310041.526643; Thu, 21 Apr 2022 11:11:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUij-0005k2-Nt; Thu, 21 Apr 2022 11:11:33 +0000 Received: by outflank-mailman (input) for mailman id 310041; Thu, 21 Apr 2022 11:11:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUii-0005jt-Hr for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUii-0006ie-HD for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhUii-0006LV-G9 for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ACbmhBnJkvOrkRVmiIL1tAAjniPMPkywGuuh+mDOax8=; b=LieRciD6/j13l/trY0JDEHKcDL LmwkOlYqk5/OmhkdR5zbFnfK/aAzJhuc/d67CvW4IceTmUqPcK3dVE6/wFdDxzdBq1tR5BBN8d/2g QOWyj7v61/u51HG/1G0NfDjHVRHg4LvhMPPTD+LCahyz9iagdRthkbkURwHxnmyvL1Mk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: plug memory leaks in iommu_alloc() Message-Id: Date: Thu, 21 Apr 2022 11:11:32 +0000 commit 376f0c1b69a626b45bb9d418517d0e17f9df474b Author: Jan Beulich AuthorDate: Wed Apr 20 10:53:57 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 20 10:53:57 2022 +0200 VT-d: plug memory leaks in iommu_alloc() While 97af062b89d5 ("IOMMU/x86: maintain a per-device pseudo domain ID") took care of not making things worse, plugging pre-existing leaks wasn't the purpose of that change; they're not security relevant after all. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index dbff56fe6a..1e309dedf4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1238,8 +1238,9 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) drhd->iommu = iommu; iommu->reg = ioremap(drhd->address, PAGE_SIZE); + rc = -ENOMEM; if ( !iommu->reg ) - return -ENOMEM; + goto free; iommu->index = nr_iommus++; iommu->cap = dmar_readq(iommu->reg, DMAR_CAP_REG); @@ -1260,8 +1261,9 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) printk(VTDPREFIX "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap); } + rc = -ENODEV; if ( !(iommu->cap + 1) || !(iommu->ecap + 1) ) - return -ENODEV; + goto free; quirk_iommu_caps(iommu); @@ -1272,7 +1274,8 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { printk(XENLOG_ERR VTDPREFIX "IOMMU: unsupported\n"); print_iommu_regs(drhd); - return -ENODEV; + rc = -ENODEV; + goto free; } /* Calculate number of pagetable levels: 3 or 4. */ @@ -1283,7 +1286,8 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) { printk(XENLOG_ERR VTDPREFIX "IOMMU: unsupported sagaw %x\n", sagaw); print_iommu_regs(drhd); - return -ENODEV; + rc = -ENODEV; + goto free; } iommu->nr_pt_levels = agaw_to_level(agaw); @@ -1298,8 +1302,9 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) iommu->domid_bitmap = xzalloc_array(unsigned long, BITS_TO_LONGS(nr_dom)); iommu->domid_map = xzalloc_array(domid_t, nr_dom); + rc = -ENOMEM; if ( !iommu->domid_bitmap || !iommu->domid_map ) - return -ENOMEM; + goto free; /* * If Caching mode is set, then invalid translations are tagged -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 21 11:11:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Apr 2022 11:11:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310045.526657 (Exim 4.92) (envelope-from ) id 1nhUiu-00064b-4T; Thu, 21 Apr 2022 11:11:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310045.526657; Thu, 21 Apr 2022 11:11:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUiu-00064V-1S; Thu, 21 Apr 2022 11:11:44 +0000 Received: by outflank-mailman (input) for mailman id 310045; Thu, 21 Apr 2022 11:11:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUis-000640-L9 for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUis-0006ix-KS for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhUis-0006ME-JS for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=isoynsJBdQG75Un0+8j8wMZjl807+Q9akJvV4KFoAKQ=; b=tz9V0QTr9g6p22truFwZf70dRM +47aHCI/BQ0LyH8lrrA4mjstdGsdcG4Q5YVHxKed6Luy0j1zDaXZxddHJyQi86+hrpPhCQY1Y7YD4 Mu7P7gbiQl30E2HE2oFuIadJ+Sqf24/kykaT86hlXIvihM7Moc3zs/l2MI7pQlbJejA0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: refuse to use IOMMU with reserved CAP.ND value Message-Id: Date: Thu, 21 Apr 2022 11:11:42 +0000 commit a1545fbf45c689aff39ce76a6eaa609d32ef72a7 Author: Jan Beulich AuthorDate: Wed Apr 20 10:54:26 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 20 10:54:26 2022 +0200 VT-d: refuse to use IOMMU with reserved CAP.ND value The field taking the value 7 (resulting in 18-bit DIDs when using the calculation in cap_ndoms(), when the DID fields are only 16 bits wide) is reserved. Instead of misbehaving in case we would encounter such an IOMMU, refuse to use it. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 1e309dedf4..657e805987 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1267,8 +1267,11 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) quirk_iommu_caps(iommu); + nr_dom = cap_ndoms(iommu->cap); + if ( cap_fault_reg_offset(iommu->cap) + cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN > PAGE_SIZE || + ((nr_dom - 1) >> 16) /* I.e. cap.nd > 6 */ || (has_register_based_invalidation(iommu) && ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE) ) { @@ -1294,8 +1297,6 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) if ( !ecap_coherent(iommu->ecap) ) iommu_non_coherent = true; - nr_dom = cap_ndoms(iommu->cap); - if ( nr_dom <= DOMID_MASK * 2 + cap_caching_mode(iommu->cap) ) { /* Allocate domain id (bit) maps. */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 21 11:11:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Apr 2022 11:11:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310047.526661 (Exim 4.92) (envelope-from ) id 1nhUj4-0006I5-7B; Thu, 21 Apr 2022 11:11:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310047.526661; Thu, 21 Apr 2022 11:11:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUj4-0006Hy-3f; Thu, 21 Apr 2022 11:11:54 +0000 Received: by outflank-mailman (input) for mailman id 310047; Thu, 21 Apr 2022 11:11:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUj2-0006Gz-OJ for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUj2-0006j7-Nc for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhUj2-0006Mp-Mi for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:11:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=K+LLE5+SZUM3uRLyBjk1vI0efd9REy6BlKcbcbwX2+U=; b=WCohlrxTSUvO29cmauGdTl3dte xGp9HCRtYUmAO9jpxzZ0zX2qNHBEKxqhHRqAo/kP378dmzsXXQByVsEHx+Z0adTuIJOkCWKXxOlBF EfpDM/Fih/iolfP8+MkWMkkou0JRD99WkSBkvUU9vujaV2xFVLJ97y3P2zQ2vkapsA6I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/mm: avoid inadvertently degrading a TLB flush to local only Message-Id: Date: Thu, 21 Apr 2022 11:11:52 +0000 commit 78e072bc375043e81691a59454e09f0b38241ddd Author: David Vrabel AuthorDate: Wed Apr 20 10:55:01 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 20 10:55:01 2022 +0200 x86/mm: avoid inadvertently degrading a TLB flush to local only If the direct map is incorrectly modified with interrupts disabled, the required TLB flushes are degraded to flushing the local CPU only. This could lead to very hard to diagnose problems as different CPUs will end up with different views of memory. Although, no such issues have yet been identified. Change the check in the flush_area() macro to look at system_state instead. This defers the switch from local to all later in the boot (see xen/arch/x86/setup.c:__start_xen()). This is fine because additional PCPUs are not brought up until after the system state is SYS_STATE_smp_boot. Signed-off-by: David Vrabel Reviewed-by: Jan Beulich --- xen/arch/x86/mm.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index c271e383b5..72dbce43b1 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -5071,11 +5071,10 @@ l1_pgentry_t *virt_to_xen_l1e(unsigned long v) #define lNf_to_l1f(f) (((f) & _PAGE_PRESENT) ? ((f) & ~_PAGE_PSE) : (f)) /* - * map_pages_to_xen() can be called with interrupts disabled during - * early bootstrap. In this case it is safe to use flush_area_local() - * and avoid locking because only the local CPU is online. + * map_pages_to_xen() can be called early in boot before any other + * CPUs are online. Use flush_area_local() in this case. */ -#define flush_area(v,f) (!local_irq_is_enabled() ? \ +#define flush_area(v,f) (system_state < SYS_STATE_smp_boot ? \ flush_area_local((const void *)v, f) : \ flush_area_all((const void *)v, f)) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 21 11:12:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Apr 2022 11:12:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310051.526665 (Exim 4.92) (envelope-from ) id 1nhUjE-0006c7-8J; Thu, 21 Apr 2022 11:12:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310051.526665; Thu, 21 Apr 2022 11:12:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUjE-0006bz-5D; Thu, 21 Apr 2022 11:12:04 +0000 Received: by outflank-mailman (input) for mailman id 310051; Thu, 21 Apr 2022 11:12:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUjC-0006aY-RN for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:12:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUjC-0006jn-Qf for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:12:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhUjC-0006Nh-Pg for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:12:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rLBYsrp1Az95kS87OUL1AhCeV64C6UaRm7VkeXTkymY=; b=THMtCe00GPoi/B/iX4Yha8pcnP yTGarRWy2F7Nsnzi4Lg0k3rXljD9qW1wlFhhyNebzzKajBBqRA3n95scGgw49zO0jxAGC0AGPD67j UwVvLrRkiZBY0iTagw2lZRdU8Hx/qxateieTzeWGsyfOnmAVFBBH19Dnh97jto8qCY1Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/build: Fix dependency for the MAP rule Message-Id: Date: Thu, 21 Apr 2022 11:12:02 +0000 commit e1e72198213b80b7a82bdc90f96ed05ae4f53e20 Author: Andrew Cooper AuthorDate: Thu Apr 14 17:04:54 2022 +0100 Commit: Andrew Cooper CommitDate: Wed Apr 20 19:10:59 2022 +0100 xen/build: Fix dependency for the MAP rule Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index dd05672ff4..3a4e3bdd0f 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -599,7 +599,7 @@ cscope: cscope -k -b -q .PHONY: _MAP -_MAP: +_MAP: $(TARGET) $(NM) -n $(TARGET)-syms | grep -v '\(compiled\)\|\(\.o$$\)\|\( [aUw] \)\|\(\.\.ng$$\)\|\(LASH[RL]DI\)' > System.map %.o %.i %.s: %.c tools_fixdep FORCE -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 21 11:12:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Apr 2022 11:12:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310053.526670 (Exim 4.92) (envelope-from ) id 1nhUjO-0006iC-AU; Thu, 21 Apr 2022 11:12:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310053.526670; Thu, 21 Apr 2022 11:12:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUjO-0006i4-6m; Thu, 21 Apr 2022 11:12:14 +0000 Received: by outflank-mailman (input) for mailman id 310053; Thu, 21 Apr 2022 11:12:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUjM-0006hh-Uc for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:12:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhUjM-0006jr-Tt for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:12:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhUjM-0006Ot-T1 for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 11:12:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=98BksUeLFcGf+dVOGxeJYha0rvOQL9+3m8TSX8c5LWE=; b=x3UdDErOONxLseMS6nVpQpL+o2 VlukufwmdhmO1awcjll1DXZj8bHY9YGL+cHX9p38WMEKonx6WioRYX6zt69plmJd3P7P5yBcN53C+ TKzWE+oe0echpMEVDKR0XvViEVqr96Bs4NgLZV0DaZZaEUZ0iisqllAGNfe66mNAmifY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/build: Rework binary conversion for boot/{cmdline,reloc}.c Message-Id: Date: Thu, 21 Apr 2022 11:12:12 +0000 commit fdef107edd4459375f9c0e6e377f30e82d498747 Author: Andrew Cooper AuthorDate: Thu Apr 14 10:33:01 2022 +0100 Commit: Andrew Cooper CommitDate: Wed Apr 20 19:11:48 2022 +0100 x86/build: Rework binary conversion for boot/{cmdline,reloc}.c There is no need to opencode .got.plt size check; it can be done with linker asserts instead. Extend the checking to all dynamic linkage sections, and drop the $(OBJDUMP) pass. Furthermore, instead of removing .got.plt specifically, take only .text when converting to a flat binary. This makes the process invariant of .text's position relative to the start of the binary, which avoids needing to discard all sections, and removes the need to work around sections that certain linkers are unhappy discarding. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/boot/Makefile | 13 +--------- xen/arch/x86/boot/build32.lds | 58 +++++++++++++++++++------------------------ 2 files changed, 26 insertions(+), 45 deletions(-) diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index 784655f5e2..a5dd094836 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -28,19 +28,8 @@ $(head-srcs): %.S: %.bin (od -v -t x $< | tr -s ' ' | awk 'NR > 1 {print s} {s=$$0}' | \ sed 's/ /,0x/g' | sed 's/,0x$$//' | sed 's/^[0-9]*,/ .long /') >$@ -# Drop .got.plt during conversion to plain binary format. -# Please check build32.lds for more details. %.bin: %.lnk - $(OBJDUMP) -h $< | sed -n '/[0-9]/{s,00*,0,g;p;}' | \ - while read idx name sz rest; do \ - case "$$name" in \ - .got.plt) \ - test $$sz != 0c || continue; \ - echo "Error: non-empty $$name: 0x$$sz" >&2; \ - exit $$(expr $$idx + 1);; \ - esac; \ - done - $(OBJCOPY) -O binary -R .got.plt $< $@ + $(OBJCOPY) -j .text -O binary $< $@ %.lnk: %.o $(src)/build32.lds $(LD) $(subst x86_64,i386,$(LDFLAGS_DIRECT)) -N -T $(filter %.lds,$^) -o $@ $< diff --git a/xen/arch/x86/boot/build32.lds b/xen/arch/x86/boot/build32.lds index 1ab9418793..56edaa727b 100644 --- a/xen/arch/x86/boot/build32.lds +++ b/xen/arch/x86/boot/build32.lds @@ -31,44 +31,36 @@ SECTIONS *(.bss.*) } + /* Dynamic linkage sections. Collected simply so we can check they're empty. */ + .got : { + *(.got) + } .got.plt : { - /* - * PIC/PIE executable contains .got.plt section even if it is not linked - * with dynamic libraries. In such case it is just placeholder for - * _GLOBAL_OFFSET_TABLE_ symbol and .PLT0. .PLT0 is filled by dynamic - * linker and our code is not supposed to be loaded by dynamic linker. - * So, from our point of view .PLT0 is unused. This means that there is - * pretty good chance that we can safely drop .got.plt as a whole here. - * Sadly this is not true. _GLOBAL_OFFSET_TABLE_ is used as a reference - * for relative addressing (and only for that thing) and ld complains if - * we remove .got.plt section here because it cannot find required symbol. - * However, _GLOBAL_OFFSET_TABLE_ is no longer needed in final output. - * So, drop .got.plt section during conversion to plain binary format. - * - * Please check build32.mk for more details. - */ *(.got.plt) } - - /* - * Discarding .shstrtab is not supported by LLD (LLVM LD) and will trigger an - * error. Also keep the rest of the control sections to match GNU LD behavior. - */ - .shstrtab : { - *(.shstrtab) + .igot.plt : { + *(.igot.plt) } - .strtab : { - *(.strtab) + .iplt : { + *(.iplt) } - .symtab : { - *(.symtab) + .plt : { + *(.plt) } - - /DISCARD/ : { - /* - * Discard everything else, to prevent linkers from putting - * orphaned sections ahead of .text, which needs to be first. - */ - *(*) + .rel : { + *(.rel.*) } } + +ASSERT(SIZEOF(.got) == 0, ".got non-empty") +/* + * At least GNU ld 2.30 and earlier fail to discard the generic part of + * .got.plt when no actual entries were allocated. Permit this case alongside + * the section being empty. + */ +ASSERT(SIZEOF(.got.plt) == 0 || + SIZEOF(.got.plt) == 3 * 4, "unexpected .got.plt size") +ASSERT(SIZEOF(.igot.plt) == 0, ".igot.plt non-empty") +ASSERT(SIZEOF(.iplt) == 0, ".iplt non-empty") +ASSERT(SIZEOF(.plt) == 0, ".plt non-empty") +ASSERT(SIZEOF(.rel) == 0, "leftover relocations") -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 21 23:22:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Apr 2022 23:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310516.527393 (Exim 4.92) (envelope-from ) id 1nhg7h-0007kH-GN; Thu, 21 Apr 2022 23:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310516.527393; Thu, 21 Apr 2022 23:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhg7h-0007k9-Cy; Thu, 21 Apr 2022 23:22:05 +0000 Received: by outflank-mailman (input) for mailman id 310516; Thu, 21 Apr 2022 23:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhg7g-0007ZX-5w for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 23:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhg7g-0004cB-4P for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 23:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhg7g-0001hm-39 for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 23:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QIuuLzNG/pDo6t8Gt94I6SARfjSq+qMHk21selDGMxs=; b=NbOpDtfGmKi1BV3Y02VQBvmag+ IZ6ZJxppPCf4zBaiy+teUtZSYh+3EVuXAfzSMSDcMn2eJJbOaOlpYWCbYkH+InPsaN31SpAe3s2Kq iiJ45U+LuH+RoJh4bVuHN8CVLc18xbL3n2eKmIwYFkSmEvJglGtzBDKunxuFb++80TlY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] gitlab-ci: add qemu-system-arm to the existing tests-artifacts container Message-Id: Date: Thu, 21 Apr 2022 23:22:04 +0000 commit f1e4efafd69ac5022f2561e45f2eaf89388dc9f6 Author: Stefano Stabellini AuthorDate: Fri Apr 15 17:17:00 2022 -0700 Commit: Stefano Stabellini CommitDate: Thu Apr 21 16:17:20 2022 -0700 gitlab-ci: add qemu-system-arm to the existing tests-artifacts container Add qemu-system-arm to the existing test-artifacts qemu container (which doesn't get build for every iteration but only updated once in a while.) With qemu-system-arm available, we'll be able to run ARM32 tests. This patch also bumps the QEMU version to v6.0.0 for both arm32 and arm64 (the test-artifacts container is one, shared for both). Signed-off-by: Stefano Stabellini Reviewed-by: Anthony PERARD --- automation/gitlab-ci/build.yaml | 14 +++- automation/gitlab-ci/test.yaml | 4 +- .../qemu-system-aarch64/5.2.0-arm64v8.dockerfile | 75 --------------------- .../qemu-system-aarch64/6.0.0-arm64v8.dockerfile | 76 ++++++++++++++++++++++ 4 files changed, 90 insertions(+), 79 deletions(-) diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index cc36428cf5..72f2a317ac 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -591,9 +591,9 @@ kernel-5.9.9-arm64-export: tags: - arm64 -qemu-system-aarch64-5.2.0-arm64-export: +qemu-system-aarch64-6.0.0-arm64-export: stage: build - image: registry.gitlab.com/xen-project/xen/tests-artifacts/qemu-system-aarch64:5.2.0-arm64v8 + image: registry.gitlab.com/xen-project/xen/tests-artifacts/qemu-system-aarch64:6.0.0-arm64v8 script: - mkdir binaries && cp /qemu-system-aarch64 binaries/qemu-system-aarch64 artifacts: @@ -602,6 +602,16 @@ qemu-system-aarch64-5.2.0-arm64-export: tags: - arm64 +qemu-system-aarch64-6.0.0-arm32-export: + stage: build + image: registry.gitlab.com/xen-project/xen/tests-artifacts/qemu-system-aarch64:6.0.0-arm64v8 + script: + - mkdir binaries && cp /qemu-system-arm binaries/qemu-system-arm + artifacts: + paths: + - binaries/qemu-system-arm + tags: + - arm64 # x86_64 test artifacts diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 47e8704df3..ec2a2e1607 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -33,7 +33,7 @@ qemu-alpine-arm64-gcc: - alpine-3.12-gcc-arm64 - alpine-3.12-arm64-rootfs-export - kernel-5.9.9-arm64-export - - qemu-system-aarch64-5.2.0-arm64-export + - qemu-system-aarch64-6.0.0-arm64-export artifacts: paths: - smoke.serial @@ -81,7 +81,7 @@ qemu-smoke-arm64-gcc: dependencies: - debian-unstable-gcc-arm64 - kernel-5.9.9-arm64-export - - qemu-system-aarch64-5.2.0-arm64-export + - qemu-system-aarch64-6.0.0-arm64-export artifacts: paths: - smoke.serial diff --git a/automation/tests-artifacts/qemu-system-aarch64/5.2.0-arm64v8.dockerfile b/automation/tests-artifacts/qemu-system-aarch64/5.2.0-arm64v8.dockerfile deleted file mode 100644 index e105a1c636..0000000000 --- a/automation/tests-artifacts/qemu-system-aarch64/5.2.0-arm64v8.dockerfile +++ /dev/null @@ -1,75 +0,0 @@ -FROM arm64v8/debian:unstable -LABEL maintainer.name="The Xen Project" \ - maintainer.email="xen-devel@lists.xenproject.org" - -ENV DEBIAN_FRONTEND=noninteractive -ENV QEMU_VERSION=5.2.0 -ENV USER root - -RUN mkdir /build -WORKDIR /build - -# build depends -RUN apt-get update && \ - apt-get --quiet --yes install \ - build-essential \ - curl \ - python3 \ - ninja-build \ - pkg-config \ - libglib2.0-dev \ - libpixman-1-dev \ - && \ - \ - curl -fsSLO https://download.qemu.org/qemu-"$QEMU_VERSION".tar.xz && \ - tar xvJf qemu-"$QEMU_VERSION".tar.xz && \ - cd qemu-"$QEMU_VERSION" && \ - ./configure \ - --target-list=aarch64-softmmu \ - --enable-system \ - --disable-blobs \ - --disable-bsd-user \ - --disable-debug-info \ - --disable-glusterfs \ - --disable-gtk \ - --disable-guest-agent \ - --disable-linux-user \ - --disable-sdl \ - --disable-spice \ - --disable-tpm \ - --disable-vhost-net \ - --disable-vhost-scsi \ - --disable-vhost-user \ - --disable-vhost-vsock \ - --disable-virtfs \ - --disable-vnc \ - --disable-werror \ - --disable-xen \ - --disable-safe-stack \ - --disable-libssh \ - --disable-opengl \ - --disable-tools \ - --disable-virglrenderer \ - --disable-stack-protector \ - --disable-containers \ - --disable-replication \ - --disable-cloop \ - --disable-dmg \ - --disable-vvfat \ - --disable-vdi \ - --disable-parallels \ - --disable-qed \ - --disable-bochs \ - --disable-qom-cast-debug \ - --disable-vhost-vdpa \ - --disable-vhost-kernel \ - --disable-qcow1 \ - --disable-live-block-migration \ - && \ - make -j$(nproc) && \ - cp ./build/qemu-system-aarch64 / && \ - cd /build && \ - rm -rf qemu-"$QEMU_VERSION"* && \ - apt-get autoremove -y && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/automation/tests-artifacts/qemu-system-aarch64/6.0.0-arm64v8.dockerfile b/automation/tests-artifacts/qemu-system-aarch64/6.0.0-arm64v8.dockerfile new file mode 100644 index 0000000000..793432d40b --- /dev/null +++ b/automation/tests-artifacts/qemu-system-aarch64/6.0.0-arm64v8.dockerfile @@ -0,0 +1,76 @@ +FROM arm64v8/debian:unstable +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV QEMU_VERSION=6.0.0 +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + curl \ + python3 \ + ninja-build \ + pkg-config \ + libglib2.0-dev \ + libpixman-1-dev \ + && \ + \ + curl -fsSLO https://download.qemu.org/qemu-"$QEMU_VERSION".tar.xz && \ + tar xvJf qemu-"$QEMU_VERSION".tar.xz && \ + cd qemu-"$QEMU_VERSION" && \ + ./configure \ + --target-list=arm-softmmu,aarch64-softmmu \ + --enable-system \ + --disable-blobs \ + --disable-bsd-user \ + --disable-debug-info \ + --disable-glusterfs \ + --disable-gtk \ + --disable-guest-agent \ + --disable-linux-user \ + --disable-sdl \ + --disable-spice \ + --disable-tpm \ + --disable-vhost-net \ + --disable-vhost-scsi \ + --disable-vhost-user \ + --disable-vhost-vsock \ + --disable-virtfs \ + --disable-vnc \ + --disable-werror \ + --disable-xen \ + --disable-safe-stack \ + --disable-libssh \ + --disable-opengl \ + --disable-tools \ + --disable-virglrenderer \ + --disable-stack-protector \ + --disable-containers \ + --disable-replication \ + --disable-cloop \ + --disable-dmg \ + --disable-vvfat \ + --disable-vdi \ + --disable-parallels \ + --disable-qed \ + --disable-bochs \ + --disable-qom-cast-debug \ + --disable-vhost-vdpa \ + --disable-vhost-kernel \ + --disable-qcow1 \ + --disable-live-block-migration \ + && \ + make -j$(nproc) && \ + cp ./build/qemu-system-aarch64 / && \ + cp ./build/qemu-system-arm / && \ + cd /build && \ + rm -rf qemu-"$QEMU_VERSION"* && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 21 23:22:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Apr 2022 23:22:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310517.527397 (Exim 4.92) (envelope-from ) id 1nhg7q-0007np-HL; Thu, 21 Apr 2022 23:22:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310517.527397; Thu, 21 Apr 2022 23:22:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhg7q-0007nh-ES; Thu, 21 Apr 2022 23:22:14 +0000 Received: by outflank-mailman (input) for mailman id 310517; Thu, 21 Apr 2022 23:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhg7q-0007nb-8W for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 23:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhg7q-0004cF-7j for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 23:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhg7q-0001iZ-6c for xen-changelog@lists.xenproject.org; Thu, 21 Apr 2022 23:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ke8Mtc4DEBYUxOQoF94OiDt5BRQG4Lc+WuUj7aDUfiU=; b=ADKhn+isCgStJOB4+QKzumEXUj aOkQi1NycZPaEX348KLFEwbgHqhTrzGLFuNvJIkV2CADRmQ0s+rBxgq/ndod51Sk2gEsPAbKMFth8 YHP6NWRbNg9gTTkRlIhUrcu0PR3k3goV0U9vTPClMrKAmd8qLjNNP1PIzBy5pGCE2EEA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] gitlab-ci: add an ARM32 qemu-based smoke test Message-Id: Date: Thu, 21 Apr 2022 23:22:14 +0000 commit 43f3d51139178a03823b061482c674e15ce3d49c Author: Stefano Stabellini AuthorDate: Thu Apr 21 16:17:40 2022 -0700 Commit: Stefano Stabellini CommitDate: Thu Apr 21 16:17:40 2022 -0700 gitlab-ci: add an ARM32 qemu-based smoke test Add a minimal ARM32 smoke test based on qemu-system-arm, as provided by the test-artifacts qemu container. The minimal test simply boots Xen (built from previous build stages) and Dom0. The test needs a working kernel and minimal initrd for dom0. Instead of building our own kernel and initrd, which would mean maintaining one or two more builting scripts under automation/, we borrow a kernel and initrd from distros. For the kernel we pick the Debian Bullseye kernel, which has everything we need already built-in. However, we cannot use the Debian Bullseye initrd because it is 22MB and the large size causes QEMU to core dump. Instead, use the tiny busybox-based rootfs provided by Alpine Linux, which is really minimal: just 2.5MB. Note that we cannot use the Alpine Linux kernel because that doesn't boot on Xen. Signed-off-by: Stefano Stabellini Reviewed-by: Michal Orzel --- automation/gitlab-ci/test.yaml | 23 ++++++++++ automation/scripts/qemu-smoke-arm32.sh | 81 ++++++++++++++++++++++++++++++++++ 2 files changed, 104 insertions(+) diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index ec2a2e1607..42cd725a12 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -95,6 +95,29 @@ qemu-smoke-arm64-gcc: - /^coverity-tested\/.*/ - /^stable-.*/ +qemu-smoke-arm32-gcc: + stage: test + image: registry.gitlab.com/xen-project/xen/${CONTAINER} + variables: + CONTAINER: debian:unstable-arm64v8 + script: + - ./automation/scripts/qemu-smoke-arm32.sh 2>&1 | tee qemu-smoke-arm32.log + dependencies: + - debian-unstable-gcc-arm32 + - qemu-system-aarch64-6.0.0-arm32-export + artifacts: + paths: + - smoke.serial + - '*.log' + when: always + tags: + - arm64 + except: + - master + - smoke + - /^coverity-tested\/.*/ + - /^stable-.*/ + qemu-smoke-x86-64-gcc: stage: test image: registry.gitlab.com/xen-project/xen/${CONTAINER} diff --git a/automation/scripts/qemu-smoke-arm32.sh b/automation/scripts/qemu-smoke-arm32.sh new file mode 100755 index 0000000000..530f3892fd --- /dev/null +++ b/automation/scripts/qemu-smoke-arm32.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +set -ex + +export DEBIAN_FRONTENT=noninteractive +apt-get -qy update +apt-get -qy install --no-install-recommends device-tree-compiler \ + curl \ + cpio + +cd binaries +# Use the kernel from Debian +curl --fail --silent --show-error --location --output vmlinuz http://http.us.debian.org/debian/dists/bullseye/main/installer-armhf/current/images/netboot/vmlinuz +# Use a tiny initrd based on busybox from Alpine Linux +curl --fail --silent --show-error --location --output initrd.tar.gz https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/armhf/alpine-minirootfs-3.15.1-armhf.tar.gz + +mkdir rootfs +cd rootfs +tar xvzf ../initrd.tar.gz +find . | cpio -H newc -o | gzip > ../initrd.gz +cd .. + +kernel=`stat -L --printf="%s" vmlinuz` +initrd=`stat -L --printf="%s" initrd.gz` + +# For Xen, we need a couple of more node. Dump the DT from QEMU and add them +# XXX QEMU looks for "efi-virtio.rom" even if it is unneeded +curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom +./qemu-system-arm \ + -machine virt \ + -machine virtualization=true \ + -smp 4 \ + -m 1024 \ + -serial stdio \ + -monitor none \ + -display none \ + -machine dumpdtb=virt.dtb + +dtc -I dtb -O dts virt.dtb > virt.dts + +cat >> virt.dts << EOF +/ { + chosen { + #address-cells = <0x2>; + #size-cells = <0x2>; + stdout-path = "/pl011@9000000"; + xen,xen-bootargs = "console=dtuart dtuart=/pl011@9000000 dom0_mem=512M bootscrub=0"; + xen,dom0-bootargs = "console=tty0 console=hvc0 earlyprintk clk_ignore_unused root=/dev/ram0 rdinit=/bin/sh"; + dom0 { + compatible = "xen,linux-zimage", "xen,multiboot-module"; + reg = <0x0 0x1000000 0x0 $kernel>; + }; + dom0-ramdisk { + compatible = "xen,linux-initrd", "xen,multiboot-module"; + reg = <0x0 0x3200000 0x0 $initrd>; + }; + }; +}; +EOF +dtc -I dts -O dtb virt.dts > virt.dtb + +rm -f smoke.serial +set +e +timeout -k 1 240 \ +./qemu-system-arm \ + -machine virt \ + -machine virtualization=true \ + -smp 4 \ + -m 1024 \ + -serial stdio \ + -monitor none \ + -display none \ + -dtb virt.dtb \ + -no-reboot \ + -kernel ./xen \ + -device loader,file=./vmlinuz,addr=0x1000000 \ + -device loader,file=./initrd.gz,addr=0x3200000 |& tee smoke.serial + +set -e +(grep -q "^/ #" smoke.serial) || exit 1 +exit 0 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 13:00:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 13:00:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310913.527865 (Exim 4.92) (envelope-from ) id 1nhstL-0008CR-0k; Fri, 22 Apr 2022 13:00:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310913.527865; Fri, 22 Apr 2022 13:00:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhstK-0008Bt-TQ; Fri, 22 Apr 2022 13:00:06 +0000 Received: by outflank-mailman (input) for mailman id 310913; Fri, 22 Apr 2022 13:00:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhstI-000840-Vv for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhstI-0001bf-TV for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhstI-0005Z6-ST for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Klm59/OuzO12nzZ/Wrs7c8dAdYkCOL+ZHmIjAc5zyd8=; b=ca1WsYo3tZ0uqMVvLuS4ptmeUD uTQOzxOlZQv+REWKOIq2ribFYAzejhlSWaLZDNoq6GcytKXVSX+jLtBjisB8vE7G9bxHEuG+LJBoo k4eXiPL2b/qj3iNEgTjg3Xddcz15xdb3QN8uz7gRX1LGQGul/AKlEZAgmEddpASzRhFw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: have callers specify the target level for page table walks Message-Id: Date: Fri, 22 Apr 2022 13:00:04 +0000 commit 5fafa6cf529a6c0cd0b12c920a2cc68a3cca99e1 Author: Jan Beulich AuthorDate: Fri Apr 22 14:51:37 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 22 14:51:37 2022 +0200 AMD/IOMMU: have callers specify the target level for page table walks In order to be able to insert/remove super-pages we need to allow callers of the walking function to specify at which point to stop the walk. (For now at least gcc will instantiate just a variant of the function with the parameter eliminated, so effectively no change to generated code as far as the parameter addition goes.) Instead of merely adjusting a BUG_ON() condition, convert it into an error return - there's no reason to crash the entire host in that case. Leave an assertion though for spotting issues early in debug builds. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/amd/iommu_map.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 6d42bcea0e..8bef46e045 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -239,7 +239,8 @@ void __init iommu_dte_add_device_entry(struct amd_iommu_dte *dte, * page tables. */ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, - unsigned long *pt_mfn, bool map) + unsigned int target, unsigned long *pt_mfn, + bool map) { union amd_iommu_pte *pde, *next_table_vaddr; unsigned long next_table_mfn; @@ -250,7 +251,11 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, table = hd->arch.amd.root_table; level = hd->arch.amd.paging_mode; - BUG_ON( table == NULL || level < 1 || level > 6 ); + if ( !table || target < 1 || level < target || level > 6 ) + { + ASSERT_UNREACHABLE(); + return 1; + } /* * A frame number past what the current page tables can represent can't @@ -261,7 +266,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, next_table_mfn = mfn_x(page_to_mfn(table)); - while ( level > 1 ) + while ( level > target ) { unsigned int next_level = level - 1; @@ -332,7 +337,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, level--; } - /* mfn of level 1 page table */ + /* mfn of target level page table */ *pt_mfn = next_table_mfn; return 0; } @@ -369,7 +374,7 @@ int cf_check amd_iommu_map_page( return rc; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), &pt_mfn, true) || !pt_mfn ) + if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, true) || !pt_mfn ) { spin_unlock(&hd->arch.mapping_lock); AMD_IOMMU_ERROR("invalid IO pagetable entry dfn = %"PRI_dfn"\n", @@ -402,7 +407,7 @@ int cf_check amd_iommu_unmap_page( return 0; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), &pt_mfn, false) ) + if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, false) ) { spin_unlock(&hd->arch.mapping_lock); AMD_IOMMU_ERROR("invalid IO pagetable entry dfn = %"PRI_dfn"\n", -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 13:00:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 13:00:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310914.527868 (Exim 4.92) (envelope-from ) id 1nhstU-0008Fn-1Y; Fri, 22 Apr 2022 13:00:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310914.527868; Fri, 22 Apr 2022 13:00:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhstT-0008Ff-V1; Fri, 22 Apr 2022 13:00:15 +0000 Received: by outflank-mailman (input) for mailman id 310914; Fri, 22 Apr 2022 13:00:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhstT-0008FZ-1C for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhstT-0001c2-0L for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhstS-0005aT-Vb for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WRawZvX30WENNEt5KPzGlmdNeZeq735Qf97FIwyI7J0=; b=kroexjo615efq8o50eLt1bFyCA gVU5vvweAKRYgmh+EFknDLT9vYj1lLiwfPExmKbfGNz3HRjZKVeYN14l0EypN+gSqYS/HoewMJCIU a69IlP2Lh7RNV1T5MlxAlyq9SQaKT0chvFilJ1R8/BeONhoTm93cYwStfI0zRzv1gi0M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: have callers specify the target level for page table walks Message-Id: Date: Fri, 22 Apr 2022 13:00:14 +0000 commit c71e55501a618d0443d2e07ef0e04edce74a0e5f Author: Jan Beulich AuthorDate: Fri Apr 22 14:52:40 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 22 14:52:40 2022 +0200 VT-d: have callers specify the target level for page table walks In order to be able to insert/remove super-pages we need to allow callers of the walking function to specify at which point to stop the walk. For intel_iommu_lookup_page() integrate the last level access into the main walking function. dma_pte_clear_one() gets only partly adjusted for now: Error handling and order parameter get put in place, but the order parameter remains ignored (just like intel_iommu_map_page()'s order part of the flags). Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 135 ++++++++++++++++++++++++------------ 1 file changed, 90 insertions(+), 45 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 657e805987..4400f56459 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -300,63 +300,116 @@ static u64 bus_to_context_maddr(struct vtd_iommu *iommu, u8 bus) return maddr; } -static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) +/* + * This function walks (and if requested allocates) page tables to the + * designated target level. It returns + * - 0 when a non-present entry was encountered and no allocation was + * requested, + * - a small positive value (the level, i.e. below PAGE_SIZE) upon allocation + * failure, + * - for target > 0 the physical address of the page table holding the leaf + * PTE for the requested address, + * - for target == 0 the full PTE. + */ +static uint64_t addr_to_dma_page_maddr(struct domain *domain, daddr_t addr, + unsigned int target, + unsigned int *flush_flags, bool alloc) { struct domain_iommu *hd = dom_iommu(domain); int addr_width = agaw_to_width(hd->arch.vtd.agaw); struct dma_pte *parent, *pte = NULL; - int level = agaw_to_level(hd->arch.vtd.agaw); - int offset; + unsigned int level = agaw_to_level(hd->arch.vtd.agaw), offset; u64 pte_maddr = 0; addr &= (((u64)1) << addr_width) - 1; ASSERT(spin_is_locked(&hd->arch.mapping_lock)); + ASSERT(target || !alloc); + if ( !hd->arch.vtd.pgd_maddr ) { struct page_info *pg; - if ( !alloc || !(pg = iommu_alloc_pgtable(hd)) ) + if ( !alloc ) + goto out; + + pte_maddr = level; + if ( !(pg = iommu_alloc_pgtable(hd)) ) goto out; hd->arch.vtd.pgd_maddr = page_to_maddr(pg); } - parent = (struct dma_pte *)map_vtd_domain_page(hd->arch.vtd.pgd_maddr); - while ( level > 1 ) + pte_maddr = hd->arch.vtd.pgd_maddr; + parent = map_vtd_domain_page(pte_maddr); + while ( level > target ) { offset = address_level_offset(addr, level); pte = &parent[offset]; pte_maddr = dma_pte_addr(*pte); - if ( !pte_maddr ) + if ( !dma_pte_present(*pte) || (level > 1 && dma_pte_superpage(*pte)) ) { struct page_info *pg; + /* + * Higher level tables always set r/w, last level page table + * controls read/write. + */ + struct dma_pte new_pte = { DMA_PTE_PROT }; if ( !alloc ) - break; + { + pte_maddr = 0; + if ( !dma_pte_present(*pte) ) + break; + /* + * When the leaf entry was requested, pass back the full PTE, + * with the address adjusted to account for the residual of + * the walk. + */ + pte_maddr = pte->val + + (addr & ((1UL << level_to_offset_bits(level)) - 1) & + PAGE_MASK); + if ( !target ) + break; + } + + pte_maddr = level - 1; pg = iommu_alloc_pgtable(hd); if ( !pg ) break; pte_maddr = page_to_maddr(pg); - dma_set_pte_addr(*pte, pte_maddr); + dma_set_pte_addr(new_pte, pte_maddr); - /* - * high level table always sets r/w, last level - * page table control read/write - */ - dma_set_pte_readable(*pte); - dma_set_pte_writable(*pte); + if ( dma_pte_present(*pte) ) + { + struct dma_pte *split = map_vtd_domain_page(pte_maddr); + unsigned long inc = 1UL << level_to_offset_bits(level - 1); + + split[0].val = pte->val; + if ( inc == PAGE_SIZE ) + split[0].val &= ~DMA_PTE_SP; + + for ( offset = 1; offset < PTE_NUM; ++offset ) + split[offset].val = split[offset - 1].val + inc; + + iommu_sync_cache(split, PAGE_SIZE); + unmap_vtd_domain_page(split); + + if ( flush_flags ) + *flush_flags |= IOMMU_FLUSHF_modified; + } + + write_atomic(&pte->val, new_pte.val); iommu_sync_cache(pte, sizeof(struct dma_pte)); } - if ( level == 2 ) + if ( --level == target ) break; unmap_vtd_domain_page(parent); parent = map_vtd_domain_page(pte_maddr); - level--; } unmap_vtd_domain_page(parent); @@ -387,7 +440,7 @@ static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, if ( !hd->arch.vtd.pgd_maddr ) { /* Ensure we have pagetables allocated down to leaf PTE. */ - addr_to_dma_page_maddr(d, 0, 1); + addr_to_dma_page_maddr(d, 0, 1, NULL, true); if ( !hd->arch.vtd.pgd_maddr ) return 0; @@ -728,8 +781,9 @@ static int __must_check cf_check iommu_flush_iotlb_all(struct domain *d) } /* clear one page's page table */ -static void dma_pte_clear_one(struct domain *domain, uint64_t addr, - unsigned int *flush_flags) +static int dma_pte_clear_one(struct domain *domain, daddr_t addr, + unsigned int order, + unsigned int *flush_flags) { struct domain_iommu *hd = dom_iommu(domain); struct dma_pte *page = NULL, *pte = NULL; @@ -737,11 +791,11 @@ static void dma_pte_clear_one(struct domain *domain, uint64_t addr, spin_lock(&hd->arch.mapping_lock); /* get last level pte */ - pg_maddr = addr_to_dma_page_maddr(domain, addr, 0); - if ( pg_maddr == 0 ) + pg_maddr = addr_to_dma_page_maddr(domain, addr, 1, flush_flags, false); + if ( pg_maddr < PAGE_SIZE ) { spin_unlock(&hd->arch.mapping_lock); - return; + return pg_maddr ? -ENOMEM : 0; } page = (struct dma_pte *)map_vtd_domain_page(pg_maddr); @@ -751,7 +805,7 @@ static void dma_pte_clear_one(struct domain *domain, uint64_t addr, { spin_unlock(&hd->arch.mapping_lock); unmap_vtd_domain_page(page); - return; + return 0; } dma_clear_pte(*pte); @@ -761,6 +815,8 @@ static void dma_pte_clear_one(struct domain *domain, uint64_t addr, iommu_sync_cache(pte, sizeof(struct dma_pte)); unmap_vtd_domain_page(page); + + return 0; } static int iommu_set_root_entry(struct vtd_iommu *iommu) @@ -2059,8 +2115,9 @@ static int __must_check cf_check intel_iommu_map_page( return 0; } - pg_maddr = addr_to_dma_page_maddr(d, dfn_to_daddr(dfn), 1); - if ( !pg_maddr ) + pg_maddr = addr_to_dma_page_maddr(d, dfn_to_daddr(dfn), 1, flush_flags, + true); + if ( pg_maddr < PAGE_SIZE ) { spin_unlock(&hd->arch.mapping_lock); return -ENOMEM; @@ -2110,17 +2167,14 @@ static int __must_check cf_check intel_iommu_unmap_page( if ( iommu_hwdom_passthrough && is_hardware_domain(d) ) return 0; - dma_pte_clear_one(d, dfn_to_daddr(dfn), flush_flags); - - return 0; + return dma_pte_clear_one(d, dfn_to_daddr(dfn), 0, flush_flags); } static int cf_check intel_iommu_lookup_page( struct domain *d, dfn_t dfn, mfn_t *mfn, unsigned int *flags) { struct domain_iommu *hd = dom_iommu(d); - struct dma_pte *page, val; - u64 pg_maddr; + uint64_t val; /* * If VT-d shares EPT page table or if the domain is the hardware @@ -2132,25 +2186,16 @@ static int cf_check intel_iommu_lookup_page( spin_lock(&hd->arch.mapping_lock); - pg_maddr = addr_to_dma_page_maddr(d, dfn_to_daddr(dfn), 0); - if ( !pg_maddr ) - { - spin_unlock(&hd->arch.mapping_lock); - return -ENOENT; - } - - page = map_vtd_domain_page(pg_maddr); - val = page[dfn_x(dfn) & LEVEL_MASK]; + val = addr_to_dma_page_maddr(d, dfn_to_daddr(dfn), 0, NULL, false); - unmap_vtd_domain_page(page); spin_unlock(&hd->arch.mapping_lock); - if ( !dma_pte_present(val) ) + if ( val < PAGE_SIZE ) return -ENOENT; - *mfn = maddr_to_mfn(dma_pte_addr(val)); - *flags = dma_pte_read(val) ? IOMMUF_readable : 0; - *flags |= dma_pte_write(val) ? IOMMUF_writable : 0; + *mfn = maddr_to_mfn(val); + *flags = val & DMA_PTE_READ ? IOMMUF_readable : 0; + *flags |= val & DMA_PTE_WRITE ? IOMMUF_writable : 0; return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 13:00:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 13:00:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310915.527872 (Exim 4.92) (envelope-from ) id 1nhste-0008Hv-3G; Fri, 22 Apr 2022 13:00:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310915.527872; Fri, 22 Apr 2022 13:00:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhste-0008Hn-0L; Fri, 22 Apr 2022 13:00:26 +0000 Received: by outflank-mailman (input) for mailman id 310915; Fri, 22 Apr 2022 13:00:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhstd-0008Hf-4O for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhstd-0001cK-3e for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhstd-0005bB-2Y for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6kTZPgFu/SAVi5wPn5Cjtytz/ppJh9THgyBYKDM1+uo=; b=EdjuFA7eR39tg8FbpXLrS1TYC0 1ZBik4qLBipgjtxUSZDcdyMJqNkd7DRPvkNABI5er38aXWyKZ9dYjVwkySMOBxrpFLOKymE2ThFge whMnyB+yHjghcnFpEm5jLqfz4jz37ZYlZYatsELDkiYO0Jis2nTXLnkA7xlnCO/8fyt8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: limit page table population in domain_pgd_maddr() Message-Id: Date: Fri, 22 Apr 2022 13:00:25 +0000 commit 4e977a70adb1b9036d5fa7705d73ab5dd087faa4 Author: Jan Beulich AuthorDate: Fri Apr 22 14:53:13 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 22 14:53:13 2022 +0200 VT-d: limit page table population in domain_pgd_maddr() I have to admit that I never understood why domain_pgd_maddr() wants to populate all page table levels for DFN 0. I can only assume that despite the comment there what is needed is population just down to the smallest possible nr_pt_levels that the loop later in the function may need to run to. Hence what is needed is the minimum of all possible iommu->nr_pt_levels, to then be passed into addr_to_dma_page_maddr() instead of literal 1. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 4400f56459..f68d960d75 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -61,6 +61,7 @@ bool __read_mostly iommu_snoop = true; #endif static unsigned int __read_mostly nr_iommus; +static unsigned int __ro_after_init min_pt_levels = UINT_MAX; static struct tasklet vtd_fault_tasklet; @@ -439,8 +440,11 @@ static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, { if ( !hd->arch.vtd.pgd_maddr ) { - /* Ensure we have pagetables allocated down to leaf PTE. */ - addr_to_dma_page_maddr(d, 0, 1, NULL, true); + /* + * Ensure we have pagetables allocated down to the smallest + * level the loop below may need to run to. + */ + addr_to_dma_page_maddr(d, 0, min_pt_levels, NULL, true); if ( !hd->arch.vtd.pgd_maddr ) return 0; @@ -1349,6 +1353,8 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) goto free; } iommu->nr_pt_levels = agaw_to_level(agaw); + if ( min_pt_levels > iommu->nr_pt_levels ) + min_pt_levels = iommu->nr_pt_levels; if ( !ecap_coherent(iommu->ecap) ) iommu_non_coherent = true; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 13:00:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 13:00:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310916.527876 (Exim 4.92) (envelope-from ) id 1nhsto-0008Kr-4a; Fri, 22 Apr 2022 13:00:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310916.527876; Fri, 22 Apr 2022 13:00:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhsto-0008Kj-1o; Fri, 22 Apr 2022 13:00:36 +0000 Received: by outflank-mailman (input) for mailman id 310916; Fri, 22 Apr 2022 13:00:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhstn-0008Kd-84 for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhstn-0001cd-7L for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhstn-0005bu-6I for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XNGRX9JqN2liwnQPPSHVvtgwaZ/ucQdH+K7Ls/5TKjs=; b=oEwKye+rKZLh1+sXs8mUjh5SZ0 WjWvC6eQxKZifhWuFlHYpJIzip+KdWmG87DHp63FNmVaW3od/83rgyFFmVJEtfpeaadfOT7uh/x07 uHzPU8opPKnsK+7hJS2qEpBMSSMQuDbF5aaZTyW7YFiJoxYlW8e/9M2y1kqjUCX8Ueq0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU: have vendor code announce supported page sizes Message-Id: Date: Fri, 22 Apr 2022 13:00:35 +0000 commit 36992d809dcf052e5c0799769d1d935bae17d882 Author: Jan Beulich AuthorDate: Fri Apr 22 14:54:16 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 22 14:54:16 2022 +0200 IOMMU: have vendor code announce supported page sizes Generic code will use this information to determine what order values can legitimately be passed to the ->{,un}map_page() hooks. For now all ops structures simply get to announce 4k mappings (as base page size), and there is (and always has been) an assumption that this matches the CPU's MMU base page size (eventually we will want to permit IOMMUs with a base page size smaller than the CPU MMU's). Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© Acked-by: Julien Grall Reviewed-by: Rahul Singh --- xen/drivers/passthrough/amd/pci_amd_iommu.c | 1 + xen/drivers/passthrough/arm/ipmmu-vmsa.c | 1 + xen/drivers/passthrough/arm/smmu-v3.c | 3 ++- xen/drivers/passthrough/arm/smmu.c | 1 + xen/drivers/passthrough/iommu.c | 10 ++++++++++ xen/drivers/passthrough/vtd/iommu.c | 1 + xen/include/xen/iommu.h | 1 + 7 files changed, 17 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 3430e39a29..8cbbd7c6c9 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -746,6 +746,7 @@ static void cf_check amd_dump_page_tables(struct domain *d) } static const struct iommu_ops __initconst_cf_clobber _iommu_ops = { + .page_sizes = PAGE_SIZE_4K, .init = amd_iommu_domain_init, .hwdom_init = amd_iommu_hwdom_init, .quarantine_init = amd_iommu_quarantine_init, diff --git a/xen/drivers/passthrough/arm/ipmmu-vmsa.c b/xen/drivers/passthrough/arm/ipmmu-vmsa.c index d2572bcd30..5a7b332bcc 100644 --- a/xen/drivers/passthrough/arm/ipmmu-vmsa.c +++ b/xen/drivers/passthrough/arm/ipmmu-vmsa.c @@ -1355,6 +1355,7 @@ static void ipmmu_iommu_domain_teardown(struct domain *d) static const struct iommu_ops ipmmu_iommu_ops = { + .page_sizes = PAGE_SIZE_4K, .init = ipmmu_iommu_domain_init, .hwdom_init = arch_iommu_hwdom_init, .teardown = ipmmu_iommu_domain_teardown, diff --git a/xen/drivers/passthrough/arm/smmu-v3.c b/xen/drivers/passthrough/arm/smmu-v3.c index 71b022fe7f..2822ffe05f 100644 --- a/xen/drivers/passthrough/arm/smmu-v3.c +++ b/xen/drivers/passthrough/arm/smmu-v3.c @@ -3411,7 +3411,8 @@ static void arm_smmu_iommu_xen_domain_teardown(struct domain *d) } static const struct iommu_ops arm_smmu_iommu_ops = { - .init = arm_smmu_iommu_xen_domain_init, + .page_sizes = PAGE_SIZE_4K, + .init = arm_smmu_iommu_xen_domain_init, .hwdom_init = arch_iommu_hwdom_init, .teardown = arm_smmu_iommu_xen_domain_teardown, .iotlb_flush = arm_smmu_iotlb_flush, diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c index b186c28dff..5cacb2dd99 100644 --- a/xen/drivers/passthrough/arm/smmu.c +++ b/xen/drivers/passthrough/arm/smmu.c @@ -2858,6 +2858,7 @@ static void arm_smmu_iommu_domain_teardown(struct domain *d) } static const struct iommu_ops arm_smmu_iommu_ops = { + .page_sizes = PAGE_SIZE_4K, .init = arm_smmu_iommu_domain_init, .hwdom_init = arch_iommu_hwdom_init, .add_device = arm_smmu_dt_add_device_generic, diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 73a7da71cd..1109a86532 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -494,7 +494,17 @@ int __init iommu_setup(void) if ( iommu_enable ) { + const struct iommu_ops *ops = NULL; + rc = iommu_hardware_setup(); + if ( !rc ) + ops = iommu_get_ops(); + if ( ops && (ops->page_sizes & -ops->page_sizes) != PAGE_SIZE ) + { + printk(XENLOG_ERR "IOMMU: page size mask %lx unsupported\n", + ops->page_sizes); + rc = ops->page_sizes ? -EPERM : -ENODATA; + } iommu_enabled = (rc == 0); } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index f68d960d75..cff37c0c31 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -3127,6 +3127,7 @@ static int cf_check intel_iommu_quarantine_init(struct pci_dev *pdev, } static const struct iommu_ops __initconst_cf_clobber vtd_ops = { + .page_sizes = PAGE_SIZE_4K, .init = intel_iommu_domain_init, .hwdom_init = intel_iommu_hwdom_init, .quarantine_init = intel_iommu_quarantine_init, diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 3a83981464..f7e8d5f287 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -231,6 +231,7 @@ struct page_info; typedef int iommu_grdm_t(xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt); struct iommu_ops { + unsigned long page_sizes; int (*init)(struct domain *d); void (*hwdom_init)(struct domain *d); int (*quarantine_init)(device_t *dev, bool scratch_page); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 13:00:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 13:00:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310917.527879 (Exim 4.92) (envelope-from ) id 1nhsty-0008O2-6L; Fri, 22 Apr 2022 13:00:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310917.527879; Fri, 22 Apr 2022 13:00:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhsty-0008Nu-3S; Fri, 22 Apr 2022 13:00:46 +0000 Received: by outflank-mailman (input) for mailman id 310917; Fri, 22 Apr 2022 13:00:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhstx-0008Nk-B0 for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhstx-0001cn-AJ for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhstx-0005cw-9Q for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uUqyWuwNSoed1hKs2GkMfhYUkhJzPQuYzTRj3h6KRZw=; b=VRBtZc1niMAen0RhDT/1FX6YZX C0qpDXC6OErpP4mXRz17zZ6PcoS9vucAzJq3zQ4Rn6HGcNOoU3JZmHhGLlK21sGDlMc2Q4sNXdTCx 4lPdLW9O7uhH/bpKq/bg03E1jVR04+eFUdF1texVWHb0KAgfjpvskFTTvRlHb07VYXQQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: drop stray TLB flush Message-Id: Date: Fri, 22 Apr 2022 13:00:45 +0000 commit c8a25eb617ee8554d7212bb1c8e64227cb5566af Author: Jan Beulich AuthorDate: Fri Apr 22 14:54:59 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 22 14:54:59 2022 +0200 AMD/IOMMU: drop stray TLB flush I think this flush was overlooked when flushing was moved out of the core (un)mapping functions. The flush the caller is required to invoke anyway will satisfy the needs resulting from the splitting of a superpage. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/amd/iommu_map.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 8bef46e045..3abcac247e 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -240,7 +240,7 @@ void __init iommu_dte_add_device_entry(struct amd_iommu_dte *dte, */ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, unsigned int target, unsigned long *pt_mfn, - bool map) + unsigned int *flush_flags, bool map) { union amd_iommu_pte *pde, *next_table_vaddr; unsigned long next_table_mfn; @@ -301,7 +301,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, set_iommu_pde_present(pde, next_table_mfn, next_level, true, true); - amd_iommu_flush_all_pages(d); + *flush_flags |= IOMMU_FLUSHF_modified; } /* Install lower level page table for non-present entries */ @@ -374,7 +374,8 @@ int cf_check amd_iommu_map_page( return rc; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, true) || !pt_mfn ) + if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, flush_flags, true) || + !pt_mfn ) { spin_unlock(&hd->arch.mapping_lock); AMD_IOMMU_ERROR("invalid IO pagetable entry dfn = %"PRI_dfn"\n", @@ -407,7 +408,7 @@ int cf_check amd_iommu_unmap_page( return 0; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, false) ) + if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, flush_flags, false) ) { spin_unlock(&hd->arch.mapping_lock); AMD_IOMMU_ERROR("invalid IO pagetable entry dfn = %"PRI_dfn"\n", -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 13:00:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 13:00:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.310918.527884 (Exim 4.92) (envelope-from ) id 1nhsu8-0008TT-9R; Fri, 22 Apr 2022 13:00:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 310918.527884; Fri, 22 Apr 2022 13:00:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhsu8-0008TL-6D; Fri, 22 Apr 2022 13:00:56 +0000 Received: by outflank-mailman (input) for mailman id 310918; Fri, 22 Apr 2022 13:00:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhsu7-0008T1-Ds for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhsu7-0001d0-DF for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhsu7-0005dX-CM for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 13:00:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=a5HzBRDRBIdGtzWo3hDxsF1fP2FImmfx6ERYgkcOz9Y=; b=yU+xA9oF/4v+SgLXmvrATLCau1 L7QvpvNhDxMl4K4Ex7aQjK8j9YIsrLiwMbDEbBCTivb3nzd+aqKlWw1noRjt5MAB49QfO1BNF6qvU uAMFi40kxrsLpUcB5S2dNjBl4hlPnKxLAnUhweQdcZ1veqkl9kCuaVmY5xF/48AkM9a4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/build: make linking work again with ld incapable of generating build ID Message-Id: Date: Fri, 22 Apr 2022 13:00:55 +0000 commit 54279f87ecbcb3eab45fbdd52f44c1be998a9ab3 Author: Jan Beulich AuthorDate: Fri Apr 22 14:56:23 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 22 14:56:23 2022 +0200 x86/build: make linking work again with ld incapable of generating build ID The retaining of .note.* in a PT_NOTE segment requires a matching program header to be present in the first place. Drop the respective conditional and adjust mkelf32 to deal with (ignore) the potentially present but empty extra segment (but have the new code be generic by dropping any excess trailing entirely empty segments). Fixes: dedb0aa42c6d ("x86/build: use --orphan-handling linker option if available") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/boot/mkelf32.c | 13 +++++++++++++ xen/arch/x86/xen.lds.S | 2 -- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/boot/mkelf32.c b/xen/arch/x86/boot/mkelf32.c index bcbde1a056..3d639c2e08 100644 --- a/xen/arch/x86/boot/mkelf32.c +++ b/xen/arch/x86/boot/mkelf32.c @@ -320,6 +320,19 @@ int main(int argc, char **argv) (int)in64_ehdr.e_phentsize, (int)sizeof(in64_phdr)); return 1; } + + /* Ignore entirely empty trailing program headers. */ + while ( in64_ehdr.e_phnum > num_phdrs ) + { + (void)lseek(infd, + in64_ehdr.e_phoff + in64_ehdr.e_phnum * sizeof(in64_phdr), + SEEK_SET); + do_read(infd, &in64_phdr, sizeof(in64_phdr)); + endianadjust_phdr64(&in64_phdr); + if ( in64_phdr.p_memsz ) + break; + --in64_ehdr.e_phnum; + } if ( in64_ehdr.e_phnum != num_phdrs ) { fprintf(stderr, "Expect precisly %d program header; found %d.\n", diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 68501c7186..6e4abbc1ce 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -40,9 +40,7 @@ OUTPUT_ARCH(i386:x86-64) PHDRS { text PT_LOAD ; -#if defined(BUILD_ID) || defined(CONFIG_PVH_GUEST) note PT_NOTE ; -#endif } #define PHDR(x) :x #else -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 19:44:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 19:44:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311204.528309 (Exim 4.92) (envelope-from ) id 1nhzCI-000179-68; Fri, 22 Apr 2022 19:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311204.528309; Fri, 22 Apr 2022 19:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCI-000172-3K; Fri, 22 Apr 2022 19:44:06 +0000 Received: by outflank-mailman (input) for mailman id 311204; Fri, 22 Apr 2022 19:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCG-00016n-GV for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCG-0000m3-EF for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhzCG-0003Sk-DL for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OS4hVTouG3q4rnKflyYiKIQS788eKX2j3+fyOlQdYiY=; b=ut449i8DVgzA8UikXCSs3aAozu OrpnTfH8S+xdTLJs26kUSVV3bo5LXy200rWx04J6i7YApWXaR66Si8XdGsdZtQ5sCiTl5VXoM2S5T r0Fi6EFuPpUyzMBt9IR30eFFulXhu6THMWOBxHIdPppoyKBCh5pPA7WdVCDk8bMAKPdk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/build: Fix MAP rule when called in isolation Message-Id: Date: Fri, 22 Apr 2022 19:44:04 +0000 commit b3234f193a912ce73c838279f2cf3ff242a00dfd Author: Andrew Cooper AuthorDate: Thu Apr 21 15:23:37 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 xen/build: Fix MAP rule when called in isolation Now that `make MAP` might rebuild $(TARGET), it needs removing from no-dot-config-targets. Otherwise the build eventually fails with: CPP arch/x86/asm-macros.i arch/x86/asm-macros.c:1:10: fatal error: asm/asm-defns.h: No such file or directory 1 | #include | ^~~~~~~~~~~~~~~~~ Fixes: e1e72198213b ("xen/build: Fix dependency for the MAP rule") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index 3a4e3bdd0f..ec34524ed2 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -215,7 +215,7 @@ export XEN_ROOT := $(abs_srctree)/.. clean-targets := %clean no-dot-config-targets := $(clean-targets) \ uninstall debug cloc \ - cscope TAGS tags MAP gtags \ + cscope TAGS tags gtags \ xenversion config-build := n -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 19:44:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 19:44:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311205.528313 (Exim 4.92) (envelope-from ) id 1nhzCS-0001Cn-86; Fri, 22 Apr 2022 19:44:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311205.528313; Fri, 22 Apr 2022 19:44:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCS-0001Cd-4y; Fri, 22 Apr 2022 19:44:16 +0000 Received: by outflank-mailman (input) for mailman id 311205; Fri, 22 Apr 2022 19:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCQ-0001By-Ii for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCQ-0000mB-Hs for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhzCQ-0003Tz-Gv for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2UA8oOc6PqBXNfylKAS95V9C/RJXQ7bGU5XrlSVNQJc=; b=V5pnYFMGB4Kz4P6LReIZnhU3Wk zuxpgrlndQaB1m6fC8i4sLIhPTLC4gTqCnX9p6qi/Gn+p8s3SrfFTQI3+G2UER1r4BIoteXDMIcLw Q9nvaQuTcBleX9LR/Xw71yzCJqvYmKjtepCokqRrDkxQZPTOl/x68xelZQME6Smtilk4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/debugger: Remove debugger_trap_entry() Message-Id: Date: Fri, 22 Apr 2022 19:44:14 +0000 commit af8b805c15199831aad50bc33066494fb2cab363 Author: Bobby Eshleman AuthorDate: Tue Sep 28 13:30:25 2021 -0700 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 x86/debugger: Remove debugger_trap_entry() debugger_trap_entry() is unrelated to the other contents of debugger.h. It is a no-op for everything other than #DB/#BP, and for those it invokes guest debugging (CONFIG_GDBSX) not host debugging (CONFIG_CRASH_DEBUG). The reason it is a no-op for gdbstub is related to the fact that it's description is inappropriate for any kind of useful debugging. In normal debugging, gdb only sees things which manifest as signals; it doesn't see things which the kernel resolves itself (some #PF, #NM, etc). Furthermore, without a mechanism to invoke pv_inject_event(), the current infrastructure will livelock on faults from guest context. As such, there is no plausible future matching it's description. Any work to do something better than the current nothing will have to design something more coherent. Therefore, simplify everything by expanding debugger_trap_entry() into its two non-empty locations, fixing bugs with their positioning (vs early exceptions and curr not being safe to deference) and for #DB, deferring the pause until the changes in %dr6 are saved to v->arch.dr6 so the debugger can actually see which condition triggered. This also removes some logically dead code from do_trap(), where the compiler can't prove that #DB/#BP are handled by different codepaths. Signed-off-by: Bobby Eshleman Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/include/asm/debugger.h | 42 ++----------------------------------- xen/arch/x86/traps.c | 34 +++++++++++++----------------- 2 files changed, 16 insertions(+), 60 deletions(-) diff --git a/xen/arch/x86/include/asm/debugger.h b/xen/arch/x86/include/asm/debugger.h index 221bcde137..e83b346a21 100644 --- a/xen/arch/x86/include/asm/debugger.h +++ b/xen/arch/x86/include/asm/debugger.h @@ -5,19 +5,12 @@ * * Each debugger should define two functions here: * - * 1. debugger_trap_entry(): - * Called at start of any synchronous fault or trap, before any other work - * is done. The idea is that if your debugger deliberately caused the trap - * (e.g. to implement breakpoints or data watchpoints) then you can take - * appropriate action and return a non-zero value to cause early exit from - * the trap function. - * - * 2. debugger_trap_fatal(): + * debugger_trap_fatal(): * Called when Xen is about to give up and crash. Typically you will use this * hook to drop into a debug session. It can also be used to hook off * deliberately caused traps (which you then handle and return non-zero). * - * 3. debugger_trap_immediate(): + * debugger_trap_immediate(): * Called if we want to drop into a debugger now. This is essentially the * same as debugger_trap_fatal, except that we use the current register state * rather than the state which was in effect when we took the trap. @@ -49,31 +42,6 @@ static inline bool debugger_trap_fatal( /* Int3 is a trivial way to gather cpu_user_regs context. */ #define debugger_trap_immediate() __asm__ __volatile__ ( "int3" ); -static inline bool debugger_trap_entry( - unsigned int vector, struct cpu_user_regs *regs) -{ - /* - * This function is called before any checks are made. Amongst other - * things, be aware that during early boot, current is not a safe pointer - * to follow. - */ - struct vcpu *v = current; - - if ( vector != TRAP_int3 && vector != TRAP_debug ) - return false; - - if ( guest_mode(regs) && guest_kernel_mode(v, regs) && - v->domain->debugger_attached ) - { - if ( vector != TRAP_debug ) /* domain pause is good enough */ - current->arch.gdbsx_vcpu_event = vector; - domain_pause_for_debugger(); - return true; - } - - return false; -} - #else static inline bool debugger_trap_fatal( @@ -84,12 +52,6 @@ static inline bool debugger_trap_fatal( #define debugger_trap_immediate() ((void)0) -static inline bool debugger_trap_entry( - unsigned int vector, struct cpu_user_regs *regs) -{ - return false; -} - #endif #ifdef CONFIG_GDBSX diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 4c38f6c015..84cd038dc3 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -946,9 +946,6 @@ void do_trap(struct cpu_user_regs *regs) if ( regs->error_code & X86_XEC_EXT ) goto hardware_trap; - if ( debugger_trap_entry(trapnr, regs) ) - return; - ASSERT(trapnr < 32); if ( guest_mode(regs) ) @@ -1177,9 +1174,6 @@ void do_invalid_op(struct cpu_user_regs *regs) int id = -1, lineno; const struct virtual_region *region; - if ( debugger_trap_entry(TRAP_invalid_op, regs) ) - return; - if ( likely(guest_mode(regs)) ) { if ( pv_emulate_invalid_op(regs) ) @@ -1284,8 +1278,7 @@ void do_invalid_op(struct cpu_user_regs *regs) void do_int3(struct cpu_user_regs *regs) { - if ( debugger_trap_entry(TRAP_int3, regs) ) - return; + struct vcpu *curr = current; if ( !guest_mode(regs) ) { @@ -1299,6 +1292,13 @@ void do_int3(struct cpu_user_regs *regs) return; } + if ( guest_kernel_mode(curr, regs) && curr->domain->debugger_attached ) + { + curr->arch.gdbsx_vcpu_event = TRAP_int3; + domain_pause_for_debugger(); + return; + } + pv_inject_hw_exception(TRAP_int3, X86_EVENT_NO_EC); } @@ -1575,9 +1575,6 @@ void do_page_fault(struct cpu_user_regs *regs) /* fixup_page_fault() might change regs->error_code, so cache it here. */ error_code = regs->error_code; - if ( debugger_trap_entry(TRAP_page_fault, regs) ) - return; - perfc_incr(page_faults); /* Any shadow stack access fault is a bug in Xen. */ @@ -1676,9 +1673,6 @@ void do_general_protection(struct cpu_user_regs *regs) struct vcpu *v = current; #endif - if ( debugger_trap_entry(TRAP_gp_fault, regs) ) - return; - if ( regs->error_code & X86_XEC_EXT ) goto hardware_gp; @@ -1971,9 +1965,6 @@ void do_debug(struct cpu_user_regs *regs) /* Stash dr6 as early as possible. */ dr6 = read_debugreg(6); - if ( debugger_trap_entry(TRAP_debug, regs) ) - return; - /* * At the time of writing (March 2018), on the subject of %dr6: * @@ -2082,6 +2073,12 @@ void do_debug(struct cpu_user_regs *regs) v->arch.dr6 |= (dr6 & ~X86_DR6_DEFAULT); v->arch.dr6 &= (dr6 | ~X86_DR6_DEFAULT); + if ( guest_kernel_mode(v, regs) && v->domain->debugger_attached ) + { + domain_pause_for_debugger(); + return; + } + pv_inject_hw_exception(TRAP_debug, X86_EVENT_NO_EC); } @@ -2097,9 +2094,6 @@ void do_entry_CP(struct cpu_user_regs *regs) const char *err = "??"; unsigned int ec = regs->error_code; - if ( debugger_trap_entry(X86_EXC_CP, regs) ) - return; - /* Decode ec if possible */ if ( ec < ARRAY_SIZE(errors) && errors[ec][0] ) err = errors[ec]; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 19:44:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 19:44:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311206.528316 (Exim 4.92) (envelope-from ) id 1nhzCc-0001JC-9h; Fri, 22 Apr 2022 19:44:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311206.528316; Fri, 22 Apr 2022 19:44:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCc-0001J3-6a; Fri, 22 Apr 2022 19:44:26 +0000 Received: by outflank-mailman (input) for mailman id 311206; Fri, 22 Apr 2022 19:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCa-0001IP-Lg for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCa-0000mm-Kq for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhzCa-0003Uq-KA for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gEg34PT/u3Y0+oCFxsTEVPE/9gavfaJV/OjSP4HFlmc=; b=ea0H4gjFvkW/cKtDdfZx7q5M9B Wk+LiZGSLZSQ25mdyPRjuOcDneW/zKkTEaHFIkZRMQqAne9SjKdRXameX9QAAE+YXISVD22TfJYFF b0PiMoiZrYdNZ3e4iQ77EKGmRyMS9qrbrS2mY6qBsX7A9ic66YphjnYwI8F2vaOUOSIM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/gdbsx: Rename debug.c to gdbsx.c Message-Id: Date: Fri, 22 Apr 2022 19:44:24 +0000 commit 203156ef36df87a9a4161e15889b901df5ef58eb Author: Bobby Eshleman AuthorDate: Tue Sep 28 13:30:26 2021 -0700 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 x86/gdbsx: Rename debug.c to gdbsx.c debug.c contains only dbg_rw_mem(). Rename it to gdbsx.c. Move gdbsx_guest_mem_io(), and the prior setup of iop->remain, from domctl.c to gdbsx.c, merging it with dbg_rw_mem(). Signed-off-by: Bobby Eshleman Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/Makefile | 2 +- xen/arch/x86/debug.c | 177 ------------------------------------ xen/arch/x86/domctl.c | 14 +-- xen/arch/x86/gdbsx.c | 174 +++++++++++++++++++++++++++++++++++ xen/arch/x86/include/asm/debugger.h | 6 -- xen/arch/x86/include/asm/gdbsx.h | 13 +++ 6 files changed, 190 insertions(+), 196 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 717bcbcac7..177a2ff742 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -22,7 +22,6 @@ obj-y += cpuid.o obj-$(CONFIG_PV) += compat.o obj-$(CONFIG_PV32) += x86_64/compat.o obj-$(CONFIG_KEXEC) += crash.o -obj-$(CONFIG_GDBSX) += debug.o obj-y += delay.o obj-y += desc.o obj-bin-y += dmi_scan.init.o @@ -34,6 +33,7 @@ obj-y += emul-i8254.o obj-y += extable.o obj-y += flushtlb.o obj-$(CONFIG_CRASH_DEBUG) += gdbstub.o +obj-$(CONFIG_GDBSX) += gdbsx.o obj-y += hypercall.o obj-y += i387.o obj-y += i8259.o diff --git a/xen/arch/x86/debug.c b/xen/arch/x86/debug.c deleted file mode 100644 index 91034a852e..0000000000 --- a/xen/arch/x86/debug.c +++ /dev/null @@ -1,177 +0,0 @@ -/* - * Copyright (C) 2009, Mukesh Rathor, Oracle Corp. All rights reserved. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public - * License v2 as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; If not, see . - */ - -#include -#include -#include -#include -#include -#include - -typedef unsigned long dbgva_t; -typedef unsigned char dbgbyte_t; - -/* Returns: mfn for the given (hvm guest) vaddr */ -static mfn_t -dbg_hvm_va2mfn(dbgva_t vaddr, struct domain *dp, int toaddr, gfn_t *gfn) -{ - mfn_t mfn; - uint32_t pfec = PFEC_page_present; - p2m_type_t gfntype; - - *gfn = _gfn(paging_gva_to_gfn(dp->vcpu[0], vaddr, &pfec)); - if ( gfn_eq(*gfn, INVALID_GFN) ) - return INVALID_MFN; - - mfn = get_gfn(dp, gfn_x(*gfn), &gfntype); - if ( p2m_is_readonly(gfntype) && toaddr ) - mfn = INVALID_MFN; - - if ( mfn_eq(mfn, INVALID_MFN) ) - { - put_gfn(dp, gfn_x(*gfn)); - *gfn = INVALID_GFN; - } - - return mfn; -} - -/* - * pgd3val: this is the value of init_mm.pgd[3] in a PV guest. It is optional. - * This to assist debug of modules in the guest. The kernel address - * space seems is always mapped, but modules are not necessarily - * mapped in any arbitraty guest cr3 that we pick if pgd3val is 0. - * Modules should always be addressible if we use cr3 from init_mm. - * Since pgd3val is already a pgd value, cr3->pgd[3], we just need to - * do 2 level lookups. - * - * NOTE: 4 level paging works for 32 PAE guests also because cpu runs in IA32-e - * mode. - * Returns: mfn for the given (pv guest) vaddr - */ -static mfn_t -dbg_pv_va2mfn(dbgva_t vaddr, struct domain *dp, uint64_t pgd3val) -{ - l4_pgentry_t l4e, *l4t; - l3_pgentry_t l3e, *l3t; - l2_pgentry_t l2e, *l2t; - l1_pgentry_t l1e, *l1t; - unsigned long cr3 = (pgd3val ? pgd3val : dp->vcpu[0]->arch.cr3); - mfn_t mfn = maddr_to_mfn(cr3_pa(cr3)); - - if ( pgd3val == 0 ) - { - l4t = map_domain_page(mfn); - l4e = l4t[l4_table_offset(vaddr)]; - unmap_domain_page(l4t); - mfn = l4e_get_mfn(l4e); - if ( !(l4e_get_flags(l4e) & _PAGE_PRESENT) ) - return INVALID_MFN; - - l3t = map_domain_page(mfn); - l3e = l3t[l3_table_offset(vaddr)]; - unmap_domain_page(l3t); - mfn = l3e_get_mfn(l3e); - if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) || - (l3e_get_flags(l3e) & _PAGE_PSE) ) - return INVALID_MFN; - } - - l2t = map_domain_page(mfn); - l2e = l2t[l2_table_offset(vaddr)]; - unmap_domain_page(l2t); - mfn = l2e_get_mfn(l2e); - if ( !(l2e_get_flags(l2e) & _PAGE_PRESENT) || - (l2e_get_flags(l2e) & _PAGE_PSE) ) - return INVALID_MFN; - - l1t = map_domain_page(mfn); - l1e = l1t[l1_table_offset(vaddr)]; - unmap_domain_page(l1t); - mfn = l1e_get_mfn(l1e); - - return mfn_valid(mfn) ? mfn : INVALID_MFN; -} - -/* Returns: number of bytes remaining to be copied */ -static unsigned int dbg_rw_guest_mem(struct domain *dp, unsigned long addr, - XEN_GUEST_HANDLE_PARAM(void) buf, - unsigned int len, bool toaddr, - uint64_t pgd3) -{ - while ( len > 0 ) - { - char *va; - mfn_t mfn; - gfn_t gfn = INVALID_GFN; - unsigned long pagecnt; - - pagecnt = min_t(long, PAGE_SIZE - (addr & ~PAGE_MASK), len); - - mfn = (is_hvm_domain(dp) - ? dbg_hvm_va2mfn(addr, dp, toaddr, &gfn) - : dbg_pv_va2mfn(addr, dp, pgd3)); - if ( mfn_eq(mfn, INVALID_MFN) ) - break; - - va = map_domain_page(mfn); - va = va + (addr & (PAGE_SIZE-1)); - - if ( toaddr ) - { - copy_from_guest(va, buf, pagecnt); - paging_mark_dirty(dp, mfn); - } - else - copy_to_guest(buf, va, pagecnt); - - unmap_domain_page(va); - if ( !gfn_eq(gfn, INVALID_GFN) ) - put_gfn(dp, gfn_x(gfn)); - - addr += pagecnt; - guest_handle_add_offset(buf, pagecnt); - len -= pagecnt; - } - - return len; -} - -/* - * addr is guest addr - * buf is debugger buffer. - * if toaddr, then addr = buf (write to addr), else buf = addr (rd from guest) - * pgd3: value of init_mm.pgd[3] in guest. see above. - * Returns: number of bytes remaining to be copied. - */ -unsigned int dbg_rw_mem(unsigned long gva, XEN_GUEST_HANDLE_PARAM(void) buf, - unsigned int len, struct domain *d, bool toaddr, - uint64_t pgd3) -{ - if ( d && !d->is_dying ) - len = dbg_rw_guest_mem(d, gva, buf, len, toaddr, pgd3); - - return len; -} - -/* - * Local variables: - * mode: C - * c-file-style: "BSD" - * c-basic-offset: 4 - * indent-tabs-mode: nil - * End: - */ diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index a6aae500a3..c20ab43527 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -20,6 +20,8 @@ #include #include #include + +#include #include #include #include @@ -33,20 +35,9 @@ #include #include #include -#include #include #include -#ifdef CONFIG_GDBSX -static int gdbsx_guest_mem_io(struct domain *d, struct xen_domctl_gdbsx_memio *iop) -{ - iop->remain = dbg_rw_mem(iop->gva, guest_handle_from_ptr(iop->uva, void), - iop->len, d, iop->gwr, iop->pgd3val); - - return iop->remain ? -EFAULT : 0; -} -#endif - static int update_domain_cpu_policy(struct domain *d, xen_domctl_cpu_policy_t *xdpc) { @@ -827,7 +818,6 @@ long arch_do_domctl( #ifdef CONFIG_GDBSX case XEN_DOMCTL_gdbsx_guestmemio: - domctl->u.gdbsx_guest_memio.remain = domctl->u.gdbsx_guest_memio.len; ret = gdbsx_guest_mem_io(d, &domctl->u.gdbsx_guest_memio); if ( !ret ) copyback = true; diff --git a/xen/arch/x86/gdbsx.c b/xen/arch/x86/gdbsx.c new file mode 100644 index 0000000000..59eb31fc9a --- /dev/null +++ b/xen/arch/x86/gdbsx.c @@ -0,0 +1,174 @@ +/* + * Copyright (C) 2009, Mukesh Rathor, Oracle Corp. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public + * License v2 as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public + * License along with this program; If not, see . + */ + +#include +#include +#include +#include +#include +#include + +typedef unsigned long dbgva_t; +typedef unsigned char dbgbyte_t; + +/* Returns: mfn for the given (hvm guest) vaddr */ +static mfn_t +dbg_hvm_va2mfn(dbgva_t vaddr, struct domain *dp, int toaddr, gfn_t *gfn) +{ + mfn_t mfn; + uint32_t pfec = PFEC_page_present; + p2m_type_t gfntype; + + *gfn = _gfn(paging_gva_to_gfn(dp->vcpu[0], vaddr, &pfec)); + if ( gfn_eq(*gfn, INVALID_GFN) ) + return INVALID_MFN; + + mfn = get_gfn(dp, gfn_x(*gfn), &gfntype); + if ( p2m_is_readonly(gfntype) && toaddr ) + mfn = INVALID_MFN; + + if ( mfn_eq(mfn, INVALID_MFN) ) + { + put_gfn(dp, gfn_x(*gfn)); + *gfn = INVALID_GFN; + } + + return mfn; +} + +/* + * pgd3val: this is the value of init_mm.pgd[3] in a PV guest. It is optional. + * This to assist debug of modules in the guest. The kernel address + * space seems is always mapped, but modules are not necessarily + * mapped in any arbitraty guest cr3 that we pick if pgd3val is 0. + * Modules should always be addressible if we use cr3 from init_mm. + * Since pgd3val is already a pgd value, cr3->pgd[3], we just need to + * do 2 level lookups. + * + * NOTE: 4 level paging works for 32 PAE guests also because cpu runs in IA32-e + * mode. + * Returns: mfn for the given (pv guest) vaddr + */ +static mfn_t +dbg_pv_va2mfn(dbgva_t vaddr, struct domain *dp, uint64_t pgd3val) +{ + l4_pgentry_t l4e, *l4t; + l3_pgentry_t l3e, *l3t; + l2_pgentry_t l2e, *l2t; + l1_pgentry_t l1e, *l1t; + unsigned long cr3 = (pgd3val ? pgd3val : dp->vcpu[0]->arch.cr3); + mfn_t mfn = maddr_to_mfn(cr3_pa(cr3)); + + if ( pgd3val == 0 ) + { + l4t = map_domain_page(mfn); + l4e = l4t[l4_table_offset(vaddr)]; + unmap_domain_page(l4t); + mfn = l4e_get_mfn(l4e); + if ( !(l4e_get_flags(l4e) & _PAGE_PRESENT) ) + return INVALID_MFN; + + l3t = map_domain_page(mfn); + l3e = l3t[l3_table_offset(vaddr)]; + unmap_domain_page(l3t); + mfn = l3e_get_mfn(l3e); + if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) || + (l3e_get_flags(l3e) & _PAGE_PSE) ) + return INVALID_MFN; + } + + l2t = map_domain_page(mfn); + l2e = l2t[l2_table_offset(vaddr)]; + unmap_domain_page(l2t); + mfn = l2e_get_mfn(l2e); + if ( !(l2e_get_flags(l2e) & _PAGE_PRESENT) || + (l2e_get_flags(l2e) & _PAGE_PSE) ) + return INVALID_MFN; + + l1t = map_domain_page(mfn); + l1e = l1t[l1_table_offset(vaddr)]; + unmap_domain_page(l1t); + mfn = l1e_get_mfn(l1e); + + return mfn_valid(mfn) ? mfn : INVALID_MFN; +} + +/* Returns: number of bytes remaining to be copied */ +static unsigned int dbg_rw_guest_mem(struct domain *dp, unsigned long addr, + XEN_GUEST_HANDLE_PARAM(void) buf, + unsigned int len, bool toaddr, + uint64_t pgd3) +{ + while ( len > 0 ) + { + char *va; + mfn_t mfn; + gfn_t gfn = INVALID_GFN; + unsigned long pagecnt; + + pagecnt = min_t(long, PAGE_SIZE - (addr & ~PAGE_MASK), len); + + mfn = (is_hvm_domain(dp) + ? dbg_hvm_va2mfn(addr, dp, toaddr, &gfn) + : dbg_pv_va2mfn(addr, dp, pgd3)); + if ( mfn_eq(mfn, INVALID_MFN) ) + break; + + va = map_domain_page(mfn); + va = va + (addr & (PAGE_SIZE-1)); + + if ( toaddr ) + { + copy_from_guest(va, buf, pagecnt); + paging_mark_dirty(dp, mfn); + } + else + copy_to_guest(buf, va, pagecnt); + + unmap_domain_page(va); + if ( !gfn_eq(gfn, INVALID_GFN) ) + put_gfn(dp, gfn_x(gfn)); + + addr += pagecnt; + guest_handle_add_offset(buf, pagecnt); + len -= pagecnt; + } + + return len; +} + +int gdbsx_guest_mem_io(struct domain *d, struct xen_domctl_gdbsx_memio *iop) +{ + if ( d && !d->is_dying ) + { + iop->remain = dbg_rw_guest_mem( + d, iop->gva, guest_handle_from_ptr(iop->uva, void), + iop->len, iop->gwr, iop->pgd3val); + } + else + iop->remain = iop->len; + + return iop->remain ? -EFAULT : 0; +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/arch/x86/include/asm/debugger.h b/xen/arch/x86/include/asm/debugger.h index e83b346a21..c5585752ca 100644 --- a/xen/arch/x86/include/asm/debugger.h +++ b/xen/arch/x86/include/asm/debugger.h @@ -54,10 +54,4 @@ static inline bool debugger_trap_fatal( #endif -#ifdef CONFIG_GDBSX -unsigned int dbg_rw_mem(unsigned long gva, XEN_GUEST_HANDLE_PARAM(void) buf, - unsigned int len, struct domain *d, bool toaddr, - uint64_t pgd3); -#endif - #endif /* __X86_DEBUGGER_H__ */ diff --git a/xen/arch/x86/include/asm/gdbsx.h b/xen/arch/x86/include/asm/gdbsx.h new file mode 100644 index 0000000000..eee746fc01 --- /dev/null +++ b/xen/arch/x86/include/asm/gdbsx.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __X86_GDBX_H__ +#define __X86_GDBX_H__ + +#ifdef CONFIG_GDBSX + +struct domain; +struct xen_domctl_gdbsx_memio; + +int gdbsx_guest_mem_io(struct domain *d, struct xen_domctl_gdbsx_memio *iop); + +#endif /* CONFIG_GDBSX */ +#endif /* __X86_GDBX_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 19:44:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 19:44:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311209.528322 (Exim 4.92) (envelope-from ) id 1nhzCm-0001Wj-Df; Fri, 22 Apr 2022 19:44:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311209.528322; Fri, 22 Apr 2022 19:44:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCm-0001Wa-AE; Fri, 22 Apr 2022 19:44:36 +0000 Received: by outflank-mailman (input) for mailman id 311209; Fri, 22 Apr 2022 19:44:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCk-0001VB-PZ for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCk-0000mw-Oh for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhzCk-0003W0-Nm for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=p3MA9TuLKcNne+wVSJRqKEzQ1HF7UKaeR/K5qIjvguw=; b=AtBQm9XNQkt4g8wiQNazPaHWZQ PAyEd9AZrovwsGUUix+jjMoVJFEW+AZw4ByPJo5cx4BhyVD/Dv2+Qbq9vCDhpZr+bOugBie2WDZnM SAWEKfBMpyIstMDkXDegDx6DA6JywGQcwWeGca4iZ3KzCgOQe/l+R6dksEiV4CG+MGZw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/gdbsx: Move domain_pause_for_debugger() into gdbsx Message-Id: Date: Fri, 22 Apr 2022 19:44:34 +0000 commit 4de0f05fcf7d57c25aaef2f4aa064812b8628a72 Author: Andrew Cooper AuthorDate: Wed Apr 20 01:38:32 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 x86/gdbsx: Move domain_pause_for_debugger() into gdbsx domain_pause_for_debugger() is guest debugging (CONFIG_GDBSX) not host debugging (CONFIG_CRASH_DEBUG). Move it into the new gdbsx.c to drop the (incorrect) ifdefary, and provide a static inline in the !CONFIG_GDBSX case so callers can optimise away everything rather than having to emit a call to an empty function. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/domain.c | 14 -------------- xen/arch/x86/gdbsx.c | 14 ++++++++++++++ xen/arch/x86/hvm/svm/svm.c | 2 +- xen/arch/x86/hvm/vmx/realmode.c | 3 ++- xen/arch/x86/hvm/vmx/vmx.c | 2 +- xen/arch/x86/include/asm/debugger.h | 2 -- xen/arch/x86/include/asm/gdbsx.h | 6 ++++++ xen/arch/x86/nmi.c | 1 - xen/arch/x86/traps.c | 1 + 9 files changed, 25 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index a5048ed654..a72cc9552a 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2540,20 +2540,6 @@ static int __init cf_check init_vcpu_kick_softirq(void) } __initcall(init_vcpu_kick_softirq); -void domain_pause_for_debugger(void) -{ -#ifdef CONFIG_CRASH_DEBUG - struct vcpu *curr = current; - struct domain *d = curr->domain; - - domain_pause_by_systemcontroller_nosync(d); - - /* if gdbsx active, we just need to pause the domain */ - if ( curr->arch.gdbsx_vcpu_event == 0 ) - send_global_virq(VIRQ_DEBUGGER); -#endif -} - /* * Local variables: * mode: C diff --git a/xen/arch/x86/gdbsx.c b/xen/arch/x86/gdbsx.c index 59eb31fc9a..6ef46e8ea7 100644 --- a/xen/arch/x86/gdbsx.c +++ b/xen/arch/x86/gdbsx.c @@ -18,6 +18,8 @@ #include #include #include +#include + #include #include @@ -164,6 +166,18 @@ int gdbsx_guest_mem_io(struct domain *d, struct xen_domctl_gdbsx_memio *iop) return iop->remain ? -EFAULT : 0; } +void domain_pause_for_debugger(void) +{ + struct vcpu *curr = current; + struct domain *d = curr->domain; + + domain_pause_by_systemcontroller_nosync(d); + + /* if gdbsx active, we just need to pause the domain */ + if ( curr->arch.gdbsx_vcpu_event == 0 ) + send_global_virq(VIRQ_DEBUGGER); +} + /* * Local variables: * mode: C diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 2455835eda..0849a9dc5f 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -58,7 +58,7 @@ #include #include #include -#include +#include #include #include #include diff --git a/xen/arch/x86/hvm/vmx/realmode.c b/xen/arch/x86/hvm/vmx/realmode.c index cc23afa788..4ac93e0810 100644 --- a/xen/arch/x86/hvm/vmx/realmode.c +++ b/xen/arch/x86/hvm/vmx/realmode.c @@ -14,7 +14,8 @@ #include #include #include -#include + +#include #include #include #include diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index af9ee7cebb..cc8c4e9f04 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -51,7 +51,7 @@ #include #include #include -#include +#include #include #include #include diff --git a/xen/arch/x86/include/asm/debugger.h b/xen/arch/x86/include/asm/debugger.h index c5585752ca..9a3132356f 100644 --- a/xen/arch/x86/include/asm/debugger.h +++ b/xen/arch/x86/include/asm/debugger.h @@ -26,8 +26,6 @@ #include #include -void domain_pause_for_debugger(void); - #ifdef CONFIG_CRASH_DEBUG #include diff --git a/xen/arch/x86/include/asm/gdbsx.h b/xen/arch/x86/include/asm/gdbsx.h index eee746fc01..938eb74e2e 100644 --- a/xen/arch/x86/include/asm/gdbsx.h +++ b/xen/arch/x86/include/asm/gdbsx.h @@ -9,5 +9,11 @@ struct xen_domctl_gdbsx_memio; int gdbsx_guest_mem_io(struct domain *d, struct xen_domctl_gdbsx_memio *iop); +void domain_pause_for_debugger(void); + +#else + +static inline void domain_pause_for_debugger(void) {} + #endif /* CONFIG_GDBSX */ #endif /* __X86_GDBX_H__ */ diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index 302eaf2ff3..7656023748 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -30,7 +30,6 @@ #include #include #include -#include #include #include diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 84cd038dc3..d915324611 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -58,6 +58,7 @@ #include #include #include +#include #include #include #include -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 19:44:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 19:44:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311211.528325 (Exim 4.92) (envelope-from ) id 1nhzCw-0001bz-EZ; Fri, 22 Apr 2022 19:44:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311211.528325; Fri, 22 Apr 2022 19:44:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCw-0001br-Bf; Fri, 22 Apr 2022 19:44:46 +0000 Received: by outflank-mailman (input) for mailman id 311211; Fri, 22 Apr 2022 19:44:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCu-0001bN-Sw for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzCu-0000n6-S9 for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhzCu-0003X2-R6 for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oeyj25LjnW9mxB0aFBLNn115KQCiNtdrBQB9R3+hpwk=; b=f1tpgaJTQMZc7J6BUKO2OYBgK9 VGS5vQtGuR3cBjPyruUfhpQYns/QBZL57wXcFhgpaLKI7xlKZjUqCZ7rc8t4dJR3seg1r1vJqFlMu P5w/ELPQF2MBexTKAntIyuaGoCjg/IvcJtVWtWJCKL341UFmS5SlSzce0Dkqen9dnruI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/gdbstub: Clean up includes Message-Id: Date: Fri, 22 Apr 2022 19:44:44 +0000 commit 30122012db246c3e05f7a3668e03f76141affd4c Author: Andrew Cooper AuthorDate: Wed Apr 20 13:48:05 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 x86/gdbstub: Clean up includes common/gdbstub.c wants struct gdb_context but only gets it transitively through asm/debugger.h. None of */gdbstub.c should include asm/debugger.h so include xen/gdbstub.h instead. Forward declare struct cpu_user_regs in xen/gdbstub.h so it doesn't depend on the include order to compile. x86/setup.c doesn't need xen/gdbstub.h at all, so drop it. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/gdbstub.c | 5 ++++- xen/arch/x86/setup.c | 1 - xen/arch/x86/x86_64/gdbstub.c | 2 +- xen/common/gdbstub.c | 3 ++- xen/include/xen/gdbstub.h | 2 ++ 5 files changed, 9 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/gdbstub.c b/xen/arch/x86/gdbstub.c index 8f4f49fd3b..961cae0be7 100644 --- a/xen/arch/x86/gdbstub.c +++ b/xen/arch/x86/gdbstub.c @@ -18,7 +18,10 @@ * You should have received a copy of the GNU General Public License * along with this program; If not, see . */ -#include +#include +#include + +#include u16 gdb_arch_signal_num(struct cpu_user_regs *regs, unsigned long cookie) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 6f20e17892..53a73010e0 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -15,7 +15,6 @@ #include #include #include -#include #include #include #include diff --git a/xen/arch/x86/x86_64/gdbstub.c b/xen/arch/x86/x86_64/gdbstub.c index 2626519c89..8287124dfb 100644 --- a/xen/arch/x86/x86_64/gdbstub.c +++ b/xen/arch/x86/x86_64/gdbstub.c @@ -17,7 +17,7 @@ * along with this program; If not, see . */ -#include +#include #define GDB_REG64(r) gdb_write_to_packet_hex(r, sizeof(u64), ctx) #define GDB_REG32(r) gdb_write_to_packet_hex(r, sizeof(u32), ctx) diff --git a/xen/common/gdbstub.c b/xen/common/gdbstub.c index d6872721dc..df8d122bce 100644 --- a/xen/common/gdbstub.c +++ b/xen/common/gdbstub.c @@ -38,13 +38,14 @@ #include #include #include -#include #include #include #include #include #include #include +#include + #include /* Printk isn't particularly safe just after we've trapped to the diff --git a/xen/include/xen/gdbstub.h b/xen/include/xen/gdbstub.h index 0b2041095d..18c960969b 100644 --- a/xen/include/xen/gdbstub.h +++ b/xen/include/xen/gdbstub.h @@ -25,6 +25,8 @@ #ifdef CONFIG_CRASH_DEBUG +struct cpu_user_regs; + struct gdb_context { int serhnd; /* handle on our serial line */ int console_steal_id; /* handle on stolen console */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 19:44:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 19:44:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311212.528329 (Exim 4.92) (envelope-from ) id 1nhzD5-0001fS-G9; Fri, 22 Apr 2022 19:44:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311212.528329; Fri, 22 Apr 2022 19:44:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzD5-0001fK-D8; Fri, 22 Apr 2022 19:44:55 +0000 Received: by outflank-mailman (input) for mailman id 311212; Fri, 22 Apr 2022 19:44:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzD4-0001fC-W4 for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzD4-0000nJ-VD for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhzD4-0003Xp-UV for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:44:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iVQcDw6GWgL4yPeIiNCMLhRQPqrqptOMmHz2iwOwPKc=; b=W4weBuFQXHWUvMNcArBiQjMJDi rPAz5dwwyIx9VQKjl1/8VWHab6ZrbcfEXd9MuFbTe1T7D8JaQiXvBd5w5a4jaMQe2OOU5EjMaT+du 5ukRv/amttAYDPqjfY0EjpDrJTr+PSCowx8i9qTOt1Ty35c84mKf1AaY7DALT1YOQlwI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/debugger: Misc cleanup prior to splitting Message-Id: Date: Fri, 22 Apr 2022 19:44:54 +0000 commit 8bbc990772f35050b9efaebc0efaaead1ea0aab1 Author: Andrew Cooper AuthorDate: Wed Apr 20 14:40:45 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 x86/debugger: Misc cleanup prior to splitting * Remove inappropriate semicolon from debugger_trap_immediate(). * Try to explain what debugger_trap_fatal() is doing, and write it in a more legible way. * Drop unnecessary includes. This includes common/domain.c which doesn't use any debugger functionality, even prior to this cleanup. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/include/asm/debugger.h | 17 +++++++++++------ xen/common/domain.c | 1 - 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/include/asm/debugger.h b/xen/arch/x86/include/asm/debugger.h index 9a3132356f..5bac2ee4c2 100644 --- a/xen/arch/x86/include/asm/debugger.h +++ b/xen/arch/x86/include/asm/debugger.h @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: GPL-2.0 */ /****************************************************************************** * asm/debugger.h * @@ -22,23 +23,27 @@ #ifndef __X86_DEBUGGER_H__ #define __X86_DEBUGGER_H__ -#include -#include -#include - #ifdef CONFIG_CRASH_DEBUG #include +#include + +#include +/* Returns true if GDB handled the trap, or it is surviveable. */ static inline bool debugger_trap_fatal( unsigned int vector, struct cpu_user_regs *regs) { int rc = __trap_to_gdb(regs, vector); - return ((rc == 0) || (vector == TRAP_int3)); + + if ( rc == 0 ) + return true; + + return vector == X86_EXC_BP; } /* Int3 is a trivial way to gather cpu_user_regs context. */ -#define debugger_trap_immediate() __asm__ __volatile__ ( "int3" ); +#define debugger_trap_immediate() __asm__ __volatile__ ( "int3" ) #else diff --git a/xen/common/domain.c b/xen/common/domain.c index 351029f8b2..8d2c2a9897 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -33,7 +33,6 @@ #include #include #include -#include #include #include #include -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 19:45:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 19:45:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311214.528333 (Exim 4.92) (envelope-from ) id 1nhzDF-0001iu-HZ; Fri, 22 Apr 2022 19:45:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311214.528333; Fri, 22 Apr 2022 19:45:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDF-0001io-Ek; Fri, 22 Apr 2022 19:45:05 +0000 Received: by outflank-mailman (input) for mailman id 311214; Fri, 22 Apr 2022 19:45:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDF-0001ii-3L for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDF-0000nx-2a for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhzDF-0003Yv-1i for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2kqm1WDhnniZcyMMXGwB/o4krasSShjNpLFIxvOciVM=; b=2VyFQ0QbvpvqYAc96UU5jtMc6f wKmdjeh+DrFX+UgUjEqkTSAWKAX1upAANPu87hrwCOTyM6SXj74OpTR2yw7FmT+Xdp9vQE1gan8mx a/aWUHyABUrSL7ufS1ezR7ZZoXK1eHcw1ourls4WGB4e8FzSB6yIm7p9epwLapPlYWQQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: Split x86/debugger.h into common and arch specific parts Message-Id: Date: Fri, 22 Apr 2022 19:45:05 +0000 commit d6f3f1277acfba5067a149c82ae56333464e3bb0 Author: Bobby Eshleman AuthorDate: Tue Sep 28 13:30:29 2021 -0700 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 xen: Split x86/debugger.h into common and arch specific parts With all the non-CONFIG_CRASH_DEBUG functionality moved elsewhere, split x86/debugger.h in two, with the stubs and explanation moved to xen/debugger.h. In particular, this means that arches only need to provide an $arch/debugger.h if they implement CONFIG_CRASH_DEBUG, and ARM's stub can be deleted. Signed-off-by: Bobby Eshleman Signed-off-by: Andrew Cooper Acked-by: Julien Grall Acked-by: Jan Beulich --- xen/arch/arm/include/asm/debugger.h | 15 ------------- xen/arch/x86/include/asm/debugger.h | 34 ++-------------------------- xen/arch/x86/traps.c | 2 +- xen/common/keyhandler.c | 2 +- xen/common/shutdown.c | 2 +- xen/drivers/char/console.c | 2 +- xen/include/xen/debugger.h | 44 +++++++++++++++++++++++++++++++++++++ 7 files changed, 50 insertions(+), 51 deletions(-) diff --git a/xen/arch/arm/include/asm/debugger.h b/xen/arch/arm/include/asm/debugger.h deleted file mode 100644 index ac776efa78..0000000000 --- a/xen/arch/arm/include/asm/debugger.h +++ /dev/null @@ -1,15 +0,0 @@ -#ifndef __ARM_DEBUGGER_H__ -#define __ARM_DEBUGGER_H__ - -#define debugger_trap_fatal(v, r) (0) -#define debugger_trap_immediate() ((void) 0) - -#endif /* __ARM_DEBUGGER_H__ */ -/* - * Local variables: - * mode: C - * c-file-style: "BSD" - * c-basic-offset: 4 - * indent-tabs-mode: nil - * End: - */ diff --git a/xen/arch/x86/include/asm/debugger.h b/xen/arch/x86/include/asm/debugger.h index 5bac2ee4c2..a5c299c6c3 100644 --- a/xen/arch/x86/include/asm/debugger.h +++ b/xen/arch/x86/include/asm/debugger.h @@ -1,30 +1,12 @@ /* SPDX-License-Identifier: GPL-2.0 */ /****************************************************************************** - * asm/debugger.h - * - * Generic hooks into arch-dependent Xen. - * - * Each debugger should define two functions here: - * - * debugger_trap_fatal(): - * Called when Xen is about to give up and crash. Typically you will use this - * hook to drop into a debug session. It can also be used to hook off - * deliberately caused traps (which you then handle and return non-zero). + * xen/arch/x86/include/asm/debugger.h * - * debugger_trap_immediate(): - * Called if we want to drop into a debugger now. This is essentially the - * same as debugger_trap_fatal, except that we use the current register state - * rather than the state which was in effect when we took the trap. - * For example: if we're dying because of an unhandled exception, we call - * debugger_trap_fatal; if we're dying because of a panic() we call - * debugger_trap_immediate(). + * x86-specific debugger hooks. */ - #ifndef __X86_DEBUGGER_H__ #define __X86_DEBUGGER_H__ -#ifdef CONFIG_CRASH_DEBUG - #include #include @@ -45,16 +27,4 @@ static inline bool debugger_trap_fatal( /* Int3 is a trivial way to gather cpu_user_regs context. */ #define debugger_trap_immediate() __asm__ __volatile__ ( "int3" ) -#else - -static inline bool debugger_trap_fatal( - unsigned int vector, struct cpu_user_regs *regs) -{ - return false; -} - -#define debugger_trap_immediate() ((void)0) - -#endif - #endif /* __X86_DEBUGGER_H__ */ diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index d915324611..25bffe47d7 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -64,7 +65,6 @@ #include #include #include -#include #include #include #include diff --git a/xen/common/keyhandler.c b/xen/common/keyhandler.c index ca9ee07901..0a551033c4 100644 --- a/xen/common/keyhandler.c +++ b/xen/common/keyhandler.c @@ -3,6 +3,7 @@ */ #include +#include #include #include #include @@ -20,7 +21,6 @@ #include #include #include -#include #include static unsigned char keypress_key; diff --git a/xen/common/shutdown.c b/xen/common/shutdown.c index abde48aa4c..a933ee001e 100644 --- a/xen/common/shutdown.c +++ b/xen/common/shutdown.c @@ -2,13 +2,13 @@ #include #include #include +#include #include #include #include #include #include #include -#include #include /* opt_noreboot: If true, machine will need manual reset on error. */ diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index d9d6556c22..f9937c5134 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -26,7 +27,6 @@ #include #include #include -#include #include #include /* for do_console_io */ #include diff --git a/xen/include/xen/debugger.h b/xen/include/xen/debugger.h new file mode 100644 index 0000000000..72684268af --- /dev/null +++ b/xen/include/xen/debugger.h @@ -0,0 +1,44 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/****************************************************************************** + * Arch specific debuggers should implement: + * + * debugger_trap_fatal(): + * Called when Xen is about to give up and crash. Typically you will use this + * hook to drop into a debug session. It can also be used to hook off + * deliberately caused traps (which you then handle and return non-zero). + * + * debugger_trap_immediate(): + * Called if we want to drop into a debugger now. This is essentially the + * same as debugger_trap_fatal, except that we use the current register state + * rather than the state which was in effect when we took the trap. + * For example: if we're dying because of an unhandled exception, we call + * debugger_trap_fatal; if we're dying because of a panic() we call + * debugger_trap_immediate(). + */ + +#ifndef __XEN_DEBUGGER_H__ +#define __XEN_DEBUGGER_H__ + +#ifdef CONFIG_CRASH_DEBUG + +#include + +#else + +#include + +struct cpu_user_regs; + +static inline bool debugger_trap_fatal( + unsigned int vector, const struct cpu_user_regs *regs) +{ + return false; +} + +static inline void debugger_trap_immediate(void) +{ +} + +#endif /* CONFIG_CRASH_DEBUG */ + +#endif /* __XEN_DEBUGGER_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 19:45:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 19:45:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311215.528337 (Exim 4.92) (envelope-from ) id 1nhzDP-0001lh-JV; Fri, 22 Apr 2022 19:45:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311215.528337; Fri, 22 Apr 2022 19:45:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDP-0001lZ-GL; Fri, 22 Apr 2022 19:45:15 +0000 Received: by outflank-mailman (input) for mailman id 311215; Fri, 22 Apr 2022 19:45:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDP-0001lP-6e for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDP-0000o7-5t for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhzDP-0003Zo-55 for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=B6OOY4mFo4OJjaDub6xHYAfvpA4mKG31ObHeWB6ZO9s=; b=o8QIcCVYcj9gcEjDm5xnC06SKS Kz2BGSXE+wZz2A1uDzrUpykNKWn6M5I4Ye5IVJPvp1VzciGN1p0nv5EkPum2QJ+Fa/X0L+i0FhV2X 5BaRAHoLE+16GqKavMtJWNHB25KIuY6gNqKLMnIdFCnl3UyybM0+ZJhrg4attMug8IuE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/libs/evtchn: don't set errno to negative values Message-Id: Date: Fri, 22 Apr 2022 19:45:15 +0000 commit 60245b71c1cd001686fa7b7a26869cbcb80d074c Author: Juergen Gross AuthorDate: Wed Apr 20 09:31:16 2022 +0200 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 tools/libs/evtchn: don't set errno to negative values Setting errno to a negative value makes no sense. Fixes: 6b6500b3cbaa ("tools/libs/evtchn: Add support for restricting a handle") Signed-off-by: Juergen Gross Acked-by: Andrew Cooper --- tools/libs/evtchn/freebsd.c | 2 +- tools/libs/evtchn/minios.c | 2 +- tools/libs/evtchn/netbsd.c | 2 +- tools/libs/evtchn/solaris.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/libs/evtchn/freebsd.c b/tools/libs/evtchn/freebsd.c index c4d075350b..422836f1a1 100644 --- a/tools/libs/evtchn/freebsd.c +++ b/tools/libs/evtchn/freebsd.c @@ -58,7 +58,7 @@ int osdep_evtchn_close(xenevtchn_handle *xce) int osdep_evtchn_restrict(xenevtchn_handle *xce, domid_t domid) { - errno = -EOPNOTSUPP; + errno = EOPNOTSUPP; return -1; } diff --git a/tools/libs/evtchn/minios.c b/tools/libs/evtchn/minios.c index 65cfccfd09..8ff46de884 100644 --- a/tools/libs/evtchn/minios.c +++ b/tools/libs/evtchn/minios.c @@ -143,7 +143,7 @@ int osdep_evtchn_close(xenevtchn_handle *xce) int osdep_evtchn_restrict(xenevtchn_handle *xce, domid_t domid) { - errno = -EOPNOTSUPP; + errno = EOPNOTSUPP; return -1; } diff --git a/tools/libs/evtchn/netbsd.c b/tools/libs/evtchn/netbsd.c index 0b223c4beb..2de9cefc67 100644 --- a/tools/libs/evtchn/netbsd.c +++ b/tools/libs/evtchn/netbsd.c @@ -53,7 +53,7 @@ int osdep_evtchn_close(xenevtchn_handle *xce) int osdep_evtchn_restrict(xenevtchn_handle *xce, domid_t domid) { - errno = -EOPNOTSUPP; + errno = EOPNOTSUPP; return -1; } diff --git a/tools/libs/evtchn/solaris.c b/tools/libs/evtchn/solaris.c index 7fef88a73e..375a5f9b4f 100644 --- a/tools/libs/evtchn/solaris.c +++ b/tools/libs/evtchn/solaris.c @@ -53,7 +53,7 @@ int osdep_evtchn_close(xenevtchn_handle *xce) int osdep_evtchn_restrict(xenevtchn_handle *xce, domid_t domid) { - errno = -EOPNOTSUPP; + errno = EOPNOTSUPP; return -1; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 19:45:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 19:45:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311216.528341 (Exim 4.92) (envelope-from ) id 1nhzDa-0001ph-MS; Fri, 22 Apr 2022 19:45:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311216.528341; Fri, 22 Apr 2022 19:45:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDa-0001pZ-JW; Fri, 22 Apr 2022 19:45:26 +0000 Received: by outflank-mailman (input) for mailman id 311216; Fri, 22 Apr 2022 19:45:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDZ-0001pR-AH for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDZ-0000oX-9d for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhzDZ-0003aw-8G for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WNXQcMGhywfz2GyKohuGKQB9LIlgnYZVhQW4UlEFELs=; b=Dw8dZxC/40pJ5RFvzJaqJzolqx 8DJz/g0R4YHZCHFnq8O4TvheXh8TEZMcgWWrAwg09OkKxugs7A5d/I0eSFBwUoYkDtVjOIO/oyyqg urAMhk2V9Vnm4p1/YouFVMX7c7D1eaU60WI84Wc3Sbib55OhVhgSm1IdeUEGKnRHAq7o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/libs/ctrl: don't set errno to a negative value Message-Id: Date: Fri, 22 Apr 2022 19:45:25 +0000 commit a0fb7e0e73483ed042d5ca34861a891a51ad337b Author: Juergen Gross AuthorDate: Wed Apr 20 09:31:17 2022 +0200 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 tools/libs/ctrl: don't set errno to a negative value The claimed reason for setting errno to -1 is wrong. On x86 xc_domain_pod_target() will set errno to a sane value in the error case. Fixes: ff1745d5882b ("tools: libxl: do not set the PoD target on ARM") Signed-off-by: Juergen Gross Acked-by: Andrew Cooper --- tools/libs/ctrl/xc_domain.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tools/libs/ctrl/xc_domain.c b/tools/libs/ctrl/xc_domain.c index ef62f66009..71608c00e9 100644 --- a/tools/libs/ctrl/xc_domain.c +++ b/tools/libs/ctrl/xc_domain.c @@ -1293,9 +1293,7 @@ int xc_domain_get_pod_target(xc_interface *xch, uint64_t *pod_cache_pages, uint64_t *pod_entries) { - /* On x86 (above) xc_domain_pod_target will incorrectly return -1 - * with errno==-1 on error. Do the same for least surprise. */ - errno = -1; + errno = EOPNOTSUPP; return -1; } #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 19:45:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 19:45:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311217.528345 (Exim 4.92) (envelope-from ) id 1nhzDk-0001st-Nx; Fri, 22 Apr 2022 19:45:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311217.528345; Fri, 22 Apr 2022 19:45:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDk-0001sl-L0; Fri, 22 Apr 2022 19:45:36 +0000 Received: by outflank-mailman (input) for mailman id 311217; Fri, 22 Apr 2022 19:45:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDj-0001sU-Gd for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDj-0000on-Fm for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhzDj-0003bj-E8 for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QaDf3C2RDZFe8Y4HPDi84UnLIPhYirnGpyUo8Zuf29I=; b=2Q8Iv2hXw13S3JArW2JN56M+Fp 8n+QdyQ9nQyOHENxJ9NXo89mXcjzsWwWApIs766ENxKerswUZ/TE3pWjHNdrM2b2eAUFqatGaDHxR AkI9fY3UizdBw0U/DLXJo0GmB67y/ataM3ZfrUZQ8Mcv9RnVMZWGFXjzzq6NfKR70Koo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/libs/guest: don't set errno to a negative value Message-Id: Date: Fri, 22 Apr 2022 19:45:35 +0000 commit 438e96ab479495a932391a22e219ee62fa8c4f47 Author: Juergen Gross AuthorDate: Wed Apr 20 09:31:18 2022 +0200 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 tools/libs/guest: don't set errno to a negative value Setting errno to a negative error value makes no sense. Fixes: cb99a64029c9 ("libxc: arm: allow passing a device tree blob to the guest") Signed-off-by: Juergen Gross Acked-by: Andrew Cooper --- tools/libs/guest/xg_dom_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/guest/xg_dom_core.c b/tools/libs/guest/xg_dom_core.c index c17cf9f712..c4f4e7f3e2 100644 --- a/tools/libs/guest/xg_dom_core.c +++ b/tools/libs/guest/xg_dom_core.c @@ -855,7 +855,7 @@ int xc_dom_devicetree_file(struct xc_dom_image *dom, const char *filename) return -1; return 0; #else - errno = -EINVAL; + errno = EINVAL; return -1; #endif } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 22 19:45:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Apr 2022 19:45:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311218.528349 (Exim 4.92) (envelope-from ) id 1nhzDu-0001wH-PM; Fri, 22 Apr 2022 19:45:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311218.528349; Fri, 22 Apr 2022 19:45:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDu-0001w9-MV; Fri, 22 Apr 2022 19:45:46 +0000 Received: by outflank-mailman (input) for mailman id 311218; Fri, 22 Apr 2022 19:45:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDt-0001vf-Js for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nhzDt-0000or-J4 for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nhzDt-0003co-I9 for xen-changelog@lists.xenproject.org; Fri, 22 Apr 2022 19:45:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rDtOtAj5CJgIJEmYOHFC1O3YvewbyN+PSAMPXVZlWh0=; b=jzUQvTof2AMM8M+MYg27vqAq1Y cODN9QhIpgV4QJp+VeQVf1EwFR+iHn67XFcp8AbzKDxsfP/bjAe9VBADIICfwGeftvPksSolrthyP uIz+MmrDEEeD5X+50tuWAYFstnFyX9/tcBQ0IOC10bJX6mo/dLPmNBfYOp0pxnCq7/Ys=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/libs/light: don't set errno to a negative value Message-Id: Date: Fri, 22 Apr 2022 19:45:45 +0000 commit 2419a159fb943c24a6f2439604b9fdb1478fcd08 Author: Juergen Gross AuthorDate: Wed Apr 20 09:31:19 2022 +0200 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 tools/libs/light: don't set errno to a negative value Setting errno to a negative value makes no sense. Fixes: e78e8b9bb649 ("libxl: Add interface for querying hypervisor about PCI topology") Signed-off-by: Juergen Gross Acked-by: Andrew Cooper --- tools/libs/light/libxl_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_linux.c b/tools/libs/light/libxl_linux.c index 8d62dfd255..27f2bce718 100644 --- a/tools/libs/light/libxl_linux.c +++ b/tools/libs/light/libxl_linux.c @@ -288,7 +288,7 @@ int libxl__pci_topology_init(libxl__gc *gc, if (i == num_devs) { LOG(ERROR, "Too many devices"); err = ERROR_FAIL; - errno = -ENOSPC; + errno = ENOSPC; goto out; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 02:00:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 02:00:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311355.528550 (Exim 4.92) (envelope-from ) id 1ni546-0003cr-OR; Sat, 23 Apr 2022 02:00:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311355.528550; Sat, 23 Apr 2022 02:00:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ni546-0003cP-LK; Sat, 23 Apr 2022 02:00:02 +0000 Received: by outflank-mailman (input) for mailman id 311355; Sat, 23 Apr 2022 02:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ni546-0003WW-0U for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 02:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ni545-0005ig-TO for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 02:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ni545-0002HN-SE for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 02:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jbXP27jwqhjS4AUX1rZL1+vFbu5GhhB1BirvEjrr3uQ=; b=EbpoBHW5s1YYIoGYgF4i9LezIV Q+f3C3zOmtfGKucGjRU3mtfmcAx29lX3pFogeAXA+zpn1FAZnq/694Y7OSHqp6tFfCfoN5t4ydpYX pwNQk0LOrVs/oXulJVP/+dAH8s0SW+aQe9N7U98/z4iwESJWkBroi2pyYXGSzDUbQxjM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gitlab-ci: add qemu-system-arm to the existing tests-artifacts container Message-Id: Date: Sat, 23 Apr 2022 02:00:01 +0000 commit f1e4efafd69ac5022f2561e45f2eaf89388dc9f6 Author: Stefano Stabellini AuthorDate: Fri Apr 15 17:17:00 2022 -0700 Commit: Stefano Stabellini CommitDate: Thu Apr 21 16:17:20 2022 -0700 gitlab-ci: add qemu-system-arm to the existing tests-artifacts container Add qemu-system-arm to the existing test-artifacts qemu container (which doesn't get build for every iteration but only updated once in a while.) With qemu-system-arm available, we'll be able to run ARM32 tests. This patch also bumps the QEMU version to v6.0.0 for both arm32 and arm64 (the test-artifacts container is one, shared for both). Signed-off-by: Stefano Stabellini Reviewed-by: Anthony PERARD --- automation/gitlab-ci/build.yaml | 14 +++- automation/gitlab-ci/test.yaml | 4 +- .../qemu-system-aarch64/5.2.0-arm64v8.dockerfile | 75 --------------------- .../qemu-system-aarch64/6.0.0-arm64v8.dockerfile | 76 ++++++++++++++++++++++ 4 files changed, 90 insertions(+), 79 deletions(-) diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index cc36428cf5..72f2a317ac 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -591,9 +591,9 @@ kernel-5.9.9-arm64-export: tags: - arm64 -qemu-system-aarch64-5.2.0-arm64-export: +qemu-system-aarch64-6.0.0-arm64-export: stage: build - image: registry.gitlab.com/xen-project/xen/tests-artifacts/qemu-system-aarch64:5.2.0-arm64v8 + image: registry.gitlab.com/xen-project/xen/tests-artifacts/qemu-system-aarch64:6.0.0-arm64v8 script: - mkdir binaries && cp /qemu-system-aarch64 binaries/qemu-system-aarch64 artifacts: @@ -602,6 +602,16 @@ qemu-system-aarch64-5.2.0-arm64-export: tags: - arm64 +qemu-system-aarch64-6.0.0-arm32-export: + stage: build + image: registry.gitlab.com/xen-project/xen/tests-artifacts/qemu-system-aarch64:6.0.0-arm64v8 + script: + - mkdir binaries && cp /qemu-system-arm binaries/qemu-system-arm + artifacts: + paths: + - binaries/qemu-system-arm + tags: + - arm64 # x86_64 test artifacts diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 47e8704df3..ec2a2e1607 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -33,7 +33,7 @@ qemu-alpine-arm64-gcc: - alpine-3.12-gcc-arm64 - alpine-3.12-arm64-rootfs-export - kernel-5.9.9-arm64-export - - qemu-system-aarch64-5.2.0-arm64-export + - qemu-system-aarch64-6.0.0-arm64-export artifacts: paths: - smoke.serial @@ -81,7 +81,7 @@ qemu-smoke-arm64-gcc: dependencies: - debian-unstable-gcc-arm64 - kernel-5.9.9-arm64-export - - qemu-system-aarch64-5.2.0-arm64-export + - qemu-system-aarch64-6.0.0-arm64-export artifacts: paths: - smoke.serial diff --git a/automation/tests-artifacts/qemu-system-aarch64/5.2.0-arm64v8.dockerfile b/automation/tests-artifacts/qemu-system-aarch64/5.2.0-arm64v8.dockerfile deleted file mode 100644 index e105a1c636..0000000000 --- a/automation/tests-artifacts/qemu-system-aarch64/5.2.0-arm64v8.dockerfile +++ /dev/null @@ -1,75 +0,0 @@ -FROM arm64v8/debian:unstable -LABEL maintainer.name="The Xen Project" \ - maintainer.email="xen-devel@lists.xenproject.org" - -ENV DEBIAN_FRONTEND=noninteractive -ENV QEMU_VERSION=5.2.0 -ENV USER root - -RUN mkdir /build -WORKDIR /build - -# build depends -RUN apt-get update && \ - apt-get --quiet --yes install \ - build-essential \ - curl \ - python3 \ - ninja-build \ - pkg-config \ - libglib2.0-dev \ - libpixman-1-dev \ - && \ - \ - curl -fsSLO https://download.qemu.org/qemu-"$QEMU_VERSION".tar.xz && \ - tar xvJf qemu-"$QEMU_VERSION".tar.xz && \ - cd qemu-"$QEMU_VERSION" && \ - ./configure \ - --target-list=aarch64-softmmu \ - --enable-system \ - --disable-blobs \ - --disable-bsd-user \ - --disable-debug-info \ - --disable-glusterfs \ - --disable-gtk \ - --disable-guest-agent \ - --disable-linux-user \ - --disable-sdl \ - --disable-spice \ - --disable-tpm \ - --disable-vhost-net \ - --disable-vhost-scsi \ - --disable-vhost-user \ - --disable-vhost-vsock \ - --disable-virtfs \ - --disable-vnc \ - --disable-werror \ - --disable-xen \ - --disable-safe-stack \ - --disable-libssh \ - --disable-opengl \ - --disable-tools \ - --disable-virglrenderer \ - --disable-stack-protector \ - --disable-containers \ - --disable-replication \ - --disable-cloop \ - --disable-dmg \ - --disable-vvfat \ - --disable-vdi \ - --disable-parallels \ - --disable-qed \ - --disable-bochs \ - --disable-qom-cast-debug \ - --disable-vhost-vdpa \ - --disable-vhost-kernel \ - --disable-qcow1 \ - --disable-live-block-migration \ - && \ - make -j$(nproc) && \ - cp ./build/qemu-system-aarch64 / && \ - cd /build && \ - rm -rf qemu-"$QEMU_VERSION"* && \ - apt-get autoremove -y && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/automation/tests-artifacts/qemu-system-aarch64/6.0.0-arm64v8.dockerfile b/automation/tests-artifacts/qemu-system-aarch64/6.0.0-arm64v8.dockerfile new file mode 100644 index 0000000000..793432d40b --- /dev/null +++ b/automation/tests-artifacts/qemu-system-aarch64/6.0.0-arm64v8.dockerfile @@ -0,0 +1,76 @@ +FROM arm64v8/debian:unstable +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV QEMU_VERSION=6.0.0 +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + curl \ + python3 \ + ninja-build \ + pkg-config \ + libglib2.0-dev \ + libpixman-1-dev \ + && \ + \ + curl -fsSLO https://download.qemu.org/qemu-"$QEMU_VERSION".tar.xz && \ + tar xvJf qemu-"$QEMU_VERSION".tar.xz && \ + cd qemu-"$QEMU_VERSION" && \ + ./configure \ + --target-list=arm-softmmu,aarch64-softmmu \ + --enable-system \ + --disable-blobs \ + --disable-bsd-user \ + --disable-debug-info \ + --disable-glusterfs \ + --disable-gtk \ + --disable-guest-agent \ + --disable-linux-user \ + --disable-sdl \ + --disable-spice \ + --disable-tpm \ + --disable-vhost-net \ + --disable-vhost-scsi \ + --disable-vhost-user \ + --disable-vhost-vsock \ + --disable-virtfs \ + --disable-vnc \ + --disable-werror \ + --disable-xen \ + --disable-safe-stack \ + --disable-libssh \ + --disable-opengl \ + --disable-tools \ + --disable-virglrenderer \ + --disable-stack-protector \ + --disable-containers \ + --disable-replication \ + --disable-cloop \ + --disable-dmg \ + --disable-vvfat \ + --disable-vdi \ + --disable-parallels \ + --disable-qed \ + --disable-bochs \ + --disable-qom-cast-debug \ + --disable-vhost-vdpa \ + --disable-vhost-kernel \ + --disable-qcow1 \ + --disable-live-block-migration \ + && \ + make -j$(nproc) && \ + cp ./build/qemu-system-aarch64 / && \ + cp ./build/qemu-system-arm / && \ + cd /build && \ + rm -rf qemu-"$QEMU_VERSION"* && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 02:00:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 02:00:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311356.528557 (Exim 4.92) (envelope-from ) id 1ni54G-0004Z9-Qg; Sat, 23 Apr 2022 02:00:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311356.528557; Sat, 23 Apr 2022 02:00:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ni54G-0004Z1-Mx; Sat, 23 Apr 2022 02:00:12 +0000 Received: by outflank-mailman (input) for mailman id 311356; Sat, 23 Apr 2022 02:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ni54G-0004Yt-17 for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 02:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ni54G-000687-0I for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 02:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ni54F-0002Jq-Vb for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 02:00:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LCd2FAGIxZg09Ah1OclyY30HNFtO6O3pH2CWHS4B08I=; b=MsAHXZBxB85rs3iBLB08Z5ze2u LCfRf2xOJIvNKBdJ3c/CcWdjO6dsEGldeiKQsAL0I5kkr4x0Vfml1LLhc5R72D6ti3Xq2+VG8brDa pv4/4jgPBOaPTg3rm4fu7SoYEp0xr/2IMi2M8k/Y8+8JloN1s95sZJ07CBb4FR89k6nY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gitlab-ci: add an ARM32 qemu-based smoke test Message-Id: Date: Sat, 23 Apr 2022 02:00:11 +0000 commit 43f3d51139178a03823b061482c674e15ce3d49c Author: Stefano Stabellini AuthorDate: Thu Apr 21 16:17:40 2022 -0700 Commit: Stefano Stabellini CommitDate: Thu Apr 21 16:17:40 2022 -0700 gitlab-ci: add an ARM32 qemu-based smoke test Add a minimal ARM32 smoke test based on qemu-system-arm, as provided by the test-artifacts qemu container. The minimal test simply boots Xen (built from previous build stages) and Dom0. The test needs a working kernel and minimal initrd for dom0. Instead of building our own kernel and initrd, which would mean maintaining one or two more builting scripts under automation/, we borrow a kernel and initrd from distros. For the kernel we pick the Debian Bullseye kernel, which has everything we need already built-in. However, we cannot use the Debian Bullseye initrd because it is 22MB and the large size causes QEMU to core dump. Instead, use the tiny busybox-based rootfs provided by Alpine Linux, which is really minimal: just 2.5MB. Note that we cannot use the Alpine Linux kernel because that doesn't boot on Xen. Signed-off-by: Stefano Stabellini Reviewed-by: Michal Orzel --- automation/gitlab-ci/test.yaml | 23 ++++++++++ automation/scripts/qemu-smoke-arm32.sh | 81 ++++++++++++++++++++++++++++++++++ 2 files changed, 104 insertions(+) diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index ec2a2e1607..42cd725a12 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -95,6 +95,29 @@ qemu-smoke-arm64-gcc: - /^coverity-tested\/.*/ - /^stable-.*/ +qemu-smoke-arm32-gcc: + stage: test + image: registry.gitlab.com/xen-project/xen/${CONTAINER} + variables: + CONTAINER: debian:unstable-arm64v8 + script: + - ./automation/scripts/qemu-smoke-arm32.sh 2>&1 | tee qemu-smoke-arm32.log + dependencies: + - debian-unstable-gcc-arm32 + - qemu-system-aarch64-6.0.0-arm32-export + artifacts: + paths: + - smoke.serial + - '*.log' + when: always + tags: + - arm64 + except: + - master + - smoke + - /^coverity-tested\/.*/ + - /^stable-.*/ + qemu-smoke-x86-64-gcc: stage: test image: registry.gitlab.com/xen-project/xen/${CONTAINER} diff --git a/automation/scripts/qemu-smoke-arm32.sh b/automation/scripts/qemu-smoke-arm32.sh new file mode 100755 index 0000000000..530f3892fd --- /dev/null +++ b/automation/scripts/qemu-smoke-arm32.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +set -ex + +export DEBIAN_FRONTENT=noninteractive +apt-get -qy update +apt-get -qy install --no-install-recommends device-tree-compiler \ + curl \ + cpio + +cd binaries +# Use the kernel from Debian +curl --fail --silent --show-error --location --output vmlinuz http://http.us.debian.org/debian/dists/bullseye/main/installer-armhf/current/images/netboot/vmlinuz +# Use a tiny initrd based on busybox from Alpine Linux +curl --fail --silent --show-error --location --output initrd.tar.gz https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/armhf/alpine-minirootfs-3.15.1-armhf.tar.gz + +mkdir rootfs +cd rootfs +tar xvzf ../initrd.tar.gz +find . | cpio -H newc -o | gzip > ../initrd.gz +cd .. + +kernel=`stat -L --printf="%s" vmlinuz` +initrd=`stat -L --printf="%s" initrd.gz` + +# For Xen, we need a couple of more node. Dump the DT from QEMU and add them +# XXX QEMU looks for "efi-virtio.rom" even if it is unneeded +curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom +./qemu-system-arm \ + -machine virt \ + -machine virtualization=true \ + -smp 4 \ + -m 1024 \ + -serial stdio \ + -monitor none \ + -display none \ + -machine dumpdtb=virt.dtb + +dtc -I dtb -O dts virt.dtb > virt.dts + +cat >> virt.dts << EOF +/ { + chosen { + #address-cells = <0x2>; + #size-cells = <0x2>; + stdout-path = "/pl011@9000000"; + xen,xen-bootargs = "console=dtuart dtuart=/pl011@9000000 dom0_mem=512M bootscrub=0"; + xen,dom0-bootargs = "console=tty0 console=hvc0 earlyprintk clk_ignore_unused root=/dev/ram0 rdinit=/bin/sh"; + dom0 { + compatible = "xen,linux-zimage", "xen,multiboot-module"; + reg = <0x0 0x1000000 0x0 $kernel>; + }; + dom0-ramdisk { + compatible = "xen,linux-initrd", "xen,multiboot-module"; + reg = <0x0 0x3200000 0x0 $initrd>; + }; + }; +}; +EOF +dtc -I dts -O dtb virt.dts > virt.dtb + +rm -f smoke.serial +set +e +timeout -k 1 240 \ +./qemu-system-arm \ + -machine virt \ + -machine virtualization=true \ + -smp 4 \ + -m 1024 \ + -serial stdio \ + -monitor none \ + -display none \ + -dtb virt.dtb \ + -no-reboot \ + -kernel ./xen \ + -device loader,file=./vmlinuz,addr=0x1000000 \ + -device loader,file=./initrd.gz,addr=0x3200000 |& tee smoke.serial + +set -e +(grep -q "^/ #" smoke.serial) || exit 1 +exit 0 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:11:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:11:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311561.528768 (Exim 4.92) (envelope-from ) id 1niEbO-0002fn-Rz; Sat, 23 Apr 2022 12:11:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311561.528768; Sat, 23 Apr 2022 12:11:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEbO-0002ff-Ou; Sat, 23 Apr 2022 12:11:02 +0000 Received: by outflank-mailman (input) for mailman id 311561; Sat, 23 Apr 2022 12:11:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEbN-0002fX-Kz for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEbN-0000x4-K9 for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEbN-0004lD-JG for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZkNv9tsTmtaAqECwbp5Q70BUiu0rQhuUQZq2gsz445M=; b=gagBvLX5CsbNDnGXjYPt03g9Po zrqvIlVb3JBsnPCvKzd4tL+vzSxE19xBK0jrgelZMIwGj2kIT1VckL+zfXmLzgFeg6/7j3fGd4SrQ GMX0Fft4uLdVmwemt3WeLxwou6PeoaMBMxfJ4QThTeAZlQjjnjGYAkCgvnJGjLxtGpoQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: have callers specify the target level for page table walks Message-Id: Date: Sat, 23 Apr 2022 12:11:01 +0000 commit 5fafa6cf529a6c0cd0b12c920a2cc68a3cca99e1 Author: Jan Beulich AuthorDate: Fri Apr 22 14:51:37 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 22 14:51:37 2022 +0200 AMD/IOMMU: have callers specify the target level for page table walks In order to be able to insert/remove super-pages we need to allow callers of the walking function to specify at which point to stop the walk. (For now at least gcc will instantiate just a variant of the function with the parameter eliminated, so effectively no change to generated code as far as the parameter addition goes.) Instead of merely adjusting a BUG_ON() condition, convert it into an error return - there's no reason to crash the entire host in that case. Leave an assertion though for spotting issues early in debug builds. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/amd/iommu_map.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 6d42bcea0e..8bef46e045 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -239,7 +239,8 @@ void __init iommu_dte_add_device_entry(struct amd_iommu_dte *dte, * page tables. */ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, - unsigned long *pt_mfn, bool map) + unsigned int target, unsigned long *pt_mfn, + bool map) { union amd_iommu_pte *pde, *next_table_vaddr; unsigned long next_table_mfn; @@ -250,7 +251,11 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, table = hd->arch.amd.root_table; level = hd->arch.amd.paging_mode; - BUG_ON( table == NULL || level < 1 || level > 6 ); + if ( !table || target < 1 || level < target || level > 6 ) + { + ASSERT_UNREACHABLE(); + return 1; + } /* * A frame number past what the current page tables can represent can't @@ -261,7 +266,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, next_table_mfn = mfn_x(page_to_mfn(table)); - while ( level > 1 ) + while ( level > target ) { unsigned int next_level = level - 1; @@ -332,7 +337,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, level--; } - /* mfn of level 1 page table */ + /* mfn of target level page table */ *pt_mfn = next_table_mfn; return 0; } @@ -369,7 +374,7 @@ int cf_check amd_iommu_map_page( return rc; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), &pt_mfn, true) || !pt_mfn ) + if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, true) || !pt_mfn ) { spin_unlock(&hd->arch.mapping_lock); AMD_IOMMU_ERROR("invalid IO pagetable entry dfn = %"PRI_dfn"\n", @@ -402,7 +407,7 @@ int cf_check amd_iommu_unmap_page( return 0; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), &pt_mfn, false) ) + if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, false) ) { spin_unlock(&hd->arch.mapping_lock); AMD_IOMMU_ERROR("invalid IO pagetable entry dfn = %"PRI_dfn"\n", -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:11:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:11:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311562.528772 (Exim 4.92) (envelope-from ) id 1niEbY-0002hp-Tk; Sat, 23 Apr 2022 12:11:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311562.528772; Sat, 23 Apr 2022 12:11:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEbY-0002hh-Qw; Sat, 23 Apr 2022 12:11:12 +0000 Received: by outflank-mailman (input) for mailman id 311562; Sat, 23 Apr 2022 12:11:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEbX-0002hZ-ON for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEbX-0000xD-Na for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEbX-0004ln-MV for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XMRjd5LVmgtQNLasN9oZ4a46hzveA1ogPiD/6u4kaHw=; b=WQDQtGaF/CUibbMuZ+cNu4l1SG kzLRfaoj1vTYTo3E6qEECJwbmLI9bCFcfIYBrm3lheQx5a8c0haFXexMmB9Ke01phsv+LcOIQcrnd TtvFvWVo2s8V9aZb7IgUJwLEkoTa91LFUKc5vtXFJrGYzdIwmGIG3JXrIx8Yi7Ina3mc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: have callers specify the target level for page table walks Message-Id: Date: Sat, 23 Apr 2022 12:11:11 +0000 commit c71e55501a618d0443d2e07ef0e04edce74a0e5f Author: Jan Beulich AuthorDate: Fri Apr 22 14:52:40 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 22 14:52:40 2022 +0200 VT-d: have callers specify the target level for page table walks In order to be able to insert/remove super-pages we need to allow callers of the walking function to specify at which point to stop the walk. For intel_iommu_lookup_page() integrate the last level access into the main walking function. dma_pte_clear_one() gets only partly adjusted for now: Error handling and order parameter get put in place, but the order parameter remains ignored (just like intel_iommu_map_page()'s order part of the flags). Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 135 ++++++++++++++++++++++++------------ 1 file changed, 90 insertions(+), 45 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 657e805987..4400f56459 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -300,63 +300,116 @@ static u64 bus_to_context_maddr(struct vtd_iommu *iommu, u8 bus) return maddr; } -static u64 addr_to_dma_page_maddr(struct domain *domain, u64 addr, int alloc) +/* + * This function walks (and if requested allocates) page tables to the + * designated target level. It returns + * - 0 when a non-present entry was encountered and no allocation was + * requested, + * - a small positive value (the level, i.e. below PAGE_SIZE) upon allocation + * failure, + * - for target > 0 the physical address of the page table holding the leaf + * PTE for the requested address, + * - for target == 0 the full PTE. + */ +static uint64_t addr_to_dma_page_maddr(struct domain *domain, daddr_t addr, + unsigned int target, + unsigned int *flush_flags, bool alloc) { struct domain_iommu *hd = dom_iommu(domain); int addr_width = agaw_to_width(hd->arch.vtd.agaw); struct dma_pte *parent, *pte = NULL; - int level = agaw_to_level(hd->arch.vtd.agaw); - int offset; + unsigned int level = agaw_to_level(hd->arch.vtd.agaw), offset; u64 pte_maddr = 0; addr &= (((u64)1) << addr_width) - 1; ASSERT(spin_is_locked(&hd->arch.mapping_lock)); + ASSERT(target || !alloc); + if ( !hd->arch.vtd.pgd_maddr ) { struct page_info *pg; - if ( !alloc || !(pg = iommu_alloc_pgtable(hd)) ) + if ( !alloc ) + goto out; + + pte_maddr = level; + if ( !(pg = iommu_alloc_pgtable(hd)) ) goto out; hd->arch.vtd.pgd_maddr = page_to_maddr(pg); } - parent = (struct dma_pte *)map_vtd_domain_page(hd->arch.vtd.pgd_maddr); - while ( level > 1 ) + pte_maddr = hd->arch.vtd.pgd_maddr; + parent = map_vtd_domain_page(pte_maddr); + while ( level > target ) { offset = address_level_offset(addr, level); pte = &parent[offset]; pte_maddr = dma_pte_addr(*pte); - if ( !pte_maddr ) + if ( !dma_pte_present(*pte) || (level > 1 && dma_pte_superpage(*pte)) ) { struct page_info *pg; + /* + * Higher level tables always set r/w, last level page table + * controls read/write. + */ + struct dma_pte new_pte = { DMA_PTE_PROT }; if ( !alloc ) - break; + { + pte_maddr = 0; + if ( !dma_pte_present(*pte) ) + break; + /* + * When the leaf entry was requested, pass back the full PTE, + * with the address adjusted to account for the residual of + * the walk. + */ + pte_maddr = pte->val + + (addr & ((1UL << level_to_offset_bits(level)) - 1) & + PAGE_MASK); + if ( !target ) + break; + } + + pte_maddr = level - 1; pg = iommu_alloc_pgtable(hd); if ( !pg ) break; pte_maddr = page_to_maddr(pg); - dma_set_pte_addr(*pte, pte_maddr); + dma_set_pte_addr(new_pte, pte_maddr); - /* - * high level table always sets r/w, last level - * page table control read/write - */ - dma_set_pte_readable(*pte); - dma_set_pte_writable(*pte); + if ( dma_pte_present(*pte) ) + { + struct dma_pte *split = map_vtd_domain_page(pte_maddr); + unsigned long inc = 1UL << level_to_offset_bits(level - 1); + + split[0].val = pte->val; + if ( inc == PAGE_SIZE ) + split[0].val &= ~DMA_PTE_SP; + + for ( offset = 1; offset < PTE_NUM; ++offset ) + split[offset].val = split[offset - 1].val + inc; + + iommu_sync_cache(split, PAGE_SIZE); + unmap_vtd_domain_page(split); + + if ( flush_flags ) + *flush_flags |= IOMMU_FLUSHF_modified; + } + + write_atomic(&pte->val, new_pte.val); iommu_sync_cache(pte, sizeof(struct dma_pte)); } - if ( level == 2 ) + if ( --level == target ) break; unmap_vtd_domain_page(parent); parent = map_vtd_domain_page(pte_maddr); - level--; } unmap_vtd_domain_page(parent); @@ -387,7 +440,7 @@ static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, if ( !hd->arch.vtd.pgd_maddr ) { /* Ensure we have pagetables allocated down to leaf PTE. */ - addr_to_dma_page_maddr(d, 0, 1); + addr_to_dma_page_maddr(d, 0, 1, NULL, true); if ( !hd->arch.vtd.pgd_maddr ) return 0; @@ -728,8 +781,9 @@ static int __must_check cf_check iommu_flush_iotlb_all(struct domain *d) } /* clear one page's page table */ -static void dma_pte_clear_one(struct domain *domain, uint64_t addr, - unsigned int *flush_flags) +static int dma_pte_clear_one(struct domain *domain, daddr_t addr, + unsigned int order, + unsigned int *flush_flags) { struct domain_iommu *hd = dom_iommu(domain); struct dma_pte *page = NULL, *pte = NULL; @@ -737,11 +791,11 @@ static void dma_pte_clear_one(struct domain *domain, uint64_t addr, spin_lock(&hd->arch.mapping_lock); /* get last level pte */ - pg_maddr = addr_to_dma_page_maddr(domain, addr, 0); - if ( pg_maddr == 0 ) + pg_maddr = addr_to_dma_page_maddr(domain, addr, 1, flush_flags, false); + if ( pg_maddr < PAGE_SIZE ) { spin_unlock(&hd->arch.mapping_lock); - return; + return pg_maddr ? -ENOMEM : 0; } page = (struct dma_pte *)map_vtd_domain_page(pg_maddr); @@ -751,7 +805,7 @@ static void dma_pte_clear_one(struct domain *domain, uint64_t addr, { spin_unlock(&hd->arch.mapping_lock); unmap_vtd_domain_page(page); - return; + return 0; } dma_clear_pte(*pte); @@ -761,6 +815,8 @@ static void dma_pte_clear_one(struct domain *domain, uint64_t addr, iommu_sync_cache(pte, sizeof(struct dma_pte)); unmap_vtd_domain_page(page); + + return 0; } static int iommu_set_root_entry(struct vtd_iommu *iommu) @@ -2059,8 +2115,9 @@ static int __must_check cf_check intel_iommu_map_page( return 0; } - pg_maddr = addr_to_dma_page_maddr(d, dfn_to_daddr(dfn), 1); - if ( !pg_maddr ) + pg_maddr = addr_to_dma_page_maddr(d, dfn_to_daddr(dfn), 1, flush_flags, + true); + if ( pg_maddr < PAGE_SIZE ) { spin_unlock(&hd->arch.mapping_lock); return -ENOMEM; @@ -2110,17 +2167,14 @@ static int __must_check cf_check intel_iommu_unmap_page( if ( iommu_hwdom_passthrough && is_hardware_domain(d) ) return 0; - dma_pte_clear_one(d, dfn_to_daddr(dfn), flush_flags); - - return 0; + return dma_pte_clear_one(d, dfn_to_daddr(dfn), 0, flush_flags); } static int cf_check intel_iommu_lookup_page( struct domain *d, dfn_t dfn, mfn_t *mfn, unsigned int *flags) { struct domain_iommu *hd = dom_iommu(d); - struct dma_pte *page, val; - u64 pg_maddr; + uint64_t val; /* * If VT-d shares EPT page table or if the domain is the hardware @@ -2132,25 +2186,16 @@ static int cf_check intel_iommu_lookup_page( spin_lock(&hd->arch.mapping_lock); - pg_maddr = addr_to_dma_page_maddr(d, dfn_to_daddr(dfn), 0); - if ( !pg_maddr ) - { - spin_unlock(&hd->arch.mapping_lock); - return -ENOENT; - } - - page = map_vtd_domain_page(pg_maddr); - val = page[dfn_x(dfn) & LEVEL_MASK]; + val = addr_to_dma_page_maddr(d, dfn_to_daddr(dfn), 0, NULL, false); - unmap_vtd_domain_page(page); spin_unlock(&hd->arch.mapping_lock); - if ( !dma_pte_present(val) ) + if ( val < PAGE_SIZE ) return -ENOENT; - *mfn = maddr_to_mfn(dma_pte_addr(val)); - *flags = dma_pte_read(val) ? IOMMUF_readable : 0; - *flags |= dma_pte_write(val) ? IOMMUF_writable : 0; + *mfn = maddr_to_mfn(val); + *flags = val & DMA_PTE_READ ? IOMMUF_readable : 0; + *flags |= val & DMA_PTE_WRITE ? IOMMUF_writable : 0; return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:11:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:11:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311563.528776 (Exim 4.92) (envelope-from ) id 1niEbi-0002kt-W4; Sat, 23 Apr 2022 12:11:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311563.528776; Sat, 23 Apr 2022 12:11:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEbi-0002kl-Sn; Sat, 23 Apr 2022 12:11:22 +0000 Received: by outflank-mailman (input) for mailman id 311563; Sat, 23 Apr 2022 12:11:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEbh-0002kW-Ro for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEbh-0000xZ-Qy for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEbh-0004mT-Pv for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CymANhJbwokmATKTaZWTHitIB9xv84CwK/G4JxCsNNM=; b=Vjk3TKMXjLnIRHLPYKrwF5jcQ6 C4GYMldDp6hcWZ7XcJj1BQaCxHSHEHGIHt/VoAeQr6R5pv49Qnr8+tka9WoFsrqlDeRnCEO0s+BpO sz2u2EALs5RNeFfySiNr7csDm/IDE9AQP1z9zs8LhDas7RIn961vMPJUB2e40SzBcm4s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: limit page table population in domain_pgd_maddr() Message-Id: Date: Sat, 23 Apr 2022 12:11:21 +0000 commit 4e977a70adb1b9036d5fa7705d73ab5dd087faa4 Author: Jan Beulich AuthorDate: Fri Apr 22 14:53:13 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 22 14:53:13 2022 +0200 VT-d: limit page table population in domain_pgd_maddr() I have to admit that I never understood why domain_pgd_maddr() wants to populate all page table levels for DFN 0. I can only assume that despite the comment there what is needed is population just down to the smallest possible nr_pt_levels that the loop later in the function may need to run to. Hence what is needed is the minimum of all possible iommu->nr_pt_levels, to then be passed into addr_to_dma_page_maddr() instead of literal 1. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/iommu.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 4400f56459..f68d960d75 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -61,6 +61,7 @@ bool __read_mostly iommu_snoop = true; #endif static unsigned int __read_mostly nr_iommus; +static unsigned int __ro_after_init min_pt_levels = UINT_MAX; static struct tasklet vtd_fault_tasklet; @@ -439,8 +440,11 @@ static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, { if ( !hd->arch.vtd.pgd_maddr ) { - /* Ensure we have pagetables allocated down to leaf PTE. */ - addr_to_dma_page_maddr(d, 0, 1, NULL, true); + /* + * Ensure we have pagetables allocated down to the smallest + * level the loop below may need to run to. + */ + addr_to_dma_page_maddr(d, 0, min_pt_levels, NULL, true); if ( !hd->arch.vtd.pgd_maddr ) return 0; @@ -1349,6 +1353,8 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) goto free; } iommu->nr_pt_levels = agaw_to_level(agaw); + if ( min_pt_levels > iommu->nr_pt_levels ) + min_pt_levels = iommu->nr_pt_levels; if ( !ecap_coherent(iommu->ecap) ) iommu_non_coherent = true; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:11:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:11:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311564.528781 (Exim 4.92) (envelope-from ) id 1niEbt-0002oe-1L; Sat, 23 Apr 2022 12:11:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311564.528781; Sat, 23 Apr 2022 12:11:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEbs-0002oT-UO; Sat, 23 Apr 2022 12:11:32 +0000 Received: by outflank-mailman (input) for mailman id 311564; Sat, 23 Apr 2022 12:11:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEbr-0002oI-VR for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEbr-0000y0-Uf for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEbr-0004n4-Th for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=a6OcrmNwqfrcsVKGZXDzWBUKLqZ3IimZbNbYcqoRAZA=; b=ekOqoPX7vad5XhqieJuXHuJdsc xPiIdSIIQiPZk6FJFnKxujec+0lqTgfhjaM03ozXVe7Nm/8dLrtAll0FJM9xWNnaNG1LbttTT1Cyf 32Q62Jssg2MgsHPHtf4M7zhnSD05Trmv0O5GBl8Jz6F2ghjaWf+nbF1oDZEywtkH5GNI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU: have vendor code announce supported page sizes Message-Id: Date: Sat, 23 Apr 2022 12:11:31 +0000 commit 36992d809dcf052e5c0799769d1d935bae17d882 Author: Jan Beulich AuthorDate: Fri Apr 22 14:54:16 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 22 14:54:16 2022 +0200 IOMMU: have vendor code announce supported page sizes Generic code will use this information to determine what order values can legitimately be passed to the ->{,un}map_page() hooks. For now all ops structures simply get to announce 4k mappings (as base page size), and there is (and always has been) an assumption that this matches the CPU's MMU base page size (eventually we will want to permit IOMMUs with a base page size smaller than the CPU MMU's). Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau MonnĂ© Acked-by: Julien Grall Reviewed-by: Rahul Singh --- xen/drivers/passthrough/amd/pci_amd_iommu.c | 1 + xen/drivers/passthrough/arm/ipmmu-vmsa.c | 1 + xen/drivers/passthrough/arm/smmu-v3.c | 3 ++- xen/drivers/passthrough/arm/smmu.c | 1 + xen/drivers/passthrough/iommu.c | 10 ++++++++++ xen/drivers/passthrough/vtd/iommu.c | 1 + xen/include/xen/iommu.h | 1 + 7 files changed, 17 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 3430e39a29..8cbbd7c6c9 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -746,6 +746,7 @@ static void cf_check amd_dump_page_tables(struct domain *d) } static const struct iommu_ops __initconst_cf_clobber _iommu_ops = { + .page_sizes = PAGE_SIZE_4K, .init = amd_iommu_domain_init, .hwdom_init = amd_iommu_hwdom_init, .quarantine_init = amd_iommu_quarantine_init, diff --git a/xen/drivers/passthrough/arm/ipmmu-vmsa.c b/xen/drivers/passthrough/arm/ipmmu-vmsa.c index d2572bcd30..5a7b332bcc 100644 --- a/xen/drivers/passthrough/arm/ipmmu-vmsa.c +++ b/xen/drivers/passthrough/arm/ipmmu-vmsa.c @@ -1355,6 +1355,7 @@ static void ipmmu_iommu_domain_teardown(struct domain *d) static const struct iommu_ops ipmmu_iommu_ops = { + .page_sizes = PAGE_SIZE_4K, .init = ipmmu_iommu_domain_init, .hwdom_init = arch_iommu_hwdom_init, .teardown = ipmmu_iommu_domain_teardown, diff --git a/xen/drivers/passthrough/arm/smmu-v3.c b/xen/drivers/passthrough/arm/smmu-v3.c index 71b022fe7f..2822ffe05f 100644 --- a/xen/drivers/passthrough/arm/smmu-v3.c +++ b/xen/drivers/passthrough/arm/smmu-v3.c @@ -3411,7 +3411,8 @@ static void arm_smmu_iommu_xen_domain_teardown(struct domain *d) } static const struct iommu_ops arm_smmu_iommu_ops = { - .init = arm_smmu_iommu_xen_domain_init, + .page_sizes = PAGE_SIZE_4K, + .init = arm_smmu_iommu_xen_domain_init, .hwdom_init = arch_iommu_hwdom_init, .teardown = arm_smmu_iommu_xen_domain_teardown, .iotlb_flush = arm_smmu_iotlb_flush, diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c index b186c28dff..5cacb2dd99 100644 --- a/xen/drivers/passthrough/arm/smmu.c +++ b/xen/drivers/passthrough/arm/smmu.c @@ -2858,6 +2858,7 @@ static void arm_smmu_iommu_domain_teardown(struct domain *d) } static const struct iommu_ops arm_smmu_iommu_ops = { + .page_sizes = PAGE_SIZE_4K, .init = arm_smmu_iommu_domain_init, .hwdom_init = arch_iommu_hwdom_init, .add_device = arm_smmu_dt_add_device_generic, diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 73a7da71cd..1109a86532 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -494,7 +494,17 @@ int __init iommu_setup(void) if ( iommu_enable ) { + const struct iommu_ops *ops = NULL; + rc = iommu_hardware_setup(); + if ( !rc ) + ops = iommu_get_ops(); + if ( ops && (ops->page_sizes & -ops->page_sizes) != PAGE_SIZE ) + { + printk(XENLOG_ERR "IOMMU: page size mask %lx unsupported\n", + ops->page_sizes); + rc = ops->page_sizes ? -EPERM : -ENODATA; + } iommu_enabled = (rc == 0); } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index f68d960d75..cff37c0c31 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -3127,6 +3127,7 @@ static int cf_check intel_iommu_quarantine_init(struct pci_dev *pdev, } static const struct iommu_ops __initconst_cf_clobber vtd_ops = { + .page_sizes = PAGE_SIZE_4K, .init = intel_iommu_domain_init, .hwdom_init = intel_iommu_hwdom_init, .quarantine_init = intel_iommu_quarantine_init, diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 3a83981464..f7e8d5f287 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -231,6 +231,7 @@ struct page_info; typedef int iommu_grdm_t(xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt); struct iommu_ops { + unsigned long page_sizes; int (*init)(struct domain *d); void (*hwdom_init)(struct domain *d); int (*quarantine_init)(device_t *dev, bool scratch_page); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:11:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:11:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311565.528784 (Exim 4.92) (envelope-from ) id 1niEc3-0002rX-3J; Sat, 23 Apr 2022 12:11:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311565.528784; Sat, 23 Apr 2022 12:11:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEc2-0002rN-Vy; Sat, 23 Apr 2022 12:11:42 +0000 Received: by outflank-mailman (input) for mailman id 311565; Sat, 23 Apr 2022 12:11:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEc2-0002rC-2G for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEc2-0000yD-1V for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEc2-0004nh-0b for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pfMhA0kyamV8H/JAHsHUibdREiw9+kHuInVKoCYAyE8=; b=hKSNLelyLTupMmmMPDNzhAuPQC i+JOP1enCTJgZt6UgulT2hfUlJ1F3XLK95cEdhsY45/k3/ucj/DGY0NL0RCSd/T4ryw16BgU5AzCk AbKcjwLQOzF5xC/X97nxBfo5Kygvhf1uY7sypwUNwfoCGGNTfZqYgSSb+pL7sKFFOfm8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: drop stray TLB flush Message-Id: Date: Sat, 23 Apr 2022 12:11:42 +0000 commit c8a25eb617ee8554d7212bb1c8e64227cb5566af Author: Jan Beulich AuthorDate: Fri Apr 22 14:54:59 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 22 14:54:59 2022 +0200 AMD/IOMMU: drop stray TLB flush I think this flush was overlooked when flushing was moved out of the core (un)mapping functions. The flush the caller is required to invoke anyway will satisfy the needs resulting from the splitting of a superpage. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© --- xen/drivers/passthrough/amd/iommu_map.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 8bef46e045..3abcac247e 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -240,7 +240,7 @@ void __init iommu_dte_add_device_entry(struct amd_iommu_dte *dte, */ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, unsigned int target, unsigned long *pt_mfn, - bool map) + unsigned int *flush_flags, bool map) { union amd_iommu_pte *pde, *next_table_vaddr; unsigned long next_table_mfn; @@ -301,7 +301,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, set_iommu_pde_present(pde, next_table_mfn, next_level, true, true); - amd_iommu_flush_all_pages(d); + *flush_flags |= IOMMU_FLUSHF_modified; } /* Install lower level page table for non-present entries */ @@ -374,7 +374,8 @@ int cf_check amd_iommu_map_page( return rc; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, true) || !pt_mfn ) + if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, flush_flags, true) || + !pt_mfn ) { spin_unlock(&hd->arch.mapping_lock); AMD_IOMMU_ERROR("invalid IO pagetable entry dfn = %"PRI_dfn"\n", @@ -407,7 +408,7 @@ int cf_check amd_iommu_unmap_page( return 0; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, false) ) + if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, flush_flags, false) ) { spin_unlock(&hd->arch.mapping_lock); AMD_IOMMU_ERROR("invalid IO pagetable entry dfn = %"PRI_dfn"\n", -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:11:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:11:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311569.528790 (Exim 4.92) (envelope-from ) id 1niEcD-00039g-7T; Sat, 23 Apr 2022 12:11:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311569.528790; Sat, 23 Apr 2022 12:11:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEcD-00039Y-3X; Sat, 23 Apr 2022 12:11:53 +0000 Received: by outflank-mailman (input) for mailman id 311569; Sat, 23 Apr 2022 12:11:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEcC-00039Q-5C for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEcC-0000yN-4Z for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEcC-0004oE-3e for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:11:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GXYITNIZCSfpqruqhKPf6sFYWa94OO9WGEtMD5Qg3YA=; b=iaZLimeD5xuNTrQ4tTdTh5GdGL QeuWvfpta3gHmziagxEwdq+BoyiHrWe2ycbu3L/iqjSAiFexfV74cTHUmnB9uBK8lo54sPB1GjZ3P UTNwYLy3idxuH1s7/xEOHliYteyj9uetnGCHtQSL3/V1qFHZ+WH0Pn2jHQ0qN4l4Vghs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/build: make linking work again with ld incapable of generating build ID Message-Id: Date: Sat, 23 Apr 2022 12:11:52 +0000 commit 54279f87ecbcb3eab45fbdd52f44c1be998a9ab3 Author: Jan Beulich AuthorDate: Fri Apr 22 14:56:23 2022 +0200 Commit: Jan Beulich CommitDate: Fri Apr 22 14:56:23 2022 +0200 x86/build: make linking work again with ld incapable of generating build ID The retaining of .note.* in a PT_NOTE segment requires a matching program header to be present in the first place. Drop the respective conditional and adjust mkelf32 to deal with (ignore) the potentially present but empty extra segment (but have the new code be generic by dropping any excess trailing entirely empty segments). Fixes: dedb0aa42c6d ("x86/build: use --orphan-handling linker option if available") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/boot/mkelf32.c | 13 +++++++++++++ xen/arch/x86/xen.lds.S | 2 -- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/boot/mkelf32.c b/xen/arch/x86/boot/mkelf32.c index bcbde1a056..3d639c2e08 100644 --- a/xen/arch/x86/boot/mkelf32.c +++ b/xen/arch/x86/boot/mkelf32.c @@ -320,6 +320,19 @@ int main(int argc, char **argv) (int)in64_ehdr.e_phentsize, (int)sizeof(in64_phdr)); return 1; } + + /* Ignore entirely empty trailing program headers. */ + while ( in64_ehdr.e_phnum > num_phdrs ) + { + (void)lseek(infd, + in64_ehdr.e_phoff + in64_ehdr.e_phnum * sizeof(in64_phdr), + SEEK_SET); + do_read(infd, &in64_phdr, sizeof(in64_phdr)); + endianadjust_phdr64(&in64_phdr); + if ( in64_phdr.p_memsz ) + break; + --in64_ehdr.e_phnum; + } if ( in64_ehdr.e_phnum != num_phdrs ) { fprintf(stderr, "Expect precisly %d program header; found %d.\n", diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 68501c7186..6e4abbc1ce 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -40,9 +40,7 @@ OUTPUT_ARCH(i386:x86-64) PHDRS { text PT_LOAD ; -#if defined(BUILD_ID) || defined(CONFIG_PVH_GUEST) note PT_NOTE ; -#endif } #define PHDR(x) :x #else -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:12:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:12:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311570.528792 (Exim 4.92) (envelope-from ) id 1niEcN-0003EI-81; Sat, 23 Apr 2022 12:12:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311570.528792; Sat, 23 Apr 2022 12:12:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEcN-0003EA-4z; Sat, 23 Apr 2022 12:12:03 +0000 Received: by outflank-mailman (input) for mailman id 311570; Sat, 23 Apr 2022 12:12:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEcM-0003E1-85 for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEcM-0000yk-7R for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEcM-0004p2-6i for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fUaQoId/u1BLY50rUM9et442jrMh4gsqwU48/UsZDaE=; b=R3P+1uXr8nv199cRyXPqS9evil aXcAodTH7uQ1/iyFJKJY62unQ87ILvfH5xQAA7+K0SvqECrX9QF3lzjCxVri9J8jShXsSGXMX+QYV hl27wesiDMXTz7YcJTXR1YYgfddKVohpc3mh/aU5VLlTbvjCJUFYeJrwdtGHsGIKe/RI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/build: Fix MAP rule when called in isolation Message-Id: Date: Sat, 23 Apr 2022 12:12:02 +0000 commit b3234f193a912ce73c838279f2cf3ff242a00dfd Author: Andrew Cooper AuthorDate: Thu Apr 21 15:23:37 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 xen/build: Fix MAP rule when called in isolation Now that `make MAP` might rebuild $(TARGET), it needs removing from no-dot-config-targets. Otherwise the build eventually fails with: CPP arch/x86/asm-macros.i arch/x86/asm-macros.c:1:10: fatal error: asm/asm-defns.h: No such file or directory 1 | #include | ^~~~~~~~~~~~~~~~~ Fixes: e1e72198213b ("xen/build: Fix dependency for the MAP rule") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index 3a4e3bdd0f..ec34524ed2 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -215,7 +215,7 @@ export XEN_ROOT := $(abs_srctree)/.. clean-targets := %clean no-dot-config-targets := $(clean-targets) \ uninstall debug cloc \ - cscope TAGS tags MAP gtags \ + cscope TAGS tags gtags \ xenversion config-build := n -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:12:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:12:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311571.528796 (Exim 4.92) (envelope-from ) id 1niEcY-0003HA-9Z; Sat, 23 Apr 2022 12:12:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311571.528796; Sat, 23 Apr 2022 12:12:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEcY-0003H3-6X; Sat, 23 Apr 2022 12:12:14 +0000 Received: by outflank-mailman (input) for mailman id 311571; Sat, 23 Apr 2022 12:12:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEcW-0003Gs-Cu for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEcW-0000yv-Aa for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEcW-0004qF-9g for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DFpaaQkv9/irpbEF3khUcjTGyTy8eR16qBk5sC6G8yY=; b=BLimhY9ezH8vqEz/GuG6Av3HzZ Ym0kOzZv8utDOwH46BN57VJoDXTkcMBUqcIlUCZU6Spvxm2g0cY464qkPsg1Meu63FOLaA3byXd02 XhbekUxiaMwnXfmUZMZso8Y1VXUgqNdw0G7dgBJaEmgk8nCqymylusr2YSTSRXN3+Z/s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/debugger: Remove debugger_trap_entry() Message-Id: Date: Sat, 23 Apr 2022 12:12:12 +0000 commit af8b805c15199831aad50bc33066494fb2cab363 Author: Bobby Eshleman AuthorDate: Tue Sep 28 13:30:25 2021 -0700 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 x86/debugger: Remove debugger_trap_entry() debugger_trap_entry() is unrelated to the other contents of debugger.h. It is a no-op for everything other than #DB/#BP, and for those it invokes guest debugging (CONFIG_GDBSX) not host debugging (CONFIG_CRASH_DEBUG). The reason it is a no-op for gdbstub is related to the fact that it's description is inappropriate for any kind of useful debugging. In normal debugging, gdb only sees things which manifest as signals; it doesn't see things which the kernel resolves itself (some #PF, #NM, etc). Furthermore, without a mechanism to invoke pv_inject_event(), the current infrastructure will livelock on faults from guest context. As such, there is no plausible future matching it's description. Any work to do something better than the current nothing will have to design something more coherent. Therefore, simplify everything by expanding debugger_trap_entry() into its two non-empty locations, fixing bugs with their positioning (vs early exceptions and curr not being safe to deference) and for #DB, deferring the pause until the changes in %dr6 are saved to v->arch.dr6 so the debugger can actually see which condition triggered. This also removes some logically dead code from do_trap(), where the compiler can't prove that #DB/#BP are handled by different codepaths. Signed-off-by: Bobby Eshleman Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/include/asm/debugger.h | 42 ++----------------------------------- xen/arch/x86/traps.c | 34 +++++++++++++----------------- 2 files changed, 16 insertions(+), 60 deletions(-) diff --git a/xen/arch/x86/include/asm/debugger.h b/xen/arch/x86/include/asm/debugger.h index 221bcde137..e83b346a21 100644 --- a/xen/arch/x86/include/asm/debugger.h +++ b/xen/arch/x86/include/asm/debugger.h @@ -5,19 +5,12 @@ * * Each debugger should define two functions here: * - * 1. debugger_trap_entry(): - * Called at start of any synchronous fault or trap, before any other work - * is done. The idea is that if your debugger deliberately caused the trap - * (e.g. to implement breakpoints or data watchpoints) then you can take - * appropriate action and return a non-zero value to cause early exit from - * the trap function. - * - * 2. debugger_trap_fatal(): + * debugger_trap_fatal(): * Called when Xen is about to give up and crash. Typically you will use this * hook to drop into a debug session. It can also be used to hook off * deliberately caused traps (which you then handle and return non-zero). * - * 3. debugger_trap_immediate(): + * debugger_trap_immediate(): * Called if we want to drop into a debugger now. This is essentially the * same as debugger_trap_fatal, except that we use the current register state * rather than the state which was in effect when we took the trap. @@ -49,31 +42,6 @@ static inline bool debugger_trap_fatal( /* Int3 is a trivial way to gather cpu_user_regs context. */ #define debugger_trap_immediate() __asm__ __volatile__ ( "int3" ); -static inline bool debugger_trap_entry( - unsigned int vector, struct cpu_user_regs *regs) -{ - /* - * This function is called before any checks are made. Amongst other - * things, be aware that during early boot, current is not a safe pointer - * to follow. - */ - struct vcpu *v = current; - - if ( vector != TRAP_int3 && vector != TRAP_debug ) - return false; - - if ( guest_mode(regs) && guest_kernel_mode(v, regs) && - v->domain->debugger_attached ) - { - if ( vector != TRAP_debug ) /* domain pause is good enough */ - current->arch.gdbsx_vcpu_event = vector; - domain_pause_for_debugger(); - return true; - } - - return false; -} - #else static inline bool debugger_trap_fatal( @@ -84,12 +52,6 @@ static inline bool debugger_trap_fatal( #define debugger_trap_immediate() ((void)0) -static inline bool debugger_trap_entry( - unsigned int vector, struct cpu_user_regs *regs) -{ - return false; -} - #endif #ifdef CONFIG_GDBSX diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 4c38f6c015..84cd038dc3 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -946,9 +946,6 @@ void do_trap(struct cpu_user_regs *regs) if ( regs->error_code & X86_XEC_EXT ) goto hardware_trap; - if ( debugger_trap_entry(trapnr, regs) ) - return; - ASSERT(trapnr < 32); if ( guest_mode(regs) ) @@ -1177,9 +1174,6 @@ void do_invalid_op(struct cpu_user_regs *regs) int id = -1, lineno; const struct virtual_region *region; - if ( debugger_trap_entry(TRAP_invalid_op, regs) ) - return; - if ( likely(guest_mode(regs)) ) { if ( pv_emulate_invalid_op(regs) ) @@ -1284,8 +1278,7 @@ void do_invalid_op(struct cpu_user_regs *regs) void do_int3(struct cpu_user_regs *regs) { - if ( debugger_trap_entry(TRAP_int3, regs) ) - return; + struct vcpu *curr = current; if ( !guest_mode(regs) ) { @@ -1299,6 +1292,13 @@ void do_int3(struct cpu_user_regs *regs) return; } + if ( guest_kernel_mode(curr, regs) && curr->domain->debugger_attached ) + { + curr->arch.gdbsx_vcpu_event = TRAP_int3; + domain_pause_for_debugger(); + return; + } + pv_inject_hw_exception(TRAP_int3, X86_EVENT_NO_EC); } @@ -1575,9 +1575,6 @@ void do_page_fault(struct cpu_user_regs *regs) /* fixup_page_fault() might change regs->error_code, so cache it here. */ error_code = regs->error_code; - if ( debugger_trap_entry(TRAP_page_fault, regs) ) - return; - perfc_incr(page_faults); /* Any shadow stack access fault is a bug in Xen. */ @@ -1676,9 +1673,6 @@ void do_general_protection(struct cpu_user_regs *regs) struct vcpu *v = current; #endif - if ( debugger_trap_entry(TRAP_gp_fault, regs) ) - return; - if ( regs->error_code & X86_XEC_EXT ) goto hardware_gp; @@ -1971,9 +1965,6 @@ void do_debug(struct cpu_user_regs *regs) /* Stash dr6 as early as possible. */ dr6 = read_debugreg(6); - if ( debugger_trap_entry(TRAP_debug, regs) ) - return; - /* * At the time of writing (March 2018), on the subject of %dr6: * @@ -2082,6 +2073,12 @@ void do_debug(struct cpu_user_regs *regs) v->arch.dr6 |= (dr6 & ~X86_DR6_DEFAULT); v->arch.dr6 &= (dr6 | ~X86_DR6_DEFAULT); + if ( guest_kernel_mode(v, regs) && v->domain->debugger_attached ) + { + domain_pause_for_debugger(); + return; + } + pv_inject_hw_exception(TRAP_debug, X86_EVENT_NO_EC); } @@ -2097,9 +2094,6 @@ void do_entry_CP(struct cpu_user_regs *regs) const char *err = "??"; unsigned int ec = regs->error_code; - if ( debugger_trap_entry(X86_EXC_CP, regs) ) - return; - /* Decode ec if possible */ if ( ec < ARRAY_SIZE(errors) && errors[ec][0] ) err = errors[ec]; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:12:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:12:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311572.528801 (Exim 4.92) (envelope-from ) id 1niEci-0003Jp-C0; Sat, 23 Apr 2022 12:12:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311572.528801; Sat, 23 Apr 2022 12:12:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEci-0003Jh-8M; Sat, 23 Apr 2022 12:12:24 +0000 Received: by outflank-mailman (input) for mailman id 311572; Sat, 23 Apr 2022 12:12:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEcg-0003JT-Ei for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEcg-0000yz-Dw for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEcg-0004qe-D7 for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=I+cpP2jgX/BxRqILHK/kb6rVEHWgQr9mlZ8PkvwZFJg=; b=DgKsIGjpFR4DX1QNuGQIIUktSe Hn0Y7NCXz4l32PtuDvKRgunyK3SRcNE6YT9ade88Pte1dt8BNjCob9fd6wCD5JXFVckKhMq2JlBAl WBokWUG4U0yoSQPrb6ZIDR+fAj4Z0iFrXgKRfCPf+RZDGhRxYAsxxWYCnf7L/uVGXdJs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/gdbsx: Rename debug.c to gdbsx.c Message-Id: Date: Sat, 23 Apr 2022 12:12:22 +0000 commit 203156ef36df87a9a4161e15889b901df5ef58eb Author: Bobby Eshleman AuthorDate: Tue Sep 28 13:30:26 2021 -0700 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 x86/gdbsx: Rename debug.c to gdbsx.c debug.c contains only dbg_rw_mem(). Rename it to gdbsx.c. Move gdbsx_guest_mem_io(), and the prior setup of iop->remain, from domctl.c to gdbsx.c, merging it with dbg_rw_mem(). Signed-off-by: Bobby Eshleman Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/Makefile | 2 +- xen/arch/x86/debug.c | 177 ------------------------------------ xen/arch/x86/domctl.c | 14 +-- xen/arch/x86/gdbsx.c | 174 +++++++++++++++++++++++++++++++++++ xen/arch/x86/include/asm/debugger.h | 6 -- xen/arch/x86/include/asm/gdbsx.h | 13 +++ 6 files changed, 190 insertions(+), 196 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 717bcbcac7..177a2ff742 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -22,7 +22,6 @@ obj-y += cpuid.o obj-$(CONFIG_PV) += compat.o obj-$(CONFIG_PV32) += x86_64/compat.o obj-$(CONFIG_KEXEC) += crash.o -obj-$(CONFIG_GDBSX) += debug.o obj-y += delay.o obj-y += desc.o obj-bin-y += dmi_scan.init.o @@ -34,6 +33,7 @@ obj-y += emul-i8254.o obj-y += extable.o obj-y += flushtlb.o obj-$(CONFIG_CRASH_DEBUG) += gdbstub.o +obj-$(CONFIG_GDBSX) += gdbsx.o obj-y += hypercall.o obj-y += i387.o obj-y += i8259.o diff --git a/xen/arch/x86/debug.c b/xen/arch/x86/debug.c deleted file mode 100644 index 91034a852e..0000000000 --- a/xen/arch/x86/debug.c +++ /dev/null @@ -1,177 +0,0 @@ -/* - * Copyright (C) 2009, Mukesh Rathor, Oracle Corp. All rights reserved. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public - * License v2 as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this program; If not, see . - */ - -#include -#include -#include -#include -#include -#include - -typedef unsigned long dbgva_t; -typedef unsigned char dbgbyte_t; - -/* Returns: mfn for the given (hvm guest) vaddr */ -static mfn_t -dbg_hvm_va2mfn(dbgva_t vaddr, struct domain *dp, int toaddr, gfn_t *gfn) -{ - mfn_t mfn; - uint32_t pfec = PFEC_page_present; - p2m_type_t gfntype; - - *gfn = _gfn(paging_gva_to_gfn(dp->vcpu[0], vaddr, &pfec)); - if ( gfn_eq(*gfn, INVALID_GFN) ) - return INVALID_MFN; - - mfn = get_gfn(dp, gfn_x(*gfn), &gfntype); - if ( p2m_is_readonly(gfntype) && toaddr ) - mfn = INVALID_MFN; - - if ( mfn_eq(mfn, INVALID_MFN) ) - { - put_gfn(dp, gfn_x(*gfn)); - *gfn = INVALID_GFN; - } - - return mfn; -} - -/* - * pgd3val: this is the value of init_mm.pgd[3] in a PV guest. It is optional. - * This to assist debug of modules in the guest. The kernel address - * space seems is always mapped, but modules are not necessarily - * mapped in any arbitraty guest cr3 that we pick if pgd3val is 0. - * Modules should always be addressible if we use cr3 from init_mm. - * Since pgd3val is already a pgd value, cr3->pgd[3], we just need to - * do 2 level lookups. - * - * NOTE: 4 level paging works for 32 PAE guests also because cpu runs in IA32-e - * mode. - * Returns: mfn for the given (pv guest) vaddr - */ -static mfn_t -dbg_pv_va2mfn(dbgva_t vaddr, struct domain *dp, uint64_t pgd3val) -{ - l4_pgentry_t l4e, *l4t; - l3_pgentry_t l3e, *l3t; - l2_pgentry_t l2e, *l2t; - l1_pgentry_t l1e, *l1t; - unsigned long cr3 = (pgd3val ? pgd3val : dp->vcpu[0]->arch.cr3); - mfn_t mfn = maddr_to_mfn(cr3_pa(cr3)); - - if ( pgd3val == 0 ) - { - l4t = map_domain_page(mfn); - l4e = l4t[l4_table_offset(vaddr)]; - unmap_domain_page(l4t); - mfn = l4e_get_mfn(l4e); - if ( !(l4e_get_flags(l4e) & _PAGE_PRESENT) ) - return INVALID_MFN; - - l3t = map_domain_page(mfn); - l3e = l3t[l3_table_offset(vaddr)]; - unmap_domain_page(l3t); - mfn = l3e_get_mfn(l3e); - if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) || - (l3e_get_flags(l3e) & _PAGE_PSE) ) - return INVALID_MFN; - } - - l2t = map_domain_page(mfn); - l2e = l2t[l2_table_offset(vaddr)]; - unmap_domain_page(l2t); - mfn = l2e_get_mfn(l2e); - if ( !(l2e_get_flags(l2e) & _PAGE_PRESENT) || - (l2e_get_flags(l2e) & _PAGE_PSE) ) - return INVALID_MFN; - - l1t = map_domain_page(mfn); - l1e = l1t[l1_table_offset(vaddr)]; - unmap_domain_page(l1t); - mfn = l1e_get_mfn(l1e); - - return mfn_valid(mfn) ? mfn : INVALID_MFN; -} - -/* Returns: number of bytes remaining to be copied */ -static unsigned int dbg_rw_guest_mem(struct domain *dp, unsigned long addr, - XEN_GUEST_HANDLE_PARAM(void) buf, - unsigned int len, bool toaddr, - uint64_t pgd3) -{ - while ( len > 0 ) - { - char *va; - mfn_t mfn; - gfn_t gfn = INVALID_GFN; - unsigned long pagecnt; - - pagecnt = min_t(long, PAGE_SIZE - (addr & ~PAGE_MASK), len); - - mfn = (is_hvm_domain(dp) - ? dbg_hvm_va2mfn(addr, dp, toaddr, &gfn) - : dbg_pv_va2mfn(addr, dp, pgd3)); - if ( mfn_eq(mfn, INVALID_MFN) ) - break; - - va = map_domain_page(mfn); - va = va + (addr & (PAGE_SIZE-1)); - - if ( toaddr ) - { - copy_from_guest(va, buf, pagecnt); - paging_mark_dirty(dp, mfn); - } - else - copy_to_guest(buf, va, pagecnt); - - unmap_domain_page(va); - if ( !gfn_eq(gfn, INVALID_GFN) ) - put_gfn(dp, gfn_x(gfn)); - - addr += pagecnt; - guest_handle_add_offset(buf, pagecnt); - len -= pagecnt; - } - - return len; -} - -/* - * addr is guest addr - * buf is debugger buffer. - * if toaddr, then addr = buf (write to addr), else buf = addr (rd from guest) - * pgd3: value of init_mm.pgd[3] in guest. see above. - * Returns: number of bytes remaining to be copied. - */ -unsigned int dbg_rw_mem(unsigned long gva, XEN_GUEST_HANDLE_PARAM(void) buf, - unsigned int len, struct domain *d, bool toaddr, - uint64_t pgd3) -{ - if ( d && !d->is_dying ) - len = dbg_rw_guest_mem(d, gva, buf, len, toaddr, pgd3); - - return len; -} - -/* - * Local variables: - * mode: C - * c-file-style: "BSD" - * c-basic-offset: 4 - * indent-tabs-mode: nil - * End: - */ diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index a6aae500a3..c20ab43527 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -20,6 +20,8 @@ #include #include #include + +#include #include #include #include @@ -33,20 +35,9 @@ #include #include #include -#include #include #include -#ifdef CONFIG_GDBSX -static int gdbsx_guest_mem_io(struct domain *d, struct xen_domctl_gdbsx_memio *iop) -{ - iop->remain = dbg_rw_mem(iop->gva, guest_handle_from_ptr(iop->uva, void), - iop->len, d, iop->gwr, iop->pgd3val); - - return iop->remain ? -EFAULT : 0; -} -#endif - static int update_domain_cpu_policy(struct domain *d, xen_domctl_cpu_policy_t *xdpc) { @@ -827,7 +818,6 @@ long arch_do_domctl( #ifdef CONFIG_GDBSX case XEN_DOMCTL_gdbsx_guestmemio: - domctl->u.gdbsx_guest_memio.remain = domctl->u.gdbsx_guest_memio.len; ret = gdbsx_guest_mem_io(d, &domctl->u.gdbsx_guest_memio); if ( !ret ) copyback = true; diff --git a/xen/arch/x86/gdbsx.c b/xen/arch/x86/gdbsx.c new file mode 100644 index 0000000000..59eb31fc9a --- /dev/null +++ b/xen/arch/x86/gdbsx.c @@ -0,0 +1,174 @@ +/* + * Copyright (C) 2009, Mukesh Rathor, Oracle Corp. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public + * License v2 as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public + * License along with this program; If not, see . + */ + +#include +#include +#include +#include +#include +#include + +typedef unsigned long dbgva_t; +typedef unsigned char dbgbyte_t; + +/* Returns: mfn for the given (hvm guest) vaddr */ +static mfn_t +dbg_hvm_va2mfn(dbgva_t vaddr, struct domain *dp, int toaddr, gfn_t *gfn) +{ + mfn_t mfn; + uint32_t pfec = PFEC_page_present; + p2m_type_t gfntype; + + *gfn = _gfn(paging_gva_to_gfn(dp->vcpu[0], vaddr, &pfec)); + if ( gfn_eq(*gfn, INVALID_GFN) ) + return INVALID_MFN; + + mfn = get_gfn(dp, gfn_x(*gfn), &gfntype); + if ( p2m_is_readonly(gfntype) && toaddr ) + mfn = INVALID_MFN; + + if ( mfn_eq(mfn, INVALID_MFN) ) + { + put_gfn(dp, gfn_x(*gfn)); + *gfn = INVALID_GFN; + } + + return mfn; +} + +/* + * pgd3val: this is the value of init_mm.pgd[3] in a PV guest. It is optional. + * This to assist debug of modules in the guest. The kernel address + * space seems is always mapped, but modules are not necessarily + * mapped in any arbitraty guest cr3 that we pick if pgd3val is 0. + * Modules should always be addressible if we use cr3 from init_mm. + * Since pgd3val is already a pgd value, cr3->pgd[3], we just need to + * do 2 level lookups. + * + * NOTE: 4 level paging works for 32 PAE guests also because cpu runs in IA32-e + * mode. + * Returns: mfn for the given (pv guest) vaddr + */ +static mfn_t +dbg_pv_va2mfn(dbgva_t vaddr, struct domain *dp, uint64_t pgd3val) +{ + l4_pgentry_t l4e, *l4t; + l3_pgentry_t l3e, *l3t; + l2_pgentry_t l2e, *l2t; + l1_pgentry_t l1e, *l1t; + unsigned long cr3 = (pgd3val ? pgd3val : dp->vcpu[0]->arch.cr3); + mfn_t mfn = maddr_to_mfn(cr3_pa(cr3)); + + if ( pgd3val == 0 ) + { + l4t = map_domain_page(mfn); + l4e = l4t[l4_table_offset(vaddr)]; + unmap_domain_page(l4t); + mfn = l4e_get_mfn(l4e); + if ( !(l4e_get_flags(l4e) & _PAGE_PRESENT) ) + return INVALID_MFN; + + l3t = map_domain_page(mfn); + l3e = l3t[l3_table_offset(vaddr)]; + unmap_domain_page(l3t); + mfn = l3e_get_mfn(l3e); + if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) || + (l3e_get_flags(l3e) & _PAGE_PSE) ) + return INVALID_MFN; + } + + l2t = map_domain_page(mfn); + l2e = l2t[l2_table_offset(vaddr)]; + unmap_domain_page(l2t); + mfn = l2e_get_mfn(l2e); + if ( !(l2e_get_flags(l2e) & _PAGE_PRESENT) || + (l2e_get_flags(l2e) & _PAGE_PSE) ) + return INVALID_MFN; + + l1t = map_domain_page(mfn); + l1e = l1t[l1_table_offset(vaddr)]; + unmap_domain_page(l1t); + mfn = l1e_get_mfn(l1e); + + return mfn_valid(mfn) ? mfn : INVALID_MFN; +} + +/* Returns: number of bytes remaining to be copied */ +static unsigned int dbg_rw_guest_mem(struct domain *dp, unsigned long addr, + XEN_GUEST_HANDLE_PARAM(void) buf, + unsigned int len, bool toaddr, + uint64_t pgd3) +{ + while ( len > 0 ) + { + char *va; + mfn_t mfn; + gfn_t gfn = INVALID_GFN; + unsigned long pagecnt; + + pagecnt = min_t(long, PAGE_SIZE - (addr & ~PAGE_MASK), len); + + mfn = (is_hvm_domain(dp) + ? dbg_hvm_va2mfn(addr, dp, toaddr, &gfn) + : dbg_pv_va2mfn(addr, dp, pgd3)); + if ( mfn_eq(mfn, INVALID_MFN) ) + break; + + va = map_domain_page(mfn); + va = va + (addr & (PAGE_SIZE-1)); + + if ( toaddr ) + { + copy_from_guest(va, buf, pagecnt); + paging_mark_dirty(dp, mfn); + } + else + copy_to_guest(buf, va, pagecnt); + + unmap_domain_page(va); + if ( !gfn_eq(gfn, INVALID_GFN) ) + put_gfn(dp, gfn_x(gfn)); + + addr += pagecnt; + guest_handle_add_offset(buf, pagecnt); + len -= pagecnt; + } + + return len; +} + +int gdbsx_guest_mem_io(struct domain *d, struct xen_domctl_gdbsx_memio *iop) +{ + if ( d && !d->is_dying ) + { + iop->remain = dbg_rw_guest_mem( + d, iop->gva, guest_handle_from_ptr(iop->uva, void), + iop->len, iop->gwr, iop->pgd3val); + } + else + iop->remain = iop->len; + + return iop->remain ? -EFAULT : 0; +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/arch/x86/include/asm/debugger.h b/xen/arch/x86/include/asm/debugger.h index e83b346a21..c5585752ca 100644 --- a/xen/arch/x86/include/asm/debugger.h +++ b/xen/arch/x86/include/asm/debugger.h @@ -54,10 +54,4 @@ static inline bool debugger_trap_fatal( #endif -#ifdef CONFIG_GDBSX -unsigned int dbg_rw_mem(unsigned long gva, XEN_GUEST_HANDLE_PARAM(void) buf, - unsigned int len, struct domain *d, bool toaddr, - uint64_t pgd3); -#endif - #endif /* __X86_DEBUGGER_H__ */ diff --git a/xen/arch/x86/include/asm/gdbsx.h b/xen/arch/x86/include/asm/gdbsx.h new file mode 100644 index 0000000000..eee746fc01 --- /dev/null +++ b/xen/arch/x86/include/asm/gdbsx.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __X86_GDBX_H__ +#define __X86_GDBX_H__ + +#ifdef CONFIG_GDBSX + +struct domain; +struct xen_domctl_gdbsx_memio; + +int gdbsx_guest_mem_io(struct domain *d, struct xen_domctl_gdbsx_memio *iop); + +#endif /* CONFIG_GDBSX */ +#endif /* __X86_GDBX_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:12:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:12:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311573.528803 (Exim 4.92) (envelope-from ) id 1niEcs-0003N4-ED; Sat, 23 Apr 2022 12:12:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311573.528803; Sat, 23 Apr 2022 12:12:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEcs-0003Mw-BJ; Sat, 23 Apr 2022 12:12:34 +0000 Received: by outflank-mailman (input) for mailman id 311573; Sat, 23 Apr 2022 12:12:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEcq-0003Mg-I8 for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEcq-0000zM-HU for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEcq-0004r7-Go for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2c0cMocLPqST7YqjdsttbfT5lP76UmUK5j8DAiUJjUQ=; b=X/31lhmxGr2i4CjmopiPu0W/W/ UoFZP+i3DFsUX4sCI8i+57gb1IOjd2zjuMkr+emg7mHxUwwiM4uXne7OHk8A5P94x3JAop12gcEfi vFdQ3anM9gNGLzdNdGaenST3rzpp0iyTdSEiuSvpzPdk2ayUMlH6zVtYDg0wCIqGtzFw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/gdbsx: Move domain_pause_for_debugger() into gdbsx Message-Id: Date: Sat, 23 Apr 2022 12:12:32 +0000 commit 4de0f05fcf7d57c25aaef2f4aa064812b8628a72 Author: Andrew Cooper AuthorDate: Wed Apr 20 01:38:32 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 x86/gdbsx: Move domain_pause_for_debugger() into gdbsx domain_pause_for_debugger() is guest debugging (CONFIG_GDBSX) not host debugging (CONFIG_CRASH_DEBUG). Move it into the new gdbsx.c to drop the (incorrect) ifdefary, and provide a static inline in the !CONFIG_GDBSX case so callers can optimise away everything rather than having to emit a call to an empty function. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/domain.c | 14 -------------- xen/arch/x86/gdbsx.c | 14 ++++++++++++++ xen/arch/x86/hvm/svm/svm.c | 2 +- xen/arch/x86/hvm/vmx/realmode.c | 3 ++- xen/arch/x86/hvm/vmx/vmx.c | 2 +- xen/arch/x86/include/asm/debugger.h | 2 -- xen/arch/x86/include/asm/gdbsx.h | 6 ++++++ xen/arch/x86/nmi.c | 1 - xen/arch/x86/traps.c | 1 + 9 files changed, 25 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index a5048ed654..a72cc9552a 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2540,20 +2540,6 @@ static int __init cf_check init_vcpu_kick_softirq(void) } __initcall(init_vcpu_kick_softirq); -void domain_pause_for_debugger(void) -{ -#ifdef CONFIG_CRASH_DEBUG - struct vcpu *curr = current; - struct domain *d = curr->domain; - - domain_pause_by_systemcontroller_nosync(d); - - /* if gdbsx active, we just need to pause the domain */ - if ( curr->arch.gdbsx_vcpu_event == 0 ) - send_global_virq(VIRQ_DEBUGGER); -#endif -} - /* * Local variables: * mode: C diff --git a/xen/arch/x86/gdbsx.c b/xen/arch/x86/gdbsx.c index 59eb31fc9a..6ef46e8ea7 100644 --- a/xen/arch/x86/gdbsx.c +++ b/xen/arch/x86/gdbsx.c @@ -18,6 +18,8 @@ #include #include #include +#include + #include #include @@ -164,6 +166,18 @@ int gdbsx_guest_mem_io(struct domain *d, struct xen_domctl_gdbsx_memio *iop) return iop->remain ? -EFAULT : 0; } +void domain_pause_for_debugger(void) +{ + struct vcpu *curr = current; + struct domain *d = curr->domain; + + domain_pause_by_systemcontroller_nosync(d); + + /* if gdbsx active, we just need to pause the domain */ + if ( curr->arch.gdbsx_vcpu_event == 0 ) + send_global_virq(VIRQ_DEBUGGER); +} + /* * Local variables: * mode: C diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 2455835eda..0849a9dc5f 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -58,7 +58,7 @@ #include #include #include -#include +#include #include #include #include diff --git a/xen/arch/x86/hvm/vmx/realmode.c b/xen/arch/x86/hvm/vmx/realmode.c index cc23afa788..4ac93e0810 100644 --- a/xen/arch/x86/hvm/vmx/realmode.c +++ b/xen/arch/x86/hvm/vmx/realmode.c @@ -14,7 +14,8 @@ #include #include #include -#include + +#include #include #include #include diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index af9ee7cebb..cc8c4e9f04 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -51,7 +51,7 @@ #include #include #include -#include +#include #include #include #include diff --git a/xen/arch/x86/include/asm/debugger.h b/xen/arch/x86/include/asm/debugger.h index c5585752ca..9a3132356f 100644 --- a/xen/arch/x86/include/asm/debugger.h +++ b/xen/arch/x86/include/asm/debugger.h @@ -26,8 +26,6 @@ #include #include -void domain_pause_for_debugger(void); - #ifdef CONFIG_CRASH_DEBUG #include diff --git a/xen/arch/x86/include/asm/gdbsx.h b/xen/arch/x86/include/asm/gdbsx.h index eee746fc01..938eb74e2e 100644 --- a/xen/arch/x86/include/asm/gdbsx.h +++ b/xen/arch/x86/include/asm/gdbsx.h @@ -9,5 +9,11 @@ struct xen_domctl_gdbsx_memio; int gdbsx_guest_mem_io(struct domain *d, struct xen_domctl_gdbsx_memio *iop); +void domain_pause_for_debugger(void); + +#else + +static inline void domain_pause_for_debugger(void) {} + #endif /* CONFIG_GDBSX */ #endif /* __X86_GDBX_H__ */ diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index 302eaf2ff3..7656023748 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -30,7 +30,6 @@ #include #include #include -#include #include #include diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 84cd038dc3..d915324611 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -58,6 +58,7 @@ #include #include #include +#include #include #include #include -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:12:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:12:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311574.528808 (Exim 4.92) (envelope-from ) id 1niEd2-0003Q0-Fs; Sat, 23 Apr 2022 12:12:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311574.528808; Sat, 23 Apr 2022 12:12:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEd2-0003Pq-Ck; Sat, 23 Apr 2022 12:12:44 +0000 Received: by outflank-mailman (input) for mailman id 311574; Sat, 23 Apr 2022 12:12:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEd0-0003PV-LU for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEd0-0000zS-Kn for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEd0-0004ra-Jr for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6L+BKcNrDb7ofv8zHlYC81GdYD4w9X37Fl0Dd4dfPTM=; b=XzKsSUoqEdhSuVF75P7FUrZUTX vJPhjT7oNzSYbCnhxHkdMVXF7rDToIQD394VVgvYxnY4oR89MZpEaEiaW6QQPeC+pv1JwrauYOiUa Lhx5fW/1F8CYMxBSfKbrz8AW9ZkLF1lx+qGEkKxd038liR0S2rpwGBcxmKbQgRoIk/As=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/gdbstub: Clean up includes Message-Id: Date: Sat, 23 Apr 2022 12:12:42 +0000 commit 30122012db246c3e05f7a3668e03f76141affd4c Author: Andrew Cooper AuthorDate: Wed Apr 20 13:48:05 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 x86/gdbstub: Clean up includes common/gdbstub.c wants struct gdb_context but only gets it transitively through asm/debugger.h. None of */gdbstub.c should include asm/debugger.h so include xen/gdbstub.h instead. Forward declare struct cpu_user_regs in xen/gdbstub.h so it doesn't depend on the include order to compile. x86/setup.c doesn't need xen/gdbstub.h at all, so drop it. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/gdbstub.c | 5 ++++- xen/arch/x86/setup.c | 1 - xen/arch/x86/x86_64/gdbstub.c | 2 +- xen/common/gdbstub.c | 3 ++- xen/include/xen/gdbstub.h | 2 ++ 5 files changed, 9 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/gdbstub.c b/xen/arch/x86/gdbstub.c index 8f4f49fd3b..961cae0be7 100644 --- a/xen/arch/x86/gdbstub.c +++ b/xen/arch/x86/gdbstub.c @@ -18,7 +18,10 @@ * You should have received a copy of the GNU General Public License * along with this program; If not, see . */ -#include +#include +#include + +#include u16 gdb_arch_signal_num(struct cpu_user_regs *regs, unsigned long cookie) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 6f20e17892..53a73010e0 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -15,7 +15,6 @@ #include #include #include -#include #include #include #include diff --git a/xen/arch/x86/x86_64/gdbstub.c b/xen/arch/x86/x86_64/gdbstub.c index 2626519c89..8287124dfb 100644 --- a/xen/arch/x86/x86_64/gdbstub.c +++ b/xen/arch/x86/x86_64/gdbstub.c @@ -17,7 +17,7 @@ * along with this program; If not, see . */ -#include +#include #define GDB_REG64(r) gdb_write_to_packet_hex(r, sizeof(u64), ctx) #define GDB_REG32(r) gdb_write_to_packet_hex(r, sizeof(u32), ctx) diff --git a/xen/common/gdbstub.c b/xen/common/gdbstub.c index d6872721dc..df8d122bce 100644 --- a/xen/common/gdbstub.c +++ b/xen/common/gdbstub.c @@ -38,13 +38,14 @@ #include #include #include -#include #include #include #include #include #include #include +#include + #include /* Printk isn't particularly safe just after we've trapped to the diff --git a/xen/include/xen/gdbstub.h b/xen/include/xen/gdbstub.h index 0b2041095d..18c960969b 100644 --- a/xen/include/xen/gdbstub.h +++ b/xen/include/xen/gdbstub.h @@ -25,6 +25,8 @@ #ifdef CONFIG_CRASH_DEBUG +struct cpu_user_regs; + struct gdb_context { int serhnd; /* handle on our serial line */ int console_steal_id; /* handle on stolen console */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:12:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:12:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311575.528812 (Exim 4.92) (envelope-from ) id 1niEdC-0003Sz-HL; Sat, 23 Apr 2022 12:12:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311575.528812; Sat, 23 Apr 2022 12:12:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdC-0003Sr-EL; Sat, 23 Apr 2022 12:12:54 +0000 Received: by outflank-mailman (input) for mailman id 311575; Sat, 23 Apr 2022 12:12:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdA-0003SR-OZ for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdA-0000zW-Ns for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEdA-0004sK-N4 for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:12:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=demqRpbSbOSRe5VtH6+Ppl6+5Sp266Q66OvrO028hsE=; b=yyCPadtm2AB3hvB7lTry5GL9Wf a44owffJxksKTkKIPRZ7eU089nS43EflKHZm3bEJLf+mZZxs3ja6tW5TEZ8Isbt3Ko+JT7PhnBYnd DzDylj3/KEr9MQlyhnkPHf5IckuwNZJUbreaY97HS884BETLtmNQ8NozDkyrC5Iau54Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/debugger: Misc cleanup prior to splitting Message-Id: Date: Sat, 23 Apr 2022 12:12:52 +0000 commit 8bbc990772f35050b9efaebc0efaaead1ea0aab1 Author: Andrew Cooper AuthorDate: Wed Apr 20 14:40:45 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 x86/debugger: Misc cleanup prior to splitting * Remove inappropriate semicolon from debugger_trap_immediate(). * Try to explain what debugger_trap_fatal() is doing, and write it in a more legible way. * Drop unnecessary includes. This includes common/domain.c which doesn't use any debugger functionality, even prior to this cleanup. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/include/asm/debugger.h | 17 +++++++++++------ xen/common/domain.c | 1 - 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/include/asm/debugger.h b/xen/arch/x86/include/asm/debugger.h index 9a3132356f..5bac2ee4c2 100644 --- a/xen/arch/x86/include/asm/debugger.h +++ b/xen/arch/x86/include/asm/debugger.h @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: GPL-2.0 */ /****************************************************************************** * asm/debugger.h * @@ -22,23 +23,27 @@ #ifndef __X86_DEBUGGER_H__ #define __X86_DEBUGGER_H__ -#include -#include -#include - #ifdef CONFIG_CRASH_DEBUG #include +#include + +#include +/* Returns true if GDB handled the trap, or it is surviveable. */ static inline bool debugger_trap_fatal( unsigned int vector, struct cpu_user_regs *regs) { int rc = __trap_to_gdb(regs, vector); - return ((rc == 0) || (vector == TRAP_int3)); + + if ( rc == 0 ) + return true; + + return vector == X86_EXC_BP; } /* Int3 is a trivial way to gather cpu_user_regs context. */ -#define debugger_trap_immediate() __asm__ __volatile__ ( "int3" ); +#define debugger_trap_immediate() __asm__ __volatile__ ( "int3" ) #else diff --git a/xen/common/domain.c b/xen/common/domain.c index 351029f8b2..8d2c2a9897 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -33,7 +33,6 @@ #include #include #include -#include #include #include #include -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:13:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:13:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311576.528816 (Exim 4.92) (envelope-from ) id 1niEdM-0003WA-Iu; Sat, 23 Apr 2022 12:13:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311576.528816; Sat, 23 Apr 2022 12:13:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdM-0003W1-Fq; Sat, 23 Apr 2022 12:13:04 +0000 Received: by outflank-mailman (input) for mailman id 311576; Sat, 23 Apr 2022 12:13:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdK-0003Vo-S1 for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdK-0000zq-RM for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEdK-0004uX-QS for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Lx1qaLzQaueztEsjCb/AcSlq3j8pWReO9/VjnE0whps=; b=X+V9T45dq7cDuc3T1trR0fvBgB RYk1jv+hea2tzNChRqz2XzcmYsgvcCWwFPVQEKNDCDFIjcf9lf0oBh053bw81IbZ95s9r22LUx+AJ ecKdPqwZ280ZBC0qsR/h+d66wnXaIaih5jCvlGdZ033/7FVZHpfqL5yZZjnqoQz4F5s0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: Split x86/debugger.h into common and arch specific parts Message-Id: Date: Sat, 23 Apr 2022 12:13:02 +0000 commit d6f3f1277acfba5067a149c82ae56333464e3bb0 Author: Bobby Eshleman AuthorDate: Tue Sep 28 13:30:29 2021 -0700 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 xen: Split x86/debugger.h into common and arch specific parts With all the non-CONFIG_CRASH_DEBUG functionality moved elsewhere, split x86/debugger.h in two, with the stubs and explanation moved to xen/debugger.h. In particular, this means that arches only need to provide an $arch/debugger.h if they implement CONFIG_CRASH_DEBUG, and ARM's stub can be deleted. Signed-off-by: Bobby Eshleman Signed-off-by: Andrew Cooper Acked-by: Julien Grall Acked-by: Jan Beulich --- xen/arch/arm/include/asm/debugger.h | 15 ------------- xen/arch/x86/include/asm/debugger.h | 34 ++-------------------------- xen/arch/x86/traps.c | 2 +- xen/common/keyhandler.c | 2 +- xen/common/shutdown.c | 2 +- xen/drivers/char/console.c | 2 +- xen/include/xen/debugger.h | 44 +++++++++++++++++++++++++++++++++++++ 7 files changed, 50 insertions(+), 51 deletions(-) diff --git a/xen/arch/arm/include/asm/debugger.h b/xen/arch/arm/include/asm/debugger.h deleted file mode 100644 index ac776efa78..0000000000 --- a/xen/arch/arm/include/asm/debugger.h +++ /dev/null @@ -1,15 +0,0 @@ -#ifndef __ARM_DEBUGGER_H__ -#define __ARM_DEBUGGER_H__ - -#define debugger_trap_fatal(v, r) (0) -#define debugger_trap_immediate() ((void) 0) - -#endif /* __ARM_DEBUGGER_H__ */ -/* - * Local variables: - * mode: C - * c-file-style: "BSD" - * c-basic-offset: 4 - * indent-tabs-mode: nil - * End: - */ diff --git a/xen/arch/x86/include/asm/debugger.h b/xen/arch/x86/include/asm/debugger.h index 5bac2ee4c2..a5c299c6c3 100644 --- a/xen/arch/x86/include/asm/debugger.h +++ b/xen/arch/x86/include/asm/debugger.h @@ -1,30 +1,12 @@ /* SPDX-License-Identifier: GPL-2.0 */ /****************************************************************************** - * asm/debugger.h - * - * Generic hooks into arch-dependent Xen. - * - * Each debugger should define two functions here: - * - * debugger_trap_fatal(): - * Called when Xen is about to give up and crash. Typically you will use this - * hook to drop into a debug session. It can also be used to hook off - * deliberately caused traps (which you then handle and return non-zero). + * xen/arch/x86/include/asm/debugger.h * - * debugger_trap_immediate(): - * Called if we want to drop into a debugger now. This is essentially the - * same as debugger_trap_fatal, except that we use the current register state - * rather than the state which was in effect when we took the trap. - * For example: if we're dying because of an unhandled exception, we call - * debugger_trap_fatal; if we're dying because of a panic() we call - * debugger_trap_immediate(). + * x86-specific debugger hooks. */ - #ifndef __X86_DEBUGGER_H__ #define __X86_DEBUGGER_H__ -#ifdef CONFIG_CRASH_DEBUG - #include #include @@ -45,16 +27,4 @@ static inline bool debugger_trap_fatal( /* Int3 is a trivial way to gather cpu_user_regs context. */ #define debugger_trap_immediate() __asm__ __volatile__ ( "int3" ) -#else - -static inline bool debugger_trap_fatal( - unsigned int vector, struct cpu_user_regs *regs) -{ - return false; -} - -#define debugger_trap_immediate() ((void)0) - -#endif - #endif /* __X86_DEBUGGER_H__ */ diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index d915324611..25bffe47d7 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -64,7 +65,6 @@ #include #include #include -#include #include #include #include diff --git a/xen/common/keyhandler.c b/xen/common/keyhandler.c index ca9ee07901..0a551033c4 100644 --- a/xen/common/keyhandler.c +++ b/xen/common/keyhandler.c @@ -3,6 +3,7 @@ */ #include +#include #include #include #include @@ -20,7 +21,6 @@ #include #include #include -#include #include static unsigned char keypress_key; diff --git a/xen/common/shutdown.c b/xen/common/shutdown.c index abde48aa4c..a933ee001e 100644 --- a/xen/common/shutdown.c +++ b/xen/common/shutdown.c @@ -2,13 +2,13 @@ #include #include #include +#include #include #include #include #include #include #include -#include #include /* opt_noreboot: If true, machine will need manual reset on error. */ diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index d9d6556c22..f9937c5134 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -26,7 +27,6 @@ #include #include #include -#include #include #include /* for do_console_io */ #include diff --git a/xen/include/xen/debugger.h b/xen/include/xen/debugger.h new file mode 100644 index 0000000000..72684268af --- /dev/null +++ b/xen/include/xen/debugger.h @@ -0,0 +1,44 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/****************************************************************************** + * Arch specific debuggers should implement: + * + * debugger_trap_fatal(): + * Called when Xen is about to give up and crash. Typically you will use this + * hook to drop into a debug session. It can also be used to hook off + * deliberately caused traps (which you then handle and return non-zero). + * + * debugger_trap_immediate(): + * Called if we want to drop into a debugger now. This is essentially the + * same as debugger_trap_fatal, except that we use the current register state + * rather than the state which was in effect when we took the trap. + * For example: if we're dying because of an unhandled exception, we call + * debugger_trap_fatal; if we're dying because of a panic() we call + * debugger_trap_immediate(). + */ + +#ifndef __XEN_DEBUGGER_H__ +#define __XEN_DEBUGGER_H__ + +#ifdef CONFIG_CRASH_DEBUG + +#include + +#else + +#include + +struct cpu_user_regs; + +static inline bool debugger_trap_fatal( + unsigned int vector, const struct cpu_user_regs *regs) +{ + return false; +} + +static inline void debugger_trap_immediate(void) +{ +} + +#endif /* CONFIG_CRASH_DEBUG */ + +#endif /* __XEN_DEBUGGER_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:13:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:13:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311577.528820 (Exim 4.92) (envelope-from ) id 1niEdW-0003Yh-Kr; Sat, 23 Apr 2022 12:13:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311577.528820; Sat, 23 Apr 2022 12:13:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdW-0003YZ-He; Sat, 23 Apr 2022 12:13:14 +0000 Received: by outflank-mailman (input) for mailman id 311577; Sat, 23 Apr 2022 12:13:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdU-0003YM-V7 for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdU-0000zu-UK for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEdU-0004v6-TY for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/CS+H67xAebIOeXFRBj7SI6vvaaihqA5VCuIszdJwKQ=; b=vZ/Bs0urnSVpK0z724KH3z0vks EYwidEmT0sbvvgxNYgqVuh58F/anLZtEgSk1YS6J8O143KPXZ6Yv0fB5rGgwUDwNjwIExoDvMJ5wt +SFMjAy6QOLDQhhV78Rwjjr/TZBTR6pJl58i2pMwwv3YV5BvyI1eH0GHmJWZFrGIwRnc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/libs/evtchn: don't set errno to negative values Message-Id: Date: Sat, 23 Apr 2022 12:13:12 +0000 commit 60245b71c1cd001686fa7b7a26869cbcb80d074c Author: Juergen Gross AuthorDate: Wed Apr 20 09:31:16 2022 +0200 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 tools/libs/evtchn: don't set errno to negative values Setting errno to a negative value makes no sense. Fixes: 6b6500b3cbaa ("tools/libs/evtchn: Add support for restricting a handle") Signed-off-by: Juergen Gross Acked-by: Andrew Cooper --- tools/libs/evtchn/freebsd.c | 2 +- tools/libs/evtchn/minios.c | 2 +- tools/libs/evtchn/netbsd.c | 2 +- tools/libs/evtchn/solaris.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/libs/evtchn/freebsd.c b/tools/libs/evtchn/freebsd.c index c4d075350b..422836f1a1 100644 --- a/tools/libs/evtchn/freebsd.c +++ b/tools/libs/evtchn/freebsd.c @@ -58,7 +58,7 @@ int osdep_evtchn_close(xenevtchn_handle *xce) int osdep_evtchn_restrict(xenevtchn_handle *xce, domid_t domid) { - errno = -EOPNOTSUPP; + errno = EOPNOTSUPP; return -1; } diff --git a/tools/libs/evtchn/minios.c b/tools/libs/evtchn/minios.c index 65cfccfd09..8ff46de884 100644 --- a/tools/libs/evtchn/minios.c +++ b/tools/libs/evtchn/minios.c @@ -143,7 +143,7 @@ int osdep_evtchn_close(xenevtchn_handle *xce) int osdep_evtchn_restrict(xenevtchn_handle *xce, domid_t domid) { - errno = -EOPNOTSUPP; + errno = EOPNOTSUPP; return -1; } diff --git a/tools/libs/evtchn/netbsd.c b/tools/libs/evtchn/netbsd.c index 0b223c4beb..2de9cefc67 100644 --- a/tools/libs/evtchn/netbsd.c +++ b/tools/libs/evtchn/netbsd.c @@ -53,7 +53,7 @@ int osdep_evtchn_close(xenevtchn_handle *xce) int osdep_evtchn_restrict(xenevtchn_handle *xce, domid_t domid) { - errno = -EOPNOTSUPP; + errno = EOPNOTSUPP; return -1; } diff --git a/tools/libs/evtchn/solaris.c b/tools/libs/evtchn/solaris.c index 7fef88a73e..375a5f9b4f 100644 --- a/tools/libs/evtchn/solaris.c +++ b/tools/libs/evtchn/solaris.c @@ -53,7 +53,7 @@ int osdep_evtchn_close(xenevtchn_handle *xce) int osdep_evtchn_restrict(xenevtchn_handle *xce, domid_t domid) { - errno = -EOPNOTSUPP; + errno = EOPNOTSUPP; return -1; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:13:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:13:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311578.528824 (Exim 4.92) (envelope-from ) id 1niEdg-0003cH-OC; Sat, 23 Apr 2022 12:13:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311578.528824; Sat, 23 Apr 2022 12:13:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdg-0003c9-L9; Sat, 23 Apr 2022 12:13:24 +0000 Received: by outflank-mailman (input) for mailman id 311578; Sat, 23 Apr 2022 12:13:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdf-0003bz-1j for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdf-00011H-12 for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEdf-0004vg-0I for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7+FqMLdxTuZ5Ncs4/4J77EJ3eb7XTISuc85JM/+aCNs=; b=2bUMnBaF+I52kQxiKEDcnlniKn atj5bISVPaPCpm1W1CX3DP+0lqo0t9I60eZz1t6yekCVzjPsFGn0XMT9NJY+Bxm4RMCEQgd5tjdkh 4OTe87zjKy6pyxbsc+aqLAfzyNJ7HpG9FqrMpjcoqMWD9VZoaLsFeXl3+GOiK+RCBZ+8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/libs/ctrl: don't set errno to a negative value Message-Id: Date: Sat, 23 Apr 2022 12:13:23 +0000 commit a0fb7e0e73483ed042d5ca34861a891a51ad337b Author: Juergen Gross AuthorDate: Wed Apr 20 09:31:17 2022 +0200 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 tools/libs/ctrl: don't set errno to a negative value The claimed reason for setting errno to -1 is wrong. On x86 xc_domain_pod_target() will set errno to a sane value in the error case. Fixes: ff1745d5882b ("tools: libxl: do not set the PoD target on ARM") Signed-off-by: Juergen Gross Acked-by: Andrew Cooper --- tools/libs/ctrl/xc_domain.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tools/libs/ctrl/xc_domain.c b/tools/libs/ctrl/xc_domain.c index ef62f66009..71608c00e9 100644 --- a/tools/libs/ctrl/xc_domain.c +++ b/tools/libs/ctrl/xc_domain.c @@ -1293,9 +1293,7 @@ int xc_domain_get_pod_target(xc_interface *xch, uint64_t *pod_cache_pages, uint64_t *pod_entries) { - /* On x86 (above) xc_domain_pod_target will incorrectly return -1 - * with errno==-1 on error. Do the same for least surprise. */ - errno = -1; + errno = EOPNOTSUPP; return -1; } #endif -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:13:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:13:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311579.528828 (Exim 4.92) (envelope-from ) id 1niEdq-0003f1-Pa; Sat, 23 Apr 2022 12:13:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311579.528828; Sat, 23 Apr 2022 12:13:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdq-0003et-Mi; Sat, 23 Apr 2022 12:13:34 +0000 Received: by outflank-mailman (input) for mailman id 311579; Sat, 23 Apr 2022 12:13:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdp-0003eh-4c for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdp-00013o-3n for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEdp-0004w9-3A for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rsxN2o0yNVvDfaqH8JMX1wbehm0EQP3/P0as1dNoLcM=; b=ln7KV79/R4m7lp5wTbTDQJxYVS 7xFIy0Bd0iXi94rfm204SOs16fYv0ysv/Rb/mIIajUvVcsGjfMQ/zUJOFrjXCftziVzxTLFJRpr4X 2ZasYzrm9WtJgAKUeBH93yGkI2MKIiPgw/l0U6k79DfB0FhB6vt8KsuRR8XNMpp2fXmI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/libs/guest: don't set errno to a negative value Message-Id: Date: Sat, 23 Apr 2022 12:13:33 +0000 commit 438e96ab479495a932391a22e219ee62fa8c4f47 Author: Juergen Gross AuthorDate: Wed Apr 20 09:31:18 2022 +0200 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 tools/libs/guest: don't set errno to a negative value Setting errno to a negative error value makes no sense. Fixes: cb99a64029c9 ("libxc: arm: allow passing a device tree blob to the guest") Signed-off-by: Juergen Gross Acked-by: Andrew Cooper --- tools/libs/guest/xg_dom_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/guest/xg_dom_core.c b/tools/libs/guest/xg_dom_core.c index c17cf9f712..c4f4e7f3e2 100644 --- a/tools/libs/guest/xg_dom_core.c +++ b/tools/libs/guest/xg_dom_core.c @@ -855,7 +855,7 @@ int xc_dom_devicetree_file(struct xc_dom_image *dom, const char *filename) return -1; return 0; #else - errno = -EINVAL; + errno = EINVAL; return -1; #endif } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 23 12:13:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 23 Apr 2022 12:13:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.311580.528832 (Exim 4.92) (envelope-from ) id 1niEe0-0003ho-RQ; Sat, 23 Apr 2022 12:13:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 311580.528832; Sat, 23 Apr 2022 12:13:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEe0-0003hg-OK; Sat, 23 Apr 2022 12:13:44 +0000 Received: by outflank-mailman (input) for mailman id 311580; Sat, 23 Apr 2022 12:13:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdz-0003hR-7M for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1niEdz-00013v-6j for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1niEdz-0004wZ-5t for xen-changelog@lists.xenproject.org; Sat, 23 Apr 2022 12:13:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oXGjkLCapP1PyRG1DqALOlIuIl4ujpnXAT9bS6mvYtc=; b=ASPga33ehfP4jjyxsvzJ43AvhD ZP/DdZN5DxWuHjKIJ5N6T9WQTO0F7Dp0lOQTPrss2nP8bBxtZaQaf0OTPEUtizJUC3ReEUsob6uNR yLar5DjM/H7zb8r9ouszEy4AZvXeH4KuTwjHuC/68GKplBX/jqTH8y/UxiePsLIDy7bU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/libs/light: don't set errno to a negative value Message-Id: Date: Sat, 23 Apr 2022 12:13:43 +0000 commit 2419a159fb943c24a6f2439604b9fdb1478fcd08 Author: Juergen Gross AuthorDate: Wed Apr 20 09:31:19 2022 +0200 Commit: Andrew Cooper CommitDate: Fri Apr 22 20:39:34 2022 +0100 tools/libs/light: don't set errno to a negative value Setting errno to a negative value makes no sense. Fixes: e78e8b9bb649 ("libxl: Add interface for querying hypervisor about PCI topology") Signed-off-by: Juergen Gross Acked-by: Andrew Cooper --- tools/libs/light/libxl_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_linux.c b/tools/libs/light/libxl_linux.c index 8d62dfd255..27f2bce718 100644 --- a/tools/libs/light/libxl_linux.c +++ b/tools/libs/light/libxl_linux.c @@ -288,7 +288,7 @@ int libxl__pci_topology_init(libxl__gc *gc, if (i == num_devs) { LOG(ERROR, "Too many devices"); err = ERROR_FAIL; - errno = -ENOSPC; + errno = ENOSPC; goto out; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Apr 26 08:44:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Apr 2022 08:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.313545.531120 (Exim 4.92) (envelope-from ) id 1njGnl-00024B-RT; Tue, 26 Apr 2022 08:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 313545.531120; Tue, 26 Apr 2022 08:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njGnl-000242-OM; Tue, 26 Apr 2022 08:44:05 +0000 Received: by outflank-mailman (input) for mailman id 313545; Tue, 26 Apr 2022 08:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njGnk-00023w-Ib for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 08:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njGnk-0008LQ-GC for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 08:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njGnk-0002uw-FO for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 08:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lwY6+Gsbond85zIVwFaOqmr9UaWv9dF+aELBIZugmCQ=; b=Ff4jSvXGAmK+ExH0SNdRhBWaX+ fApH9KyPRE6DdrfrBXDSm39FMOrjrGf12IkWtcZ6ZeM4JSRkiTbFJaUJLhAgwc1MTQc65hl78Xc4w SBlUcxsi5eqecBNCQ/IczA4f4NxwV0g0Vh5ckLsXn/Kzex1rNHOonNp4eSFE6A3y9TwQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/iommu: cleanup iommu related domctl handling Message-Id: Date: Tue, 26 Apr 2022 08:44:04 +0000 commit 9cd7e31b3f584e97a138a770cfb031a91a867936 Author: Juergen Gross AuthorDate: Tue Apr 26 10:23:58 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 26 10:23:58 2022 +0200 xen/iommu: cleanup iommu related domctl handling Today iommu_do_domctl() is being called from arch_do_domctl() in the "default:" case of a switch statement. This has led already to crashes due to unvalidated parameters. Fix that by moving the call of iommu_do_domctl() to the main switch statement of do_domctl(). Signed-off-by: Juergen Gross Reviewed-by: Andrew Cooper Reviewed-by: Stefano Stabellini # Arm --- xen/arch/arm/domctl.c | 11 +---------- xen/arch/x86/domctl.c | 2 +- xen/common/domctl.c | 7 +++++++ xen/include/xen/iommu.h | 12 +++++++++--- 4 files changed, 18 insertions(+), 14 deletions(-) diff --git a/xen/arch/arm/domctl.c b/xen/arch/arm/domctl.c index 6245af6d0b..1baf25c3d9 100644 --- a/xen/arch/arm/domctl.c +++ b/xen/arch/arm/domctl.c @@ -176,16 +176,7 @@ long arch_do_domctl(struct xen_domctl *domctl, struct domain *d, return rc; } default: - { - int rc; - - rc = subarch_do_domctl(domctl, d, u_domctl); - - if ( rc == -ENOSYS ) - rc = iommu_do_domctl(domctl, d, u_domctl); - - return rc; - } + return subarch_do_domctl(domctl, d, u_domctl); } } diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index c20ab43527..1c62046c01 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -1370,7 +1370,7 @@ long arch_do_domctl( break; default: - ret = iommu_do_domctl(domctl, d, u_domctl); + ret = -ENOSYS; break; } diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 5879117580..0a866e3132 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -871,6 +871,13 @@ long cf_check do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) copyback = 1; break; + case XEN_DOMCTL_assign_device: + case XEN_DOMCTL_test_assign_device: + case XEN_DOMCTL_deassign_device: + case XEN_DOMCTL_get_device_group: + ret = iommu_do_domctl(op, d, u_domctl); + break; + default: ret = arch_do_domctl(op, d, u_domctl); break; diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index f7e8d5f287..db72d9e644 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -342,8 +342,17 @@ struct domain_iommu { /* Does the IOMMU pagetable need to be kept synchronized with the P2M */ #ifdef CONFIG_HAS_PASSTHROUGH #define need_iommu_pt_sync(d) (dom_iommu(d)->need_sync) + +int iommu_do_domctl(struct xen_domctl *domctl, struct domain *d, + XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); #else #define need_iommu_pt_sync(d) ({ (void)(d); false; }) + +static inline int iommu_do_domctl(struct xen_domctl *domctl, struct domain *d, + XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) +{ + return -ENOSYS; +} #endif int __must_check iommu_suspend(void); @@ -357,9 +366,6 @@ int iommu_do_pci_domctl(struct xen_domctl *, struct domain *d, XEN_GUEST_HANDLE_PARAM(xen_domctl_t)); #endif -int iommu_do_domctl(struct xen_domctl *, struct domain *d, - XEN_GUEST_HANDLE_PARAM(xen_domctl_t)); - void iommu_dev_iotlb_flush_timeout(struct domain *d, struct pci_dev *pdev); /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 26 08:44:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Apr 2022 08:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.313546.531124 (Exim 4.92) (envelope-from ) id 1njGnv-00026Q-Si; Tue, 26 Apr 2022 08:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 313546.531124; Tue, 26 Apr 2022 08:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njGnv-00026I-Pp; Tue, 26 Apr 2022 08:44:15 +0000 Received: by outflank-mailman (input) for mailman id 313546; Tue, 26 Apr 2022 08:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njGnu-000267-Ju for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 08:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njGnu-0008Ll-JD for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 08:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njGnu-0002wE-IJ for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 08:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hnS4TkdN10+9ooGd8r8Foa2sS+E7KYQXAUCJaLTic0I=; b=2giYZP8ToBcrcQn+JKVsnQtn/2 s/E1WLOgGcB8u70QOaos00q6Hd9D6fbzu9DDw6c8HZgTzqfaG1GtDRm21SoZR0uPg2tEbxwJ05YT7 1n2lXQXGKnWBarTx8hvgdwU5MsQtU+Y/XOofs2txtrsZZkwBCI08+9G8fJe+Qk2zr+A0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU: make domctl handler tolerate NULL domain Message-Id: Date: Tue, 26 Apr 2022 08:44:14 +0000 commit fa4d84e6dd3c3bfd23a525b75a5483d4ce15adbb Author: Jan Beulich AuthorDate: Tue Apr 26 10:25:54 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 26 10:25:54 2022 +0200 IOMMU: make domctl handler tolerate NULL domain Besides the reporter's issue of hitting a NULL deref when !CONFIG_GDBSX, XEN_DOMCTL_test_assign_device can legitimately end up having NULL passed here, when the domctl was passed DOMID_INVALID. Fixes: 71e617a6b8f6 ("use is_iommu_enabled() where appropriate...") Reported-by: Cheyenne Wills Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Juergen Gross --- xen/drivers/passthrough/iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 1109a86532..67ffe6635e 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -568,7 +568,7 @@ int iommu_do_domctl( { int ret = -ENODEV; - if ( !is_iommu_enabled(d) ) + if ( !(d ? is_iommu_enabled(d) : iommu_enabled) ) return -EOPNOTSUPP; #ifdef CONFIG_HAS_PCI -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 26 08:44:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Apr 2022 08:44:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.313547.531128 (Exim 4.92) (envelope-from ) id 1njGo5-00029i-Uh; Tue, 26 Apr 2022 08:44:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 313547.531128; Tue, 26 Apr 2022 08:44:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njGo5-00029a-RO; Tue, 26 Apr 2022 08:44:25 +0000 Received: by outflank-mailman (input) for mailman id 313547; Tue, 26 Apr 2022 08:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njGo4-00029B-NC for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 08:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njGo4-0008M2-MW for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 08:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njGo4-0002x5-Ld for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 08:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BL+hG4ezkkL49btJLMPR5pGohQJ3v3tVFVmP0G9sEmo=; b=c7cR6nWR/lPPiBDkORoiBnQNmD sOabmRqPJ+OzPFI3qOJkEM9fWp3k8341hKNWA4jcZn/cThi6+H+SOUmu8M4Uz0OCjHrwdj4BCApLE ZMmLju7Va9MEzORxKjVPORw3QQ0O7e+LV6KuWfyq/XVU9uDxEBE6/sG7IUZgX7gJVHB8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xsm/flask: code style formatting Message-Id: Date: Tue, 26 Apr 2022 08:44:24 +0000 commit c266f974148d3d1b21d01b8bb243017943786444 Author: Daniel P. Smith AuthorDate: Tue Apr 26 10:30:31 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 26 10:30:31 2022 +0200 xsm/flask: code style formatting This is a quick code style cleanup patch for xsm/flask. The files flask_op.c and hooks.c are Xen specific, thus full code style rules were applied. The remaining files are from Linux and therefore only trailing whitespace was remove from those files. Signed-off-by: Daniel P. Smith Acked-by: Andrew Cooper Reviewed-by: Jason Andryuk --- xen/xsm/flask/avc.c | 14 +-- xen/xsm/flask/flask_op.c | 27 +++--- xen/xsm/flask/hooks.c | 192 +++++++++++++++++++++-------------------- xen/xsm/flask/include/avc.h | 2 +- xen/xsm/flask/ss/avtab.c | 10 +-- xen/xsm/flask/ss/avtab.h | 4 +- xen/xsm/flask/ss/conditional.c | 4 +- xen/xsm/flask/ss/context.h | 4 +- xen/xsm/flask/ss/mls.c | 2 +- xen/xsm/flask/ss/policydb.c | 2 +- xen/xsm/flask/ss/services.c | 6 +- xen/xsm/flask/ss/sidtab.c | 6 +- 12 files changed, 141 insertions(+), 132 deletions(-) diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c index e20c165042..4a75ec97e2 100644 --- a/xen/xsm/flask/avc.c +++ b/xen/xsm/flask/avc.c @@ -13,9 +13,9 @@ * it under the terms of the GNU General Public License version 2, * as published by the Free Software Foundation. */ - + /* Ported to Xen 3.0, George Coker, */ - + #include #include #include @@ -267,7 +267,7 @@ int avc_get_hash_stats(struct xen_flask_hash_stats *arg) } rcu_read_unlock(&avc_rcu_lock); - + arg->entries = atomic_read(&avc_cache.active_nodes); arg->buckets_used = slots_used; arg->buckets_total = AVC_CACHE_SLOTS; @@ -336,7 +336,7 @@ static inline int avc_reclaim_node(void) } rcu_read_unlock(&avc_rcu_lock); spin_unlock_irqrestore(lock, flags); - } + } out: return ecx; } @@ -622,7 +622,7 @@ static int avc_update_node(u32 perms, u32 ssid, u32 tsid, u16 tclass, struct hlist_head *head; struct hlist_node *next; spinlock_t *lock; - + node = avc_alloc_node(); if ( !node ) { @@ -630,7 +630,7 @@ static int avc_update_node(u32 perms, u32 ssid, u32 tsid, u16 tclass, goto out; } - hvalue = avc_hash(ssid, tsid, tclass); + hvalue = avc_hash(ssid, tsid, tclass); head = &avc_cache.slots[hvalue]; lock = &avc_cache.slots_lock[hvalue]; @@ -695,7 +695,7 @@ int avc_ss_reset(u32 seqno) rcu_read_unlock(&avc_rcu_lock); spin_unlock_irqrestore(lock, flag); } - + avc_latest_notif_update(seqno, 0); return rc; } diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 707be72a3b..eb16e289c3 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -75,15 +75,15 @@ static int __init cf_check parse_flask_param(const char *s) } custom_param("flask", parse_flask_param); -static int domain_has_security(struct domain *d, u32 perms) +static int domain_has_security(struct domain *d, uint32_t perms) { struct domain_security_struct *dsec; - + dsec = d->ssid; if ( !dsec ) return -EACCES; - - return avc_has_perm(dsec->sid, SECINITSID_SECURITY, SECCLASS_SECURITY, + + return avc_has_perm(dsec->sid, SECINITSID_SECURITY, SECCLASS_SECURITY, perms, NULL); } @@ -130,7 +130,7 @@ static int flask_security_access(struct xen_flask_access *arg) arg->audit_allow = avd.auditallow; arg->audit_deny = avd.auditdeny; arg->seqno = avd.seqno; - + return rv; } @@ -196,7 +196,7 @@ static int flask_security_sid(struct xen_flask_sid_context *arg) { int rv; char *context; - u32 len; + uint32_t len; rv = domain_has_security(current->domain, SECURITY__CHECK_CONTEXT); if ( rv ) @@ -223,7 +223,8 @@ static int flask_security_sid(struct xen_flask_sid_context *arg) #ifndef COMPAT -static int flask_security_setavc_threshold(struct xen_flask_setavc_threshold *arg) +static int flask_security_setavc_threshold( + struct xen_flask_setavc_threshold *arg) { int rv = 0; @@ -350,7 +351,7 @@ static int flask_security_get_bool(struct xen_flask_boolean *arg) if ( nameout_len > arg->size ) rv = -ERANGE; arg->size = nameout_len; - + if ( !rv && _copy_to_guest(arg->name, nameout, nameout_len) ) rv = -EFAULT; xfree(nameout); @@ -386,9 +387,9 @@ static int flask_security_make_bools(void) int ret = 0; int num; int *values = NULL; - + xfree(bool_pending_values); - + ret = security_get_bools(&num, NULL, &values, NULL); if ( ret != 0 ) goto out; @@ -474,8 +475,8 @@ static int flask_devicetree_label(struct xen_flask_devicetree_label *arg) { int rv; char *buf; - u32 sid = arg->sid; - u32 perm = sid ? SECURITY__ADD_OCONTEXT : SECURITY__DEL_OCONTEXT; + uint32_t sid = arg->sid; + uint32_t perm = sid ? SECURITY__ADD_OCONTEXT : SECURITY__DEL_OCONTEXT; rv = domain_has_security(current->domain, perm); if ( rv ) @@ -670,7 +671,7 @@ ret_t cf_check do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op) case FLASK_MLS: rv = flask_mls_enabled; - break; + break; case FLASK_GETAVC_THRESHOLD: rv = avc_cache_threshold; diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 0bf63ffa84..6ffafc2f44 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -38,34 +38,34 @@ #include #include "private.h" -static u32 domain_sid(const struct domain *dom) +static uint32_t domain_sid(const struct domain *dom) { struct domain_security_struct *dsec = dom->ssid; return dsec->sid; } -static u32 domain_target_sid(const struct domain *src, - const struct domain *dst) +static uint32_t domain_target_sid( + const struct domain *src, const struct domain *dst) { struct domain_security_struct *ssec = src->ssid; struct domain_security_struct *dsec = dst->ssid; - if (src == dst) + if ( src == dst ) return ssec->self_sid; - if (src->target == dst) + if ( src->target == dst ) return ssec->target_sid; return dsec->sid; } -static u32 evtchn_sid(const struct evtchn *chn) +static uint32_t evtchn_sid(const struct evtchn *chn) { return chn->ssid.flask_sid; } -static int domain_has_perm(const struct domain *dom1, - const struct domain *dom2, - u16 class, u32 perms) +static int domain_has_perm( + const struct domain *dom1, const struct domain *dom2, uint16_t class, + uint32_t perms) { - u32 ssid, tsid; + uint32_t ssid, tsid; struct avc_audit_data ad; AVC_AUDIT_DATA_INIT(&ad, NONE); ad.sdom = dom1; @@ -77,34 +77,35 @@ static int domain_has_perm(const struct domain *dom1, return avc_has_perm(ssid, tsid, class, perms, &ad); } -static int avc_current_has_perm(u32 tsid, u16 class, u32 perm, - struct avc_audit_data *ad) +static int avc_current_has_perm( + uint32_t tsid, uint16_t class, uint32_t perm, struct avc_audit_data *ad) { - u32 csid = domain_sid(current->domain); + uint32_t csid = domain_sid(current->domain); return avc_has_perm(csid, tsid, class, perm, ad); } -static int current_has_perm(struct domain *d, u16 class, u32 perms) +static int current_has_perm(struct domain *d, uint16_t class, uint32_t perms) { return domain_has_perm(current->domain, d, class, perms); } -static int domain_has_evtchn(struct domain *d, struct evtchn *chn, u32 perms) +static int domain_has_evtchn( + struct domain *d, struct evtchn *chn, uint32_t perms) { - u32 dsid = domain_sid(d); - u32 esid = evtchn_sid(chn); + uint32_t dsid = domain_sid(d); + uint32_t esid = evtchn_sid(chn); return avc_has_perm(dsid, esid, SECCLASS_EVENT, perms, NULL); } -static int domain_has_xen(struct domain *d, u32 perms) +static int domain_has_xen(struct domain *d, uint32_t perms) { - u32 dsid = domain_sid(d); + uint32_t dsid = domain_sid(d); return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_XEN, perms, NULL); } -static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad) +static int get_irq_sid(int irq, uint32_t *sid, struct avc_audit_data *ad) { if ( irq >= nr_irqs || irq < 0 ) return -EINVAL; @@ -118,10 +119,13 @@ static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad) #ifdef CONFIG_HAS_PCI_MSI { struct irq_desc *desc = irq_to_desc(irq); - if ( desc->msi_desc && desc->msi_desc->dev ) { + + if ( desc->msi_desc && desc->msi_desc->dev ) + { struct pci_dev *dev = desc->msi_desc->dev; - u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn; - if (ad) { + uint32_t sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn; + if ( ad ) + { AVC_AUDIT_DATA_INIT(ad, DEV); ad->device = sbdf; } @@ -130,7 +134,8 @@ static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad) } #endif - if (ad) { + if ( ad ) + { AVC_AUDIT_DATA_INIT(ad, IRQ); ad->irq = irq; } @@ -200,7 +205,7 @@ static void cf_check flask_domain_free_security(struct domain *d) static int cf_check flask_evtchn_unbound( struct domain *d1, struct evtchn *chn, domid_t id2) { - u32 sid1, sid2, newsid; + uint32_t sid1, sid2, newsid; int rc; struct domain *d2; @@ -234,7 +239,7 @@ static int cf_check flask_evtchn_interdomain( struct domain *d1, struct evtchn *chn1, struct domain *d2, struct evtchn *chn2) { - u32 sid1, sid2, newsid, reverse_sid; + uint32_t sid1, sid2, newsid, reverse_sid; int rc; struct avc_audit_data ad; AVC_AUDIT_DATA_INIT(&ad, NONE); @@ -336,9 +341,9 @@ static char *cf_check flask_show_security_evtchn( struct domain *d, const struct evtchn *chn) { int irq; - u32 sid = 0; + uint32_t sid = 0; char *ctx; - u32 ctx_len; + uint32_t ctx_len; switch ( chn->state ) { @@ -354,7 +359,7 @@ static char *cf_check flask_show_security_evtchn( } if ( !sid ) return NULL; - if (security_sid_to_context(sid, &ctx, &ctx_len)) + if ( security_sid_to_context(sid, &ctx, &ctx_len) ) return NULL; return ctx; } @@ -367,7 +372,7 @@ static int cf_check flask_init_hardware_domain(struct domain *d) static int cf_check flask_grant_mapref( struct domain *d1, struct domain *d2, uint32_t flags) { - u32 perms = GRANT__MAP_READ; + uint32_t perms = GRANT__MAP_READ; if ( !(flags & GNTMAP_readonly) ) perms |= GRANT__MAP_WRITE; @@ -445,7 +450,7 @@ static int cf_check flask_get_vnumainfo(struct domain *d) static int cf_check flask_console_io(struct domain *d, int cmd) { - u32 perm; + uint32_t perm; switch ( cmd ) { @@ -464,7 +469,7 @@ static int cf_check flask_console_io(struct domain *d, int cmd) static int cf_check flask_profile(struct domain *d, int op) { - u32 perm; + uint32_t perm; switch ( op ) { @@ -510,7 +515,7 @@ static void cf_check flask_security_domaininfo( info->ssidref = domain_sid(d); } -static int cf_check flask_domain_create(struct domain *d, u32 ssidref) +static int cf_check flask_domain_create(struct domain *d, uint32_t ssidref) { int rc; struct domain_security_struct *dsec = d->ssid; @@ -843,7 +848,7 @@ static int cf_check flask_sysctl(int cmd) static int cf_check flask_readconsole(uint32_t clear) { - u32 perms = XEN__READCONSOLE; + uint32_t perms = XEN__READCONSOLE; if ( clear ) perms |= XEN__CLEARCONSOLE; @@ -851,7 +856,7 @@ static int cf_check flask_readconsole(uint32_t clear) return domain_has_xen(current->domain, perms); } -static inline u32 resource_to_perm(uint8_t access) +static inline uint32_t resource_to_perm(uint8_t access) { if ( access ) return RESOURCE__ADD; @@ -861,13 +866,13 @@ static inline u32 resource_to_perm(uint8_t access) static char *cf_check flask_show_irq_sid(int irq) { - u32 sid, ctx_len; + uint32_t sid, ctx_len; char *ctx; int rc = get_irq_sid(irq, &sid, NULL); if ( rc ) return NULL; - if (security_sid_to_context(sid, &ctx, &ctx_len)) + if ( security_sid_to_context(sid, &ctx, &ctx_len) ) return NULL; return ctx; @@ -878,12 +883,13 @@ static int cf_check flask_map_domain_pirq(struct domain *d) return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD); } -static int flask_map_domain_msi (struct domain *d, int irq, const void *data, - u32 *sid, struct avc_audit_data *ad) +static int flask_map_domain_msi ( + struct domain *d, int irq, const void *data, uint32_t *sid, + struct avc_audit_data *ad) { #ifdef CONFIG_HAS_PCI_MSI const struct msi_info *msi = data; - u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn; + uint32_t machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn; AVC_AUDIT_DATA_INIT(ad, DEV); ad->device = machine_bdf; @@ -894,7 +900,7 @@ static int flask_map_domain_msi (struct domain *d, int irq, const void *data, #endif } -static u32 flask_iommu_resource_use_perm(const struct domain *d) +static uint32_t flask_iommu_resource_use_perm(const struct domain *d) { /* Obtain the permission level required for allowing a domain * to use an assigned device. @@ -905,7 +911,7 @@ static u32 flask_iommu_resource_use_perm(const struct domain *d) * less capable hardware (no IOMMU or IOMMU missing intremap capability) * via other separate permissions. */ - u32 perm = RESOURCE__USE_NOIOMMU; + uint32_t perm = RESOURCE__USE_NOIOMMU; if ( is_iommu_enabled(d) ) perm = ( iommu_intremap ? RESOURCE__USE_IOMMU : @@ -913,18 +919,18 @@ static u32 flask_iommu_resource_use_perm(const struct domain *d) return perm; } -static int cf_check flask_map_domain_irq(struct domain *d, int irq, const void *data) +static int cf_check flask_map_domain_irq( + struct domain *d, int irq, const void *data) { - u32 sid, dsid; + uint32_t sid, dsid; int rc = -EPERM; struct avc_audit_data ad; - u32 dperm = flask_iommu_resource_use_perm(d); + uint32_t dperm = flask_iommu_resource_use_perm(d); - if ( irq >= nr_static_irqs && data ) { + if ( irq >= nr_static_irqs && data ) rc = flask_map_domain_msi(d, irq, data, &sid, &ad); - } else { + else rc = get_irq_sid(irq, &sid, &ad); - } if ( rc ) return rc; @@ -944,12 +950,13 @@ static int cf_check flask_unmap_domain_pirq(struct domain *d) return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); } -static int flask_unmap_domain_msi (struct domain *d, int irq, const void *data, - u32 *sid, struct avc_audit_data *ad) +static int flask_unmap_domain_msi ( + struct domain *d, int irq, const void *data, uint32_t *sid, + struct avc_audit_data *ad) { #ifdef CONFIG_HAS_PCI_MSI const struct pci_dev *pdev = data; - u32 machine_bdf = (pdev->seg << 16) | (pdev->bus << 8) | pdev->devfn; + uint32_t machine_bdf = (pdev->seg << 16) | (pdev->bus << 8) | pdev->devfn; AVC_AUDIT_DATA_INIT(ad, DEV); ad->device = machine_bdf; @@ -963,15 +970,15 @@ static int flask_unmap_domain_msi (struct domain *d, int irq, const void *data, static int cf_check flask_unmap_domain_irq( struct domain *d, int irq, const void *data) { - u32 sid; + uint32_t sid; int rc = -EPERM; struct avc_audit_data ad; - if ( irq >= nr_static_irqs && data ) { + if ( irq >= nr_static_irqs && data ) rc = flask_unmap_domain_msi(d, irq, data, &sid, &ad); - } else { + else rc = get_irq_sid(irq, &sid, &ad); - } + if ( rc ) return rc; @@ -982,11 +989,11 @@ static int cf_check flask_unmap_domain_irq( static int cf_check flask_bind_pt_irq( struct domain *d, struct xen_domctl_bind_pt_irq *bind) { - u32 dsid, rsid; + uint32_t dsid, rsid; int rc = -EPERM; int irq; struct avc_audit_data ad; - u32 dperm = flask_iommu_resource_use_perm(d); + uint32_t dperm = flask_iommu_resource_use_perm(d); rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD); if ( rc ) @@ -1020,14 +1027,14 @@ static int cf_check flask_irq_permission( } struct iomem_has_perm_data { - u32 ssid; - u32 dsid; - u32 perm; - u32 use_perm; + uint32_t ssid; + uint32_t dsid; + uint32_t perm; + uint32_t use_perm; }; static int cf_check _iomem_has_perm( - void *v, u32 sid, unsigned long start, unsigned long end) + void *v, uint32_t sid, unsigned long start, unsigned long end) { struct iomem_has_perm_data *data = v; struct avc_audit_data ad; @@ -1077,10 +1084,10 @@ static int cf_check flask_pci_config_permission( struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) { - u32 dsid, rsid; + uint32_t dsid, rsid; int rc = -EPERM; struct avc_audit_data ad; - u32 perm; + uint32_t perm; rc = security_device_sid(machine_bdf, &rsid); if ( rc ) @@ -1116,7 +1123,7 @@ static int flask_resource_use_core(void) static int cf_check flask_resource_plug_pci(uint32_t machine_bdf) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; struct avc_audit_data ad; @@ -1131,7 +1138,7 @@ static int cf_check flask_resource_plug_pci(uint32_t machine_bdf) static int cf_check flask_resource_unplug_pci(uint32_t machine_bdf) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; struct avc_audit_data ad; @@ -1146,7 +1153,7 @@ static int cf_check flask_resource_unplug_pci(uint32_t machine_bdf) static int cf_check flask_resource_setup_pci(uint32_t machine_bdf) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; struct avc_audit_data ad; @@ -1161,7 +1168,7 @@ static int cf_check flask_resource_setup_pci(uint32_t machine_bdf) static int cf_check flask_resource_setup_gsi(int gsi) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; struct avc_audit_data ad; @@ -1179,7 +1186,8 @@ static int cf_check flask_resource_setup_misc(void) static inline int cf_check flask_page_offline(uint32_t cmd) { - switch (cmd) { + switch ( cmd ) + { case sysctl_page_offline: return flask_resource_unplug_core(); case sysctl_page_online: @@ -1214,7 +1222,7 @@ static int cf_check flask_map_gmfn_foreign(struct domain *d, struct domain *t) static int cf_check flask_hvm_param(struct domain *d, unsigned long op) { - u32 perm; + uint32_t perm; switch ( op ) { @@ -1289,7 +1297,7 @@ static int cf_check flask_mem_sharing(struct domain *d) #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) static int cf_check flask_get_device_group(uint32_t machine_bdf) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; rc = security_device_sid(machine_bdf, &rsid); @@ -1301,7 +1309,7 @@ static int cf_check flask_get_device_group(uint32_t machine_bdf) static int flask_test_assign_device(uint32_t machine_bdf) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; rc = security_device_sid(machine_bdf, &rsid); @@ -1313,10 +1321,10 @@ static int flask_test_assign_device(uint32_t machine_bdf) static int cf_check flask_assign_device(struct domain *d, uint32_t machine_bdf) { - u32 dsid, rsid; + uint32_t dsid, rsid; int rc = -EPERM; struct avc_audit_data ad; - u32 dperm; + uint32_t dperm; if ( !d ) return flask_test_assign_device(machine_bdf); @@ -1344,7 +1352,7 @@ static int cf_check flask_assign_device(struct domain *d, uint32_t machine_bdf) static int cf_check flask_deassign_device( struct domain *d, uint32_t machine_bdf) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); @@ -1362,7 +1370,7 @@ static int cf_check flask_deassign_device( #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) static int flask_test_assign_dtdevice(const char *dtpath) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; rc = security_devicetree_sid(dtpath, &rsid); @@ -1375,10 +1383,10 @@ static int flask_test_assign_dtdevice(const char *dtpath) static int cf_check flask_assign_dtdevice(struct domain *d, const char *dtpath) { - u32 dsid, rsid; + uint32_t dsid, rsid; int rc = -EPERM; struct avc_audit_data ad; - u32 dperm; + uint32_t dperm; if ( !d ) return flask_test_assign_dtdevice(dtpath); @@ -1406,7 +1414,7 @@ static int cf_check flask_assign_dtdevice(struct domain *d, const char *dtpath) static int cf_check flask_deassign_dtdevice( struct domain *d, const char *dtpath) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); @@ -1498,7 +1506,7 @@ static int cf_check flask_do_mca(void) static int cf_check flask_shadow_control(struct domain *d, uint32_t op) { - u32 perm; + uint32_t perm; switch ( op ) { @@ -1524,14 +1532,14 @@ static int cf_check flask_shadow_control(struct domain *d, uint32_t op) } struct ioport_has_perm_data { - u32 ssid; - u32 dsid; - u32 perm; - u32 use_perm; + uint32_t ssid; + uint32_t dsid; + uint32_t perm; + uint32_t use_perm; }; static int cf_check _ioport_has_perm( - void *v, u32 sid, unsigned long start, unsigned long end) + void *v, uint32_t sid, unsigned long start, unsigned long end) { struct ioport_has_perm_data *data = v; struct avc_audit_data ad; @@ -1590,7 +1598,7 @@ static int cf_check flask_mem_sharing_op( static int cf_check flask_apic(struct domain *d, int cmd) { - u32 perm; + uint32_t perm; switch ( cmd ) { @@ -1622,7 +1630,7 @@ static int cf_check flask_mmu_update( struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { int rc = 0; - u32 map_perms = 0; + uint32_t map_perms = 0; if ( t && d != t ) rc = domain_has_perm(d, t, SECCLASS_MMU, MMU__REMOTE_REMAP); @@ -1649,7 +1657,7 @@ static int cf_check flask_mmuext_op(struct domain *d, struct domain *f) static int cf_check flask_update_va_mapping( struct domain *d, struct domain *f, l1_pgentry_t pte) { - u32 map_perms = MMU__MAP_READ; + uint32_t map_perms = MMU__MAP_READ; if ( !(l1e_get_flags(pte) & _PAGE_PRESENT) ) return 0; if ( l1e_get_flags(pte) & _PAGE_RW ) @@ -1665,7 +1673,7 @@ static int cf_check flask_priv_mapping(struct domain *d, struct domain *t) static int cf_check flask_pmu_op(struct domain *d, unsigned int op) { - u32 dsid = domain_sid(d); + uint32_t dsid = domain_sid(d); switch ( op ) { @@ -1694,7 +1702,7 @@ static int cf_check flask_dm_op(struct domain *d) static int cf_check flask_xen_version(uint32_t op) { - u32 dsid = domain_sid(current->domain); + uint32_t dsid = domain_sid(current->domain); switch ( op ) { @@ -1902,8 +1910,8 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = { #endif }; -const struct xsm_ops *__init flask_init(const void *policy_buffer, - size_t policy_size) +const struct xsm_ops *__init flask_init( + const void *policy_buffer, size_t policy_size) { int ret = -ENOENT; diff --git a/xen/xsm/flask/include/avc.h b/xen/xsm/flask/include/avc.h index c14bd07a2b..e29949f5a8 100644 --- a/xen/xsm/flask/include/avc.h +++ b/xen/xsm/flask/include/avc.h @@ -3,7 +3,7 @@ * * Author : Stephen Smalley, */ - + /* Ported to Xen 3.0, George Coker, */ #ifndef _FLASK_AVC_H_ diff --git a/xen/xsm/flask/ss/avtab.c b/xen/xsm/flask/ss/avtab.c index 55c2b4d8a4..017f5183de 100644 --- a/xen/xsm/flask/ss/avtab.c +++ b/xen/xsm/flask/ss/avtab.c @@ -35,7 +35,7 @@ static inline int avtab_hash(struct avtab_key *keyp, u16 mask) } static struct avtab_node* avtab_insert_node(struct avtab *h, int hvalue, - struct avtab_node * prev, struct avtab_node * cur, struct avtab_key *key, + struct avtab_node * prev, struct avtab_node * cur, struct avtab_key *key, struct avtab_datum *datum) { struct avtab_node *newnode = xzalloc(struct avtab_node); @@ -59,7 +59,7 @@ static struct avtab_node* avtab_insert_node(struct avtab *h, int hvalue, return newnode; } -static int avtab_insert(struct avtab *h, struct avtab_key *key, +static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum) { int hvalue; @@ -100,7 +100,7 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, * key/specified mask into the table, as needed by the conditional avtab. * It also returns a pointer to the node inserted. */ -struct avtab_node * avtab_insert_nonunique(struct avtab * h, +struct avtab_node * avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_datum * datum) { int hvalue; @@ -110,7 +110,7 @@ struct avtab_node * avtab_insert_nonunique(struct avtab * h, if ( !h || !h->htable ) return NULL; hvalue = avtab_hash(key, h->mask); - for ( prev = NULL, cur = h->htable[hvalue]; cur; + for ( prev = NULL, cur = h->htable[hvalue]; cur; prev = cur, cur = cur->next ) { if ( key->source_type == cur->key.source_type && @@ -199,7 +199,7 @@ struct avtab_node* avtab_search_node(struct avtab *h, struct avtab_key *key) return NULL; } -struct avtab_node* avtab_search_node_next(struct avtab_node *node, +struct avtab_node* avtab_search_node_next(struct avtab_node *node, int specified) { struct avtab_node *cur; diff --git a/xen/xsm/flask/ss/avtab.h b/xen/xsm/flask/ss/avtab.h index a2b50c222a..591604f927 100644 --- a/xen/xsm/flask/ss/avtab.h +++ b/xen/xsm/flask/ss/avtab.h @@ -74,12 +74,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, int avtab_read(struct avtab *a, void *fp, struct policydb *pol); -struct avtab_node *avtab_insert_nonunique(struct avtab *h, +struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum); struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key); -struct avtab_node *avtab_search_node_next(struct avtab_node *node, +struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified); #define MAX_AVTAB_HASH_BITS 13 diff --git a/xen/xsm/flask/ss/conditional.c b/xen/xsm/flask/ss/conditional.c index b4b116666c..e74fc01746 100644 --- a/xen/xsm/flask/ss/conditional.c +++ b/xen/xsm/flask/ss/conditional.c @@ -452,7 +452,7 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) goto err; } - if ( i == 0 ) + if ( i == 0 ) node->expr = expr; else last->next = expr; @@ -513,7 +513,7 @@ err: /* Determine whether additional permissions are granted by the conditional * av table, and if so, add them to the result */ -void cond_compute_av(struct avtab *ctab, struct avtab_key *key, +void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decision *avd) { struct avtab_node *node; diff --git a/xen/xsm/flask/ss/context.h b/xen/xsm/flask/ss/context.h index 302b3698a7..311edf8794 100644 --- a/xen/xsm/flask/ss/context.h +++ b/xen/xsm/flask/ss/context.h @@ -12,9 +12,9 @@ * * Author : Stephen Smalley, */ - + /* Ported to Xen 3.0, George Coker, */ - + #ifndef _SS_CONTEXT_H_ #define _SS_CONTEXT_H_ diff --git a/xen/xsm/flask/ss/mls.c b/xen/xsm/flask/ss/mls.c index f2fa560810..a3255ae01a 100644 --- a/xen/xsm/flask/ss/mls.c +++ b/xen/xsm/flask/ss/mls.c @@ -70,7 +70,7 @@ int mls_compute_context_len(struct context * context) } if ( l == 0 ) { - if ( mls_level_eq(&context->range.level[0], + if ( mls_level_eq(&context->range.level[0], &context->range.level[1]) ) break; else diff --git a/xen/xsm/flask/ss/policydb.c b/xen/xsm/flask/ss/policydb.c index ff2103c63e..162470bbbd 100644 --- a/xen/xsm/flask/ss/policydb.c +++ b/xen/xsm/flask/ss/policydb.c @@ -339,7 +339,7 @@ static int cf_check sens_index(void *key, void *datum, void *datap) if ( !levdatum->isalias ) { - if ( !levdatum->level->sens || levdatum->level->sens > + if ( !levdatum->level->sens || levdatum->level->sens > p->p_levels.nprim ) return -EINVAL; p->p_sens_val_to_name[levdatum->level->sens - 1] = key; diff --git a/xen/xsm/flask/ss/services.c b/xen/xsm/flask/ss/services.c index 2f6d3d350d..dab07b5f60 100644 --- a/xen/xsm/flask/ss/services.c +++ b/xen/xsm/flask/ss/services.c @@ -99,7 +99,7 @@ static int context_struct_compute_av(struct context *scontext, * constraint_expr_eval should pass in NULL for xcontext. */ static int constraint_expr_eval(struct context *scontext, - struct context *tcontext, struct context *xcontext, + struct context *tcontext, struct context *xcontext, struct constraint_expr *cexpr) { u32 val1, val2; @@ -1073,7 +1073,7 @@ static int security_compute_sid(u32 ssid, /* Look for a role transition rule. */ for ( roletr = policydb.role_tr; roletr; roletr = roletr->next ) { - if ( roletr->role == scontext->role && + if ( roletr->role == scontext->role && roletr->type == tcontext->type ) { /* Use the role transition rule. */ @@ -1485,7 +1485,7 @@ int security_irq_sid(int pirq, u32 *out_sid) POLICY_RDLOCK; c = policydb.ocontexts[OCON_PIRQ]; - + while ( c ) { if ( c->u.pirq == pirq ) diff --git a/xen/xsm/flask/ss/sidtab.c b/xen/xsm/flask/ss/sidtab.c index cd1360cb4a..74babfac9c 100644 --- a/xen/xsm/flask/ss/sidtab.c +++ b/xen/xsm/flask/ss/sidtab.c @@ -3,9 +3,9 @@ * * Author : Stephen Smalley, */ - + /* Ported to Xen 3.0, George Coker, */ - + #include #include #include @@ -192,7 +192,7 @@ void sidtab_map_remove_on_error(struct sidtab *s, return; } -static inline u32 sidtab_search_context(struct sidtab *s, +static inline u32 sidtab_search_context(struct sidtab *s, struct context *context) { int i; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 26 08:44:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Apr 2022 08:44:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.313548.531132 (Exim 4.92) (envelope-from ) id 1njGoG-0002D9-1Q; Tue, 26 Apr 2022 08:44:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 313548.531132; Tue, 26 Apr 2022 08:44:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njGoF-0002Cz-Ua; Tue, 26 Apr 2022 08:44:35 +0000 Received: by outflank-mailman (input) for mailman id 313548; Tue, 26 Apr 2022 08:44:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njGoE-0002Ca-QL for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 08:44:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njGoE-0008MC-Pe for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 08:44:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njGoE-0002xo-Oj for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 08:44:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=R2E67GubQrZO0ZMfILCTHaRiLfLD7rVTQnqC+KQui9g=; b=PEAlgUMAVku6hxpiazZhQfomaL qiV6jKZZkYqZS6/yLB8QjacxAocrNT2LrcwCLMcuUFH4FPjsfMU7BQZ9YkhBWzpYEEPNfcPGtWIOJ i0gGXg+r0TMsNyGMfdxupxNGQt7lFb2h579ZEvDD6J/tsfXloXzjD0dllzbDH6KEOO4A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] page_alloc: assert IRQs are enabled in heap alloc/free Message-Id: Date: Tue, 26 Apr 2022 08:44:34 +0000 commit 88a037e2cfe11a723fe420d3585837ab1bdc6f8a Author: David Vrabel AuthorDate: Tue Apr 26 10:33:01 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 26 10:33:01 2022 +0200 page_alloc: assert IRQs are enabled in heap alloc/free Heap pages can only be safely allocated and freed with interrupts enabled as they may require a TLB flush which may send IPIs (on x86). Normally spinlock debugging would catch calls from the incorrect context, but not from stop_machine_run() action functions as these are called with spin lock debugging disabled. Enhance the assertions in alloc_xenheap_pages() and alloc_domheap_pages() to check interrupts are enabled. For consistency the same asserts are used when freeing heap pages. As an exception, when only 1 PCPU is online, allocations are permitted with interrupts disabled as any TLB flushes would be local only. This is necessary during early boot. Signed-off-by: David Vrabel Reviewed-by: Jan Beulich --- xen/common/page_alloc.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 319029140f..e866e0d864 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -162,6 +162,13 @@ static char __initdata opt_badpage[100] = ""; string_param("badpage", opt_badpage); +/* + * Heap allocations may need TLB flushes which may require IRQs to be + * enabled (except when only 1 PCPU is online). + */ +#define ASSERT_ALLOC_CONTEXT() \ + ASSERT(!in_irq() && (local_irq_is_enabled() || num_online_cpus() <= 1)) + /* * no-bootscrub -> Free pages are not zeroed during boot. */ @@ -2160,7 +2167,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) { struct page_info *pg; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); pg = alloc_heap_pages(MEMZONE_XEN, MEMZONE_XEN, order, memflags | MEMF_no_scrub, NULL); @@ -2173,7 +2180,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) void free_xenheap_pages(void *v, unsigned int order) { - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( v == NULL ) return; @@ -2202,7 +2209,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) struct page_info *pg; unsigned int i; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( xenheap_bits && (memflags >> _MEMF_bits) > xenheap_bits ) memflags &= ~MEMF_bits(~0U); @@ -2224,7 +2231,7 @@ void free_xenheap_pages(void *v, unsigned int order) struct page_info *pg; unsigned int i; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( v == NULL ) return; @@ -2249,7 +2256,7 @@ void init_domheap_pages(paddr_t ps, paddr_t pe) { mfn_t smfn, emfn; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); smfn = maddr_to_mfn(round_pgup(ps)); emfn = maddr_to_mfn(round_pgdown(pe)); @@ -2369,7 +2376,7 @@ struct page_info *alloc_domheap_pages( unsigned int bits = memflags >> _MEMF_bits, zone_hi = NR_ZONES - 1; unsigned int dma_zone; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); bits = domain_clamp_alloc_bitsize(memflags & MEMF_no_owner ? NULL : d, bits ? : (BITS_PER_LONG+PAGE_SHIFT)); @@ -2419,7 +2426,7 @@ void free_domheap_pages(struct page_info *pg, unsigned int order) unsigned int i; bool drop_dom_ref; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( unlikely(is_xen_heap_page(pg)) ) { @@ -2738,7 +2745,7 @@ int __init acquire_domstatic_pages(struct domain *d, mfn_t smfn, { struct page_info *pg; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); pg = acquire_staticmem_pages(smfn, nr_mfns, memflags); if ( !pg ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 26 14:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Apr 2022 14:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.313926.531731 (Exim 4.92) (envelope-from ) id 1njLuE-0004v7-6T; Tue, 26 Apr 2022 14:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 313926.531731; Tue, 26 Apr 2022 14:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njLuE-0004uz-3Z; Tue, 26 Apr 2022 14:11:06 +0000 Received: by outflank-mailman (input) for mailman id 313926; Tue, 26 Apr 2022 14:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njLuC-0004ur-Ov for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 14:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njLuC-0005ve-MX for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 14:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njLuC-0007Cw-Lc for xen-changelog@lists.xenproject.org; Tue, 26 Apr 2022 14:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EF71vTItFWEI3wOiv93W59e4X7QkQzfEeNlno7oS/4I=; b=exCtDQVzIc/vguo0L9jvLo7JI+ eyWJiwvZEjzYIG8UvC0zME0Jrd6MttrydcWDyJNHR9q+xi6itSUDnM6xUmBU04KqqtBHzyjsUTM8k oCQ6kRrfdRAgW1CPlQOZnBCEEyRVeZBo1LVLz8TXq7Brfuc7mFfjfm87vgnAQdcmnQQY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Revert "page_alloc: assert IRQs are enabled in heap alloc/free" Message-Id: Date: Tue, 26 Apr 2022 14:11:04 +0000 commit 3f5d61466345ed2213de2d7e391b6cd6d4b86015 Author: Jan Beulich AuthorDate: Tue Apr 26 16:02:21 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 26 16:02:21 2022 +0200 Revert "page_alloc: assert IRQs are enabled in heap alloc/free" This reverts commit 88a037e2cfe11a723fe420d3585837ab1bdc6f8a, as it break booting on Arm. --- xen/common/page_alloc.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index e866e0d864..319029140f 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -162,13 +162,6 @@ static char __initdata opt_badpage[100] = ""; string_param("badpage", opt_badpage); -/* - * Heap allocations may need TLB flushes which may require IRQs to be - * enabled (except when only 1 PCPU is online). - */ -#define ASSERT_ALLOC_CONTEXT() \ - ASSERT(!in_irq() && (local_irq_is_enabled() || num_online_cpus() <= 1)) - /* * no-bootscrub -> Free pages are not zeroed during boot. */ @@ -2167,7 +2160,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) { struct page_info *pg; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); pg = alloc_heap_pages(MEMZONE_XEN, MEMZONE_XEN, order, memflags | MEMF_no_scrub, NULL); @@ -2180,7 +2173,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) void free_xenheap_pages(void *v, unsigned int order) { - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( v == NULL ) return; @@ -2209,7 +2202,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) struct page_info *pg; unsigned int i; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( xenheap_bits && (memflags >> _MEMF_bits) > xenheap_bits ) memflags &= ~MEMF_bits(~0U); @@ -2231,7 +2224,7 @@ void free_xenheap_pages(void *v, unsigned int order) struct page_info *pg; unsigned int i; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( v == NULL ) return; @@ -2256,7 +2249,7 @@ void init_domheap_pages(paddr_t ps, paddr_t pe) { mfn_t smfn, emfn; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); smfn = maddr_to_mfn(round_pgup(ps)); emfn = maddr_to_mfn(round_pgdown(pe)); @@ -2376,7 +2369,7 @@ struct page_info *alloc_domheap_pages( unsigned int bits = memflags >> _MEMF_bits, zone_hi = NR_ZONES - 1; unsigned int dma_zone; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); bits = domain_clamp_alloc_bitsize(memflags & MEMF_no_owner ? NULL : d, bits ? : (BITS_PER_LONG+PAGE_SHIFT)); @@ -2426,7 +2419,7 @@ void free_domheap_pages(struct page_info *pg, unsigned int order) unsigned int i; bool drop_dom_ref; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( unlikely(is_xen_heap_page(pg)) ) { @@ -2745,7 +2738,7 @@ int __init acquire_domstatic_pages(struct domain *d, mfn_t smfn, { struct page_info *pg; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); pg = acquire_staticmem_pages(smfn, nr_mfns, memflags); if ( !pg ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 07:22:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 07:22:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.314470.532531 (Exim 4.92) (envelope-from ) id 1njbzx-0003bs-Ad; Wed, 27 Apr 2022 07:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 314470.532531; Wed, 27 Apr 2022 07:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njbzx-0003bk-7i; Wed, 27 Apr 2022 07:22:05 +0000 Received: by outflank-mailman (input) for mailman id 314470; Wed, 27 Apr 2022 07:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njbzw-0003be-7g for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 07:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njbzw-0007KX-5G for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 07:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njbzw-00008W-4J for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 07:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=19q1ZLtx/LPWN2DTA0hVJsYKk6vGrWKzDh/MG8L+x04=; b=5J43Nq+EfTB1w3VgOy2V01UMeq F1WG+HLS2Ba6nWIKP/sZ1zFIzRRN62Nq0T3AWml4pUm41jEryu5l9wE1EdeRPYnPgxVSZbQpgx6Oi 6YKimfxx34se7QlItB2bDpSgNQ7c+1QT2nwJCkglD/doJ08+n42aCvdgC9bF6l5M26l8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/vmx: add hvm functions to get/set non-register state Message-Id: Date: Wed, 27 Apr 2022 07:22:04 +0000 commit 010bc50adaf58c78db4ad1329b0130d96e13f8e2 Author: Tamas K Lengyel AuthorDate: Wed Apr 27 09:13:39 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 27 09:13:39 2022 +0200 x86/vmx: add hvm functions to get/set non-register state During VM forking and resetting a failed vmentry has been observed due to the guest non-register state going out-of-sync with the guest register state. For example, a VM fork reset right after a STI instruction can trigger the failed entry. This is due to the guest non-register state not being saved from the parent VM, thus the reset operation only copies the register state. Fix this by adding a new pair of hvm functions to get/set the guest non-register state so that the overall vCPU state remains in sync. Signed-off-by: Tamas K Lengyel Reviewed-by: Kevin Tian Acked-by: Jan Beulich --- xen/arch/x86/hvm/vmx/vmx.c | 32 ++++++++++++++++++++++++++++++++ xen/arch/x86/include/asm/hvm/hvm.h | 29 +++++++++++++++++++++++++++++ xen/arch/x86/mm/mem_sharing.c | 12 +++++++++++- 3 files changed, 72 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index cc8c4e9f04..d03e78bf0d 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -1334,6 +1334,36 @@ static void cf_check vmx_set_interrupt_shadow( __vmwrite(GUEST_INTERRUPTIBILITY_INFO, intr_shadow); } +static void cf_check vmx_get_nonreg_state(struct vcpu *v, + struct hvm_vcpu_nonreg_state *nrs) +{ + vmx_vmcs_enter(v); + + __vmread(GUEST_ACTIVITY_STATE, &nrs->vmx.activity_state); + __vmread(GUEST_INTERRUPTIBILITY_INFO, &nrs->vmx.interruptibility_info); + __vmread(GUEST_PENDING_DBG_EXCEPTIONS, &nrs->vmx.pending_dbg); + + if ( cpu_has_vmx_virtual_intr_delivery ) + __vmread(GUEST_INTR_STATUS, &nrs->vmx.interrupt_status); + + vmx_vmcs_exit(v); +} + +static void cf_check vmx_set_nonreg_state(struct vcpu *v, + struct hvm_vcpu_nonreg_state *nrs) +{ + vmx_vmcs_enter(v); + + __vmwrite(GUEST_ACTIVITY_STATE, nrs->vmx.activity_state); + __vmwrite(GUEST_INTERRUPTIBILITY_INFO, nrs->vmx.interruptibility_info); + __vmwrite(GUEST_PENDING_DBG_EXCEPTIONS, nrs->vmx.pending_dbg); + + if ( cpu_has_vmx_virtual_intr_delivery ) + __vmwrite(GUEST_INTR_STATUS, nrs->vmx.interrupt_status); + + vmx_vmcs_exit(v); +} + static void vmx_load_pdptrs(struct vcpu *v) { uint32_t cr3 = v->arch.hvm.guest_cr[3]; @@ -2487,6 +2517,8 @@ static struct hvm_function_table __initdata_cf_clobber vmx_function_table = { .load_cpu_ctxt = vmx_load_vmcs_ctxt, .get_interrupt_shadow = vmx_get_interrupt_shadow, .set_interrupt_shadow = vmx_set_interrupt_shadow, + .get_nonreg_state = vmx_get_nonreg_state, + .set_nonreg_state = vmx_set_nonreg_state, .guest_x86_mode = vmx_guest_x86_mode, .get_cpl = _vmx_get_cpl, .get_segment_register = vmx_get_segment_register, diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 5b7ec0cf69..caaeacabc7 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -84,6 +84,17 @@ enum hvm_intblk { /* update_guest_cr() flags. */ #define HVM_UPDATE_GUEST_CR3_NOFLUSH 0x00000001 +struct hvm_vcpu_nonreg_state { + union { + struct { + uint64_t activity_state; + uint64_t interruptibility_info; + uint64_t pending_dbg; + uint64_t interrupt_status; + } vmx; + }; +}; + /* * The hardware virtual machine (HVM) interface abstracts away from the * x86/x86_64 CPU virtualization assist specifics. Currently this interface @@ -122,6 +133,10 @@ struct hvm_function_table { /* Examine specifics of the guest state. */ unsigned int (*get_interrupt_shadow)(struct vcpu *v); void (*set_interrupt_shadow)(struct vcpu *v, unsigned int intr_shadow); + void (*get_nonreg_state)(struct vcpu *v, + struct hvm_vcpu_nonreg_state *nrs); + void (*set_nonreg_state)(struct vcpu *v, + struct hvm_vcpu_nonreg_state *nrs); int (*guest_x86_mode)(struct vcpu *v); unsigned int (*get_cpl)(struct vcpu *v); void (*get_segment_register)(struct vcpu *v, enum x86_segment seg, @@ -744,6 +759,20 @@ void hvm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val); d_->arch.hvm.pi_ops.vcpu_block(v_); \ }) +static inline void hvm_get_nonreg_state(struct vcpu *v, + struct hvm_vcpu_nonreg_state *nrs) +{ + if ( hvm_funcs.get_nonreg_state ) + alternative_vcall(hvm_funcs.get_nonreg_state, v, nrs); +} + +static inline void hvm_set_nonreg_state(struct vcpu *v, + struct hvm_vcpu_nonreg_state *nrs) +{ + if ( hvm_funcs.set_nonreg_state ) + alternative_vcall(hvm_funcs.set_nonreg_state, v, nrs); +} + #else /* CONFIG_HVM */ #define hvm_enabled false diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index a5c16b4429..61538c3fb2 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -1645,6 +1645,14 @@ static int bring_up_vcpus(struct domain *cd, struct domain *d) return 0; } +static void copy_vcpu_nonreg_state(struct vcpu *d_vcpu, struct vcpu *cd_vcpu) +{ + struct hvm_vcpu_nonreg_state nrs = {}; + + hvm_get_nonreg_state(d_vcpu, &nrs); + hvm_set_nonreg_state(cd_vcpu, &nrs); +} + static int copy_vcpu_settings(struct domain *cd, const struct domain *d) { unsigned int i; @@ -1653,7 +1661,7 @@ static int copy_vcpu_settings(struct domain *cd, const struct domain *d) for ( i = 0; i < cd->max_vcpus; i++ ) { - const struct vcpu *d_vcpu = d->vcpu[i]; + struct vcpu *d_vcpu = d->vcpu[i]; struct vcpu *cd_vcpu = cd->vcpu[i]; mfn_t vcpu_info_mfn; @@ -1696,6 +1704,8 @@ static int copy_vcpu_settings(struct domain *cd, const struct domain *d) hvm_vmtrace_reset(cd_vcpu); + copy_vcpu_nonreg_state(d_vcpu, cd_vcpu); + /* * TODO: to support VMs with PV interfaces copy additional * settings here, such as PV timers. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 07:22:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 07:22:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.314471.532535 (Exim 4.92) (envelope-from ) id 1njc08-0003e9-CE; Wed, 27 Apr 2022 07:22:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 314471.532535; Wed, 27 Apr 2022 07:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njc08-0003dt-9E; Wed, 27 Apr 2022 07:22:16 +0000 Received: by outflank-mailman (input) for mailman id 314471; Wed, 27 Apr 2022 07:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njc06-0003db-9G for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 07:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njc06-0007Ki-8X for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 07:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njc06-00009Z-7P for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 07:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SfZf3olAhPFe0Skx84HmEO71I4hI9VVJcsaL1JtTI0w=; b=x+TiOwt7BqBJfNaN+HRi2axGXH JdKIsJmahuM605x7yF3ov2vmvkI4CDBFJJP9HDJkjT920xWDHZhUgzFN20rME+z7YFL9DlL107Gcu w570ZJRD6kNPefPUyHoWRfFKKVco+7jPZutY68nI5b9OsQ3xXWuKAIZMLQCaZxWePeig=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxl: retry QMP PCI device_add Message-Id: Date: Wed, 27 Apr 2022 07:22:14 +0000 commit 0f4fd6b6d805c89d19843c7ad70adc772a7d1203 Author: Jason Andryuk AuthorDate: Wed Apr 27 09:14:30 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 27 09:14:30 2022 +0200 libxl: retry QMP PCI device_add PCI device assignment to an HVM with stubdom is potentially racy. First the PCI device is assigned to the stubdom via the PV PCI protocol. Then QEMU is sent a QMP command to attach the PCI device to QEMU running within the stubdom. However, the sysfs entries within the stubdom may not have appeared by the time QEMU receives the device_add command resulting in errors like: libxl_qmp.c:1838:qmp_ev_parse_error_messages:Domain 10:Could not open '/sys/bus/pci/devices/0000:00:1f.3/config': No such file or directory This patch retries the device assignment up to 10 times with a 1 second delay between. That roughly matches the overall hotplug timeout for pci_add_timeout. pci_add_timeout's initialization is moved to do_pci_add since retries call into pci_add_qmp_device_add again. The qmp_ev_parse_error_messages error is still printed since it happens at a lower level than the pci code controlling the retries. With that, the "Retrying PCI add %d" message is also printed at ERROR level to clarify what is happening. Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_pci.c | 44 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/tools/libs/light/libxl_pci.c b/tools/libs/light/libxl_pci.c index 4bbbfe9f16..96f88795b6 100644 --- a/tools/libs/light/libxl_pci.c +++ b/tools/libs/light/libxl_pci.c @@ -1109,8 +1109,10 @@ typedef struct pci_add_state { libxl__xswait_state xswait; libxl__ev_qmp qmp; libxl__ev_time timeout; + libxl__ev_time timeout_retries; libxl_device_pci pci; libxl_domid pci_domid; + int retries; } pci_add_state; static void pci_add_qemu_trad_watch_state_cb(libxl__egc *egc, @@ -1118,6 +1120,8 @@ static void pci_add_qemu_trad_watch_state_cb(libxl__egc *egc, static void pci_add_qmp_device_add(libxl__egc *, pci_add_state *); static void pci_add_qmp_device_add_cb(libxl__egc *, libxl__ev_qmp *, const libxl__json_object *, int rc); +static void pci_add_qmp_device_add_retry(libxl__egc *egc, libxl__ev_time *ev, + const struct timeval *requested_abs, int rc); static void pci_add_qmp_query_pci_cb(libxl__egc *, libxl__ev_qmp *, const libxl__json_object *, int rc); static void pci_add_timeout(libxl__egc *egc, libxl__ev_time *ev, @@ -1137,7 +1141,9 @@ static void do_pci_add(libxl__egc *egc, libxl__xswait_init(&pas->xswait); libxl__ev_qmp_init(&pas->qmp); pas->pci_domid = domid; + pas->retries = 0; libxl__ev_time_init(&pas->timeout); + libxl__ev_time_init(&pas->timeout_retries); if (type == LIBXL_DOMAIN_TYPE_INVALID) { rc = ERROR_FAIL; @@ -1157,6 +1163,11 @@ static void do_pci_add(libxl__egc *egc, if (rc) goto out; return; case LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN: + rc = libxl__ev_time_register_rel(ao, &pas->timeout, + pci_add_timeout, + LIBXL_QMP_CMD_TIMEOUT * 1000); + if (rc) goto out; + pci_add_qmp_device_add(egc, pas); /* must be last */ return; default: @@ -1205,11 +1216,6 @@ static void pci_add_qmp_device_add(libxl__egc *egc, pci_add_state *pas) libxl_device_pci *pci = &pas->pci; libxl__ev_qmp *const qmp = &pas->qmp; - rc = libxl__ev_time_register_rel(ao, &pas->timeout, - pci_add_timeout, - LIBXL_QMP_CMD_TIMEOUT * 1000); - if (rc) goto out; - libxl__qmp_param_add_string(gc, &args, "driver", "xen-pci-passthrough"); QMP_PARAMETERS_SPRINTF(&args, "id", PCI_PT_QDEV_ID, @@ -1255,7 +1261,23 @@ static void pci_add_qmp_device_add_cb(libxl__egc *egc, EGC_GC; pci_add_state *pas = CONTAINER_OF(qmp, *pas, qmp); - if (rc) goto out; + if (rc) { + /* Retry only applicable for HVM with stubdom. */ + if (libxl_get_stubdom_id(CTX, qmp->domid) == 0) + goto out; + + if (pas->retries++ < 10) { + LOGD(ERROR, qmp->domid, "Retrying PCI add %d", pas->retries); + rc = libxl__ev_time_register_rel(pas->aodev->ao, + &pas->timeout_retries, + pci_add_qmp_device_add_retry, + 1000); + if (rc) goto out; + return; /* Wait for the timeout to then retry. */ + } else { + goto out; + } + } qmp->callback = pci_add_qmp_query_pci_cb; rc = libxl__ev_qmp_send(egc, qmp, "query-pci", NULL); @@ -1266,6 +1288,15 @@ out: pci_add_dm_done(egc, pas, rc); /* must be last */ } +static void pci_add_qmp_device_add_retry(libxl__egc *egc, libxl__ev_time *ev, + const struct timeval *requested_abs, + int rc) +{ + pci_add_state *pas = CONTAINER_OF(ev, *pas, timeout_retries); + + pci_add_qmp_device_add(egc, pas); +} + static void pci_add_qmp_query_pci_cb(libxl__egc *egc, libxl__ev_qmp *qmp, const libxl__json_object *response, @@ -1507,6 +1538,7 @@ out_no_irq: rc = 0; out: libxl__ev_time_deregister(gc, &pas->timeout); + libxl__ev_time_deregister(gc, &pas->timeout_retries); pas->callback(egc, pas, rc); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 07:22:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 07:22:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.314472.532539 (Exim 4.92) (envelope-from ) id 1njc0I-0003h4-Di; Wed, 27 Apr 2022 07:22:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 314472.532539; Wed, 27 Apr 2022 07:22:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njc0I-0003gw-Aj; Wed, 27 Apr 2022 07:22:26 +0000 Received: by outflank-mailman (input) for mailman id 314472; Wed, 27 Apr 2022 07:22:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njc0G-0003ge-CR for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 07:22:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njc0G-0007L9-Bd for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 07:22:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njc0G-0000AB-Ac for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 07:22:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kwgBr8s4Ah4TcgzPJy5V3LyfbJLRNz2n9SSd+o1xiVs=; b=GgGMRPVoYrU0YJaUYRlRuteRqI 5GMwrKfUS1oI1Lh3cgTmpwMtqTTh7OV9qgJIoRkrLVV6Wi8fPFK94mCgXgC0sxv8ww/iIMoI9Mm0o J7zVSW7eRxzkfX/st8TNTuhX0oyBZa/R5lbuarKpafMpO6jVf9gQm4lxoyC5cAiD/uZM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] EFI: don't mistakenly delete a file we never installed Message-Id: Date: Wed, 27 Apr 2022 07:22:24 +0000 commit 163071b1800304c962756789b4ef0ddb978059ba Author: Jan Beulich AuthorDate: Wed Apr 27 09:15:03 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 27 09:15:03 2022 +0200 EFI: don't mistakenly delete a file we never installed Just like for "install", make dealing with xen.efi on the EFI partition dependent upon mount point and vendor directory being known. Signed-off-by: Jan Beulich Reviewed-by: Bertrand Marquis --- xen/Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index ec34524ed2..735d5f6e45 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -515,7 +515,9 @@ _uninstall: rm -f $(D)$(DEBUG_DIR)/$(T)-$(XEN_FULLVERSION).efi.map rm -f $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi rm -f $(D)$(EFI_DIR)/$(T).efi - rm -f $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi + if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ + rm -f $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ + fi .PHONY: _debug _debug: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 08:55:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 08:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.314580.532699 (Exim 4.92) (envelope-from ) id 1njdRx-0003yx-Kt; Wed, 27 Apr 2022 08:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 314580.532699; Wed, 27 Apr 2022 08:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njdRx-0003yp-Hs; Wed, 27 Apr 2022 08:55:05 +0000 Received: by outflank-mailman (input) for mailman id 314580; Wed, 27 Apr 2022 08:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njdRw-0003yj-F7 for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 08:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njdRw-00013X-EK for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 08:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njdRw-0006Ay-DQ for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 08:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ep5YQHMqagafUQcURrzIfIplH2+MmhrYXTEKVpVUmIs=; b=VGFAbTiK8CxewHwSQ6ErEURbvV RL3JLjfufQWNK1Bmz19p/rQdeJjOnyXx+u8Rh46fk+k/qnPhLiXeoUbgbzwfX2L1tWkKXHMttQMwH VsbyvSMtyHenxxnXuPuuL4uA2PkBtelN/G//BsR6PqbhgICVk0LHV/YmfxUx5pa64AyY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: alternative: Don't call vmap() within stop_machine_run() Message-Id: Date: Wed, 27 Apr 2022 08:55:04 +0000 commit fbd2445558beff90eb9607308f0845b18a7a2b5a Author: Julien Grall AuthorDate: Tue Apr 26 21:06:29 2022 +0100 Commit: Julien Grall CommitDate: Wed Apr 27 09:50:40 2022 +0100 xen/arm: alternative: Don't call vmap() within stop_machine_run() Commit 88a037e2cfe1 "page_alloc: assert IRQs are enabled in heap alloc/free" extended the checks in the buddy allocator to catch any use of the helpers from context with interrupts disabled. Unfortunately, the rule is not followed in the alternative code and this will result to crash at boot with debug enabled: (XEN) Xen call trace: (XEN) [<0022a510>] alloc_xenheap_pages+0x120/0x150 (PC) (XEN) [<00000000>] 00000000 (LR) (XEN) [<002736ac>] arch/arm/mm.c#xen_pt_update+0x144/0x6e4 (XEN) [<002740d4>] map_pages_to_xen+0x10/0x20 (XEN) [<00236864>] __vmap+0x400/0x4a4 (XEN) [<0026aee8>] arch/arm/alternative.c#__apply_alternatives_multi_stop+0x144/0x1ec (XEN) [<0022fe40>] stop_machine_run+0x23c/0x300 (XEN) [<002c40c4>] apply_alternatives_all+0x34/0x5c (XEN) [<002ce3e8>] start_xen+0xcb8/0x1024 (XEN) [<00200068>] arch/arm/arm32/head.o#primary_switched+0xc/0x1c The interrupts will be disabled by the state machine in stop_machine_run(), hence why the ASSERT is hit. For now the patch extending the checks has been reverted, but it would be good to re-introduce it (allocation with interrupts disabled is not desirable). So move the re-mapping of Xen to the caller of stop_machine_run(). Signed-off-by: Julien Grall Cc: David Vrabel Reviewed-by: Stefano Stabellini --- xen/arch/arm/alternative.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/xen/arch/arm/alternative.c b/xen/arch/arm/alternative.c index 237c4e5642..f03cd943c6 100644 --- a/xen/arch/arm/alternative.c +++ b/xen/arch/arm/alternative.c @@ -170,7 +170,7 @@ static int __apply_alternatives(const struct alt_region *region, * We might be patching the stop_machine state machine, so implement a * really simple polling protocol here. */ -static int __apply_alternatives_multi_stop(void *unused) +static int __apply_alternatives_multi_stop(void *xenmap) { static int patched = 0; @@ -185,22 +185,9 @@ static int __apply_alternatives_multi_stop(void *unused) { int ret; struct alt_region region; - mfn_t xen_mfn = virt_to_mfn(_start); - paddr_t xen_size = _end - _start; - unsigned int xen_order = get_order_from_bytes(xen_size); - void *xenmap; BUG_ON(patched); - /* - * The text and inittext section are read-only. So re-map Xen to - * be able to patch the code. - */ - xenmap = __vmap(&xen_mfn, 1U << xen_order, 1, 1, PAGE_HYPERVISOR, - VMAP_DEFAULT); - /* Re-mapping Xen is not expected to fail during boot. */ - BUG_ON(!xenmap); - region.begin = __alt_instructions; region.end = __alt_instructions_end; @@ -208,8 +195,6 @@ static int __apply_alternatives_multi_stop(void *unused) /* The patching is not expected to fail during boot. */ BUG_ON(ret != 0); - vunmap(xenmap); - /* Barriers provided by the cache flushing */ write_atomic(&patched, 1); } @@ -224,14 +209,29 @@ static int __apply_alternatives_multi_stop(void *unused) void __init apply_alternatives_all(void) { int ret; + mfn_t xen_mfn = virt_to_mfn(_start); + paddr_t xen_size = _end - _start; + unsigned int xen_order = get_order_from_bytes(xen_size); + void *xenmap; ASSERT(system_state != SYS_STATE_active); + /* + * The text and inittext section are read-only. So re-map Xen to + * be able to patch the code. + */ + xenmap = __vmap(&xen_mfn, 1U << xen_order, 1, 1, PAGE_HYPERVISOR, + VMAP_DEFAULT); + /* Re-mapping Xen is not expected to fail during boot. */ + BUG_ON(!xenmap); + /* better not try code patching on a live SMP system */ - ret = stop_machine_run(__apply_alternatives_multi_stop, NULL, NR_CPUS); + ret = stop_machine_run(__apply_alternatives_multi_stop, xenmap, NR_CPUS); /* stop_machine_run should never fail at this stage of the boot */ BUG_ON(ret); + + vunmap(xenmap); } int apply_alternatives(const struct alt_instr *start, const struct alt_instr *end) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 08:55:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 08:55:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.314582.532704 (Exim 4.92) (envelope-from ) id 1njdS7-00041Y-Nu; Wed, 27 Apr 2022 08:55:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 314582.532704; Wed, 27 Apr 2022 08:55:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njdS7-00041Q-Ke; Wed, 27 Apr 2022 08:55:15 +0000 Received: by outflank-mailman (input) for mailman id 314582; Wed, 27 Apr 2022 08:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njdS6-00041I-I0 for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 08:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njdS6-00013i-HE for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 08:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njdS6-0006Bb-GW for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 08:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dFV5+24GmOkIOpNsQdsb9/WVLKgFB0eGSMEczGPS7ck=; b=Dd2bVGUjEAZ6yvOE/czh4GAuWa ZMMl9VuxmxaugXmZIUXMmLmjW1MNt7OV8eJuklf93KF/w8A6w63qFAXGuKRVNm8eRN7MV5egachKX MB9vrmjpJMLWEIx578QuWWc2RqJa+LwJ/gy/KYUw9d0/ATEM4YN1NDbJJqU6o7T/CeFI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] page_alloc: assert IRQs are enabled in heap alloc/free Message-Id: Date: Wed, 27 Apr 2022 08:55:14 +0000 commit fa6dc0879ffd3dffffaea2837953c7a8761a9ba0 Author: David Vrabel AuthorDate: Tue Apr 26 10:33:01 2022 +0200 Commit: Julien Grall CommitDate: Wed Apr 27 09:52:12 2022 +0100 page_alloc: assert IRQs are enabled in heap alloc/free Heap pages can only be safely allocated and freed with interrupts enabled as they may require a TLB flush which may send IPIs (on x86). Normally spinlock debugging would catch calls from the incorrect context, but not from stop_machine_run() action functions as these are called with spin lock debugging disabled. Enhance the assertions in alloc_xenheap_pages() and alloc_domheap_pages() to check interrupts are enabled. For consistency the same asserts are used when freeing heap pages. As an exception, when only 1 PCPU is online, allocations are permitted with interrupts disabled as any TLB flushes would be local only. This is necessary during early boot. Signed-off-by: David Vrabel Reviewed-by: Jan Beulich --- xen/common/page_alloc.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 319029140f..e866e0d864 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -162,6 +162,13 @@ static char __initdata opt_badpage[100] = ""; string_param("badpage", opt_badpage); +/* + * Heap allocations may need TLB flushes which may require IRQs to be + * enabled (except when only 1 PCPU is online). + */ +#define ASSERT_ALLOC_CONTEXT() \ + ASSERT(!in_irq() && (local_irq_is_enabled() || num_online_cpus() <= 1)) + /* * no-bootscrub -> Free pages are not zeroed during boot. */ @@ -2160,7 +2167,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) { struct page_info *pg; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); pg = alloc_heap_pages(MEMZONE_XEN, MEMZONE_XEN, order, memflags | MEMF_no_scrub, NULL); @@ -2173,7 +2180,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) void free_xenheap_pages(void *v, unsigned int order) { - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( v == NULL ) return; @@ -2202,7 +2209,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) struct page_info *pg; unsigned int i; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( xenheap_bits && (memflags >> _MEMF_bits) > xenheap_bits ) memflags &= ~MEMF_bits(~0U); @@ -2224,7 +2231,7 @@ void free_xenheap_pages(void *v, unsigned int order) struct page_info *pg; unsigned int i; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( v == NULL ) return; @@ -2249,7 +2256,7 @@ void init_domheap_pages(paddr_t ps, paddr_t pe) { mfn_t smfn, emfn; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); smfn = maddr_to_mfn(round_pgup(ps)); emfn = maddr_to_mfn(round_pgdown(pe)); @@ -2369,7 +2376,7 @@ struct page_info *alloc_domheap_pages( unsigned int bits = memflags >> _MEMF_bits, zone_hi = NR_ZONES - 1; unsigned int dma_zone; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); bits = domain_clamp_alloc_bitsize(memflags & MEMF_no_owner ? NULL : d, bits ? : (BITS_PER_LONG+PAGE_SHIFT)); @@ -2419,7 +2426,7 @@ void free_domheap_pages(struct page_info *pg, unsigned int order) unsigned int i; bool drop_dom_ref; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( unlikely(is_xen_heap_page(pg)) ) { @@ -2738,7 +2745,7 @@ int __init acquire_domstatic_pages(struct domain *d, mfn_t smfn, { struct page_info *pg; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); pg = acquire_staticmem_pages(smfn, nr_mfns, memflags); if ( !pg ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 15:33:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 15:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.315176.533591 (Exim 4.92) (envelope-from ) id 1njjf8-0003b9-0P; Wed, 27 Apr 2022 15:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 315176.533591; Wed, 27 Apr 2022 15:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njjf7-0003b1-Ts; Wed, 27 Apr 2022 15:33:05 +0000 Received: by outflank-mailman (input) for mailman id 315176; Wed, 27 Apr 2022 15:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njjf6-0003al-GP for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 15:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njjf6-0000ME-Ff for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 15:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njjf6-000655-Em for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 15:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1Vdj1gFbSQ57/qa3Xji07Jb6AGv+YssG00wkUd3t9Qc=; b=4jsl/LPmDmH5mYqZ4rJFjGkT2e +FYvLvDlCNfEdyKa2VgUrbSCEAT3ZMjLzSYTJbaF34O2y4a0PQ0+WlZ+Jrlexap6PhANnk8XJAhcL 7GGLwkkG0Vvd9dsfoFpg6j4BNtSg3Lp3c1IoQXuNYEB6byWA4jqgMcIMs9DazVhMQlTs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm64: io: Handle data abort due to cache maintenance instructions Message-Id: Date: Wed, 27 Apr 2022 15:33:04 +0000 commit 53b705d02cec03861044e673536586bd1b2443bd Author: Ayan Kumar Halder AuthorDate: Thu Mar 24 13:37:05 2022 +0000 Commit: Julien Grall CommitDate: Wed Apr 27 16:27:51 2022 +0100 xen/arm64: io: Handle data abort due to cache maintenance instructions When the data abort is caused due to cache maintenance for an address, there are three scenarios:- 1. Address belonging to a non emulated region - For this, Xen should set the corresponding bit in the translation table entry to valid and return to the guest to retry the instruction. This can happen sometimes as Xen need to set the translation table entry to invalid. (for eg 'Break-Before-Make' sequence). Xen returns to the guest to retry the instruction. 2. Address belongs to an emulated region - Xen should ignore the instruction (ie increment the PC) and return to the guest. 3. Address is invalid - Xen should forward the data abort to the guest. Signed-off-by: Ayan Kumar Halder [julien: Don't initialize p.size to 1 << info->dabt.size] Reviewed-by: Julien Grall --- xen/arch/arm/include/asm/mmio.h | 1 + xen/arch/arm/io.c | 20 +++++++++++++++++++- xen/arch/arm/ioreq.c | 17 ++++++++++++++--- 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/include/asm/mmio.h b/xen/arch/arm/include/asm/mmio.h index ca259a79c2..79e64d9af8 100644 --- a/xen/arch/arm/include/asm/mmio.h +++ b/xen/arch/arm/include/asm/mmio.h @@ -35,6 +35,7 @@ enum instr_decode_state * instruction. */ INSTR_LDR_STR_POSTINDEXING, + INSTR_CACHE, /* Cache Maintenance instr */ }; typedef struct diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index 6f458ee7fd..4ce94243aa 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -139,6 +139,17 @@ void try_decode_instruction(const struct cpu_user_regs *regs, return; } + /* + * When the data abort is caused due to cache maintenance, Xen should check + * if the address belongs to an emulated MMIO region or not. The behavior + * will differ accordingly. + */ + if ( info->dabt.cache ) + { + info->dabt_instr.state = INSTR_CACHE; + return; + } + /* * Armv8 processor does not provide a valid syndrome for decoding some * instructions. So in order to process these instructions, Xen must @@ -161,7 +172,7 @@ enum io_state try_handle_mmio(struct cpu_user_regs *regs, ASSERT(info->dabt.ec == HSR_EC_DATA_ABORT_LOWER_EL); - if ( !info->dabt.valid ) + if ( !(info->dabt.valid || (info->dabt_instr.state == INSTR_CACHE)) ) { ASSERT_UNREACHABLE(); return IO_ABORT; @@ -177,6 +188,13 @@ enum io_state try_handle_mmio(struct cpu_user_regs *regs, return rc; } + /* + * When the data abort is caused due to cache maintenance and the address + * belongs to an emulated region, Xen should ignore this instruction. + */ + if ( info->dabt_instr.state == INSTR_CACHE ) + return IO_HANDLED; + /* * At this point, we know that the instruction is either valid or has been * decoded successfully. Thus, Xen should be allowed to execute the diff --git a/xen/arch/arm/ioreq.c b/xen/arch/arm/ioreq.c index 54167aebcb..bdd536e873 100644 --- a/xen/arch/arm/ioreq.c +++ b/xen/arch/arm/ioreq.c @@ -47,12 +47,11 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, struct vcpu *v, mmio_info_t *info) { struct vcpu_io *vio = &v->io; - struct instr_details instr = info->dabt_instr; + const struct instr_details instr = info->dabt_instr; struct hsr_dabt dabt = info->dabt; ioreq_t p = { .type = IOREQ_TYPE_COPY, .addr = info->gpa, - .size = 1 << info->dabt.size, .count = 1, .dir = !info->dabt.write, /* @@ -62,7 +61,6 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, * memory access. So for now, we can safely always set to 0. */ .df = 0, - .data = get_user_reg(regs, info->dabt.reg), .state = STATE_IOREQ_READY, }; struct ioreq_server *s = NULL; @@ -74,12 +72,25 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, return IO_ABORT; } + if ( instr.state == INSTR_CACHE ) + p.size = dcache_line_bytes; + else + p.size = 1U << info->dabt.size; + s = ioreq_server_select(v->domain, &p); if ( !s ) return IO_UNHANDLED; + /* + * When the data abort is caused due to cache maintenance and the address + * belongs to an emulated region, Xen should ignore this instruction. + */ + if ( instr.state == INSTR_CACHE ) + return IO_HANDLED; + ASSERT(dabt.valid); + p.data = get_user_reg(regs, info->dabt.reg); vio->req = p; vio->info.dabt_instr = instr; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 22:33:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 22:33:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.315541.534111 (Exim 4.92) (envelope-from ) id 1njqDY-0001FF-4a; Wed, 27 Apr 2022 22:33:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 315541.534111; Wed, 27 Apr 2022 22:33:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqDY-0001F7-1L; Wed, 27 Apr 2022 22:33:04 +0000 Received: by outflank-mailman (input) for mailman id 315541; Wed, 27 Apr 2022 22:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqDW-0001Ex-Dw for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqDW-0008Gm-D8 for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njqDW-0004MC-Bu for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jIh9CZqIDSrSNjYDuBaprHOa6iSzjJfcQAJ2qyn65ks=; b=aF6iyDIpA20pikUu4nNxk3Fyjd atL+SXRW+mgpMn4SV3vUm97KPo+SWIFD9i1xB4Bdj2oPgR+aH5NaOepsdVemUnMWR7hwQc6OwKHPb HJYK93Vfn1O0eVOKLBU7AUVI5hIa3OQZPHO6o2osvGg763HYB/OJcdNWl0IqEtK6T2sM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/iommu: cleanup iommu related domctl handling Message-Id: Date: Wed, 27 Apr 2022 22:33:02 +0000 commit 9cd7e31b3f584e97a138a770cfb031a91a867936 Author: Juergen Gross AuthorDate: Tue Apr 26 10:23:58 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 26 10:23:58 2022 +0200 xen/iommu: cleanup iommu related domctl handling Today iommu_do_domctl() is being called from arch_do_domctl() in the "default:" case of a switch statement. This has led already to crashes due to unvalidated parameters. Fix that by moving the call of iommu_do_domctl() to the main switch statement of do_domctl(). Signed-off-by: Juergen Gross Reviewed-by: Andrew Cooper Reviewed-by: Stefano Stabellini # Arm --- xen/arch/arm/domctl.c | 11 +---------- xen/arch/x86/domctl.c | 2 +- xen/common/domctl.c | 7 +++++++ xen/include/xen/iommu.h | 12 +++++++++--- 4 files changed, 18 insertions(+), 14 deletions(-) diff --git a/xen/arch/arm/domctl.c b/xen/arch/arm/domctl.c index 6245af6d0b..1baf25c3d9 100644 --- a/xen/arch/arm/domctl.c +++ b/xen/arch/arm/domctl.c @@ -176,16 +176,7 @@ long arch_do_domctl(struct xen_domctl *domctl, struct domain *d, return rc; } default: - { - int rc; - - rc = subarch_do_domctl(domctl, d, u_domctl); - - if ( rc == -ENOSYS ) - rc = iommu_do_domctl(domctl, d, u_domctl); - - return rc; - } + return subarch_do_domctl(domctl, d, u_domctl); } } diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index c20ab43527..1c62046c01 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -1370,7 +1370,7 @@ long arch_do_domctl( break; default: - ret = iommu_do_domctl(domctl, d, u_domctl); + ret = -ENOSYS; break; } diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 5879117580..0a866e3132 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -871,6 +871,13 @@ long cf_check do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) copyback = 1; break; + case XEN_DOMCTL_assign_device: + case XEN_DOMCTL_test_assign_device: + case XEN_DOMCTL_deassign_device: + case XEN_DOMCTL_get_device_group: + ret = iommu_do_domctl(op, d, u_domctl); + break; + default: ret = arch_do_domctl(op, d, u_domctl); break; diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index f7e8d5f287..db72d9e644 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -342,8 +342,17 @@ struct domain_iommu { /* Does the IOMMU pagetable need to be kept synchronized with the P2M */ #ifdef CONFIG_HAS_PASSTHROUGH #define need_iommu_pt_sync(d) (dom_iommu(d)->need_sync) + +int iommu_do_domctl(struct xen_domctl *domctl, struct domain *d, + XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); #else #define need_iommu_pt_sync(d) ({ (void)(d); false; }) + +static inline int iommu_do_domctl(struct xen_domctl *domctl, struct domain *d, + XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) +{ + return -ENOSYS; +} #endif int __must_check iommu_suspend(void); @@ -357,9 +366,6 @@ int iommu_do_pci_domctl(struct xen_domctl *, struct domain *d, XEN_GUEST_HANDLE_PARAM(xen_domctl_t)); #endif -int iommu_do_domctl(struct xen_domctl *, struct domain *d, - XEN_GUEST_HANDLE_PARAM(xen_domctl_t)); - void iommu_dev_iotlb_flush_timeout(struct domain *d, struct pci_dev *pdev); /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 22:33:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 22:33:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.315542.534115 (Exim 4.92) (envelope-from ) id 1njqDi-0001JD-61; Wed, 27 Apr 2022 22:33:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 315542.534115; Wed, 27 Apr 2022 22:33:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqDi-0001J3-2v; Wed, 27 Apr 2022 22:33:14 +0000 Received: by outflank-mailman (input) for mailman id 315542; Wed, 27 Apr 2022 22:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqDg-0001Ib-H9 for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqDg-0008H0-GT for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njqDg-0004Mx-FO for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MYpeCo1erZ4XW1Nu4+uR9CVNwsmyBp3soRUDRZEqPFw=; b=uJRzr/rXrpXutiJCmX2AUxHw+l U2L1DmIsSKjNjz9LklxDw/HmECAzkSfV5D/h4Fu8qR0D68OxcugD6baD56PJYjIbznxHLt6fvsDbb VoBztIfnZTjv7J9WD29X6lx8MqeyJjwGIv2rWwsD4Vuo86sQ9rfpTRiQz5glvb0pV0Ck=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU: make domctl handler tolerate NULL domain Message-Id: Date: Wed, 27 Apr 2022 22:33:12 +0000 commit fa4d84e6dd3c3bfd23a525b75a5483d4ce15adbb Author: Jan Beulich AuthorDate: Tue Apr 26 10:25:54 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 26 10:25:54 2022 +0200 IOMMU: make domctl handler tolerate NULL domain Besides the reporter's issue of hitting a NULL deref when !CONFIG_GDBSX, XEN_DOMCTL_test_assign_device can legitimately end up having NULL passed here, when the domctl was passed DOMID_INVALID. Fixes: 71e617a6b8f6 ("use is_iommu_enabled() where appropriate...") Reported-by: Cheyenne Wills Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Juergen Gross --- xen/drivers/passthrough/iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 1109a86532..67ffe6635e 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -568,7 +568,7 @@ int iommu_do_domctl( { int ret = -ENODEV; - if ( !is_iommu_enabled(d) ) + if ( !(d ? is_iommu_enabled(d) : iommu_enabled) ) return -EOPNOTSUPP; #ifdef CONFIG_HAS_PCI -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 22:33:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 22:33:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.315543.534119 (Exim 4.92) (envelope-from ) id 1njqDs-0001N6-8F; Wed, 27 Apr 2022 22:33:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 315543.534119; Wed, 27 Apr 2022 22:33:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqDs-0001My-4Z; Wed, 27 Apr 2022 22:33:24 +0000 Received: by outflank-mailman (input) for mailman id 315543; Wed, 27 Apr 2022 22:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqDq-0001Mg-Kj for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqDq-0008IB-Jw for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njqDq-0004Nc-J4 for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sxeY4ZUG5dpmlY39+Fbyl8ya0MZdlu2ma1TDY1QHfJ0=; b=UVo6bGxPHhcrFY55TMuwLNA95Y 1R79/cWS/GuVoSZtKvsUTILJhOgvle0tSi4hZ8NYah+8joUEPKPHWAnMrZjoZcXH2cN2x/Ba8PjcW 5zLj4/d0I56BTcBBbWvZxUZmJ0Ja1RSYf1IgRttqQ8/ONgcZ0THacVo99byg7bibqX+E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xsm/flask: code style formatting Message-Id: Date: Wed, 27 Apr 2022 22:33:22 +0000 commit c266f974148d3d1b21d01b8bb243017943786444 Author: Daniel P. Smith AuthorDate: Tue Apr 26 10:30:31 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 26 10:30:31 2022 +0200 xsm/flask: code style formatting This is a quick code style cleanup patch for xsm/flask. The files flask_op.c and hooks.c are Xen specific, thus full code style rules were applied. The remaining files are from Linux and therefore only trailing whitespace was remove from those files. Signed-off-by: Daniel P. Smith Acked-by: Andrew Cooper Reviewed-by: Jason Andryuk --- xen/xsm/flask/avc.c | 14 +-- xen/xsm/flask/flask_op.c | 27 +++--- xen/xsm/flask/hooks.c | 192 +++++++++++++++++++++-------------------- xen/xsm/flask/include/avc.h | 2 +- xen/xsm/flask/ss/avtab.c | 10 +-- xen/xsm/flask/ss/avtab.h | 4 +- xen/xsm/flask/ss/conditional.c | 4 +- xen/xsm/flask/ss/context.h | 4 +- xen/xsm/flask/ss/mls.c | 2 +- xen/xsm/flask/ss/policydb.c | 2 +- xen/xsm/flask/ss/services.c | 6 +- xen/xsm/flask/ss/sidtab.c | 6 +- 12 files changed, 141 insertions(+), 132 deletions(-) diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c index e20c165042..4a75ec97e2 100644 --- a/xen/xsm/flask/avc.c +++ b/xen/xsm/flask/avc.c @@ -13,9 +13,9 @@ * it under the terms of the GNU General Public License version 2, * as published by the Free Software Foundation. */ - + /* Ported to Xen 3.0, George Coker, */ - + #include #include #include @@ -267,7 +267,7 @@ int avc_get_hash_stats(struct xen_flask_hash_stats *arg) } rcu_read_unlock(&avc_rcu_lock); - + arg->entries = atomic_read(&avc_cache.active_nodes); arg->buckets_used = slots_used; arg->buckets_total = AVC_CACHE_SLOTS; @@ -336,7 +336,7 @@ static inline int avc_reclaim_node(void) } rcu_read_unlock(&avc_rcu_lock); spin_unlock_irqrestore(lock, flags); - } + } out: return ecx; } @@ -622,7 +622,7 @@ static int avc_update_node(u32 perms, u32 ssid, u32 tsid, u16 tclass, struct hlist_head *head; struct hlist_node *next; spinlock_t *lock; - + node = avc_alloc_node(); if ( !node ) { @@ -630,7 +630,7 @@ static int avc_update_node(u32 perms, u32 ssid, u32 tsid, u16 tclass, goto out; } - hvalue = avc_hash(ssid, tsid, tclass); + hvalue = avc_hash(ssid, tsid, tclass); head = &avc_cache.slots[hvalue]; lock = &avc_cache.slots_lock[hvalue]; @@ -695,7 +695,7 @@ int avc_ss_reset(u32 seqno) rcu_read_unlock(&avc_rcu_lock); spin_unlock_irqrestore(lock, flag); } - + avc_latest_notif_update(seqno, 0); return rc; } diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 707be72a3b..eb16e289c3 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -75,15 +75,15 @@ static int __init cf_check parse_flask_param(const char *s) } custom_param("flask", parse_flask_param); -static int domain_has_security(struct domain *d, u32 perms) +static int domain_has_security(struct domain *d, uint32_t perms) { struct domain_security_struct *dsec; - + dsec = d->ssid; if ( !dsec ) return -EACCES; - - return avc_has_perm(dsec->sid, SECINITSID_SECURITY, SECCLASS_SECURITY, + + return avc_has_perm(dsec->sid, SECINITSID_SECURITY, SECCLASS_SECURITY, perms, NULL); } @@ -130,7 +130,7 @@ static int flask_security_access(struct xen_flask_access *arg) arg->audit_allow = avd.auditallow; arg->audit_deny = avd.auditdeny; arg->seqno = avd.seqno; - + return rv; } @@ -196,7 +196,7 @@ static int flask_security_sid(struct xen_flask_sid_context *arg) { int rv; char *context; - u32 len; + uint32_t len; rv = domain_has_security(current->domain, SECURITY__CHECK_CONTEXT); if ( rv ) @@ -223,7 +223,8 @@ static int flask_security_sid(struct xen_flask_sid_context *arg) #ifndef COMPAT -static int flask_security_setavc_threshold(struct xen_flask_setavc_threshold *arg) +static int flask_security_setavc_threshold( + struct xen_flask_setavc_threshold *arg) { int rv = 0; @@ -350,7 +351,7 @@ static int flask_security_get_bool(struct xen_flask_boolean *arg) if ( nameout_len > arg->size ) rv = -ERANGE; arg->size = nameout_len; - + if ( !rv && _copy_to_guest(arg->name, nameout, nameout_len) ) rv = -EFAULT; xfree(nameout); @@ -386,9 +387,9 @@ static int flask_security_make_bools(void) int ret = 0; int num; int *values = NULL; - + xfree(bool_pending_values); - + ret = security_get_bools(&num, NULL, &values, NULL); if ( ret != 0 ) goto out; @@ -474,8 +475,8 @@ static int flask_devicetree_label(struct xen_flask_devicetree_label *arg) { int rv; char *buf; - u32 sid = arg->sid; - u32 perm = sid ? SECURITY__ADD_OCONTEXT : SECURITY__DEL_OCONTEXT; + uint32_t sid = arg->sid; + uint32_t perm = sid ? SECURITY__ADD_OCONTEXT : SECURITY__DEL_OCONTEXT; rv = domain_has_security(current->domain, perm); if ( rv ) @@ -670,7 +671,7 @@ ret_t cf_check do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op) case FLASK_MLS: rv = flask_mls_enabled; - break; + break; case FLASK_GETAVC_THRESHOLD: rv = avc_cache_threshold; diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 0bf63ffa84..6ffafc2f44 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -38,34 +38,34 @@ #include #include "private.h" -static u32 domain_sid(const struct domain *dom) +static uint32_t domain_sid(const struct domain *dom) { struct domain_security_struct *dsec = dom->ssid; return dsec->sid; } -static u32 domain_target_sid(const struct domain *src, - const struct domain *dst) +static uint32_t domain_target_sid( + const struct domain *src, const struct domain *dst) { struct domain_security_struct *ssec = src->ssid; struct domain_security_struct *dsec = dst->ssid; - if (src == dst) + if ( src == dst ) return ssec->self_sid; - if (src->target == dst) + if ( src->target == dst ) return ssec->target_sid; return dsec->sid; } -static u32 evtchn_sid(const struct evtchn *chn) +static uint32_t evtchn_sid(const struct evtchn *chn) { return chn->ssid.flask_sid; } -static int domain_has_perm(const struct domain *dom1, - const struct domain *dom2, - u16 class, u32 perms) +static int domain_has_perm( + const struct domain *dom1, const struct domain *dom2, uint16_t class, + uint32_t perms) { - u32 ssid, tsid; + uint32_t ssid, tsid; struct avc_audit_data ad; AVC_AUDIT_DATA_INIT(&ad, NONE); ad.sdom = dom1; @@ -77,34 +77,35 @@ static int domain_has_perm(const struct domain *dom1, return avc_has_perm(ssid, tsid, class, perms, &ad); } -static int avc_current_has_perm(u32 tsid, u16 class, u32 perm, - struct avc_audit_data *ad) +static int avc_current_has_perm( + uint32_t tsid, uint16_t class, uint32_t perm, struct avc_audit_data *ad) { - u32 csid = domain_sid(current->domain); + uint32_t csid = domain_sid(current->domain); return avc_has_perm(csid, tsid, class, perm, ad); } -static int current_has_perm(struct domain *d, u16 class, u32 perms) +static int current_has_perm(struct domain *d, uint16_t class, uint32_t perms) { return domain_has_perm(current->domain, d, class, perms); } -static int domain_has_evtchn(struct domain *d, struct evtchn *chn, u32 perms) +static int domain_has_evtchn( + struct domain *d, struct evtchn *chn, uint32_t perms) { - u32 dsid = domain_sid(d); - u32 esid = evtchn_sid(chn); + uint32_t dsid = domain_sid(d); + uint32_t esid = evtchn_sid(chn); return avc_has_perm(dsid, esid, SECCLASS_EVENT, perms, NULL); } -static int domain_has_xen(struct domain *d, u32 perms) +static int domain_has_xen(struct domain *d, uint32_t perms) { - u32 dsid = domain_sid(d); + uint32_t dsid = domain_sid(d); return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_XEN, perms, NULL); } -static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad) +static int get_irq_sid(int irq, uint32_t *sid, struct avc_audit_data *ad) { if ( irq >= nr_irqs || irq < 0 ) return -EINVAL; @@ -118,10 +119,13 @@ static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad) #ifdef CONFIG_HAS_PCI_MSI { struct irq_desc *desc = irq_to_desc(irq); - if ( desc->msi_desc && desc->msi_desc->dev ) { + + if ( desc->msi_desc && desc->msi_desc->dev ) + { struct pci_dev *dev = desc->msi_desc->dev; - u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn; - if (ad) { + uint32_t sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn; + if ( ad ) + { AVC_AUDIT_DATA_INIT(ad, DEV); ad->device = sbdf; } @@ -130,7 +134,8 @@ static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad) } #endif - if (ad) { + if ( ad ) + { AVC_AUDIT_DATA_INIT(ad, IRQ); ad->irq = irq; } @@ -200,7 +205,7 @@ static void cf_check flask_domain_free_security(struct domain *d) static int cf_check flask_evtchn_unbound( struct domain *d1, struct evtchn *chn, domid_t id2) { - u32 sid1, sid2, newsid; + uint32_t sid1, sid2, newsid; int rc; struct domain *d2; @@ -234,7 +239,7 @@ static int cf_check flask_evtchn_interdomain( struct domain *d1, struct evtchn *chn1, struct domain *d2, struct evtchn *chn2) { - u32 sid1, sid2, newsid, reverse_sid; + uint32_t sid1, sid2, newsid, reverse_sid; int rc; struct avc_audit_data ad; AVC_AUDIT_DATA_INIT(&ad, NONE); @@ -336,9 +341,9 @@ static char *cf_check flask_show_security_evtchn( struct domain *d, const struct evtchn *chn) { int irq; - u32 sid = 0; + uint32_t sid = 0; char *ctx; - u32 ctx_len; + uint32_t ctx_len; switch ( chn->state ) { @@ -354,7 +359,7 @@ static char *cf_check flask_show_security_evtchn( } if ( !sid ) return NULL; - if (security_sid_to_context(sid, &ctx, &ctx_len)) + if ( security_sid_to_context(sid, &ctx, &ctx_len) ) return NULL; return ctx; } @@ -367,7 +372,7 @@ static int cf_check flask_init_hardware_domain(struct domain *d) static int cf_check flask_grant_mapref( struct domain *d1, struct domain *d2, uint32_t flags) { - u32 perms = GRANT__MAP_READ; + uint32_t perms = GRANT__MAP_READ; if ( !(flags & GNTMAP_readonly) ) perms |= GRANT__MAP_WRITE; @@ -445,7 +450,7 @@ static int cf_check flask_get_vnumainfo(struct domain *d) static int cf_check flask_console_io(struct domain *d, int cmd) { - u32 perm; + uint32_t perm; switch ( cmd ) { @@ -464,7 +469,7 @@ static int cf_check flask_console_io(struct domain *d, int cmd) static int cf_check flask_profile(struct domain *d, int op) { - u32 perm; + uint32_t perm; switch ( op ) { @@ -510,7 +515,7 @@ static void cf_check flask_security_domaininfo( info->ssidref = domain_sid(d); } -static int cf_check flask_domain_create(struct domain *d, u32 ssidref) +static int cf_check flask_domain_create(struct domain *d, uint32_t ssidref) { int rc; struct domain_security_struct *dsec = d->ssid; @@ -843,7 +848,7 @@ static int cf_check flask_sysctl(int cmd) static int cf_check flask_readconsole(uint32_t clear) { - u32 perms = XEN__READCONSOLE; + uint32_t perms = XEN__READCONSOLE; if ( clear ) perms |= XEN__CLEARCONSOLE; @@ -851,7 +856,7 @@ static int cf_check flask_readconsole(uint32_t clear) return domain_has_xen(current->domain, perms); } -static inline u32 resource_to_perm(uint8_t access) +static inline uint32_t resource_to_perm(uint8_t access) { if ( access ) return RESOURCE__ADD; @@ -861,13 +866,13 @@ static inline u32 resource_to_perm(uint8_t access) static char *cf_check flask_show_irq_sid(int irq) { - u32 sid, ctx_len; + uint32_t sid, ctx_len; char *ctx; int rc = get_irq_sid(irq, &sid, NULL); if ( rc ) return NULL; - if (security_sid_to_context(sid, &ctx, &ctx_len)) + if ( security_sid_to_context(sid, &ctx, &ctx_len) ) return NULL; return ctx; @@ -878,12 +883,13 @@ static int cf_check flask_map_domain_pirq(struct domain *d) return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD); } -static int flask_map_domain_msi (struct domain *d, int irq, const void *data, - u32 *sid, struct avc_audit_data *ad) +static int flask_map_domain_msi ( + struct domain *d, int irq, const void *data, uint32_t *sid, + struct avc_audit_data *ad) { #ifdef CONFIG_HAS_PCI_MSI const struct msi_info *msi = data; - u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn; + uint32_t machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn; AVC_AUDIT_DATA_INIT(ad, DEV); ad->device = machine_bdf; @@ -894,7 +900,7 @@ static int flask_map_domain_msi (struct domain *d, int irq, const void *data, #endif } -static u32 flask_iommu_resource_use_perm(const struct domain *d) +static uint32_t flask_iommu_resource_use_perm(const struct domain *d) { /* Obtain the permission level required for allowing a domain * to use an assigned device. @@ -905,7 +911,7 @@ static u32 flask_iommu_resource_use_perm(const struct domain *d) * less capable hardware (no IOMMU or IOMMU missing intremap capability) * via other separate permissions. */ - u32 perm = RESOURCE__USE_NOIOMMU; + uint32_t perm = RESOURCE__USE_NOIOMMU; if ( is_iommu_enabled(d) ) perm = ( iommu_intremap ? RESOURCE__USE_IOMMU : @@ -913,18 +919,18 @@ static u32 flask_iommu_resource_use_perm(const struct domain *d) return perm; } -static int cf_check flask_map_domain_irq(struct domain *d, int irq, const void *data) +static int cf_check flask_map_domain_irq( + struct domain *d, int irq, const void *data) { - u32 sid, dsid; + uint32_t sid, dsid; int rc = -EPERM; struct avc_audit_data ad; - u32 dperm = flask_iommu_resource_use_perm(d); + uint32_t dperm = flask_iommu_resource_use_perm(d); - if ( irq >= nr_static_irqs && data ) { + if ( irq >= nr_static_irqs && data ) rc = flask_map_domain_msi(d, irq, data, &sid, &ad); - } else { + else rc = get_irq_sid(irq, &sid, &ad); - } if ( rc ) return rc; @@ -944,12 +950,13 @@ static int cf_check flask_unmap_domain_pirq(struct domain *d) return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); } -static int flask_unmap_domain_msi (struct domain *d, int irq, const void *data, - u32 *sid, struct avc_audit_data *ad) +static int flask_unmap_domain_msi ( + struct domain *d, int irq, const void *data, uint32_t *sid, + struct avc_audit_data *ad) { #ifdef CONFIG_HAS_PCI_MSI const struct pci_dev *pdev = data; - u32 machine_bdf = (pdev->seg << 16) | (pdev->bus << 8) | pdev->devfn; + uint32_t machine_bdf = (pdev->seg << 16) | (pdev->bus << 8) | pdev->devfn; AVC_AUDIT_DATA_INIT(ad, DEV); ad->device = machine_bdf; @@ -963,15 +970,15 @@ static int flask_unmap_domain_msi (struct domain *d, int irq, const void *data, static int cf_check flask_unmap_domain_irq( struct domain *d, int irq, const void *data) { - u32 sid; + uint32_t sid; int rc = -EPERM; struct avc_audit_data ad; - if ( irq >= nr_static_irqs && data ) { + if ( irq >= nr_static_irqs && data ) rc = flask_unmap_domain_msi(d, irq, data, &sid, &ad); - } else { + else rc = get_irq_sid(irq, &sid, &ad); - } + if ( rc ) return rc; @@ -982,11 +989,11 @@ static int cf_check flask_unmap_domain_irq( static int cf_check flask_bind_pt_irq( struct domain *d, struct xen_domctl_bind_pt_irq *bind) { - u32 dsid, rsid; + uint32_t dsid, rsid; int rc = -EPERM; int irq; struct avc_audit_data ad; - u32 dperm = flask_iommu_resource_use_perm(d); + uint32_t dperm = flask_iommu_resource_use_perm(d); rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD); if ( rc ) @@ -1020,14 +1027,14 @@ static int cf_check flask_irq_permission( } struct iomem_has_perm_data { - u32 ssid; - u32 dsid; - u32 perm; - u32 use_perm; + uint32_t ssid; + uint32_t dsid; + uint32_t perm; + uint32_t use_perm; }; static int cf_check _iomem_has_perm( - void *v, u32 sid, unsigned long start, unsigned long end) + void *v, uint32_t sid, unsigned long start, unsigned long end) { struct iomem_has_perm_data *data = v; struct avc_audit_data ad; @@ -1077,10 +1084,10 @@ static int cf_check flask_pci_config_permission( struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) { - u32 dsid, rsid; + uint32_t dsid, rsid; int rc = -EPERM; struct avc_audit_data ad; - u32 perm; + uint32_t perm; rc = security_device_sid(machine_bdf, &rsid); if ( rc ) @@ -1116,7 +1123,7 @@ static int flask_resource_use_core(void) static int cf_check flask_resource_plug_pci(uint32_t machine_bdf) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; struct avc_audit_data ad; @@ -1131,7 +1138,7 @@ static int cf_check flask_resource_plug_pci(uint32_t machine_bdf) static int cf_check flask_resource_unplug_pci(uint32_t machine_bdf) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; struct avc_audit_data ad; @@ -1146,7 +1153,7 @@ static int cf_check flask_resource_unplug_pci(uint32_t machine_bdf) static int cf_check flask_resource_setup_pci(uint32_t machine_bdf) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; struct avc_audit_data ad; @@ -1161,7 +1168,7 @@ static int cf_check flask_resource_setup_pci(uint32_t machine_bdf) static int cf_check flask_resource_setup_gsi(int gsi) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; struct avc_audit_data ad; @@ -1179,7 +1186,8 @@ static int cf_check flask_resource_setup_misc(void) static inline int cf_check flask_page_offline(uint32_t cmd) { - switch (cmd) { + switch ( cmd ) + { case sysctl_page_offline: return flask_resource_unplug_core(); case sysctl_page_online: @@ -1214,7 +1222,7 @@ static int cf_check flask_map_gmfn_foreign(struct domain *d, struct domain *t) static int cf_check flask_hvm_param(struct domain *d, unsigned long op) { - u32 perm; + uint32_t perm; switch ( op ) { @@ -1289,7 +1297,7 @@ static int cf_check flask_mem_sharing(struct domain *d) #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) static int cf_check flask_get_device_group(uint32_t machine_bdf) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; rc = security_device_sid(machine_bdf, &rsid); @@ -1301,7 +1309,7 @@ static int cf_check flask_get_device_group(uint32_t machine_bdf) static int flask_test_assign_device(uint32_t machine_bdf) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; rc = security_device_sid(machine_bdf, &rsid); @@ -1313,10 +1321,10 @@ static int flask_test_assign_device(uint32_t machine_bdf) static int cf_check flask_assign_device(struct domain *d, uint32_t machine_bdf) { - u32 dsid, rsid; + uint32_t dsid, rsid; int rc = -EPERM; struct avc_audit_data ad; - u32 dperm; + uint32_t dperm; if ( !d ) return flask_test_assign_device(machine_bdf); @@ -1344,7 +1352,7 @@ static int cf_check flask_assign_device(struct domain *d, uint32_t machine_bdf) static int cf_check flask_deassign_device( struct domain *d, uint32_t machine_bdf) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); @@ -1362,7 +1370,7 @@ static int cf_check flask_deassign_device( #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) static int flask_test_assign_dtdevice(const char *dtpath) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; rc = security_devicetree_sid(dtpath, &rsid); @@ -1375,10 +1383,10 @@ static int flask_test_assign_dtdevice(const char *dtpath) static int cf_check flask_assign_dtdevice(struct domain *d, const char *dtpath) { - u32 dsid, rsid; + uint32_t dsid, rsid; int rc = -EPERM; struct avc_audit_data ad; - u32 dperm; + uint32_t dperm; if ( !d ) return flask_test_assign_dtdevice(dtpath); @@ -1406,7 +1414,7 @@ static int cf_check flask_assign_dtdevice(struct domain *d, const char *dtpath) static int cf_check flask_deassign_dtdevice( struct domain *d, const char *dtpath) { - u32 rsid; + uint32_t rsid; int rc = -EPERM; rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); @@ -1498,7 +1506,7 @@ static int cf_check flask_do_mca(void) static int cf_check flask_shadow_control(struct domain *d, uint32_t op) { - u32 perm; + uint32_t perm; switch ( op ) { @@ -1524,14 +1532,14 @@ static int cf_check flask_shadow_control(struct domain *d, uint32_t op) } struct ioport_has_perm_data { - u32 ssid; - u32 dsid; - u32 perm; - u32 use_perm; + uint32_t ssid; + uint32_t dsid; + uint32_t perm; + uint32_t use_perm; }; static int cf_check _ioport_has_perm( - void *v, u32 sid, unsigned long start, unsigned long end) + void *v, uint32_t sid, unsigned long start, unsigned long end) { struct ioport_has_perm_data *data = v; struct avc_audit_data ad; @@ -1590,7 +1598,7 @@ static int cf_check flask_mem_sharing_op( static int cf_check flask_apic(struct domain *d, int cmd) { - u32 perm; + uint32_t perm; switch ( cmd ) { @@ -1622,7 +1630,7 @@ static int cf_check flask_mmu_update( struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { int rc = 0; - u32 map_perms = 0; + uint32_t map_perms = 0; if ( t && d != t ) rc = domain_has_perm(d, t, SECCLASS_MMU, MMU__REMOTE_REMAP); @@ -1649,7 +1657,7 @@ static int cf_check flask_mmuext_op(struct domain *d, struct domain *f) static int cf_check flask_update_va_mapping( struct domain *d, struct domain *f, l1_pgentry_t pte) { - u32 map_perms = MMU__MAP_READ; + uint32_t map_perms = MMU__MAP_READ; if ( !(l1e_get_flags(pte) & _PAGE_PRESENT) ) return 0; if ( l1e_get_flags(pte) & _PAGE_RW ) @@ -1665,7 +1673,7 @@ static int cf_check flask_priv_mapping(struct domain *d, struct domain *t) static int cf_check flask_pmu_op(struct domain *d, unsigned int op) { - u32 dsid = domain_sid(d); + uint32_t dsid = domain_sid(d); switch ( op ) { @@ -1694,7 +1702,7 @@ static int cf_check flask_dm_op(struct domain *d) static int cf_check flask_xen_version(uint32_t op) { - u32 dsid = domain_sid(current->domain); + uint32_t dsid = domain_sid(current->domain); switch ( op ) { @@ -1902,8 +1910,8 @@ static const struct xsm_ops __initconst_cf_clobber flask_ops = { #endif }; -const struct xsm_ops *__init flask_init(const void *policy_buffer, - size_t policy_size) +const struct xsm_ops *__init flask_init( + const void *policy_buffer, size_t policy_size) { int ret = -ENOENT; diff --git a/xen/xsm/flask/include/avc.h b/xen/xsm/flask/include/avc.h index c14bd07a2b..e29949f5a8 100644 --- a/xen/xsm/flask/include/avc.h +++ b/xen/xsm/flask/include/avc.h @@ -3,7 +3,7 @@ * * Author : Stephen Smalley, */ - + /* Ported to Xen 3.0, George Coker, */ #ifndef _FLASK_AVC_H_ diff --git a/xen/xsm/flask/ss/avtab.c b/xen/xsm/flask/ss/avtab.c index 55c2b4d8a4..017f5183de 100644 --- a/xen/xsm/flask/ss/avtab.c +++ b/xen/xsm/flask/ss/avtab.c @@ -35,7 +35,7 @@ static inline int avtab_hash(struct avtab_key *keyp, u16 mask) } static struct avtab_node* avtab_insert_node(struct avtab *h, int hvalue, - struct avtab_node * prev, struct avtab_node * cur, struct avtab_key *key, + struct avtab_node * prev, struct avtab_node * cur, struct avtab_key *key, struct avtab_datum *datum) { struct avtab_node *newnode = xzalloc(struct avtab_node); @@ -59,7 +59,7 @@ static struct avtab_node* avtab_insert_node(struct avtab *h, int hvalue, return newnode; } -static int avtab_insert(struct avtab *h, struct avtab_key *key, +static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum) { int hvalue; @@ -100,7 +100,7 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, * key/specified mask into the table, as needed by the conditional avtab. * It also returns a pointer to the node inserted. */ -struct avtab_node * avtab_insert_nonunique(struct avtab * h, +struct avtab_node * avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_datum * datum) { int hvalue; @@ -110,7 +110,7 @@ struct avtab_node * avtab_insert_nonunique(struct avtab * h, if ( !h || !h->htable ) return NULL; hvalue = avtab_hash(key, h->mask); - for ( prev = NULL, cur = h->htable[hvalue]; cur; + for ( prev = NULL, cur = h->htable[hvalue]; cur; prev = cur, cur = cur->next ) { if ( key->source_type == cur->key.source_type && @@ -199,7 +199,7 @@ struct avtab_node* avtab_search_node(struct avtab *h, struct avtab_key *key) return NULL; } -struct avtab_node* avtab_search_node_next(struct avtab_node *node, +struct avtab_node* avtab_search_node_next(struct avtab_node *node, int specified) { struct avtab_node *cur; diff --git a/xen/xsm/flask/ss/avtab.h b/xen/xsm/flask/ss/avtab.h index a2b50c222a..591604f927 100644 --- a/xen/xsm/flask/ss/avtab.h +++ b/xen/xsm/flask/ss/avtab.h @@ -74,12 +74,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, int avtab_read(struct avtab *a, void *fp, struct policydb *pol); -struct avtab_node *avtab_insert_nonunique(struct avtab *h, +struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum); struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key); -struct avtab_node *avtab_search_node_next(struct avtab_node *node, +struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified); #define MAX_AVTAB_HASH_BITS 13 diff --git a/xen/xsm/flask/ss/conditional.c b/xen/xsm/flask/ss/conditional.c index b4b116666c..e74fc01746 100644 --- a/xen/xsm/flask/ss/conditional.c +++ b/xen/xsm/flask/ss/conditional.c @@ -452,7 +452,7 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) goto err; } - if ( i == 0 ) + if ( i == 0 ) node->expr = expr; else last->next = expr; @@ -513,7 +513,7 @@ err: /* Determine whether additional permissions are granted by the conditional * av table, and if so, add them to the result */ -void cond_compute_av(struct avtab *ctab, struct avtab_key *key, +void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decision *avd) { struct avtab_node *node; diff --git a/xen/xsm/flask/ss/context.h b/xen/xsm/flask/ss/context.h index 302b3698a7..311edf8794 100644 --- a/xen/xsm/flask/ss/context.h +++ b/xen/xsm/flask/ss/context.h @@ -12,9 +12,9 @@ * * Author : Stephen Smalley, */ - + /* Ported to Xen 3.0, George Coker, */ - + #ifndef _SS_CONTEXT_H_ #define _SS_CONTEXT_H_ diff --git a/xen/xsm/flask/ss/mls.c b/xen/xsm/flask/ss/mls.c index f2fa560810..a3255ae01a 100644 --- a/xen/xsm/flask/ss/mls.c +++ b/xen/xsm/flask/ss/mls.c @@ -70,7 +70,7 @@ int mls_compute_context_len(struct context * context) } if ( l == 0 ) { - if ( mls_level_eq(&context->range.level[0], + if ( mls_level_eq(&context->range.level[0], &context->range.level[1]) ) break; else diff --git a/xen/xsm/flask/ss/policydb.c b/xen/xsm/flask/ss/policydb.c index ff2103c63e..162470bbbd 100644 --- a/xen/xsm/flask/ss/policydb.c +++ b/xen/xsm/flask/ss/policydb.c @@ -339,7 +339,7 @@ static int cf_check sens_index(void *key, void *datum, void *datap) if ( !levdatum->isalias ) { - if ( !levdatum->level->sens || levdatum->level->sens > + if ( !levdatum->level->sens || levdatum->level->sens > p->p_levels.nprim ) return -EINVAL; p->p_sens_val_to_name[levdatum->level->sens - 1] = key; diff --git a/xen/xsm/flask/ss/services.c b/xen/xsm/flask/ss/services.c index 2f6d3d350d..dab07b5f60 100644 --- a/xen/xsm/flask/ss/services.c +++ b/xen/xsm/flask/ss/services.c @@ -99,7 +99,7 @@ static int context_struct_compute_av(struct context *scontext, * constraint_expr_eval should pass in NULL for xcontext. */ static int constraint_expr_eval(struct context *scontext, - struct context *tcontext, struct context *xcontext, + struct context *tcontext, struct context *xcontext, struct constraint_expr *cexpr) { u32 val1, val2; @@ -1073,7 +1073,7 @@ static int security_compute_sid(u32 ssid, /* Look for a role transition rule. */ for ( roletr = policydb.role_tr; roletr; roletr = roletr->next ) { - if ( roletr->role == scontext->role && + if ( roletr->role == scontext->role && roletr->type == tcontext->type ) { /* Use the role transition rule. */ @@ -1485,7 +1485,7 @@ int security_irq_sid(int pirq, u32 *out_sid) POLICY_RDLOCK; c = policydb.ocontexts[OCON_PIRQ]; - + while ( c ) { if ( c->u.pirq == pirq ) diff --git a/xen/xsm/flask/ss/sidtab.c b/xen/xsm/flask/ss/sidtab.c index cd1360cb4a..74babfac9c 100644 --- a/xen/xsm/flask/ss/sidtab.c +++ b/xen/xsm/flask/ss/sidtab.c @@ -3,9 +3,9 @@ * * Author : Stephen Smalley, */ - + /* Ported to Xen 3.0, George Coker, */ - + #include #include #include @@ -192,7 +192,7 @@ void sidtab_map_remove_on_error(struct sidtab *s, return; } -static inline u32 sidtab_search_context(struct sidtab *s, +static inline u32 sidtab_search_context(struct sidtab *s, struct context *context) { int i; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 22:33:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 22:33:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.315545.534123 (Exim 4.92) (envelope-from ) id 1njqE1-0001QR-Bp; Wed, 27 Apr 2022 22:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 315545.534123; Wed, 27 Apr 2022 22:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqE1-0001QJ-91; Wed, 27 Apr 2022 22:33:33 +0000 Received: by outflank-mailman (input) for mailman id 315545; Wed, 27 Apr 2022 22:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqE0-0001QB-Nb for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqE0-0008J1-N0 for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njqE0-0004OF-MC for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=N5uudNBqu2ft9jqYDH8AlMJuRoACbc4TKZNiHxvK6To=; b=FVMfvvyaua3TbN/S/wD+5wXyaK ucDg4oS1OubJbi9JJhjLLl0aUmnOULV68BmeVvrpwgNDLl0hJ3f3bwsHa6C17tN22K+HGDXwgm3s/ 2l04Eyt8IRSKyQofiIYamuAD0lqhZRod+xEIWOtgFFjD5ECHeFutLwpcCtk/tdeH6GzA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] page_alloc: assert IRQs are enabled in heap alloc/free Message-Id: Date: Wed, 27 Apr 2022 22:33:32 +0000 commit 88a037e2cfe11a723fe420d3585837ab1bdc6f8a Author: David Vrabel AuthorDate: Tue Apr 26 10:33:01 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 26 10:33:01 2022 +0200 page_alloc: assert IRQs are enabled in heap alloc/free Heap pages can only be safely allocated and freed with interrupts enabled as they may require a TLB flush which may send IPIs (on x86). Normally spinlock debugging would catch calls from the incorrect context, but not from stop_machine_run() action functions as these are called with spin lock debugging disabled. Enhance the assertions in alloc_xenheap_pages() and alloc_domheap_pages() to check interrupts are enabled. For consistency the same asserts are used when freeing heap pages. As an exception, when only 1 PCPU is online, allocations are permitted with interrupts disabled as any TLB flushes would be local only. This is necessary during early boot. Signed-off-by: David Vrabel Reviewed-by: Jan Beulich --- xen/common/page_alloc.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 319029140f..e866e0d864 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -162,6 +162,13 @@ static char __initdata opt_badpage[100] = ""; string_param("badpage", opt_badpage); +/* + * Heap allocations may need TLB flushes which may require IRQs to be + * enabled (except when only 1 PCPU is online). + */ +#define ASSERT_ALLOC_CONTEXT() \ + ASSERT(!in_irq() && (local_irq_is_enabled() || num_online_cpus() <= 1)) + /* * no-bootscrub -> Free pages are not zeroed during boot. */ @@ -2160,7 +2167,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) { struct page_info *pg; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); pg = alloc_heap_pages(MEMZONE_XEN, MEMZONE_XEN, order, memflags | MEMF_no_scrub, NULL); @@ -2173,7 +2180,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) void free_xenheap_pages(void *v, unsigned int order) { - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( v == NULL ) return; @@ -2202,7 +2209,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) struct page_info *pg; unsigned int i; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( xenheap_bits && (memflags >> _MEMF_bits) > xenheap_bits ) memflags &= ~MEMF_bits(~0U); @@ -2224,7 +2231,7 @@ void free_xenheap_pages(void *v, unsigned int order) struct page_info *pg; unsigned int i; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( v == NULL ) return; @@ -2249,7 +2256,7 @@ void init_domheap_pages(paddr_t ps, paddr_t pe) { mfn_t smfn, emfn; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); smfn = maddr_to_mfn(round_pgup(ps)); emfn = maddr_to_mfn(round_pgdown(pe)); @@ -2369,7 +2376,7 @@ struct page_info *alloc_domheap_pages( unsigned int bits = memflags >> _MEMF_bits, zone_hi = NR_ZONES - 1; unsigned int dma_zone; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); bits = domain_clamp_alloc_bitsize(memflags & MEMF_no_owner ? NULL : d, bits ? : (BITS_PER_LONG+PAGE_SHIFT)); @@ -2419,7 +2426,7 @@ void free_domheap_pages(struct page_info *pg, unsigned int order) unsigned int i; bool drop_dom_ref; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( unlikely(is_xen_heap_page(pg)) ) { @@ -2738,7 +2745,7 @@ int __init acquire_domstatic_pages(struct domain *d, mfn_t smfn, { struct page_info *pg; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); pg = acquire_staticmem_pages(smfn, nr_mfns, memflags); if ( !pg ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 22:33:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 22:33:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.315547.534126 (Exim 4.92) (envelope-from ) id 1njqEB-0001Tk-Dc; Wed, 27 Apr 2022 22:33:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 315547.534126; Wed, 27 Apr 2022 22:33:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEB-0001Tc-Aa; Wed, 27 Apr 2022 22:33:43 +0000 Received: by outflank-mailman (input) for mailman id 315547; Wed, 27 Apr 2022 22:33:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEA-0001TR-Qs for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEA-0008JR-Q7 for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njqEA-0004Om-PC for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aQE/8oRIWjj07YNHFJYrN1NidlWYcu56mt36FewryMg=; b=pfATsb+zXd7yKvNe/CCFdzxkDl yPfPC7QqoEtOZaIMfJLLZWiCsawY2P0bFjC/WlK9W27deAeqIYOE6+avaswnjvG8TkyXB2mgHLKy7 HEQRDkbZE3vaZcMG9whtN6PGv4nT/xhsKJYGkhzLTdsXDDxX6n43S4+R+/pVsiQVPNts=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] Revert "page_alloc: assert IRQs are enabled in heap alloc/free" Message-Id: Date: Wed, 27 Apr 2022 22:33:42 +0000 commit 3f5d61466345ed2213de2d7e391b6cd6d4b86015 Author: Jan Beulich AuthorDate: Tue Apr 26 16:02:21 2022 +0200 Commit: Jan Beulich CommitDate: Tue Apr 26 16:02:21 2022 +0200 Revert "page_alloc: assert IRQs are enabled in heap alloc/free" This reverts commit 88a037e2cfe11a723fe420d3585837ab1bdc6f8a, as it break booting on Arm. --- xen/common/page_alloc.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index e866e0d864..319029140f 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -162,13 +162,6 @@ static char __initdata opt_badpage[100] = ""; string_param("badpage", opt_badpage); -/* - * Heap allocations may need TLB flushes which may require IRQs to be - * enabled (except when only 1 PCPU is online). - */ -#define ASSERT_ALLOC_CONTEXT() \ - ASSERT(!in_irq() && (local_irq_is_enabled() || num_online_cpus() <= 1)) - /* * no-bootscrub -> Free pages are not zeroed during boot. */ @@ -2167,7 +2160,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) { struct page_info *pg; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); pg = alloc_heap_pages(MEMZONE_XEN, MEMZONE_XEN, order, memflags | MEMF_no_scrub, NULL); @@ -2180,7 +2173,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) void free_xenheap_pages(void *v, unsigned int order) { - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( v == NULL ) return; @@ -2209,7 +2202,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) struct page_info *pg; unsigned int i; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( xenheap_bits && (memflags >> _MEMF_bits) > xenheap_bits ) memflags &= ~MEMF_bits(~0U); @@ -2231,7 +2224,7 @@ void free_xenheap_pages(void *v, unsigned int order) struct page_info *pg; unsigned int i; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( v == NULL ) return; @@ -2256,7 +2249,7 @@ void init_domheap_pages(paddr_t ps, paddr_t pe) { mfn_t smfn, emfn; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); smfn = maddr_to_mfn(round_pgup(ps)); emfn = maddr_to_mfn(round_pgdown(pe)); @@ -2376,7 +2369,7 @@ struct page_info *alloc_domheap_pages( unsigned int bits = memflags >> _MEMF_bits, zone_hi = NR_ZONES - 1; unsigned int dma_zone; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); bits = domain_clamp_alloc_bitsize(memflags & MEMF_no_owner ? NULL : d, bits ? : (BITS_PER_LONG+PAGE_SHIFT)); @@ -2426,7 +2419,7 @@ void free_domheap_pages(struct page_info *pg, unsigned int order) unsigned int i; bool drop_dom_ref; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( unlikely(is_xen_heap_page(pg)) ) { @@ -2745,7 +2738,7 @@ int __init acquire_domstatic_pages(struct domain *d, mfn_t smfn, { struct page_info *pg; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); pg = acquire_staticmem_pages(smfn, nr_mfns, memflags); if ( !pg ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 22:33:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 22:33:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.315549.534132 (Exim 4.92) (envelope-from ) id 1njqEO-0001Ws-FG; Wed, 27 Apr 2022 22:33:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 315549.534132; Wed, 27 Apr 2022 22:33:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEO-0001Wk-CA; Wed, 27 Apr 2022 22:33:56 +0000 Received: by outflank-mailman (input) for mailman id 315549; Wed, 27 Apr 2022 22:33:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEN-0001We-PL for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEN-0008JV-Of for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njqEN-0004ZG-Nf for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:33:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MXZiZZYukcB6d507IGcOn2/6iM4BfiHH8HUMhr7VONg=; b=EzADie8wo7NGDSzkuDMhwMCUuP HpNYUMajDRiviKx3DqT3I0SOy9f+y0Fi2gsI732FdszxLcIcczzttQ/JaosdmFBk+Xxo5fU9pqABB AKM4LBIFAPX+DAKIF1TuYM7Aa/xEB/y8nQZgvBkE2q1OQBGVuopkfuV4Pw3NgZO3vvCI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: bootfdt.c: Remove unused-but-set variable Message-Id: Date: Wed, 27 Apr 2022 22:33:55 +0000 commit 2a2de68a60f4ff8f322c0ad7873c1e6048c6fca4 Author: Michal Orzel AuthorDate: Wed Apr 27 11:49:34 2022 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 27 15:20:23 2022 -0700 xen/arm: bootfdt.c: Remove unused-but-set variable Function device_tree_node_compatible defines and sets a variable mlen but does not make use of it. Remove this variable. Signed-off-by: Michal Orzel Reviewed-by: Julien Grall --- xen/arch/arm/bootfdt.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c index e318ef9603..29671c8df0 100644 --- a/xen/arch/arm/bootfdt.c +++ b/xen/arch/arm/bootfdt.c @@ -36,11 +36,8 @@ static bool __init device_tree_node_compatible(const void *fdt, int node, const char *match) { int len, l; - int mlen; const void *prop; - mlen = strlen(match); - prop = fdt_getprop(fdt, node, "compatible", &len); if ( prop == NULL ) return false; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 22:34:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 22:34:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.315550.534135 (Exim 4.92) (envelope-from ) id 1njqEY-0001ZN-Gf; Wed, 27 Apr 2022 22:34:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 315550.534135; Wed, 27 Apr 2022 22:34:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEY-0001ZF-Dn; Wed, 27 Apr 2022 22:34:06 +0000 Received: by outflank-mailman (input) for mailman id 315550; Wed, 27 Apr 2022 22:34:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEX-0001Z7-SL for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEX-0008Jo-Re for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njqEX-0004a5-Qn for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Iep8cq1X6/pCRhnmqnwg4yYSbCUF8Hy6H/i4y6LzBFg=; b=WZcxgzqQNJqS8IWnvIdwkIpFzB 4XdCt61blouy3mHk2xN1M/ZU6UESKlmM5+9ja7gxwabDTURqml/ANDMIokXCFFJTVGsnMZrXJIi1Y osXEZhL27BthueHZElB7KNPVKQKDdg/zBPOl+6euw2EnckG3AbvljDVqrO5Lns5EXTSc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] efi/boot.c: Remove unused-but-set variable Message-Id: Date: Wed, 27 Apr 2022 22:34:05 +0000 commit 9b4f9b9af235e21568f8882e8137397af7f86414 Author: Michal Orzel AuthorDate: Wed Apr 27 11:49:35 2022 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 27 15:20:33 2022 -0700 efi/boot.c: Remove unused-but-set variable Function efi_start defines and sets a variable size but does not make use of it. Remove this variable. Signed-off-by: Michal Orzel Reviewed-by: Jan Beulich --- xen/common/efi/boot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index ac1b235372..a25e1d29f1 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -1226,9 +1226,9 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) { EFI_FILE_HANDLE dir_handle; EFI_HANDLE gop_handle; - UINTN depth, cols, rows, size; + UINTN depth, cols, rows; - size = cols = rows = depth = 0; + cols = rows = depth = 0; if ( StdOut->QueryMode(StdOut, StdOut->Mode->Mode, &cols, &rows) == EFI_SUCCESS ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 22:34:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 22:34:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.315551.534139 (Exim 4.92) (envelope-from ) id 1njqEi-0001cG-I5; Wed, 27 Apr 2022 22:34:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 315551.534139; Wed, 27 Apr 2022 22:34:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEi-0001c8-FL; Wed, 27 Apr 2022 22:34:16 +0000 Received: by outflank-mailman (input) for mailman id 315551; Wed, 27 Apr 2022 22:34:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEh-0001c1-VE for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEh-0008K0-Ub for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njqEh-0004bE-Tp for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7wQr7E5d9uVnGC9MXUP1Ob6Vg0lJQfzwLDRJcABXiXA=; b=7A+0bLX7ZyTAAonBpfW/HbqHvo ydbq6njzaqJ3OdkuK7ZhMPjqHmgyZJ1hB+9C8dDCjicqw8aw+aijFIWsVOrx3dCSILI2D2/ANaS3m BzcTQchyBg/LNDARaK2gFUAU/Q8/L+Aod17PCYLW52jVNIUpjtVTOM72R7Gd9PHk85mQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: smmu.c: Remove unused-but-set variable Message-Id: Date: Wed, 27 Apr 2022 22:34:15 +0000 commit 2845588e398d8e631f08d304e80c5f94f52c3643 Author: Michal Orzel AuthorDate: Wed Apr 27 11:49:37 2022 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 27 15:21:04 2022 -0700 xen/arm: smmu.c: Remove unused-but-set variable Function arm_smmu_init_context_bank defines and sets a variable gr0_base but does not make use of it. Remove this variable. Signed-off-by: Michal Orzel Acked-by: Julien Grall --- xen/drivers/passthrough/arm/smmu.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c index 5cacb2dd99..c21c4f3ac0 100644 --- a/xen/drivers/passthrough/arm/smmu.c +++ b/xen/drivers/passthrough/arm/smmu.c @@ -1086,10 +1086,9 @@ static void arm_smmu_init_context_bank(struct arm_smmu_domain *smmu_domain) bool stage1; struct arm_smmu_cfg *cfg = &smmu_domain->cfg; struct arm_smmu_device *smmu = smmu_domain->smmu; - void __iomem *cb_base, *gr0_base, *gr1_base; + void __iomem *cb_base, *gr1_base; paddr_t p2maddr; - gr0_base = ARM_SMMU_GR0(smmu); gr1_base = ARM_SMMU_GR1(smmu); stage1 = cfg->cbar != CBAR_TYPE_S2_TRANS; cb_base = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, cfg->cbndx); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 22:34:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 22:34:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.315552.534143 (Exim 4.92) (envelope-from ) id 1njqEs-0001fM-K1; Wed, 27 Apr 2022 22:34:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 315552.534143; Wed, 27 Apr 2022 22:34:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEs-0001fD-Gk; Wed, 27 Apr 2022 22:34:26 +0000 Received: by outflank-mailman (input) for mailman id 315552; Wed, 27 Apr 2022 22:34:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEs-0001f3-29 for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqEs-0008KA-1P for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njqEs-0004cF-0d for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HVvXdHkm88xqvbMDRpy1Ecz9Q4LKZo+dVI9Qp9oPhD0=; b=lh+rrWN/9Fb2sOSoO9W7M51zE5 36zVswCbzgxMjnErqrCNkIcWdAR67zMbg/PIz0HZ/4K5GyaGKsUom+j+o7WRmgnf1f89eJh78fY3O Xgpd8L28l3K4upFgRmfauRVU/HGdN21WT6zJ3DjGCK0AVfFJZn64xtiJtNVe4WUJVjGg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/sched: Remove unused-but-set variable Message-Id: Date: Wed, 27 Apr 2022 22:34:26 +0000 commit 4026c0d4c4811b8337b4eab3cdea7037cbfb0eb4 Author: Michal Orzel AuthorDate: Wed Apr 27 11:49:38 2022 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 27 15:21:48 2022 -0700 xen/sched: Remove unused-but-set variable Function schedule_cpu_add defines and sets a variable old_unit but does not make use of it. Remove this variable. Signed-off-by: Michal Orzel Reviewed-by: Juergen Gross Acked-by: Dario Faggioli --- xen/common/sched/core.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 19ab678181..8a8c25bbda 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -3104,7 +3104,7 @@ int schedule_cpu_add(unsigned int cpu, struct cpupool *c) { const cpumask_t *mask; unsigned int cpu_iter, idx = 0; - struct sched_unit *old_unit, *master_unit; + struct sched_unit *master_unit; struct sched_resource *sr_old; /* @@ -3128,7 +3128,6 @@ int schedule_cpu_add(unsigned int cpu, struct cpupool *c) if ( cpu == cpu_iter ) continue; - old_unit = idle_vcpu[cpu_iter]->sched_unit; sr_old = get_sched_res(cpu_iter); kill_timer(&sr_old->s_timer); idle_vcpu[cpu_iter]->sched_unit = master_unit; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 22:34:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 22:34:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.315553.534147 (Exim 4.92) (envelope-from ) id 1njqF2-0001i3-L7; Wed, 27 Apr 2022 22:34:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 315553.534147; Wed, 27 Apr 2022 22:34:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqF2-0001hv-IF; Wed, 27 Apr 2022 22:34:36 +0000 Received: by outflank-mailman (input) for mailman id 315553; Wed, 27 Apr 2022 22:34:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqF2-0001hp-4s for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqF2-0008KU-4E for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njqF2-0004dE-3O for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YJfCDB2yc9e5XTBQYoJi9N13ngfrBnqaoTXdVcO0mBs=; b=1x04AkyB7a9a7tsVB4qL1j3rwP rtVz58v2CVGuvI83W0vevYXyuqfDjpf8BmhEyyDZgUP4KXX0QDuYIWTGhdvtox8kap0+s88vytpcv QWSfQI9yREj9Nz16JPZlcIirOeZbSqWsE42g3OitS1OXqDYg+YsIdRmNs4N786Aro/7s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] platforms/xgene: Make use of dt_device_get_address return value Message-Id: Date: Wed, 27 Apr 2022 22:34:36 +0000 commit 1afe55905427b7e25936388c65a29c2bbb280bc8 Author: Michal Orzel AuthorDate: Wed Apr 27 11:49:39 2022 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 27 15:23:09 2022 -0700 platforms/xgene: Make use of dt_device_get_address return value Currently function xgene_check_pirq_eoi assigns the return value of dt_device_get_address to a variable res but does not make use of it. Fix it by making use of res in the condition checking the result of a call to dt_device_get_address instead of checking the address stored in dbase. Signed-off-by: Michal Orzel Reviewed-by: Julien Grall --- xen/arch/arm/platforms/xgene-storm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/arm/platforms/xgene-storm.c b/xen/arch/arm/platforms/xgene-storm.c index fced4d7c2c..befd0c3c2d 100644 --- a/xen/arch/arm/platforms/xgene-storm.c +++ b/xen/arch/arm/platforms/xgene-storm.c @@ -51,7 +51,7 @@ static void __init xgene_check_pirq_eoi(void) panic("%s: Can not find interrupt controller node\n", __func__); res = dt_device_get_address(node, 0, &dbase, NULL); - if ( !dbase ) + if ( res ) panic("%s: Cannot find a valid address for the distributor\n", __func__); /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 22:34:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 22:34:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.315554.534151 (Exim 4.92) (envelope-from ) id 1njqFD-0001kt-Mg; Wed, 27 Apr 2022 22:34:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 315554.534151; Wed, 27 Apr 2022 22:34:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqFD-0001kj-Jk; Wed, 27 Apr 2022 22:34:47 +0000 Received: by outflank-mailman (input) for mailman id 315554; Wed, 27 Apr 2022 22:34:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqFC-0001kW-7o for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqFC-0008KY-73 for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njqFC-0004eC-6I for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=o8+Y6x/9s2Dw5W+R9q2zxnaQnfA14W5popjhX/CZJgA=; b=fvVyPRQSba5Qxprtc+DRVoFJvt Gk5/UqPaNecdeK/feN5XJtAK5AQ3urJ/cmM1gvjch6sln8GoICKLjYOvPsfDIIaLWLtG12Da6BVsh EdRNbMR9N7CKeBijVO5BndOf2oguJXhAwwkWWXEdcnkCNaewkY/DHTTJLwUSO83tDibQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] platforms/omap: Remove unused-but-set variable Message-Id: Date: Wed, 27 Apr 2022 22:34:46 +0000 commit 1f71c11b882ac2b6d32260e929a3f9f19d97fdf7 Author: Michal Orzel AuthorDate: Wed Apr 27 11:49:40 2022 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 27 15:23:38 2022 -0700 platforms/omap: Remove unused-but-set variable Function omap5_init_time defines and sets the variable den but does not make use of it. Remove this variable. Signed-off-by: Michal Orzel Reviewed-by: Julien Grall --- xen/arch/arm/platforms/omap5.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/arch/arm/platforms/omap5.c b/xen/arch/arm/platforms/omap5.c index aee24e4d28..5cf424a23e 100644 --- a/xen/arch/arm/platforms/omap5.c +++ b/xen/arch/arm/platforms/omap5.c @@ -48,7 +48,7 @@ static int omap5_init_time(void) void __iomem *ckgen_prm_base; void __iomem *rt_ct_base; unsigned int sys_clksel; - unsigned int num, den, frac1, frac2; + unsigned int num, frac1, frac2; ckgen_prm_base = ioremap_nocache(OMAP5_CKGEN_PRM_BASE, 0x20); if ( !ckgen_prm_base ) @@ -78,7 +78,6 @@ static int omap5_init_time(void) } frac2 = readl(rt_ct_base + INCREMENTER_DENUMERATOR_RELOAD_OFFSET); - den = frac2 & ~NUMERATOR_DENUMERATOR_MASK; if ( num_den[sys_clksel][1] != num ) { frac2 &= NUMERATOR_DENUMERATOR_MASK; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 27 22:34:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Apr 2022 22:34:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.315555.534155 (Exim 4.92) (envelope-from ) id 1njqFN-0001of-Pa; Wed, 27 Apr 2022 22:34:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 315555.534155; Wed, 27 Apr 2022 22:34:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqFN-0001oY-Mc; Wed, 27 Apr 2022 22:34:57 +0000 Received: by outflank-mailman (input) for mailman id 315555; Wed, 27 Apr 2022 22:34:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqFM-0001oC-AU for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njqFM-0008Kc-9o for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njqFM-0004f3-95 for xen-changelog@lists.xenproject.org; Wed, 27 Apr 2022 22:34:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7/lJPRPC18kioF9R5Dj91TvXulLqgChB5BIe5p7iPoM=; b=cn2sOu0dvIvDNgUhP5Z90iLUhB zJ+B3aNcNfmM1jq6xdldnl5wXMCGzfwVA2jFr/XRG1ms2ixKcxCOw6dfreTSl2lC84o3Nu4/4kJQM xotzQJnIdZvYHuYLMokZ3uaWuc5TRkEarFZKlq7HH9Ooa2id7xBTRHlbD1fndNQZR18U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] drivers/exynos4210: Remove unused-but-set variable Message-Id: Date: Wed, 27 Apr 2022 22:34:56 +0000 commit da28439ba55b8a571032b3358af567cff749f612 Author: Michal Orzel AuthorDate: Wed Apr 27 11:49:41 2022 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 27 15:28:02 2022 -0700 drivers/exynos4210: Remove unused-but-set variable Function exynos4210_uart_init_preirq defines and sets a variable divisor but does not make use of it. Remove the definition and comment out the assignment as this function already has some TODOs. Signed-off-by: Michal Orzel Acked-by: Julien Grall Acked-by: Stefano Stabellini --- xen/drivers/char/exynos4210-uart.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/xen/drivers/char/exynos4210-uart.c b/xen/drivers/char/exynos4210-uart.c index fa7dbc0391..43aaf02e18 100644 --- a/xen/drivers/char/exynos4210-uart.c +++ b/xen/drivers/char/exynos4210-uart.c @@ -101,7 +101,6 @@ static void exynos4210_uart_interrupt(int irq, void *data, struct cpu_user_regs static void __init exynos4210_uart_init_preirq(struct serial_port *port) { struct exynos4210_uart *uart = port->uart; - unsigned int divisor; uint32_t ulcon; /* reset, TX/RX disables */ @@ -113,9 +112,12 @@ static void __init exynos4210_uart_init_preirq(struct serial_port *port) /* Line control and baud-rate generator. */ if ( uart->baud != BAUD_AUTO ) { - /* Baud rate specified: program it into the divisor latch. */ - divisor = ((uart->clock_hz) / (uart->baud)) - 1; - /* FIXME: will use a hacked divisor, assuming the src clock and bauds */ + /* + * TODO: should be updated + * Baud rate specified: program it into the divisor latch. + * divisor = ((uart->clock_hz) / (uart->baud)) - 1; + * FIXME: will use a hacked divisor, assuming the src clock and bauds. + */ exynos4210_write(uart, UFRACVAL, 53); exynos4210_write(uart, UBRDIV, 4); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 28 08:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Apr 2022 08:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.316141.534906 (Exim 4.92) (envelope-from ) id 1njzEv-0002io-RW; Thu, 28 Apr 2022 08:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 316141.534906; Thu, 28 Apr 2022 08:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njzEv-0002iY-Nk; Thu, 28 Apr 2022 08:11:05 +0000 Received: by outflank-mailman (input) for mailman id 316141; Thu, 28 Apr 2022 08:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njzEu-0002dg-4B for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 08:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njzEu-0001J5-3F for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 08:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njzEu-0001mY-2G for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 08:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=u4Sfj3yGOlEAhKQIPsn/dRIpfti0ZycCqQ2Bbpqtaro=; b=pGsR18nL7CKH8qjutjduXv6Lez zfP8556/Az2I44lEFI8iHmDCMovBimp85D1JUGTNr5LQPEVDEzAtNmmGv+vfYxyvBuJVbT3PgJN4a i40jDlWKN0gjqBvucSm/cJ89YBGQXjr4odUfasiW8qzynk2JmVwhjdDj1Z7BamaFrxjM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/public: add new macro to ring.h Message-Id: Date: Thu, 28 Apr 2022 08:11:04 +0000 commit 6cf1398ba9e3f8ea64d58930288a6dffbdb7c207 Author: Juergen Gross AuthorDate: Thu Apr 28 09:58:42 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 28 09:58:42 2022 +0200 xen/public: add new macro to ring.h For the initialization of a ring page by the frontend two macros are available in ring.h: SHARED_RING_INIT() and FRONT_RING_INIT(). All known users use always both of them in direct sequence. Add another macro XEN_FRONT_RING_INIT() combining the two macros. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/include/public/io/ring.h | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/xen/include/public/io/ring.h b/xen/include/public/io/ring.h index 277af36e61..ab3439bd58 100644 --- a/xen/include/public/io/ring.h +++ b/xen/include/public/io/ring.h @@ -95,9 +95,8 @@ typedef unsigned int RING_IDX; * of the shared memory area (PAGE_SIZE, for instance). To initialise * the front half: * - * mytag_front_ring_t front_ring; - * SHARED_RING_INIT((mytag_sring_t *)shared_page); - * FRONT_RING_INIT(&front_ring, (mytag_sring_t *)shared_page, PAGE_SIZE); + * mytag_front_ring_t ring; + * XEN_FRONT_RING_INIT(&ring, (mytag_sring_t *)shared_page, PAGE_SIZE); * * Initializing the back follows similarly (note that only the front * initializes the shared ring): @@ -184,6 +183,11 @@ typedef struct __name##_back_ring __name##_back_ring_t #define FRONT_RING_INIT(_r, _s, __size) FRONT_RING_ATTACH(_r, _s, 0, __size) +#define XEN_FRONT_RING_INIT(r, s, size) do { \ + SHARED_RING_INIT(s); \ + FRONT_RING_INIT(r, s, size); \ +} while (0) + #define BACK_RING_ATTACH(_r, _s, _i, __size) do { \ (_r)->rsp_prod_pvt = (_i); \ (_r)->req_cons = (_i); \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 28 08:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Apr 2022 08:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.316142.534910 (Exim 4.92) (envelope-from ) id 1njzF5-0002qi-SO; Thu, 28 Apr 2022 08:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 316142.534910; Thu, 28 Apr 2022 08:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njzF5-0002qZ-PB; Thu, 28 Apr 2022 08:11:15 +0000 Received: by outflank-mailman (input) for mailman id 316142; Thu, 28 Apr 2022 08:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njzF4-0002pX-6u for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 08:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njzF4-0001JJ-6F for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 08:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njzF4-0001nC-5N for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 08:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=G9tXNrgCHnViP5hTP2/fPNrZJ0tqlu9m05FE8DEuoVw=; b=IqYZPEATxhu9OijJNvAFy4Q7Jd QUb4QqzuyEIy+DAD2pJaUCsqzyXUkohyL5yCwQYyn4UDBhCwDnOfhxrzQEZjD3GmqM9PheSRniw7z jPPr1yuZBChzqnGSJ+dXdLrYAZiGJbhq6nbkVtcJzu1AcP1PQA36FhmIPN+Nod+P85iM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mwait-idle: switch to asm/intel-family.h naming Message-Id: Date: Thu, 28 Apr 2022 08:11:14 +0000 commit 3f6aef8a7a371ce35e83c4a85022ff0e6295d91a Author: Jan Beulich AuthorDate: Thu Apr 28 09:59:14 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 28 09:59:14 2022 +0200 x86/mwait-idle: switch to asm/intel-family.h naming This brings us (back) closer to the original Linux source. While touching mwait_idle_state_table_update() also drop a stray leading blank. Signed-off-by: Jan Beulich Acked-by: Roger Pau MonnĂ© --- xen/arch/x86/cpu/mwait-idle.c | 94 ++++++++++++++++++++++--------------------- 1 file changed, 48 insertions(+), 46 deletions(-) diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index 9efa569da3..99b9ad32f2 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -61,6 +61,7 @@ #include #include #include +#include #include #include #include @@ -996,48 +997,49 @@ static const struct idle_cpu idle_cpu_snr = { }; #define ICPU(model, cpu) \ - { X86_VENDOR_INTEL, 6, model, X86_FEATURE_ALWAYS, &idle_cpu_##cpu} + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ ## model, X86_FEATURE_ALWAYS, \ + &idle_cpu_ ## cpu} static const struct x86_cpu_id intel_idle_ids[] __initconstrel = { - ICPU(0x1a, nehalem), - ICPU(0x1e, nehalem), - ICPU(0x1f, nehalem), - ICPU(0x25, nehalem), - ICPU(0x2c, nehalem), - ICPU(0x2e, nehalem), - ICPU(0x2f, nehalem), - ICPU(0x1c, atom), - ICPU(0x26, lincroft), - ICPU(0x2a, snb), - ICPU(0x2d, snb), - ICPU(0x36, atom), - ICPU(0x37, byt), - ICPU(0x4a, tangier), - ICPU(0x4c, cht), - ICPU(0x3a, ivb), - ICPU(0x3e, ivt), - ICPU(0x3c, hsw), - ICPU(0x3f, hsw), - ICPU(0x45, hsw), - ICPU(0x46, hsw), - ICPU(0x4d, avn), - ICPU(0x3d, bdw), - ICPU(0x47, bdw), - ICPU(0x4f, bdw), - ICPU(0x56, bdw), - ICPU(0x4e, skl), - ICPU(0x5e, skl), - ICPU(0x8e, skl), - ICPU(0x9e, skl), - ICPU(0x55, skx), - ICPU(0x6a, icx), - ICPU(0x6c, icx), - ICPU(0x57, knl), - ICPU(0x85, knl), - ICPU(0x5c, bxt), - ICPU(0x7a, bxt), - ICPU(0x5f, dnv), - ICPU(0x86, snr), + ICPU(NEHALEM_EP, nehalem), + ICPU(NEHALEM, nehalem), + ICPU(NEHALEM_G, nehalem), + ICPU(WESTMERE, nehalem), + ICPU(WESTMERE_EP, nehalem), + ICPU(NEHALEM_EX, nehalem), + ICPU(WESTMERE_EX, nehalem), + ICPU(ATOM_BONNELL, atom), + ICPU(ATOM_BONNELL_MID, lincroft), + ICPU(SANDYBRIDGE, snb), + ICPU(SANDYBRIDGE_X, snb), + ICPU(ATOM_SALTWELL, atom), + ICPU(ATOM_SILVERMONT, byt), + ICPU(ATOM_SILVERMONT_MID, tangier), + ICPU(ATOM_AIRMONT, cht), + ICPU(IVYBRIDGE, ivb), + ICPU(IVYBRIDGE_X, ivt), + ICPU(HASWELL, hsw), + ICPU(HASWELL_X, hsw), + ICPU(HASWELL_L, hsw), + ICPU(HASWELL_G, hsw), + ICPU(ATOM_SILVERMONT_D, avn), + ICPU(BROADWELL, bdw), + ICPU(BROADWELL_G, bdw), + ICPU(BROADWELL_X, bdw), + ICPU(BROADWELL_D, bdw), + ICPU(SKYLAKE_L, skl), + ICPU(SKYLAKE, skl), + ICPU(KABYLAKE_L, skl), + ICPU(KABYLAKE, skl), + ICPU(SKYLAKE_X, skx), + ICPU(ICELAKE_X, icx), + ICPU(ICELAKE_D, icx), + ICPU(XEON_PHI_KNL, knl), + ICPU(XEON_PHI_KNM, knl), + ICPU(ATOM_GOLDMONT, bxt), + ICPU(ATOM_GOLDMONT_PLUS, bxt), + ICPU(ATOM_GOLDMONT_D, dnv), + ICPU(ATOM_TREMONT_D, snr), {} }; @@ -1208,20 +1210,20 @@ static void __init skx_idle_state_table_update(void) static void __init mwait_idle_state_table_update(void) { switch (boot_cpu_data.x86_model) { - case 0x3e: /* IVT */ + case INTEL_FAM6_IVYBRIDGE_X: ivt_idle_state_table_update(); break; - case 0x5c: /* BXT */ - case 0x7a: + case INTEL_FAM6_ATOM_GOLDMONT: + case INTEL_FAM6_ATOM_GOLDMONT_PLUS: bxt_idle_state_table_update(); break; - case 0x5e: /* SKL-H */ + case INTEL_FAM6_SKYLAKE: sklh_idle_state_table_update(); break; - case 0x55: /* SKL-X */ + case INTEL_FAM6_SKYLAKE_X: skx_idle_state_table_update(); break; - } + } } static int __init mwait_idle_probe(void) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 28 08:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Apr 2022 08:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.316147.534914 (Exim 4.92) (envelope-from ) id 1njzFF-00034M-Ub; Thu, 28 Apr 2022 08:11:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 316147.534914; Thu, 28 Apr 2022 08:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njzFF-00034E-Rg; Thu, 28 Apr 2022 08:11:25 +0000 Received: by outflank-mailman (input) for mailman id 316147; Thu, 28 Apr 2022 08:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njzFE-00033m-Bz for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 08:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njzFE-0001Jc-9W for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 08:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njzFE-0001nh-8K for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 08:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uyPP8F14JKuLYIjIrOZehUAIyapgYHljsTWz4yr557M=; b=W/pJLLy7r1Fv97qESDT8DB+/VK dQxCHDKuoqU3AAaAX9LzLIC+mYXtRa995Ocj/rCng/q9Lncx0PT5Atx08pexbxUhUZXPXFJHJF15q pyZNe+kgYF4HKzI8A5auVZGot0WBfesY8untDiKrrqKQPFpavOj+LGbxUwpDWTwRDPJU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mwait-idle: add SPR support Message-Id: Date: Thu, 28 Apr 2022 08:11:24 +0000 commit 9c432b876bf518866d431bda73f2be1250f688eb Author: Artem Bityutskiy AuthorDate: Thu Apr 28 10:00:18 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 28 10:00:18 2022 +0200 x86/mwait-idle: add SPR support Add Sapphire Rapids Xeon support. Up until very recently, the C1 and C1E C-states were independent, but this has changed in some new chips, including Sapphire Rapids Xeon (SPR). In these chips the C1 and C1E states cannot be enabled at the same time. The "C1E promotion" bit in 'MSR_IA32_POWER_CTL' also has its semantics changed a bit. Here are the C1, C1E, and "C1E promotion" bit rules on Xeons before SPR. 1. If C1E promotion bit is disabled. a. C1 requests end up with C1 C-state. b. C1E requests end up with C1E C-state. 2. If C1E promotion bit is enabled. a. C1 requests end up with C1E C-state. b. C1E requests end up with C1E C-state. Here are the C1, C1E, and "C1E promotion" bit rules on Sapphire Rapids Xeon. 1. If C1E promotion bit is disabled. a. C1 requests end up with C1 C-state. b. C1E requests end up with C1 C-state. 2. If C1E promotion bit is enabled. a. C1 requests end up with C1E C-state. b. C1E requests end up with C1E C-state. Before SPR Xeon, the 'intel_idle' driver was disabling C1E promotion and was exposing C1 and C1E as independent C-states. But on SPR, C1 and C1E cannot be enabled at the same time. This patch adds both C1 and C1E states. However, C1E is marked as with the "CPUIDLE_FLAG_UNUSABLE" flag, which means that in won't be registered by default. The C1E promotion bit will be cleared, which means that by default only C1 and C6 will be registered on SPR. The next patch will add an option for enabling C1E and disabling C1 on SPR. Signed-off-by: Artem Bityutskiy Signed-off-by: Rafael J. Wysocki Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 9edf3c0ffef0 Signed-off-by: Jan Beulich Acked-by: Roger Pau MonnĂ© --- xen/arch/x86/cpu/mwait-idle.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index 99b9ad32f2..6add64dc5f 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -586,6 +586,38 @@ static const struct cpuidle_state icx_cstates[] = { {} }; +/* + * On Sapphire Rapids Xeon C1 has to be disabled if C1E is enabled, and vice + * versa. On SPR C1E is enabled only if "C1E promotion" bit is set in + * MSR_IA32_POWER_CTL. But in this case there effectively no C1, because C1 + * requests are promoted to C1E. If the "C1E promotion" bit is cleared, then + * both C1 and C1E requests end up with C1, so there is effectively no C1E. + * + * By default we enable C1 and disable C1E by marking it with + * 'CPUIDLE_FLAG_DISABLED'. + */ +static struct cpuidle_state __read_mostly spr_cstates[] = { + { + .name = "C1", + .flags = MWAIT2flg(0x00), + .exit_latency = 1, + .target_residency = 1, + }, + { + .name = "C1E", + .flags = MWAIT2flg(0x01) | CPUIDLE_FLAG_DISABLED, + .exit_latency = 2, + .target_residency = 4, + }, + { + .name = "C6", + .flags = MWAIT2flg(0x20) | CPUIDLE_FLAG_TLB_FLUSHED, + .exit_latency = 290, + .target_residency = 800, + }, + {} +}; + static const struct cpuidle_state atom_cstates[] = { { .name = "C1E", @@ -972,6 +1004,11 @@ static const struct idle_cpu idle_cpu_icx = { .disable_promotion_to_c1e = true, }; +static struct idle_cpu __read_mostly idle_cpu_spr = { + .state_table = spr_cstates, + .disable_promotion_to_c1e = true, +}; + static const struct idle_cpu idle_cpu_avn = { .state_table = avn_cstates, .disable_promotion_to_c1e = true, @@ -1034,6 +1071,7 @@ static const struct x86_cpu_id intel_idle_ids[] __initconstrel = { ICPU(SKYLAKE_X, skx), ICPU(ICELAKE_X, icx), ICPU(ICELAKE_D, icx), + ICPU(SAPPHIRERAPIDS_X, spr), ICPU(XEON_PHI_KNL, knl), ICPU(XEON_PHI_KNM, knl), ICPU(ATOM_GOLDMONT, bxt), -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 28 08:11:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Apr 2022 08:11:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.316149.534918 (Exim 4.92) (envelope-from ) id 1njzFQ-00039z-1E; Thu, 28 Apr 2022 08:11:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 316149.534918; Thu, 28 Apr 2022 08:11:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njzFP-00039p-UA; Thu, 28 Apr 2022 08:11:35 +0000 Received: by outflank-mailman (input) for mailman id 316149; Thu, 28 Apr 2022 08:11:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njzFO-00039D-Db for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 08:11:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1njzFO-0001Js-Ct for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 08:11:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1njzFO-0001oA-C3 for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 08:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OlEtWUCc4OxUtjtm6y1hiAUDQ5IQxn52wJ4Xna5zkcc=; b=OlEcKQ32wciwLp2UFZ7XpZBbjP yrtkCoet1ZIN+auL6SOMZF3qw6oYp+0zbYUylt7YOXlW4c0hMiUPHsYTxQdmbjLgvEk4cPosyE3k5 k1uNwJRSK74VLdt+CNQgEYWcy1d+60T1B6ZN3U4YkMGR8ICbTGzsKjPZvSCZieDytUXI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86+libxl: correct p2m (shadow) memory pool size calculation Message-Id: Date: Thu, 28 Apr 2022 08:11:34 +0000 commit 2c992810854a15b41be920519ce83a4a328d5168 Author: Jan Beulich AuthorDate: Thu Apr 28 10:00:49 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 28 10:00:49 2022 +0200 x86+libxl: correct p2m (shadow) memory pool size calculation The reference "to shadow the resident processes" is applicable to domains (potentially) running in shadow mode only. Adjust the calculations accordingly. This, however, requires further parameters. Since the original function is deprecated anyway, and since it can't be changed (for being part of a stable ABI), introduce a new (internal only) function, with the deprecated one simply becoming a wrapper. In dom0_paging_pages() also take the opportunity and stop open-coding DIV_ROUND_UP(). Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_create.c | 30 +++++++++++++++++++++++++++--- tools/libs/light/libxl_internal.h | 5 +++++ tools/libs/light/libxl_utils.c | 9 ++------- xen/arch/x86/dom0_build.c | 9 ++++++--- 4 files changed, 40 insertions(+), 13 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 885675591f..69ec405858 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1027,6 +1027,24 @@ static bool ok_to_default_memkb_in_create(libxl__gc *gc) */ } +unsigned long libxl__get_required_paging_memory(unsigned long maxmem_kb, + unsigned int smp_cpus, + libxl_domain_type type, + bool hap) +{ + /* + * 256 pages (1MB) per vcpu, + * plus 1 page per MiB of RAM for the P2M map (for non-PV guests), + * plus 1 page per MiB of RAM to shadow the resident processes (for shadow + * mode guests). + * This is higher than the minimum that Xen would allocate if no value + * were given (but the Xen minimum is for safety, not performance). + */ + return 4 * (256 * smp_cpus + + ((type != LIBXL_DOMAIN_TYPE_PV) + !hap) * + (maxmem_kb / 1024)); +} + static unsigned long libxl__get_required_iommu_memory(unsigned long maxmem_kb) { unsigned long iommu_pages = 0, mem_pages = maxmem_kb / 4; @@ -1194,10 +1212,16 @@ int libxl__domain_config_setdefault(libxl__gc *gc, } if (d_config->b_info.shadow_memkb == LIBXL_MEMKB_DEFAULT - && ok_to_default_memkb_in_create(gc)) + && ok_to_default_memkb_in_create(gc)) { + bool hap = d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV && + libxl_defbool_val(d_config->c_info.hap); + d_config->b_info.shadow_memkb = - libxl_get_required_shadow_memory(d_config->b_info.max_memkb, - d_config->b_info.max_vcpus); + libxl__get_required_paging_memory(d_config->b_info.max_memkb, + d_config->b_info.max_vcpus, + d_config->c_info.type, + hap); + } /* No IOMMU reservation is needed if passthrough mode is not 'sync_pt' */ if (d_config->b_info.iommu_memkb == LIBXL_MEMKB_DEFAULT diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index a26daec040..bdef5a605e 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -1569,6 +1569,11 @@ _hidden int libxl__domain_need_memory_calculate(libxl__gc *gc, libxl_domain_build_info *b_info, uint64_t *need_memkb); +_hidden unsigned long libxl__get_required_paging_memory(unsigned long maxmem_kb, + unsigned int smp_cpus, + libxl_domain_type type, + bool hap); + _hidden const char *libxl__device_nic_devname(libxl__gc *gc, uint32_t domid, uint32_t devid, diff --git a/tools/libs/light/libxl_utils.c b/tools/libs/light/libxl_utils.c index b91c2cafa2..1d8a7f64ef 100644 --- a/tools/libs/light/libxl_utils.c +++ b/tools/libs/light/libxl_utils.c @@ -38,13 +38,8 @@ char *libxl_basename(const char *name) unsigned long libxl_get_required_shadow_memory(unsigned long maxmem_kb, unsigned int smp_cpus) { - /* 256 pages (1MB) per vcpu, - plus 1 page per MiB of RAM for the P2M map, - plus 1 page per MiB of RAM to shadow the resident processes. - This is higher than the minimum that Xen would allocate if no value - were given (but the Xen minimum is for safety, not performance). - */ - return 4 * (256 * smp_cpus + 2 * (maxmem_kb / 1024)); + return libxl__get_required_paging_memory(maxmem_kb, smp_cpus, + LIBXL_DOMAIN_TYPE_INVALID, false); } char *libxl_domid_to_name(libxl_ctx *ctx, uint32_t domid) diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c index 4d1c5c60e4..79234f18ff 100644 --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -314,12 +314,15 @@ unsigned int __initdata dom0_memflags = MEMF_no_dma|MEMF_exact_node; unsigned long __init dom0_paging_pages(const struct domain *d, unsigned long nr_pages) { - /* Copied from: libxl_get_required_shadow_memory() */ + /* Keep in sync with libxl__get_required_paging_memory(). */ unsigned long memkb = nr_pages * (PAGE_SIZE / 1024); - memkb = 4 * (256 * d->max_vcpus + 2 * (memkb / 1024)); + memkb = 4 * (256 * d->max_vcpus + + (is_pv_domain(d) ? opt_dom0_shadow || opt_pv_l1tf_hwdom + : 1 + opt_dom0_shadow) * + (memkb / 1024)); - return ((memkb + 1023) / 1024) << (20 - PAGE_SHIFT); + return DIV_ROUND_UP(memkb, 1024) << (20 - PAGE_SHIFT); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 28 14:22:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Apr 2022 14:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.316595.535544 (Exim 4.92) (envelope-from ) id 1nk51z-0002yN-9c; Thu, 28 Apr 2022 14:22:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 316595.535544; Thu, 28 Apr 2022 14:22:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nk51z-0002yF-6P; Thu, 28 Apr 2022 14:22:07 +0000 Received: by outflank-mailman (input) for mailman id 316595; Thu, 28 Apr 2022 14:22:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nk51x-0002y7-43 for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 14:22:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nk51x-000818-2P for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 14:22:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nk51x-0000ke-17 for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 14:22:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uKxror9SbQoHV2ae721FvZf7+2L8OHF9ATE2/16ulRw=; b=1pDgzw76oUw/gSaSDYwJEn4Hvv wDJUCyg7RXik1t2ei21FIZGCbTmimF7xSbgzpHpJblp4zlq0zCiNbXzscfV7mqvGUHWnazJSFSGd3 LJP19BVguLMZJGi7DGZhA8hvvyha8OOAkCme2NY8S567kK0mB0qff5uz+4Yc91ePTfOM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] PCI: replace stray uses of PCI_{DEVFN,BDF}2() Message-Id: Date: Thu, 28 Apr 2022 14:22:05 +0000 commit ee68339aeee4afa78749b1333c95071196b60c36 Author: Jan Beulich AuthorDate: Thu Apr 28 16:13:23 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 28 16:13:23 2022 +0200 PCI: replace stray uses of PCI_{DEVFN,BDF}2() There's no good reason to use these when we already have a pci_sbdf_t type object available. This extends to the use of PCI_BUS() in pci_ecam_map_bus() as well. No change to generated code (with gcc11 at least, and I have to admit that I didn't expect compilers to necessarily be able to spot the optimization potential on the original code). Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian Reviewed-by: Paul Durrant Reviewed-by: Bertrand Marquis --- xen/arch/arm/pci/ecam.c | 5 ++--- xen/arch/x86/msi.c | 2 +- xen/drivers/passthrough/vtd/qinval.c | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/xen/arch/arm/pci/ecam.c b/xen/arch/arm/pci/ecam.c index 6aeea12a68..3987f96b01 100644 --- a/xen/arch/arm/pci/ecam.c +++ b/xen/arch/arm/pci/ecam.c @@ -28,8 +28,7 @@ void __iomem *pci_ecam_map_bus(struct pci_host_bridge *bridge, container_of(bridge->ops, const struct pci_ecam_ops, pci_ops); unsigned int devfn_shift = ops->bus_shift - 8; void __iomem *base; - - unsigned int busn = PCI_BUS(sbdf.bdf); + unsigned int busn = sbdf.bus; if ( busn < cfg->busn_start || busn > cfg->busn_end ) return NULL; @@ -37,7 +36,7 @@ void __iomem *pci_ecam_map_bus(struct pci_host_bridge *bridge, busn -= cfg->busn_start; base = cfg->win + (busn << ops->bus_shift); - return base + (PCI_DEVFN2(sbdf.bdf) << devfn_shift) + where; + return base + (sbdf.devfn << devfn_shift) + where; } bool __init pci_ecam_need_p2m_hwdom_mapping(struct domain *d, diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c index b32b1378f8..6be81e6c3b 100644 --- a/xen/arch/x86/msi.c +++ b/xen/arch/x86/msi.c @@ -839,7 +839,7 @@ static int msix_capability_init(struct pci_dev *dev, pbus = dev->info.physfn.bus; pslot = PCI_SLOT(dev->info.physfn.devfn); pfunc = PCI_FUNC(dev->info.physfn.devfn); - vf = PCI_BDF2(dev->bus, dev->devfn); + vf = dev->sbdf.bdf; } table_paddr = read_pci_mem_bar(seg, pbus, pslot, pfunc, bir, vf); diff --git a/xen/drivers/passthrough/vtd/qinval.c b/xen/drivers/passthrough/vtd/qinval.c index 6a1c6bd7a9..4f9ad136b9 100644 --- a/xen/drivers/passthrough/vtd/qinval.c +++ b/xen/drivers/passthrough/vtd/qinval.c @@ -267,7 +267,7 @@ int qinval_device_iotlb_sync(struct vtd_iommu *iommu, struct pci_dev *pdev, qinval_entry->q.dev_iotlb_inv_dsc.lo.res_1 = 0; qinval_entry->q.dev_iotlb_inv_dsc.lo.max_invs_pend = pdev->ats.queue_depth; qinval_entry->q.dev_iotlb_inv_dsc.lo.res_2 = 0; - qinval_entry->q.dev_iotlb_inv_dsc.lo.sid = PCI_BDF2(pdev->bus, pdev->devfn); + qinval_entry->q.dev_iotlb_inv_dsc.lo.sid = pdev->sbdf.bdf; qinval_entry->q.dev_iotlb_inv_dsc.lo.res_3 = 0; qinval_entry->q.dev_iotlb_inv_dsc.hi.size = size; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 28 14:22:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Apr 2022 14:22:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.316596.535548 (Exim 4.92) (envelope-from ) id 1nk529-00030L-Bg; Thu, 28 Apr 2022 14:22:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 316596.535548; Thu, 28 Apr 2022 14:22:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nk529-00030D-83; Thu, 28 Apr 2022 14:22:17 +0000 Received: by outflank-mailman (input) for mailman id 316596; Thu, 28 Apr 2022 14:22:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nk527-0002zt-7p for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 14:22:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nk527-00081E-6u for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 14:22:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nk527-0000lU-61 for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 14:22:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kiB/N87Um5mofPb1h3+30y9S1Tw7+Wq1TSwshRFoqfk=; b=6GQMFXXooc27Ew0ELvzLUxg7Dk 36TkYQlgy4tNMQriz+Cvv5Km20ZR16oeNaxMVzpTHeJAzL2nuOCp78TFUP51pNUy4Sqh4RdFeCQ4Z XpVlZigZuJOvCW167cVun7o9hWqsa80L4ksHHGLQ7p4tGRNjaQGDJEozx8tf9yV3j9d0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] PCI: replace "secondary" flavors of PCI_{DEVFN,BDF,SBDF}() Message-Id: Date: Thu, 28 Apr 2022 14:22:15 +0000 commit 54a71fe63b98c81cae4ff81bd0bd154840c3b44f Author: Jan Beulich AuthorDate: Thu Apr 28 16:14:26 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 28 16:14:26 2022 +0200 PCI: replace "secondary" flavors of PCI_{DEVFN,BDF,SBDF}() At their use sites the numeric suffixes are at least odd to read, first and foremost for PCI_DEVFN2() where the suffix doesn't even match the number of arguments. Make use of count_args() such that a single flavor each suffices (leaving aside helper macros, which aren't supposed to be used from the outside). In parse_ppr_log_entry() take the opportunity and drop two local variables and convert an assignment to an initializer. In VT-d code fold a number of bus+devfn comparison pairs into a single BDF comparison. No change to generated code for the vast majority of the adjustments. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau MonnĂ© Reviewed-by: Kevin Tian Reviewed-by: Paul Durrant --- xen/arch/x86/mm.c | 2 +- xen/arch/x86/pci.c | 2 +- xen/arch/x86/x86_64/mmconfig-shared.c | 2 +- xen/common/compat/memory.c | 4 +- xen/common/memory.c | 4 +- xen/drivers/passthrough/amd/iommu_acpi.c | 8 ++-- xen/drivers/passthrough/amd/iommu_cmd.c | 10 ++--- xen/drivers/passthrough/amd/iommu_detect.c | 2 +- xen/drivers/passthrough/amd/iommu_init.c | 37 ++++++++--------- xen/drivers/passthrough/amd/iommu_intr.c | 4 +- xen/drivers/passthrough/amd/iommu_map.c | 4 +- xen/drivers/passthrough/amd/pci_amd_iommu.c | 32 +++++++-------- xen/drivers/passthrough/ats.h | 2 +- xen/drivers/passthrough/pci.c | 18 ++++----- xen/drivers/passthrough/vtd/dmar.c | 4 +- xen/drivers/passthrough/vtd/intremap.c | 6 +-- xen/drivers/passthrough/vtd/iommu.c | 61 ++++++++++++----------------- xen/drivers/passthrough/vtd/quirks.c | 6 +-- xen/drivers/passthrough/vtd/utils.c | 2 +- xen/drivers/pci/pci.c | 10 ++--- xen/drivers/video/vga.c | 8 ++-- xen/include/xen/pci.h | 23 ++++++----- 22 files changed, 120 insertions(+), 131 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 72dbce43b1..74fa9205f4 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4902,7 +4902,7 @@ int cf_check mmcfg_intercept_write( if ( pci_conf_write_intercept(mmio_ctxt->seg, mmio_ctxt->bdf, offset, bytes, p_data) >= 0 ) pci_mmcfg_write(mmio_ctxt->seg, PCI_BUS(mmio_ctxt->bdf), - PCI_DEVFN2(mmio_ctxt->bdf), offset, bytes, + PCI_DEVFN(mmio_ctxt->bdf), offset, bytes, *(uint32_t *)p_data); return X86EMUL_OKAY; diff --git a/xen/arch/x86/pci.c b/xen/arch/x86/pci.c index a9decd4f33..9a2354e887 100644 --- a/xen/arch/x86/pci.c +++ b/xen/arch/x86/pci.c @@ -90,7 +90,7 @@ int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, pcidevs_lock(); - pdev = pci_get_pdev(seg, PCI_BUS(bdf), PCI_DEVFN2(bdf)); + pdev = pci_get_pdev(seg, PCI_BUS(bdf), PCI_DEVFN(bdf)); if ( pdev ) rc = pci_msi_conf_write_intercept(pdev, reg, size, data); diff --git a/xen/arch/x86/x86_64/mmconfig-shared.c b/xen/arch/x86/x86_64/mmconfig-shared.c index 74b22b71a1..5dee20fe9d 100644 --- a/xen/arch/x86/x86_64/mmconfig-shared.c +++ b/xen/arch/x86/x86_64/mmconfig-shared.c @@ -313,7 +313,7 @@ static int __init pci_mmcfg_check_hostbridge(void) for (i = 0; !name && i < ARRAY_SIZE(pci_mmcfg_probes); i++) { bus = pci_mmcfg_probes[i].bus; devfn = pci_mmcfg_probes[i].devfn; - l = pci_conf_read32(PCI_SBDF3(0, bus, devfn), 0); + l = pci_conf_read32(PCI_SBDF(0, bus, devfn), 0); vendor = l & 0xffff; device = (l >> 16) & 0xffff; diff --git a/xen/common/compat/memory.c b/xen/common/compat/memory.c index 077ded4a75..82fb250efa 100644 --- a/xen/common/compat/memory.c +++ b/xen/common/compat/memory.c @@ -27,8 +27,8 @@ static int cf_check get_reserved_device_memory( xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt) { struct get_reserved_device_memory *grdm = ctxt; - uint32_t sbdf = PCI_SBDF3(grdm->map.dev.pci.seg, grdm->map.dev.pci.bus, - grdm->map.dev.pci.devfn).sbdf; + uint32_t sbdf = PCI_SBDF(grdm->map.dev.pci.seg, grdm->map.dev.pci.bus, + grdm->map.dev.pci.devfn).sbdf; if ( !(grdm->map.flags & XENMEM_RDM_ALL) && (sbdf != id) ) return 0; diff --git a/xen/common/memory.c b/xen/common/memory.c index 69b0cd1e50..f2d009843a 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -1055,8 +1055,8 @@ static int cf_check get_reserved_device_memory( xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt) { struct get_reserved_device_memory *grdm = ctxt; - uint32_t sbdf = PCI_SBDF3(grdm->map.dev.pci.seg, grdm->map.dev.pci.bus, - grdm->map.dev.pci.devfn).sbdf; + uint32_t sbdf = PCI_SBDF(grdm->map.dev.pci.seg, grdm->map.dev.pci.bus, + grdm->map.dev.pci.devfn).sbdf; if ( !(grdm->map.flags & XENMEM_RDM_ALL) && (sbdf != id) ) return 0; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 3a79314589..ac6835225b 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -96,7 +96,7 @@ static void __init add_ivrs_mapping_entry( if ( !ivrs_mappings[alias_id].intremap_table ) panic("No memory for %pp's IRT\n", - &PCI_SBDF2(iommu->seg, alias_id)); + &PCI_SBDF(iommu->seg, alias_id)); } } @@ -790,7 +790,7 @@ static u16 __init parse_ivhd_device_special( } AMD_IOMMU_DEBUG("IVHD Special: %pp variety %#x handle %#x\n", - &PCI_SBDF2(seg, bdf), special->variety, special->handle); + &PCI_SBDF(seg, bdf), special->variety, special->handle); add_ivrs_mapping_entry(bdf, bdf, special->header.data_setting, 0, true, iommu); @@ -816,7 +816,7 @@ static u16 __init parse_ivhd_device_special( AMD_IOMMU_DEBUG("IVHD: Command line override present for IO-APIC %#x" "(IVRS: %#x devID %pp)\n", ioapic_sbdf[idx].id, special->handle, - &PCI_SBDF2(seg, bdf)); + &PCI_SBDF(seg, bdf)); break; } @@ -888,7 +888,7 @@ static u16 __init parse_ivhd_device_special( AMD_IOMMU_DEBUG("IVHD: Command line override present for HPET %#x " "(IVRS: %#x devID %pp)\n", hpet_sbdf.id, special->handle, - &PCI_SBDF2(seg, bdf)); + &PCI_SBDF(seg, bdf)); break; case HPET_NONE: /* set device id of hpet */ diff --git a/xen/drivers/passthrough/amd/iommu_cmd.c b/xen/drivers/passthrough/amd/iommu_cmd.c index c26ad9e7d7..40ddf366bb 100644 --- a/xen/drivers/passthrough/amd/iommu_cmd.c +++ b/xen/drivers/passthrough/amd/iommu_cmd.c @@ -40,7 +40,7 @@ static void send_iommu_command(struct amd_iommu *iommu, IOMMU_RING_BUFFER_PTR_MASK) ) { printk_once(XENLOG_ERR "AMD IOMMU %pp: no cmd slot available\n", - &PCI_SBDF2(iommu->seg, iommu->bdf)); + &PCI_SBDF(iommu->seg, iommu->bdf)); cpu_relax(); } @@ -84,7 +84,7 @@ static void flush_command_buffer(struct amd_iommu *iommu, threshold |= threshold << 1; printk(XENLOG_WARNING "AMD IOMMU %pp: %scompletion wait taking too long\n", - &PCI_SBDF2(iommu->seg, iommu->bdf), + &PCI_SBDF(iommu->seg, iommu->bdf), timeout_base ? "iotlb " : ""); timeout = 0; } @@ -94,7 +94,7 @@ static void flush_command_buffer(struct amd_iommu *iommu, if ( !timeout ) printk(XENLOG_WARNING "AMD IOMMU %pp: %scompletion wait took %lums\n", - &PCI_SBDF2(iommu->seg, iommu->bdf), + &PCI_SBDF(iommu->seg, iommu->bdf), timeout_base ? "iotlb " : "", (NOW() - start) / 10000000); } @@ -292,14 +292,14 @@ void amd_iommu_flush_iotlb(u8 devfn, const struct pci_dev *pdev, if ( !iommu ) { AMD_IOMMU_WARN("can't find IOMMU for %pp\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn)); + &PCI_SBDF(pdev->seg, pdev->bus, devfn)); return; } if ( !iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) return; - req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(pdev->bus, devfn)); + req_id = get_dma_requestor_id(iommu->seg, PCI_BDF(pdev->bus, devfn)); queueid = req_id; maxpend = pdev->ats.queue_depth & 0xff; diff --git a/xen/drivers/passthrough/amd/iommu_detect.c b/xen/drivers/passthrough/amd/iommu_detect.c index fd89475a8d..2317fa6a7d 100644 --- a/xen/drivers/passthrough/amd/iommu_detect.c +++ b/xen/drivers/passthrough/amd/iommu_detect.c @@ -231,7 +231,7 @@ int __init amd_iommu_detect_one_acpi( rt = pci_ro_device(iommu->seg, bus, PCI_DEVFN(dev, func)); if ( rt ) printk(XENLOG_ERR "Could not mark config space of %pp read-only (%d)\n", - &PCI_SBDF2(iommu->seg, iommu->bdf), rt); + &PCI_SBDF(iommu->seg, iommu->bdf), rt); list_add_tail(&iommu->list, &amd_iommu_head); rt = 0; diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index c7a49a4fdb..7d074ca843 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -562,7 +562,7 @@ static void cf_check parse_event_log_entry(struct amd_iommu *iommu, u32 entry[]) printk(XENLOG_ERR "AMD-Vi: %s: %pp d%u addr %016"PRIx64 " flags %#x%s%s%s%s%s%s%s%s%s%s\n", - code_str, &PCI_SBDF2(iommu->seg, device_id), + code_str, &PCI_SBDF(iommu->seg, device_id), domain_id, addr, flags, (flags & 0xe00) ? " ??" : "", (flags & 0x100) ? " TR" : "", @@ -578,7 +578,7 @@ static void cf_check parse_event_log_entry(struct amd_iommu *iommu, u32 entry[]) for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) if ( get_dma_requestor_id(iommu->seg, bdf) == device_id ) pci_check_disable_device(iommu->seg, PCI_BUS(bdf), - PCI_DEVFN2(bdf)); + PCI_DEVFN(bdf)); } else printk(XENLOG_ERR "%s %08x %08x %08x %08x\n", @@ -631,18 +631,13 @@ static void iommu_check_event_log(struct amd_iommu *iommu) static void cf_check parse_ppr_log_entry(struct amd_iommu *iommu, u32 entry[]) { - - u16 device_id; - u8 bus, devfn; - struct pci_dev *pdev; - /* here device_id is physical value */ - device_id = iommu_get_devid_from_cmd(entry[0]); - bus = PCI_BUS(device_id); - devfn = PCI_DEVFN2(device_id); + uint16_t device_id = iommu_get_devid_from_cmd(entry[0]); + struct pci_dev *pdev; pcidevs_lock(); - pdev = pci_get_real_pdev(iommu->seg, bus, devfn); + pdev = pci_get_real_pdev(iommu->seg, PCI_BUS(device_id), + PCI_DEVFN(device_id)); pcidevs_unlock(); if ( pdev ) @@ -751,12 +746,12 @@ static bool_t __init set_iommu_interrupt_handler(struct amd_iommu *iommu) pcidevs_lock(); iommu->msi.dev = pci_get_pdev(iommu->seg, PCI_BUS(iommu->bdf), - PCI_DEVFN2(iommu->bdf)); + PCI_DEVFN(iommu->bdf)); pcidevs_unlock(); if ( !iommu->msi.dev ) { AMD_IOMMU_WARN("no pdev for %pp\n", - &PCI_SBDF2(iommu->seg, iommu->bdf)); + &PCI_SBDF(iommu->seg, iommu->bdf)); return 0; } @@ -778,7 +773,7 @@ static bool_t __init set_iommu_interrupt_handler(struct amd_iommu *iommu) hw_irq_controller *handler; u16 control; - control = pci_conf_read16(PCI_SBDF2(iommu->seg, iommu->bdf), + control = pci_conf_read16(PCI_SBDF(iommu->seg, iommu->bdf), iommu->msi.msi_attrib.pos + PCI_MSI_FLAGS); iommu->msi.msi.nvec = 1; @@ -842,22 +837,22 @@ static void amd_iommu_erratum_746_workaround(struct amd_iommu *iommu) (boot_cpu_data.x86_model > 0x1f) ) return; - pci_conf_write32(PCI_SBDF2(iommu->seg, iommu->bdf), 0xf0, 0x90); - value = pci_conf_read32(PCI_SBDF2(iommu->seg, iommu->bdf), 0xf4); + pci_conf_write32(PCI_SBDF(iommu->seg, iommu->bdf), 0xf0, 0x90); + value = pci_conf_read32(PCI_SBDF(iommu->seg, iommu->bdf), 0xf4); if ( value & (1 << 2) ) return; /* Select NB indirect register 0x90 and enable writing */ - pci_conf_write32(PCI_SBDF2(iommu->seg, iommu->bdf), 0xf0, 0x90 | (1 << 8)); + pci_conf_write32(PCI_SBDF(iommu->seg, iommu->bdf), 0xf0, 0x90 | (1 << 8)); - pci_conf_write32(PCI_SBDF2(iommu->seg, iommu->bdf), 0xf4, value | (1 << 2)); + pci_conf_write32(PCI_SBDF(iommu->seg, iommu->bdf), 0xf4, value | (1 << 2)); printk(XENLOG_INFO "AMD-Vi: Applying erratum 746 workaround for IOMMU at %pp\n", - &PCI_SBDF2(iommu->seg, iommu->bdf)); + &PCI_SBDF(iommu->seg, iommu->bdf)); /* Clear the enable writing bit */ - pci_conf_write32(PCI_SBDF2(iommu->seg, iommu->bdf), 0xf0, 0x90); + pci_conf_write32(PCI_SBDF(iommu->seg, iommu->bdf), 0xf0, 0x90); } static void enable_iommu(struct amd_iommu *iommu) @@ -1288,7 +1283,7 @@ static int __init cf_check amd_iommu_setup_device_table( if ( !pci_init ) continue; pcidevs_lock(); - pdev = pci_get_pdev(seg, PCI_BUS(bdf), PCI_DEVFN2(bdf)); + pdev = pci_get_pdev(seg, PCI_BUS(bdf), PCI_DEVFN(bdf)); pcidevs_unlock(); } diff --git a/xen/drivers/passthrough/amd/iommu_intr.c b/xen/drivers/passthrough/amd/iommu_intr.c index 464c3279a0..f4de09f431 100644 --- a/xen/drivers/passthrough/amd/iommu_intr.c +++ b/xen/drivers/passthrough/amd/iommu_intr.c @@ -604,7 +604,7 @@ static struct amd_iommu *_find_iommu_for_device(int seg, int bdf) if ( iommu ) return iommu; - AMD_IOMMU_DEBUG("No IOMMU for MSI dev = %pp\n", &PCI_SBDF2(seg, bdf)); + AMD_IOMMU_DEBUG("No IOMMU for MSI dev = %pp\n", &PCI_SBDF(seg, bdf)); return ERR_PTR(-EINVAL); } @@ -814,7 +814,7 @@ static void dump_intremap_table(const struct amd_iommu *iommu, if ( ivrs_mapping ) { printk(" %pp:\n", - &PCI_SBDF2(iommu->seg, ivrs_mapping->dte_requestor_id)); + &PCI_SBDF(iommu->seg, ivrs_mapping->dte_requestor_id)); ivrs_mapping = NULL; } diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 3abcac247e..4a33df8c5e 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -540,7 +540,7 @@ int cf_check amd_iommu_get_reserved_device_memory( for ( bdf = 0; bdf < ivrs_bdf_entries; ++bdf ) { - pci_sbdf_t sbdf = PCI_SBDF2(seg, bdf); + pci_sbdf_t sbdf = PCI_SBDF(seg, bdf); const struct ivrs_unity_map *um = ivrs_mappings[bdf].unity_map; unsigned int req = ivrs_mappings[bdf].dte_requestor_id; const struct amd_iommu *iommu = ivrs_mappings[bdf].iommu; @@ -569,7 +569,7 @@ int cf_check amd_iommu_get_reserved_device_memory( * the same alias ID. */ if ( bdf != req && ivrs_mappings[req].iommu && - func(0, 0, PCI_SBDF2(seg, req).sbdf, ctxt) ) + func(0, 0, PCI_SBDF(seg, req).sbdf, ctxt) ) continue; if ( global == pending ) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 8cbbd7c6c9..8c5d69a46a 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -53,7 +53,7 @@ struct amd_iommu *find_iommu_for_device(int seg, int bdf) ivrs_mappings[bdf] = tmp; printk(XENLOG_WARNING "%pp not found in ACPI tables;" - " using same IOMMU as function 0\n", &PCI_SBDF2(seg, bdf)); + " using same IOMMU as function 0\n", &PCI_SBDF(seg, bdf)); /* write iommu field last */ ivrs_mappings[bdf].iommu = ivrs_mappings[bd0].iommu; @@ -144,7 +144,7 @@ static int __must_check amd_iommu_setup_domain_device( | (ivrs_dev->unity_map ? SET_ROOT_WITH_UNITY_MAP : 0); /* get device-table entry */ - req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); + req_id = get_dma_requestor_id(iommu->seg, PCI_BDF(bus, devfn)); table = iommu->dev_table.buffer; dte = &table[req_id]; ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; @@ -202,7 +202,7 @@ static int __must_check amd_iommu_setup_domain_device( * presence. But let's deal with that case only if it is actually * found in the wild. */ - if ( req_id != PCI_BDF2(bus, devfn) && + if ( req_id != PCI_BDF(bus, devfn) && (sr_flags & SET_ROOT_WITH_UNITY_MAP) ) rc = -EOPNOTSUPP; else @@ -231,7 +231,7 @@ static int __must_check amd_iommu_setup_domain_device( (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || pdev->phantom_stride) ) AMD_IOMMU_WARN(" %pp: reassignment may cause %pd data corruption\n", - &PCI_SBDF3(pdev->seg, bus, devfn), pdev->domain); + &PCI_SBDF(pdev->seg, bus, devfn), pdev->domain); /* * Check remaining settings are still in place from an earlier call @@ -414,7 +414,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, disable_ats_device(pdev); BUG_ON ( iommu->dev_table.buffer == NULL ); - req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); + req_id = get_dma_requestor_id(iommu->seg, PCI_BDF(bus, devfn)); table = iommu->dev_table.buffer; dte = &table[req_id]; @@ -461,7 +461,7 @@ static int cf_check reassign_device( if ( !iommu ) { AMD_IOMMU_WARN("failed to find IOMMU: %pp cannot be assigned to %pd\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), target); + &PCI_SBDF(pdev->seg, pdev->bus, devfn), target); return -ENODEV; } @@ -488,7 +488,7 @@ static int cf_check reassign_device( if ( !is_hardware_domain(source) ) { const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); - unsigned int bdf = PCI_BDF2(pdev->bus, devfn); + unsigned int bdf = PCI_BDF(pdev->bus, devfn); rc = amd_iommu_reserve_domain_unity_unmap( source, @@ -498,7 +498,7 @@ static int cf_check reassign_device( } AMD_IOMMU_DEBUG("Re-assign %pp from %pd to %pd\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), source, target); + &PCI_SBDF(pdev->seg, pdev->bus, devfn), source, target); return 0; } @@ -507,7 +507,7 @@ static int cf_check amd_iommu_assign_device( struct domain *d, u8 devfn, struct pci_dev *pdev, u32 flag) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); - int bdf = PCI_BDF2(pdev->bus, devfn); + unsigned int bdf = PCI_BDF(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); int rc = amd_iommu_reserve_domain_unity_map( d, ivrs_mappings[req_id].unity_map, flag); @@ -575,12 +575,12 @@ static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) } AMD_IOMMU_WARN("no IOMMU for %pp; cannot be handed to %pd\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), pdev->domain); + &PCI_SBDF(pdev->seg, pdev->bus, devfn), pdev->domain); return -ENODEV; } ivrs_mappings = get_ivrs_mappings(pdev->seg); - bdf = PCI_BDF2(pdev->bus, devfn); + bdf = PCI_BDF(pdev->bus, devfn); if ( !ivrs_mappings || !ivrs_mappings[ivrs_mappings[bdf].dte_requestor_id].valid ) return -EPERM; @@ -618,7 +618,7 @@ static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) ivrs_mappings[ivrs_mappings[bdf].dte_requestor_id].unity_map, 0) ) AMD_IOMMU_WARN("%pd: unity mapping failed for %pp\n", - pdev->domain, &PCI_SBDF2(pdev->seg, bdf)); + pdev->domain, &PCI_SBDF(pdev->seg, bdf)); if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) { @@ -651,20 +651,20 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) if ( !iommu ) { AMD_IOMMU_WARN("failed to find IOMMU: %pp cannot be removed from %pd\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), pdev->domain); + &PCI_SBDF(pdev->seg, pdev->bus, devfn), pdev->domain); return -ENODEV; } amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); ivrs_mappings = get_ivrs_mappings(pdev->seg); - bdf = PCI_BDF2(pdev->bus, devfn); + bdf = PCI_BDF(pdev->bus, devfn); if ( amd_iommu_reserve_domain_unity_unmap( pdev->domain, ivrs_mappings[ivrs_mappings[bdf].dte_requestor_id].unity_map) ) AMD_IOMMU_WARN("%pd: unity unmapping failed for %pp\n", - pdev->domain, &PCI_SBDF2(pdev->seg, bdf)); + pdev->domain, &PCI_SBDF(pdev->seg, bdf)); amd_iommu_quarantine_teardown(pdev); @@ -681,7 +681,7 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) static int cf_check amd_iommu_group_id(u16 seg, u8 bus, u8 devfn) { - int bdf = PCI_BDF2(bus, devfn); + unsigned int bdf = PCI_BDF(bus, devfn); return (bdf < ivrs_bdf_entries) ? get_dma_requestor_id(seg, bdf) : bdf; } diff --git a/xen/drivers/passthrough/ats.h b/xen/drivers/passthrough/ats.h index 22ae209b37..c202f4ecdd 100644 --- a/xen/drivers/passthrough/ats.h +++ b/xen/drivers/passthrough/ats.h @@ -35,7 +35,7 @@ static inline int pci_ats_enabled(int seg, int bus, int devfn) pos = pci_find_ext_capability(seg, bus, devfn, PCI_EXT_CAP_ID_ATS); BUG_ON(!pos); - value = pci_conf_read16(PCI_SBDF3(seg, bus, devfn), pos + ATS_REG_CTL); + value = pci_conf_read16(PCI_SBDF(seg, bus, devfn), pos + ATS_REG_CTL); return value & ATS_ENABLE; } diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 136cc8ae3d..a8081576b3 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -553,7 +553,7 @@ int __init pci_ro_device(int seg, int bus, int devfn) memset(pseg->ro_map, 0, sz); } - __set_bit(PCI_BDF2(bus, devfn), pseg->ro_map); + __set_bit(PCI_BDF(bus, devfn), pseg->ro_map); _pci_hide_device(pdev); return 0; @@ -957,7 +957,7 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus, out: if ( ret ) printk(XENLOG_G_ERR "%pd: deassign (%pp) failed (%d)\n", - d, &PCI_SBDF3(seg, bus, devfn), ret); + d, &PCI_SBDF(seg, bus, devfn), ret); return ret; } @@ -1406,7 +1406,7 @@ static int iommu_add_device(struct pci_dev *pdev) rc = iommu_call(hd->platform_ops, add_device, devfn, pci_to_dev(pdev)); if ( rc ) printk(XENLOG_WARNING "IOMMU: add %pp failed (%d)\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), rc); + &PCI_SBDF(pdev->seg, pdev->bus, devfn), rc); } } @@ -1452,7 +1452,7 @@ static int iommu_remove_device(struct pci_dev *pdev) continue; printk(XENLOG_ERR "IOMMU: remove %pp failed (%d)\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), rc); + &PCI_SBDF(pdev->seg, pdev->bus, devfn), rc); return rc; } @@ -1536,7 +1536,7 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) done: if ( rc ) printk(XENLOG_G_WARNING "%pd: assign (%pp) failed (%d)\n", - d, &PCI_SBDF3(seg, bus, devfn), rc); + d, &PCI_SBDF(seg, bus, devfn), rc); /* The device is assigned to dom_io so mark it as quarantined */ else if ( d == dom_io ) pdev->quarantine = true; @@ -1647,7 +1647,7 @@ int iommu_do_pci_domctl( seg = domctl->u.get_device_group.machine_sbdf >> 16; bus = PCI_BUS(domctl->u.get_device_group.machine_sbdf); - devfn = PCI_DEVFN2(domctl->u.get_device_group.machine_sbdf); + devfn = PCI_DEVFN(domctl->u.get_device_group.machine_sbdf); max_sdevs = domctl->u.get_device_group.max_sdevs; sdevs = domctl->u.get_device_group.sdev_array; @@ -1697,7 +1697,7 @@ int iommu_do_pci_domctl( seg = machine_sbdf >> 16; bus = PCI_BUS(machine_sbdf); - devfn = PCI_DEVFN2(machine_sbdf); + devfn = PCI_DEVFN(machine_sbdf); pcidevs_lock(); ret = device_assigned(seg, bus, devfn); @@ -1706,7 +1706,7 @@ int iommu_do_pci_domctl( if ( ret ) { printk(XENLOG_G_INFO "%pp already assigned, or non-existent\n", - &PCI_SBDF3(seg, bus, devfn)); + &PCI_SBDF(seg, bus, devfn)); ret = -EINVAL; } } @@ -1742,7 +1742,7 @@ int iommu_do_pci_domctl( seg = machine_sbdf >> 16; bus = PCI_BUS(machine_sbdf); - devfn = PCI_DEVFN2(machine_sbdf); + devfn = PCI_DEVFN(machine_sbdf); pcidevs_lock(); ret = deassign_device(d, seg, bus, devfn); diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c index 63f8642e12..367304c873 100644 --- a/xen/drivers/passthrough/vtd/dmar.c +++ b/xen/drivers/passthrough/vtd/dmar.c @@ -222,7 +222,7 @@ struct acpi_drhd_unit *acpi_find_matched_drhd_unit(const struct pci_dev *pdev) continue; for (i = 0; i < drhd->scope.devices_cnt; i++) - if ( drhd->scope.devices[i] == PCI_BDF2(bus, devfn) ) + if ( drhd->scope.devices[i] == PCI_BDF(bus, devfn) ) return drhd; if ( test_bit(bus, drhd->scope.buses) ) @@ -1062,7 +1062,7 @@ int cf_check intel_iommu_get_reserved_device_memory( rc = func(PFN_DOWN(rmrr->base_address), PFN_UP(rmrr->end_address) - PFN_DOWN(rmrr->base_address), - PCI_SBDF2(rmrr->segment, bdf).sbdf, ctxt); + PCI_SBDF(rmrr->segment, bdf).sbdf, ctxt); if ( unlikely(rc < 0) ) return rc; diff --git a/xen/drivers/passthrough/vtd/intremap.c b/xen/drivers/passthrough/vtd/intremap.c index e6ba89591b..1512e4866b 100644 --- a/xen/drivers/passthrough/vtd/intremap.c +++ b/xen/drivers/passthrough/vtd/intremap.c @@ -498,7 +498,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire) case 4: sq = SQ_13_IGNORE_1; break; default: sq = SQ_ALL_16; break; } - set_ire_sid(ire, SVT_VERIFY_SID_SQ, sq, PCI_BDF2(bus, devfn)); + set_ire_sid(ire, SVT_VERIFY_SID_SQ, sq, PCI_BDF(bus, devfn)); break; case DEV_TYPE_PCI: @@ -508,7 +508,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire) if ( ret == 0 ) /* integrated PCI device */ { set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, - PCI_BDF2(bus, devfn)); + PCI_BDF(bus, devfn)); } else if ( ret == 1 ) /* find upstream bridge */ { @@ -517,7 +517,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire) (bus << 8) | pdev->bus); else set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, - PCI_BDF2(bus, devfn)); + PCI_BDF(bus, devfn)); } else dprintk(XENLOG_WARNING VTDPREFIX, diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index cff37c0c31..f22caf269d 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -998,21 +998,21 @@ static int iommu_page_fault_do_one(struct vtd_iommu *iommu, int type, "DMAR:[%s] Request device [%pp] " "fault addr %"PRIx64"\n", (type ? "DMA Read" : "DMA Write"), - &PCI_SBDF2(seg, source_id), addr); + &PCI_SBDF(seg, source_id), addr); kind = "DMAR"; break; case INTR_REMAP: printk(XENLOG_G_WARNING VTDPREFIX "INTR-REMAP: Request device [%pp] " "fault index %"PRIx64"\n", - &PCI_SBDF2(seg, source_id), addr >> 48); + &PCI_SBDF(seg, source_id), addr >> 48); kind = "INTR-REMAP"; break; default: printk(XENLOG_G_WARNING VTDPREFIX "UNKNOWN: Request device [%pp] " "fault addr %"PRIx64"\n", - &PCI_SBDF2(seg, source_id), addr); + &PCI_SBDF(seg, source_id), addr); kind = "UNKNOWN"; break; } @@ -1021,7 +1021,7 @@ static int iommu_page_fault_do_one(struct vtd_iommu *iommu, int type, kind, fault_reason, reason); if ( iommu_verbose && fault_type == DMA_REMAP ) - print_vtd_entries(iommu, PCI_BUS(source_id), PCI_DEVFN2(source_id), + print_vtd_entries(iommu, PCI_BUS(source_id), PCI_DEVFN(source_id), addr >> PAGE_SHIFT); return 0; @@ -1099,7 +1099,7 @@ static void __do_iommu_page_fault(struct vtd_iommu *iommu) source_id, guest_addr); pci_check_disable_device(iommu->drhd->segment, - PCI_BUS(source_id), PCI_DEVFN2(source_id)); + PCI_BUS(source_id), PCI_DEVFN(source_id)); fault_index++; if ( fault_index > cap_num_fault_regs(iommu->cap) ) @@ -1603,7 +1603,7 @@ int domain_context_mapping_one( check_cleanup_domid_map(domain, pdev, iommu); printk(XENLOG_ERR "%pp: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", - &PCI_SBDF3(seg, bus, devfn), + &PCI_SBDF(seg, bus, devfn), (uint64_t)(res >> 64), (uint64_t)res, (uint64_t)(old >> 64), (uint64_t)old); rc = -EILSEQ; @@ -1633,7 +1633,7 @@ int domain_context_mapping_one( if ( !(mode & (MAP_OWNER_DYING | MAP_SINGLE_DEVICE)) ) printk(XENLOG_WARNING VTDPREFIX " %pp: reassignment may cause %pd data corruption\n", - &PCI_SBDF3(seg, bus, devfn), prev_dom); + &PCI_SBDF(seg, bus, devfn), prev_dom); write_atomic(&context->lo, lctxt.lo); /* No barrier should be needed between these two. */ @@ -1643,7 +1643,7 @@ int domain_context_mapping_one( iommu_sync_cache(context, sizeof(struct context_entry)); spin_unlock(&iommu->lock); - rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF2(bus, devfn), + rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF(bus, devfn), DMA_CCMD_MASK_NOBIT, !prev_dom); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); ret = iommu_flush_iotlb_dsi(iommu, prev_did, !prev_dom, flush_dev_iotlb); @@ -1750,7 +1750,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "%pd:Hostbridge: skip %pp map\n", - domain, &PCI_SBDF3(seg, bus, devfn)); + domain, &PCI_SBDF(seg, bus, devfn)); if ( !is_hardware_domain(domain) ) return -EPERM; break; @@ -1774,7 +1774,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", - domain, &PCI_SBDF3(seg, bus, devfn)); + domain, &PCI_SBDF(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, DEVICE_DOMID(domain, pdev), pgd_maddr, mode); @@ -1799,7 +1799,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: map %pp\n", - domain, &PCI_SBDF3(seg, bus, devfn)); + domain, &PCI_SBDF(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, DEVICE_DOMID(domain, pdev), @@ -1864,7 +1864,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, default: dprintk(XENLOG_ERR VTDPREFIX, "%pd:unknown(%u): %pp\n", - domain, pdev->type, &PCI_SBDF3(seg, bus, devfn)); + domain, pdev->type, &PCI_SBDF(seg, bus, devfn)); ret = -EINVAL; break; } @@ -1913,7 +1913,7 @@ int domain_context_unmap_one( iommu_sync_cache(context, sizeof(struct context_entry)); rc = iommu_flush_context_device(iommu, iommu_domid, - PCI_BDF2(bus, devfn), + PCI_BDF(bus, devfn), DMA_CCMD_MASK_NOBIT, 0); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); @@ -1972,7 +1972,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "%pd:Hostbridge: skip %pp unmap\n", - domain, &PCI_SBDF3(seg, bus, devfn)); + domain, &PCI_SBDF(seg, bus, devfn)); return ERR_PTR(is_hardware_domain(domain) ? 0 : -EPERM); case DEV_TYPE_PCIe_BRIDGE: @@ -1986,7 +1986,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", - domain, &PCI_SBDF3(seg, bus, devfn)); + domain, &PCI_SBDF(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1999,7 +1999,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", - domain, &PCI_SBDF3(seg, bus, devfn)); + domain, &PCI_SBDF(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( ret ) break; @@ -2032,7 +2032,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( default: dprintk(XENLOG_ERR VTDPREFIX, "%pd:unknown(%u): %pp\n", - domain, pdev->type, &PCI_SBDF3(seg, bus, devfn)); + domain, pdev->type, &PCI_SBDF(seg, bus, devfn)); return ERR_PTR(-EINVAL); } @@ -2232,9 +2232,7 @@ static int cf_check intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) for_each_rmrr_device ( rmrr, bdf, i ) { - if ( rmrr->segment == pdev->seg && - PCI_BUS(bdf) == pdev->bus && - PCI_DEVFN2(bdf) == devfn ) + if ( rmrr->segment == pdev->seg && bdf == PCI_BDF(pdev->bus, devfn) ) { /* * iommu_add_device() is only called for the hardware @@ -2290,9 +2288,7 @@ static int cf_check intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) for_each_rmrr_device ( rmrr, bdf, i ) { - if ( rmrr->segment != pdev->seg || - PCI_BUS(bdf) != pdev->bus || - PCI_DEVFN2(bdf) != devfn ) + if ( rmrr->segment != pdev->seg || bdf != PCI_BDF(pdev->bus, devfn) ) continue; /* @@ -2719,8 +2715,7 @@ static int cf_check reassign_device_ownership( for_each_rmrr_device( rmrr, bdf, i ) if ( rmrr->segment == pdev->seg && - PCI_BUS(bdf) == pdev->bus && - PCI_DEVFN2(bdf) == devfn ) + bdf == PCI_BDF(pdev->bus, devfn) ) { /* * Any RMRR flag is always ignored when remove a device, @@ -2764,9 +2759,7 @@ static int cf_check intel_iommu_assign_device( */ for_each_rmrr_device( rmrr, bdf, i ) { - if ( rmrr->segment == seg && - PCI_BUS(bdf) == bus && - PCI_DEVFN2(bdf) == devfn && + if ( rmrr->segment == seg && bdf == PCI_BDF(bus, devfn) && rmrr->scope.devices_cnt > 1 ) { bool_t relaxed = !!(flag & XEN_DOMCTL_DEV_RDM_RELAXED); @@ -2776,7 +2769,7 @@ static int cf_check intel_iommu_assign_device( " with shared RMRR at %"PRIx64" for %pd.\n", relaxed ? XENLOG_WARNING : XENLOG_ERR, relaxed ? "risky" : "disallowed", - &PCI_SBDF3(seg, bus, devfn), rmrr->base_address, d); + &PCI_SBDF(seg, bus, devfn), rmrr->base_address, d); if ( !relaxed ) return -EPERM; } @@ -2788,9 +2781,7 @@ static int cf_check intel_iommu_assign_device( /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) { - if ( rmrr->segment == seg && - PCI_BUS(bdf) == bus && - PCI_DEVFN2(bdf) == devfn ) + if ( rmrr->segment == seg && bdf == PCI_BDF(bus, devfn) ) { ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, rmrr->end_address, flag); @@ -2813,9 +2804,7 @@ static int cf_check intel_iommu_assign_device( for_each_rmrr_device( rmrr, bdf, i ) { - if ( rmrr->segment == seg && - PCI_BUS(bdf) == bus && - PCI_DEVFN2(bdf) == devfn ) + if ( rmrr->segment == seg && bdf == PCI_BDF(bus, devfn) ) { int rc = iommu_identity_mapping(d, p2m_access_x, rmrr->base_address, @@ -2842,7 +2831,7 @@ static int cf_check intel_iommu_group_id(u16 seg, u8 bus, u8 devfn) if ( find_upstream_bridge(seg, &bus, &devfn, &secbus) < 0 ) return -ENODEV; - return PCI_BDF2(bus, devfn); + return PCI_BDF(bus, devfn); } static int __must_check cf_check vtd_suspend(void) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 3ddbb20e48..603ad41d5b 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -115,7 +115,7 @@ bool is_azalia_tlb_enabled(const struct acpi_drhd_unit *drhd) return true; /* Check for the specific device. */ - sbdf = PCI_SBDF2(drhd->segment, drhd->scope.devices[0]); + sbdf = PCI_SBDF(drhd->segment, drhd->scope.devices[0]); if ( pci_conf_read16(sbdf, PCI_VENDOR_ID) != PCI_VENDOR_ID_INTEL || pci_conf_read16(sbdf, PCI_DEVICE_ID) != 0x3a3e ) return true; @@ -446,7 +446,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, return 0; /* if device is WLAN device, map ME phantom device 0:3.7 */ - id = pci_conf_read32(PCI_SBDF3(0, bus, devfn), 0); + id = pci_conf_read32(PCI_SBDF(0, bus, devfn), 0); switch (id) { case 0x42328086: @@ -470,7 +470,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, return 0; /* if device is WLAN device, map ME phantom device 0:22.7 */ - id = pci_conf_read32(PCI_SBDF3(0, bus, devfn), 0); + id = pci_conf_read32(PCI_SBDF(0, bus, devfn), 0); switch (id) { case 0x00878086: /* Kilmer Peak */ diff --git a/xen/drivers/passthrough/vtd/utils.c b/xen/drivers/passthrough/vtd/utils.c index 47922dc8e8..7c4d032f4f 100644 --- a/xen/drivers/passthrough/vtd/utils.c +++ b/xen/drivers/passthrough/vtd/utils.c @@ -96,7 +96,7 @@ void print_vtd_entries(struct vtd_iommu *iommu, int bus, int devfn, u64 gmfn) u32 l_index, level; printk("print_vtd_entries: iommu #%u dev %pp gmfn %"PRI_gfn"\n", - iommu->index, &PCI_SBDF3(iommu->drhd->segment, bus, devfn), + iommu->index, &PCI_SBDF(iommu->drhd->segment, bus, devfn), gmfn); if ( iommu->root_maddr == 0 ) diff --git a/xen/drivers/pci/pci.c b/xen/drivers/pci/pci.c index 4de5fdf679..e411876a15 100644 --- a/xen/drivers/pci/pci.c +++ b/xen/drivers/pci/pci.c @@ -46,12 +46,12 @@ int pci_find_next_cap(u16 seg, u8 bus, unsigned int devfn, u8 pos, int cap) while ( ttl-- ) { - pos = pci_conf_read8(PCI_SBDF3(seg, bus, devfn), pos); + pos = pci_conf_read8(PCI_SBDF(seg, bus, devfn), pos); if ( pos < 0x40 ) break; pos &= ~3; - id = pci_conf_read8(PCI_SBDF3(seg, bus, devfn), pos + PCI_CAP_LIST_ID); + id = pci_conf_read8(PCI_SBDF(seg, bus, devfn), pos + PCI_CAP_LIST_ID); if ( id == 0xff ) break; @@ -93,7 +93,7 @@ int pci_find_next_ext_capability(int seg, int bus, int devfn, int start, int cap int ttl = 480; /* 3840 bytes, minimum 8 bytes per capability */ int pos = max(start, 0x100); - header = pci_conf_read32(PCI_SBDF3(seg, bus, devfn), pos); + header = pci_conf_read32(PCI_SBDF(seg, bus, devfn), pos); /* * If we have no capabilities, this is indicated by cap ID, @@ -109,7 +109,7 @@ int pci_find_next_ext_capability(int seg, int bus, int devfn, int start, int cap pos = PCI_EXT_CAP_NEXT(header); if ( pos < 0x100 ) break; - header = pci_conf_read32(PCI_SBDF3(seg, bus, devfn), pos); + header = pci_conf_read32(PCI_SBDF(seg, bus, devfn), pos); } return 0; } @@ -162,7 +162,7 @@ const char *__init parse_pci_seg(const char *s, unsigned int *seg_p, else func = 0; if ( seg != (seg_p ? (u16)seg : 0) || - bus != PCI_BUS(PCI_BDF2(bus, 0)) || + bus != PCI_BUS(PCI_BDF(bus, 0)) || dev != PCI_SLOT(PCI_DEVFN(dev, 0)) || func != PCI_FUNC(PCI_DEVFN(0, func)) ) return NULL; diff --git a/xen/drivers/video/vga.c b/xen/drivers/video/vga.c index e624ebff4f..d993e68d31 100644 --- a/xen/drivers/video/vga.c +++ b/xen/drivers/video/vga.c @@ -122,9 +122,9 @@ void __init video_endboot(void) pcidevs_unlock(); if ( !pdev || - pci_conf_read16(PCI_SBDF3(0, bus, devfn), + pci_conf_read16(PCI_SBDF(0, bus, devfn), PCI_CLASS_DEVICE) != 0x0300 || - !(pci_conf_read16(PCI_SBDF3(0, bus, devfn), PCI_COMMAND) & + !(pci_conf_read16(PCI_SBDF(0, bus, devfn), PCI_COMMAND) & (PCI_COMMAND_IO | PCI_COMMAND_MEMORY)) ) continue; @@ -136,12 +136,12 @@ void __init video_endboot(void) b = 0; break; case 1: - switch ( pci_conf_read8(PCI_SBDF3(0, b, df), + switch ( pci_conf_read8(PCI_SBDF(0, b, df), PCI_HEADER_TYPE) ) { case PCI_HEADER_TYPE_BRIDGE: case PCI_HEADER_TYPE_CARDBUS: - if ( pci_conf_read16(PCI_SBDF3(0, b, df), + if ( pci_conf_read16(PCI_SBDF(0, b, df), PCI_BRIDGE_CONTROL) & PCI_BRIDGE_CTL_VGA ) continue; diff --git a/xen/include/xen/pci.h b/xen/include/xen/pci.h index 02b31f7259..f34368643c 100644 --- a/xen/include/xen/pci.h +++ b/xen/include/xen/pci.h @@ -29,16 +29,21 @@ #define PCI_BUS(bdf) (((bdf) >> 8) & 0xff) #define PCI_SLOT(bdf) (((bdf) >> 3) & 0x1f) #define PCI_FUNC(bdf) ((bdf) & 0x07) -#define PCI_DEVFN(d,f) ((((d) & 0x1f) << 3) | ((f) & 0x07)) -#define PCI_DEVFN2(bdf) ((bdf) & 0xff) -#define PCI_BDF(b,d,f) ((((b) & 0xff) << 8) | PCI_DEVFN(d,f)) -#define PCI_BDF2(b,df) ((((b) & 0xff) << 8) | ((df) & 0xff)) -#define PCI_SBDF(s,b,d,f) \ - ((pci_sbdf_t){ .sbdf = (((s) & 0xffff) << 16) | PCI_BDF(b, d, f) }) -#define PCI_SBDF2(s,bdf) \ + +#define PCI_DEVFN1_(df) ((df) & 0xff) +#define PCI_DEVFN2_(d, f) ((((d) & 0x1f) << 3) | ((f) & 7)) +#define PCI_SBDF4_(s, b, d, f...) \ + ((pci_sbdf_t){ .sbdf = (((s) & 0xffff) << 16) | PCI_BDF(b, d, ##f) }) +#define PCI_SBDF3_ PCI_SBDF4_ +#define PCI_SBDF2_(s, bdf) \ ((pci_sbdf_t){ .sbdf = (((s) & 0xffff) << 16) | ((bdf) & 0xffff) }) -#define PCI_SBDF3(s,b,df) \ - ((pci_sbdf_t){ .sbdf = (((s) & 0xffff) << 16) | PCI_BDF2(b, df) }) + +#define PCI__(what, nr) PCI_##what##nr##_ +#define PCI_(what, nr) PCI__(what, nr) + +#define PCI_DEVFN(d, f...) PCI_(DEVFN, count_args(d, ##f))(d, ##f) +#define PCI_BDF(b, d, f...) ((((b) & 0xff) << 8) | PCI_DEVFN(d, ##f)) +#define PCI_SBDF(s, b, d...) PCI_(SBDF, count_args(s, b, ##d))(s, b, ##d) #define ECAM_REG_OFFSET(addr) ((addr) & 0x00000fff) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 28 14:22:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Apr 2022 14:22:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.316597.535551 (Exim 4.92) (envelope-from ) id 1nk52I-000341-EY; Thu, 28 Apr 2022 14:22:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 316597.535551; Thu, 28 Apr 2022 14:22:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nk52I-00033t-Ba; Thu, 28 Apr 2022 14:22:26 +0000 Received: by outflank-mailman (input) for mailman id 316597; Thu, 28 Apr 2022 14:22:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nk52H-00033h-Aw for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 14:22:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nk52H-00081W-A9 for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 14:22:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nk52H-0000mJ-9H for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 14:22:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=d0598x/eTxrTRH8sHuZ3W0+7NnBnuL+eLivo6DN4xcQ=; b=cMqEabeIiDwtTr/bTx+yvY6dY7 IR/rLfH+OiSd0H9XCrsw4ZONmRMkT9HJX/RPUjYKIMtA647+2ZVXHKnJ/Gs5YqbxwTv457bySYljs u2ft2JJN5QlpfPh5lsUVeoiC/zeb69oMiwbgrR3AeWpkp0LPATavmgExIcduasSjO2TY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mem_sharing: make fork_reset more configurable Message-Id: Date: Thu, 28 Apr 2022 14:22:25 +0000 commit d711a8e5279d830d2e4f0f55246ed0c6e4a6bbed Author: Tamas K Lengyel AuthorDate: Thu Apr 28 16:15:33 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 28 16:15:33 2022 +0200 x86/mem_sharing: make fork_reset more configurable Alow specify distinct parts of the fork VM to be reset. This is useful when a fuzzing operation involves mapping in only a handful of pages that are known ahead of time. Throwing these pages away just to be re-copied immediately is expensive, thus allowing to specify partial resets can speed things up. Also allow resetting to be initiated from vm_event responses as an optiomization. Signed-off-by: Tamas K Lengyel Reviewed-by: Roger Pau MonnĂ© --- xen/arch/x86/include/asm/mem_sharing.h | 9 +++++++++ xen/arch/x86/mm/mem_sharing.c | 24 +++++++++++++++++++----- xen/common/vm_event.c | 16 ++++++++++++++++ xen/include/public/memory.h | 4 +++- xen/include/public/vm_event.h | 8 ++++++++ 5 files changed, 55 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/include/asm/mem_sharing.h b/xen/arch/x86/include/asm/mem_sharing.h index cf7a12f4d2..2c00069bc9 100644 --- a/xen/arch/x86/include/asm/mem_sharing.h +++ b/xen/arch/x86/include/asm/mem_sharing.h @@ -85,6 +85,9 @@ static inline bool mem_sharing_is_fork(const struct domain *d) int mem_sharing_fork_page(struct domain *d, gfn_t gfn, bool unsharing); +int mem_sharing_fork_reset(struct domain *d, bool reset_state, + bool reset_memory); + /* * If called by a foreign domain, possible errors are * -EBUSY -> ring full @@ -148,6 +151,12 @@ static inline int mem_sharing_fork_page(struct domain *d, gfn_t gfn, bool lock) return -EOPNOTSUPP; } +static inline int mem_sharing_fork_reset(struct domain *d, bool reset_state, + bool reset_memory) +{ + return -EOPNOTSUPP; +} + #endif #endif /* __MEM_SHARING_H__ */ diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index 61538c3fb2..8f9d9ed9a9 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -1891,15 +1891,21 @@ static int fork(struct domain *cd, struct domain *d) * footprints the hypercall continuation should be implemented (or if this * feature needs to be become "stable"). */ -static int mem_sharing_fork_reset(struct domain *d) +int mem_sharing_fork_reset(struct domain *d, bool reset_state, + bool reset_memory) { - int rc; + int rc = 0; struct domain *pd = d->parent; struct p2m_domain *p2m = p2m_get_hostp2m(d); struct page_info *page, *tmp; + ASSERT(reset_state || reset_memory); + domain_pause(d); + if ( !reset_memory ) + goto state; + /* need recursive lock because we will free pages */ spin_lock_recursive(&d->page_alloc_lock); page_list_for_each_safe(page, tmp, &d->page_list) @@ -1932,7 +1938,9 @@ static int mem_sharing_fork_reset(struct domain *d) } spin_unlock_recursive(&d->page_alloc_lock); - rc = copy_settings(d, pd); + state: + if ( reset_state ) + rc = copy_settings(d, pd); domain_unpause(d); @@ -2239,15 +2247,21 @@ int mem_sharing_memop(XEN_GUEST_HANDLE_PARAM(xen_mem_sharing_op_t) arg) case XENMEM_sharing_op_fork_reset: { + bool reset_state = mso.u.fork.flags & XENMEM_FORK_RESET_STATE; + bool reset_memory = mso.u.fork.flags & XENMEM_FORK_RESET_MEMORY; + rc = -EINVAL; - if ( mso.u.fork.pad || mso.u.fork.flags ) + if ( mso.u.fork.pad || (!reset_state && !reset_memory) ) + goto out; + if ( mso.u.fork.flags & + ~(XENMEM_FORK_RESET_STATE | XENMEM_FORK_RESET_MEMORY) ) goto out; rc = -ENOSYS; if ( !d->parent ) goto out; - rc = mem_sharing_fork_reset(d); + rc = mem_sharing_fork_reset(d, reset_state, reset_memory); break; } diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c index 84cf52636b..4a8f02893e 100644 --- a/xen/common/vm_event.c +++ b/xen/common/vm_event.c @@ -28,6 +28,11 @@ #include #include #include + +#ifdef CONFIG_MEM_SHARING +#include +#endif + #include #include @@ -394,6 +399,17 @@ static int vm_event_resume(struct domain *d, struct vm_event_domain *ved) if ( rsp.reason == VM_EVENT_REASON_MEM_PAGING ) p2m_mem_paging_resume(d, &rsp); #endif +#ifdef CONFIG_MEM_SHARING + if ( mem_sharing_is_fork(d) ) + { + bool reset_state = rsp.flags & VM_EVENT_FLAG_RESET_FORK_STATE; + bool reset_mem = rsp.flags & VM_EVENT_FLAG_RESET_FORK_MEMORY; + + if ( (reset_state || reset_mem) && + mem_sharing_fork_reset(d, reset_state, reset_mem) ) + ASSERT_UNREACHABLE(); + } +#endif /* * Check emulation flags in the arch-specific handler only, as it diff --git a/xen/include/public/memory.h b/xen/include/public/memory.h index a1a0f0233a..f8d26fb77d 100644 --- a/xen/include/public/memory.h +++ b/xen/include/public/memory.h @@ -541,12 +541,14 @@ struct xen_mem_sharing_op { uint32_t gref; /* IN: gref to debug */ } u; } debug; - struct mem_sharing_op_fork { /* OP_FORK */ + struct mem_sharing_op_fork { /* OP_FORK{,_RESET} */ domid_t parent_domain; /* IN: parent's domain id */ /* Only makes sense for short-lived forks */ #define XENMEM_FORK_WITH_IOMMU_ALLOWED (1u << 0) /* Only makes sense for short-lived forks */ #define XENMEM_FORK_BLOCK_INTERRUPTS (1u << 1) +#define XENMEM_FORK_RESET_STATE (1u << 2) +#define XENMEM_FORK_RESET_MEMORY (1u << 3) uint16_t flags; /* IN: optional settings */ uint32_t pad; /* Must be set to 0 */ } fork; diff --git a/xen/include/public/vm_event.h b/xen/include/public/vm_event.h index bb003d21d0..1673bb8703 100644 --- a/xen/include/public/vm_event.h +++ b/xen/include/public/vm_event.h @@ -127,6 +127,14 @@ * Reset the vmtrace buffer (if vmtrace is enabled) */ #define VM_EVENT_FLAG_RESET_VMTRACE (1 << 13) +/* + * Reset the VM state (if VM is fork) + */ +#define VM_EVENT_FLAG_RESET_FORK_STATE (1 << 14) +/* + * Remove unshared entries from physmap (if VM is fork) + */ +#define VM_EVENT_FLAG_RESET_FORK_MEMORY (1 << 15) /* * Reasons for the vm event request -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 28 23:44:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Apr 2022 23:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.316840.535916 (Exim 4.92) (envelope-from ) id 1nkDnp-0005CH-7m; Thu, 28 Apr 2022 23:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 316840.535916; Thu, 28 Apr 2022 23:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkDnp-0005C9-4y; Thu, 28 Apr 2022 23:44:05 +0000 Received: by outflank-mailman (input) for mailman id 316840; Thu, 28 Apr 2022 23:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkDno-0005C2-DL for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 23:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkDno-0001fe-9n for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 23:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkDno-0000Mh-8m for xen-changelog@lists.xenproject.org; Thu, 28 Apr 2022 23:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=15YDO5WmK7k0yfpKNO0DIRCr60/uBH8MUbdq1W1xAM4=; b=DwG9vdv4rlAxxlWWJb2laY4+ns OiRsv1d+c+xnTaHsyUrWaN8ex7VVnxwEtZVOtCcRsMY32/HtmQVmi0mIxn50fz1hH2Zsi/MNbRKVu cjIW5woDvQlmcH7wYKU8hzvf8r6f+yTXx1yXqPyx/LRh4kihBLUgmwP0LILILd7w9ysk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] MAINTAINERS: add Rahul as SMMU maintainer Message-Id: Date: Thu, 28 Apr 2022 23:44:04 +0000 commit e57477359071ab91429b0ebcbf7ff162242e2831 Author: Stefano Stabellini AuthorDate: Tue Apr 26 13:27:32 2022 -0700 Commit: Stefano Stabellini CommitDate: Thu Apr 28 16:39:43 2022 -0700 MAINTAINERS: add Rahul as SMMU maintainer Add Rahul as ARM SMMU maintainer. Create a new explicit entry for "ARM SMMU" also with Julien which is the original contributor of the code and continues to maintain it. Signed-off-by: Stefano Stabellini Reviewed-by: Bertrand Marquis Acked-by: Rahul Singh Acked-by: Julien Grall --- MAINTAINERS | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 2a47fafe85..ba0d1c0c1b 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -248,6 +248,12 @@ F: xen/drivers/passthrough/arm/ F: xen/include/public/arch-arm/ F: xen/include/public/arch-arm.h +ARM SMMU +M: Julien Grall +M: Rahul Singh +S: Supported +F: xen/drivers/passthrough/arm/smmu.c + ARM SMMUv3 M: Bertrand Marquis M: Rahul Singh -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 29 09:11:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Apr 2022 09:11:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.317061.536209 (Exim 4.92) (envelope-from ) id 1nkMeY-00038E-4p; Fri, 29 Apr 2022 09:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 317061.536209; Fri, 29 Apr 2022 09:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkMeY-000386-1y; Fri, 29 Apr 2022 09:11:06 +0000 Received: by outflank-mailman (input) for mailman id 317061; Fri, 29 Apr 2022 09:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkMeW-000380-OS for xen-changelog@lists.xenproject.org; Fri, 29 Apr 2022 09:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkMeW-0003nm-Lu for xen-changelog@lists.xenproject.org; Fri, 29 Apr 2022 09:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkMeW-0004Hu-Ky for xen-changelog@lists.xenproject.org; Fri, 29 Apr 2022 09:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Az1A3A8s2V5mYaL7imWnBUFspHu3nBsWnQKw/W88j8c=; b=U8TwxGzmriA4xo01QYIEqj91SN XVzhgh6YIVy+FtSfOKg3C+xVKA3XGSNDIjShY2yPxXOE5D5aCsbZ06vZeNvkkOs4NIIkLsnpVnPLT oL4lQVJLCs8bgYqzyUo8gn3wHWx55zzkaPtfLabVxOuEnren2pwyvaObQ7AUO9aIwfkI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Revert "page_alloc: assert IRQs are enabled in heap alloc/free" Message-Id: Date: Fri, 29 Apr 2022 09:11:04 +0000 commit fe234237b6fc8afc5d8265850169ceeb3d2f81fd Author: Julien Grall AuthorDate: Fri Apr 29 10:04:40 2022 +0100 Commit: Julien Grall CommitDate: Fri Apr 29 10:04:40 2022 +0100 Revert "page_alloc: assert IRQs are enabled in heap alloc/free" This reverts commit fa6dc0879ffd3dffffaea2837953c7a8761a9ba0 as there are more fallout on Arm.g --- xen/common/page_alloc.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index e866e0d864..319029140f 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -162,13 +162,6 @@ static char __initdata opt_badpage[100] = ""; string_param("badpage", opt_badpage); -/* - * Heap allocations may need TLB flushes which may require IRQs to be - * enabled (except when only 1 PCPU is online). - */ -#define ASSERT_ALLOC_CONTEXT() \ - ASSERT(!in_irq() && (local_irq_is_enabled() || num_online_cpus() <= 1)) - /* * no-bootscrub -> Free pages are not zeroed during boot. */ @@ -2167,7 +2160,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) { struct page_info *pg; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); pg = alloc_heap_pages(MEMZONE_XEN, MEMZONE_XEN, order, memflags | MEMF_no_scrub, NULL); @@ -2180,7 +2173,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) void free_xenheap_pages(void *v, unsigned int order) { - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( v == NULL ) return; @@ -2209,7 +2202,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) struct page_info *pg; unsigned int i; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( xenheap_bits && (memflags >> _MEMF_bits) > xenheap_bits ) memflags &= ~MEMF_bits(~0U); @@ -2231,7 +2224,7 @@ void free_xenheap_pages(void *v, unsigned int order) struct page_info *pg; unsigned int i; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( v == NULL ) return; @@ -2256,7 +2249,7 @@ void init_domheap_pages(paddr_t ps, paddr_t pe) { mfn_t smfn, emfn; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); smfn = maddr_to_mfn(round_pgup(ps)); emfn = maddr_to_mfn(round_pgdown(pe)); @@ -2376,7 +2369,7 @@ struct page_info *alloc_domheap_pages( unsigned int bits = memflags >> _MEMF_bits, zone_hi = NR_ZONES - 1; unsigned int dma_zone; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); bits = domain_clamp_alloc_bitsize(memflags & MEMF_no_owner ? NULL : d, bits ? : (BITS_PER_LONG+PAGE_SHIFT)); @@ -2426,7 +2419,7 @@ void free_domheap_pages(struct page_info *pg, unsigned int order) unsigned int i; bool drop_dom_ref; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( unlikely(is_xen_heap_page(pg)) ) { @@ -2745,7 +2738,7 @@ int __init acquire_domstatic_pages(struct domain *d, mfn_t smfn, { struct page_info *pg; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); pg = acquire_staticmem_pages(smfn, nr_mfns, memflags); if ( !pg ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:33:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318093.537668 (Exim 4.92) (envelope-from ) id 1nkmHY-0007EJ-A9; Sat, 30 Apr 2022 12:33:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318093.537668; Sat, 30 Apr 2022 12:33:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmHY-0007EB-6z; Sat, 30 Apr 2022 12:33:04 +0000 Received: by outflank-mailman (input) for mailman id 318093; Sat, 30 Apr 2022 12:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmHW-0007E4-BX for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmHW-0008Vw-Ah for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmHW-0002RT-9h for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ATlUKPxjT53F5mVwOOmwFWy3t0zm9W1qWXSJk1bRcKg=; b=MMXLayVEwNOUQilQcU2WqJUcfV SjE/6Z4KhH4SOx5cLAG0gJuoThL/F41UgCmCHz8+kGK3VmGnodZGIhysHWuCASVKiUGXlIUHRtTqg URUlvdoDoB0Oa8/0r53UF2ubjbxuiuU952X44+LVWsji9UqC/RSwE1ukJbgziV2oORPU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/vmx: add hvm functions to get/set non-register state Message-Id: Date: Sat, 30 Apr 2022 12:33:02 +0000 commit 010bc50adaf58c78db4ad1329b0130d96e13f8e2 Author: Tamas K Lengyel AuthorDate: Wed Apr 27 09:13:39 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 27 09:13:39 2022 +0200 x86/vmx: add hvm functions to get/set non-register state During VM forking and resetting a failed vmentry has been observed due to the guest non-register state going out-of-sync with the guest register state. For example, a VM fork reset right after a STI instruction can trigger the failed entry. This is due to the guest non-register state not being saved from the parent VM, thus the reset operation only copies the register state. Fix this by adding a new pair of hvm functions to get/set the guest non-register state so that the overall vCPU state remains in sync. Signed-off-by: Tamas K Lengyel Reviewed-by: Kevin Tian Acked-by: Jan Beulich --- xen/arch/x86/hvm/vmx/vmx.c | 32 ++++++++++++++++++++++++++++++++ xen/arch/x86/include/asm/hvm/hvm.h | 29 +++++++++++++++++++++++++++++ xen/arch/x86/mm/mem_sharing.c | 12 +++++++++++- 3 files changed, 72 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index cc8c4e9f04..d03e78bf0d 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -1334,6 +1334,36 @@ static void cf_check vmx_set_interrupt_shadow( __vmwrite(GUEST_INTERRUPTIBILITY_INFO, intr_shadow); } +static void cf_check vmx_get_nonreg_state(struct vcpu *v, + struct hvm_vcpu_nonreg_state *nrs) +{ + vmx_vmcs_enter(v); + + __vmread(GUEST_ACTIVITY_STATE, &nrs->vmx.activity_state); + __vmread(GUEST_INTERRUPTIBILITY_INFO, &nrs->vmx.interruptibility_info); + __vmread(GUEST_PENDING_DBG_EXCEPTIONS, &nrs->vmx.pending_dbg); + + if ( cpu_has_vmx_virtual_intr_delivery ) + __vmread(GUEST_INTR_STATUS, &nrs->vmx.interrupt_status); + + vmx_vmcs_exit(v); +} + +static void cf_check vmx_set_nonreg_state(struct vcpu *v, + struct hvm_vcpu_nonreg_state *nrs) +{ + vmx_vmcs_enter(v); + + __vmwrite(GUEST_ACTIVITY_STATE, nrs->vmx.activity_state); + __vmwrite(GUEST_INTERRUPTIBILITY_INFO, nrs->vmx.interruptibility_info); + __vmwrite(GUEST_PENDING_DBG_EXCEPTIONS, nrs->vmx.pending_dbg); + + if ( cpu_has_vmx_virtual_intr_delivery ) + __vmwrite(GUEST_INTR_STATUS, nrs->vmx.interrupt_status); + + vmx_vmcs_exit(v); +} + static void vmx_load_pdptrs(struct vcpu *v) { uint32_t cr3 = v->arch.hvm.guest_cr[3]; @@ -2487,6 +2517,8 @@ static struct hvm_function_table __initdata_cf_clobber vmx_function_table = { .load_cpu_ctxt = vmx_load_vmcs_ctxt, .get_interrupt_shadow = vmx_get_interrupt_shadow, .set_interrupt_shadow = vmx_set_interrupt_shadow, + .get_nonreg_state = vmx_get_nonreg_state, + .set_nonreg_state = vmx_set_nonreg_state, .guest_x86_mode = vmx_guest_x86_mode, .get_cpl = _vmx_get_cpl, .get_segment_register = vmx_get_segment_register, diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 5b7ec0cf69..caaeacabc7 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -84,6 +84,17 @@ enum hvm_intblk { /* update_guest_cr() flags. */ #define HVM_UPDATE_GUEST_CR3_NOFLUSH 0x00000001 +struct hvm_vcpu_nonreg_state { + union { + struct { + uint64_t activity_state; + uint64_t interruptibility_info; + uint64_t pending_dbg; + uint64_t interrupt_status; + } vmx; + }; +}; + /* * The hardware virtual machine (HVM) interface abstracts away from the * x86/x86_64 CPU virtualization assist specifics. Currently this interface @@ -122,6 +133,10 @@ struct hvm_function_table { /* Examine specifics of the guest state. */ unsigned int (*get_interrupt_shadow)(struct vcpu *v); void (*set_interrupt_shadow)(struct vcpu *v, unsigned int intr_shadow); + void (*get_nonreg_state)(struct vcpu *v, + struct hvm_vcpu_nonreg_state *nrs); + void (*set_nonreg_state)(struct vcpu *v, + struct hvm_vcpu_nonreg_state *nrs); int (*guest_x86_mode)(struct vcpu *v); unsigned int (*get_cpl)(struct vcpu *v); void (*get_segment_register)(struct vcpu *v, enum x86_segment seg, @@ -744,6 +759,20 @@ void hvm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val); d_->arch.hvm.pi_ops.vcpu_block(v_); \ }) +static inline void hvm_get_nonreg_state(struct vcpu *v, + struct hvm_vcpu_nonreg_state *nrs) +{ + if ( hvm_funcs.get_nonreg_state ) + alternative_vcall(hvm_funcs.get_nonreg_state, v, nrs); +} + +static inline void hvm_set_nonreg_state(struct vcpu *v, + struct hvm_vcpu_nonreg_state *nrs) +{ + if ( hvm_funcs.set_nonreg_state ) + alternative_vcall(hvm_funcs.set_nonreg_state, v, nrs); +} + #else /* CONFIG_HVM */ #define hvm_enabled false diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index a5c16b4429..61538c3fb2 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -1645,6 +1645,14 @@ static int bring_up_vcpus(struct domain *cd, struct domain *d) return 0; } +static void copy_vcpu_nonreg_state(struct vcpu *d_vcpu, struct vcpu *cd_vcpu) +{ + struct hvm_vcpu_nonreg_state nrs = {}; + + hvm_get_nonreg_state(d_vcpu, &nrs); + hvm_set_nonreg_state(cd_vcpu, &nrs); +} + static int copy_vcpu_settings(struct domain *cd, const struct domain *d) { unsigned int i; @@ -1653,7 +1661,7 @@ static int copy_vcpu_settings(struct domain *cd, const struct domain *d) for ( i = 0; i < cd->max_vcpus; i++ ) { - const struct vcpu *d_vcpu = d->vcpu[i]; + struct vcpu *d_vcpu = d->vcpu[i]; struct vcpu *cd_vcpu = cd->vcpu[i]; mfn_t vcpu_info_mfn; @@ -1696,6 +1704,8 @@ static int copy_vcpu_settings(struct domain *cd, const struct domain *d) hvm_vmtrace_reset(cd_vcpu); + copy_vcpu_nonreg_state(d_vcpu, cd_vcpu); + /* * TODO: to support VMs with PV interfaces copy additional * settings here, such as PV timers. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:33:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:33:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318094.537673 (Exim 4.92) (envelope-from ) id 1nkmHi-0007GJ-CQ; Sat, 30 Apr 2022 12:33:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318094.537673; Sat, 30 Apr 2022 12:33:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmHi-0007GB-8b; Sat, 30 Apr 2022 12:33:14 +0000 Received: by outflank-mailman (input) for mailman id 318094; Sat, 30 Apr 2022 12:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmHg-0007Fw-Ft for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmHg-0008W0-FA for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmHg-0002S6-Cv for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nZTv8dYXSBmo3LUvNJvdLnAAH+53WuInwfPWEzmW0mI=; b=yGeJpEP2a20b5NyR9skR+OB2Qa mD/pUmSPWJT/kyD5lGuUk3KXCXkCGMh0SmXcPmI5PRbDfkkkjs0VlZxuJUZMOnVIvCNITWq1mGtA2 VMUtuVdghb8jUOEN9yKGI65jVWAm8F+NSsxn4VC5kIbbApeHW3KF6OLEHs2L2/Bx04y4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libxl: retry QMP PCI device_add Message-Id: Date: Sat, 30 Apr 2022 12:33:12 +0000 commit 0f4fd6b6d805c89d19843c7ad70adc772a7d1203 Author: Jason Andryuk AuthorDate: Wed Apr 27 09:14:30 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 27 09:14:30 2022 +0200 libxl: retry QMP PCI device_add PCI device assignment to an HVM with stubdom is potentially racy. First the PCI device is assigned to the stubdom via the PV PCI protocol. Then QEMU is sent a QMP command to attach the PCI device to QEMU running within the stubdom. However, the sysfs entries within the stubdom may not have appeared by the time QEMU receives the device_add command resulting in errors like: libxl_qmp.c:1838:qmp_ev_parse_error_messages:Domain 10:Could not open '/sys/bus/pci/devices/0000:00:1f.3/config': No such file or directory This patch retries the device assignment up to 10 times with a 1 second delay between. That roughly matches the overall hotplug timeout for pci_add_timeout. pci_add_timeout's initialization is moved to do_pci_add since retries call into pci_add_qmp_device_add again. The qmp_ev_parse_error_messages error is still printed since it happens at a lower level than the pci code controlling the retries. With that, the "Retrying PCI add %d" message is also printed at ERROR level to clarify what is happening. Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_pci.c | 44 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/tools/libs/light/libxl_pci.c b/tools/libs/light/libxl_pci.c index 4bbbfe9f16..96f88795b6 100644 --- a/tools/libs/light/libxl_pci.c +++ b/tools/libs/light/libxl_pci.c @@ -1109,8 +1109,10 @@ typedef struct pci_add_state { libxl__xswait_state xswait; libxl__ev_qmp qmp; libxl__ev_time timeout; + libxl__ev_time timeout_retries; libxl_device_pci pci; libxl_domid pci_domid; + int retries; } pci_add_state; static void pci_add_qemu_trad_watch_state_cb(libxl__egc *egc, @@ -1118,6 +1120,8 @@ static void pci_add_qemu_trad_watch_state_cb(libxl__egc *egc, static void pci_add_qmp_device_add(libxl__egc *, pci_add_state *); static void pci_add_qmp_device_add_cb(libxl__egc *, libxl__ev_qmp *, const libxl__json_object *, int rc); +static void pci_add_qmp_device_add_retry(libxl__egc *egc, libxl__ev_time *ev, + const struct timeval *requested_abs, int rc); static void pci_add_qmp_query_pci_cb(libxl__egc *, libxl__ev_qmp *, const libxl__json_object *, int rc); static void pci_add_timeout(libxl__egc *egc, libxl__ev_time *ev, @@ -1137,7 +1141,9 @@ static void do_pci_add(libxl__egc *egc, libxl__xswait_init(&pas->xswait); libxl__ev_qmp_init(&pas->qmp); pas->pci_domid = domid; + pas->retries = 0; libxl__ev_time_init(&pas->timeout); + libxl__ev_time_init(&pas->timeout_retries); if (type == LIBXL_DOMAIN_TYPE_INVALID) { rc = ERROR_FAIL; @@ -1157,6 +1163,11 @@ static void do_pci_add(libxl__egc *egc, if (rc) goto out; return; case LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN: + rc = libxl__ev_time_register_rel(ao, &pas->timeout, + pci_add_timeout, + LIBXL_QMP_CMD_TIMEOUT * 1000); + if (rc) goto out; + pci_add_qmp_device_add(egc, pas); /* must be last */ return; default: @@ -1205,11 +1216,6 @@ static void pci_add_qmp_device_add(libxl__egc *egc, pci_add_state *pas) libxl_device_pci *pci = &pas->pci; libxl__ev_qmp *const qmp = &pas->qmp; - rc = libxl__ev_time_register_rel(ao, &pas->timeout, - pci_add_timeout, - LIBXL_QMP_CMD_TIMEOUT * 1000); - if (rc) goto out; - libxl__qmp_param_add_string(gc, &args, "driver", "xen-pci-passthrough"); QMP_PARAMETERS_SPRINTF(&args, "id", PCI_PT_QDEV_ID, @@ -1255,7 +1261,23 @@ static void pci_add_qmp_device_add_cb(libxl__egc *egc, EGC_GC; pci_add_state *pas = CONTAINER_OF(qmp, *pas, qmp); - if (rc) goto out; + if (rc) { + /* Retry only applicable for HVM with stubdom. */ + if (libxl_get_stubdom_id(CTX, qmp->domid) == 0) + goto out; + + if (pas->retries++ < 10) { + LOGD(ERROR, qmp->domid, "Retrying PCI add %d", pas->retries); + rc = libxl__ev_time_register_rel(pas->aodev->ao, + &pas->timeout_retries, + pci_add_qmp_device_add_retry, + 1000); + if (rc) goto out; + return; /* Wait for the timeout to then retry. */ + } else { + goto out; + } + } qmp->callback = pci_add_qmp_query_pci_cb; rc = libxl__ev_qmp_send(egc, qmp, "query-pci", NULL); @@ -1266,6 +1288,15 @@ out: pci_add_dm_done(egc, pas, rc); /* must be last */ } +static void pci_add_qmp_device_add_retry(libxl__egc *egc, libxl__ev_time *ev, + const struct timeval *requested_abs, + int rc) +{ + pci_add_state *pas = CONTAINER_OF(ev, *pas, timeout_retries); + + pci_add_qmp_device_add(egc, pas); +} + static void pci_add_qmp_query_pci_cb(libxl__egc *egc, libxl__ev_qmp *qmp, const libxl__json_object *response, @@ -1507,6 +1538,7 @@ out_no_irq: rc = 0; out: libxl__ev_time_deregister(gc, &pas->timeout); + libxl__ev_time_deregister(gc, &pas->timeout_retries); pas->callback(egc, pas, rc); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:33:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318095.537676 (Exim 4.92) (envelope-from ) id 1nkmHr-0007JM-Di; Sat, 30 Apr 2022 12:33:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318095.537676; Sat, 30 Apr 2022 12:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmHr-0007JD-AG; Sat, 30 Apr 2022 12:33:23 +0000 Received: by outflank-mailman (input) for mailman id 318095; Sat, 30 Apr 2022 12:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmHq-0007J1-Iz for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmHq-00005j-I7 for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmHq-0002SZ-HA for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QXU0HLNmm7o/f8210Ggw0mS9FWeow9BVQdjXW/UgBrI=; b=SLbkD9KdorlsKqHYDIuAlxzExr 9fu/js+I4x92+qhHUnkI1HanfkG345oZ3kfNWswUVdytH1tJjfZ+NA6joK0UCbH5pK2iBa2GMpDpL 2yBzozW4jvvjpxb2+YFKDfIapaErTR4im+05rf3vQlgoBKjbNVZ0w/CI12aRgzyQsbe4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] EFI: don't mistakenly delete a file we never installed Message-Id: Date: Sat, 30 Apr 2022 12:33:22 +0000 commit 163071b1800304c962756789b4ef0ddb978059ba Author: Jan Beulich AuthorDate: Wed Apr 27 09:15:03 2022 +0200 Commit: Jan Beulich CommitDate: Wed Apr 27 09:15:03 2022 +0200 EFI: don't mistakenly delete a file we never installed Just like for "install", make dealing with xen.efi on the EFI partition dependent upon mount point and vendor directory being known. Signed-off-by: Jan Beulich Reviewed-by: Bertrand Marquis --- xen/Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index ec34524ed2..735d5f6e45 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -515,7 +515,9 @@ _uninstall: rm -f $(D)$(DEBUG_DIR)/$(T)-$(XEN_FULLVERSION).efi.map rm -f $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi rm -f $(D)$(EFI_DIR)/$(T).efi - rm -f $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi + if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ + rm -f $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ + fi .PHONY: _debug _debug: -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:33:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:33:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318096.537680 (Exim 4.92) (envelope-from ) id 1nkmI1-0007MG-Ek; Sat, 30 Apr 2022 12:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318096.537680; Sat, 30 Apr 2022 12:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmI1-0007M8-Br; Sat, 30 Apr 2022 12:33:33 +0000 Received: by outflank-mailman (input) for mailman id 318096; Sat, 30 Apr 2022 12:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmI0-0007M2-Li for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmI0-00006h-L0 for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmI0-0002T4-KA for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lsbjsrbtED2fCTv9uKb11iXko4bTLY3W9Xi8FvxpGU4=; b=zT2A19rzEsD+GDmeQkIjmTqsKO 0A+SJUERTJy74aPwmdqMug4rEzMIwKguWEIGPB0t8Vi450vQ2lY4bTahQg6EEJp+kOdT7z8hMrRBm 1YRweXYLMGonN6b6mkzbmA7LBDVHPjv9ysoYYFfAtUOlOXiIbJm3xYFVcPxqbp+CB9+Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: alternative: Don't call vmap() within stop_machine_run() Message-Id: Date: Sat, 30 Apr 2022 12:33:32 +0000 commit fbd2445558beff90eb9607308f0845b18a7a2b5a Author: Julien Grall AuthorDate: Tue Apr 26 21:06:29 2022 +0100 Commit: Julien Grall CommitDate: Wed Apr 27 09:50:40 2022 +0100 xen/arm: alternative: Don't call vmap() within stop_machine_run() Commit 88a037e2cfe1 "page_alloc: assert IRQs are enabled in heap alloc/free" extended the checks in the buddy allocator to catch any use of the helpers from context with interrupts disabled. Unfortunately, the rule is not followed in the alternative code and this will result to crash at boot with debug enabled: (XEN) Xen call trace: (XEN) [<0022a510>] alloc_xenheap_pages+0x120/0x150 (PC) (XEN) [<00000000>] 00000000 (LR) (XEN) [<002736ac>] arch/arm/mm.c#xen_pt_update+0x144/0x6e4 (XEN) [<002740d4>] map_pages_to_xen+0x10/0x20 (XEN) [<00236864>] __vmap+0x400/0x4a4 (XEN) [<0026aee8>] arch/arm/alternative.c#__apply_alternatives_multi_stop+0x144/0x1ec (XEN) [<0022fe40>] stop_machine_run+0x23c/0x300 (XEN) [<002c40c4>] apply_alternatives_all+0x34/0x5c (XEN) [<002ce3e8>] start_xen+0xcb8/0x1024 (XEN) [<00200068>] arch/arm/arm32/head.o#primary_switched+0xc/0x1c The interrupts will be disabled by the state machine in stop_machine_run(), hence why the ASSERT is hit. For now the patch extending the checks has been reverted, but it would be good to re-introduce it (allocation with interrupts disabled is not desirable). So move the re-mapping of Xen to the caller of stop_machine_run(). Signed-off-by: Julien Grall Cc: David Vrabel Reviewed-by: Stefano Stabellini --- xen/arch/arm/alternative.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/xen/arch/arm/alternative.c b/xen/arch/arm/alternative.c index 237c4e5642..f03cd943c6 100644 --- a/xen/arch/arm/alternative.c +++ b/xen/arch/arm/alternative.c @@ -170,7 +170,7 @@ static int __apply_alternatives(const struct alt_region *region, * We might be patching the stop_machine state machine, so implement a * really simple polling protocol here. */ -static int __apply_alternatives_multi_stop(void *unused) +static int __apply_alternatives_multi_stop(void *xenmap) { static int patched = 0; @@ -185,22 +185,9 @@ static int __apply_alternatives_multi_stop(void *unused) { int ret; struct alt_region region; - mfn_t xen_mfn = virt_to_mfn(_start); - paddr_t xen_size = _end - _start; - unsigned int xen_order = get_order_from_bytes(xen_size); - void *xenmap; BUG_ON(patched); - /* - * The text and inittext section are read-only. So re-map Xen to - * be able to patch the code. - */ - xenmap = __vmap(&xen_mfn, 1U << xen_order, 1, 1, PAGE_HYPERVISOR, - VMAP_DEFAULT); - /* Re-mapping Xen is not expected to fail during boot. */ - BUG_ON(!xenmap); - region.begin = __alt_instructions; region.end = __alt_instructions_end; @@ -208,8 +195,6 @@ static int __apply_alternatives_multi_stop(void *unused) /* The patching is not expected to fail during boot. */ BUG_ON(ret != 0); - vunmap(xenmap); - /* Barriers provided by the cache flushing */ write_atomic(&patched, 1); } @@ -224,14 +209,29 @@ static int __apply_alternatives_multi_stop(void *unused) void __init apply_alternatives_all(void) { int ret; + mfn_t xen_mfn = virt_to_mfn(_start); + paddr_t xen_size = _end - _start; + unsigned int xen_order = get_order_from_bytes(xen_size); + void *xenmap; ASSERT(system_state != SYS_STATE_active); + /* + * The text and inittext section are read-only. So re-map Xen to + * be able to patch the code. + */ + xenmap = __vmap(&xen_mfn, 1U << xen_order, 1, 1, PAGE_HYPERVISOR, + VMAP_DEFAULT); + /* Re-mapping Xen is not expected to fail during boot. */ + BUG_ON(!xenmap); + /* better not try code patching on a live SMP system */ - ret = stop_machine_run(__apply_alternatives_multi_stop, NULL, NR_CPUS); + ret = stop_machine_run(__apply_alternatives_multi_stop, xenmap, NR_CPUS); /* stop_machine_run should never fail at this stage of the boot */ BUG_ON(ret); + + vunmap(xenmap); } int apply_alternatives(const struct alt_instr *start, const struct alt_instr *end) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:33:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:33:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318097.537684 (Exim 4.92) (envelope-from ) id 1nkmIB-0007PB-Ge; Sat, 30 Apr 2022 12:33:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318097.537684; Sat, 30 Apr 2022 12:33:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIB-0007P3-DM; Sat, 30 Apr 2022 12:33:43 +0000 Received: by outflank-mailman (input) for mailman id 318097; Sat, 30 Apr 2022 12:33:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIA-0007Ou-On for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIA-00006u-O2 for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmIA-0002Tb-N6 for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=v+MSQ8pCD+fCGljGxQt0Dg0SVYkOrVXhGQ04DDnEX4A=; b=Zmg0Qj5PD8T89+H5gHlEZd4VBu dDSfdkw0JN0v7v/OX5RhAM3J8IGMZx/M7yLyldgv2bmXYEz5wGPCpgsWRTwk3TzJvOte6ATIuUNxE HOu6DEIzV+2Yk9cxavkfyV4eXVGVWfnz9CpAPDkclsLNfEJWuTh2tgIBeTYFaBwpGKv4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] page_alloc: assert IRQs are enabled in heap alloc/free Message-Id: Date: Sat, 30 Apr 2022 12:33:42 +0000 commit fa6dc0879ffd3dffffaea2837953c7a8761a9ba0 Author: David Vrabel AuthorDate: Tue Apr 26 10:33:01 2022 +0200 Commit: Julien Grall CommitDate: Wed Apr 27 09:52:12 2022 +0100 page_alloc: assert IRQs are enabled in heap alloc/free Heap pages can only be safely allocated and freed with interrupts enabled as they may require a TLB flush which may send IPIs (on x86). Normally spinlock debugging would catch calls from the incorrect context, but not from stop_machine_run() action functions as these are called with spin lock debugging disabled. Enhance the assertions in alloc_xenheap_pages() and alloc_domheap_pages() to check interrupts are enabled. For consistency the same asserts are used when freeing heap pages. As an exception, when only 1 PCPU is online, allocations are permitted with interrupts disabled as any TLB flushes would be local only. This is necessary during early boot. Signed-off-by: David Vrabel Reviewed-by: Jan Beulich --- xen/common/page_alloc.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 319029140f..e866e0d864 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -162,6 +162,13 @@ static char __initdata opt_badpage[100] = ""; string_param("badpage", opt_badpage); +/* + * Heap allocations may need TLB flushes which may require IRQs to be + * enabled (except when only 1 PCPU is online). + */ +#define ASSERT_ALLOC_CONTEXT() \ + ASSERT(!in_irq() && (local_irq_is_enabled() || num_online_cpus() <= 1)) + /* * no-bootscrub -> Free pages are not zeroed during boot. */ @@ -2160,7 +2167,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) { struct page_info *pg; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); pg = alloc_heap_pages(MEMZONE_XEN, MEMZONE_XEN, order, memflags | MEMF_no_scrub, NULL); @@ -2173,7 +2180,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) void free_xenheap_pages(void *v, unsigned int order) { - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( v == NULL ) return; @@ -2202,7 +2209,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) struct page_info *pg; unsigned int i; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( xenheap_bits && (memflags >> _MEMF_bits) > xenheap_bits ) memflags &= ~MEMF_bits(~0U); @@ -2224,7 +2231,7 @@ void free_xenheap_pages(void *v, unsigned int order) struct page_info *pg; unsigned int i; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( v == NULL ) return; @@ -2249,7 +2256,7 @@ void init_domheap_pages(paddr_t ps, paddr_t pe) { mfn_t smfn, emfn; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); smfn = maddr_to_mfn(round_pgup(ps)); emfn = maddr_to_mfn(round_pgdown(pe)); @@ -2369,7 +2376,7 @@ struct page_info *alloc_domheap_pages( unsigned int bits = memflags >> _MEMF_bits, zone_hi = NR_ZONES - 1; unsigned int dma_zone; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); bits = domain_clamp_alloc_bitsize(memflags & MEMF_no_owner ? NULL : d, bits ? : (BITS_PER_LONG+PAGE_SHIFT)); @@ -2419,7 +2426,7 @@ void free_domheap_pages(struct page_info *pg, unsigned int order) unsigned int i; bool drop_dom_ref; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); if ( unlikely(is_xen_heap_page(pg)) ) { @@ -2738,7 +2745,7 @@ int __init acquire_domstatic_pages(struct domain *d, mfn_t smfn, { struct page_info *pg; - ASSERT(!in_irq()); + ASSERT_ALLOC_CONTEXT(); pg = acquire_staticmem_pages(smfn, nr_mfns, memflags); if ( !pg ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:33:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:33:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318098.537688 (Exim 4.92) (envelope-from ) id 1nkmIL-0007Sp-Jm; Sat, 30 Apr 2022 12:33:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318098.537688; Sat, 30 Apr 2022 12:33:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIL-0007Sh-Gs; Sat, 30 Apr 2022 12:33:53 +0000 Received: by outflank-mailman (input) for mailman id 318098; Sat, 30 Apr 2022 12:33:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIK-0007Sb-Rq for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIK-000074-R6 for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmIK-0002UC-QB for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:33:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r2RHGV+Ht9Xyzy6yQeYjdCKSJax0o1aLvy4YaiKC4c8=; b=S9PEop3FqKWC0gWbnJMHri0PUR 59dl/CFOGpi4FttaGDK7dkB4xF9wME2hLl2TmZCGqFhH3H293BsaTXdc4xACOvW8IgEf943U+smKc k+IjOOaqTT2THVoMCQLPsbNIVhEv70U86zi/M76Hfdpfz9QptZ5gnjJy2OabOmpgfuXc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm64: io: Handle data abort due to cache maintenance instructions Message-Id: Date: Sat, 30 Apr 2022 12:33:52 +0000 commit 53b705d02cec03861044e673536586bd1b2443bd Author: Ayan Kumar Halder AuthorDate: Thu Mar 24 13:37:05 2022 +0000 Commit: Julien Grall CommitDate: Wed Apr 27 16:27:51 2022 +0100 xen/arm64: io: Handle data abort due to cache maintenance instructions When the data abort is caused due to cache maintenance for an address, there are three scenarios:- 1. Address belonging to a non emulated region - For this, Xen should set the corresponding bit in the translation table entry to valid and return to the guest to retry the instruction. This can happen sometimes as Xen need to set the translation table entry to invalid. (for eg 'Break-Before-Make' sequence). Xen returns to the guest to retry the instruction. 2. Address belongs to an emulated region - Xen should ignore the instruction (ie increment the PC) and return to the guest. 3. Address is invalid - Xen should forward the data abort to the guest. Signed-off-by: Ayan Kumar Halder [julien: Don't initialize p.size to 1 << info->dabt.size] Reviewed-by: Julien Grall --- xen/arch/arm/include/asm/mmio.h | 1 + xen/arch/arm/io.c | 20 +++++++++++++++++++- xen/arch/arm/ioreq.c | 17 ++++++++++++++--- 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/include/asm/mmio.h b/xen/arch/arm/include/asm/mmio.h index ca259a79c2..79e64d9af8 100644 --- a/xen/arch/arm/include/asm/mmio.h +++ b/xen/arch/arm/include/asm/mmio.h @@ -35,6 +35,7 @@ enum instr_decode_state * instruction. */ INSTR_LDR_STR_POSTINDEXING, + INSTR_CACHE, /* Cache Maintenance instr */ }; typedef struct diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index 6f458ee7fd..4ce94243aa 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -139,6 +139,17 @@ void try_decode_instruction(const struct cpu_user_regs *regs, return; } + /* + * When the data abort is caused due to cache maintenance, Xen should check + * if the address belongs to an emulated MMIO region or not. The behavior + * will differ accordingly. + */ + if ( info->dabt.cache ) + { + info->dabt_instr.state = INSTR_CACHE; + return; + } + /* * Armv8 processor does not provide a valid syndrome for decoding some * instructions. So in order to process these instructions, Xen must @@ -161,7 +172,7 @@ enum io_state try_handle_mmio(struct cpu_user_regs *regs, ASSERT(info->dabt.ec == HSR_EC_DATA_ABORT_LOWER_EL); - if ( !info->dabt.valid ) + if ( !(info->dabt.valid || (info->dabt_instr.state == INSTR_CACHE)) ) { ASSERT_UNREACHABLE(); return IO_ABORT; @@ -177,6 +188,13 @@ enum io_state try_handle_mmio(struct cpu_user_regs *regs, return rc; } + /* + * When the data abort is caused due to cache maintenance and the address + * belongs to an emulated region, Xen should ignore this instruction. + */ + if ( info->dabt_instr.state == INSTR_CACHE ) + return IO_HANDLED; + /* * At this point, we know that the instruction is either valid or has been * decoded successfully. Thus, Xen should be allowed to execute the diff --git a/xen/arch/arm/ioreq.c b/xen/arch/arm/ioreq.c index 54167aebcb..bdd536e873 100644 --- a/xen/arch/arm/ioreq.c +++ b/xen/arch/arm/ioreq.c @@ -47,12 +47,11 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, struct vcpu *v, mmio_info_t *info) { struct vcpu_io *vio = &v->io; - struct instr_details instr = info->dabt_instr; + const struct instr_details instr = info->dabt_instr; struct hsr_dabt dabt = info->dabt; ioreq_t p = { .type = IOREQ_TYPE_COPY, .addr = info->gpa, - .size = 1 << info->dabt.size, .count = 1, .dir = !info->dabt.write, /* @@ -62,7 +61,6 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, * memory access. So for now, we can safely always set to 0. */ .df = 0, - .data = get_user_reg(regs, info->dabt.reg), .state = STATE_IOREQ_READY, }; struct ioreq_server *s = NULL; @@ -74,12 +72,25 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, return IO_ABORT; } + if ( instr.state == INSTR_CACHE ) + p.size = dcache_line_bytes; + else + p.size = 1U << info->dabt.size; + s = ioreq_server_select(v->domain, &p); if ( !s ) return IO_UNHANDLED; + /* + * When the data abort is caused due to cache maintenance and the address + * belongs to an emulated region, Xen should ignore this instruction. + */ + if ( instr.state == INSTR_CACHE ) + return IO_HANDLED; + ASSERT(dabt.valid); + p.data = get_user_reg(regs, info->dabt.reg); vio->req = p; vio->info.dabt_instr = instr; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:34:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:34:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318099.537692 (Exim 4.92) (envelope-from ) id 1nkmIV-0007VY-LD; Sat, 30 Apr 2022 12:34:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318099.537692; Sat, 30 Apr 2022 12:34:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIV-0007VQ-IO; Sat, 30 Apr 2022 12:34:03 +0000 Received: by outflank-mailman (input) for mailman id 318099; Sat, 30 Apr 2022 12:34:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIU-0007VJ-Vw for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIU-00007U-UD for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmIU-0002Um-TO for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=a480EnOlM1/k26TgXAimLLU8dCOjttJQCw6NkDBJ2J4=; b=7Cp05xAXz+be5wpLsNn/BrApFZ yQkVWXzOXb0umX8mEH5DwMpa9BqUDnRMW4r555Nn7SxsDXNn2WLwdAL8bWRHNBOY8HH6P/BOKFH3C zTRG0Us97ERHE7Qm2En+ihw3lgOr6hfeiD74837dMf0uxzfSN3CUkc1Po37oTk+jkaLk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: bootfdt.c: Remove unused-but-set variable Message-Id: Date: Sat, 30 Apr 2022 12:34:02 +0000 commit 2a2de68a60f4ff8f322c0ad7873c1e6048c6fca4 Author: Michal Orzel AuthorDate: Wed Apr 27 11:49:34 2022 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 27 15:20:23 2022 -0700 xen/arm: bootfdt.c: Remove unused-but-set variable Function device_tree_node_compatible defines and sets a variable mlen but does not make use of it. Remove this variable. Signed-off-by: Michal Orzel Reviewed-by: Julien Grall --- xen/arch/arm/bootfdt.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c index e318ef9603..29671c8df0 100644 --- a/xen/arch/arm/bootfdt.c +++ b/xen/arch/arm/bootfdt.c @@ -36,11 +36,8 @@ static bool __init device_tree_node_compatible(const void *fdt, int node, const char *match) { int len, l; - int mlen; const void *prop; - mlen = strlen(match); - prop = fdt_getprop(fdt, node, "compatible", &len); if ( prop == NULL ) return false; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:34:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:34:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318100.537696 (Exim 4.92) (envelope-from ) id 1nkmIf-0007YR-Mz; Sat, 30 Apr 2022 12:34:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318100.537696; Sat, 30 Apr 2022 12:34:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIf-0007YJ-Jp; Sat, 30 Apr 2022 12:34:13 +0000 Received: by outflank-mailman (input) for mailman id 318100; Sat, 30 Apr 2022 12:34:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIf-0007YC-1e for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIf-00007e-0u for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmIf-0002VZ-05 for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Jdr3nkNO4YNssZGGm/31qrMhWBZ/e6yr59ISVj2A/6A=; b=T7a888tQHStVNgBT/9hMFSGYQU WrFgEJKAcZgRlIxMF2KojUhBD9WpdmLj+nAU2B9+rCMM7neSLgpEMOPb/VPxarcn7YtWUI98Pj7S5 9VhuFZd0FRzc6ZgVILGnC1OqitMdtFQfgEJPSeKodLe90vikMOlVrZtWNQwfQDjRki2c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] efi/boot.c: Remove unused-but-set variable Message-Id: Date: Sat, 30 Apr 2022 12:34:13 +0000 commit 9b4f9b9af235e21568f8882e8137397af7f86414 Author: Michal Orzel AuthorDate: Wed Apr 27 11:49:35 2022 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 27 15:20:33 2022 -0700 efi/boot.c: Remove unused-but-set variable Function efi_start defines and sets a variable size but does not make use of it. Remove this variable. Signed-off-by: Michal Orzel Reviewed-by: Jan Beulich --- xen/common/efi/boot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index ac1b235372..a25e1d29f1 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -1226,9 +1226,9 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) { EFI_FILE_HANDLE dir_handle; EFI_HANDLE gop_handle; - UINTN depth, cols, rows, size; + UINTN depth, cols, rows; - size = cols = rows = depth = 0; + cols = rows = depth = 0; if ( StdOut->QueryMode(StdOut, StdOut->Mode->Mode, &cols, &rows) == EFI_SUCCESS ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:34:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:34:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318101.537701 (Exim 4.92) (envelope-from ) id 1nkmIp-0007bF-On; Sat, 30 Apr 2022 12:34:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318101.537701; Sat, 30 Apr 2022 12:34:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIp-0007b7-LP; Sat, 30 Apr 2022 12:34:23 +0000 Received: by outflank-mailman (input) for mailman id 318101; Sat, 30 Apr 2022 12:34:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIp-0007b1-4T for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIp-00008I-3j for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmIp-0002Wi-38 for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qvjai2lRtZm2vnYkU3cv2y7ZiTaEOZW1d5VycevqzrI=; b=rlHTvmlN+KOJpVsdlqAd2a16YE G4F5RVtHfD/+aqM4bA+faJzKYqTCeRXXQOg9PP0y16vIoa6oKB0qowYIo5CQDz4UE2AZTXkHgfaE5 VIpol8MsU6+JRoB0Yq7XntrDeyKSVRpmP64IjFPQVXfBHqJUADYKfjJOWmDK5/C6fRJI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: smmu.c: Remove unused-but-set variable Message-Id: Date: Sat, 30 Apr 2022 12:34:23 +0000 commit 2845588e398d8e631f08d304e80c5f94f52c3643 Author: Michal Orzel AuthorDate: Wed Apr 27 11:49:37 2022 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 27 15:21:04 2022 -0700 xen/arm: smmu.c: Remove unused-but-set variable Function arm_smmu_init_context_bank defines and sets a variable gr0_base but does not make use of it. Remove this variable. Signed-off-by: Michal Orzel Acked-by: Julien Grall --- xen/drivers/passthrough/arm/smmu.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c index 5cacb2dd99..c21c4f3ac0 100644 --- a/xen/drivers/passthrough/arm/smmu.c +++ b/xen/drivers/passthrough/arm/smmu.c @@ -1086,10 +1086,9 @@ static void arm_smmu_init_context_bank(struct arm_smmu_domain *smmu_domain) bool stage1; struct arm_smmu_cfg *cfg = &smmu_domain->cfg; struct arm_smmu_device *smmu = smmu_domain->smmu; - void __iomem *cb_base, *gr0_base, *gr1_base; + void __iomem *cb_base, *gr1_base; paddr_t p2maddr; - gr0_base = ARM_SMMU_GR0(smmu); gr1_base = ARM_SMMU_GR1(smmu); stage1 = cfg->cbar != CBAR_TYPE_S2_TRANS; cb_base = ARM_SMMU_CB_BASE(smmu) + ARM_SMMU_CB(smmu, cfg->cbndx); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:34:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:34:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318102.537704 (Exim 4.92) (envelope-from ) id 1nkmIz-0007e5-QN; Sat, 30 Apr 2022 12:34:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318102.537704; Sat, 30 Apr 2022 12:34:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIz-0007dv-Mu; Sat, 30 Apr 2022 12:34:33 +0000 Received: by outflank-mailman (input) for mailman id 318102; Sat, 30 Apr 2022 12:34:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIz-0007dl-7S for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmIz-00008U-6g for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmIz-0002XZ-5z for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=U0eYqMrKz0FVAvdIwpkOJrLSV6CUbUWSwW+FsjYJXmI=; b=51aqi2mdYkVbj44ISe0x/M9HCW 7WgO2L1Og+wCv0xIXv78aVzdEDsueEi8j3tlC7dbXTpVsfrRuEqmJZMFFyyAcD9J/wxiXRlJ/vYwd ioNn2GSidsDtpB05wgphSitW7s/KVlQU0cDJsgDwFgH5hdzsxTba3TLK9+Cc5MFp7qzs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/sched: Remove unused-but-set variable Message-Id: Date: Sat, 30 Apr 2022 12:34:33 +0000 commit 4026c0d4c4811b8337b4eab3cdea7037cbfb0eb4 Author: Michal Orzel AuthorDate: Wed Apr 27 11:49:38 2022 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 27 15:21:48 2022 -0700 xen/sched: Remove unused-but-set variable Function schedule_cpu_add defines and sets a variable old_unit but does not make use of it. Remove this variable. Signed-off-by: Michal Orzel Reviewed-by: Juergen Gross Acked-by: Dario Faggioli --- xen/common/sched/core.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 19ab678181..8a8c25bbda 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -3104,7 +3104,7 @@ int schedule_cpu_add(unsigned int cpu, struct cpupool *c) { const cpumask_t *mask; unsigned int cpu_iter, idx = 0; - struct sched_unit *old_unit, *master_unit; + struct sched_unit *master_unit; struct sched_resource *sr_old; /* @@ -3128,7 +3128,6 @@ int schedule_cpu_add(unsigned int cpu, struct cpupool *c) if ( cpu == cpu_iter ) continue; - old_unit = idle_vcpu[cpu_iter]->sched_unit; sr_old = get_sched_res(cpu_iter); kill_timer(&sr_old->s_timer); idle_vcpu[cpu_iter]->sched_unit = master_unit; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:34:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:34:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318103.537708 (Exim 4.92) (envelope-from ) id 1nkmJA-0007gu-RK; Sat, 30 Apr 2022 12:34:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318103.537708; Sat, 30 Apr 2022 12:34:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJA-0007gm-OV; Sat, 30 Apr 2022 12:34:44 +0000 Received: by outflank-mailman (input) for mailman id 318103; Sat, 30 Apr 2022 12:34:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJ9-0007gd-AP for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJ9-00008e-9j for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmJ9-0002YU-8o for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=P8T9FfmGiaQsveHxT6qDGNwomRmzURid0l2sN3Myz+4=; b=mG0ayv8nOonN1TW+9wybENvNPp UyEfmwERkwyDvHO5QxtliEHy2kOXtMKgpH+mYp8ayxRhNBF+VPtbE1FviPjO5juA5lY5LbwxNTKY/ MSsRN/ScgPO0ylOYdeAd5j7y9R8zz/PP8M7INhFgYXAjFetSeBKR8R0ouQmq//bdp0SQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] platforms/xgene: Make use of dt_device_get_address return value Message-Id: Date: Sat, 30 Apr 2022 12:34:43 +0000 commit 1afe55905427b7e25936388c65a29c2bbb280bc8 Author: Michal Orzel AuthorDate: Wed Apr 27 11:49:39 2022 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 27 15:23:09 2022 -0700 platforms/xgene: Make use of dt_device_get_address return value Currently function xgene_check_pirq_eoi assigns the return value of dt_device_get_address to a variable res but does not make use of it. Fix it by making use of res in the condition checking the result of a call to dt_device_get_address instead of checking the address stored in dbase. Signed-off-by: Michal Orzel Reviewed-by: Julien Grall --- xen/arch/arm/platforms/xgene-storm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/arm/platforms/xgene-storm.c b/xen/arch/arm/platforms/xgene-storm.c index fced4d7c2c..befd0c3c2d 100644 --- a/xen/arch/arm/platforms/xgene-storm.c +++ b/xen/arch/arm/platforms/xgene-storm.c @@ -51,7 +51,7 @@ static void __init xgene_check_pirq_eoi(void) panic("%s: Can not find interrupt controller node\n", __func__); res = dt_device_get_address(node, 0, &dbase, NULL); - if ( !dbase ) + if ( res ) panic("%s: Cannot find a valid address for the distributor\n", __func__); /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:34:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:34:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318104.537712 (Exim 4.92) (envelope-from ) id 1nkmJK-0007jo-TH; Sat, 30 Apr 2022 12:34:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318104.537712; Sat, 30 Apr 2022 12:34:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJK-0007jg-QB; Sat, 30 Apr 2022 12:34:54 +0000 Received: by outflank-mailman (input) for mailman id 318104; Sat, 30 Apr 2022 12:34:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJJ-0007jO-DU for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJJ-00008k-Cj for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmJJ-0002ZT-Bq for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:34:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=f+dV9khIze6x7qPBD9eoDXN9HyyyLoCEGywtmbozS8U=; b=Xo7EvSPWdeXiVuQoMxLYF8OGlN Tg8AZtxvN4cv4fSkOhtMhj+puJXVQwqZkPM7h2uhuRHisZZ7qldG7fM2mF5oXfEFO3BJ1i9hqyCfm g8ARZFeRh/jLlHPqmQtobYZg3FOJQoBaHdOCilFxUXRKykT5JOMEyERqenI5Sxs2ScKI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] platforms/omap: Remove unused-but-set variable Message-Id: Date: Sat, 30 Apr 2022 12:34:53 +0000 commit 1f71c11b882ac2b6d32260e929a3f9f19d97fdf7 Author: Michal Orzel AuthorDate: Wed Apr 27 11:49:40 2022 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 27 15:23:38 2022 -0700 platforms/omap: Remove unused-but-set variable Function omap5_init_time defines and sets the variable den but does not make use of it. Remove this variable. Signed-off-by: Michal Orzel Reviewed-by: Julien Grall --- xen/arch/arm/platforms/omap5.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/arch/arm/platforms/omap5.c b/xen/arch/arm/platforms/omap5.c index aee24e4d28..5cf424a23e 100644 --- a/xen/arch/arm/platforms/omap5.c +++ b/xen/arch/arm/platforms/omap5.c @@ -48,7 +48,7 @@ static int omap5_init_time(void) void __iomem *ckgen_prm_base; void __iomem *rt_ct_base; unsigned int sys_clksel; - unsigned int num, den, frac1, frac2; + unsigned int num, frac1, frac2; ckgen_prm_base = ioremap_nocache(OMAP5_CKGEN_PRM_BASE, 0x20); if ( !ckgen_prm_base ) @@ -78,7 +78,6 @@ static int omap5_init_time(void) } frac2 = readl(rt_ct_base + INCREMENTER_DENUMERATOR_RELOAD_OFFSET); - den = frac2 & ~NUMERATOR_DENUMERATOR_MASK; if ( num_den[sys_clksel][1] != num ) { frac2 &= NUMERATOR_DENUMERATOR_MASK; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:35:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:35:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318105.537716 (Exim 4.92) (envelope-from ) id 1nkmJU-0007md-Uy; Sat, 30 Apr 2022 12:35:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318105.537716; Sat, 30 Apr 2022 12:35:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJU-0007mT-Re; Sat, 30 Apr 2022 12:35:04 +0000 Received: by outflank-mailman (input) for mailman id 318105; Sat, 30 Apr 2022 12:35:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJT-0007mH-GK for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJT-000094-Ff for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmJT-0002ad-Et for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Zk4b0CfAu/0txchhSTY2zX10d2RnS4JNh38QFGQIN4o=; b=MIG8NbqOb4RgcTa35VpZvqERHk 589x2N3JSdDPLsJfY/5ljfz3le4xCGftaQXRRGwgL+8nlzAwge6LPokwR8ono0eMXZVca6yP8jqiW NHA3fHw2Bno6bkgzPYAv4LxaTcZe/tgbvVR5I1OUMRncmSlklikBRBkGtWKNckT8VkQM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] drivers/exynos4210: Remove unused-but-set variable Message-Id: Date: Sat, 30 Apr 2022 12:35:03 +0000 commit da28439ba55b8a571032b3358af567cff749f612 Author: Michal Orzel AuthorDate: Wed Apr 27 11:49:41 2022 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 27 15:28:02 2022 -0700 drivers/exynos4210: Remove unused-but-set variable Function exynos4210_uart_init_preirq defines and sets a variable divisor but does not make use of it. Remove the definition and comment out the assignment as this function already has some TODOs. Signed-off-by: Michal Orzel Acked-by: Julien Grall Acked-by: Stefano Stabellini --- xen/drivers/char/exynos4210-uart.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/xen/drivers/char/exynos4210-uart.c b/xen/drivers/char/exynos4210-uart.c index fa7dbc0391..43aaf02e18 100644 --- a/xen/drivers/char/exynos4210-uart.c +++ b/xen/drivers/char/exynos4210-uart.c @@ -101,7 +101,6 @@ static void exynos4210_uart_interrupt(int irq, void *data, struct cpu_user_regs static void __init exynos4210_uart_init_preirq(struct serial_port *port) { struct exynos4210_uart *uart = port->uart; - unsigned int divisor; uint32_t ulcon; /* reset, TX/RX disables */ @@ -113,9 +112,12 @@ static void __init exynos4210_uart_init_preirq(struct serial_port *port) /* Line control and baud-rate generator. */ if ( uart->baud != BAUD_AUTO ) { - /* Baud rate specified: program it into the divisor latch. */ - divisor = ((uart->clock_hz) / (uart->baud)) - 1; - /* FIXME: will use a hacked divisor, assuming the src clock and bauds */ + /* + * TODO: should be updated + * Baud rate specified: program it into the divisor latch. + * divisor = ((uart->clock_hz) / (uart->baud)) - 1; + * FIXME: will use a hacked divisor, assuming the src clock and bauds. + */ exynos4210_write(uart, UFRACVAL, 53); exynos4210_write(uart, UBRDIV, 4); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:35:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:35:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318106.537720 (Exim 4.92) (envelope-from ) id 1nkmJf-0007q2-1h; Sat, 30 Apr 2022 12:35:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318106.537720; Sat, 30 Apr 2022 12:35:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJe-0007pu-Uz; Sat, 30 Apr 2022 12:35:14 +0000 Received: by outflank-mailman (input) for mailman id 318106; Sat, 30 Apr 2022 12:35:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJd-0007pc-JP for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJd-00009O-Ii for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmJd-0002ba-I1 for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=izxf0w/jJ9lGdoUrMexzPJDrIQPWo6gXR908Idwj9kE=; b=mdoa78ujYKAUTnbNz1yV7lnwJ4 tj+07REooUhicDBx+Sq/ily7KiJv9Whv6Ff98usklpUpScT6sEfD2kCMoi9GopfuZ/z5AbKbXudqu IIm9Om71/XzS/Utah+oBU6UUiKsGcRADKey3JpWmEdMfivkRVmnN4GfPVjY59i3Ij6II=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/public: add new macro to ring.h Message-Id: Date: Sat, 30 Apr 2022 12:35:13 +0000 commit 6cf1398ba9e3f8ea64d58930288a6dffbdb7c207 Author: Juergen Gross AuthorDate: Thu Apr 28 09:58:42 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 28 09:58:42 2022 +0200 xen/public: add new macro to ring.h For the initialization of a ring page by the frontend two macros are available in ring.h: SHARED_RING_INIT() and FRONT_RING_INIT(). All known users use always both of them in direct sequence. Add another macro XEN_FRONT_RING_INIT() combining the two macros. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/include/public/io/ring.h | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/xen/include/public/io/ring.h b/xen/include/public/io/ring.h index 277af36e61..ab3439bd58 100644 --- a/xen/include/public/io/ring.h +++ b/xen/include/public/io/ring.h @@ -95,9 +95,8 @@ typedef unsigned int RING_IDX; * of the shared memory area (PAGE_SIZE, for instance). To initialise * the front half: * - * mytag_front_ring_t front_ring; - * SHARED_RING_INIT((mytag_sring_t *)shared_page); - * FRONT_RING_INIT(&front_ring, (mytag_sring_t *)shared_page, PAGE_SIZE); + * mytag_front_ring_t ring; + * XEN_FRONT_RING_INIT(&ring, (mytag_sring_t *)shared_page, PAGE_SIZE); * * Initializing the back follows similarly (note that only the front * initializes the shared ring): @@ -184,6 +183,11 @@ typedef struct __name##_back_ring __name##_back_ring_t #define FRONT_RING_INIT(_r, _s, __size) FRONT_RING_ATTACH(_r, _s, 0, __size) +#define XEN_FRONT_RING_INIT(r, s, size) do { \ + SHARED_RING_INIT(s); \ + FRONT_RING_INIT(r, s, size); \ +} while (0) + #define BACK_RING_ATTACH(_r, _s, _i, __size) do { \ (_r)->rsp_prod_pvt = (_i); \ (_r)->req_cons = (_i); \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:35:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:35:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318107.537724 (Exim 4.92) (envelope-from ) id 1nkmJp-0007sS-3L; Sat, 30 Apr 2022 12:35:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318107.537724; Sat, 30 Apr 2022 12:35:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJp-0007sL-0G; Sat, 30 Apr 2022 12:35:25 +0000 Received: by outflank-mailman (input) for mailman id 318107; Sat, 30 Apr 2022 12:35:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJn-0007s4-MC for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJn-00009U-LW for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmJn-0002cY-Kt for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=twdPjbkPJ6bckpVuNjVhp3BPz53dD9V2z0PeZrBARAI=; b=DeYk26386Ms5sbl0JfK4AzokoH v1QwQFn1A76TM7znaqTKuB7ZTJjWDhFhfnifMPtSouyJnlRxw7st1mS49jubjUn0LpG7AbfL8i7oA LYlFicSpqlThYffvEf5f977dxLU5cKi01a1jD7F4M/n/yNuVaayVZhTtu1/h57eYnP7I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/mwait-idle: switch to asm/intel-family.h naming Message-Id: Date: Sat, 30 Apr 2022 12:35:23 +0000 commit 3f6aef8a7a371ce35e83c4a85022ff0e6295d91a Author: Jan Beulich AuthorDate: Thu Apr 28 09:59:14 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 28 09:59:14 2022 +0200 x86/mwait-idle: switch to asm/intel-family.h naming This brings us (back) closer to the original Linux source. While touching mwait_idle_state_table_update() also drop a stray leading blank. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/cpu/mwait-idle.c | 94 ++++++++++++++++++++++--------------------- 1 file changed, 48 insertions(+), 46 deletions(-) diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index 9efa569da3..99b9ad32f2 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -61,6 +61,7 @@ #include #include #include +#include #include #include #include @@ -996,48 +997,49 @@ static const struct idle_cpu idle_cpu_snr = { }; #define ICPU(model, cpu) \ - { X86_VENDOR_INTEL, 6, model, X86_FEATURE_ALWAYS, &idle_cpu_##cpu} + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ ## model, X86_FEATURE_ALWAYS, \ + &idle_cpu_ ## cpu} static const struct x86_cpu_id intel_idle_ids[] __initconstrel = { - ICPU(0x1a, nehalem), - ICPU(0x1e, nehalem), - ICPU(0x1f, nehalem), - ICPU(0x25, nehalem), - ICPU(0x2c, nehalem), - ICPU(0x2e, nehalem), - ICPU(0x2f, nehalem), - ICPU(0x1c, atom), - ICPU(0x26, lincroft), - ICPU(0x2a, snb), - ICPU(0x2d, snb), - ICPU(0x36, atom), - ICPU(0x37, byt), - ICPU(0x4a, tangier), - ICPU(0x4c, cht), - ICPU(0x3a, ivb), - ICPU(0x3e, ivt), - ICPU(0x3c, hsw), - ICPU(0x3f, hsw), - ICPU(0x45, hsw), - ICPU(0x46, hsw), - ICPU(0x4d, avn), - ICPU(0x3d, bdw), - ICPU(0x47, bdw), - ICPU(0x4f, bdw), - ICPU(0x56, bdw), - ICPU(0x4e, skl), - ICPU(0x5e, skl), - ICPU(0x8e, skl), - ICPU(0x9e, skl), - ICPU(0x55, skx), - ICPU(0x6a, icx), - ICPU(0x6c, icx), - ICPU(0x57, knl), - ICPU(0x85, knl), - ICPU(0x5c, bxt), - ICPU(0x7a, bxt), - ICPU(0x5f, dnv), - ICPU(0x86, snr), + ICPU(NEHALEM_EP, nehalem), + ICPU(NEHALEM, nehalem), + ICPU(NEHALEM_G, nehalem), + ICPU(WESTMERE, nehalem), + ICPU(WESTMERE_EP, nehalem), + ICPU(NEHALEM_EX, nehalem), + ICPU(WESTMERE_EX, nehalem), + ICPU(ATOM_BONNELL, atom), + ICPU(ATOM_BONNELL_MID, lincroft), + ICPU(SANDYBRIDGE, snb), + ICPU(SANDYBRIDGE_X, snb), + ICPU(ATOM_SALTWELL, atom), + ICPU(ATOM_SILVERMONT, byt), + ICPU(ATOM_SILVERMONT_MID, tangier), + ICPU(ATOM_AIRMONT, cht), + ICPU(IVYBRIDGE, ivb), + ICPU(IVYBRIDGE_X, ivt), + ICPU(HASWELL, hsw), + ICPU(HASWELL_X, hsw), + ICPU(HASWELL_L, hsw), + ICPU(HASWELL_G, hsw), + ICPU(ATOM_SILVERMONT_D, avn), + ICPU(BROADWELL, bdw), + ICPU(BROADWELL_G, bdw), + ICPU(BROADWELL_X, bdw), + ICPU(BROADWELL_D, bdw), + ICPU(SKYLAKE_L, skl), + ICPU(SKYLAKE, skl), + ICPU(KABYLAKE_L, skl), + ICPU(KABYLAKE, skl), + ICPU(SKYLAKE_X, skx), + ICPU(ICELAKE_X, icx), + ICPU(ICELAKE_D, icx), + ICPU(XEON_PHI_KNL, knl), + ICPU(XEON_PHI_KNM, knl), + ICPU(ATOM_GOLDMONT, bxt), + ICPU(ATOM_GOLDMONT_PLUS, bxt), + ICPU(ATOM_GOLDMONT_D, dnv), + ICPU(ATOM_TREMONT_D, snr), {} }; @@ -1208,20 +1210,20 @@ static void __init skx_idle_state_table_update(void) static void __init mwait_idle_state_table_update(void) { switch (boot_cpu_data.x86_model) { - case 0x3e: /* IVT */ + case INTEL_FAM6_IVYBRIDGE_X: ivt_idle_state_table_update(); break; - case 0x5c: /* BXT */ - case 0x7a: + case INTEL_FAM6_ATOM_GOLDMONT: + case INTEL_FAM6_ATOM_GOLDMONT_PLUS: bxt_idle_state_table_update(); break; - case 0x5e: /* SKL-H */ + case INTEL_FAM6_SKYLAKE: sklh_idle_state_table_update(); break; - case 0x55: /* SKL-X */ + case INTEL_FAM6_SKYLAKE_X: skx_idle_state_table_update(); break; - } + } } static int __init mwait_idle_probe(void) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:35:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:35:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318108.537728 (Exim 4.92) (envelope-from ) id 1nkmJz-0007va-5G; Sat, 30 Apr 2022 12:35:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318108.537728; Sat, 30 Apr 2022 12:35:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJz-0007vR-24; Sat, 30 Apr 2022 12:35:35 +0000 Received: by outflank-mailman (input) for mailman id 318108; Sat, 30 Apr 2022 12:35:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJx-0007vH-P1 for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmJx-00009h-OP for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmJx-0002dR-Nf for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5pvze55AovlCzxxRBEJatgK4roFxJK8VKCzWRVUJN9Y=; b=me3LfAflxDVUKFO+OVDL4V48Vl EgtfQm1jzat7Yv6EGPuKU7989VahfhGSDMImscX7G2naPNNnnC6oVNtQX04jWzPA5E1+uGBs6RAFs 6xLCv6q3Hk4xxONoo7aBhV7r4EBH7qsq6E/0JXUicMjzgJzWECOUy0aBzDI7TSY+yg4E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/mwait-idle: add SPR support Message-Id: Date: Sat, 30 Apr 2022 12:35:33 +0000 commit 9c432b876bf518866d431bda73f2be1250f688eb Author: Artem Bityutskiy AuthorDate: Thu Apr 28 10:00:18 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 28 10:00:18 2022 +0200 x86/mwait-idle: add SPR support Add Sapphire Rapids Xeon support. Up until very recently, the C1 and C1E C-states were independent, but this has changed in some new chips, including Sapphire Rapids Xeon (SPR). In these chips the C1 and C1E states cannot be enabled at the same time. The "C1E promotion" bit in 'MSR_IA32_POWER_CTL' also has its semantics changed a bit. Here are the C1, C1E, and "C1E promotion" bit rules on Xeons before SPR. 1. If C1E promotion bit is disabled. a. C1 requests end up with C1 C-state. b. C1E requests end up with C1E C-state. 2. If C1E promotion bit is enabled. a. C1 requests end up with C1E C-state. b. C1E requests end up with C1E C-state. Here are the C1, C1E, and "C1E promotion" bit rules on Sapphire Rapids Xeon. 1. If C1E promotion bit is disabled. a. C1 requests end up with C1 C-state. b. C1E requests end up with C1 C-state. 2. If C1E promotion bit is enabled. a. C1 requests end up with C1E C-state. b. C1E requests end up with C1E C-state. Before SPR Xeon, the 'intel_idle' driver was disabling C1E promotion and was exposing C1 and C1E as independent C-states. But on SPR, C1 and C1E cannot be enabled at the same time. This patch adds both C1 and C1E states. However, C1E is marked as with the "CPUIDLE_FLAG_UNUSABLE" flag, which means that in won't be registered by default. The C1E promotion bit will be cleared, which means that by default only C1 and C6 will be registered on SPR. The next patch will add an option for enabling C1E and disabling C1 on SPR. Signed-off-by: Artem Bityutskiy Signed-off-by: Rafael J. Wysocki Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 9edf3c0ffef0 Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/cpu/mwait-idle.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index 99b9ad32f2..6add64dc5f 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -586,6 +586,38 @@ static const struct cpuidle_state icx_cstates[] = { {} }; +/* + * On Sapphire Rapids Xeon C1 has to be disabled if C1E is enabled, and vice + * versa. On SPR C1E is enabled only if "C1E promotion" bit is set in + * MSR_IA32_POWER_CTL. But in this case there effectively no C1, because C1 + * requests are promoted to C1E. If the "C1E promotion" bit is cleared, then + * both C1 and C1E requests end up with C1, so there is effectively no C1E. + * + * By default we enable C1 and disable C1E by marking it with + * 'CPUIDLE_FLAG_DISABLED'. + */ +static struct cpuidle_state __read_mostly spr_cstates[] = { + { + .name = "C1", + .flags = MWAIT2flg(0x00), + .exit_latency = 1, + .target_residency = 1, + }, + { + .name = "C1E", + .flags = MWAIT2flg(0x01) | CPUIDLE_FLAG_DISABLED, + .exit_latency = 2, + .target_residency = 4, + }, + { + .name = "C6", + .flags = MWAIT2flg(0x20) | CPUIDLE_FLAG_TLB_FLUSHED, + .exit_latency = 290, + .target_residency = 800, + }, + {} +}; + static const struct cpuidle_state atom_cstates[] = { { .name = "C1E", @@ -972,6 +1004,11 @@ static const struct idle_cpu idle_cpu_icx = { .disable_promotion_to_c1e = true, }; +static struct idle_cpu __read_mostly idle_cpu_spr = { + .state_table = spr_cstates, + .disable_promotion_to_c1e = true, +}; + static const struct idle_cpu idle_cpu_avn = { .state_table = avn_cstates, .disable_promotion_to_c1e = true, @@ -1034,6 +1071,7 @@ static const struct x86_cpu_id intel_idle_ids[] __initconstrel = { ICPU(SKYLAKE_X, skx), ICPU(ICELAKE_X, icx), ICPU(ICELAKE_D, icx), + ICPU(SAPPHIRERAPIDS_X, spr), ICPU(XEON_PHI_KNL, knl), ICPU(XEON_PHI_KNM, knl), ICPU(ATOM_GOLDMONT, bxt), -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:35:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:35:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318109.537732 (Exim 4.92) (envelope-from ) id 1nkmK9-0007xw-6s; Sat, 30 Apr 2022 12:35:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318109.537732; Sat, 30 Apr 2022 12:35:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmK9-0007xo-3f; Sat, 30 Apr 2022 12:35:45 +0000 Received: by outflank-mailman (input) for mailman id 318109; Sat, 30 Apr 2022 12:35:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmK7-0007xc-SP for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmK7-00009l-Rm for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmK7-0002eV-Qt for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EeiMIB7wbQn06UsrbQ97oj0sHv0lLpXejkP2nfwf2Zo=; b=kRmTjt7lB6Fls4Nl0WkPBtMBsf 3dHjztbPu3SJiU2eIYsqFqz2bAlakcpp9slMFf2x/Rnw+SYRC1XMd/PI9YlRj3mm2bXOKkKUETU0E nECIa2leQ5ueQBIvqbFak9BApEwbgZO2SGEgYvXJZehScb5ZAjnUePhm/0xelJzYJa5M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86+libxl: correct p2m (shadow) memory pool size calculation Message-Id: Date: Sat, 30 Apr 2022 12:35:43 +0000 commit 2c992810854a15b41be920519ce83a4a328d5168 Author: Jan Beulich AuthorDate: Thu Apr 28 10:00:49 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 28 10:00:49 2022 +0200 x86+libxl: correct p2m (shadow) memory pool size calculation The reference "to shadow the resident processes" is applicable to domains (potentially) running in shadow mode only. Adjust the calculations accordingly. This, however, requires further parameters. Since the original function is deprecated anyway, and since it can't be changed (for being part of a stable ABI), introduce a new (internal only) function, with the deprecated one simply becoming a wrapper. In dom0_paging_pages() also take the opportunity and stop open-coding DIV_ROUND_UP(). Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_create.c | 30 +++++++++++++++++++++++++++--- tools/libs/light/libxl_internal.h | 5 +++++ tools/libs/light/libxl_utils.c | 9 ++------- xen/arch/x86/dom0_build.c | 9 ++++++--- 4 files changed, 40 insertions(+), 13 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 885675591f..69ec405858 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1027,6 +1027,24 @@ static bool ok_to_default_memkb_in_create(libxl__gc *gc) */ } +unsigned long libxl__get_required_paging_memory(unsigned long maxmem_kb, + unsigned int smp_cpus, + libxl_domain_type type, + bool hap) +{ + /* + * 256 pages (1MB) per vcpu, + * plus 1 page per MiB of RAM for the P2M map (for non-PV guests), + * plus 1 page per MiB of RAM to shadow the resident processes (for shadow + * mode guests). + * This is higher than the minimum that Xen would allocate if no value + * were given (but the Xen minimum is for safety, not performance). + */ + return 4 * (256 * smp_cpus + + ((type != LIBXL_DOMAIN_TYPE_PV) + !hap) * + (maxmem_kb / 1024)); +} + static unsigned long libxl__get_required_iommu_memory(unsigned long maxmem_kb) { unsigned long iommu_pages = 0, mem_pages = maxmem_kb / 4; @@ -1194,10 +1212,16 @@ int libxl__domain_config_setdefault(libxl__gc *gc, } if (d_config->b_info.shadow_memkb == LIBXL_MEMKB_DEFAULT - && ok_to_default_memkb_in_create(gc)) + && ok_to_default_memkb_in_create(gc)) { + bool hap = d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV && + libxl_defbool_val(d_config->c_info.hap); + d_config->b_info.shadow_memkb = - libxl_get_required_shadow_memory(d_config->b_info.max_memkb, - d_config->b_info.max_vcpus); + libxl__get_required_paging_memory(d_config->b_info.max_memkb, + d_config->b_info.max_vcpus, + d_config->c_info.type, + hap); + } /* No IOMMU reservation is needed if passthrough mode is not 'sync_pt' */ if (d_config->b_info.iommu_memkb == LIBXL_MEMKB_DEFAULT diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index a26daec040..bdef5a605e 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -1569,6 +1569,11 @@ _hidden int libxl__domain_need_memory_calculate(libxl__gc *gc, libxl_domain_build_info *b_info, uint64_t *need_memkb); +_hidden unsigned long libxl__get_required_paging_memory(unsigned long maxmem_kb, + unsigned int smp_cpus, + libxl_domain_type type, + bool hap); + _hidden const char *libxl__device_nic_devname(libxl__gc *gc, uint32_t domid, uint32_t devid, diff --git a/tools/libs/light/libxl_utils.c b/tools/libs/light/libxl_utils.c index b91c2cafa2..1d8a7f64ef 100644 --- a/tools/libs/light/libxl_utils.c +++ b/tools/libs/light/libxl_utils.c @@ -38,13 +38,8 @@ char *libxl_basename(const char *name) unsigned long libxl_get_required_shadow_memory(unsigned long maxmem_kb, unsigned int smp_cpus) { - /* 256 pages (1MB) per vcpu, - plus 1 page per MiB of RAM for the P2M map, - plus 1 page per MiB of RAM to shadow the resident processes. - This is higher than the minimum that Xen would allocate if no value - were given (but the Xen minimum is for safety, not performance). - */ - return 4 * (256 * smp_cpus + 2 * (maxmem_kb / 1024)); + return libxl__get_required_paging_memory(maxmem_kb, smp_cpus, + LIBXL_DOMAIN_TYPE_INVALID, false); } char *libxl_domid_to_name(libxl_ctx *ctx, uint32_t domid) diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c index 4d1c5c60e4..79234f18ff 100644 --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -314,12 +314,15 @@ unsigned int __initdata dom0_memflags = MEMF_no_dma|MEMF_exact_node; unsigned long __init dom0_paging_pages(const struct domain *d, unsigned long nr_pages) { - /* Copied from: libxl_get_required_shadow_memory() */ + /* Keep in sync with libxl__get_required_paging_memory(). */ unsigned long memkb = nr_pages * (PAGE_SIZE / 1024); - memkb = 4 * (256 * d->max_vcpus + 2 * (memkb / 1024)); + memkb = 4 * (256 * d->max_vcpus + + (is_pv_domain(d) ? opt_dom0_shadow || opt_pv_l1tf_hwdom + : 1 + opt_dom0_shadow) * + (memkb / 1024)); - return ((memkb + 1023) / 1024) << (20 - PAGE_SHIFT); + return DIV_ROUND_UP(memkb, 1024) << (20 - PAGE_SHIFT); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:35:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:35:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318110.537736 (Exim 4.92) (envelope-from ) id 1nkmKJ-00082y-8l; Sat, 30 Apr 2022 12:35:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318110.537736; Sat, 30 Apr 2022 12:35:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKJ-00082q-5W; Sat, 30 Apr 2022 12:35:55 +0000 Received: by outflank-mailman (input) for mailman id 318110; Sat, 30 Apr 2022 12:35:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKH-00082Y-VW for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKH-00009q-Uv for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmKH-0002fW-U7 for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:35:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wyD0W6/JU5tog2zBH5UfSSzXL7d4AMhlU161Kk8ZBMU=; b=XV2RWeA4m9l8hVl/G9pwzaX2GE GzBMmFcLWDsCMw+YLGDRj0/LMSB7SS+uWuwcpc/tzy0PuJQvV799neHAlkxv2hLhDR6IQ1jT2SFhp 0XP1IqGvjgC0MD7DtIdpz959uFNx8JF3m/hgAogrkUB7Iw9cghj1pVhxX/lPNfDIchks=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] PCI: replace stray uses of PCI_{DEVFN,BDF}2() Message-Id: Date: Sat, 30 Apr 2022 12:35:53 +0000 commit ee68339aeee4afa78749b1333c95071196b60c36 Author: Jan Beulich AuthorDate: Thu Apr 28 16:13:23 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 28 16:13:23 2022 +0200 PCI: replace stray uses of PCI_{DEVFN,BDF}2() There's no good reason to use these when we already have a pci_sbdf_t type object available. This extends to the use of PCI_BUS() in pci_ecam_map_bus() as well. No change to generated code (with gcc11 at least, and I have to admit that I didn't expect compilers to necessarily be able to spot the optimization potential on the original code). Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Reviewed-by: Kevin Tian Reviewed-by: Paul Durrant Reviewed-by: Bertrand Marquis --- xen/arch/arm/pci/ecam.c | 5 ++--- xen/arch/x86/msi.c | 2 +- xen/drivers/passthrough/vtd/qinval.c | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/xen/arch/arm/pci/ecam.c b/xen/arch/arm/pci/ecam.c index 6aeea12a68..3987f96b01 100644 --- a/xen/arch/arm/pci/ecam.c +++ b/xen/arch/arm/pci/ecam.c @@ -28,8 +28,7 @@ void __iomem *pci_ecam_map_bus(struct pci_host_bridge *bridge, container_of(bridge->ops, const struct pci_ecam_ops, pci_ops); unsigned int devfn_shift = ops->bus_shift - 8; void __iomem *base; - - unsigned int busn = PCI_BUS(sbdf.bdf); + unsigned int busn = sbdf.bus; if ( busn < cfg->busn_start || busn > cfg->busn_end ) return NULL; @@ -37,7 +36,7 @@ void __iomem *pci_ecam_map_bus(struct pci_host_bridge *bridge, busn -= cfg->busn_start; base = cfg->win + (busn << ops->bus_shift); - return base + (PCI_DEVFN2(sbdf.bdf) << devfn_shift) + where; + return base + (sbdf.devfn << devfn_shift) + where; } bool __init pci_ecam_need_p2m_hwdom_mapping(struct domain *d, diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c index b32b1378f8..6be81e6c3b 100644 --- a/xen/arch/x86/msi.c +++ b/xen/arch/x86/msi.c @@ -839,7 +839,7 @@ static int msix_capability_init(struct pci_dev *dev, pbus = dev->info.physfn.bus; pslot = PCI_SLOT(dev->info.physfn.devfn); pfunc = PCI_FUNC(dev->info.physfn.devfn); - vf = PCI_BDF2(dev->bus, dev->devfn); + vf = dev->sbdf.bdf; } table_paddr = read_pci_mem_bar(seg, pbus, pslot, pfunc, bir, vf); diff --git a/xen/drivers/passthrough/vtd/qinval.c b/xen/drivers/passthrough/vtd/qinval.c index 6a1c6bd7a9..4f9ad136b9 100644 --- a/xen/drivers/passthrough/vtd/qinval.c +++ b/xen/drivers/passthrough/vtd/qinval.c @@ -267,7 +267,7 @@ int qinval_device_iotlb_sync(struct vtd_iommu *iommu, struct pci_dev *pdev, qinval_entry->q.dev_iotlb_inv_dsc.lo.res_1 = 0; qinval_entry->q.dev_iotlb_inv_dsc.lo.max_invs_pend = pdev->ats.queue_depth; qinval_entry->q.dev_iotlb_inv_dsc.lo.res_2 = 0; - qinval_entry->q.dev_iotlb_inv_dsc.lo.sid = PCI_BDF2(pdev->bus, pdev->devfn); + qinval_entry->q.dev_iotlb_inv_dsc.lo.sid = pdev->sbdf.bdf; qinval_entry->q.dev_iotlb_inv_dsc.lo.res_3 = 0; qinval_entry->q.dev_iotlb_inv_dsc.hi.size = size; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:36:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:36:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318111.537740 (Exim 4.92) (envelope-from ) id 1nkmKT-00086U-Ce; Sat, 30 Apr 2022 12:36:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318111.537740; Sat, 30 Apr 2022 12:36:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKT-00086K-8R; Sat, 30 Apr 2022 12:36:05 +0000 Received: by outflank-mailman (input) for mailman id 318111; Sat, 30 Apr 2022 12:36:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKS-000868-3P for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:36:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKS-0000AS-2f for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:36:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmKS-0002gi-1r for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:36:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EsgwqE4qb7yZZUc6Gqfb4ug3PKkFWR5sRWtSd6IRxbQ=; b=Yz+gQdw//U2eiX6iDPOlpquDIJ 80/+dMbLwUUO0yfjTiTprHBWynRvXAEziFpLuNM1wqI4EnLBHwMzY4g2Pgikc62PWHaj0b0T6Bv2R pHb6EegeqyrlUnaGC3EtNEdnWr2zYahOViMG5sPZ4rwytnM6MeAFegqhL9lIhNDEDgNQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] PCI: replace "secondary" flavors of PCI_{DEVFN,BDF,SBDF}() Message-Id: Date: Sat, 30 Apr 2022 12:36:04 +0000 commit 54a71fe63b98c81cae4ff81bd0bd154840c3b44f Author: Jan Beulich AuthorDate: Thu Apr 28 16:14:26 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 28 16:14:26 2022 +0200 PCI: replace "secondary" flavors of PCI_{DEVFN,BDF,SBDF}() At their use sites the numeric suffixes are at least odd to read, first and foremost for PCI_DEVFN2() where the suffix doesn't even match the number of arguments. Make use of count_args() such that a single flavor each suffices (leaving aside helper macros, which aren't supposed to be used from the outside). In parse_ppr_log_entry() take the opportunity and drop two local variables and convert an assignment to an initializer. In VT-d code fold a number of bus+devfn comparison pairs into a single BDF comparison. No change to generated code for the vast majority of the adjustments. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Reviewed-by: Kevin Tian Reviewed-by: Paul Durrant --- xen/arch/x86/mm.c | 2 +- xen/arch/x86/pci.c | 2 +- xen/arch/x86/x86_64/mmconfig-shared.c | 2 +- xen/common/compat/memory.c | 4 +- xen/common/memory.c | 4 +- xen/drivers/passthrough/amd/iommu_acpi.c | 8 ++-- xen/drivers/passthrough/amd/iommu_cmd.c | 10 ++--- xen/drivers/passthrough/amd/iommu_detect.c | 2 +- xen/drivers/passthrough/amd/iommu_init.c | 37 ++++++++--------- xen/drivers/passthrough/amd/iommu_intr.c | 4 +- xen/drivers/passthrough/amd/iommu_map.c | 4 +- xen/drivers/passthrough/amd/pci_amd_iommu.c | 32 +++++++-------- xen/drivers/passthrough/ats.h | 2 +- xen/drivers/passthrough/pci.c | 18 ++++----- xen/drivers/passthrough/vtd/dmar.c | 4 +- xen/drivers/passthrough/vtd/intremap.c | 6 +-- xen/drivers/passthrough/vtd/iommu.c | 61 ++++++++++++----------------- xen/drivers/passthrough/vtd/quirks.c | 6 +-- xen/drivers/passthrough/vtd/utils.c | 2 +- xen/drivers/pci/pci.c | 10 ++--- xen/drivers/video/vga.c | 8 ++-- xen/include/xen/pci.h | 23 ++++++----- 22 files changed, 120 insertions(+), 131 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 72dbce43b1..74fa9205f4 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4902,7 +4902,7 @@ int cf_check mmcfg_intercept_write( if ( pci_conf_write_intercept(mmio_ctxt->seg, mmio_ctxt->bdf, offset, bytes, p_data) >= 0 ) pci_mmcfg_write(mmio_ctxt->seg, PCI_BUS(mmio_ctxt->bdf), - PCI_DEVFN2(mmio_ctxt->bdf), offset, bytes, + PCI_DEVFN(mmio_ctxt->bdf), offset, bytes, *(uint32_t *)p_data); return X86EMUL_OKAY; diff --git a/xen/arch/x86/pci.c b/xen/arch/x86/pci.c index a9decd4f33..9a2354e887 100644 --- a/xen/arch/x86/pci.c +++ b/xen/arch/x86/pci.c @@ -90,7 +90,7 @@ int pci_conf_write_intercept(unsigned int seg, unsigned int bdf, pcidevs_lock(); - pdev = pci_get_pdev(seg, PCI_BUS(bdf), PCI_DEVFN2(bdf)); + pdev = pci_get_pdev(seg, PCI_BUS(bdf), PCI_DEVFN(bdf)); if ( pdev ) rc = pci_msi_conf_write_intercept(pdev, reg, size, data); diff --git a/xen/arch/x86/x86_64/mmconfig-shared.c b/xen/arch/x86/x86_64/mmconfig-shared.c index 74b22b71a1..5dee20fe9d 100644 --- a/xen/arch/x86/x86_64/mmconfig-shared.c +++ b/xen/arch/x86/x86_64/mmconfig-shared.c @@ -313,7 +313,7 @@ static int __init pci_mmcfg_check_hostbridge(void) for (i = 0; !name && i < ARRAY_SIZE(pci_mmcfg_probes); i++) { bus = pci_mmcfg_probes[i].bus; devfn = pci_mmcfg_probes[i].devfn; - l = pci_conf_read32(PCI_SBDF3(0, bus, devfn), 0); + l = pci_conf_read32(PCI_SBDF(0, bus, devfn), 0); vendor = l & 0xffff; device = (l >> 16) & 0xffff; diff --git a/xen/common/compat/memory.c b/xen/common/compat/memory.c index 077ded4a75..82fb250efa 100644 --- a/xen/common/compat/memory.c +++ b/xen/common/compat/memory.c @@ -27,8 +27,8 @@ static int cf_check get_reserved_device_memory( xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt) { struct get_reserved_device_memory *grdm = ctxt; - uint32_t sbdf = PCI_SBDF3(grdm->map.dev.pci.seg, grdm->map.dev.pci.bus, - grdm->map.dev.pci.devfn).sbdf; + uint32_t sbdf = PCI_SBDF(grdm->map.dev.pci.seg, grdm->map.dev.pci.bus, + grdm->map.dev.pci.devfn).sbdf; if ( !(grdm->map.flags & XENMEM_RDM_ALL) && (sbdf != id) ) return 0; diff --git a/xen/common/memory.c b/xen/common/memory.c index 69b0cd1e50..f2d009843a 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -1055,8 +1055,8 @@ static int cf_check get_reserved_device_memory( xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt) { struct get_reserved_device_memory *grdm = ctxt; - uint32_t sbdf = PCI_SBDF3(grdm->map.dev.pci.seg, grdm->map.dev.pci.bus, - grdm->map.dev.pci.devfn).sbdf; + uint32_t sbdf = PCI_SBDF(grdm->map.dev.pci.seg, grdm->map.dev.pci.bus, + grdm->map.dev.pci.devfn).sbdf; if ( !(grdm->map.flags & XENMEM_RDM_ALL) && (sbdf != id) ) return 0; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 3a79314589..ac6835225b 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -96,7 +96,7 @@ static void __init add_ivrs_mapping_entry( if ( !ivrs_mappings[alias_id].intremap_table ) panic("No memory for %pp's IRT\n", - &PCI_SBDF2(iommu->seg, alias_id)); + &PCI_SBDF(iommu->seg, alias_id)); } } @@ -790,7 +790,7 @@ static u16 __init parse_ivhd_device_special( } AMD_IOMMU_DEBUG("IVHD Special: %pp variety %#x handle %#x\n", - &PCI_SBDF2(seg, bdf), special->variety, special->handle); + &PCI_SBDF(seg, bdf), special->variety, special->handle); add_ivrs_mapping_entry(bdf, bdf, special->header.data_setting, 0, true, iommu); @@ -816,7 +816,7 @@ static u16 __init parse_ivhd_device_special( AMD_IOMMU_DEBUG("IVHD: Command line override present for IO-APIC %#x" "(IVRS: %#x devID %pp)\n", ioapic_sbdf[idx].id, special->handle, - &PCI_SBDF2(seg, bdf)); + &PCI_SBDF(seg, bdf)); break; } @@ -888,7 +888,7 @@ static u16 __init parse_ivhd_device_special( AMD_IOMMU_DEBUG("IVHD: Command line override present for HPET %#x " "(IVRS: %#x devID %pp)\n", hpet_sbdf.id, special->handle, - &PCI_SBDF2(seg, bdf)); + &PCI_SBDF(seg, bdf)); break; case HPET_NONE: /* set device id of hpet */ diff --git a/xen/drivers/passthrough/amd/iommu_cmd.c b/xen/drivers/passthrough/amd/iommu_cmd.c index c26ad9e7d7..40ddf366bb 100644 --- a/xen/drivers/passthrough/amd/iommu_cmd.c +++ b/xen/drivers/passthrough/amd/iommu_cmd.c @@ -40,7 +40,7 @@ static void send_iommu_command(struct amd_iommu *iommu, IOMMU_RING_BUFFER_PTR_MASK) ) { printk_once(XENLOG_ERR "AMD IOMMU %pp: no cmd slot available\n", - &PCI_SBDF2(iommu->seg, iommu->bdf)); + &PCI_SBDF(iommu->seg, iommu->bdf)); cpu_relax(); } @@ -84,7 +84,7 @@ static void flush_command_buffer(struct amd_iommu *iommu, threshold |= threshold << 1; printk(XENLOG_WARNING "AMD IOMMU %pp: %scompletion wait taking too long\n", - &PCI_SBDF2(iommu->seg, iommu->bdf), + &PCI_SBDF(iommu->seg, iommu->bdf), timeout_base ? "iotlb " : ""); timeout = 0; } @@ -94,7 +94,7 @@ static void flush_command_buffer(struct amd_iommu *iommu, if ( !timeout ) printk(XENLOG_WARNING "AMD IOMMU %pp: %scompletion wait took %lums\n", - &PCI_SBDF2(iommu->seg, iommu->bdf), + &PCI_SBDF(iommu->seg, iommu->bdf), timeout_base ? "iotlb " : "", (NOW() - start) / 10000000); } @@ -292,14 +292,14 @@ void amd_iommu_flush_iotlb(u8 devfn, const struct pci_dev *pdev, if ( !iommu ) { AMD_IOMMU_WARN("can't find IOMMU for %pp\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn)); + &PCI_SBDF(pdev->seg, pdev->bus, devfn)); return; } if ( !iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) return; - req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(pdev->bus, devfn)); + req_id = get_dma_requestor_id(iommu->seg, PCI_BDF(pdev->bus, devfn)); queueid = req_id; maxpend = pdev->ats.queue_depth & 0xff; diff --git a/xen/drivers/passthrough/amd/iommu_detect.c b/xen/drivers/passthrough/amd/iommu_detect.c index fd89475a8d..2317fa6a7d 100644 --- a/xen/drivers/passthrough/amd/iommu_detect.c +++ b/xen/drivers/passthrough/amd/iommu_detect.c @@ -231,7 +231,7 @@ int __init amd_iommu_detect_one_acpi( rt = pci_ro_device(iommu->seg, bus, PCI_DEVFN(dev, func)); if ( rt ) printk(XENLOG_ERR "Could not mark config space of %pp read-only (%d)\n", - &PCI_SBDF2(iommu->seg, iommu->bdf), rt); + &PCI_SBDF(iommu->seg, iommu->bdf), rt); list_add_tail(&iommu->list, &amd_iommu_head); rt = 0; diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index c7a49a4fdb..7d074ca843 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -562,7 +562,7 @@ static void cf_check parse_event_log_entry(struct amd_iommu *iommu, u32 entry[]) printk(XENLOG_ERR "AMD-Vi: %s: %pp d%u addr %016"PRIx64 " flags %#x%s%s%s%s%s%s%s%s%s%s\n", - code_str, &PCI_SBDF2(iommu->seg, device_id), + code_str, &PCI_SBDF(iommu->seg, device_id), domain_id, addr, flags, (flags & 0xe00) ? " ??" : "", (flags & 0x100) ? " TR" : "", @@ -578,7 +578,7 @@ static void cf_check parse_event_log_entry(struct amd_iommu *iommu, u32 entry[]) for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) if ( get_dma_requestor_id(iommu->seg, bdf) == device_id ) pci_check_disable_device(iommu->seg, PCI_BUS(bdf), - PCI_DEVFN2(bdf)); + PCI_DEVFN(bdf)); } else printk(XENLOG_ERR "%s %08x %08x %08x %08x\n", @@ -631,18 +631,13 @@ static void iommu_check_event_log(struct amd_iommu *iommu) static void cf_check parse_ppr_log_entry(struct amd_iommu *iommu, u32 entry[]) { - - u16 device_id; - u8 bus, devfn; - struct pci_dev *pdev; - /* here device_id is physical value */ - device_id = iommu_get_devid_from_cmd(entry[0]); - bus = PCI_BUS(device_id); - devfn = PCI_DEVFN2(device_id); + uint16_t device_id = iommu_get_devid_from_cmd(entry[0]); + struct pci_dev *pdev; pcidevs_lock(); - pdev = pci_get_real_pdev(iommu->seg, bus, devfn); + pdev = pci_get_real_pdev(iommu->seg, PCI_BUS(device_id), + PCI_DEVFN(device_id)); pcidevs_unlock(); if ( pdev ) @@ -751,12 +746,12 @@ static bool_t __init set_iommu_interrupt_handler(struct amd_iommu *iommu) pcidevs_lock(); iommu->msi.dev = pci_get_pdev(iommu->seg, PCI_BUS(iommu->bdf), - PCI_DEVFN2(iommu->bdf)); + PCI_DEVFN(iommu->bdf)); pcidevs_unlock(); if ( !iommu->msi.dev ) { AMD_IOMMU_WARN("no pdev for %pp\n", - &PCI_SBDF2(iommu->seg, iommu->bdf)); + &PCI_SBDF(iommu->seg, iommu->bdf)); return 0; } @@ -778,7 +773,7 @@ static bool_t __init set_iommu_interrupt_handler(struct amd_iommu *iommu) hw_irq_controller *handler; u16 control; - control = pci_conf_read16(PCI_SBDF2(iommu->seg, iommu->bdf), + control = pci_conf_read16(PCI_SBDF(iommu->seg, iommu->bdf), iommu->msi.msi_attrib.pos + PCI_MSI_FLAGS); iommu->msi.msi.nvec = 1; @@ -842,22 +837,22 @@ static void amd_iommu_erratum_746_workaround(struct amd_iommu *iommu) (boot_cpu_data.x86_model > 0x1f) ) return; - pci_conf_write32(PCI_SBDF2(iommu->seg, iommu->bdf), 0xf0, 0x90); - value = pci_conf_read32(PCI_SBDF2(iommu->seg, iommu->bdf), 0xf4); + pci_conf_write32(PCI_SBDF(iommu->seg, iommu->bdf), 0xf0, 0x90); + value = pci_conf_read32(PCI_SBDF(iommu->seg, iommu->bdf), 0xf4); if ( value & (1 << 2) ) return; /* Select NB indirect register 0x90 and enable writing */ - pci_conf_write32(PCI_SBDF2(iommu->seg, iommu->bdf), 0xf0, 0x90 | (1 << 8)); + pci_conf_write32(PCI_SBDF(iommu->seg, iommu->bdf), 0xf0, 0x90 | (1 << 8)); - pci_conf_write32(PCI_SBDF2(iommu->seg, iommu->bdf), 0xf4, value | (1 << 2)); + pci_conf_write32(PCI_SBDF(iommu->seg, iommu->bdf), 0xf4, value | (1 << 2)); printk(XENLOG_INFO "AMD-Vi: Applying erratum 746 workaround for IOMMU at %pp\n", - &PCI_SBDF2(iommu->seg, iommu->bdf)); + &PCI_SBDF(iommu->seg, iommu->bdf)); /* Clear the enable writing bit */ - pci_conf_write32(PCI_SBDF2(iommu->seg, iommu->bdf), 0xf0, 0x90); + pci_conf_write32(PCI_SBDF(iommu->seg, iommu->bdf), 0xf0, 0x90); } static void enable_iommu(struct amd_iommu *iommu) @@ -1288,7 +1283,7 @@ static int __init cf_check amd_iommu_setup_device_table( if ( !pci_init ) continue; pcidevs_lock(); - pdev = pci_get_pdev(seg, PCI_BUS(bdf), PCI_DEVFN2(bdf)); + pdev = pci_get_pdev(seg, PCI_BUS(bdf), PCI_DEVFN(bdf)); pcidevs_unlock(); } diff --git a/xen/drivers/passthrough/amd/iommu_intr.c b/xen/drivers/passthrough/amd/iommu_intr.c index 464c3279a0..f4de09f431 100644 --- a/xen/drivers/passthrough/amd/iommu_intr.c +++ b/xen/drivers/passthrough/amd/iommu_intr.c @@ -604,7 +604,7 @@ static struct amd_iommu *_find_iommu_for_device(int seg, int bdf) if ( iommu ) return iommu; - AMD_IOMMU_DEBUG("No IOMMU for MSI dev = %pp\n", &PCI_SBDF2(seg, bdf)); + AMD_IOMMU_DEBUG("No IOMMU for MSI dev = %pp\n", &PCI_SBDF(seg, bdf)); return ERR_PTR(-EINVAL); } @@ -814,7 +814,7 @@ static void dump_intremap_table(const struct amd_iommu *iommu, if ( ivrs_mapping ) { printk(" %pp:\n", - &PCI_SBDF2(iommu->seg, ivrs_mapping->dte_requestor_id)); + &PCI_SBDF(iommu->seg, ivrs_mapping->dte_requestor_id)); ivrs_mapping = NULL; } diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 3abcac247e..4a33df8c5e 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -540,7 +540,7 @@ int cf_check amd_iommu_get_reserved_device_memory( for ( bdf = 0; bdf < ivrs_bdf_entries; ++bdf ) { - pci_sbdf_t sbdf = PCI_SBDF2(seg, bdf); + pci_sbdf_t sbdf = PCI_SBDF(seg, bdf); const struct ivrs_unity_map *um = ivrs_mappings[bdf].unity_map; unsigned int req = ivrs_mappings[bdf].dte_requestor_id; const struct amd_iommu *iommu = ivrs_mappings[bdf].iommu; @@ -569,7 +569,7 @@ int cf_check amd_iommu_get_reserved_device_memory( * the same alias ID. */ if ( bdf != req && ivrs_mappings[req].iommu && - func(0, 0, PCI_SBDF2(seg, req).sbdf, ctxt) ) + func(0, 0, PCI_SBDF(seg, req).sbdf, ctxt) ) continue; if ( global == pending ) diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 8cbbd7c6c9..8c5d69a46a 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -53,7 +53,7 @@ struct amd_iommu *find_iommu_for_device(int seg, int bdf) ivrs_mappings[bdf] = tmp; printk(XENLOG_WARNING "%pp not found in ACPI tables;" - " using same IOMMU as function 0\n", &PCI_SBDF2(seg, bdf)); + " using same IOMMU as function 0\n", &PCI_SBDF(seg, bdf)); /* write iommu field last */ ivrs_mappings[bdf].iommu = ivrs_mappings[bd0].iommu; @@ -144,7 +144,7 @@ static int __must_check amd_iommu_setup_domain_device( | (ivrs_dev->unity_map ? SET_ROOT_WITH_UNITY_MAP : 0); /* get device-table entry */ - req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); + req_id = get_dma_requestor_id(iommu->seg, PCI_BDF(bus, devfn)); table = iommu->dev_table.buffer; dte = &table[req_id]; ivrs_dev = &get_ivrs_mappings(iommu->seg)[req_id]; @@ -202,7 +202,7 @@ static int __must_check amd_iommu_setup_domain_device( * presence. But let's deal with that case only if it is actually * found in the wild. */ - if ( req_id != PCI_BDF2(bus, devfn) && + if ( req_id != PCI_BDF(bus, devfn) && (sr_flags & SET_ROOT_WITH_UNITY_MAP) ) rc = -EOPNOTSUPP; else @@ -231,7 +231,7 @@ static int __must_check amd_iommu_setup_domain_device( (any_pdev_behind_iommu(pdev->domain, pdev, iommu) || pdev->phantom_stride) ) AMD_IOMMU_WARN(" %pp: reassignment may cause %pd data corruption\n", - &PCI_SBDF3(pdev->seg, bus, devfn), pdev->domain); + &PCI_SBDF(pdev->seg, bus, devfn), pdev->domain); /* * Check remaining settings are still in place from an earlier call @@ -414,7 +414,7 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, disable_ats_device(pdev); BUG_ON ( iommu->dev_table.buffer == NULL ); - req_id = get_dma_requestor_id(iommu->seg, PCI_BDF2(bus, devfn)); + req_id = get_dma_requestor_id(iommu->seg, PCI_BDF(bus, devfn)); table = iommu->dev_table.buffer; dte = &table[req_id]; @@ -461,7 +461,7 @@ static int cf_check reassign_device( if ( !iommu ) { AMD_IOMMU_WARN("failed to find IOMMU: %pp cannot be assigned to %pd\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), target); + &PCI_SBDF(pdev->seg, pdev->bus, devfn), target); return -ENODEV; } @@ -488,7 +488,7 @@ static int cf_check reassign_device( if ( !is_hardware_domain(source) ) { const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); - unsigned int bdf = PCI_BDF2(pdev->bus, devfn); + unsigned int bdf = PCI_BDF(pdev->bus, devfn); rc = amd_iommu_reserve_domain_unity_unmap( source, @@ -498,7 +498,7 @@ static int cf_check reassign_device( } AMD_IOMMU_DEBUG("Re-assign %pp from %pd to %pd\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), source, target); + &PCI_SBDF(pdev->seg, pdev->bus, devfn), source, target); return 0; } @@ -507,7 +507,7 @@ static int cf_check amd_iommu_assign_device( struct domain *d, u8 devfn, struct pci_dev *pdev, u32 flag) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); - int bdf = PCI_BDF2(pdev->bus, devfn); + unsigned int bdf = PCI_BDF(pdev->bus, devfn); int req_id = get_dma_requestor_id(pdev->seg, bdf); int rc = amd_iommu_reserve_domain_unity_map( d, ivrs_mappings[req_id].unity_map, flag); @@ -575,12 +575,12 @@ static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) } AMD_IOMMU_WARN("no IOMMU for %pp; cannot be handed to %pd\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), pdev->domain); + &PCI_SBDF(pdev->seg, pdev->bus, devfn), pdev->domain); return -ENODEV; } ivrs_mappings = get_ivrs_mappings(pdev->seg); - bdf = PCI_BDF2(pdev->bus, devfn); + bdf = PCI_BDF(pdev->bus, devfn); if ( !ivrs_mappings || !ivrs_mappings[ivrs_mappings[bdf].dte_requestor_id].valid ) return -EPERM; @@ -618,7 +618,7 @@ static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) ivrs_mappings[ivrs_mappings[bdf].dte_requestor_id].unity_map, 0) ) AMD_IOMMU_WARN("%pd: unity mapping failed for %pp\n", - pdev->domain, &PCI_SBDF2(pdev->seg, bdf)); + pdev->domain, &PCI_SBDF(pdev->seg, bdf)); if ( iommu_quarantine && pdev->arch.pseudo_domid == DOMID_INVALID ) { @@ -651,20 +651,20 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) if ( !iommu ) { AMD_IOMMU_WARN("failed to find IOMMU: %pp cannot be removed from %pd\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), pdev->domain); + &PCI_SBDF(pdev->seg, pdev->bus, devfn), pdev->domain); return -ENODEV; } amd_iommu_disable_domain_device(pdev->domain, iommu, devfn, pdev); ivrs_mappings = get_ivrs_mappings(pdev->seg); - bdf = PCI_BDF2(pdev->bus, devfn); + bdf = PCI_BDF(pdev->bus, devfn); if ( amd_iommu_reserve_domain_unity_unmap( pdev->domain, ivrs_mappings[ivrs_mappings[bdf].dte_requestor_id].unity_map) ) AMD_IOMMU_WARN("%pd: unity unmapping failed for %pp\n", - pdev->domain, &PCI_SBDF2(pdev->seg, bdf)); + pdev->domain, &PCI_SBDF(pdev->seg, bdf)); amd_iommu_quarantine_teardown(pdev); @@ -681,7 +681,7 @@ static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) static int cf_check amd_iommu_group_id(u16 seg, u8 bus, u8 devfn) { - int bdf = PCI_BDF2(bus, devfn); + unsigned int bdf = PCI_BDF(bus, devfn); return (bdf < ivrs_bdf_entries) ? get_dma_requestor_id(seg, bdf) : bdf; } diff --git a/xen/drivers/passthrough/ats.h b/xen/drivers/passthrough/ats.h index 22ae209b37..c202f4ecdd 100644 --- a/xen/drivers/passthrough/ats.h +++ b/xen/drivers/passthrough/ats.h @@ -35,7 +35,7 @@ static inline int pci_ats_enabled(int seg, int bus, int devfn) pos = pci_find_ext_capability(seg, bus, devfn, PCI_EXT_CAP_ID_ATS); BUG_ON(!pos); - value = pci_conf_read16(PCI_SBDF3(seg, bus, devfn), pos + ATS_REG_CTL); + value = pci_conf_read16(PCI_SBDF(seg, bus, devfn), pos + ATS_REG_CTL); return value & ATS_ENABLE; } diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 136cc8ae3d..a8081576b3 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -553,7 +553,7 @@ int __init pci_ro_device(int seg, int bus, int devfn) memset(pseg->ro_map, 0, sz); } - __set_bit(PCI_BDF2(bus, devfn), pseg->ro_map); + __set_bit(PCI_BDF(bus, devfn), pseg->ro_map); _pci_hide_device(pdev); return 0; @@ -957,7 +957,7 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus, out: if ( ret ) printk(XENLOG_G_ERR "%pd: deassign (%pp) failed (%d)\n", - d, &PCI_SBDF3(seg, bus, devfn), ret); + d, &PCI_SBDF(seg, bus, devfn), ret); return ret; } @@ -1406,7 +1406,7 @@ static int iommu_add_device(struct pci_dev *pdev) rc = iommu_call(hd->platform_ops, add_device, devfn, pci_to_dev(pdev)); if ( rc ) printk(XENLOG_WARNING "IOMMU: add %pp failed (%d)\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), rc); + &PCI_SBDF(pdev->seg, pdev->bus, devfn), rc); } } @@ -1452,7 +1452,7 @@ static int iommu_remove_device(struct pci_dev *pdev) continue; printk(XENLOG_ERR "IOMMU: remove %pp failed (%d)\n", - &PCI_SBDF3(pdev->seg, pdev->bus, devfn), rc); + &PCI_SBDF(pdev->seg, pdev->bus, devfn), rc); return rc; } @@ -1536,7 +1536,7 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) done: if ( rc ) printk(XENLOG_G_WARNING "%pd: assign (%pp) failed (%d)\n", - d, &PCI_SBDF3(seg, bus, devfn), rc); + d, &PCI_SBDF(seg, bus, devfn), rc); /* The device is assigned to dom_io so mark it as quarantined */ else if ( d == dom_io ) pdev->quarantine = true; @@ -1647,7 +1647,7 @@ int iommu_do_pci_domctl( seg = domctl->u.get_device_group.machine_sbdf >> 16; bus = PCI_BUS(domctl->u.get_device_group.machine_sbdf); - devfn = PCI_DEVFN2(domctl->u.get_device_group.machine_sbdf); + devfn = PCI_DEVFN(domctl->u.get_device_group.machine_sbdf); max_sdevs = domctl->u.get_device_group.max_sdevs; sdevs = domctl->u.get_device_group.sdev_array; @@ -1697,7 +1697,7 @@ int iommu_do_pci_domctl( seg = machine_sbdf >> 16; bus = PCI_BUS(machine_sbdf); - devfn = PCI_DEVFN2(machine_sbdf); + devfn = PCI_DEVFN(machine_sbdf); pcidevs_lock(); ret = device_assigned(seg, bus, devfn); @@ -1706,7 +1706,7 @@ int iommu_do_pci_domctl( if ( ret ) { printk(XENLOG_G_INFO "%pp already assigned, or non-existent\n", - &PCI_SBDF3(seg, bus, devfn)); + &PCI_SBDF(seg, bus, devfn)); ret = -EINVAL; } } @@ -1742,7 +1742,7 @@ int iommu_do_pci_domctl( seg = machine_sbdf >> 16; bus = PCI_BUS(machine_sbdf); - devfn = PCI_DEVFN2(machine_sbdf); + devfn = PCI_DEVFN(machine_sbdf); pcidevs_lock(); ret = deassign_device(d, seg, bus, devfn); diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c index 63f8642e12..367304c873 100644 --- a/xen/drivers/passthrough/vtd/dmar.c +++ b/xen/drivers/passthrough/vtd/dmar.c @@ -222,7 +222,7 @@ struct acpi_drhd_unit *acpi_find_matched_drhd_unit(const struct pci_dev *pdev) continue; for (i = 0; i < drhd->scope.devices_cnt; i++) - if ( drhd->scope.devices[i] == PCI_BDF2(bus, devfn) ) + if ( drhd->scope.devices[i] == PCI_BDF(bus, devfn) ) return drhd; if ( test_bit(bus, drhd->scope.buses) ) @@ -1062,7 +1062,7 @@ int cf_check intel_iommu_get_reserved_device_memory( rc = func(PFN_DOWN(rmrr->base_address), PFN_UP(rmrr->end_address) - PFN_DOWN(rmrr->base_address), - PCI_SBDF2(rmrr->segment, bdf).sbdf, ctxt); + PCI_SBDF(rmrr->segment, bdf).sbdf, ctxt); if ( unlikely(rc < 0) ) return rc; diff --git a/xen/drivers/passthrough/vtd/intremap.c b/xen/drivers/passthrough/vtd/intremap.c index e6ba89591b..1512e4866b 100644 --- a/xen/drivers/passthrough/vtd/intremap.c +++ b/xen/drivers/passthrough/vtd/intremap.c @@ -498,7 +498,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire) case 4: sq = SQ_13_IGNORE_1; break; default: sq = SQ_ALL_16; break; } - set_ire_sid(ire, SVT_VERIFY_SID_SQ, sq, PCI_BDF2(bus, devfn)); + set_ire_sid(ire, SVT_VERIFY_SID_SQ, sq, PCI_BDF(bus, devfn)); break; case DEV_TYPE_PCI: @@ -508,7 +508,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire) if ( ret == 0 ) /* integrated PCI device */ { set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, - PCI_BDF2(bus, devfn)); + PCI_BDF(bus, devfn)); } else if ( ret == 1 ) /* find upstream bridge */ { @@ -517,7 +517,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire) (bus << 8) | pdev->bus); else set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, - PCI_BDF2(bus, devfn)); + PCI_BDF(bus, devfn)); } else dprintk(XENLOG_WARNING VTDPREFIX, diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index cff37c0c31..f22caf269d 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -998,21 +998,21 @@ static int iommu_page_fault_do_one(struct vtd_iommu *iommu, int type, "DMAR:[%s] Request device [%pp] " "fault addr %"PRIx64"\n", (type ? "DMA Read" : "DMA Write"), - &PCI_SBDF2(seg, source_id), addr); + &PCI_SBDF(seg, source_id), addr); kind = "DMAR"; break; case INTR_REMAP: printk(XENLOG_G_WARNING VTDPREFIX "INTR-REMAP: Request device [%pp] " "fault index %"PRIx64"\n", - &PCI_SBDF2(seg, source_id), addr >> 48); + &PCI_SBDF(seg, source_id), addr >> 48); kind = "INTR-REMAP"; break; default: printk(XENLOG_G_WARNING VTDPREFIX "UNKNOWN: Request device [%pp] " "fault addr %"PRIx64"\n", - &PCI_SBDF2(seg, source_id), addr); + &PCI_SBDF(seg, source_id), addr); kind = "UNKNOWN"; break; } @@ -1021,7 +1021,7 @@ static int iommu_page_fault_do_one(struct vtd_iommu *iommu, int type, kind, fault_reason, reason); if ( iommu_verbose && fault_type == DMA_REMAP ) - print_vtd_entries(iommu, PCI_BUS(source_id), PCI_DEVFN2(source_id), + print_vtd_entries(iommu, PCI_BUS(source_id), PCI_DEVFN(source_id), addr >> PAGE_SHIFT); return 0; @@ -1099,7 +1099,7 @@ static void __do_iommu_page_fault(struct vtd_iommu *iommu) source_id, guest_addr); pci_check_disable_device(iommu->drhd->segment, - PCI_BUS(source_id), PCI_DEVFN2(source_id)); + PCI_BUS(source_id), PCI_DEVFN(source_id)); fault_index++; if ( fault_index > cap_num_fault_regs(iommu->cap) ) @@ -1603,7 +1603,7 @@ int domain_context_mapping_one( check_cleanup_domid_map(domain, pdev, iommu); printk(XENLOG_ERR "%pp: unexpected context entry %016lx_%016lx (expected %016lx_%016lx)\n", - &PCI_SBDF3(seg, bus, devfn), + &PCI_SBDF(seg, bus, devfn), (uint64_t)(res >> 64), (uint64_t)res, (uint64_t)(old >> 64), (uint64_t)old); rc = -EILSEQ; @@ -1633,7 +1633,7 @@ int domain_context_mapping_one( if ( !(mode & (MAP_OWNER_DYING | MAP_SINGLE_DEVICE)) ) printk(XENLOG_WARNING VTDPREFIX " %pp: reassignment may cause %pd data corruption\n", - &PCI_SBDF3(seg, bus, devfn), prev_dom); + &PCI_SBDF(seg, bus, devfn), prev_dom); write_atomic(&context->lo, lctxt.lo); /* No barrier should be needed between these two. */ @@ -1643,7 +1643,7 @@ int domain_context_mapping_one( iommu_sync_cache(context, sizeof(struct context_entry)); spin_unlock(&iommu->lock); - rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF2(bus, devfn), + rc = iommu_flush_context_device(iommu, prev_did, PCI_BDF(bus, devfn), DMA_CCMD_MASK_NOBIT, !prev_dom); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); ret = iommu_flush_iotlb_dsi(iommu, prev_did, !prev_dom, flush_dev_iotlb); @@ -1750,7 +1750,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "%pd:Hostbridge: skip %pp map\n", - domain, &PCI_SBDF3(seg, bus, devfn)); + domain, &PCI_SBDF(seg, bus, devfn)); if ( !is_hardware_domain(domain) ) return -EPERM; break; @@ -1774,7 +1774,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: map %pp\n", - domain, &PCI_SBDF3(seg, bus, devfn)); + domain, &PCI_SBDF(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, DEVICE_DOMID(domain, pdev), pgd_maddr, mode); @@ -1799,7 +1799,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: map %pp\n", - domain, &PCI_SBDF3(seg, bus, devfn)); + domain, &PCI_SBDF(seg, bus, devfn)); ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn, pdev, DEVICE_DOMID(domain, pdev), @@ -1864,7 +1864,7 @@ static int domain_context_mapping(struct domain *domain, u8 devfn, default: dprintk(XENLOG_ERR VTDPREFIX, "%pd:unknown(%u): %pp\n", - domain, pdev->type, &PCI_SBDF3(seg, bus, devfn)); + domain, pdev->type, &PCI_SBDF(seg, bus, devfn)); ret = -EINVAL; break; } @@ -1913,7 +1913,7 @@ int domain_context_unmap_one( iommu_sync_cache(context, sizeof(struct context_entry)); rc = iommu_flush_context_device(iommu, iommu_domid, - PCI_BDF2(bus, devfn), + PCI_BDF(bus, devfn), DMA_CCMD_MASK_NOBIT, 0); flush_dev_iotlb = !!find_ats_dev_drhd(iommu); @@ -1972,7 +1972,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( case DEV_TYPE_PCI_HOST_BRIDGE: if ( iommu_debug ) printk(VTDPREFIX "%pd:Hostbridge: skip %pp unmap\n", - domain, &PCI_SBDF3(seg, bus, devfn)); + domain, &PCI_SBDF(seg, bus, devfn)); return ERR_PTR(is_hardware_domain(domain) ? 0 : -EPERM); case DEV_TYPE_PCIe_BRIDGE: @@ -1986,7 +1986,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCIe: unmap %pp\n", - domain, &PCI_SBDF3(seg, bus, devfn)); + domain, &PCI_SBDF(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( !ret && devfn == pdev->devfn && ats_device(pdev, drhd) > 0 ) disable_ats_device(pdev); @@ -1999,7 +1999,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( if ( iommu_debug ) printk(VTDPREFIX "%pd:PCI: unmap %pp\n", - domain, &PCI_SBDF3(seg, bus, devfn)); + domain, &PCI_SBDF(seg, bus, devfn)); ret = domain_context_unmap_one(domain, iommu, bus, devfn); if ( ret ) break; @@ -2032,7 +2032,7 @@ static const struct acpi_drhd_unit *domain_context_unmap( default: dprintk(XENLOG_ERR VTDPREFIX, "%pd:unknown(%u): %pp\n", - domain, pdev->type, &PCI_SBDF3(seg, bus, devfn)); + domain, pdev->type, &PCI_SBDF(seg, bus, devfn)); return ERR_PTR(-EINVAL); } @@ -2232,9 +2232,7 @@ static int cf_check intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) for_each_rmrr_device ( rmrr, bdf, i ) { - if ( rmrr->segment == pdev->seg && - PCI_BUS(bdf) == pdev->bus && - PCI_DEVFN2(bdf) == devfn ) + if ( rmrr->segment == pdev->seg && bdf == PCI_BDF(pdev->bus, devfn) ) { /* * iommu_add_device() is only called for the hardware @@ -2290,9 +2288,7 @@ static int cf_check intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) for_each_rmrr_device ( rmrr, bdf, i ) { - if ( rmrr->segment != pdev->seg || - PCI_BUS(bdf) != pdev->bus || - PCI_DEVFN2(bdf) != devfn ) + if ( rmrr->segment != pdev->seg || bdf != PCI_BDF(pdev->bus, devfn) ) continue; /* @@ -2719,8 +2715,7 @@ static int cf_check reassign_device_ownership( for_each_rmrr_device( rmrr, bdf, i ) if ( rmrr->segment == pdev->seg && - PCI_BUS(bdf) == pdev->bus && - PCI_DEVFN2(bdf) == devfn ) + bdf == PCI_BDF(pdev->bus, devfn) ) { /* * Any RMRR flag is always ignored when remove a device, @@ -2764,9 +2759,7 @@ static int cf_check intel_iommu_assign_device( */ for_each_rmrr_device( rmrr, bdf, i ) { - if ( rmrr->segment == seg && - PCI_BUS(bdf) == bus && - PCI_DEVFN2(bdf) == devfn && + if ( rmrr->segment == seg && bdf == PCI_BDF(bus, devfn) && rmrr->scope.devices_cnt > 1 ) { bool_t relaxed = !!(flag & XEN_DOMCTL_DEV_RDM_RELAXED); @@ -2776,7 +2769,7 @@ static int cf_check intel_iommu_assign_device( " with shared RMRR at %"PRIx64" for %pd.\n", relaxed ? XENLOG_WARNING : XENLOG_ERR, relaxed ? "risky" : "disallowed", - &PCI_SBDF3(seg, bus, devfn), rmrr->base_address, d); + &PCI_SBDF(seg, bus, devfn), rmrr->base_address, d); if ( !relaxed ) return -EPERM; } @@ -2788,9 +2781,7 @@ static int cf_check intel_iommu_assign_device( /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) { - if ( rmrr->segment == seg && - PCI_BUS(bdf) == bus && - PCI_DEVFN2(bdf) == devfn ) + if ( rmrr->segment == seg && bdf == PCI_BDF(bus, devfn) ) { ret = iommu_identity_mapping(d, p2m_access_rw, rmrr->base_address, rmrr->end_address, flag); @@ -2813,9 +2804,7 @@ static int cf_check intel_iommu_assign_device( for_each_rmrr_device( rmrr, bdf, i ) { - if ( rmrr->segment == seg && - PCI_BUS(bdf) == bus && - PCI_DEVFN2(bdf) == devfn ) + if ( rmrr->segment == seg && bdf == PCI_BDF(bus, devfn) ) { int rc = iommu_identity_mapping(d, p2m_access_x, rmrr->base_address, @@ -2842,7 +2831,7 @@ static int cf_check intel_iommu_group_id(u16 seg, u8 bus, u8 devfn) if ( find_upstream_bridge(seg, &bus, &devfn, &secbus) < 0 ) return -ENODEV; - return PCI_BDF2(bus, devfn); + return PCI_BDF(bus, devfn); } static int __must_check cf_check vtd_suspend(void) diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 3ddbb20e48..603ad41d5b 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -115,7 +115,7 @@ bool is_azalia_tlb_enabled(const struct acpi_drhd_unit *drhd) return true; /* Check for the specific device. */ - sbdf = PCI_SBDF2(drhd->segment, drhd->scope.devices[0]); + sbdf = PCI_SBDF(drhd->segment, drhd->scope.devices[0]); if ( pci_conf_read16(sbdf, PCI_VENDOR_ID) != PCI_VENDOR_ID_INTEL || pci_conf_read16(sbdf, PCI_DEVICE_ID) != 0x3a3e ) return true; @@ -446,7 +446,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, return 0; /* if device is WLAN device, map ME phantom device 0:3.7 */ - id = pci_conf_read32(PCI_SBDF3(0, bus, devfn), 0); + id = pci_conf_read32(PCI_SBDF(0, bus, devfn), 0); switch (id) { case 0x42328086: @@ -470,7 +470,7 @@ int me_wifi_quirk(struct domain *domain, uint8_t bus, uint8_t devfn, return 0; /* if device is WLAN device, map ME phantom device 0:22.7 */ - id = pci_conf_read32(PCI_SBDF3(0, bus, devfn), 0); + id = pci_conf_read32(PCI_SBDF(0, bus, devfn), 0); switch (id) { case 0x00878086: /* Kilmer Peak */ diff --git a/xen/drivers/passthrough/vtd/utils.c b/xen/drivers/passthrough/vtd/utils.c index 47922dc8e8..7c4d032f4f 100644 --- a/xen/drivers/passthrough/vtd/utils.c +++ b/xen/drivers/passthrough/vtd/utils.c @@ -96,7 +96,7 @@ void print_vtd_entries(struct vtd_iommu *iommu, int bus, int devfn, u64 gmfn) u32 l_index, level; printk("print_vtd_entries: iommu #%u dev %pp gmfn %"PRI_gfn"\n", - iommu->index, &PCI_SBDF3(iommu->drhd->segment, bus, devfn), + iommu->index, &PCI_SBDF(iommu->drhd->segment, bus, devfn), gmfn); if ( iommu->root_maddr == 0 ) diff --git a/xen/drivers/pci/pci.c b/xen/drivers/pci/pci.c index 4de5fdf679..e411876a15 100644 --- a/xen/drivers/pci/pci.c +++ b/xen/drivers/pci/pci.c @@ -46,12 +46,12 @@ int pci_find_next_cap(u16 seg, u8 bus, unsigned int devfn, u8 pos, int cap) while ( ttl-- ) { - pos = pci_conf_read8(PCI_SBDF3(seg, bus, devfn), pos); + pos = pci_conf_read8(PCI_SBDF(seg, bus, devfn), pos); if ( pos < 0x40 ) break; pos &= ~3; - id = pci_conf_read8(PCI_SBDF3(seg, bus, devfn), pos + PCI_CAP_LIST_ID); + id = pci_conf_read8(PCI_SBDF(seg, bus, devfn), pos + PCI_CAP_LIST_ID); if ( id == 0xff ) break; @@ -93,7 +93,7 @@ int pci_find_next_ext_capability(int seg, int bus, int devfn, int start, int cap int ttl = 480; /* 3840 bytes, minimum 8 bytes per capability */ int pos = max(start, 0x100); - header = pci_conf_read32(PCI_SBDF3(seg, bus, devfn), pos); + header = pci_conf_read32(PCI_SBDF(seg, bus, devfn), pos); /* * If we have no capabilities, this is indicated by cap ID, @@ -109,7 +109,7 @@ int pci_find_next_ext_capability(int seg, int bus, int devfn, int start, int cap pos = PCI_EXT_CAP_NEXT(header); if ( pos < 0x100 ) break; - header = pci_conf_read32(PCI_SBDF3(seg, bus, devfn), pos); + header = pci_conf_read32(PCI_SBDF(seg, bus, devfn), pos); } return 0; } @@ -162,7 +162,7 @@ const char *__init parse_pci_seg(const char *s, unsigned int *seg_p, else func = 0; if ( seg != (seg_p ? (u16)seg : 0) || - bus != PCI_BUS(PCI_BDF2(bus, 0)) || + bus != PCI_BUS(PCI_BDF(bus, 0)) || dev != PCI_SLOT(PCI_DEVFN(dev, 0)) || func != PCI_FUNC(PCI_DEVFN(0, func)) ) return NULL; diff --git a/xen/drivers/video/vga.c b/xen/drivers/video/vga.c index e624ebff4f..d993e68d31 100644 --- a/xen/drivers/video/vga.c +++ b/xen/drivers/video/vga.c @@ -122,9 +122,9 @@ void __init video_endboot(void) pcidevs_unlock(); if ( !pdev || - pci_conf_read16(PCI_SBDF3(0, bus, devfn), + pci_conf_read16(PCI_SBDF(0, bus, devfn), PCI_CLASS_DEVICE) != 0x0300 || - !(pci_conf_read16(PCI_SBDF3(0, bus, devfn), PCI_COMMAND) & + !(pci_conf_read16(PCI_SBDF(0, bus, devfn), PCI_COMMAND) & (PCI_COMMAND_IO | PCI_COMMAND_MEMORY)) ) continue; @@ -136,12 +136,12 @@ void __init video_endboot(void) b = 0; break; case 1: - switch ( pci_conf_read8(PCI_SBDF3(0, b, df), + switch ( pci_conf_read8(PCI_SBDF(0, b, df), PCI_HEADER_TYPE) ) { case PCI_HEADER_TYPE_BRIDGE: case PCI_HEADER_TYPE_CARDBUS: - if ( pci_conf_read16(PCI_SBDF3(0, b, df), + if ( pci_conf_read16(PCI_SBDF(0, b, df), PCI_BRIDGE_CONTROL) & PCI_BRIDGE_CTL_VGA ) continue; diff --git a/xen/include/xen/pci.h b/xen/include/xen/pci.h index 02b31f7259..f34368643c 100644 --- a/xen/include/xen/pci.h +++ b/xen/include/xen/pci.h @@ -29,16 +29,21 @@ #define PCI_BUS(bdf) (((bdf) >> 8) & 0xff) #define PCI_SLOT(bdf) (((bdf) >> 3) & 0x1f) #define PCI_FUNC(bdf) ((bdf) & 0x07) -#define PCI_DEVFN(d,f) ((((d) & 0x1f) << 3) | ((f) & 0x07)) -#define PCI_DEVFN2(bdf) ((bdf) & 0xff) -#define PCI_BDF(b,d,f) ((((b) & 0xff) << 8) | PCI_DEVFN(d,f)) -#define PCI_BDF2(b,df) ((((b) & 0xff) << 8) | ((df) & 0xff)) -#define PCI_SBDF(s,b,d,f) \ - ((pci_sbdf_t){ .sbdf = (((s) & 0xffff) << 16) | PCI_BDF(b, d, f) }) -#define PCI_SBDF2(s,bdf) \ + +#define PCI_DEVFN1_(df) ((df) & 0xff) +#define PCI_DEVFN2_(d, f) ((((d) & 0x1f) << 3) | ((f) & 7)) +#define PCI_SBDF4_(s, b, d, f...) \ + ((pci_sbdf_t){ .sbdf = (((s) & 0xffff) << 16) | PCI_BDF(b, d, ##f) }) +#define PCI_SBDF3_ PCI_SBDF4_ +#define PCI_SBDF2_(s, bdf) \ ((pci_sbdf_t){ .sbdf = (((s) & 0xffff) << 16) | ((bdf) & 0xffff) }) -#define PCI_SBDF3(s,b,df) \ - ((pci_sbdf_t){ .sbdf = (((s) & 0xffff) << 16) | PCI_BDF2(b, df) }) + +#define PCI__(what, nr) PCI_##what##nr##_ +#define PCI_(what, nr) PCI__(what, nr) + +#define PCI_DEVFN(d, f...) PCI_(DEVFN, count_args(d, ##f))(d, ##f) +#define PCI_BDF(b, d, f...) ((((b) & 0xff) << 8) | PCI_DEVFN(d, ##f)) +#define PCI_SBDF(s, b, d...) PCI_(SBDF, count_args(s, b, ##d))(s, b, ##d) #define ECAM_REG_OFFSET(addr) ((addr) & 0x00000fff) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:36:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:36:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318114.537755 (Exim 4.92) (envelope-from ) id 1nkmKd-0008Po-SZ; Sat, 30 Apr 2022 12:36:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318114.537755; Sat, 30 Apr 2022 12:36:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKd-0008Pf-PG; Sat, 30 Apr 2022 12:36:15 +0000 Received: by outflank-mailman (input) for mailman id 318114; Sat, 30 Apr 2022 12:36:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKc-00089R-6Q for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:36:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKc-0000Ay-5o for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:36:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmKc-0002hf-53 for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:36:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=svRjngqXQuIUbeCy1dvixT0mU/34nA4ePkWUSWn/uVw=; b=oaaeSGfjk3BTxFdPQB8qRI+Q5h 8dgYDtxx0c+7KcWt9NbAan7XyuXMIzFMvAPeoz+gzr2wfGdbAb9A7J64kNjFfgOi+vvA/VbdcyfAP fBeIuelMSxKr+0gQ9Bdfp28rhHGi7FgmFt+LSNSz7c4tvf8duUMwmFQR0T+f+ddZX8c0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/mem_sharing: make fork_reset more configurable Message-Id: Date: Sat, 30 Apr 2022 12:36:14 +0000 commit d711a8e5279d830d2e4f0f55246ed0c6e4a6bbed Author: Tamas K Lengyel AuthorDate: Thu Apr 28 16:15:33 2022 +0200 Commit: Jan Beulich CommitDate: Thu Apr 28 16:15:33 2022 +0200 x86/mem_sharing: make fork_reset more configurable Alow specify distinct parts of the fork VM to be reset. This is useful when a fuzzing operation involves mapping in only a handful of pages that are known ahead of time. Throwing these pages away just to be re-copied immediately is expensive, thus allowing to specify partial resets can speed things up. Also allow resetting to be initiated from vm_event responses as an optiomization. Signed-off-by: Tamas K Lengyel Reviewed-by: Roger Pau Monné --- xen/arch/x86/include/asm/mem_sharing.h | 9 +++++++++ xen/arch/x86/mm/mem_sharing.c | 24 +++++++++++++++++++----- xen/common/vm_event.c | 16 ++++++++++++++++ xen/include/public/memory.h | 4 +++- xen/include/public/vm_event.h | 8 ++++++++ 5 files changed, 55 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/include/asm/mem_sharing.h b/xen/arch/x86/include/asm/mem_sharing.h index cf7a12f4d2..2c00069bc9 100644 --- a/xen/arch/x86/include/asm/mem_sharing.h +++ b/xen/arch/x86/include/asm/mem_sharing.h @@ -85,6 +85,9 @@ static inline bool mem_sharing_is_fork(const struct domain *d) int mem_sharing_fork_page(struct domain *d, gfn_t gfn, bool unsharing); +int mem_sharing_fork_reset(struct domain *d, bool reset_state, + bool reset_memory); + /* * If called by a foreign domain, possible errors are * -EBUSY -> ring full @@ -148,6 +151,12 @@ static inline int mem_sharing_fork_page(struct domain *d, gfn_t gfn, bool lock) return -EOPNOTSUPP; } +static inline int mem_sharing_fork_reset(struct domain *d, bool reset_state, + bool reset_memory) +{ + return -EOPNOTSUPP; +} + #endif #endif /* __MEM_SHARING_H__ */ diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index 61538c3fb2..8f9d9ed9a9 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -1891,15 +1891,21 @@ static int fork(struct domain *cd, struct domain *d) * footprints the hypercall continuation should be implemented (or if this * feature needs to be become "stable"). */ -static int mem_sharing_fork_reset(struct domain *d) +int mem_sharing_fork_reset(struct domain *d, bool reset_state, + bool reset_memory) { - int rc; + int rc = 0; struct domain *pd = d->parent; struct p2m_domain *p2m = p2m_get_hostp2m(d); struct page_info *page, *tmp; + ASSERT(reset_state || reset_memory); + domain_pause(d); + if ( !reset_memory ) + goto state; + /* need recursive lock because we will free pages */ spin_lock_recursive(&d->page_alloc_lock); page_list_for_each_safe(page, tmp, &d->page_list) @@ -1932,7 +1938,9 @@ static int mem_sharing_fork_reset(struct domain *d) } spin_unlock_recursive(&d->page_alloc_lock); - rc = copy_settings(d, pd); + state: + if ( reset_state ) + rc = copy_settings(d, pd); domain_unpause(d); @@ -2239,15 +2247,21 @@ int mem_sharing_memop(XEN_GUEST_HANDLE_PARAM(xen_mem_sharing_op_t) arg) case XENMEM_sharing_op_fork_reset: { + bool reset_state = mso.u.fork.flags & XENMEM_FORK_RESET_STATE; + bool reset_memory = mso.u.fork.flags & XENMEM_FORK_RESET_MEMORY; + rc = -EINVAL; - if ( mso.u.fork.pad || mso.u.fork.flags ) + if ( mso.u.fork.pad || (!reset_state && !reset_memory) ) + goto out; + if ( mso.u.fork.flags & + ~(XENMEM_FORK_RESET_STATE | XENMEM_FORK_RESET_MEMORY) ) goto out; rc = -ENOSYS; if ( !d->parent ) goto out; - rc = mem_sharing_fork_reset(d); + rc = mem_sharing_fork_reset(d, reset_state, reset_memory); break; } diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c index 84cf52636b..4a8f02893e 100644 --- a/xen/common/vm_event.c +++ b/xen/common/vm_event.c @@ -28,6 +28,11 @@ #include #include #include + +#ifdef CONFIG_MEM_SHARING +#include +#endif + #include #include @@ -394,6 +399,17 @@ static int vm_event_resume(struct domain *d, struct vm_event_domain *ved) if ( rsp.reason == VM_EVENT_REASON_MEM_PAGING ) p2m_mem_paging_resume(d, &rsp); #endif +#ifdef CONFIG_MEM_SHARING + if ( mem_sharing_is_fork(d) ) + { + bool reset_state = rsp.flags & VM_EVENT_FLAG_RESET_FORK_STATE; + bool reset_mem = rsp.flags & VM_EVENT_FLAG_RESET_FORK_MEMORY; + + if ( (reset_state || reset_mem) && + mem_sharing_fork_reset(d, reset_state, reset_mem) ) + ASSERT_UNREACHABLE(); + } +#endif /* * Check emulation flags in the arch-specific handler only, as it diff --git a/xen/include/public/memory.h b/xen/include/public/memory.h index a1a0f0233a..f8d26fb77d 100644 --- a/xen/include/public/memory.h +++ b/xen/include/public/memory.h @@ -541,12 +541,14 @@ struct xen_mem_sharing_op { uint32_t gref; /* IN: gref to debug */ } u; } debug; - struct mem_sharing_op_fork { /* OP_FORK */ + struct mem_sharing_op_fork { /* OP_FORK{,_RESET} */ domid_t parent_domain; /* IN: parent's domain id */ /* Only makes sense for short-lived forks */ #define XENMEM_FORK_WITH_IOMMU_ALLOWED (1u << 0) /* Only makes sense for short-lived forks */ #define XENMEM_FORK_BLOCK_INTERRUPTS (1u << 1) +#define XENMEM_FORK_RESET_STATE (1u << 2) +#define XENMEM_FORK_RESET_MEMORY (1u << 3) uint16_t flags; /* IN: optional settings */ uint32_t pad; /* Must be set to 0 */ } fork; diff --git a/xen/include/public/vm_event.h b/xen/include/public/vm_event.h index bb003d21d0..1673bb8703 100644 --- a/xen/include/public/vm_event.h +++ b/xen/include/public/vm_event.h @@ -127,6 +127,14 @@ * Reset the vmtrace buffer (if vmtrace is enabled) */ #define VM_EVENT_FLAG_RESET_VMTRACE (1 << 13) +/* + * Reset the VM state (if VM is fork) + */ +#define VM_EVENT_FLAG_RESET_FORK_STATE (1 << 14) +/* + * Remove unshared entries from physmap (if VM is fork) + */ +#define VM_EVENT_FLAG_RESET_FORK_MEMORY (1 << 15) /* * Reasons for the vm event request -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:36:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:36:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318116.537759 (Exim 4.92) (envelope-from ) id 1nkmKn-000064-UO; Sat, 30 Apr 2022 12:36:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318116.537759; Sat, 30 Apr 2022 12:36:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKn-00005u-RH; Sat, 30 Apr 2022 12:36:25 +0000 Received: by outflank-mailman (input) for mailman id 318116; Sat, 30 Apr 2022 12:36:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKm-0008WT-9J for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:36:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKm-0000BC-8e for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:36:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmKm-0002iY-7s for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:36:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5a6aqysW8/r991pN/3fc0ZTIxO6s3u226tJkZvw7HPY=; b=ke50t3he7HAK//8rIyemE1KuJA uKFSLFPbX2iEfAc08I1P9+QtmF10096kSXOxx7EwCVNfrmxHgz0vCMUTEePheYoP7PFSPT/tHetni FCAxgcnRflBbvTgOjl0PYssh3y0nwtq5KdZtiB7m7Wc9nTdaqOn8/VyO4hkks0BPsitQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] MAINTAINERS: add Rahul as SMMU maintainer Message-Id: Date: Sat, 30 Apr 2022 12:36:24 +0000 commit e57477359071ab91429b0ebcbf7ff162242e2831 Author: Stefano Stabellini AuthorDate: Tue Apr 26 13:27:32 2022 -0700 Commit: Stefano Stabellini CommitDate: Thu Apr 28 16:39:43 2022 -0700 MAINTAINERS: add Rahul as SMMU maintainer Add Rahul as ARM SMMU maintainer. Create a new explicit entry for "ARM SMMU" also with Julien which is the original contributor of the code and continues to maintain it. Signed-off-by: Stefano Stabellini Reviewed-by: Bertrand Marquis Acked-by: Rahul Singh Acked-by: Julien Grall --- MAINTAINERS | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 2a47fafe85..ba0d1c0c1b 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -248,6 +248,12 @@ F: xen/drivers/passthrough/arm/ F: xen/include/public/arch-arm/ F: xen/include/public/arch-arm.h +ARM SMMU +M: Julien Grall +M: Rahul Singh +S: Supported +F: xen/drivers/passthrough/arm/smmu.c + ARM SMMUv3 M: Bertrand Marquis M: Rahul Singh -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 30 12:36:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 30 Apr 2022 12:36:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.318119.537763 (Exim 4.92) (envelope-from ) id 1nkmKx-0000Fm-Vu; Sat, 30 Apr 2022 12:36:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 318119.537763; Sat, 30 Apr 2022 12:36:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKx-0000Fe-Sh; Sat, 30 Apr 2022 12:36:35 +0000 Received: by outflank-mailman (input) for mailman id 318119; Sat, 30 Apr 2022 12:36:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKw-0000E4-CS for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:36:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nkmKw-0000BI-Bm for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:36:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nkmKw-0002jP-Ar for xen-changelog@lists.xenproject.org; Sat, 30 Apr 2022 12:36:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iufme77bPWKbVKioCw7xclm+MejaJGwoiIm/jDK3mos=; b=B2seGe3ODQ6kcWF3UBaw+OY9DP 3GF7pQcEDk3zOn+R2gy7hDFK2CRjUVEEOw55NH0ygCKjVkt1x7Ei4+tI+LNwK1zXVOmd2XgvfrKeg dFkf7QNZh8ZMZTCJPuV1Pvg31sjVip0Bok6clkQghDToiKOEqGAgbrTmd3vnEyWw2IGE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] Revert "page_alloc: assert IRQs are enabled in heap alloc/free" Message-Id: Date: Sat, 30 Apr 2022 12:36:34 +0000 commit fe234237b6fc8afc5d8265850169ceeb3d2f81fd Author: Julien Grall AuthorDate: Fri Apr 29 10:04:40 2022 +0100 Commit: Julien Grall CommitDate: Fri Apr 29 10:04:40 2022 +0100 Revert "page_alloc: assert IRQs are enabled in heap alloc/free" This reverts commit fa6dc0879ffd3dffffaea2837953c7a8761a9ba0 as there are more fallout on Arm.g --- xen/common/page_alloc.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index e866e0d864..319029140f 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -162,13 +162,6 @@ static char __initdata opt_badpage[100] = ""; string_param("badpage", opt_badpage); -/* - * Heap allocations may need TLB flushes which may require IRQs to be - * enabled (except when only 1 PCPU is online). - */ -#define ASSERT_ALLOC_CONTEXT() \ - ASSERT(!in_irq() && (local_irq_is_enabled() || num_online_cpus() <= 1)) - /* * no-bootscrub -> Free pages are not zeroed during boot. */ @@ -2167,7 +2160,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) { struct page_info *pg; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); pg = alloc_heap_pages(MEMZONE_XEN, MEMZONE_XEN, order, memflags | MEMF_no_scrub, NULL); @@ -2180,7 +2173,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) void free_xenheap_pages(void *v, unsigned int order) { - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( v == NULL ) return; @@ -2209,7 +2202,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags) struct page_info *pg; unsigned int i; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( xenheap_bits && (memflags >> _MEMF_bits) > xenheap_bits ) memflags &= ~MEMF_bits(~0U); @@ -2231,7 +2224,7 @@ void free_xenheap_pages(void *v, unsigned int order) struct page_info *pg; unsigned int i; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( v == NULL ) return; @@ -2256,7 +2249,7 @@ void init_domheap_pages(paddr_t ps, paddr_t pe) { mfn_t smfn, emfn; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); smfn = maddr_to_mfn(round_pgup(ps)); emfn = maddr_to_mfn(round_pgdown(pe)); @@ -2376,7 +2369,7 @@ struct page_info *alloc_domheap_pages( unsigned int bits = memflags >> _MEMF_bits, zone_hi = NR_ZONES - 1; unsigned int dma_zone; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); bits = domain_clamp_alloc_bitsize(memflags & MEMF_no_owner ? NULL : d, bits ? : (BITS_PER_LONG+PAGE_SHIFT)); @@ -2426,7 +2419,7 @@ void free_domheap_pages(struct page_info *pg, unsigned int order) unsigned int i; bool drop_dom_ref; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); if ( unlikely(is_xen_heap_page(pg)) ) { @@ -2745,7 +2738,7 @@ int __init acquire_domstatic_pages(struct domain *d, mfn_t smfn, { struct page_info *pg; - ASSERT_ALLOC_CONTEXT(); + ASSERT(!in_irq()); pg = acquire_staticmem_pages(smfn, nr_mfns, memflags); if ( !pg ) -- generated by git-patchbot for /home/xen/git/xen.git#master