From xen-changelog-bounces@lists.xenproject.org Fri Jul 01 17:33:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 01 Jul 2022 17:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.359134.588519 (Exim 4.92) (envelope-from ) id 1o7KVt-0002BU-Dd; Fri, 01 Jul 2022 17:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 359134.588519; Fri, 01 Jul 2022 17:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7KVt-0002BM-Ae; Fri, 01 Jul 2022 17:33:05 +0000 Received: by outflank-mailman (input) for mailman id 359134; Fri, 01 Jul 2022 17:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7KVs-0002BG-Ay for xen-changelog@lists.xenproject.org; Fri, 01 Jul 2022 17:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7KVs-00079o-A4 for xen-changelog@lists.xenproject.org; Fri, 01 Jul 2022 17:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o7KVs-0003e4-9H for xen-changelog@lists.xenproject.org; Fri, 01 Jul 2022 17:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1jdGs2buquo+KDlGQuGF+dMMZGvfQYfViVyATKRgqjY=; b=66gOfTOcyecSPqDcmKTMSl+QSi Ji1OwYg9MXzypJ1AzvuO07dW/Pu6qCk5tZpcWuZY5txaLBd+AP+jvewkHCNkOyQCbSCMTs+M7B4gm oEj+S9OqzKxw1O3nH+y9KmZXQamB7uWxYfnBldG+qrhs8spIryCSXc7/WxFuQm0rvSDs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] public/io: xs_wire: Document that new errors should be added at the end Message-Id: Date: Fri, 01 Jul 2022 17:33:04 +0000 commit bf2f989531ad3851685a1847cbc1e28901ed80a2 Author: Julien Grall AuthorDate: Fri Jul 1 18:27:05 2022 +0100 Commit: Julien Grall CommitDate: Fri Jul 1 18:27:30 2022 +0100 public/io: xs_wire: Document that new errors should be added at the end Some tools (e.g. xenstored) always expect EINVAL to be first in xsd_errors. To be conservative, mandate that new errors should be added at the end of the array. Signed-off-by: Julien Grall Reviewed-by: Henry Wang Reviewed-by: Juergen Gross --- xen/include/public/io/xs_wire.h | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/include/public/io/xs_wire.h b/xen/include/public/io/xs_wire.h index b477bd0cd2..c573950fbf 100644 --- a/xen/include/public/io/xs_wire.h +++ b/xen/include/public/io/xs_wire.h @@ -76,6 +76,7 @@ static struct xsd_errors xsd_errors[] __attribute__((unused)) #endif = { + /* /!\ New errors should be added at the end of the array. */ XSD_ERROR(EINVAL), XSD_ERROR(EACCES), XSD_ERROR(EEXIST), -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sat Jul 02 03:55:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Jul 2022 03:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.359273.588699 (Exim 4.92) (envelope-from ) id 1o7UDn-0003D0-0i; Sat, 02 Jul 2022 03:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 359273.588699; Sat, 02 Jul 2022 03:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UDm-0003Cs-Tw; Sat, 02 Jul 2022 03:55:02 +0000 Received: by outflank-mailman (input) for mailman id 359273; Sat, 02 Jul 2022 03:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UDm-0003Cm-3k for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UDl-0002Pg-Ug for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o7UDl-00078T-So for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xm/tpdyT3PszAoo7FFFkjB9nN3MY6qyvNfEDQkvHYOU=; b=AZxbs5CLcTfluHiKOodvcmVsO8 vML6e87d4AnAiTGXELQ99Zjx6GzO/kvuo5t/1iSXevy+2cBD7y79A0AuA8VfPjXQoz37NdgXXhUfS wRqtfzZy21GadnZRIZTFY9+g9c4uUat72KNeCnsowJfHXLsEzGtiByJPtEJlvQw8ve1U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Message-Id: Date: Sat, 02 Jul 2022 03:55:01 +0000 commit ffc7694e0c99eea158c32aa164b7d1e1bb1dc46b Author: Andrew Cooper AuthorDate: Mon Jun 27 11:54:27 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Jun 30 18:07:13 2022 +0100 x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Back at the time of the original Spectre-v2 fixes, it was recommended to clear MSR_SPEC_CTRL when going idle. This is because of the side effects on the sibling thread caused by the microcode IBRS and STIBP implementations which were retrofitted to existing CPUs. However, there are no relevant cross-thread impacts for the hardware IBRS/STIBP implementations, so this logic should not be used on Intel CPUs supporting eIBRS, or any AMD CPUs; doing so only adds unnecessary latency to the idle path. Furthermore, there's no point playing with MSR_SPEC_CTRL in the idle paths if SMT is disabled for other reasons. Fixes: 8d03080d2a33 ("x86/spec-ctrl: Cease using thunk=lfence on AMD") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné --- xen/arch/x86/include/asm/cpufeatures.h | 2 +- xen/arch/x86/include/asm/spec_ctrl.h | 5 +++-- xen/arch/x86/spec_ctrl.c | 10 ++++++++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index bd45a144ee..493d338a08 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -33,7 +33,7 @@ XEN_CPUFEATURE(SC_MSR_HVM, X86_SYNTH(17)) /* MSR_SPEC_CTRL used by Xen fo XEN_CPUFEATURE(SC_RSB_PV, X86_SYNTH(18)) /* RSB overwrite needed for PV */ XEN_CPUFEATURE(SC_RSB_HVM, X86_SYNTH(19)) /* RSB overwrite needed for HVM */ XEN_CPUFEATURE(XEN_SELFSNOOP, X86_SYNTH(20)) /* SELFSNOOP gets used by Xen itself */ -XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* (SC_MSR_PV || SC_MSR_HVM) && default_xen_spec_ctrl */ +XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on idle */ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ /* Bits 23,24 unused. */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 751355f471..7e83e0179f 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -78,7 +78,8 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) uint32_t val = 0; /* - * Branch Target Injection: + * It is recommended in some cases to clear MSR_SPEC_CTRL when going idle, + * to avoid impacting sibling threads. * * Latch the new shadow value, then enable shadowing, then update the MSR. * There are no SMP issues here; only local processor ordering concerns. @@ -114,7 +115,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) uint32_t val = info->xen_spec_ctrl; /* - * Branch Target Injection: + * Restore MSR_SPEC_CTRL on exit from idle. * * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 1f275ad1fb..57f4fcb213 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1151,8 +1151,14 @@ void __init init_speculation_mitigations(void) /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ init_shadow_spec_ctrl_state(); - /* If Xen is using any MSR_SPEC_CTRL settings, adjust the idle path. */ - if ( default_xen_spec_ctrl ) + /* + * For microcoded IBRS only (i.e. Intel, pre eIBRS), it is recommended to + * clear MSR_SPEC_CTRL before going idle, to avoid impacting sibling + * threads. Activate this if SMT is enabled, and Xen is using a non-zero + * MSR_SPEC_CTRL setting. + */ + if ( boot_cpu_has(X86_FEATURE_IBRSB) && !(caps & ARCH_CAPS_IBRS_ALL) && + hw_smt_enabled && default_xen_spec_ctrl ) setup_force_cpu_cap(X86_FEATURE_SC_MSR_IDLE); xpti_init_default(caps); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Jul 02 03:55:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Jul 2022 03:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.359274.588703 (Exim 4.92) (envelope-from ) id 1o7UDx-0003FJ-2O; Sat, 02 Jul 2022 03:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 359274.588703; Sat, 02 Jul 2022 03:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UDw-0003FB-Vj; Sat, 02 Jul 2022 03:55:12 +0000 Received: by outflank-mailman (input) for mailman id 359274; Sat, 02 Jul 2022 03:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UDw-0003Ey-2z for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UDw-0002Pk-2D for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o7UDw-00078x-0v for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=A8c04+PWuJHdbDPvRHzMi74qKxcJLX8cNPLCu4ZeYeM=; b=RjH3qvQOdNYmXee+hmtLiwkVBu JlEjht8J/dOemD+OsNj/wZR2e0kj/SGEO4iv3aZCk2bWwwkf2J0FVYzSk23MzgzuW4UiCtlBrfGC+ vDsMo+X8iwjvViJo36xqQlRDRp0hDN9zt2eJaDRrJUBWQvBCA4ZpcCdbLeJwE32Jaas0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint Message-Id: Date: Sat, 02 Jul 2022 03:55:12 +0000 commit fef244b179c06fcdfa581f7d57fa6e578c49ff50 Author: Andrew Cooper AuthorDate: Wed Mar 16 13:07:40 2022 +0000 Commit: Andrew Cooper CommitDate: Thu Jun 30 18:07:13 2022 +0100 x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint STIBP and PSFD are slightly weird bits, because they're both implied by other bits in MSR_SPEC_CTRL. Add fine grain controls for them, and take the implications into account when setting IBRS/SSBD. Rearrange the IBPB text/variables/logic to keep all the MSR_SPEC_CTRL bits together, for consistency. However, AMD have a hardware hint CPUID bit recommending that STIBP be set unilaterally. This is advertised on Zen3, so follow the recommendation. Furthermore, in such cases, set STIBP behind the guest's back for now. This has negligible overhead for the guest, but saves a WRMSR on vmentry. This is the only default change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Roger Pau Monné --- docs/misc/xen-command-line.pandoc | 21 ++++++++++--- xen/arch/x86/hvm/svm/vmcb.c | 9 ++++++ xen/arch/x86/spec_ctrl.c | 65 +++++++++++++++++++++++++++++++++------ 3 files changed, 81 insertions(+), 14 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index a92b7d228c..da18172e50 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2258,8 +2258,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, -> l1d-flush,branch-harden,srb-lock,unpriv-mmio}= ]` +> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> eager-fpu,l1d-flush,branch-harden,srb-lock, +> unpriv-mmio}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2309,9 +2310,10 @@ On hardware supporting IBRS (Indirect Branch Restricted Speculation), the If Xen is not using IBRS itself, functionality is still set up so IBRS can be virtualised for guests. -On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` -option can be used to force (the default) or prevent Xen from issuing branch -prediction barriers on vcpu context switches. +On hardware supporting STIBP (Single Thread Indirect Branch Predictors), the +`stibp=` option can be used to force or prevent Xen using the feature itself. +By default, Xen will use STIBP when IBRS is in use (IBRS implies STIBP), and +when hardware hints recommend using it as a blanket setting. On hardware supporting SSBD (Speculative Store Bypass Disable), the `ssbd=` option can be used to force or prevent Xen using the feature itself. On AMD @@ -2319,6 +2321,15 @@ hardware, this is a global option applied at boot, and not virtualised for guest use. On Intel hardware, the feature is virtualised for guests, independently of Xen's choice of setting. +On hardware supporting PSFD (Predictive Store Forwarding Disable), the `psfd=` +option can be used to force or prevent Xen using the feature itself. By +default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by +default. + +On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` +option can be used to force (the default) or prevent Xen from issuing branch +prediction barriers on vcpu context switches. + On all hardware, the `eager-fpu=` option can be used to force or prevent Xen from using fully eager FPU context switches. This is currently implemented as a global control. By default, Xen will choose to use fully eager context diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 9583096577..0fc57dfd71 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -29,6 +29,7 @@ #include #include #include +#include struct vmcb_struct *alloc_vmcb(void) { @@ -176,6 +177,14 @@ static int construct_vmcb(struct vcpu *v) vmcb->_pause_filter_thresh = SVM_PAUSETHRESH_INIT; } + /* + * When default_xen_spec_ctrl simply SPEC_CTRL_STIBP, default this behind + * the back of the VM too. Our SMT topology isn't accurate, the overhead + * is neglegable, and doing this saves a WRMSR on the vmentry path. + */ + if ( default_xen_spec_ctrl == SPEC_CTRL_STIBP ) + v->arch.msrs->spec_ctrl.raw = SPEC_CTRL_STIBP; + return 0; } diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 57f4fcb213..7a4550db83 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -48,9 +48,13 @@ static enum ind_thunk { THUNK_LFENCE, THUNK_JMP, } opt_thunk __initdata = THUNK_DEFAULT; + static int8_t __initdata opt_ibrs = -1; +int8_t __initdata opt_stibp = -1; +bool __ro_after_init opt_ssbd; +int8_t __initdata opt_psfd = -1; + bool __read_mostly opt_ibpb = true; -bool __read_mostly opt_ssbd = false; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; static bool __initdata opt_branch_harden = true; @@ -172,12 +176,20 @@ static int __init cf_check parse_spec_ctrl(const char *s) else rc = -EINVAL; } + + /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) opt_ibrs = val; - else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + else if ( (val = parse_boolean("stibp", s, ss)) >= 0 ) + opt_stibp = val; else if ( (val = parse_boolean("ssbd", s, ss)) >= 0 ) opt_ssbd = val; + else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) + opt_psfd = val; + + /* Misc settings. */ + else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) + opt_ibpb = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -376,7 +388,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -390,6 +402,9 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (!boot_cpu_has(X86_FEATURE_SSBD) && !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", + (!boot_cpu_has(X86_FEATURE_PSFD) && + !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -980,10 +995,7 @@ void __init init_speculation_mitigations(void) if ( !has_spec_ctrl ) printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); else if ( opt_ibrs == -1 ) - { opt_ibrs = ibrs = true; - default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; - } if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) thunk = THUNK_JMP; @@ -1087,14 +1099,49 @@ void __init init_speculation_mitigations(void) setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - /* If we have IBRS available, see whether we should use it. */ + /* Figure out default_xen_spec_ctrl. */ if ( has_spec_ctrl && ibrs ) + { + /* IBRS implies STIBP. */ + if ( opt_stibp == -1 ) + opt_stibp = 1; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + } + + /* + * Use STIBP by default if the hardware hint is set. Otherwise, leave it + * off as it a severe performance pentalty on pre-eIBRS Intel hardware + * where it was retrofitted in microcode. + */ + if ( opt_stibp == -1 ) + opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + + if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || + boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) + default_xen_spec_ctrl |= SPEC_CTRL_STIBP; - /* If we have SSBD available, see whether we should use it. */ if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) + { + /* SSBD implies PSFD */ + if ( opt_psfd == -1 ) + opt_psfd = 1; + default_xen_spec_ctrl |= SPEC_CTRL_SSBD; + } + + /* + * Don't use PSFD by default. AMD designed the predictor to + * auto-clear on privilege change. PSFD is implied by SSBD, which is + * off by default. + */ + if ( opt_psfd == -1 ) + opt_psfd = 0; + + if ( opt_psfd && (boot_cpu_has(X86_FEATURE_PSFD) || + boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ) + default_xen_spec_ctrl |= SPEC_CTRL_PSFD; /* * PV guests can create RSB entries for any linear address they control, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Jul 02 03:55:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Jul 2022 03:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.359275.588707 (Exim 4.92) (envelope-from ) id 1o7UE7-0003IA-3m; Sat, 02 Jul 2022 03:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 359275.588707; Sat, 02 Jul 2022 03:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UE7-0003I2-10; Sat, 02 Jul 2022 03:55:23 +0000 Received: by outflank-mailman (input) for mailman id 359275; Sat, 02 Jul 2022 03:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UE6-0003Hu-6B for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UE6-0002Q1-5R for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o7UE6-00079W-4V for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zepMHKvo9ZCKPjZkAWfdXr6eh9YN89+qJXA0CiBDxQI=; b=c7vMRjwNywleck/h8b87dG8mCA TaSkSXN4wIHdLNQDTpXqrocZKq/ApkAK06oGnXJZTTiS/n4ne1CyXc8eukkOZ0Fcev62a1wZm+SoX hqMVIg3KhLTK6V9mnpb/rXwSHQOeh+JiywoPcoBGqjTg2Ri3T8TXNeWXsLZVGmI/mpC4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/ept: fix shattering of special pages Message-Id: Date: Sat, 02 Jul 2022 03:55:22 +0000 commit 60d1adfa18793f4ddb70c8e901562d8d3e9be3dc Author: Roger Pau Monne AuthorDate: Thu Jun 30 18:34:49 2022 +0200 Commit: Andrew Cooper CommitDate: Thu Jun 30 18:07:13 2022 +0100 x86/ept: fix shattering of special pages The current logic in epte_get_entry_emt() will split any page marked as special with order greater than zero, without checking whether the super page is all special. Fix this by only splitting the page only if it's not all marked as special, in order to prevent unneeded super page shuttering. The unconditional special super page shattering has caused a performance regression on some XenServer GPU pass through workloads. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/arch/x86/mm/p2m-ept.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index b04ca6dbe8..b4919bad51 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -491,7 +491,7 @@ int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn, { int gmtrr_mtype, hmtrr_mtype; struct vcpu *v = current; - unsigned long i; + unsigned long i, special_pgs; *ipat = false; @@ -525,15 +525,17 @@ int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn, return MTRR_TYPE_WRBACK; } - for ( i = 0; i < (1ul << order); i++ ) - { + for ( special_pgs = i = 0; i < (1ul << order); i++ ) if ( is_special_page(mfn_to_page(mfn_add(mfn, i))) ) - { - if ( order ) - return -1; - *ipat = true; - return MTRR_TYPE_WRBACK; - } + special_pgs++; + + if ( special_pgs ) + { + if ( special_pgs != (1ul << order) ) + return -1; + + *ipat = true; + return MTRR_TYPE_WRBACK; } switch ( type ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Jul 02 03:55:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Jul 2022 03:55:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.359276.588711 (Exim 4.92) (envelope-from ) id 1o7UEH-0003L3-5E; Sat, 02 Jul 2022 03:55:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 359276.588711; Sat, 02 Jul 2022 03:55:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UEH-0003Kw-2b; Sat, 02 Jul 2022 03:55:33 +0000 Received: by outflank-mailman (input) for mailman id 359276; Sat, 02 Jul 2022 03:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UEG-0003Ki-9L for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UEG-0002QC-8b for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o7UEG-00079z-7X for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UiI1KuDlPwHH3kqFDrgql8s+2w6f/uli5CDpPIV+4Ro=; b=1txDKoLFyPkkDWxhaq2senEccj Lz7Rk7vsibZcUWWV3pWXUDuydPzjnGOeMywWLfLGgthdr6M6aOHbEbR8pdeVGHvbgPtc43mcJYCiM bC+Pk/FPf6rZj4F7hkm3gCDQkZgLsxLupTa+rQhw1WsYdlPPe2wFG2N9LlRvcq1i8iaA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] public/io: xs_wire: Allow Xenstore to report EPERM Message-Id: Date: Sat, 02 Jul 2022 03:55:32 +0000 commit 8d578128393b9ee144b2c2deb4e0369556443686 Author: Julien Grall AuthorDate: Thu Jun 30 19:37:34 2022 +0100 Commit: Julien Grall CommitDate: Thu Jun 30 19:37:54 2022 +0100 public/io: xs_wire: Allow Xenstore to report EPERM C Xenstored is using EPERM when the client is not allowed to change the owner (see GET_PERMS). However, the xenstore protocol doesn't describe EPERM so EINVAL will be sent to the client. When writing test, it would be useful to differentiate between EINVAL (e.g. parsing error) and EPERM (i.e. no permission). So extend xsd_errors[] to support return EPERM. Looking at previous time xsd_errors was extended (8b2c441a1b), it was considered to be safe to add a new error because at least Linux driver and libxenstore treat an unknown error code as EINVAL. This statement doesn't cover other possible OSes, however I am not aware of any breakage. Signed-off-by: Julien Grall Reviewed-by: Juergen Gross --- xen/include/public/io/xs_wire.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/include/public/io/xs_wire.h b/xen/include/public/io/xs_wire.h index c1ec7c73e3..b477bd0cd2 100644 --- a/xen/include/public/io/xs_wire.h +++ b/xen/include/public/io/xs_wire.h @@ -90,7 +90,8 @@ __attribute__((unused)) XSD_ERROR(EBUSY), XSD_ERROR(EAGAIN), XSD_ERROR(EISCONN), - XSD_ERROR(E2BIG) + XSD_ERROR(E2BIG), + XSD_ERROR(EPERM), }; #endif -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Jul 02 03:55:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Jul 2022 03:55:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.359277.588717 (Exim 4.92) (envelope-from ) id 1o7UES-0003No-8O; Sat, 02 Jul 2022 03:55:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 359277.588717; Sat, 02 Jul 2022 03:55:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UES-0003Nd-4B; Sat, 02 Jul 2022 03:55:44 +0000 Received: by outflank-mailman (input) for mailman id 359277; Sat, 02 Jul 2022 03:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UEQ-0003NQ-CJ for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7UEQ-0002Rt-BO for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o7UEQ-0007AO-Ag for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 03:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WbBC9O0zvUODHQC+edAJYyM38iKpEbmz7sTOJrFHr0U=; b=Fquw8KOEFRug8ryayaE2z1JyFa iR8fApqxRR0jsf367tzCA/TX+x6YhVA7DwwXZYW4v91RLGr/OpmjwS4h/ReU+nAWMORVF+iPNoWXb QIM0VIvZte6LOgxo/LC1N6nYAMv31iRsa4QLXeyoLO48w8rq7LGZT3XA/jJQCZhtgXBg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: arm: Don't use stop_cpu() in halt_this_cpu() Message-Id: Date: Sat, 02 Jul 2022 03:55:42 +0000 commit ee11f092b515bf3c926eaad053d12d3f2b6e593e Author: Dmytro Semenets AuthorDate: Thu Jun 23 10:44:28 2022 +0300 Commit: Julien Grall CommitDate: Thu Jun 30 19:41:34 2022 +0100 xen: arm: Don't use stop_cpu() in halt_this_cpu() When shutting down (or rebooting) the platform, Xen will call stop_cpu() on all the CPUs but one. The last CPU will then request the system to shutdown/restart. On platform using PSCI, stop_cpu() will call PSCI CPU off. Per the spec (section 5.5.2 DEN0022D.b), the call could return DENIED if the Trusted OS is resident on the CPU that is about to be turned off. As Xen doesn't migrate off the trusted OS (which BTW may not be migratable), it would be possible to hit the panic(). In the ideal situation, Xen should migrate the trusted OS or make sure the CPU off is not called. However, when shutting down (or rebooting) the platform, it is pointless to try to turn off all the CPUs (per section 5.10.2, it is only required to put the core in a known state). So solve the problem by open-coding stop_cpu() in halt_this_cpu() and not call PSCI CPU off. Signed-off-by: Dmytro Semenets Acked-by: Julien Grall --- xen/arch/arm/shutdown.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/shutdown.c b/xen/arch/arm/shutdown.c index 5550f50f61..0606cb84b3 100644 --- a/xen/arch/arm/shutdown.c +++ b/xen/arch/arm/shutdown.c @@ -9,7 +9,12 @@ static void noreturn halt_this_cpu(void *arg) { - stop_cpu(); + local_irq_disable(); + /* Make sure the write happens before we sleep forever */ + dsb(sy); + isb(); + while ( 1 ) + wfi(); } void machine_halt(void) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Jul 02 20:00:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 02 Jul 2022 20:00:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.359440.588843 (Exim 4.92) (envelope-from ) id 1o7jHg-0002ty-4f; Sat, 02 Jul 2022 20:00:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 359440.588843; Sat, 02 Jul 2022 20:00:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7jHg-0002tb-1N; Sat, 02 Jul 2022 20:00:04 +0000 Received: by outflank-mailman (input) for mailman id 359440; Sat, 02 Jul 2022 20:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7jHe-0002Xy-2m for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 20:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o7jHe-00040d-1j for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 20:00:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o7jHd-00006R-VC for xen-changelog@lists.xenproject.org; Sat, 02 Jul 2022 20:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SnBoDtQNWt2R8+6BkTbxIahiap959YIB0CcZ1qyai0Y=; b=6HjxRKw6cc158EeogK7hBZV6te sPypzIuzlzhzbEjCk9PyislCra/aHhsSbvjYhWsqS4zOVjOWO+VnQGbnPINt30t9Xba5Abd0OgHJR kxLt0RnVxf85M58BimrkbWIEZnXv8mr/f9BF1WMpCwwrlCyjkycAl2GPled6skUF1+/0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] public/io: xs_wire: Document that new errors should be added at the end Message-Id: Date: Sat, 02 Jul 2022 20:00:01 +0000 commit bf2f989531ad3851685a1847cbc1e28901ed80a2 Author: Julien Grall AuthorDate: Fri Jul 1 18:27:05 2022 +0100 Commit: Julien Grall CommitDate: Fri Jul 1 18:27:30 2022 +0100 public/io: xs_wire: Document that new errors should be added at the end Some tools (e.g. xenstored) always expect EINVAL to be first in xsd_errors. To be conservative, mandate that new errors should be added at the end of the array. Signed-off-by: Julien Grall Reviewed-by: Henry Wang Reviewed-by: Juergen Gross --- xen/include/public/io/xs_wire.h | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/include/public/io/xs_wire.h b/xen/include/public/io/xs_wire.h index b477bd0cd2..c573950fbf 100644 --- a/xen/include/public/io/xs_wire.h +++ b/xen/include/public/io/xs_wire.h @@ -76,6 +76,7 @@ static struct xsd_errors xsd_errors[] __attribute__((unused)) #endif = { + /* /!\ New errors should be added at the end of the array. */ XSD_ERROR(EINVAL), XSD_ERROR(EACCES), XSD_ERROR(EEXIST), -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 08:55:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 08:55:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.359992.589311 (Exim 4.92) (envelope-from ) id 1o8HrE-0002Da-3J; Mon, 04 Jul 2022 08:55:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 359992.589311; Mon, 04 Jul 2022 08:55:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HrD-0002DQ-Vn; Mon, 04 Jul 2022 08:55:03 +0000 Received: by outflank-mailman (input) for mailman id 359992; Mon, 04 Jul 2022 08:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HrC-0002DC-OV for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HrC-0003QD-Nb for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8HrC-0005hM-Ma for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VkO2RrmY55YmWwSMCrNxbnwxgeUn+QBqmfa5HhkrdiU=; b=5/iGa1dMfdnNh7yACMXSPODoQ0 bnQ+Sc5yYSSlc3PZd6h57EuHRY6rf54nSiQVndLpTsmS9umXIzcuhiTXamHPO7byAHnD/wLiWsL78 xDNTG34u09hubvSXS0i73EGMJzY2jkauMmH56tfHIAobkVcKeROuHBX6wkDN16Lfnarw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: drop xenbus directory Message-Id: Date: Mon, 04 Jul 2022 08:55:02 +0000 commit 8623cff59ba1b00d9bc838bea0c473f8ae137daa Author: Juergen Gross AuthorDate: Mon Jun 20 09:38:13 2022 +0200 Commit: Julien Grall CommitDate: Mon Jul 4 09:49:58 2022 +0100 mini-os: drop xenbus directory The xenbus directory contains only a single source. Move this source up and remove the xenbus directory. Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- Makefile | 3 +- xenbus.c | 989 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ xenbus/xenbus.c | 989 -------------------------------------------------------- 3 files changed, 990 insertions(+), 991 deletions(-) diff --git a/Makefile b/Makefile index 9f95d19..16d1f5d 100644 --- a/Makefile +++ b/Makefile @@ -57,6 +57,7 @@ src-y += sched.c src-y += shutdown.c src-$(CONFIG_TEST) += test.c src-$(CONFIG_BALLOON) += balloon.c +src-$(CONFIG_XENBUS) += xenbus.c src-y += lib/ctype.c src-y += lib/math.c @@ -67,8 +68,6 @@ src-y += lib/sys.c src-y += lib/xmalloc.c src-$(CONFIG_LIBXS) += lib/xs.c -src-$(CONFIG_XENBUS) += xenbus/xenbus.c - src-y += console/console.c src-y += console/xencons_ring.c src-$(CONFIG_CONSFRONT) += console/xenbus.c diff --git a/xenbus.c b/xenbus.c new file mode 100644 index 0000000..b687678 --- /dev/null +++ b/xenbus.c @@ -0,0 +1,989 @@ +/* + **************************************************************************** + * (C) 2006 - Cambridge University + **************************************************************************** + * + * File: xenbus.c + * Author: Steven Smith (sos22@cam.ac.uk) + * Changes: Grzegorz Milos (gm281@cam.ac.uk) + * Changes: John D. Ramsdell + * + * Date: Jun 2006, chages Aug 2005 + * + * Environment: Xen Minimal OS + * Description: Minimal implementation of xenbus + * + **************************************************************************** + **/ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define min(x,y) ({ \ + typeof(x) tmpx = (x); \ + typeof(y) tmpy = (y); \ + tmpx < tmpy ? tmpx : tmpy; \ + }) + +#ifdef XENBUS_DEBUG +#define DEBUG(_f, _a...) \ + printk("MINI_OS(file=xenbus.c, line=%d) " _f , __LINE__, ## _a) +#else +#define DEBUG(_f, _a...) ((void)0) +#endif + +static struct xenstore_domain_interface *xenstore_buf; +static DECLARE_WAIT_QUEUE_HEAD(xb_waitq); +DECLARE_WAIT_QUEUE_HEAD(xenbus_watch_queue); +static __DECLARE_SEMAPHORE_GENERIC(xb_write_sem, 1); + +xenbus_event_queue xenbus_events; +static struct watch { + char *token; + char *path; + xenbus_event_queue *events; + struct watch *next; +} *watches; +struct xenbus_req_info +{ + int in_use:1; + struct wait_queue_head waitq; + void *reply; +}; + +#define NR_REQS 32 +static struct xenbus_req_info req_info[NR_REQS]; + +static char *errmsg(struct xsd_sockmsg *rep); + +uint32_t xenbus_evtchn; + +#ifdef CONFIG_PARAVIRT +void get_xenbus(void *p) +{ + start_info_t *si = p; + + xenbus_evtchn = si->store_evtchn; + xenstore_buf = mfn_to_virt(si->store_mfn); +} +#else +void get_xenbus(void *p) +{ + uint64_t v; + + if ( hvm_get_parameter(HVM_PARAM_STORE_EVTCHN, &v) ) + BUG(); + xenbus_evtchn = v; + + if( hvm_get_parameter(HVM_PARAM_STORE_PFN, &v) ) + BUG(); + xenstore_buf = (struct xenstore_domain_interface *)map_frame_virt(v); +} +#endif + +static void memcpy_from_ring(const void *Ring, + void *Dest, + int off, + int len) +{ + int c1, c2; + const char *ring = Ring; + char *dest = Dest; + c1 = min(len, XENSTORE_RING_SIZE - off); + c2 = len - c1; + memcpy(dest, ring + off, c1); + memcpy(dest + c1, ring, c2); +} + +char **xenbus_wait_for_watch_return(xenbus_event_queue *queue) +{ + struct xenbus_event *event; + DEFINE_WAIT(w); + if (!queue) + queue = &xenbus_events; + while (!(event = *queue)) { + add_waiter(w, xenbus_watch_queue); + schedule(); + } + remove_waiter(w, xenbus_watch_queue); + *queue = event->next; + return &event->path; +} + +void xenbus_wait_for_watch(xenbus_event_queue *queue) +{ + char **ret; + if (!queue) + queue = &xenbus_events; + ret = xenbus_wait_for_watch_return(queue); + if (ret) + free(ret); + else + printk("unexpected path returned by watch\n"); +} + +void xenbus_release_wait_for_watch(xenbus_event_queue *queue) +{ + struct xenbus_event *event = malloc(sizeof(*event)); + event->next = *queue; + *queue = event; + wake_up(&xenbus_watch_queue); +} + +char* xenbus_wait_for_value(const char* path, const char* value, xenbus_event_queue *queue) +{ + if (!queue) + queue = &xenbus_events; + for(;;) + { + char *res, *msg; + int r; + + msg = xenbus_read(XBT_NIL, path, &res); + if(msg) return msg; + + r = strcmp(value,res); + free(res); + + if(r==0) break; + else xenbus_wait_for_watch(queue); + } + return NULL; +} + +char *xenbus_switch_state(xenbus_transaction_t xbt, const char* path, XenbusState state) +{ + char *current_state; + char *msg = NULL; + char *msg2 = NULL; + char value[2]; + XenbusState rs; + int xbt_flag = 0; + int retry = 0; + + do { + if (xbt == XBT_NIL) { + msg = xenbus_transaction_start(&xbt); + if (msg) goto exit; + xbt_flag = 1; + } + + msg = xenbus_read(xbt, path, ¤t_state); + if (msg) goto exit; + + rs = (XenbusState) (current_state[0] - '0'); + free(current_state); + if (rs == state) { + msg = NULL; + goto exit; + } + + snprintf(value, 2, "%d", state); + msg = xenbus_write(xbt, path, value); + +exit: + if (xbt_flag) { + msg2 = xenbus_transaction_end(xbt, 0, &retry); + xbt = XBT_NIL; + } + if (msg == NULL && msg2 != NULL) + msg = msg2; + else + free(msg2); + } while (retry); + + return msg; +} + +char *xenbus_wait_for_state_change(const char* path, XenbusState *state, xenbus_event_queue *queue) +{ + if (!queue) + queue = &xenbus_events; + for(;;) + { + char *res, *msg; + XenbusState rs; + + msg = xenbus_read(XBT_NIL, path, &res); + if(msg) return msg; + + rs = (XenbusState) (res[0] - 48); + free(res); + + if (rs == *state) + xenbus_wait_for_watch(queue); + else { + *state = rs; + break; + } + } + return NULL; +} + + +static void xenbus_read_data(char *buf, unsigned int len) +{ + unsigned int off = 0; + unsigned int prod, cons; + unsigned int size; + + while (off != len) + { + wait_event(xb_waitq, xenstore_buf->rsp_prod != xenstore_buf->rsp_cons); + + prod = xenstore_buf->rsp_prod; + cons = xenstore_buf->rsp_cons; + DEBUG("Rsp_cons %d, rsp_prod %d.\n", cons, prod); + size = min(len - off, prod - cons); + + rmb(); /* Make sure data read from ring is ordered with rsp_prod. */ + memcpy_from_ring(xenstore_buf->rsp, buf + off, + MASK_XENSTORE_IDX(cons), size); + off += size; + mb(); /* memcpy() and rsp_cons update must not be reordered. */ + xenstore_buf->rsp_cons += size; + mb(); /* rsp_cons must be visible before we look at rsp_prod. */ + if (xenstore_buf->rsp_prod - cons >= XENSTORE_RING_SIZE) + notify_remote_via_evtchn(xenbus_evtchn); + } +} + +static void xenbus_thread_func(void *ign) +{ + struct xsd_sockmsg msg; + char *data; + + for (;;) { + xenbus_read_data((char *)&msg, sizeof(msg)); + DEBUG("Msg len %d, %d avail, id %d.\n", msg.len + sizeof(msg), + xenstore_buf->rsp_prod - xenstore_buf->rsp_cons, msg.req_id); + + if (msg.len > XENSTORE_PAYLOAD_MAX) { + printk("Xenstore violates protocol, message longer than allowed.\n"); + return; + } + + if (msg.type == XS_WATCH_EVENT) { + struct xenbus_event *event = malloc(sizeof(*event) + msg.len); + xenbus_event_queue *events = NULL; + struct watch *watch; + char *c; + int zeroes = 0; + + data = (char*)event + sizeof(*event); + xenbus_read_data(data, msg.len); + + for (c = data; c < data + msg.len; c++) + if (!*c) + zeroes++; + if (zeroes != 2) { + printk("Xenstore: illegal watch event data\n"); + free(event); + continue; + } + + event->path = data; + event->token = event->path + strlen(event->path) + 1; + + for (watch = watches; watch; watch = watch->next) + if (!strcmp(watch->token, event->token)) { + events = watch->events; + break; + } + + if (events) { + event->next = *events; + *events = event; + wake_up(&xenbus_watch_queue); + } else { + printk("Xenstore: unexpected watch token %s\n", event->token); + free(event); + } + + continue; + } + + data = malloc(sizeof(msg) + msg.len); + memcpy(data, &msg, sizeof(msg)); + xenbus_read_data(data + sizeof(msg), msg.len); + + if (msg.req_id >= NR_REQS || !req_info[msg.req_id].in_use) { + printk("Xenstore: illegal request id %d\n", msg.req_id); + free(data); + continue; + } + + DEBUG("Message is good.\n"); + + req_info[msg.req_id].reply = data; + + wake_up(&req_info[msg.req_id].waitq); + } +} + +static void xenbus_evtchn_handler(evtchn_port_t port, struct pt_regs *regs, + void *ign) +{ + wake_up(&xb_waitq); +} + +static int nr_live_reqs; +static DEFINE_SPINLOCK(req_lock); +static DECLARE_WAIT_QUEUE_HEAD(req_wq); + +/* Release a xenbus identifier */ +static void release_xenbus_id(int id) +{ + BUG_ON(!req_info[id].in_use); + spin_lock(&req_lock); + req_info[id].in_use = 0; + nr_live_reqs--; + req_info[id].in_use = 0; + if (nr_live_reqs == 0 || nr_live_reqs == NR_REQS - 1) + wake_up(&req_wq); + spin_unlock(&req_lock); +} + +/* Allocate an identifier for a xenbus request. Blocks if none are + available. */ +static int allocate_xenbus_id(void) +{ + static int probe; + int o_probe; + + while (1) + { + spin_lock(&req_lock); + if (nr_live_reqs < NR_REQS) + break; + spin_unlock(&req_lock); + wait_event(req_wq, (nr_live_reqs < NR_REQS)); + } + + o_probe = probe; + for (;;) + { + if (!req_info[o_probe].in_use) + break; + o_probe = (o_probe + 1) % NR_REQS; + BUG_ON(o_probe == probe); + } + nr_live_reqs++; + req_info[o_probe].in_use = 1; + probe = (o_probe + 1) % NR_REQS; + spin_unlock(&req_lock); + init_waitqueue_head(&req_info[o_probe].waitq); + + return o_probe; +} + +/* Initialise xenbus. */ +void init_xenbus(void) +{ + int err; + DEBUG("init_xenbus called.\n"); + create_thread("xenstore", xenbus_thread_func, NULL); + DEBUG("buf at %p.\n", xenstore_buf); + err = bind_evtchn(xenbus_evtchn, xenbus_evtchn_handler, NULL); + unmask_evtchn(xenbus_evtchn); + printk("xenbus initialised on irq %d\n", err); +} + +void fini_xenbus(void) +{ +} + +void suspend_xenbus(void) +{ + /* Check for live requests and wait until they finish */ + while (1) + { + spin_lock(&req_lock); + if (nr_live_reqs == 0) + break; + spin_unlock(&req_lock); + wait_event(req_wq, (nr_live_reqs == 0)); + } + + mask_evtchn(xenbus_evtchn); + xenstore_buf = NULL; + spin_unlock(&req_lock); +} + +void resume_xenbus(int canceled) +{ + char *msg; + struct watch *watch; + struct write_req req[2]; + struct xsd_sockmsg *rep; + +#ifdef CONFIG_PARAVIRT + get_xenbus(&start_info); +#else + get_xenbus(0); +#endif + unmask_evtchn(xenbus_evtchn); + + if (!canceled) { + for (watch = watches; watch; watch = watch->next) { + req[0].data = watch->path; + req[0].len = strlen(watch->path) + 1; + req[1].data = watch->token; + req[1].len = strlen(watch->token) + 1; + + rep = xenbus_msg_reply(XS_WATCH, XBT_NIL, req, ARRAY_SIZE(req)); + msg = errmsg(rep); + if (msg) { + xprintk("error on XS_WATCH: %s\n", msg); + free(msg); + } else + free(rep); + } + } + + notify_remote_via_evtchn(xenbus_evtchn); +} + +/* Send data to xenbus. This can block. All of the requests are seen + by xenbus as if sent atomically. The header is added + automatically, using type %type, req_id %req_id, and trans_id + %trans_id. */ +static void xb_write(int type, int req_id, xenbus_transaction_t trans_id, + const struct write_req *req, int nr_reqs) +{ + XENSTORE_RING_IDX prod; + int r; + int len = 0; + const struct write_req *cur_req; + int req_off; + int total_off; + int this_chunk; + struct xsd_sockmsg m = {.type = type, .req_id = req_id, + .tx_id = trans_id }; + struct write_req header_req = { &m, sizeof(m) }; + + for (r = 0; r < nr_reqs; r++) + len += req[r].len; + m.len = len; + len += sizeof(m); + + cur_req = &header_req; + + BUG_ON(len > XENSTORE_PAYLOAD_MAX); + + /* Make sure we are the only thread trying to write. */ + down(&xb_write_sem); + + /* Send the message in chunks using free ring space when available. */ + total_off = 0; + req_off = 0; + while (total_off < len) + { + prod = xenstore_buf->req_prod; + if (prod - xenstore_buf->req_cons >= XENSTORE_RING_SIZE) + { + /* Send evtchn to notify remote */ + notify_remote_via_evtchn(xenbus_evtchn); + + /* Wait for there to be space on the ring */ + DEBUG("prod %d, len %d, cons %d, size %d; waiting.\n", prod, + len - total_off, xenstore_buf->req_cons, XENSTORE_RING_SIZE); + wait_event(xb_waitq, + prod - xenstore_buf->req_cons < XENSTORE_RING_SIZE); + DEBUG("Back from wait.\n"); + } + + this_chunk = min(cur_req->len - req_off, + XENSTORE_RING_SIZE - MASK_XENSTORE_IDX(prod)); + this_chunk = min(this_chunk, + xenstore_buf->req_cons + XENSTORE_RING_SIZE - prod); + memcpy((char *)xenstore_buf->req + MASK_XENSTORE_IDX(prod), + (char *)cur_req->data + req_off, this_chunk); + prod += this_chunk; + req_off += this_chunk; + total_off += this_chunk; + if (req_off == cur_req->len) + { + req_off = 0; + if (cur_req == &header_req) + cur_req = req; + else + cur_req++; + } + + /* Remote must see entire message before updating indexes */ + wmb(); + xenstore_buf->req_prod = prod; + } + + /* Send evtchn to notify remote */ + notify_remote_via_evtchn(xenbus_evtchn); + + DEBUG("Complete main loop of xb_write.\n"); + BUG_ON(req_off != 0); + BUG_ON(total_off != len); + + up(&xb_write_sem); +} + +/* Send a mesasge to xenbus, in the same fashion as xb_write, and + block waiting for a reply. The reply is malloced and should be + freed by the caller. */ +struct xsd_sockmsg * +xenbus_msg_reply(int type, + xenbus_transaction_t trans, + struct write_req *io, + int nr_reqs) +{ + int id; + DEFINE_WAIT(w); + struct xsd_sockmsg *rep; + + id = allocate_xenbus_id(); + add_waiter(w, req_info[id].waitq); + + xb_write(type, id, trans, io, nr_reqs); + + schedule(); + remove_waiter(w, req_info[id].waitq); + wake(current); + + rep = req_info[id].reply; + BUG_ON(rep->req_id != id); + release_xenbus_id(id); + return rep; +} + +static char *errmsg(struct xsd_sockmsg *rep) +{ + char *res; + if (!rep) { + char msg[] = "No reply"; + size_t len = strlen(msg) + 1; + return memcpy(malloc(len), msg, len); + } + if (rep->type != XS_ERROR) + return NULL; + res = malloc(rep->len + 1); + memcpy(res, rep + 1, rep->len); + res[rep->len] = 0; + free(rep); + return res; +} + +/* List the contents of a directory. Returns a malloc()ed array of + pointers to malloc()ed strings. The array is NULL terminated. May + block. */ +char *xenbus_ls(xenbus_transaction_t xbt, const char *pre, char ***contents) +{ + struct xsd_sockmsg *reply, *repmsg; + struct write_req req[] = { { pre, strlen(pre)+1 } }; + int nr_elems, x, i; + char **res, *msg; + + repmsg = xenbus_msg_reply(XS_DIRECTORY, xbt, req, ARRAY_SIZE(req)); + msg = errmsg(repmsg); + if (msg) { + *contents = NULL; + return msg; + } + reply = repmsg + 1; + for (x = nr_elems = 0; x < repmsg->len; x++) + nr_elems += (((char *)reply)[x] == 0); + res = malloc(sizeof(res[0]) * (nr_elems + 1)); + for (x = i = 0; i < nr_elems; i++) { + int l = strlen((char *)reply + x); + res[i] = malloc(l + 1); + memcpy(res[i], (char *)reply + x, l + 1); + x += l + 1; + } + res[i] = NULL; + free(repmsg); + *contents = res; + return NULL; +} + +char *xenbus_read(xenbus_transaction_t xbt, const char *path, char **value) +{ + struct write_req req[] = { {path, strlen(path) + 1} }; + struct xsd_sockmsg *rep; + char *res, *msg; + rep = xenbus_msg_reply(XS_READ, xbt, req, ARRAY_SIZE(req)); + msg = errmsg(rep); + if (msg) { + *value = NULL; + return msg; + } + res = malloc(rep->len + 1); + memcpy(res, rep + 1, rep->len); + res[rep->len] = 0; + free(rep); + *value = res; + return NULL; +} + +char *xenbus_write(xenbus_transaction_t xbt, const char *path, const char *value) +{ + struct write_req req[] = { + {path, strlen(path) + 1}, + {value, strlen(value)}, + }; + struct xsd_sockmsg *rep; + char *msg; + rep = xenbus_msg_reply(XS_WRITE, xbt, req, ARRAY_SIZE(req)); + msg = errmsg(rep); + if (msg) return msg; + free(rep); + return NULL; +} + +char* xenbus_watch_path_token( xenbus_transaction_t xbt, const char *path, const char *token, xenbus_event_queue *events) +{ + struct xsd_sockmsg *rep; + + struct write_req req[] = { + {path, strlen(path) + 1}, + {token, strlen(token) + 1}, + }; + + struct watch *watch = malloc(sizeof(*watch)); + + char *msg; + + if (!events) + events = &xenbus_events; + + watch->token = strdup(token); + watch->path = strdup(path); + watch->events = events; + watch->next = watches; + watches = watch; + + rep = xenbus_msg_reply(XS_WATCH, xbt, req, ARRAY_SIZE(req)); + + msg = errmsg(rep); + if (msg) return msg; + free(rep); + + return NULL; +} + +char* xenbus_unwatch_path_token( xenbus_transaction_t xbt, const char *path, const char *token) +{ + struct xsd_sockmsg *rep; + + struct write_req req[] = { + {path, strlen(path) + 1}, + {token, strlen(token) + 1}, + }; + + struct watch *watch, **prev; + + char *msg; + + rep = xenbus_msg_reply(XS_UNWATCH, xbt, req, ARRAY_SIZE(req)); + + msg = errmsg(rep); + if (msg) return msg; + free(rep); + + for (prev = &watches, watch = *prev; watch; prev = &watch->next, watch = *prev) + if (!strcmp(watch->token, token)) { + free(watch->token); + free(watch->path); + *prev = watch->next; + free(watch); + break; + } + + return NULL; +} + +char *xenbus_rm(xenbus_transaction_t xbt, const char *path) +{ + struct write_req req[] = { {path, strlen(path) + 1} }; + struct xsd_sockmsg *rep; + char *msg; + rep = xenbus_msg_reply(XS_RM, xbt, req, ARRAY_SIZE(req)); + msg = errmsg(rep); + if (msg) + return msg; + free(rep); + return NULL; +} + +char *xenbus_get_perms(xenbus_transaction_t xbt, const char *path, char **value) +{ + struct write_req req[] = { {path, strlen(path) + 1} }; + struct xsd_sockmsg *rep; + char *res, *msg; + rep = xenbus_msg_reply(XS_GET_PERMS, xbt, req, ARRAY_SIZE(req)); + msg = errmsg(rep); + if (msg) { + *value = NULL; + return msg; + } + res = malloc(rep->len + 1); + memcpy(res, rep + 1, rep->len); + res[rep->len] = 0; + free(rep); + *value = res; + return NULL; +} + +#define PERM_MAX_SIZE 32 +char *xenbus_set_perms(xenbus_transaction_t xbt, const char *path, domid_t dom, char perm) +{ + char value[PERM_MAX_SIZE]; + struct write_req req[] = { + {path, strlen(path) + 1}, + {value, 0}, + }; + struct xsd_sockmsg *rep; + char *msg; + snprintf(value, PERM_MAX_SIZE, "%c%hu", perm, dom); + req[1].len = strlen(value) + 1; + rep = xenbus_msg_reply(XS_SET_PERMS, xbt, req, ARRAY_SIZE(req)); + msg = errmsg(rep); + if (msg) + return msg; + free(rep); + return NULL; +} + +char *xenbus_transaction_start(xenbus_transaction_t *xbt) +{ + /* xenstored becomes angry if you send a length 0 message, so just + shove a nul terminator on the end */ + struct write_req req = { "", 1}; + struct xsd_sockmsg *rep; + char *err; + + rep = xenbus_msg_reply(XS_TRANSACTION_START, 0, &req, 1); + err = errmsg(rep); + if (err) + return err; + sscanf((char *)(rep + 1), "%lu", xbt); + free(rep); + return NULL; +} + +char * +xenbus_transaction_end(xenbus_transaction_t t, int abort, int *retry) +{ + struct xsd_sockmsg *rep; + struct write_req req; + char *err; + + *retry = 0; + + req.data = abort ? "F" : "T"; + req.len = 2; + rep = xenbus_msg_reply(XS_TRANSACTION_END, t, &req, 1); + err = errmsg(rep); + if (err) { + if (!strcmp(err, "EAGAIN")) { + *retry = 1; + free(err); + return NULL; + } else { + return err; + } + } + free(rep); + return NULL; +} + +int xenbus_read_integer(const char *path) +{ + char *res, *buf; + int t; + + res = xenbus_read(XBT_NIL, path, &buf); + if (res) { + printk("Failed to read %s.\n", path); + free(res); + return -1; + } + sscanf(buf, "%d", &t); + free(buf); + return t; +} + +int xenbus_read_uuid(const char* path, unsigned char uuid[16]) { + char * res, *buf; + res = xenbus_read(XBT_NIL, path, &buf); + if(res) { + printk("Failed to read %s.\n", path); + free(res); + return 0; + } + if(strlen(buf) != ((2*16)+4) /* 16 hex bytes and 4 hyphens */ + || sscanf(buf, + "%2hhx%2hhx%2hhx%2hhx-" + "%2hhx%2hhx-" + "%2hhx%2hhx-" + "%2hhx%2hhx-" + "%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx", + uuid, uuid + 1, uuid + 2, uuid + 3, + uuid + 4, uuid + 5, uuid + 6, uuid + 7, + uuid + 8, uuid + 9, uuid + 10, uuid + 11, + uuid + 12, uuid + 13, uuid + 14, uuid + 15) != 16) { + printk("Xenbus path %s value %s is not a uuid!\n", path, buf); + free(buf); + return 0; + } + free(buf); + return 1; +} + +char* xenbus_printf(xenbus_transaction_t xbt, + const char* node, const char* path, + const char* fmt, ...) +{ +#define BUFFER_SIZE 256 + char fullpath[BUFFER_SIZE]; + char val[BUFFER_SIZE]; + va_list args; + + BUG_ON(strlen(node) + strlen(path) + 1 >= BUFFER_SIZE); + sprintf(fullpath,"%s/%s", node, path); + va_start(args, fmt); + vsprintf(val, fmt, args); + va_end(args); + return xenbus_write(xbt,fullpath,val); +} + +domid_t xenbus_get_self_id(void) +{ + char *dom_id; + domid_t ret; + + BUG_ON(xenbus_read(XBT_NIL, "domid", &dom_id)); + sscanf(dom_id, "%"SCNd16, &ret); + + return ret; +} + +#ifdef CONFIG_TEST +/* Send a debug message to xenbus. Can block. */ +static void xenbus_debug_msg(const char *msg) +{ + int len = strlen(msg); + struct write_req req[] = { + { "print", sizeof("print") }, + { msg, len }, + { "", 1 }}; + struct xsd_sockmsg *reply; + + reply = xenbus_msg_reply(XS_DEBUG, 0, req, ARRAY_SIZE(req)); + printk("Got a reply, type %d, id %d, len %d.\n", + reply->type, reply->req_id, reply->len); +} + +static void do_ls_test(const char *pre) +{ + char **dirs, *msg; + int x; + + printk("ls %s...\n", pre); + msg = xenbus_ls(XBT_NIL, pre, &dirs); + if (msg) { + printk("Error in xenbus ls: %s\n", msg); + free(msg); + return; + } + for (x = 0; dirs[x]; x++) + { + printk("ls %s[%d] -> %s\n", pre, x, dirs[x]); + free(dirs[x]); + } + free(dirs); +} + +static void do_read_test(const char *path) +{ + char *res, *msg; + printk("Read %s...\n", path); + msg = xenbus_read(XBT_NIL, path, &res); + if (msg) { + printk("Error in xenbus read: %s\n", msg); + free(msg); + return; + } + printk("Read %s -> %s.\n", path, res); + free(res); +} + +static void do_write_test(const char *path, const char *val) +{ + char *msg; + printk("Write %s to %s...\n", val, path); + msg = xenbus_write(XBT_NIL, path, val); + if (msg) { + printk("Result %s\n", msg); + free(msg); + } else { + printk("Success.\n"); + } +} + +static void do_rm_test(const char *path) +{ + char *msg; + printk("rm %s...\n", path); + msg = xenbus_rm(XBT_NIL, path); + if (msg) { + printk("Result %s\n", msg); + free(msg); + } else { + printk("Success.\n"); + } +} + +/* Simple testing thing */ +void test_xenbus(void) +{ + printk("Doing xenbus test.\n"); + xenbus_debug_msg("Testing xenbus...\n"); + + printk("Doing ls test.\n"); + do_ls_test("device"); + do_ls_test("device/vif"); + do_ls_test("device/vif/0"); + + printk("Doing read test.\n"); + do_read_test("device/vif/0/mac"); + do_read_test("device/vif/0/backend"); + + printk("Doing write test.\n"); + do_write_test("device/vif/0/flibble", "flobble"); + do_read_test("device/vif/0/flibble"); + do_write_test("device/vif/0/flibble", "widget"); + do_read_test("device/vif/0/flibble"); + + printk("Doing rm test.\n"); + do_rm_test("device/vif/0/flibble"); + do_read_test("device/vif/0/flibble"); + printk("(Should have said ENOENT)\n"); +} +#endif /* CONFIG_TEST */ + +/* + * Local variables: + * mode: C + * c-basic-offset: 4 + * End: + */ diff --git a/xenbus/xenbus.c b/xenbus/xenbus.c deleted file mode 100644 index b687678..0000000 --- a/xenbus/xenbus.c +++ /dev/null @@ -1,989 +0,0 @@ -/* - **************************************************************************** - * (C) 2006 - Cambridge University - **************************************************************************** - * - * File: xenbus.c - * Author: Steven Smith (sos22@cam.ac.uk) - * Changes: Grzegorz Milos (gm281@cam.ac.uk) - * Changes: John D. Ramsdell - * - * Date: Jun 2006, chages Aug 2005 - * - * Environment: Xen Minimal OS - * Description: Minimal implementation of xenbus - * - **************************************************************************** - **/ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define min(x,y) ({ \ - typeof(x) tmpx = (x); \ - typeof(y) tmpy = (y); \ - tmpx < tmpy ? tmpx : tmpy; \ - }) - -#ifdef XENBUS_DEBUG -#define DEBUG(_f, _a...) \ - printk("MINI_OS(file=xenbus.c, line=%d) " _f , __LINE__, ## _a) -#else -#define DEBUG(_f, _a...) ((void)0) -#endif - -static struct xenstore_domain_interface *xenstore_buf; -static DECLARE_WAIT_QUEUE_HEAD(xb_waitq); -DECLARE_WAIT_QUEUE_HEAD(xenbus_watch_queue); -static __DECLARE_SEMAPHORE_GENERIC(xb_write_sem, 1); - -xenbus_event_queue xenbus_events; -static struct watch { - char *token; - char *path; - xenbus_event_queue *events; - struct watch *next; -} *watches; -struct xenbus_req_info -{ - int in_use:1; - struct wait_queue_head waitq; - void *reply; -}; - -#define NR_REQS 32 -static struct xenbus_req_info req_info[NR_REQS]; - -static char *errmsg(struct xsd_sockmsg *rep); - -uint32_t xenbus_evtchn; - -#ifdef CONFIG_PARAVIRT -void get_xenbus(void *p) -{ - start_info_t *si = p; - - xenbus_evtchn = si->store_evtchn; - xenstore_buf = mfn_to_virt(si->store_mfn); -} -#else -void get_xenbus(void *p) -{ - uint64_t v; - - if ( hvm_get_parameter(HVM_PARAM_STORE_EVTCHN, &v) ) - BUG(); - xenbus_evtchn = v; - - if( hvm_get_parameter(HVM_PARAM_STORE_PFN, &v) ) - BUG(); - xenstore_buf = (struct xenstore_domain_interface *)map_frame_virt(v); -} -#endif - -static void memcpy_from_ring(const void *Ring, - void *Dest, - int off, - int len) -{ - int c1, c2; - const char *ring = Ring; - char *dest = Dest; - c1 = min(len, XENSTORE_RING_SIZE - off); - c2 = len - c1; - memcpy(dest, ring + off, c1); - memcpy(dest + c1, ring, c2); -} - -char **xenbus_wait_for_watch_return(xenbus_event_queue *queue) -{ - struct xenbus_event *event; - DEFINE_WAIT(w); - if (!queue) - queue = &xenbus_events; - while (!(event = *queue)) { - add_waiter(w, xenbus_watch_queue); - schedule(); - } - remove_waiter(w, xenbus_watch_queue); - *queue = event->next; - return &event->path; -} - -void xenbus_wait_for_watch(xenbus_event_queue *queue) -{ - char **ret; - if (!queue) - queue = &xenbus_events; - ret = xenbus_wait_for_watch_return(queue); - if (ret) - free(ret); - else - printk("unexpected path returned by watch\n"); -} - -void xenbus_release_wait_for_watch(xenbus_event_queue *queue) -{ - struct xenbus_event *event = malloc(sizeof(*event)); - event->next = *queue; - *queue = event; - wake_up(&xenbus_watch_queue); -} - -char* xenbus_wait_for_value(const char* path, const char* value, xenbus_event_queue *queue) -{ - if (!queue) - queue = &xenbus_events; - for(;;) - { - char *res, *msg; - int r; - - msg = xenbus_read(XBT_NIL, path, &res); - if(msg) return msg; - - r = strcmp(value,res); - free(res); - - if(r==0) break; - else xenbus_wait_for_watch(queue); - } - return NULL; -} - -char *xenbus_switch_state(xenbus_transaction_t xbt, const char* path, XenbusState state) -{ - char *current_state; - char *msg = NULL; - char *msg2 = NULL; - char value[2]; - XenbusState rs; - int xbt_flag = 0; - int retry = 0; - - do { - if (xbt == XBT_NIL) { - msg = xenbus_transaction_start(&xbt); - if (msg) goto exit; - xbt_flag = 1; - } - - msg = xenbus_read(xbt, path, ¤t_state); - if (msg) goto exit; - - rs = (XenbusState) (current_state[0] - '0'); - free(current_state); - if (rs == state) { - msg = NULL; - goto exit; - } - - snprintf(value, 2, "%d", state); - msg = xenbus_write(xbt, path, value); - -exit: - if (xbt_flag) { - msg2 = xenbus_transaction_end(xbt, 0, &retry); - xbt = XBT_NIL; - } - if (msg == NULL && msg2 != NULL) - msg = msg2; - else - free(msg2); - } while (retry); - - return msg; -} - -char *xenbus_wait_for_state_change(const char* path, XenbusState *state, xenbus_event_queue *queue) -{ - if (!queue) - queue = &xenbus_events; - for(;;) - { - char *res, *msg; - XenbusState rs; - - msg = xenbus_read(XBT_NIL, path, &res); - if(msg) return msg; - - rs = (XenbusState) (res[0] - 48); - free(res); - - if (rs == *state) - xenbus_wait_for_watch(queue); - else { - *state = rs; - break; - } - } - return NULL; -} - - -static void xenbus_read_data(char *buf, unsigned int len) -{ - unsigned int off = 0; - unsigned int prod, cons; - unsigned int size; - - while (off != len) - { - wait_event(xb_waitq, xenstore_buf->rsp_prod != xenstore_buf->rsp_cons); - - prod = xenstore_buf->rsp_prod; - cons = xenstore_buf->rsp_cons; - DEBUG("Rsp_cons %d, rsp_prod %d.\n", cons, prod); - size = min(len - off, prod - cons); - - rmb(); /* Make sure data read from ring is ordered with rsp_prod. */ - memcpy_from_ring(xenstore_buf->rsp, buf + off, - MASK_XENSTORE_IDX(cons), size); - off += size; - mb(); /* memcpy() and rsp_cons update must not be reordered. */ - xenstore_buf->rsp_cons += size; - mb(); /* rsp_cons must be visible before we look at rsp_prod. */ - if (xenstore_buf->rsp_prod - cons >= XENSTORE_RING_SIZE) - notify_remote_via_evtchn(xenbus_evtchn); - } -} - -static void xenbus_thread_func(void *ign) -{ - struct xsd_sockmsg msg; - char *data; - - for (;;) { - xenbus_read_data((char *)&msg, sizeof(msg)); - DEBUG("Msg len %d, %d avail, id %d.\n", msg.len + sizeof(msg), - xenstore_buf->rsp_prod - xenstore_buf->rsp_cons, msg.req_id); - - if (msg.len > XENSTORE_PAYLOAD_MAX) { - printk("Xenstore violates protocol, message longer than allowed.\n"); - return; - } - - if (msg.type == XS_WATCH_EVENT) { - struct xenbus_event *event = malloc(sizeof(*event) + msg.len); - xenbus_event_queue *events = NULL; - struct watch *watch; - char *c; - int zeroes = 0; - - data = (char*)event + sizeof(*event); - xenbus_read_data(data, msg.len); - - for (c = data; c < data + msg.len; c++) - if (!*c) - zeroes++; - if (zeroes != 2) { - printk("Xenstore: illegal watch event data\n"); - free(event); - continue; - } - - event->path = data; - event->token = event->path + strlen(event->path) + 1; - - for (watch = watches; watch; watch = watch->next) - if (!strcmp(watch->token, event->token)) { - events = watch->events; - break; - } - - if (events) { - event->next = *events; - *events = event; - wake_up(&xenbus_watch_queue); - } else { - printk("Xenstore: unexpected watch token %s\n", event->token); - free(event); - } - - continue; - } - - data = malloc(sizeof(msg) + msg.len); - memcpy(data, &msg, sizeof(msg)); - xenbus_read_data(data + sizeof(msg), msg.len); - - if (msg.req_id >= NR_REQS || !req_info[msg.req_id].in_use) { - printk("Xenstore: illegal request id %d\n", msg.req_id); - free(data); - continue; - } - - DEBUG("Message is good.\n"); - - req_info[msg.req_id].reply = data; - - wake_up(&req_info[msg.req_id].waitq); - } -} - -static void xenbus_evtchn_handler(evtchn_port_t port, struct pt_regs *regs, - void *ign) -{ - wake_up(&xb_waitq); -} - -static int nr_live_reqs; -static DEFINE_SPINLOCK(req_lock); -static DECLARE_WAIT_QUEUE_HEAD(req_wq); - -/* Release a xenbus identifier */ -static void release_xenbus_id(int id) -{ - BUG_ON(!req_info[id].in_use); - spin_lock(&req_lock); - req_info[id].in_use = 0; - nr_live_reqs--; - req_info[id].in_use = 0; - if (nr_live_reqs == 0 || nr_live_reqs == NR_REQS - 1) - wake_up(&req_wq); - spin_unlock(&req_lock); -} - -/* Allocate an identifier for a xenbus request. Blocks if none are - available. */ -static int allocate_xenbus_id(void) -{ - static int probe; - int o_probe; - - while (1) - { - spin_lock(&req_lock); - if (nr_live_reqs < NR_REQS) - break; - spin_unlock(&req_lock); - wait_event(req_wq, (nr_live_reqs < NR_REQS)); - } - - o_probe = probe; - for (;;) - { - if (!req_info[o_probe].in_use) - break; - o_probe = (o_probe + 1) % NR_REQS; - BUG_ON(o_probe == probe); - } - nr_live_reqs++; - req_info[o_probe].in_use = 1; - probe = (o_probe + 1) % NR_REQS; - spin_unlock(&req_lock); - init_waitqueue_head(&req_info[o_probe].waitq); - - return o_probe; -} - -/* Initialise xenbus. */ -void init_xenbus(void) -{ - int err; - DEBUG("init_xenbus called.\n"); - create_thread("xenstore", xenbus_thread_func, NULL); - DEBUG("buf at %p.\n", xenstore_buf); - err = bind_evtchn(xenbus_evtchn, xenbus_evtchn_handler, NULL); - unmask_evtchn(xenbus_evtchn); - printk("xenbus initialised on irq %d\n", err); -} - -void fini_xenbus(void) -{ -} - -void suspend_xenbus(void) -{ - /* Check for live requests and wait until they finish */ - while (1) - { - spin_lock(&req_lock); - if (nr_live_reqs == 0) - break; - spin_unlock(&req_lock); - wait_event(req_wq, (nr_live_reqs == 0)); - } - - mask_evtchn(xenbus_evtchn); - xenstore_buf = NULL; - spin_unlock(&req_lock); -} - -void resume_xenbus(int canceled) -{ - char *msg; - struct watch *watch; - struct write_req req[2]; - struct xsd_sockmsg *rep; - -#ifdef CONFIG_PARAVIRT - get_xenbus(&start_info); -#else - get_xenbus(0); -#endif - unmask_evtchn(xenbus_evtchn); - - if (!canceled) { - for (watch = watches; watch; watch = watch->next) { - req[0].data = watch->path; - req[0].len = strlen(watch->path) + 1; - req[1].data = watch->token; - req[1].len = strlen(watch->token) + 1; - - rep = xenbus_msg_reply(XS_WATCH, XBT_NIL, req, ARRAY_SIZE(req)); - msg = errmsg(rep); - if (msg) { - xprintk("error on XS_WATCH: %s\n", msg); - free(msg); - } else - free(rep); - } - } - - notify_remote_via_evtchn(xenbus_evtchn); -} - -/* Send data to xenbus. This can block. All of the requests are seen - by xenbus as if sent atomically. The header is added - automatically, using type %type, req_id %req_id, and trans_id - %trans_id. */ -static void xb_write(int type, int req_id, xenbus_transaction_t trans_id, - const struct write_req *req, int nr_reqs) -{ - XENSTORE_RING_IDX prod; - int r; - int len = 0; - const struct write_req *cur_req; - int req_off; - int total_off; - int this_chunk; - struct xsd_sockmsg m = {.type = type, .req_id = req_id, - .tx_id = trans_id }; - struct write_req header_req = { &m, sizeof(m) }; - - for (r = 0; r < nr_reqs; r++) - len += req[r].len; - m.len = len; - len += sizeof(m); - - cur_req = &header_req; - - BUG_ON(len > XENSTORE_PAYLOAD_MAX); - - /* Make sure we are the only thread trying to write. */ - down(&xb_write_sem); - - /* Send the message in chunks using free ring space when available. */ - total_off = 0; - req_off = 0; - while (total_off < len) - { - prod = xenstore_buf->req_prod; - if (prod - xenstore_buf->req_cons >= XENSTORE_RING_SIZE) - { - /* Send evtchn to notify remote */ - notify_remote_via_evtchn(xenbus_evtchn); - - /* Wait for there to be space on the ring */ - DEBUG("prod %d, len %d, cons %d, size %d; waiting.\n", prod, - len - total_off, xenstore_buf->req_cons, XENSTORE_RING_SIZE); - wait_event(xb_waitq, - prod - xenstore_buf->req_cons < XENSTORE_RING_SIZE); - DEBUG("Back from wait.\n"); - } - - this_chunk = min(cur_req->len - req_off, - XENSTORE_RING_SIZE - MASK_XENSTORE_IDX(prod)); - this_chunk = min(this_chunk, - xenstore_buf->req_cons + XENSTORE_RING_SIZE - prod); - memcpy((char *)xenstore_buf->req + MASK_XENSTORE_IDX(prod), - (char *)cur_req->data + req_off, this_chunk); - prod += this_chunk; - req_off += this_chunk; - total_off += this_chunk; - if (req_off == cur_req->len) - { - req_off = 0; - if (cur_req == &header_req) - cur_req = req; - else - cur_req++; - } - - /* Remote must see entire message before updating indexes */ - wmb(); - xenstore_buf->req_prod = prod; - } - - /* Send evtchn to notify remote */ - notify_remote_via_evtchn(xenbus_evtchn); - - DEBUG("Complete main loop of xb_write.\n"); - BUG_ON(req_off != 0); - BUG_ON(total_off != len); - - up(&xb_write_sem); -} - -/* Send a mesasge to xenbus, in the same fashion as xb_write, and - block waiting for a reply. The reply is malloced and should be - freed by the caller. */ -struct xsd_sockmsg * -xenbus_msg_reply(int type, - xenbus_transaction_t trans, - struct write_req *io, - int nr_reqs) -{ - int id; - DEFINE_WAIT(w); - struct xsd_sockmsg *rep; - - id = allocate_xenbus_id(); - add_waiter(w, req_info[id].waitq); - - xb_write(type, id, trans, io, nr_reqs); - - schedule(); - remove_waiter(w, req_info[id].waitq); - wake(current); - - rep = req_info[id].reply; - BUG_ON(rep->req_id != id); - release_xenbus_id(id); - return rep; -} - -static char *errmsg(struct xsd_sockmsg *rep) -{ - char *res; - if (!rep) { - char msg[] = "No reply"; - size_t len = strlen(msg) + 1; - return memcpy(malloc(len), msg, len); - } - if (rep->type != XS_ERROR) - return NULL; - res = malloc(rep->len + 1); - memcpy(res, rep + 1, rep->len); - res[rep->len] = 0; - free(rep); - return res; -} - -/* List the contents of a directory. Returns a malloc()ed array of - pointers to malloc()ed strings. The array is NULL terminated. May - block. */ -char *xenbus_ls(xenbus_transaction_t xbt, const char *pre, char ***contents) -{ - struct xsd_sockmsg *reply, *repmsg; - struct write_req req[] = { { pre, strlen(pre)+1 } }; - int nr_elems, x, i; - char **res, *msg; - - repmsg = xenbus_msg_reply(XS_DIRECTORY, xbt, req, ARRAY_SIZE(req)); - msg = errmsg(repmsg); - if (msg) { - *contents = NULL; - return msg; - } - reply = repmsg + 1; - for (x = nr_elems = 0; x < repmsg->len; x++) - nr_elems += (((char *)reply)[x] == 0); - res = malloc(sizeof(res[0]) * (nr_elems + 1)); - for (x = i = 0; i < nr_elems; i++) { - int l = strlen((char *)reply + x); - res[i] = malloc(l + 1); - memcpy(res[i], (char *)reply + x, l + 1); - x += l + 1; - } - res[i] = NULL; - free(repmsg); - *contents = res; - return NULL; -} - -char *xenbus_read(xenbus_transaction_t xbt, const char *path, char **value) -{ - struct write_req req[] = { {path, strlen(path) + 1} }; - struct xsd_sockmsg *rep; - char *res, *msg; - rep = xenbus_msg_reply(XS_READ, xbt, req, ARRAY_SIZE(req)); - msg = errmsg(rep); - if (msg) { - *value = NULL; - return msg; - } - res = malloc(rep->len + 1); - memcpy(res, rep + 1, rep->len); - res[rep->len] = 0; - free(rep); - *value = res; - return NULL; -} - -char *xenbus_write(xenbus_transaction_t xbt, const char *path, const char *value) -{ - struct write_req req[] = { - {path, strlen(path) + 1}, - {value, strlen(value)}, - }; - struct xsd_sockmsg *rep; - char *msg; - rep = xenbus_msg_reply(XS_WRITE, xbt, req, ARRAY_SIZE(req)); - msg = errmsg(rep); - if (msg) return msg; - free(rep); - return NULL; -} - -char* xenbus_watch_path_token( xenbus_transaction_t xbt, const char *path, const char *token, xenbus_event_queue *events) -{ - struct xsd_sockmsg *rep; - - struct write_req req[] = { - {path, strlen(path) + 1}, - {token, strlen(token) + 1}, - }; - - struct watch *watch = malloc(sizeof(*watch)); - - char *msg; - - if (!events) - events = &xenbus_events; - - watch->token = strdup(token); - watch->path = strdup(path); - watch->events = events; - watch->next = watches; - watches = watch; - - rep = xenbus_msg_reply(XS_WATCH, xbt, req, ARRAY_SIZE(req)); - - msg = errmsg(rep); - if (msg) return msg; - free(rep); - - return NULL; -} - -char* xenbus_unwatch_path_token( xenbus_transaction_t xbt, const char *path, const char *token) -{ - struct xsd_sockmsg *rep; - - struct write_req req[] = { - {path, strlen(path) + 1}, - {token, strlen(token) + 1}, - }; - - struct watch *watch, **prev; - - char *msg; - - rep = xenbus_msg_reply(XS_UNWATCH, xbt, req, ARRAY_SIZE(req)); - - msg = errmsg(rep); - if (msg) return msg; - free(rep); - - for (prev = &watches, watch = *prev; watch; prev = &watch->next, watch = *prev) - if (!strcmp(watch->token, token)) { - free(watch->token); - free(watch->path); - *prev = watch->next; - free(watch); - break; - } - - return NULL; -} - -char *xenbus_rm(xenbus_transaction_t xbt, const char *path) -{ - struct write_req req[] = { {path, strlen(path) + 1} }; - struct xsd_sockmsg *rep; - char *msg; - rep = xenbus_msg_reply(XS_RM, xbt, req, ARRAY_SIZE(req)); - msg = errmsg(rep); - if (msg) - return msg; - free(rep); - return NULL; -} - -char *xenbus_get_perms(xenbus_transaction_t xbt, const char *path, char **value) -{ - struct write_req req[] = { {path, strlen(path) + 1} }; - struct xsd_sockmsg *rep; - char *res, *msg; - rep = xenbus_msg_reply(XS_GET_PERMS, xbt, req, ARRAY_SIZE(req)); - msg = errmsg(rep); - if (msg) { - *value = NULL; - return msg; - } - res = malloc(rep->len + 1); - memcpy(res, rep + 1, rep->len); - res[rep->len] = 0; - free(rep); - *value = res; - return NULL; -} - -#define PERM_MAX_SIZE 32 -char *xenbus_set_perms(xenbus_transaction_t xbt, const char *path, domid_t dom, char perm) -{ - char value[PERM_MAX_SIZE]; - struct write_req req[] = { - {path, strlen(path) + 1}, - {value, 0}, - }; - struct xsd_sockmsg *rep; - char *msg; - snprintf(value, PERM_MAX_SIZE, "%c%hu", perm, dom); - req[1].len = strlen(value) + 1; - rep = xenbus_msg_reply(XS_SET_PERMS, xbt, req, ARRAY_SIZE(req)); - msg = errmsg(rep); - if (msg) - return msg; - free(rep); - return NULL; -} - -char *xenbus_transaction_start(xenbus_transaction_t *xbt) -{ - /* xenstored becomes angry if you send a length 0 message, so just - shove a nul terminator on the end */ - struct write_req req = { "", 1}; - struct xsd_sockmsg *rep; - char *err; - - rep = xenbus_msg_reply(XS_TRANSACTION_START, 0, &req, 1); - err = errmsg(rep); - if (err) - return err; - sscanf((char *)(rep + 1), "%lu", xbt); - free(rep); - return NULL; -} - -char * -xenbus_transaction_end(xenbus_transaction_t t, int abort, int *retry) -{ - struct xsd_sockmsg *rep; - struct write_req req; - char *err; - - *retry = 0; - - req.data = abort ? "F" : "T"; - req.len = 2; - rep = xenbus_msg_reply(XS_TRANSACTION_END, t, &req, 1); - err = errmsg(rep); - if (err) { - if (!strcmp(err, "EAGAIN")) { - *retry = 1; - free(err); - return NULL; - } else { - return err; - } - } - free(rep); - return NULL; -} - -int xenbus_read_integer(const char *path) -{ - char *res, *buf; - int t; - - res = xenbus_read(XBT_NIL, path, &buf); - if (res) { - printk("Failed to read %s.\n", path); - free(res); - return -1; - } - sscanf(buf, "%d", &t); - free(buf); - return t; -} - -int xenbus_read_uuid(const char* path, unsigned char uuid[16]) { - char * res, *buf; - res = xenbus_read(XBT_NIL, path, &buf); - if(res) { - printk("Failed to read %s.\n", path); - free(res); - return 0; - } - if(strlen(buf) != ((2*16)+4) /* 16 hex bytes and 4 hyphens */ - || sscanf(buf, - "%2hhx%2hhx%2hhx%2hhx-" - "%2hhx%2hhx-" - "%2hhx%2hhx-" - "%2hhx%2hhx-" - "%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx", - uuid, uuid + 1, uuid + 2, uuid + 3, - uuid + 4, uuid + 5, uuid + 6, uuid + 7, - uuid + 8, uuid + 9, uuid + 10, uuid + 11, - uuid + 12, uuid + 13, uuid + 14, uuid + 15) != 16) { - printk("Xenbus path %s value %s is not a uuid!\n", path, buf); - free(buf); - return 0; - } - free(buf); - return 1; -} - -char* xenbus_printf(xenbus_transaction_t xbt, - const char* node, const char* path, - const char* fmt, ...) -{ -#define BUFFER_SIZE 256 - char fullpath[BUFFER_SIZE]; - char val[BUFFER_SIZE]; - va_list args; - - BUG_ON(strlen(node) + strlen(path) + 1 >= BUFFER_SIZE); - sprintf(fullpath,"%s/%s", node, path); - va_start(args, fmt); - vsprintf(val, fmt, args); - va_end(args); - return xenbus_write(xbt,fullpath,val); -} - -domid_t xenbus_get_self_id(void) -{ - char *dom_id; - domid_t ret; - - BUG_ON(xenbus_read(XBT_NIL, "domid", &dom_id)); - sscanf(dom_id, "%"SCNd16, &ret); - - return ret; -} - -#ifdef CONFIG_TEST -/* Send a debug message to xenbus. Can block. */ -static void xenbus_debug_msg(const char *msg) -{ - int len = strlen(msg); - struct write_req req[] = { - { "print", sizeof("print") }, - { msg, len }, - { "", 1 }}; - struct xsd_sockmsg *reply; - - reply = xenbus_msg_reply(XS_DEBUG, 0, req, ARRAY_SIZE(req)); - printk("Got a reply, type %d, id %d, len %d.\n", - reply->type, reply->req_id, reply->len); -} - -static void do_ls_test(const char *pre) -{ - char **dirs, *msg; - int x; - - printk("ls %s...\n", pre); - msg = xenbus_ls(XBT_NIL, pre, &dirs); - if (msg) { - printk("Error in xenbus ls: %s\n", msg); - free(msg); - return; - } - for (x = 0; dirs[x]; x++) - { - printk("ls %s[%d] -> %s\n", pre, x, dirs[x]); - free(dirs[x]); - } - free(dirs); -} - -static void do_read_test(const char *path) -{ - char *res, *msg; - printk("Read %s...\n", path); - msg = xenbus_read(XBT_NIL, path, &res); - if (msg) { - printk("Error in xenbus read: %s\n", msg); - free(msg); - return; - } - printk("Read %s -> %s.\n", path, res); - free(res); -} - -static void do_write_test(const char *path, const char *val) -{ - char *msg; - printk("Write %s to %s...\n", val, path); - msg = xenbus_write(XBT_NIL, path, val); - if (msg) { - printk("Result %s\n", msg); - free(msg); - } else { - printk("Success.\n"); - } -} - -static void do_rm_test(const char *path) -{ - char *msg; - printk("rm %s...\n", path); - msg = xenbus_rm(XBT_NIL, path); - if (msg) { - printk("Result %s\n", msg); - free(msg); - } else { - printk("Success.\n"); - } -} - -/* Simple testing thing */ -void test_xenbus(void) -{ - printk("Doing xenbus test.\n"); - xenbus_debug_msg("Testing xenbus...\n"); - - printk("Doing ls test.\n"); - do_ls_test("device"); - do_ls_test("device/vif"); - do_ls_test("device/vif/0"); - - printk("Doing read test.\n"); - do_read_test("device/vif/0/mac"); - do_read_test("device/vif/0/backend"); - - printk("Doing write test.\n"); - do_write_test("device/vif/0/flibble", "flobble"); - do_read_test("device/vif/0/flibble"); - do_write_test("device/vif/0/flibble", "widget"); - do_read_test("device/vif/0/flibble"); - - printk("Doing rm test.\n"); - do_rm_test("device/vif/0/flibble"); - do_read_test("device/vif/0/flibble"); - printk("(Should have said ENOENT)\n"); -} -#endif /* CONFIG_TEST */ - -/* - * Local variables: - * mode: C - * c-basic-offset: 4 - * End: - */ -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 08:55:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 08:55:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.359993.589314 (Exim 4.92) (envelope-from ) id 1o8HrO-0002Gu-6Q; Mon, 04 Jul 2022 08:55:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 359993.589314; Mon, 04 Jul 2022 08:55:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HrO-0002Gn-3f; Mon, 04 Jul 2022 08:55:14 +0000 Received: by outflank-mailman (input) for mailman id 359993; Mon, 04 Jul 2022 08:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HrM-0002GX-Rc for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HrM-0003QH-Qq for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8HrM-0005hu-Q1 for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oBfp9YP9NVi3XMeLTjf3TTvLVhH+WP7uWpt72pAk0m4=; b=J6PlaZkb9XThmlEOnIvuJasy8j KIJXuywp4SYDSzs+IWEwSCJ2l1JPIKY0uEhQ2RmN8QJbHULbE+5CQRwaS5FlUErfJUB2WwoUxEtf/ LjKDfXBGtH/p3P39o2qhZlGs4u09trhcbvlHbBbN21LG6S0tVMoxSpwL1BqG7Hx6b0qw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: apply coding style to xenbus.c Message-Id: Date: Mon, 04 Jul 2022 08:55:12 +0000 commit e09aa795b2d75189461e25e2ba9b66bb70225de7 Author: Juergen Gross AuthorDate: Mon Jun 20 09:38:14 2022 +0200 Commit: Julien Grall CommitDate: Mon Jul 4 09:50:19 2022 +0100 mini-os: apply coding style to xenbus.c Make xenbus.c coding style compliant. Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- xenbus.c | 510 +++++++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 303 insertions(+), 207 deletions(-) diff --git a/xenbus.c b/xenbus.c index b687678..aa1fe7b 100644 --- a/xenbus.c +++ b/xenbus.c @@ -1,15 +1,15 @@ -/* +/* **************************************************************************** * (C) 2006 - Cambridge University **************************************************************************** * * File: xenbus.c - * Author: Steven Smith (sos22@cam.ac.uk) + * Author: Steven Smith (sos22@cam.ac.uk) * Changes: Grzegorz Milos (gm281@cam.ac.uk) * Changes: John D. Ramsdell - * + * * Date: Jun 2006, chages Aug 2005 - * + * * Environment: Xen Minimal OS * Description: Minimal implementation of xenbus * @@ -32,10 +32,10 @@ #include #define min(x,y) ({ \ - typeof(x) tmpx = (x); \ - typeof(y) tmpy = (y); \ - tmpx < tmpy ? tmpx : tmpy; \ - }) + typeof(x) tmpx = (x); \ + typeof(y) tmpy = (y); \ + tmpx < tmpy ? tmpx : tmpy; \ + }) #ifdef XENBUS_DEBUG #define DEBUG(_f, _a...) \ @@ -56,7 +56,8 @@ static struct watch { xenbus_event_queue *events; struct watch *next; } *watches; -struct xenbus_req_info + +struct xenbus_req_info { int in_use:1; struct wait_queue_head waitq; @@ -93,14 +94,12 @@ void get_xenbus(void *p) } #endif -static void memcpy_from_ring(const void *Ring, - void *Dest, - int off, - int len) +static void memcpy_from_ring(const void *Ring, void *Dest, int off, int len) { int c1, c2; const char *ring = Ring; char *dest = Dest; + c1 = min(len, XENSTORE_RING_SIZE - off); c2 = len - c1; memcpy(dest, ring + off, c1); @@ -111,24 +110,28 @@ char **xenbus_wait_for_watch_return(xenbus_event_queue *queue) { struct xenbus_event *event; DEFINE_WAIT(w); - if (!queue) + + if ( !queue ) queue = &xenbus_events; - while (!(event = *queue)) { + while ( !(event = *queue) ) + { add_waiter(w, xenbus_watch_queue); schedule(); } remove_waiter(w, xenbus_watch_queue); *queue = event->next; + return &event->path; } void xenbus_wait_for_watch(xenbus_event_queue *queue) { char **ret; - if (!queue) + + if ( !queue ) queue = &xenbus_events; ret = xenbus_wait_for_watch_return(queue); - if (ret) + if ( ret ) free(ret); else printk("unexpected path returned by watch\n"); @@ -137,33 +140,39 @@ void xenbus_wait_for_watch(xenbus_event_queue *queue) void xenbus_release_wait_for_watch(xenbus_event_queue *queue) { struct xenbus_event *event = malloc(sizeof(*event)); + event->next = *queue; *queue = event; wake_up(&xenbus_watch_queue); } -char* xenbus_wait_for_value(const char* path, const char* value, xenbus_event_queue *queue) +char *xenbus_wait_for_value(const char *path, const char *value, + xenbus_event_queue *queue) { - if (!queue) + if ( !queue ) queue = &xenbus_events; - for(;;) + + for( ;; ) { char *res, *msg; int r; msg = xenbus_read(XBT_NIL, path, &res); - if(msg) return msg; + if ( msg ) + return msg; r = strcmp(value,res); free(res); - if(r==0) break; - else xenbus_wait_for_watch(queue); + if ( r==0 ) + return NULL; + + xenbus_wait_for_watch(queue); } - return NULL; } -char *xenbus_switch_state(xenbus_transaction_t xbt, const char* path, XenbusState state) +char *xenbus_switch_state(xenbus_transaction_t xbt, const char *path, + XenbusState state) { char *current_state; char *msg = NULL; @@ -174,18 +183,22 @@ char *xenbus_switch_state(xenbus_transaction_t xbt, const char* path, XenbusStat int retry = 0; do { - if (xbt == XBT_NIL) { + if ( xbt == XBT_NIL ) + { msg = xenbus_transaction_start(&xbt); - if (msg) goto exit; + if ( msg ) + goto exit; xbt_flag = 1; } msg = xenbus_read(xbt, path, ¤t_state); - if (msg) goto exit; + if ( msg ) + goto exit; rs = (XenbusState) (current_state[0] - '0'); free(current_state); - if (rs == state) { + if ( rs == state ) + { msg = NULL; goto exit; } @@ -194,37 +207,42 @@ char *xenbus_switch_state(xenbus_transaction_t xbt, const char* path, XenbusStat msg = xenbus_write(xbt, path, value); exit: - if (xbt_flag) { + if ( xbt_flag ) + { msg2 = xenbus_transaction_end(xbt, 0, &retry); xbt = XBT_NIL; } - if (msg == NULL && msg2 != NULL) + if ( msg == NULL && msg2 != NULL ) msg = msg2; else free(msg2); - } while (retry); + } while ( retry ); return msg; } -char *xenbus_wait_for_state_change(const char* path, XenbusState *state, xenbus_event_queue *queue) +char *xenbus_wait_for_state_change(const char *path, XenbusState *state, + xenbus_event_queue *queue) { - if (!queue) + if ( !queue ) queue = &xenbus_events; - for(;;) + + for( ;; ) { char *res, *msg; XenbusState rs; msg = xenbus_read(XBT_NIL, path, &res); - if(msg) return msg; + if ( msg ) + return msg; - rs = (XenbusState) (res[0] - 48); + rs = (XenbusState)(res[0] - 48); free(res); - if (rs == *state) + if ( rs == *state ) xenbus_wait_for_watch(queue); - else { + else + { *state = rs; break; } @@ -232,14 +250,13 @@ char *xenbus_wait_for_state_change(const char* path, XenbusState *state, xenbus_ return NULL; } - static void xenbus_read_data(char *buf, unsigned int len) { unsigned int off = 0; unsigned int prod, cons; unsigned int size; - while (off != len) + while ( off != len ) { wait_event(xb_waitq, xenstore_buf->rsp_prod != xenstore_buf->rsp_cons); @@ -255,7 +272,7 @@ static void xenbus_read_data(char *buf, unsigned int len) mb(); /* memcpy() and rsp_cons update must not be reordered. */ xenstore_buf->rsp_cons += size; mb(); /* rsp_cons must be visible before we look at rsp_prod. */ - if (xenstore_buf->rsp_prod - cons >= XENSTORE_RING_SIZE) + if ( xenstore_buf->rsp_prod - cons >= XENSTORE_RING_SIZE ) notify_remote_via_evtchn(xenbus_evtchn); } } @@ -265,30 +282,35 @@ static void xenbus_thread_func(void *ign) struct xsd_sockmsg msg; char *data; - for (;;) { + for ( ;; ) + { xenbus_read_data((char *)&msg, sizeof(msg)); DEBUG("Msg len %d, %d avail, id %d.\n", msg.len + sizeof(msg), xenstore_buf->rsp_prod - xenstore_buf->rsp_cons, msg.req_id); - if (msg.len > XENSTORE_PAYLOAD_MAX) { + if ( msg.len > XENSTORE_PAYLOAD_MAX ) + { printk("Xenstore violates protocol, message longer than allowed.\n"); return; } - if (msg.type == XS_WATCH_EVENT) { + if ( msg.type == XS_WATCH_EVENT ) + { struct xenbus_event *event = malloc(sizeof(*event) + msg.len); xenbus_event_queue *events = NULL; struct watch *watch; char *c; int zeroes = 0; - data = (char*)event + sizeof(*event); + data = (char *)event + sizeof(*event); xenbus_read_data(data, msg.len); - for (c = data; c < data + msg.len; c++) - if (!*c) + for ( c = data; c < data + msg.len; c++ ) + if ( !*c ) zeroes++; - if (zeroes != 2) { + + if ( zeroes != 2 ) + { printk("Xenstore: illegal watch event data\n"); free(event); continue; @@ -297,17 +319,21 @@ static void xenbus_thread_func(void *ign) event->path = data; event->token = event->path + strlen(event->path) + 1; - for (watch = watches; watch; watch = watch->next) - if (!strcmp(watch->token, event->token)) { + for ( watch = watches; watch; watch = watch->next ) + if ( !strcmp(watch->token, event->token) ) + { events = watch->events; break; } - if (events) { + if ( events ) + { event->next = *events; *events = event; wake_up(&xenbus_watch_queue); - } else { + } + else + { printk("Xenstore: unexpected watch token %s\n", event->token); free(event); } @@ -319,7 +345,8 @@ static void xenbus_thread_func(void *ign) memcpy(data, &msg, sizeof(msg)); xenbus_read_data(data + sizeof(msg), msg.len); - if (msg.req_id >= NR_REQS || !req_info[msg.req_id].in_use) { + if ( msg.req_id >= NR_REQS || !req_info[msg.req_id].in_use ) + { printk("Xenstore: illegal request id %d\n", msg.req_id); free(data); continue; @@ -334,7 +361,7 @@ static void xenbus_thread_func(void *ign) } static void xenbus_evtchn_handler(evtchn_port_t port, struct pt_regs *regs, - void *ign) + void *ign) { wake_up(&xb_waitq); } @@ -347,12 +374,15 @@ static DECLARE_WAIT_QUEUE_HEAD(req_wq); static void release_xenbus_id(int id) { BUG_ON(!req_info[id].in_use); + spin_lock(&req_lock); + req_info[id].in_use = 0; nr_live_reqs--; req_info[id].in_use = 0; - if (nr_live_reqs == 0 || nr_live_reqs == NR_REQS - 1) + if ( nr_live_reqs == 0 || nr_live_reqs == NR_REQS - 1 ) wake_up(&req_wq); + spin_unlock(&req_lock); } @@ -363,27 +393,27 @@ static int allocate_xenbus_id(void) static int probe; int o_probe; - while (1) + while ( 1 ) { spin_lock(&req_lock); - if (nr_live_reqs < NR_REQS) + if ( nr_live_reqs < NR_REQS ) break; spin_unlock(&req_lock); - wait_event(req_wq, (nr_live_reqs < NR_REQS)); + wait_event(req_wq, nr_live_reqs < NR_REQS); } o_probe = probe; - for (;;) + while ( req_info[o_probe].in_use ) { - if (!req_info[o_probe].in_use) - break; o_probe = (o_probe + 1) % NR_REQS; BUG_ON(o_probe == probe); } nr_live_reqs++; req_info[o_probe].in_use = 1; probe = (o_probe + 1) % NR_REQS; + spin_unlock(&req_lock); + init_waitqueue_head(&req_info[o_probe].waitq); return o_probe; @@ -393,6 +423,7 @@ static int allocate_xenbus_id(void) void init_xenbus(void) { int err; + DEBUG("init_xenbus called.\n"); create_thread("xenstore", xenbus_thread_func, NULL); DEBUG("buf at %p.\n", xenstore_buf); @@ -408,13 +439,13 @@ void fini_xenbus(void) void suspend_xenbus(void) { /* Check for live requests and wait until they finish */ - while (1) + while ( 1 ) { spin_lock(&req_lock); - if (nr_live_reqs == 0) + if ( nr_live_reqs == 0 ) break; spin_unlock(&req_lock); - wait_event(req_wq, (nr_live_reqs == 0)); + wait_event(req_wq, nr_live_reqs == 0); } mask_evtchn(xenbus_evtchn); @@ -436,8 +467,10 @@ void resume_xenbus(int canceled) #endif unmask_evtchn(xenbus_evtchn); - if (!canceled) { - for (watch = watches; watch; watch = watch->next) { + if ( !canceled ) + { + for ( watch = watches; watch; watch = watch->next ) + { req[0].data = watch->path; req[0].len = strlen(watch->path) + 1; req[1].data = watch->token; @@ -445,10 +478,12 @@ void resume_xenbus(int canceled) rep = xenbus_msg_reply(XS_WATCH, XBT_NIL, req, ARRAY_SIZE(req)); msg = errmsg(rep); - if (msg) { + if ( msg ) + { xprintk("error on XS_WATCH: %s\n", msg); free(msg); - } else + } + else free(rep); } } @@ -456,12 +491,14 @@ void resume_xenbus(int canceled) notify_remote_via_evtchn(xenbus_evtchn); } -/* Send data to xenbus. This can block. All of the requests are seen - by xenbus as if sent atomically. The header is added - automatically, using type %type, req_id %req_id, and trans_id - %trans_id. */ +/* + * Send data to xenbus. This can block. All of the requests are seen + * by xenbus as if sent atomically. The header is added + * automatically, using type %type, req_id %req_id, and trans_id + * %trans_id. + */ static void xb_write(int type, int req_id, xenbus_transaction_t trans_id, - const struct write_req *req, int nr_reqs) + const struct write_req *req, int nr_reqs) { XENSTORE_RING_IDX prod; int r; @@ -470,12 +507,12 @@ static void xb_write(int type, int req_id, xenbus_transaction_t trans_id, int req_off; int total_off; int this_chunk; - struct xsd_sockmsg m = {.type = type, .req_id = req_id, - .tx_id = trans_id }; + struct xsd_sockmsg m = {.type = type, .req_id = req_id, .tx_id = trans_id }; struct write_req header_req = { &m, sizeof(m) }; - for (r = 0; r < nr_reqs; r++) + for ( r = 0; r < nr_reqs; r++ ) len += req[r].len; + m.len = len; len += sizeof(m); @@ -489,10 +526,10 @@ static void xb_write(int type, int req_id, xenbus_transaction_t trans_id, /* Send the message in chunks using free ring space when available. */ total_off = 0; req_off = 0; - while (total_off < len) + while ( total_off < len ) { prod = xenstore_buf->req_prod; - if (prod - xenstore_buf->req_cons >= XENSTORE_RING_SIZE) + if ( prod - xenstore_buf->req_cons >= XENSTORE_RING_SIZE ) { /* Send evtchn to notify remote */ notify_remote_via_evtchn(xenbus_evtchn); @@ -514,10 +551,10 @@ static void xb_write(int type, int req_id, xenbus_transaction_t trans_id, prod += this_chunk; req_off += this_chunk; total_off += this_chunk; - if (req_off == cur_req->len) + if ( req_off == cur_req->len ) { req_off = 0; - if (cur_req == &header_req) + if ( cur_req == &header_req ) cur_req = req; else cur_req++; @@ -538,14 +575,13 @@ static void xb_write(int type, int req_id, xenbus_transaction_t trans_id, up(&xb_write_sem); } -/* Send a mesasge to xenbus, in the same fashion as xb_write, and - block waiting for a reply. The reply is malloced and should be - freed by the caller. */ -struct xsd_sockmsg * -xenbus_msg_reply(int type, - xenbus_transaction_t trans, - struct write_req *io, - int nr_reqs) +/* + * Send a mesasge to xenbus, in the same fashion as xb_write, and + * block waiting for a reply. The reply is malloced and should be + * freed by the caller. + */ +struct xsd_sockmsg *xenbus_msg_reply(int type, xenbus_transaction_t trans, + struct write_req *io, int nr_reqs) { int id; DEFINE_WAIT(w); @@ -563,29 +599,36 @@ xenbus_msg_reply(int type, rep = req_info[id].reply; BUG_ON(rep->req_id != id); release_xenbus_id(id); + return rep; } static char *errmsg(struct xsd_sockmsg *rep) { char *res; - if (!rep) { - char msg[] = "No reply"; - size_t len = strlen(msg) + 1; - return memcpy(malloc(len), msg, len); + + if ( !rep ) + { + char msg[] = "No reply"; + size_t len = strlen(msg) + 1; + return memcpy(malloc(len), msg, len); } - if (rep->type != XS_ERROR) - return NULL; + if ( rep->type != XS_ERROR ) + return NULL; + res = malloc(rep->len + 1); memcpy(res, rep + 1, rep->len); res[rep->len] = 0; free(rep); + return res; } -/* List the contents of a directory. Returns a malloc()ed array of - pointers to malloc()ed strings. The array is NULL terminated. May - block. */ +/* + * List the contents of a directory. Returns a malloc()ed array of + * pointers to malloc()ed strings. The array is NULL terminated. May + * block. + */ char *xenbus_ls(xenbus_transaction_t xbt, const char *pre, char ***contents) { struct xsd_sockmsg *reply, *repmsg; @@ -595,23 +638,30 @@ char *xenbus_ls(xenbus_transaction_t xbt, const char *pre, char ***contents) repmsg = xenbus_msg_reply(XS_DIRECTORY, xbt, req, ARRAY_SIZE(req)); msg = errmsg(repmsg); - if (msg) { - *contents = NULL; - return msg; + if ( msg ) + { + *contents = NULL; + return msg; } + reply = repmsg + 1; - for (x = nr_elems = 0; x < repmsg->len; x++) + for ( x = nr_elems = 0; x < repmsg->len; x++ ) nr_elems += (((char *)reply)[x] == 0); + res = malloc(sizeof(res[0]) * (nr_elems + 1)); - for (x = i = 0; i < nr_elems; i++) { + for ( x = i = 0; i < nr_elems; i++ ) + { int l = strlen((char *)reply + x); + res[i] = malloc(l + 1); memcpy(res[i], (char *)reply + x, l + 1); x += l + 1; } + res[i] = NULL; free(repmsg); *contents = res; + return NULL; } @@ -620,49 +670,56 @@ char *xenbus_read(xenbus_transaction_t xbt, const char *path, char **value) struct write_req req[] = { {path, strlen(path) + 1} }; struct xsd_sockmsg *rep; char *res, *msg; + rep = xenbus_msg_reply(XS_READ, xbt, req, ARRAY_SIZE(req)); msg = errmsg(rep); - if (msg) { - *value = NULL; - return msg; + if ( msg ) + { + *value = NULL; + return msg; } + res = malloc(rep->len + 1); memcpy(res, rep + 1, rep->len); res[rep->len] = 0; free(rep); *value = res; + return NULL; } -char *xenbus_write(xenbus_transaction_t xbt, const char *path, const char *value) +char *xenbus_write(xenbus_transaction_t xbt, const char *path, + const char *value) { - struct write_req req[] = { - {path, strlen(path) + 1}, - {value, strlen(value)}, + struct write_req req[] = { + {path, strlen(path) + 1}, + {value, strlen(value)}, }; struct xsd_sockmsg *rep; char *msg; + rep = xenbus_msg_reply(XS_WRITE, xbt, req, ARRAY_SIZE(req)); msg = errmsg(rep); - if (msg) return msg; + if ( msg ) + return msg; + free(rep); + return NULL; } -char* xenbus_watch_path_token( xenbus_transaction_t xbt, const char *path, const char *token, xenbus_event_queue *events) +char* xenbus_watch_path_token(xenbus_transaction_t xbt, const char *path, + const char *token, xenbus_event_queue *events) { struct xsd_sockmsg *rep; - - struct write_req req[] = { + struct write_req req[] = { {path, strlen(path) + 1}, - {token, strlen(token) + 1}, + {token, strlen(token) + 1}, }; - struct watch *watch = malloc(sizeof(*watch)); - char *msg; - if (!events) + if ( !events ) events = &xenbus_events; watch->token = strdup(token); @@ -674,33 +731,37 @@ char* xenbus_watch_path_token( xenbus_transaction_t xbt, const char *path, const rep = xenbus_msg_reply(XS_WATCH, xbt, req, ARRAY_SIZE(req)); msg = errmsg(rep); - if (msg) return msg; + if ( msg ) + return msg; + free(rep); return NULL; } -char* xenbus_unwatch_path_token( xenbus_transaction_t xbt, const char *path, const char *token) +char* xenbus_unwatch_path_token(xenbus_transaction_t xbt, const char *path, + const char *token) { struct xsd_sockmsg *rep; - - struct write_req req[] = { + struct write_req req[] = { {path, strlen(path) + 1}, - {token, strlen(token) + 1}, + {token, strlen(token) + 1}, }; - struct watch *watch, **prev; - char *msg; rep = xenbus_msg_reply(XS_UNWATCH, xbt, req, ARRAY_SIZE(req)); msg = errmsg(rep); - if (msg) return msg; + if ( msg ) + return msg; + free(rep); - for (prev = &watches, watch = *prev; watch; prev = &watch->next, watch = *prev) - if (!strcmp(watch->token, token)) { + for ( prev = &watches, watch = *prev; watch; + prev = &watch->next, watch = *prev) + if ( !strcmp(watch->token, token) ) + { free(watch->token); free(watch->path); *prev = watch->next; @@ -716,11 +777,14 @@ char *xenbus_rm(xenbus_transaction_t xbt, const char *path) struct write_req req[] = { {path, strlen(path) + 1} }; struct xsd_sockmsg *rep; char *msg; + rep = xenbus_msg_reply(XS_RM, xbt, req, ARRAY_SIZE(req)); msg = errmsg(rep); - if (msg) - return msg; + if ( msg ) + return msg; + free(rep); + return NULL; } @@ -729,59 +793,70 @@ char *xenbus_get_perms(xenbus_transaction_t xbt, const char *path, char **value) struct write_req req[] = { {path, strlen(path) + 1} }; struct xsd_sockmsg *rep; char *res, *msg; + rep = xenbus_msg_reply(XS_GET_PERMS, xbt, req, ARRAY_SIZE(req)); msg = errmsg(rep); - if (msg) { - *value = NULL; - return msg; + if ( msg ) + { + *value = NULL; + return msg; } + res = malloc(rep->len + 1); memcpy(res, rep + 1, rep->len); res[rep->len] = 0; free(rep); *value = res; + return NULL; } #define PERM_MAX_SIZE 32 -char *xenbus_set_perms(xenbus_transaction_t xbt, const char *path, domid_t dom, char perm) +char *xenbus_set_perms(xenbus_transaction_t xbt, const char *path, domid_t dom, + char perm) { char value[PERM_MAX_SIZE]; - struct write_req req[] = { - {path, strlen(path) + 1}, - {value, 0}, + struct write_req req[] = { + {path, strlen(path) + 1}, + {value, 0}, }; struct xsd_sockmsg *rep; char *msg; + snprintf(value, PERM_MAX_SIZE, "%c%hu", perm, dom); req[1].len = strlen(value) + 1; rep = xenbus_msg_reply(XS_SET_PERMS, xbt, req, ARRAY_SIZE(req)); msg = errmsg(rep); - if (msg) - return msg; + if ( msg ) + return msg; + free(rep); + return NULL; } char *xenbus_transaction_start(xenbus_transaction_t *xbt) { - /* xenstored becomes angry if you send a length 0 message, so just - shove a nul terminator on the end */ + /* + * xenstored becomes angry if you send a length 0 message, so just + * shove a nul terminator on the end + */ struct write_req req = { "", 1}; struct xsd_sockmsg *rep; char *err; rep = xenbus_msg_reply(XS_TRANSACTION_START, 0, &req, 1); err = errmsg(rep); - if (err) - return err; + if ( err ) + return err; + sscanf((char *)(rep + 1), "%lu", xbt); free(rep); + return NULL; } -char * -xenbus_transaction_end(xenbus_transaction_t t, int abort, int *retry) +char *xenbus_transaction_end(xenbus_transaction_t t, int abort, int *retry) { struct xsd_sockmsg *rep; struct write_req req; @@ -793,16 +868,19 @@ xenbus_transaction_end(xenbus_transaction_t t, int abort, int *retry) req.len = 2; rep = xenbus_msg_reply(XS_TRANSACTION_END, t, &req, 1); err = errmsg(rep); - if (err) { - if (!strcmp(err, "EAGAIN")) { - *retry = 1; - free(err); - return NULL; - } else { - return err; - } + if ( err ) + { + if ( !strcmp(err, "EAGAIN") ) + { + *retry = 1; + free(err); + return NULL; + } + else + return err; } free(rep); + return NULL; } @@ -812,46 +890,54 @@ int xenbus_read_integer(const char *path) int t; res = xenbus_read(XBT_NIL, path, &buf); - if (res) { - printk("Failed to read %s.\n", path); - free(res); - return -1; + if ( res ) + { + printk("Failed to read %s.\n", path); + free(res); + return -1; } + sscanf(buf, "%d", &t); free(buf); + return t; } -int xenbus_read_uuid(const char* path, unsigned char uuid[16]) { - char * res, *buf; - res = xenbus_read(XBT_NIL, path, &buf); - if(res) { - printk("Failed to read %s.\n", path); - free(res); - return 0; - } - if(strlen(buf) != ((2*16)+4) /* 16 hex bytes and 4 hyphens */ - || sscanf(buf, - "%2hhx%2hhx%2hhx%2hhx-" - "%2hhx%2hhx-" - "%2hhx%2hhx-" - "%2hhx%2hhx-" - "%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx", - uuid, uuid + 1, uuid + 2, uuid + 3, - uuid + 4, uuid + 5, uuid + 6, uuid + 7, - uuid + 8, uuid + 9, uuid + 10, uuid + 11, - uuid + 12, uuid + 13, uuid + 14, uuid + 15) != 16) { - printk("Xenbus path %s value %s is not a uuid!\n", path, buf); - free(buf); - return 0; - } - free(buf); - return 1; -} - -char* xenbus_printf(xenbus_transaction_t xbt, - const char* node, const char* path, - const char* fmt, ...) +int xenbus_read_uuid(const char *path, unsigned char uuid[16]) +{ + char *res, *buf; + + res = xenbus_read(XBT_NIL, path, &buf); + if ( res ) + { + printk("Failed to read %s.\n", path); + free(res); + return 0; + } + + if ( strlen(buf) != ((2 * 16) + 4) /* 16 hex bytes and 4 hyphens */ || + sscanf(buf, "%2hhx%2hhx%2hhx%2hhx-" + "%2hhx%2hhx-" + "%2hhx%2hhx-" + "%2hhx%2hhx-" + "%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx", + uuid, uuid + 1, uuid + 2, uuid + 3, + uuid + 4, uuid + 5, uuid + 6, uuid + 7, + uuid + 8, uuid + 9, uuid + 10, uuid + 11, + uuid + 12, uuid + 13, uuid + 14, uuid + 15) != 16) + { + printk("Xenbus path %s value %s is not a uuid!\n", path, buf); + free(buf); + return 0; + } + + free(buf); + + return 1; +} + +char *xenbus_printf(xenbus_transaction_t xbt, const char* node, + const char* path, const char* fmt, ...) { #define BUFFER_SIZE 256 char fullpath[BUFFER_SIZE]; @@ -863,6 +949,7 @@ char* xenbus_printf(xenbus_transaction_t xbt, va_start(args, fmt); vsprintf(val, fmt, args); va_end(args); + return xenbus_write(xbt,fullpath,val); } @@ -890,7 +977,7 @@ static void xenbus_debug_msg(const char *msg) reply = xenbus_msg_reply(XS_DEBUG, 0, req, ARRAY_SIZE(req)); printk("Got a reply, type %d, id %d, len %d.\n", - reply->type, reply->req_id, reply->len); + reply->type, reply->req_id, reply->len); } static void do_ls_test(const char *pre) @@ -900,28 +987,33 @@ static void do_ls_test(const char *pre) printk("ls %s...\n", pre); msg = xenbus_ls(XBT_NIL, pre, &dirs); - if (msg) { - printk("Error in xenbus ls: %s\n", msg); - free(msg); - return; + if ( msg ) + { + printk("Error in xenbus ls: %s\n", msg); + free(msg); + return; } - for (x = 0; dirs[x]; x++) + + for ( x = 0; dirs[x]; x++ ) { printk("ls %s[%d] -> %s\n", pre, x, dirs[x]); free(dirs[x]); } + free(dirs); } static void do_read_test(const char *path) { char *res, *msg; + printk("Read %s...\n", path); msg = xenbus_read(XBT_NIL, path, &res); - if (msg) { - printk("Error in xenbus read: %s\n", msg); - free(msg); - return; + if ( msg ) + { + printk("Error in xenbus read: %s\n", msg); + free(msg); + return; } printk("Read %s -> %s.\n", path, res); free(res); @@ -930,27 +1022,31 @@ static void do_read_test(const char *path) static void do_write_test(const char *path, const char *val) { char *msg; + printk("Write %s to %s...\n", val, path); msg = xenbus_write(XBT_NIL, path, val); - if (msg) { - printk("Result %s\n", msg); - free(msg); - } else { - printk("Success.\n"); + if ( msg ) + { + printk("Result %s\n", msg); + free(msg); } + else + printk("Success.\n"); } static void do_rm_test(const char *path) { char *msg; + printk("rm %s...\n", path); msg = xenbus_rm(XBT_NIL, path); - if (msg) { - printk("Result %s\n", msg); - free(msg); - } else { - printk("Success.\n"); + if ( msg ) + { + printk("Result %s\n", msg); + free(msg); } + else + printk("Success.\n"); } /* Simple testing thing */ -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 08:55:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 08:55:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.359994.589318 (Exim 4.92) (envelope-from ) id 1o8HrY-0002Kr-9r; Mon, 04 Jul 2022 08:55:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 359994.589318; Mon, 04 Jul 2022 08:55:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HrY-0002Kl-6z; Mon, 04 Jul 2022 08:55:24 +0000 Received: by outflank-mailman (input) for mailman id 359994; Mon, 04 Jul 2022 08:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HrW-0002KU-Uc for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HrW-0003QY-Ts for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8HrW-0005iP-T7 for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OlRK0uR+OTjmkw8aqFBz38bLlkYZ+SEk0rERQ565FD8=; b=LxOX3XuaEQ0uBzBFf6KSBYfGhP 6GnzUtNPhkDStUdJvahJU5KX8L83VhSlMkN3RvSdEhV6NMPxHi3DcQusrgw3EZxQx4Vd5COZZzeBD hvo7qacF2TaY+QjYc0QimRY9dF/y3XprBuL/rGg3U1q5CNLH7Tx6642ROeX5YYtdahSU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: eliminate console/console.h Message-Id: Date: Mon, 04 Jul 2022 08:55:22 +0000 commit b2e1816122e228a900f0cf4e305699e8c2ea840c Author: Juergen Gross AuthorDate: Mon Jun 20 09:38:15 2022 +0200 Commit: Julien Grall CommitDate: Mon Jul 4 09:50:21 2022 +0100 mini-os: eliminate console/console.h console/console.h contains only a single prototype. Move that to include/console.h and remove console/console.h. Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- console/console.h | 2 -- console/xenbus.c | 2 +- console/xencons_ring.c | 2 +- include/console.h | 1 + 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/console/console.h b/console/console.h deleted file mode 100644 index e85147a..0000000 --- a/console/console.h +++ /dev/null @@ -1,2 +0,0 @@ - -void console_handle_input(evtchn_port_t port, struct pt_regs *regs, void *data); diff --git a/console/xenbus.c b/console/xenbus.c index d895045..7365965 100644 --- a/console/xenbus.c +++ b/console/xenbus.c @@ -5,13 +5,13 @@ #include #include #include +#include #include #include #include #include #include #include -#include "console.h" void free_consfront(struct consfront_dev *dev) { diff --git a/console/xencons_ring.c b/console/xencons_ring.c index efedf46..495f0a1 100644 --- a/console/xencons_ring.c +++ b/console/xencons_ring.c @@ -5,6 +5,7 @@ #include #include #include +#include #include #include #include @@ -12,7 +13,6 @@ #include #include #include -#include "console.h" DECLARE_WAIT_QUEUE_HEAD(console_queue); diff --git a/include/console.h b/include/console.h index e76e423..d216d24 100644 --- a/include/console.h +++ b/include/console.h @@ -98,5 +98,6 @@ void free_consfront(struct consfront_dev *dev); extern const struct file_ops console_ops; int open_consfront(char *nodename); #endif +void console_handle_input(evtchn_port_t port, struct pt_regs *regs, void *data); #endif /* _LIB_CONSOLE_H_ */ -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 08:55:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 08:55:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.359998.589338 (Exim 4.92) (envelope-from ) id 1o8Hri-0002iT-Ma; Mon, 04 Jul 2022 08:55:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 359998.589338; Mon, 04 Jul 2022 08:55:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hri-0002iK-JZ; Mon, 04 Jul 2022 08:55:34 +0000 Received: by outflank-mailman (input) for mailman id 359998; Mon, 04 Jul 2022 08:55:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hrh-0002h7-1D for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hrh-0003Rb-0T for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8Hrg-0005iz-Vy for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=d/kJCJxISwzE29kQIyQQkW0+aeXB6xHjK3ZU1AG+GFw=; b=dsvKfgljQeGAIl8gAz9kdt2JOx 4Y4VLpg6KjbQB93RHrzsa4BGCCM1G+IcqVw3ajcuvVv/Hpp4R2Q4BzTrosPK5ogtuyYCGvwNNg2z5 OM20M02VGpaL/yIM8HJtB0IPcllfX3ZX0l8ZJ7/v4ntnlPElzDsFA+/9Rz6drIWhZSfY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: rename console/xenbus.c to consfront.c Message-Id: Date: Mon, 04 Jul 2022 08:55:32 +0000 commit 0a7eeb916dcfe6dd832cbdc342488ffb3eb0f932 Author: Juergen Gross AuthorDate: Mon Jun 20 09:38:16 2022 +0200 Commit: Julien Grall CommitDate: Mon Jul 4 09:50:23 2022 +0100 mini-os: rename console/xenbus.c to consfront.c Move console/xenbus.c into the main directory and rename it to consfront.c. Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- Makefile | 2 +- consfront.c | 306 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ console/xenbus.c | 306 ------------------------------------------------------- 3 files changed, 307 insertions(+), 307 deletions(-) diff --git a/Makefile b/Makefile index 16d1f5d..509d927 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,7 @@ TARGET := mini-os SUBDIRS := lib xenbus console src-$(CONFIG_BLKFRONT) += blkfront.c +src-$(CONFIG_CONSFRONT) += consfront.c src-$(CONFIG_TPMFRONT) += tpmfront.c src-$(CONFIG_TPM_TIS) += tpm_tis.c src-$(CONFIG_TPMBACK) += tpmback.c @@ -70,7 +71,6 @@ src-$(CONFIG_LIBXS) += lib/xs.c src-y += console/console.c src-y += console/xencons_ring.c -src-$(CONFIG_CONSFRONT) += console/xenbus.c # The common mini-os objects to build. APP_OBJS := diff --git a/consfront.c b/consfront.c new file mode 100644 index 0000000..7365965 --- /dev/null +++ b/consfront.c @@ -0,0 +1,306 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +void free_consfront(struct consfront_dev *dev) +{ + char* err = NULL; + XenbusState state; + + char path[strlen(dev->backend) + strlen("/state") + 1]; + char nodename[strlen(dev->nodename) + strlen("/state") + 1]; + + snprintf(path, sizeof(path), "%s/state", dev->backend); + snprintf(nodename, sizeof(nodename), "%s/state", dev->nodename); + + if ((err = xenbus_switch_state(XBT_NIL, nodename, XenbusStateClosing)) != NULL) { + printk("free_consfront: error changing state to %d: %s\n", + XenbusStateClosing, err); + goto close; + } + state = xenbus_read_integer(path); + while (err == NULL && state < XenbusStateClosing) + err = xenbus_wait_for_state_change(path, &state, &dev->events); + free(err); + + if ((err = xenbus_switch_state(XBT_NIL, nodename, XenbusStateClosed)) != NULL) { + printk("free_consfront: error changing state to %d: %s\n", + XenbusStateClosed, err); + goto close; + } + +close: + free(err); + err = xenbus_unwatch_path_token(XBT_NIL, path, path); + free(err); + + mask_evtchn(dev->evtchn); + unbind_evtchn(dev->evtchn); + free(dev->backend); + free(dev->nodename); + + gnttab_end_access(dev->ring_ref); + + free_page(dev->ring); + free(dev); +} + +struct consfront_dev *init_consfront(char *_nodename) +{ + xenbus_transaction_t xbt; + char* err = NULL; + char* message=NULL; + int retry=0; + char* msg = NULL; + char nodename[256]; + char path[256]; + static int consfrontends = 3; + struct consfront_dev *dev; + int res; + + if (!_nodename) + snprintf(nodename, sizeof(nodename), "device/console/%d", consfrontends); + else { + strncpy(nodename, _nodename, sizeof(nodename) - 1); + nodename[sizeof(nodename) - 1] = 0; + } + + printk("******************* CONSFRONT for %s **********\n\n\n", nodename); + + consfrontends++; + dev = malloc(sizeof(*dev)); + memset(dev, 0, sizeof(*dev)); + dev->nodename = strdup(nodename); +#ifdef HAVE_LIBC + dev->fd = -1; +#endif + + snprintf(path, sizeof(path), "%s/backend-id", nodename); + if ((res = xenbus_read_integer(path)) < 0) + goto error; + else + dev->dom = res; + evtchn_alloc_unbound(dev->dom, console_handle_input, dev, &dev->evtchn); + + dev->ring = (struct xencons_interface *) alloc_page(); + memset(dev->ring, 0, PAGE_SIZE); + dev->ring_ref = gnttab_grant_access(dev->dom, virt_to_mfn(dev->ring), 0); + + dev->events = NULL; + +again: + err = xenbus_transaction_start(&xbt); + if (err) { + printk("starting transaction\n"); + free(err); + } + + err = xenbus_printf(xbt, nodename, "ring-ref","%u", + dev->ring_ref); + if (err) { + message = "writing ring-ref"; + goto abort_transaction; + } + err = xenbus_printf(xbt, nodename, + "port", "%u", dev->evtchn); + if (err) { + message = "writing event-channel"; + goto abort_transaction; + } + err = xenbus_printf(xbt, nodename, + "protocol", "%s", XEN_IO_PROTO_ABI_NATIVE); + if (err) { + message = "writing protocol"; + goto abort_transaction; + } + + snprintf(path, sizeof(path), "%s/state", nodename); + err = xenbus_switch_state(xbt, path, XenbusStateConnected); + if (err) { + message = "switching state"; + goto abort_transaction; + } + + + err = xenbus_transaction_end(xbt, 0, &retry); + free(err); + if (retry) { + goto again; + printk("completing transaction\n"); + } + + goto done; + +abort_transaction: + free(err); + err = xenbus_transaction_end(xbt, 1, &retry); + printk("Abort transaction %s\n", message); + goto error; + +done: + + snprintf(path, sizeof(path), "%s/backend", nodename); + msg = xenbus_read(XBT_NIL, path, &dev->backend); + if (msg) { + printk("Error %s when reading the backend path %s\n", msg, path); + goto error; + } + + printk("backend at %s\n", dev->backend); + + { + XenbusState state; + char path[strlen(dev->backend) + strlen("/state") + 1]; + snprintf(path, sizeof(path), "%s/state", dev->backend); + + free(xenbus_watch_path_token(XBT_NIL, path, path, &dev->events)); + msg = NULL; + state = xenbus_read_integer(path); + while (msg == NULL && state < XenbusStateConnected) + msg = xenbus_wait_for_state_change(path, &state, &dev->events); + if (msg != NULL || state != XenbusStateConnected) { + printk("backend not available, state=%d\n", state); + err = xenbus_unwatch_path_token(XBT_NIL, path, path); + goto error; + } + } + unmask_evtchn(dev->evtchn); + + printk("**************************\n"); + + return dev; + +error: + free(msg); + free(err); + free_consfront(dev); + return NULL; +} + +void fini_consfront(struct consfront_dev *dev) +{ + if (dev) free_consfront(dev); +} + +#ifdef HAVE_LIBC +static int consfront_read(struct file *file, void *buf, size_t nbytes) +{ + int ret; + DEFINE_WAIT(w); + + while ( 1 ) + { + add_waiter(w, console_queue); + ret = xencons_ring_recv(file->dev, buf, nbytes); + if ( ret ) + break; + schedule(); + } + + remove_waiter(w, console_queue); + + return ret; +} + +static int savefile_write(struct file *file, const void *buf, size_t nbytes) +{ + int ret = 0, tot = nbytes; + + while ( nbytes > 0 ) + { + ret = xencons_ring_send(file->dev, buf, nbytes); + nbytes -= ret; + buf = (char *)buf + ret; + } + + return tot - nbytes; +} + +static int console_write(struct file *file, const void *buf, size_t nbytes) +{ + console_print(file->dev, buf, nbytes); + + return nbytes; +} + +static int consfront_close_fd(struct file *file) +{ + fini_consfront(file->dev); + + return 0; +} + +static int consfront_fstat(struct file *file, struct stat *buf) +{ + buf->st_mode = S_IRUSR | S_IWUSR; + buf->st_mode |= (file->type == FTYPE_CONSOLE) ? S_IFCHR : S_IFREG; + buf->st_atime = buf->st_mtime = buf->st_ctime = time(NULL); + + return 0; +} + +static bool consfront_select_rd(struct file *file) +{ + return xencons_ring_avail(file->dev); +} + +static const struct file_ops savefile_ops = { + .name = "savefile", + .read = consfront_read, + .write = savefile_write, + .close = consfront_close_fd, + .fstat = consfront_fstat, + .select_rd = consfront_select_rd, + .select_wr = select_yes, +}; + +const struct file_ops console_ops = { + .name = "console", + .read = consfront_read, + .write = console_write, + .close = consfront_close_fd, + .fstat = consfront_fstat, + .select_rd = consfront_select_rd, + .select_wr = select_yes, +}; + +static unsigned int ftype_savefile; + +__attribute__((constructor)) +static void consfront_initialize(void) +{ + ftype_savefile = alloc_file_type(&savefile_ops); +} + +int open_consfront(char *nodename) +{ + struct consfront_dev *dev; + struct file *file; + + dev = init_consfront(nodename); + if ( !dev ) + return -1; + + dev->fd = alloc_fd(nodename ? ftype_savefile : FTYPE_CONSOLE); + file = get_file_from_fd(dev->fd); + if ( !file ) + { + fini_consfront(dev); + return -1; + } + file->dev = dev; + + return dev->fd; +} +#endif diff --git a/console/xenbus.c b/console/xenbus.c deleted file mode 100644 index 7365965..0000000 --- a/console/xenbus.c +++ /dev/null @@ -1,306 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -void free_consfront(struct consfront_dev *dev) -{ - char* err = NULL; - XenbusState state; - - char path[strlen(dev->backend) + strlen("/state") + 1]; - char nodename[strlen(dev->nodename) + strlen("/state") + 1]; - - snprintf(path, sizeof(path), "%s/state", dev->backend); - snprintf(nodename, sizeof(nodename), "%s/state", dev->nodename); - - if ((err = xenbus_switch_state(XBT_NIL, nodename, XenbusStateClosing)) != NULL) { - printk("free_consfront: error changing state to %d: %s\n", - XenbusStateClosing, err); - goto close; - } - state = xenbus_read_integer(path); - while (err == NULL && state < XenbusStateClosing) - err = xenbus_wait_for_state_change(path, &state, &dev->events); - free(err); - - if ((err = xenbus_switch_state(XBT_NIL, nodename, XenbusStateClosed)) != NULL) { - printk("free_consfront: error changing state to %d: %s\n", - XenbusStateClosed, err); - goto close; - } - -close: - free(err); - err = xenbus_unwatch_path_token(XBT_NIL, path, path); - free(err); - - mask_evtchn(dev->evtchn); - unbind_evtchn(dev->evtchn); - free(dev->backend); - free(dev->nodename); - - gnttab_end_access(dev->ring_ref); - - free_page(dev->ring); - free(dev); -} - -struct consfront_dev *init_consfront(char *_nodename) -{ - xenbus_transaction_t xbt; - char* err = NULL; - char* message=NULL; - int retry=0; - char* msg = NULL; - char nodename[256]; - char path[256]; - static int consfrontends = 3; - struct consfront_dev *dev; - int res; - - if (!_nodename) - snprintf(nodename, sizeof(nodename), "device/console/%d", consfrontends); - else { - strncpy(nodename, _nodename, sizeof(nodename) - 1); - nodename[sizeof(nodename) - 1] = 0; - } - - printk("******************* CONSFRONT for %s **********\n\n\n", nodename); - - consfrontends++; - dev = malloc(sizeof(*dev)); - memset(dev, 0, sizeof(*dev)); - dev->nodename = strdup(nodename); -#ifdef HAVE_LIBC - dev->fd = -1; -#endif - - snprintf(path, sizeof(path), "%s/backend-id", nodename); - if ((res = xenbus_read_integer(path)) < 0) - goto error; - else - dev->dom = res; - evtchn_alloc_unbound(dev->dom, console_handle_input, dev, &dev->evtchn); - - dev->ring = (struct xencons_interface *) alloc_page(); - memset(dev->ring, 0, PAGE_SIZE); - dev->ring_ref = gnttab_grant_access(dev->dom, virt_to_mfn(dev->ring), 0); - - dev->events = NULL; - -again: - err = xenbus_transaction_start(&xbt); - if (err) { - printk("starting transaction\n"); - free(err); - } - - err = xenbus_printf(xbt, nodename, "ring-ref","%u", - dev->ring_ref); - if (err) { - message = "writing ring-ref"; - goto abort_transaction; - } - err = xenbus_printf(xbt, nodename, - "port", "%u", dev->evtchn); - if (err) { - message = "writing event-channel"; - goto abort_transaction; - } - err = xenbus_printf(xbt, nodename, - "protocol", "%s", XEN_IO_PROTO_ABI_NATIVE); - if (err) { - message = "writing protocol"; - goto abort_transaction; - } - - snprintf(path, sizeof(path), "%s/state", nodename); - err = xenbus_switch_state(xbt, path, XenbusStateConnected); - if (err) { - message = "switching state"; - goto abort_transaction; - } - - - err = xenbus_transaction_end(xbt, 0, &retry); - free(err); - if (retry) { - goto again; - printk("completing transaction\n"); - } - - goto done; - -abort_transaction: - free(err); - err = xenbus_transaction_end(xbt, 1, &retry); - printk("Abort transaction %s\n", message); - goto error; - -done: - - snprintf(path, sizeof(path), "%s/backend", nodename); - msg = xenbus_read(XBT_NIL, path, &dev->backend); - if (msg) { - printk("Error %s when reading the backend path %s\n", msg, path); - goto error; - } - - printk("backend at %s\n", dev->backend); - - { - XenbusState state; - char path[strlen(dev->backend) + strlen("/state") + 1]; - snprintf(path, sizeof(path), "%s/state", dev->backend); - - free(xenbus_watch_path_token(XBT_NIL, path, path, &dev->events)); - msg = NULL; - state = xenbus_read_integer(path); - while (msg == NULL && state < XenbusStateConnected) - msg = xenbus_wait_for_state_change(path, &state, &dev->events); - if (msg != NULL || state != XenbusStateConnected) { - printk("backend not available, state=%d\n", state); - err = xenbus_unwatch_path_token(XBT_NIL, path, path); - goto error; - } - } - unmask_evtchn(dev->evtchn); - - printk("**************************\n"); - - return dev; - -error: - free(msg); - free(err); - free_consfront(dev); - return NULL; -} - -void fini_consfront(struct consfront_dev *dev) -{ - if (dev) free_consfront(dev); -} - -#ifdef HAVE_LIBC -static int consfront_read(struct file *file, void *buf, size_t nbytes) -{ - int ret; - DEFINE_WAIT(w); - - while ( 1 ) - { - add_waiter(w, console_queue); - ret = xencons_ring_recv(file->dev, buf, nbytes); - if ( ret ) - break; - schedule(); - } - - remove_waiter(w, console_queue); - - return ret; -} - -static int savefile_write(struct file *file, const void *buf, size_t nbytes) -{ - int ret = 0, tot = nbytes; - - while ( nbytes > 0 ) - { - ret = xencons_ring_send(file->dev, buf, nbytes); - nbytes -= ret; - buf = (char *)buf + ret; - } - - return tot - nbytes; -} - -static int console_write(struct file *file, const void *buf, size_t nbytes) -{ - console_print(file->dev, buf, nbytes); - - return nbytes; -} - -static int consfront_close_fd(struct file *file) -{ - fini_consfront(file->dev); - - return 0; -} - -static int consfront_fstat(struct file *file, struct stat *buf) -{ - buf->st_mode = S_IRUSR | S_IWUSR; - buf->st_mode |= (file->type == FTYPE_CONSOLE) ? S_IFCHR : S_IFREG; - buf->st_atime = buf->st_mtime = buf->st_ctime = time(NULL); - - return 0; -} - -static bool consfront_select_rd(struct file *file) -{ - return xencons_ring_avail(file->dev); -} - -static const struct file_ops savefile_ops = { - .name = "savefile", - .read = consfront_read, - .write = savefile_write, - .close = consfront_close_fd, - .fstat = consfront_fstat, - .select_rd = consfront_select_rd, - .select_wr = select_yes, -}; - -const struct file_ops console_ops = { - .name = "console", - .read = consfront_read, - .write = console_write, - .close = consfront_close_fd, - .fstat = consfront_fstat, - .select_rd = consfront_select_rd, - .select_wr = select_yes, -}; - -static unsigned int ftype_savefile; - -__attribute__((constructor)) -static void consfront_initialize(void) -{ - ftype_savefile = alloc_file_type(&savefile_ops); -} - -int open_consfront(char *nodename) -{ - struct consfront_dev *dev; - struct file *file; - - dev = init_consfront(nodename); - if ( !dev ) - return -1; - - dev->fd = alloc_fd(nodename ? ftype_savefile : FTYPE_CONSOLE); - file = get_file_from_fd(dev->fd); - if ( !file ) - { - fini_consfront(dev); - return -1; - } - file->dev = dev; - - return dev->fd; -} -#endif -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 08:55:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 08:55:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360000.589342 (Exim 4.92) (envelope-from ) id 1o8Hrs-0002tM-Oh; Mon, 04 Jul 2022 08:55:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360000.589342; Mon, 04 Jul 2022 08:55:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hrs-0002tG-LB; Mon, 04 Jul 2022 08:55:44 +0000 Received: by outflank-mailman (input) for mailman id 360000; Mon, 04 Jul 2022 08:55:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hrr-0002rN-4I for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hrr-0003Tb-3a for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8Hrr-0005jO-2h for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sxCE9BQmDvHmvmsjNWfumzcdEeqlOrs+cOQGNjS77BE=; b=dqRCurSFgEs7ExBidMQThWNTQf j3ZqKSl7afNiTcdMZ6AcVo2qKbY/SG6EPyM01xrsg2Bokd9ZBIbSJAQd4Q03+KhrnS9pxyRSbE+js K3It+070HRt4xgXmwywtYAVB2cCp+/pPanbEPeP4ZLDylDWtse7r7cvcZYuKqRDUPb5o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: apply coding style to consfront.c Message-Id: Date: Mon, 04 Jul 2022 08:55:43 +0000 commit 1585181a96aa100c61f9f1fc498dfe7e14f54ace Author: Juergen Gross AuthorDate: Mon Jun 20 09:38:17 2022 +0200 Commit: Julien Grall CommitDate: Mon Jul 4 09:50:26 2022 +0100 mini-os: apply coding style to consfront.c Make consfront.c coding style compliant. Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- consfront.c | 97 +++++++++++++++++++++++++++++++++---------------------------- 1 file changed, 53 insertions(+), 44 deletions(-) diff --git a/consfront.c b/consfront.c index 7365965..dfe6a3f 100644 --- a/consfront.c +++ b/consfront.c @@ -15,26 +15,30 @@ void free_consfront(struct consfront_dev *dev) { - char* err = NULL; + char *err = NULL; XenbusState state; - char path[strlen(dev->backend) + strlen("/state") + 1]; char nodename[strlen(dev->nodename) + strlen("/state") + 1]; snprintf(path, sizeof(path), "%s/state", dev->backend); snprintf(nodename, sizeof(nodename), "%s/state", dev->nodename); - if ((err = xenbus_switch_state(XBT_NIL, nodename, XenbusStateClosing)) != NULL) { + if ( (err = xenbus_switch_state(XBT_NIL, nodename, XenbusStateClosing)) != + NULL ) + { printk("free_consfront: error changing state to %d: %s\n", XenbusStateClosing, err); goto close; } + state = xenbus_read_integer(path); - while (err == NULL && state < XenbusStateClosing) + while ( err == NULL && state < XenbusStateClosing ) err = xenbus_wait_for_state_change(path, &state, &dev->events); free(err); - if ((err = xenbus_switch_state(XBT_NIL, nodename, XenbusStateClosed)) != NULL) { + if ( (err = xenbus_switch_state(XBT_NIL, nodename, XenbusStateClosed)) != + NULL) + { printk("free_consfront: error changing state to %d: %s\n", XenbusStateClosed, err); goto close; @@ -59,19 +63,22 @@ close: struct consfront_dev *init_consfront(char *_nodename) { xenbus_transaction_t xbt; - char* err = NULL; - char* message=NULL; - int retry=0; - char* msg = NULL; + char *err = NULL; + char *message = NULL; + int retry = 0; + char *msg = NULL; char nodename[256]; char path[256]; + XenbusState state; static int consfrontends = 3; struct consfront_dev *dev; int res; - if (!_nodename) - snprintf(nodename, sizeof(nodename), "device/console/%d", consfrontends); - else { + if ( !_nodename ) + snprintf(nodename, sizeof(nodename), "device/console/%d", + consfrontends); + else + { strncpy(nodename, _nodename, sizeof(nodename) - 1); nodename[sizeof(nodename) - 1] = 0; } @@ -87,13 +94,13 @@ struct consfront_dev *init_consfront(char *_nodename) #endif snprintf(path, sizeof(path), "%s/backend-id", nodename); - if ((res = xenbus_read_integer(path)) < 0) + if ( (res = xenbus_read_integer(path)) < 0 ) goto error; else dev->dom = res; evtchn_alloc_unbound(dev->dom, console_handle_input, dev, &dev->evtchn); - dev->ring = (struct xencons_interface *) alloc_page(); + dev->ring = (struct xencons_interface *)alloc_page(); memset(dev->ring, 0, PAGE_SIZE); dev->ring_ref = gnttab_grant_access(dev->dom, virt_to_mfn(dev->ring), 0); @@ -101,33 +108,36 @@ struct consfront_dev *init_consfront(char *_nodename) again: err = xenbus_transaction_start(&xbt); - if (err) { + if ( err ) + { printk("starting transaction\n"); free(err); } - err = xenbus_printf(xbt, nodename, "ring-ref","%u", - dev->ring_ref); - if (err) { + err = xenbus_printf(xbt, nodename, "ring-ref","%u", dev->ring_ref); + if ( err ) + { message = "writing ring-ref"; goto abort_transaction; } - err = xenbus_printf(xbt, nodename, - "port", "%u", dev->evtchn); - if (err) { + err = xenbus_printf(xbt, nodename, "port", "%u", dev->evtchn); + if ( err ) + { message = "writing event-channel"; goto abort_transaction; } - err = xenbus_printf(xbt, nodename, - "protocol", "%s", XEN_IO_PROTO_ABI_NATIVE); - if (err) { + err = xenbus_printf(xbt, nodename, "protocol", "%s", + XEN_IO_PROTO_ABI_NATIVE); + if ( err ) + { message = "writing protocol"; goto abort_transaction; } snprintf(path, sizeof(path), "%s/state", nodename); err = xenbus_switch_state(xbt, path, XenbusStateConnected); - if (err) { + if ( err ) + { message = "switching state"; goto abort_transaction; } @@ -135,8 +145,9 @@ again: err = xenbus_transaction_end(xbt, 0, &retry); free(err); - if (retry) { - goto again; + if ( retry ) + { + goto again; printk("completing transaction\n"); } @@ -149,31 +160,28 @@ abort_transaction: goto error; done: - snprintf(path, sizeof(path), "%s/backend", nodename); msg = xenbus_read(XBT_NIL, path, &dev->backend); - if (msg) { + if ( msg ) + { printk("Error %s when reading the backend path %s\n", msg, path); goto error; } printk("backend at %s\n", dev->backend); + snprintf(path, sizeof(path), "%s/state", dev->backend); + + free(xenbus_watch_path_token(XBT_NIL, path, path, &dev->events)); + msg = NULL; + state = xenbus_read_integer(path); + while ( msg == NULL && state < XenbusStateConnected ) + msg = xenbus_wait_for_state_change(path, &state, &dev->events); + if ( msg != NULL || state != XenbusStateConnected ) { - XenbusState state; - char path[strlen(dev->backend) + strlen("/state") + 1]; - snprintf(path, sizeof(path), "%s/state", dev->backend); - - free(xenbus_watch_path_token(XBT_NIL, path, path, &dev->events)); - msg = NULL; - state = xenbus_read_integer(path); - while (msg == NULL && state < XenbusStateConnected) - msg = xenbus_wait_for_state_change(path, &state, &dev->events); - if (msg != NULL || state != XenbusStateConnected) { - printk("backend not available, state=%d\n", state); - err = xenbus_unwatch_path_token(XBT_NIL, path, path); - goto error; - } + printk("backend not available, state=%d\n", state); + err = xenbus_unwatch_path_token(XBT_NIL, path, path); + goto error; } unmask_evtchn(dev->evtchn); @@ -190,7 +198,8 @@ error: void fini_consfront(struct consfront_dev *dev) { - if (dev) free_consfront(dev); + if ( dev ) + free_consfront(dev); } #ifdef HAVE_LIBC -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 08:55:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 08:55:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360002.589346 (Exim 4.92) (envelope-from ) id 1o8Hs2-0002yC-RG; Mon, 04 Jul 2022 08:55:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360002.589346; Mon, 04 Jul 2022 08:55:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hs2-0002y5-OP; Mon, 04 Jul 2022 08:55:54 +0000 Received: by outflank-mailman (input) for mailman id 360002; Mon, 04 Jul 2022 08:55:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hs1-0002xr-7b for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hs1-0003Tf-6n for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8Hs1-0005jn-5k for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:55:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nWt4YO724iiYs2dyAtWo2CUUQxjxNIrYWu4arV3Tvo0=; b=tBq55iQJxieT5h02v5zxuOD5SL oLjtYEdmGtTgXYYJWTeBLa4lxVaohU9xdFNLMwbzbYXgY2Df3MrsgptCDiNM4Alc4RlxFzJZrJtkW Xw/XX+EnqpwtgpYXWrQULhfxwYDe1+9n1iSlqzIaOzEqy60e+7KQgRzuo0edezgsXAYY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: eliminate console directory Message-Id: Date: Mon, 04 Jul 2022 08:55:53 +0000 commit 1f8bafb4aa20ed050b431fb5daec0912b51e1c23 Author: Juergen Gross AuthorDate: Mon Jun 20 09:38:18 2022 +0200 Commit: Julien Grall CommitDate: Mon Jul 4 09:50:51 2022 +0100 mini-os: eliminate console directory Merge the two remaining source files in the console directory into a single one and move it to the main directory. Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- Makefile | 4 +- console.c | 405 +++++++++++++++++++++++++++++++++++++++++++++++++ console/console.c | 177 --------------------- console/xencons_ring.c | 238 ----------------------------- 4 files changed, 406 insertions(+), 418 deletions(-) diff --git a/Makefile b/Makefile index 509d927..f3acdd2 100644 --- a/Makefile +++ b/Makefile @@ -41,6 +41,7 @@ src-$(CONFIG_CONSFRONT) += consfront.c src-$(CONFIG_TPMFRONT) += tpmfront.c src-$(CONFIG_TPM_TIS) += tpm_tis.c src-$(CONFIG_TPMBACK) += tpmback.c +src-y += console.c src-y += daytime.c src-y += e820.c src-y += events.c @@ -69,9 +70,6 @@ src-y += lib/sys.c src-y += lib/xmalloc.c src-$(CONFIG_LIBXS) += lib/xs.c -src-y += console/console.c -src-y += console/xencons_ring.c - # The common mini-os objects to build. APP_OBJS := OBJS := $(patsubst %.c,$(OBJ_DIR)/%.o,$(src-y)) diff --git a/console.c b/console.c new file mode 100644 index 0000000..29277ea --- /dev/null +++ b/console.c @@ -0,0 +1,405 @@ +/* + **************************************************************************** + * (C) 2006 - Grzegorz Milos - Cambridge University + **************************************************************************** + * + * File: console.c + * Author: Grzegorz Milos + * Changes: + * + * Date: Mar 2006 + * + * Environment: Xen Minimal OS + * Description: Console interface. + * + * Handles console I/O. Defines printk. + * + **************************************************************************** + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* If console not initialised the printk will be sent to xen serial line + NOTE: you need to enable verbose in xen/Rules.mk for it to work. */ +static struct consfront_dev* xen_console = NULL; +static int console_initialised = 0; + +__attribute__((weak)) void console_input(char * buf, unsigned len) +{ + if(len > 0) + { + /* Just repeat what's written */ + buf[len] = '\0'; + printk("%s", buf); + + if(buf[len-1] == '\r') + printk("\nNo console input handler.\n"); + } +} + +#ifndef HAVE_LIBC +void xencons_rx(char *buf, unsigned len, struct pt_regs *regs) +{ + console_input(buf, len); +} + +void xencons_tx(void) +{ + /* Do nothing, handled by _rx */ +} +#endif + + +void console_print(struct consfront_dev *dev, const char *data, int length) +{ + char *curr_char, saved_char; + char copied_str[length+1]; + char *copied_ptr; + int part_len; + int (*ring_send_fn)(struct consfront_dev *dev, const char *data, unsigned length); + + if(!console_initialised) + ring_send_fn = xencons_ring_send_no_notify; + else + ring_send_fn = xencons_ring_send; + + if (dev && dev->is_raw) { + ring_send_fn(dev, data, length); + return; + } + + copied_ptr = copied_str; + memcpy(copied_ptr, data, length); + for(curr_char = copied_ptr; curr_char < copied_ptr+length-1; curr_char++) + { + if(*curr_char == '\n') + { + *curr_char = '\r'; + saved_char = *(curr_char+1); + *(curr_char+1) = '\n'; + part_len = curr_char - copied_ptr + 2; + ring_send_fn(dev, copied_ptr, part_len); + *(curr_char+1) = saved_char; + copied_ptr = curr_char+1; + length -= part_len - 1; + } + } + + if (copied_ptr[length-1] == '\n') { + copied_ptr[length-1] = '\r'; + copied_ptr[length] = '\n'; + length++; + } + + ring_send_fn(dev, copied_ptr, length); +} + +void print(int direct, const char *fmt, va_list args) +{ + static char __print_buf[1024]; + + (void)vsnprintf(__print_buf, sizeof(__print_buf), fmt, args); + + if(direct) + { + (void)HYPERVISOR_console_io(CONSOLEIO_write, strlen(__print_buf), __print_buf); + return; + } else { +#ifndef CONFIG_USE_XEN_CONSOLE + if(!console_initialised) +#endif + (void)HYPERVISOR_console_io(CONSOLEIO_write, strlen(__print_buf), __print_buf); + + console_print(NULL, __print_buf, strlen(__print_buf)); + } +} + +void printk(const char *fmt, ...) +{ + va_list args; + va_start(args, fmt); + print(0, fmt, args); + va_end(args); +} + +void xprintk(const char *fmt, ...) +{ + va_list args; + va_start(args, fmt); + print(1, fmt, args); + va_end(args); +} +void init_console(void) +{ + printk("Initialising console ... "); + xen_console = xencons_ring_init(); + console_initialised = 1; + /* This is also required to notify the daemon */ + printk("done.\n"); +} + +void suspend_console(void) +{ + console_initialised = 0; + xencons_ring_fini(xen_console); +} + +void resume_console(void) +{ + xencons_ring_resume(xen_console); + console_initialised = 1; +} + +DECLARE_WAIT_QUEUE_HEAD(console_queue); + +static struct xencons_interface *console_ring; +uint32_t console_evtchn; + +static struct consfront_dev* resume_xen_console(struct consfront_dev* dev); + +#ifdef CONFIG_PARAVIRT +void get_console(void *p) +{ + start_info_t *si = p; + + console_ring = mfn_to_virt(si->console.domU.mfn); + console_evtchn = si->console.domU.evtchn; +} +#else +void get_console(void *p) +{ + uint64_t v = -1; + + if (hvm_get_parameter(HVM_PARAM_CONSOLE_EVTCHN, &v)) + BUG(); + console_evtchn = v; + + if (hvm_get_parameter(HVM_PARAM_CONSOLE_PFN, &v)) + BUG(); + console_ring = (struct xencons_interface *)map_frame_virt(v); +} +#endif + +static inline void notify_daemon(struct consfront_dev *dev) +{ + /* Use evtchn: this is called early, before irq is set up. */ + if (!dev) + notify_remote_via_evtchn(console_evtchn); + else + notify_remote_via_evtchn(dev->evtchn); +} + +static inline struct xencons_interface *xencons_interface(void) +{ + return console_evtchn ? console_ring : NULL; +} + +int xencons_ring_send_no_notify(struct consfront_dev *dev, const char *data, unsigned len) +{ + int sent = 0; + struct xencons_interface *intf; + XENCONS_RING_IDX cons, prod; + + if (!dev) + intf = xencons_interface(); + else + intf = dev->ring; + if (!intf) + return sent; + + cons = intf->out_cons; + prod = intf->out_prod; + mb(); + BUG_ON((prod - cons) > sizeof(intf->out)); + + while ((sent < len) && ((prod - cons) < sizeof(intf->out))) + intf->out[MASK_XENCONS_IDX(prod++, intf->out)] = data[sent++]; + + wmb(); + intf->out_prod = prod; + + return sent; +} + +int xencons_ring_send(struct consfront_dev *dev, const char *data, unsigned len) +{ + int sent; + + sent = xencons_ring_send_no_notify(dev, data, len); + notify_daemon(dev); + + return sent; +} + +void console_handle_input(evtchn_port_t port, struct pt_regs *regs, void *data) +{ + struct consfront_dev *dev = (struct consfront_dev *) data; +#ifdef HAVE_LIBC + struct file *file = dev ? get_file_from_fd(dev->fd) : NULL; + + if ( file ) + file->read = true; + + wake_up(&console_queue); +#else + struct xencons_interface *intf = xencons_interface(); + XENCONS_RING_IDX cons, prod; + + cons = intf->in_cons; + prod = intf->in_prod; + mb(); + BUG_ON((prod - cons) > sizeof(intf->in)); + + while (cons != prod) { + xencons_rx(intf->in+MASK_XENCONS_IDX(cons,intf->in), 1, regs); + cons++; + } + + mb(); + intf->in_cons = cons; + + notify_daemon(dev); + + xencons_tx(); +#endif +} + +#ifdef HAVE_LIBC +int xencons_ring_avail(struct consfront_dev *dev) +{ + struct xencons_interface *intf; + XENCONS_RING_IDX cons, prod; + + if (!dev) + intf = xencons_interface(); + else + intf = dev->ring; + + cons = intf->in_cons; + prod = intf->in_prod; + mb(); + BUG_ON((prod - cons) > sizeof(intf->in)); + + return prod - cons; +} + +int xencons_ring_recv(struct consfront_dev *dev, char *data, unsigned len) +{ + struct xencons_interface *intf; + XENCONS_RING_IDX cons, prod; + unsigned filled = 0; + + if (!dev) + intf = xencons_interface(); + else + intf = dev->ring; + + cons = intf->in_cons; + prod = intf->in_prod; + mb(); + BUG_ON((prod - cons) > sizeof(intf->in)); + + while (filled < len && cons + filled != prod) { + data[filled] = *(intf->in + MASK_XENCONS_IDX(cons + filled, intf->in)); + filled++; + } + + mb(); + intf->in_cons = cons + filled; + + notify_daemon(dev); + + return filled; +} +#endif + +struct consfront_dev *xencons_ring_init(void) +{ + struct consfront_dev *dev; + + if (!console_evtchn) + return 0; + + dev = malloc(sizeof(struct consfront_dev)); + memset(dev, 0, sizeof(struct consfront_dev)); + dev->nodename = "device/console"; + dev->dom = 0; + dev->backend = 0; + dev->ring_ref = 0; + +#ifdef HAVE_LIBC + dev->fd = -1; +#endif + + return resume_xen_console(dev); +} + +static struct consfront_dev* resume_xen_console(struct consfront_dev* dev) +{ + int err; + + dev->evtchn = console_evtchn; + dev->ring = xencons_interface(); + + err = bind_evtchn(dev->evtchn, console_handle_input, dev); + if (err <= 0) { + printk("XEN console request chn bind failed %i\n", err); + free(dev); + return NULL; + } + unmask_evtchn(dev->evtchn); + + /* In case we have in-flight data after save/restore... */ + notify_daemon(dev); + + return dev; +} + +void xencons_ring_fini(struct consfront_dev* dev) +{ + if (dev) + mask_evtchn(dev->evtchn); +} + +void xencons_ring_resume(struct consfront_dev* dev) +{ + if (dev) { +#if CONFIG_PARAVIRT + get_console(&start_info); +#else + get_console(0); +#endif + resume_xen_console(dev); + } +} diff --git a/console/console.c b/console/console.c deleted file mode 100644 index 68c8435..0000000 --- a/console/console.c +++ /dev/null @@ -1,177 +0,0 @@ -/* - **************************************************************************** - * (C) 2006 - Grzegorz Milos - Cambridge University - **************************************************************************** - * - * File: console.h - * Author: Grzegorz Milos - * Changes: - * - * Date: Mar 2006 - * - * Environment: Xen Minimal OS - * Description: Console interface. - * - * Handles console I/O. Defines printk. - * - **************************************************************************** - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to - * deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - - -/* If console not initialised the printk will be sent to xen serial line - NOTE: you need to enable verbose in xen/Rules.mk for it to work. */ -static struct consfront_dev* xen_console = NULL; -static int console_initialised = 0; - -__attribute__((weak)) void console_input(char * buf, unsigned len) -{ - if(len > 0) - { - /* Just repeat what's written */ - buf[len] = '\0'; - printk("%s", buf); - - if(buf[len-1] == '\r') - printk("\nNo console input handler.\n"); - } -} - -#ifndef HAVE_LIBC -void xencons_rx(char *buf, unsigned len, struct pt_regs *regs) -{ - console_input(buf, len); -} - -void xencons_tx(void) -{ - /* Do nothing, handled by _rx */ -} -#endif - - -void console_print(struct consfront_dev *dev, const char *data, int length) -{ - char *curr_char, saved_char; - char copied_str[length+1]; - char *copied_ptr; - int part_len; - int (*ring_send_fn)(struct consfront_dev *dev, const char *data, unsigned length); - - if(!console_initialised) - ring_send_fn = xencons_ring_send_no_notify; - else - ring_send_fn = xencons_ring_send; - - if (dev && dev->is_raw) { - ring_send_fn(dev, data, length); - return; - } - - copied_ptr = copied_str; - memcpy(copied_ptr, data, length); - for(curr_char = copied_ptr; curr_char < copied_ptr+length-1; curr_char++) - { - if(*curr_char == '\n') - { - *curr_char = '\r'; - saved_char = *(curr_char+1); - *(curr_char+1) = '\n'; - part_len = curr_char - copied_ptr + 2; - ring_send_fn(dev, copied_ptr, part_len); - *(curr_char+1) = saved_char; - copied_ptr = curr_char+1; - length -= part_len - 1; - } - } - - if (copied_ptr[length-1] == '\n') { - copied_ptr[length-1] = '\r'; - copied_ptr[length] = '\n'; - length++; - } - - ring_send_fn(dev, copied_ptr, length); -} - -void print(int direct, const char *fmt, va_list args) -{ - static char __print_buf[1024]; - - (void)vsnprintf(__print_buf, sizeof(__print_buf), fmt, args); - - if(direct) - { - (void)HYPERVISOR_console_io(CONSOLEIO_write, strlen(__print_buf), __print_buf); - return; - } else { -#ifndef CONFIG_USE_XEN_CONSOLE - if(!console_initialised) -#endif - (void)HYPERVISOR_console_io(CONSOLEIO_write, strlen(__print_buf), __print_buf); - - console_print(NULL, __print_buf, strlen(__print_buf)); - } -} - -void printk(const char *fmt, ...) -{ - va_list args; - va_start(args, fmt); - print(0, fmt, args); - va_end(args); -} - -void xprintk(const char *fmt, ...) -{ - va_list args; - va_start(args, fmt); - print(1, fmt, args); - va_end(args); -} -void init_console(void) -{ - printk("Initialising console ... "); - xen_console = xencons_ring_init(); - console_initialised = 1; - /* This is also required to notify the daemon */ - printk("done.\n"); -} - -void suspend_console(void) -{ - console_initialised = 0; - xencons_ring_fini(xen_console); -} - -void resume_console(void) -{ - xencons_ring_resume(xen_console); - console_initialised = 1; -} diff --git a/console/xencons_ring.c b/console/xencons_ring.c deleted file mode 100644 index 495f0a1..0000000 --- a/console/xencons_ring.c +++ /dev/null @@ -1,238 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -DECLARE_WAIT_QUEUE_HEAD(console_queue); - -static struct xencons_interface *console_ring; -uint32_t console_evtchn; - -static struct consfront_dev* resume_xen_console(struct consfront_dev* dev); - -#ifdef CONFIG_PARAVIRT -void get_console(void *p) -{ - start_info_t *si = p; - - console_ring = mfn_to_virt(si->console.domU.mfn); - console_evtchn = si->console.domU.evtchn; -} -#else -void get_console(void *p) -{ - uint64_t v = -1; - - if (hvm_get_parameter(HVM_PARAM_CONSOLE_EVTCHN, &v)) - BUG(); - console_evtchn = v; - - if (hvm_get_parameter(HVM_PARAM_CONSOLE_PFN, &v)) - BUG(); - console_ring = (struct xencons_interface *)map_frame_virt(v); -} -#endif - -static inline void notify_daemon(struct consfront_dev *dev) -{ - /* Use evtchn: this is called early, before irq is set up. */ - if (!dev) - notify_remote_via_evtchn(console_evtchn); - else - notify_remote_via_evtchn(dev->evtchn); -} - -static inline struct xencons_interface *xencons_interface(void) -{ - return console_evtchn ? console_ring : NULL; -} - -int xencons_ring_send_no_notify(struct consfront_dev *dev, const char *data, unsigned len) -{ - int sent = 0; - struct xencons_interface *intf; - XENCONS_RING_IDX cons, prod; - - if (!dev) - intf = xencons_interface(); - else - intf = dev->ring; - if (!intf) - return sent; - - cons = intf->out_cons; - prod = intf->out_prod; - mb(); - BUG_ON((prod - cons) > sizeof(intf->out)); - - while ((sent < len) && ((prod - cons) < sizeof(intf->out))) - intf->out[MASK_XENCONS_IDX(prod++, intf->out)] = data[sent++]; - - wmb(); - intf->out_prod = prod; - - return sent; -} - -int xencons_ring_send(struct consfront_dev *dev, const char *data, unsigned len) -{ - int sent; - - sent = xencons_ring_send_no_notify(dev, data, len); - notify_daemon(dev); - - return sent; -} - -void console_handle_input(evtchn_port_t port, struct pt_regs *regs, void *data) -{ - struct consfront_dev *dev = (struct consfront_dev *) data; -#ifdef HAVE_LIBC - struct file *file = dev ? get_file_from_fd(dev->fd) : NULL; - - if ( file ) - file->read = true; - - wake_up(&console_queue); -#else - struct xencons_interface *intf = xencons_interface(); - XENCONS_RING_IDX cons, prod; - - cons = intf->in_cons; - prod = intf->in_prod; - mb(); - BUG_ON((prod - cons) > sizeof(intf->in)); - - while (cons != prod) { - xencons_rx(intf->in+MASK_XENCONS_IDX(cons,intf->in), 1, regs); - cons++; - } - - mb(); - intf->in_cons = cons; - - notify_daemon(dev); - - xencons_tx(); -#endif -} - -#ifdef HAVE_LIBC -int xencons_ring_avail(struct consfront_dev *dev) -{ - struct xencons_interface *intf; - XENCONS_RING_IDX cons, prod; - - if (!dev) - intf = xencons_interface(); - else - intf = dev->ring; - - cons = intf->in_cons; - prod = intf->in_prod; - mb(); - BUG_ON((prod - cons) > sizeof(intf->in)); - - return prod - cons; -} - -int xencons_ring_recv(struct consfront_dev *dev, char *data, unsigned len) -{ - struct xencons_interface *intf; - XENCONS_RING_IDX cons, prod; - unsigned filled = 0; - - if (!dev) - intf = xencons_interface(); - else - intf = dev->ring; - - cons = intf->in_cons; - prod = intf->in_prod; - mb(); - BUG_ON((prod - cons) > sizeof(intf->in)); - - while (filled < len && cons + filled != prod) { - data[filled] = *(intf->in + MASK_XENCONS_IDX(cons + filled, intf->in)); - filled++; - } - - mb(); - intf->in_cons = cons + filled; - - notify_daemon(dev); - - return filled; -} -#endif - -struct consfront_dev *xencons_ring_init(void) -{ - struct consfront_dev *dev; - - if (!console_evtchn) - return 0; - - dev = malloc(sizeof(struct consfront_dev)); - memset(dev, 0, sizeof(struct consfront_dev)); - dev->nodename = "device/console"; - dev->dom = 0; - dev->backend = 0; - dev->ring_ref = 0; - -#ifdef HAVE_LIBC - dev->fd = -1; -#endif - - return resume_xen_console(dev); -} - -static struct consfront_dev* resume_xen_console(struct consfront_dev* dev) -{ - int err; - - dev->evtchn = console_evtchn; - dev->ring = xencons_interface(); - - err = bind_evtchn(dev->evtchn, console_handle_input, dev); - if (err <= 0) { - printk("XEN console request chn bind failed %i\n", err); - free(dev); - return NULL; - } - unmask_evtchn(dev->evtchn); - - /* In case we have in-flight data after save/restore... */ - notify_daemon(dev); - - return dev; -} - -void xencons_ring_fini(struct consfront_dev* dev) -{ - if (dev) - mask_evtchn(dev->evtchn); -} - -void xencons_ring_resume(struct consfront_dev* dev) -{ - if (dev) { -#if CONFIG_PARAVIRT - get_console(&start_info); -#else - get_console(0); -#endif - resume_xen_console(dev); - } -} -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 08:56:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 08:56:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360005.589350 (Exim 4.92) (envelope-from ) id 1o8HsC-00032w-Tt; Mon, 04 Jul 2022 08:56:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360005.589350; Mon, 04 Jul 2022 08:56:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HsC-00032o-QE; Mon, 04 Jul 2022 08:56:04 +0000 Received: by outflank-mailman (input) for mailman id 360005; Mon, 04 Jul 2022 08:56:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HsB-00032X-Bj for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HsB-0003Tz-Ay for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8HsB-0005kb-8w for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hukpiDIa0EsdYpKhXc//ed8GQtT2PwUJNaa89nQn7c0=; b=ExxFDbmBACUdeIkaV1a5HyvYDe k38bVIHmeKDk3p2cu0bm7B0q2F9YgAC/aO3C8Rfn3vNLNNaPbyxZlcdk+jppIQ9nrUzM86fvR+k+N OXrUgADQOi5NkAjMtJLqC1JfkWxwgmBuut4pVCuuwRObMeKdPXULGcnvk3A955oyHv0Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: apply coding style to console.c Message-Id: Date: Mon, 04 Jul 2022 08:56:03 +0000 commit 38e313a9b87f0520c0ed8d385db614a6bc93c01c Author: Juergen Gross AuthorDate: Mon Jun 20 09:38:19 2022 +0200 Commit: Julien Grall CommitDate: Mon Jul 4 09:50:52 2022 +0100 mini-os: apply coding style to console.c Make console.c coding style compliant. Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- console.c | 280 ++++++++++++++++++++++++++++++++------------------------------ 1 file changed, 145 insertions(+), 135 deletions(-) diff --git a/console.c b/console.c index 29277ea..5d205c7 100644 --- a/console.c +++ b/console.c @@ -1,14 +1,14 @@ -/* +/* **************************************************************************** * (C) 2006 - Grzegorz Milos - Cambridge University **************************************************************************** * * File: console.c * Author: Grzegorz Milos - * Changes: - * + * Changes: + * * Date: Mar 2006 - * + * * Environment: Xen Minimal OS * Description: Console interface. * @@ -21,19 +21,19 @@ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or * sell copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: - * + * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ - + #include #include #include @@ -50,26 +50,24 @@ #include #include -/* If console not initialised the printk will be sent to xen serial line - NOTE: you need to enable verbose in xen/Rules.mk for it to work. */ static struct consfront_dev* xen_console = NULL; static int console_initialised = 0; -__attribute__((weak)) void console_input(char * buf, unsigned len) +__attribute__((weak)) void console_input(char *buf, unsigned int len) { - if(len > 0) + if ( len > 0 ) { /* Just repeat what's written */ buf[len] = '\0'; printk("%s", buf); - - if(buf[len-1] == '\r') + + if ( buf[len - 1] == '\r' ) printk("\nNo console input handler.\n"); } } #ifndef HAVE_LIBC -void xencons_rx(char *buf, unsigned len, struct pt_regs *regs) +void xencons_rx(char *buf, unsigned int len, struct pt_regs *regs) { console_input(buf, len); } @@ -80,88 +78,94 @@ void xencons_tx(void) } #endif - void console_print(struct consfront_dev *dev, const char *data, int length) { char *curr_char, saved_char; char copied_str[length+1]; char *copied_ptr; int part_len; - int (*ring_send_fn)(struct consfront_dev *dev, const char *data, unsigned length); + int (*ring_send_fn)(struct consfront_dev *dev, const char *data, + unsigned int length); - if(!console_initialised) + if ( !console_initialised ) ring_send_fn = xencons_ring_send_no_notify; else ring_send_fn = xencons_ring_send; - if (dev && dev->is_raw) { + if ( dev && dev->is_raw ) + { ring_send_fn(dev, data, length); return; } copied_ptr = copied_str; memcpy(copied_ptr, data, length); - for(curr_char = copied_ptr; curr_char < copied_ptr+length-1; curr_char++) + for ( curr_char = copied_ptr; curr_char < copied_ptr + length - 1; + curr_char++ ) { - if(*curr_char == '\n') + if ( *curr_char == '\n' ) { *curr_char = '\r'; - saved_char = *(curr_char+1); - *(curr_char+1) = '\n'; + saved_char = *(curr_char + 1); + *(curr_char + 1) = '\n'; part_len = curr_char - copied_ptr + 2; ring_send_fn(dev, copied_ptr, part_len); - *(curr_char+1) = saved_char; - copied_ptr = curr_char+1; + *(curr_char + 1) = saved_char; + copied_ptr = curr_char + 1; length -= part_len - 1; } } - if (copied_ptr[length-1] == '\n') { - copied_ptr[length-1] = '\r'; + if ( copied_ptr[length - 1] == '\n') + { + copied_ptr[length - 1] = '\r'; copied_ptr[length] = '\n'; length++; } - + ring_send_fn(dev, copied_ptr, length); } void print(int direct, const char *fmt, va_list args) { static char __print_buf[1024]; - + (void)vsnprintf(__print_buf, sizeof(__print_buf), fmt, args); - if(direct) + if ( direct ) { - (void)HYPERVISOR_console_io(CONSOLEIO_write, strlen(__print_buf), __print_buf); + (void)HYPERVISOR_console_io(CONSOLEIO_write, strlen(__print_buf), + __print_buf); return; - } else { -#ifndef CONFIG_USE_XEN_CONSOLE - if(!console_initialised) -#endif - (void)HYPERVISOR_console_io(CONSOLEIO_write, strlen(__print_buf), __print_buf); - - console_print(NULL, __print_buf, strlen(__print_buf)); } +#ifndef CONFIG_USE_XEN_CONSOLE + if ( !console_initialised ) +#endif + (void)HYPERVISOR_console_io(CONSOLEIO_write, strlen(__print_buf), + __print_buf); + + console_print(NULL, __print_buf, strlen(__print_buf)); } void printk(const char *fmt, ...) { - va_list args; + va_list args; + va_start(args, fmt); print(0, fmt, args); - va_end(args); + va_end(args); } void xprintk(const char *fmt, ...) { - va_list args; + va_list args; + va_start(args, fmt); print(1, fmt, args); - va_end(args); + va_end(args); } void init_console(void) -{ +{ printk("Initialising console ... "); xen_console = xencons_ring_init(); console_initialised = 1; @@ -186,7 +190,7 @@ DECLARE_WAIT_QUEUE_HEAD(console_queue); static struct xencons_interface *console_ring; uint32_t console_evtchn; -static struct consfront_dev* resume_xen_console(struct consfront_dev* dev); +static struct consfront_dev* resume_xen_console(struct consfront_dev *dev); #ifdef CONFIG_PARAVIRT void get_console(void *p) @@ -201,11 +205,11 @@ void get_console(void *p) { uint64_t v = -1; - if (hvm_get_parameter(HVM_PARAM_CONSOLE_EVTCHN, &v)) + if ( hvm_get_parameter(HVM_PARAM_CONSOLE_EVTCHN, &v) ) BUG(); console_evtchn = v; - if (hvm_get_parameter(HVM_PARAM_CONSOLE_PFN, &v)) + if ( hvm_get_parameter(HVM_PARAM_CONSOLE_PFN, &v) ) BUG(); console_ring = (struct xencons_interface *)map_frame_virt(v); } @@ -214,7 +218,7 @@ void get_console(void *p) static inline void notify_daemon(struct consfront_dev *dev) { /* Use evtchn: this is called early, before irq is set up. */ - if (!dev) + if ( !dev ) notify_remote_via_evtchn(console_evtchn); else notify_remote_via_evtchn(dev->evtchn); @@ -223,36 +227,38 @@ static inline void notify_daemon(struct consfront_dev *dev) static inline struct xencons_interface *xencons_interface(void) { return console_evtchn ? console_ring : NULL; -} - -int xencons_ring_send_no_notify(struct consfront_dev *dev, const char *data, unsigned len) -{ +} + +int xencons_ring_send_no_notify(struct consfront_dev *dev, const char *data, + unsigned int len) +{ int sent = 0; - struct xencons_interface *intf; - XENCONS_RING_IDX cons, prod; - - if (!dev) - intf = xencons_interface(); - else - intf = dev->ring; - if (!intf) - return sent; - - cons = intf->out_cons; - prod = intf->out_prod; - mb(); - BUG_ON((prod - cons) > sizeof(intf->out)); - - while ((sent < len) && ((prod - cons) < sizeof(intf->out))) - intf->out[MASK_XENCONS_IDX(prod++, intf->out)] = data[sent++]; - - wmb(); - intf->out_prod = prod; - + struct xencons_interface *intf; + XENCONS_RING_IDX cons, prod; + + if ( !dev ) + intf = xencons_interface(); + else + intf = dev->ring; + if ( !intf ) + return sent; + + cons = intf->out_cons; + prod = intf->out_prod; + mb(); + BUG_ON((prod - cons) > sizeof(intf->out)); + + while ( (sent < len) && ((prod - cons) < sizeof(intf->out)) ) + intf->out[MASK_XENCONS_IDX(prod++, intf->out)] = data[sent++]; + + wmb(); + intf->out_prod = prod; + return sent; } -int xencons_ring_send(struct consfront_dev *dev, const char *data, unsigned len) +int xencons_ring_send(struct consfront_dev *dev, const char *data, + unsigned int len) { int sent; @@ -264,83 +270,85 @@ int xencons_ring_send(struct consfront_dev *dev, const char *data, unsigned len) void console_handle_input(evtchn_port_t port, struct pt_regs *regs, void *data) { - struct consfront_dev *dev = (struct consfront_dev *) data; + struct consfront_dev *dev = (struct consfront_dev *) data; #ifdef HAVE_LIBC - struct file *file = dev ? get_file_from_fd(dev->fd) : NULL; + struct file *file = dev ? get_file_from_fd(dev->fd) : NULL; - if ( file ) - file->read = true; + if ( file ) + file->read = true; - wake_up(&console_queue); + wake_up(&console_queue); #else - struct xencons_interface *intf = xencons_interface(); - XENCONS_RING_IDX cons, prod; + struct xencons_interface *intf = xencons_interface(); + XENCONS_RING_IDX cons, prod; - cons = intf->in_cons; - prod = intf->in_prod; - mb(); - BUG_ON((prod - cons) > sizeof(intf->in)); + cons = intf->in_cons; + prod = intf->in_prod; + mb(); + BUG_ON((prod - cons) > sizeof(intf->in)); - while (cons != prod) { - xencons_rx(intf->in+MASK_XENCONS_IDX(cons,intf->in), 1, regs); - cons++; - } + while ( cons != prod ) + { + xencons_rx(intf->in + MASK_XENCONS_IDX(cons, intf->in), 1, regs); + cons++; + } - mb(); - intf->in_cons = cons; + mb(); + intf->in_cons = cons; - notify_daemon(dev); + notify_daemon(dev); - xencons_tx(); + xencons_tx(); #endif } #ifdef HAVE_LIBC int xencons_ring_avail(struct consfront_dev *dev) { - struct xencons_interface *intf; - XENCONS_RING_IDX cons, prod; + struct xencons_interface *intf; + XENCONS_RING_IDX cons, prod; - if (!dev) - intf = xencons_interface(); - else - intf = dev->ring; + if ( !dev ) + intf = xencons_interface(); + else + intf = dev->ring; - cons = intf->in_cons; - prod = intf->in_prod; - mb(); - BUG_ON((prod - cons) > sizeof(intf->in)); + cons = intf->in_cons; + prod = intf->in_prod; + mb(); + BUG_ON((prod - cons) > sizeof(intf->in)); - return prod - cons; + return prod - cons; } -int xencons_ring_recv(struct consfront_dev *dev, char *data, unsigned len) +int xencons_ring_recv(struct consfront_dev *dev, char *data, unsigned int len) { - struct xencons_interface *intf; - XENCONS_RING_IDX cons, prod; - unsigned filled = 0; + struct xencons_interface *intf; + XENCONS_RING_IDX cons, prod; + unsigned int filled = 0; - if (!dev) - intf = xencons_interface(); - else - intf = dev->ring; + if ( !dev ) + intf = xencons_interface(); + else + intf = dev->ring; - cons = intf->in_cons; - prod = intf->in_prod; - mb(); - BUG_ON((prod - cons) > sizeof(intf->in)); + cons = intf->in_cons; + prod = intf->in_prod; + mb(); + BUG_ON((prod - cons) > sizeof(intf->in)); - while (filled < len && cons + filled != prod) { - data[filled] = *(intf->in + MASK_XENCONS_IDX(cons + filled, intf->in)); - filled++; - } + while ( filled < len && cons + filled != prod ) + { + data[filled] = *(intf->in + MASK_XENCONS_IDX(cons + filled, intf->in)); + filled++; + } - mb(); - intf->in_cons = cons + filled; + mb(); + intf->in_cons = cons + filled; - notify_daemon(dev); + notify_daemon(dev); - return filled; + return filled; } #endif @@ -348,7 +356,7 @@ struct consfront_dev *xencons_ring_init(void) { struct consfront_dev *dev; - if (!console_evtchn) + if ( !console_evtchn ) return 0; dev = malloc(sizeof(struct consfront_dev)); @@ -365,7 +373,7 @@ struct consfront_dev *xencons_ring_init(void) return resume_xen_console(dev); } -static struct consfront_dev* resume_xen_console(struct consfront_dev* dev) +static struct consfront_dev *resume_xen_console(struct consfront_dev *dev) { int err; @@ -373,7 +381,8 @@ static struct consfront_dev* resume_xen_console(struct consfront_dev* dev) dev->ring = xencons_interface(); err = bind_evtchn(dev->evtchn, console_handle_input, dev); - if (err <= 0) { + if ( err <= 0 ) + { printk("XEN console request chn bind failed %i\n", err); free(dev); return NULL; @@ -386,15 +395,16 @@ static struct consfront_dev* resume_xen_console(struct consfront_dev* dev) return dev; } -void xencons_ring_fini(struct consfront_dev* dev) +void xencons_ring_fini(struct consfront_dev *dev) { - if (dev) + if ( dev ) mask_evtchn(dev->evtchn); } -void xencons_ring_resume(struct consfront_dev* dev) +void xencons_ring_resume(struct consfront_dev *dev) { - if (dev) { + if ( dev ) + { #if CONFIG_PARAVIRT get_console(&start_info); #else -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 08:56:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 08:56:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360007.589355 (Exim 4.92) (envelope-from ) id 1o8HsN-000382-1K; Mon, 04 Jul 2022 08:56:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360007.589355; Mon, 04 Jul 2022 08:56:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HsM-00037u-UG; Mon, 04 Jul 2022 08:56:14 +0000 Received: by outflank-mailman (input) for mailman id 360007; Mon, 04 Jul 2022 08:56:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HsL-00037O-Ei for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HsL-0003U5-Dw for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8HsL-0005lE-D8 for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LEBs8p0e2vJBEPRIdffdFuxhKVCPmg31L2nNo17j9Uo=; b=Fs2FPW/+SpQO+4J841AGWqMW1I yGn3y28aOv2PIrap/F4cKhSQmLtKKoxmofBS5WKdvdI0AHu5SKx+85T8/QO2R3M/dYUH1dmmc006K QAAT+d9nvgMkSAipxb+ZEmsRS5TW2LnbfscXr93QRkNwivFdJ2hiicJv3kMoRC8Knj40=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: add mini-os-debug[.gz] to .gitignore Message-Id: Date: Mon, 04 Jul 2022 08:56:13 +0000 commit 502f3df310c0e3cce3022596bcd12727349f6624 Author: Juergen Gross AuthorDate: Mon Jun 20 09:38:20 2022 +0200 Commit: Julien Grall CommitDate: Mon Jul 4 09:50:54 2022 +0100 mini-os: add mini-os-debug[.gz] to .gitignore mini-os-debug and mini-os-debug.gz are created when building Mini-OS, add them to .gitignore. Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index d57c2bd..abef46b 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,5 @@ include/list.h mini-os mini-os.gz minios-config.mk +mini-os-debug +mini-os-debug.gz -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 08:56:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 08:56:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360010.589358 (Exim 4.92) (envelope-from ) id 1o8HsX-0003F3-2V; Mon, 04 Jul 2022 08:56:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360010.589358; Mon, 04 Jul 2022 08:56:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HsW-0003Et-Vs; Mon, 04 Jul 2022 08:56:24 +0000 Received: by outflank-mailman (input) for mailman id 360010; Mon, 04 Jul 2022 08:56:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HsV-0003EV-Hi for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8HsV-0003UA-Gs for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8HsV-0005ld-G5 for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ubBoarresf9JdzEpqqP0SaqSa/PWfOZ0XWmx6YRWULw=; b=DdbehivhPljjwuyVLmMY3OfO3N hCYTp8ETnGXqMzjNN1EivOvyszPNMGItNIVf3DEXmWhFDVmEMCDPG1vzR8ifn6Tz4HvogFNvEzPOY YOhyNR0bXazoiNTT9yjDdCwk6Fhqj5ppZJruIGEi795pVJAUoRp1jJld2NWPQPV6gmKs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: take newest version of arch-x86/hvm/start_info.h Message-Id: Date: Mon, 04 Jul 2022 08:56:23 +0000 commit cb642fb0bba4a3d584b0b22764c2de37dad3d89d Author: Juergen Gross AuthorDate: Tue Jun 21 09:23:11 2022 +0200 Commit: Julien Grall CommitDate: Mon Jul 4 09:52:38 2022 +0100 mini-os: take newest version of arch-x86/hvm/start_info.h Update include/xen/arch-x86/hvm/start_info.h to the newest version from the Xen tree. Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- include/xen/arch-x86/hvm/start_info.h | 63 ++++++++++++++++++++++++++++++++++- 1 file changed, 62 insertions(+), 1 deletion(-) diff --git a/include/xen/arch-x86/hvm/start_info.h b/include/xen/arch-x86/hvm/start_info.h index 6484159..50af9ea 100644 --- a/include/xen/arch-x86/hvm/start_info.h +++ b/include/xen/arch-x86/hvm/start_info.h @@ -33,7 +33,7 @@ * | magic | Contains the magic value XEN_HVM_START_MAGIC_VALUE * | | ("xEn3" with the 0x80 bit of the "E" set). * 4 +----------------+ - * | version | Version of this structure. Current version is 0. New + * | version | Version of this structure. Current version is 1. New * | | versions are guaranteed to be backwards-compatible. * 8 +----------------+ * | flags | SIF_xxx flags. @@ -48,6 +48,15 @@ * 32 +----------------+ * | rsdp_paddr | Physical address of the RSDP ACPI data structure. * 40 +----------------+ + * | memmap_paddr | Physical address of the (optional) memory map. Only + * | | present in version 1 and newer of the structure. + * 48 +----------------+ + * | memmap_entries | Number of entries in the memory map table. Zero + * | | if there is no memory map being provided. Only + * | | present in version 1 and newer of the structure. + * 52 +----------------+ + * | reserved | Version 1 and newer only. + * 56 +----------------+ * * The layout of each entry in the module structure is the following: * @@ -62,13 +71,51 @@ * | reserved | * 32 +----------------+ * + * The layout of each entry in the memory map table is as follows: + * + * 0 +----------------+ + * | addr | Base address + * 8 +----------------+ + * | size | Size of mapping in bytes + * 16 +----------------+ + * | type | Type of mapping as defined between the hypervisor + * | | and guest. See XEN_HVM_MEMMAP_TYPE_* values below. + * 20 +----------------| + * | reserved | + * 24 +----------------+ + * * The address and sizes are always a 64bit little endian unsigned integer. * * NB: Xen on x86 will always try to place all the data below the 4GiB * boundary. + * + * Version numbers of the hvm_start_info structure have evolved like this: + * + * Version 0: Initial implementation. + * + * Version 1: Added the memmap_paddr/memmap_entries fields (plus 4 bytes of + * padding) to the end of the hvm_start_info struct. These new + * fields can be used to pass a memory map to the guest. The + * memory map is optional and so guests that understand version 1 + * of the structure must check that memmap_entries is non-zero + * before trying to read the memory map. */ #define XEN_HVM_START_MAGIC_VALUE 0x336ec578 +/* + * The values used in the type field of the memory map table entries are + * defined below and match the Address Range Types as defined in the "System + * Address Map Interfaces" section of the ACPI Specification. Please refer to + * section 15 in version 6.2 of the ACPI spec: http://uefi.org/specifications + */ +#define XEN_HVM_MEMMAP_TYPE_RAM 1 +#define XEN_HVM_MEMMAP_TYPE_RESERVED 2 +#define XEN_HVM_MEMMAP_TYPE_ACPI 3 +#define XEN_HVM_MEMMAP_TYPE_NVS 4 +#define XEN_HVM_MEMMAP_TYPE_UNUSABLE 5 +#define XEN_HVM_MEMMAP_TYPE_DISABLED 6 +#define XEN_HVM_MEMMAP_TYPE_PMEM 7 + /* * C representation of the x86/HVM start info layout. * @@ -86,6 +133,13 @@ struct hvm_start_info { uint64_t cmdline_paddr; /* Physical address of the command line. */ uint64_t rsdp_paddr; /* Physical address of the RSDP ACPI data */ /* structure. */ + /* All following fields only present in version 1 and newer */ + uint64_t memmap_paddr; /* Physical address of an array of */ + /* hvm_memmap_table_entry. */ + uint32_t memmap_entries; /* Number of entries in the memmap table. */ + /* Value will be zero if there is no memory */ + /* map being provided. */ + uint32_t reserved; /* Must be zero. */ }; struct hvm_modlist_entry { @@ -95,4 +149,11 @@ struct hvm_modlist_entry { uint64_t reserved; }; +struct hvm_memmap_table_entry { + uint64_t addr; /* Base address of the memory region */ + uint64_t size; /* Size of the memory region in bytes */ + uint32_t type; /* Mapping type */ + uint32_t reserved; /* Must be zero for Version 1. */ +}; + #endif /* __XEN_PUBLIC_ARCH_X86_HVM_START_INFO_H__ */ -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 08:56:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 08:56:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360011.589362 (Exim 4.92) (envelope-from ) id 1o8Hsh-0003Iy-3k; Mon, 04 Jul 2022 08:56:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360011.589362; Mon, 04 Jul 2022 08:56:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hsh-0003Ir-19; Mon, 04 Jul 2022 08:56:35 +0000 Received: by outflank-mailman (input) for mailman id 360011; Mon, 04 Jul 2022 08:56:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hsf-0003IO-Ke for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hsf-0003UE-Jx for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8Hsf-0005m2-JD for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8kXkrXwMH+/NE+mT8qEOEgb7+GvDYKbv/7kI08QPgWQ=; b=M4qojhVyUPuDSnYn/w2NyJ35NE o59CIlkBohO6GS68p0NwkzSmolwkwZV82FBCt5/e60vaMrj8fc0dgoIsI/PahcaC3uPY7olNVdJyG NVeRQezZoElGp2+xwpkGxZ9B86QtjA4CBORoNJ1CT/oThT5eZcT8wiDb1xXrhdpvHbaY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: prefer memory map via start_info for PVH Message-Id: Date: Mon, 04 Jul 2022 08:56:33 +0000 commit 00c1c4c80cc90d5d6a2ad563e4de526bdb5ce62d Author: Juergen Gross AuthorDate: Tue Jun 21 09:23:12 2022 +0200 Commit: Julien Grall CommitDate: Mon Jul 4 09:52:38 2022 +0100 mini-os: prefer memory map via start_info for PVH Since some time now a guest started in PVH mode will get the memory map from Xen via the start_info structure. Modify the PVH initialization to prefer this memory map over the one obtained via hypercall, as this will allow to add information to the memory map for a new kernel when supporting kexec. In case the start_info structure doesn't contain memory map information fall back to the hypercall. Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- arch/x86/mm.c | 6 ++++++ e820.c | 25 +++++++++++++++++++++++++ include/e820.h | 4 ++++ 3 files changed, 35 insertions(+) diff --git a/arch/x86/mm.c b/arch/x86/mm.c index 220c0b4..41fcee6 100644 --- a/arch/x86/mm.c +++ b/arch/x86/mm.c @@ -45,6 +45,7 @@ #include #include #include +#include #ifdef MM_DEBUG #define DEBUG(_f, _a...) \ @@ -108,6 +109,11 @@ void arch_mm_preinit(void *p) { long ret; domid_t domid = DOMID_SELF; + struct hvm_start_info *hsi = p; + + if ( hsi->version >= 1 && hsi->memmap_entries > 0 ) + e820_init_memmap((struct hvm_memmap_table_entry *)(unsigned long) + hsi->memmap_paddr, hsi->memmap_entries); pt_base = page_table_base; first_free_pfn = PFN_UP(to_phys(&_end)); diff --git a/e820.c b/e820.c index 991ed38..ad91e00 100644 --- a/e820.c +++ b/e820.c @@ -54,6 +54,7 @@ static char *e820_types[E820_TYPES] = { [E820_ACPI] = "ACPI", [E820_NVS] = "NVS", [E820_UNUSABLE] = "Unusable", + [E820_DISABLED] = "Disabled", [E820_PMEM] = "PMEM" }; @@ -259,6 +260,30 @@ static void e820_get_memmap(void) e820_sanitize(); } +void e820_init_memmap(struct hvm_memmap_table_entry *entry, unsigned int num) +{ + unsigned int i; + + BUILD_BUG_ON(XEN_HVM_MEMMAP_TYPE_RAM != E820_RAM); + BUILD_BUG_ON(XEN_HVM_MEMMAP_TYPE_RESERVED != E820_RESERVED); + BUILD_BUG_ON(XEN_HVM_MEMMAP_TYPE_ACPI != E820_ACPI); + BUILD_BUG_ON(XEN_HVM_MEMMAP_TYPE_NVS != E820_NVS); + BUILD_BUG_ON(XEN_HVM_MEMMAP_TYPE_UNUSABLE != E820_UNUSABLE); + BUILD_BUG_ON(XEN_HVM_MEMMAP_TYPE_DISABLED != E820_DISABLED); + BUILD_BUG_ON(XEN_HVM_MEMMAP_TYPE_PMEM != E820_PMEM); + + for ( i = 0; i < num; i++ ) + { + e820_map[i].addr = entry[i].addr; + e820_map[i].size = entry[i].size; + e820_map[i].type = entry[i].type; + } + + e820_entries = num; + + e820_sanitize(); +} + void arch_print_memmap(void) { int i; diff --git a/include/e820.h b/include/e820.h index aaf2f2c..5438a7c 100644 --- a/include/e820.h +++ b/include/e820.h @@ -26,6 +26,8 @@ #if defined(__arm__) || defined(__aarch64__) || defined(CONFIG_PARAVIRT) #define CONFIG_E820_TRIVIAL +#else +#include #endif /* PC BIOS standard E820 types and structure. */ @@ -34,6 +36,7 @@ #define E820_ACPI 3 #define E820_NVS 4 #define E820_UNUSABLE 5 +#define E820_DISABLED 6 #define E820_PMEM 7 #define E820_TYPES 8 @@ -54,6 +57,7 @@ unsigned long e820_get_max_contig_pages(unsigned long pfn, unsigned long pages); #ifndef CONFIG_E820_TRIVIAL unsigned long e820_get_reserved_pfns(int pages); void e820_put_reserved_pfns(unsigned long start_pfn, int pages); +void e820_init_memmap(struct hvm_memmap_table_entry *entry, unsigned int num); #endif #endif /*__E820_HEADER*/ -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 08:56:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 08:56:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360013.589366 (Exim 4.92) (envelope-from ) id 1o8Hsr-0003Oe-5N; Mon, 04 Jul 2022 08:56:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360013.589366; Mon, 04 Jul 2022 08:56:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hsr-0003OU-2c; Mon, 04 Jul 2022 08:56:45 +0000 Received: by outflank-mailman (input) for mailman id 360013; Mon, 04 Jul 2022 08:56:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hsp-0003OE-Nn for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hsp-0003Ub-N8 for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8Hsp-0005mR-MF for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IqoYMwwlGoY5iR2ZCPdYhYE7ZYp5XlK3TJnTN7ItPWE=; b=lnwLN9G7ARrXbV6wzmhs5oXcpc uKxFO/vJQoSgFHSxoG+Cb/HDXPCk2m25+ORegFw+OxdhDLyRJBZ5wGYm079IWk0TcYh1eOnogBk07 xrp/4OvZPzrriAFFMDbfCXQNSwt2umEPhhRZjA5pb3qzyHyhwuljjT2hGkqC7OLRwzWc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: fix number of pages for PVH Message-Id: Date: Mon, 04 Jul 2022 08:56:43 +0000 commit 9b87429d2864a3ee7567a63756a8c3e3072439d1 Author: Juergen Gross AuthorDate: Tue Jun 21 09:23:13 2022 +0200 Commit: Julien Grall CommitDate: Mon Jul 4 09:52:38 2022 +0100 mini-os: fix number of pages for PVH When getting the current allocation from Xen, this value includes the pages allocated in the MMIO area. Fix the highest available RAM page by subtracting the size of that area. This requires to read the E820 map before needing this value. Add two functions returning the current and the maximum number of RAM pages taking this correction into account. At the same time add the LAPIC page to the memory map in order to avoid reusing that PFN for internal purposes. Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- arch/x86/mm.c | 17 ++++++--------- balloon.c | 16 ++++---------- e820.c | 58 ++++++++++++++++++++++++++++++++++++++++++++------- include/e820.h | 2 ++ include/x86/arch_mm.h | 2 ++ 5 files changed, 65 insertions(+), 30 deletions(-) diff --git a/arch/x86/mm.c b/arch/x86/mm.c index 41fcee6..cfc978f 100644 --- a/arch/x86/mm.c +++ b/arch/x86/mm.c @@ -107,25 +107,20 @@ desc_ptr idt_ptr = void arch_mm_preinit(void *p) { - long ret; - domid_t domid = DOMID_SELF; + unsigned int pages; struct hvm_start_info *hsi = p; if ( hsi->version >= 1 && hsi->memmap_entries > 0 ) e820_init_memmap((struct hvm_memmap_table_entry *)(unsigned long) hsi->memmap_paddr, hsi->memmap_entries); + else + e820_init_memmap(NULL, 0); pt_base = page_table_base; first_free_pfn = PFN_UP(to_phys(&_end)); - ret = HYPERVISOR_memory_op(XENMEM_current_reservation, &domid); - if ( ret < 0 ) - { - xprintk("could not get memory size\n"); - do_exit(); - } - - last_free_pfn = e820_get_maxpfn(ret); - balloon_set_nr_pages(ret, last_free_pfn); + pages = e820_get_current_pages(); + last_free_pfn = e820_get_maxpfn(pages); + balloon_set_nr_pages(pages, last_free_pfn); } #endif diff --git a/balloon.c b/balloon.c index 9dc77c5..6ad0764 100644 --- a/balloon.c +++ b/balloon.c @@ -44,20 +44,12 @@ void balloon_set_nr_pages(unsigned long pages, unsigned long pfn) void get_max_pages(void) { - long ret; - domid_t domid = DOMID_SELF; - - ret = HYPERVISOR_memory_op(XENMEM_maximum_reservation, &domid); - if ( ret < 0 ) + nr_max_pages = e820_get_max_pages(); + if ( nr_max_pages ) { - printk("Could not get maximum pfn\n"); - return; + printk("Maximum memory size: %ld pages\n", nr_max_pages); + nr_max_pfn = e820_get_maxpfn(nr_max_pages); } - - nr_max_pages = ret; - printk("Maximum memory size: %ld pages\n", nr_max_pages); - - nr_max_pfn = e820_get_maxpfn(nr_max_pages); } void mm_alloc_bitmap_remap(void) diff --git a/e820.c b/e820.c index ad91e00..49b1687 100644 --- a/e820.c +++ b/e820.c @@ -29,6 +29,38 @@ #include #include +static unsigned long e820_initial_reserved_pfns; + +unsigned long e820_get_current_pages(void) +{ + domid_t domid = DOMID_SELF; + long ret; + + ret = HYPERVISOR_memory_op(XENMEM_current_reservation, &domid); + if ( ret < 0 ) + { + xprintk("could not get memory size\n"); + do_exit(); + } + + return ret - e820_initial_reserved_pfns; +} + +unsigned long e820_get_max_pages(void) +{ + domid_t domid = DOMID_SELF; + long ret; + + ret = HYPERVISOR_memory_op(XENMEM_maximum_reservation, &domid); + if ( ret < 0 ) + { + printk("Could not get maximum pfn\n"); + return 0; + } + + return ret - e820_initial_reserved_pfns; +} + #ifdef CONFIG_E820_TRIVIAL struct e820entry e820_map[1] = { { @@ -40,10 +72,6 @@ struct e820entry e820_map[1] = { unsigned e820_entries = 1; -static void e820_get_memmap(void) -{ -} - #else struct e820entry e820_map[E820_MAX]; unsigned e820_entries; @@ -199,6 +227,7 @@ static void e820_sanitize(void) { int i; unsigned long end, start; + bool found_lapic = false; /* Sanitize memory map in current form. */ e820_process_entries(); @@ -238,8 +267,20 @@ static void e820_sanitize(void) /* Make remaining temporarily reserved entries permanently reserved. */ for ( i = 0; i < e820_entries; i++ ) + { if ( e820_map[i].type == E820_TMP_RESERVED ) e820_map[i].type = E820_RESERVED; + if ( e820_map[i].type == E820_RESERVED ) + { + e820_initial_reserved_pfns += e820_map[i].size / PAGE_SIZE; + if ( e820_map[i].addr <= LAPIC_ADDRESS && + e820_map[i].addr + e820_map[i].size > LAPIC_ADDRESS ) + found_lapic = true; + } + } + + if ( !found_lapic ) + e820_insert_entry(LAPIC_ADDRESS, PAGE_SIZE, E820_RESERVED); } static void e820_get_memmap(void) @@ -264,6 +305,12 @@ void e820_init_memmap(struct hvm_memmap_table_entry *entry, unsigned int num) { unsigned int i; + if ( !entry ) + { + e820_get_memmap(); + return; + } + BUILD_BUG_ON(XEN_HVM_MEMMAP_TYPE_RAM != E820_RAM); BUILD_BUG_ON(XEN_HVM_MEMMAP_TYPE_RESERVED != E820_RESERVED); BUILD_BUG_ON(XEN_HVM_MEMMAP_TYPE_ACPI != E820_ACPI); @@ -365,9 +412,6 @@ unsigned long e820_get_maxpfn(unsigned long pages) int i; unsigned long pfns = 0, start = 0; - if ( !e820_entries ) - e820_get_memmap(); - for ( i = 0; i < e820_entries; i++ ) { if ( e820_map[i].type != E820_RAM ) diff --git a/include/e820.h b/include/e820.h index 5438a7c..ffa15aa 100644 --- a/include/e820.h +++ b/include/e820.h @@ -52,6 +52,8 @@ struct __packed e820entry { extern struct e820entry e820_map[]; extern unsigned e820_entries; +unsigned long e820_get_current_pages(void); +unsigned long e820_get_max_pages(void); unsigned long e820_get_maxpfn(unsigned long pages); unsigned long e820_get_max_contig_pages(unsigned long pfn, unsigned long pages); #ifndef CONFIG_E820_TRIVIAL diff --git a/include/x86/arch_mm.h b/include/x86/arch_mm.h index ffbec5a..a1b975d 100644 --- a/include/x86/arch_mm.h +++ b/include/x86/arch_mm.h @@ -207,6 +207,8 @@ typedef unsigned long pgentry_t; /* to align the pointer to the (next) page boundary */ #define PAGE_ALIGN(addr) (((addr)+PAGE_SIZE-1)&PAGE_MASK) +#define LAPIC_ADDRESS CONST(0xfee00000) + #ifndef __ASSEMBLY__ /* Definitions for machine and pseudophysical addresses. */ #ifdef __i386__ -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 08:56:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 08:56:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360014.589369 (Exim 4.92) (envelope-from ) id 1o8Ht1-0003RX-6h; Mon, 04 Jul 2022 08:56:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360014.589369; Mon, 04 Jul 2022 08:56:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Ht1-0003RP-47; Mon, 04 Jul 2022 08:56:55 +0000 Received: by outflank-mailman (input) for mailman id 360014; Mon, 04 Jul 2022 08:56:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hsz-0003RB-Qn for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Hsz-0003Uf-Py for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8Hsz-0005mz-PH for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 08:56:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4lSkID0g81tDbhUKEMILBODd8olWJ1c7JbstU3l5saY=; b=2VQjpzwmlKK3flvqSsecP+z4o9 wEfDwJ6+m0VyJsn8lSf9H9IwfCJF98Y9MH9f5gV0c7ZcYH0eCJe4h2YWtvjBwHjKW3tAfSDGfstFn o/ZqXSubqbwzF0QkovUyh2kDCOEPhA5lF3qQS0KM+hepxSFVuA0M/bdVr2p+PB8ufXPo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [mini-os master] mini-os: fix bug in ballooning on PVH Message-Id: Date: Mon, 04 Jul 2022 08:56:53 +0000 commit 5bcb28aaeba1c2506a82fab0cdad0201cd9b54b3 Author: Juergen Gross AuthorDate: Tue Jun 21 09:23:14 2022 +0200 Commit: Julien Grall CommitDate: Mon Jul 4 09:52:38 2022 +0100 mini-os: fix bug in ballooning on PVH There is a subtle bug in ballooning code for PVH: in case ballooning extends above a non-RAM area of the memory map, wrong pages will be used. Signed-off-by: Juergen Gross Reviewed-by: Samuel Thibault --- balloon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/balloon.c b/balloon.c index 6ad0764..55be814 100644 --- a/balloon.c +++ b/balloon.c @@ -124,7 +124,7 @@ int balloon_up(unsigned long n_pages) for ( pfn = 0; pfn < rc; pfn++ ) { arch_pfn_add(start_pfn + pfn, balloon_frames[pfn]); - free_page(pfn_to_virt(nr_mem_pages + pfn)); + free_page(pfn_to_virt(start_pfn + pfn)); } nr_mem_pages += rc; -- generated by git-patchbot for /home/xen/git/mini-os.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 12:55:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 12:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360353.589688 (Exim 4.92) (envelope-from ) id 1o8LbW-0001Ps-6V; Mon, 04 Jul 2022 12:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360353.589688; Mon, 04 Jul 2022 12:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8LbW-0001Pk-3T; Mon, 04 Jul 2022 12:55:06 +0000 Received: by outflank-mailman (input) for mailman id 360353; Mon, 04 Jul 2022 12:55:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8LbV-0001Pa-8y for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8LbV-0007eV-6i for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8LbV-0001si-4R for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nmZqoDPyKCOB7yeyt63V0lqbx1nAmHAszQIG/H0OZ2c=; b=hxxxk4SywUlWFnC3hD8p0qZhAt HGc0gSylEh0MCiBA46lRWUbhdLJNu/sGbTU7quc7quNSAmq5lRUYBoQPZ/3DCVuBQVs0cB4MvxDy1 /xMq/MLK82cblgfGv2nPhwOiD/UbU3+FmMaN3bF+824U34oewpP4+CXKgn14phfl2t/A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: Add MISRA support to cppcheck make rule Message-Id: Date: Mon, 04 Jul 2022 12:55:05 +0000 commit 57caa5375321291d40dbb598087eb6f03d1c8d2d Author: Bertrand Marquis AuthorDate: Mon Jul 4 14:45:04 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 4 14:45:04 2022 +0200 xen: Add MISRA support to cppcheck make rule cppcheck MISRA addon can be used to check for non compliance to some of the MISRA standard rules. Add a CPPCHECK_MISRA variable that can be set to "y" using make command line to generate a cppcheck report including cppcheck misra checks. When MISRA checking is enabled, a file with a text description suitable for cppcheck misra addon is generated out of Xen documentation file which lists the rules followed by Xen (docs/misra/rules.rst). By default MISRA checking is turned off. While adding cppcheck-misra files to gitignore, also fix the missing / for htmlreport gitignore Signed-off-by: Bertrand Marquis Reviewed-by: Michal Orzel Tested-by: Michal Orzel Acked-by: Stefano Stabellini --- .gitignore | 5 +- xen/Makefile | 29 ++++++- xen/tools/convert_misra_doc.py | 173 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 203 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 18ef56a780..c9951063c3 100644 --- a/.gitignore +++ b/.gitignore @@ -297,7 +297,6 @@ xen/.banner xen/.config xen/.config.old xen/.xen.elf32 -xen/xen-cppcheck.xml xen/System.map xen/arch/x86/boot/mkelf32 xen/arch/x86/boot/cmdline.S @@ -318,7 +317,8 @@ xen/arch/*/efi/runtime.c xen/arch/*/include/asm/asm-offsets.h xen/common/config_data.S xen/common/config.gz -xen/cppcheck-htmlreport +xen/cppcheck-htmlreport/ +xen/cppcheck-misra.* xen/include/headers*.chk xen/include/compat/* xen/include/config/ @@ -347,6 +347,7 @@ xen/xsm/flask/xenpolicy-* tools/flask/policy/policy.conf tools/flask/policy/xenpolicy-* xen/xen +xen/xen-cppcheck.xml xen/xen-syms xen/xen-syms.map xen/xen.* diff --git a/xen/Makefile b/xen/Makefile index ede4f15b18..4d770fef84 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -547,7 +547,7 @@ _clean: rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET).efi $(TARGET).efi.map $(TARGET)-syms $(TARGET)-syms.map rm -f asm-offsets.s arch/*/include/asm/asm-offsets.h rm -f .banner .allconfig.tmp include/xen/compile.h - rm -f xen-cppcheck.xml + rm -f cppcheck-misra.* xen-cppcheck.xml .PHONY: _distclean _distclean: clean @@ -641,6 +641,10 @@ CPPCHECK_HTMLREPORT ?= cppcheck-htmlreport # build directory. This can be changed by giving a directory in this variable. CPPCHECK_HTMLREPORT_OUTDIR ?= cppcheck-htmlreport +# By default we do not check misra rules, to enable pass "CPPCHECK_MISRA=y" to +# make command line. +CPPCHECK_MISRA ?= n + # Compile flags to pass to cppcheck: # - include directories and defines Xen Makefile is passing (from CFLAGS) # - include config.h as this is passed directly to the compiler. @@ -665,6 +669,15 @@ CPPCHECKFILES := $(wildcard $(patsubst $(objtree)/%.o,$(srctree)/%.c, \ $(filter-out $(objtree)/tools/%, \ $(shell find $(objtree) -name "*.o")))) +# Headers and files required to run cppcheck on a file +CPPCHECKDEPS := $(objtree)/include/generated/autoconf.h \ + $(objtree)/include/generated/compiler-def.h + +ifeq ($(CPPCHECK_MISRA),y) + CPPCHECKFLAGS += --addon=cppcheck-misra.json + CPPCHECKDEPS += cppcheck-misra.json +endif + quiet_cmd_cppcheck_xml = CPPCHECK $(patsubst $(srctree)/%,%,$<) cmd_cppcheck_xml = $(CPPCHECK) -v -q --xml $(CPPCHECKFLAGS) \ --output-file=$@ $< @@ -689,7 +702,7 @@ ifeq ($(CPPCHECKFILES),) endif $(call if_changed,merge_cppcheck_reports) -$(objtree)/%.c.cppcheck: $(srctree)/%.c $(objtree)/include/generated/autoconf.h $(objtree)/include/generated/compiler-def.h | cppcheck-version +$(objtree)/%.c.cppcheck: $(srctree)/%.c $(CPPCHECKDEPS) | cppcheck-version $(call if_changed,cppcheck_xml) cppcheck-version: @@ -702,6 +715,18 @@ cppcheck-version: exit 1; \ fi +# List of Misra rules to respect is written inside a doc. +# In order to have some helpful text in the cppcheck output, generate a text +# file containing the rules identifier, classification and text from the Xen +# documentation file. Also generate a json file with the right arguments for +# cppcheck in json format including the list of rules to ignore. +# +cppcheck-misra.txt: $(XEN_ROOT)/docs/misra/rules.rst $(srctree)/tools/convert_misra_doc.py + $(Q)$(srctree)/tools/convert_misra_doc.py -i $< -o $@ -j $(@:.txt=.json) + +# convert_misra_doc is generating both files. +cppcheck-misra.json: cppcheck-misra.txt + # Put this in generated headers this way it is cleaned by include/Makefile $(objtree)/include/generated/compiler-def.h: $(Q)$(CC) -dM -E -o $@ - < /dev/null diff --git a/xen/tools/convert_misra_doc.py b/xen/tools/convert_misra_doc.py new file mode 100644 index 0000000000..caa4487f64 --- /dev/null +++ b/xen/tools/convert_misra_doc.py @@ -0,0 +1,173 @@ +#!/usr/bin/env python + +""" +This script is converting the misra documentation RST file into a text file +that can be used as text-rules for cppcheck. +Usage: + convert_misr_doc.py -i INPUT [-o OUTPUT] [-j JSON] + + INPUT - RST file containing the list of misra rules. + OUTPUT - file to store the text output to be used by cppcheck. + If not specified, the result will be printed to stdout. + JSON - cppcheck json file to be created (optional). +""" + +import sys, getopt, re + +def main(argv): + infile = '' + outfile = '' + outstr = sys.stdout + jsonfile = '' + + try: + opts, args = getopt.getopt(argv,"hi:o:j:",["input=","output=","json="]) + except getopt.GetoptError: + print('convert-misra.py -i [-o ] [-j ') + sys.exit(2) + for opt, arg in opts: + if opt == '-h': + print('convert-misra.py -i [-o ] [-j ') + print(' If output is not specified, print to stdout') + sys.exit(1) + elif opt in ("-i", "--input"): + infile = arg + elif opt in ("-o", "--output"): + outfile = arg + elif opt in ("-j", "--json"): + jsonfile = arg + + try: + file_stream = open(infile, 'rt') + except: + print('Error opening ' + infile) + sys.exit(1) + + if outfile: + try: + outstr = open(outfile, "w") + except: + print('Error creating ' + outfile) + sys.exit(1) + + # Each rule start with ' * - `[Dir|Rule]' and is followed by the + # severity, the summary and then notes + # Only the summary can be multi line + pattern_dir = re.compile(r'^ \* - `Dir ([0-9]+.[0-9]+).*$') + pattern_rule = re.compile(r'^ \* - `Rule ([0-9]+.[0-9]+).*$') + pattern_col = re.compile(r'^ - (.*)$') + # allow empty notes + pattern_notes = re.compile(r'^ -.*$') + pattern_cont = re.compile(r'^ (.*)$') + + rule_number = '' + rule_severity = '' + rule_summary = '' + rule_state = 0 + rule_list = [] + + # Start search by cppcheck misra + outstr.write('Appendix A Summary of guidelines\n') + + for line in file_stream: + + line = line.replace('\r', '').replace('\n', '') + + if len(line) == 0: + continue + + # New Rule or Directive + if rule_state == 0: + # new Rule + res = pattern_rule.match(line) + if res: + rule_number = res.group(1) + rule_list.append(rule_number) + rule_state = 1 + continue + + # new Directive + res = pattern_dir.match(line) + if res: + rule_number = res.group(1) + rule_list.append(rule_number) + rule_state = 1 + continue + continue + + # Severity + elif rule_state == 1: + res =pattern_col.match(line) + if res: + rule_severity = res.group(1) + rule_state = 2 + continue + + print('No severity for rule ' + rule_number) + sys.exit(1) + + # Summary + elif rule_state == 2: + res = pattern_col.match(line) + if res: + rule_summary = res.group(1) + rule_state = 3 + continue + + print('No summary for rule ' + rule_number) + sys.exit(1) + + # Notes or summary continuation + elif rule_state == 3: + res = pattern_cont.match(line) + if res: + rule_summary += res.group(1) + continue + res = pattern_notes.match(line) + if res: + outstr.write('Rule ' + rule_number + ' ' + rule_severity + + '\n') + outstr.write(rule_summary + ' (Misra rule ' + rule_number + + ')\n') + rule_state = 0 + rule_number = '' + continue + print('No notes for rule ' + rule_number) + sys.exit(1) + + else: + print('Impossible case in state machine') + sys.exit(1) + + skip_list = [] + + # Search for missing rules and add a dummy text with the rule number + for i in list(range(1,22)): + for j in list(range(1,22)): + if str(i) + '.' + str(j) not in rule_list: + outstr.write('Rule ' + str(i) + '.' + str(j) + '\n') + outstr.write('No description for rule ' + str(i) + '.' + str(j) + + '\n') + skip_list.append(str(i) + '.' + str(j)) + + # Make cppcheck happy by starting the appendix + outstr.write('Appendix B\n') + outstr.write('\n') + if outfile: + outstr.close() + + if jsonfile: + with open(jsonfile, "w") as f: + f.write('{\n') + f.write(' "script": "misra.py",\n') + f.write(' "args": [\n') + if outfile: + f.write(' "--rule-texts=' + outfile + '",\n') + + f.write(' "--suppress-rules=' + ",".join(skip_list) + '"\n') + f.write(' ]\n') + f.write('}\n') + f.close() + +if __name__ == "__main__": + main(sys.argv[1:]) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 12:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 12:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360354.589692 (Exim 4.92) (envelope-from ) id 1o8Lbg-0001SD-7z; Mon, 04 Jul 2022 12:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360354.589692; Mon, 04 Jul 2022 12:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Lbg-0001S5-57; Mon, 04 Jul 2022 12:55:16 +0000 Received: by outflank-mailman (input) for mailman id 360354; Mon, 04 Jul 2022 12:55:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Lbf-0001Rv-BO for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Lbf-0007et-Ad for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8Lbf-0001tM-8u for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SiQ18UnSGY0oHSFqkC+EATHKi8BQqVLd93aURibGjnw=; b=PaHfPaYqihpWJDUPySLscKf+cU cccmPVOzIuzNucpCBcgX+Eo5VaVVBIeMTKS2dvsoAwAdImW/9G1ygLmzkIj1dxQBH8QDN184JtMdY nYob5h18G9NvmKGQiULg1vtZHzCH6fgmiSMppx+x+8FlYwoFy6CTck67sLAoqMHQw27M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] docs/misra: Add instructions for cppcheck Message-Id: Date: Mon, 04 Jul 2022 12:55:15 +0000 commit 4a0da1c741415b0b3288ae8406df40f607b612c5 Author: Luca Fancellu AuthorDate: Mon Jul 4 14:45:39 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 4 14:45:39 2022 +0200 docs/misra: Add instructions for cppcheck Add instructions on how to build cppcheck, the version currently used and an example to use the cppcheck integration to run the analysis on the Xen codebase Signed-off-by: Luca Fancellu Acked-by: Julien Grall --- docs/misra/cppcheck.txt | 64 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/docs/misra/cppcheck.txt b/docs/misra/cppcheck.txt new file mode 100644 index 0000000000..25d8c3050b --- /dev/null +++ b/docs/misra/cppcheck.txt @@ -0,0 +1,64 @@ +Cppcheck for Xen static and MISRA analysis +========================================== + +Xen can be analysed for both static analysis problems and MISRA violation using +cppcheck, the open source tool allows the creation of a report with all the +findings. Xen has introduced the support in the Makefile so it's very easy to +use and in this document we can see how. + +The minimum version required for cppcheck is 2.7. Note that at the time of +writing (June 2022), the version 2.8 is known to be broken [1]. + +Install cppcheck on the system +============================== + +Cppcheck can be retrieved from the github repository or by downloading the +tarball, the version tested so far is the 2.7: + + - https://github.com/danmar/cppcheck/tree/2.7 + - https://github.com/danmar/cppcheck/archive/2.7.tar.gz + +To compile and install it, the complete command line can be found in readme.md, +section "GNU make", please add the "install" target to that line and use every +argument as it is in the documentation of the tool, so that every Xen developer +following this page can reproduce the same findings. + +This will compile and install cppcheck in /usr/bin and all the cppcheck config +files and addons will be installed in /usr/share/cppcheck folder, please modify +that path in FILESDIR if it's not convinient for your system. + +If you don't want to overwrite a possible cppcheck binary installed in your +system, you can omit the "install" target and FILESDIR, cppcheck will be just +compiled and the binaries will be available in the same folder. +If you choose to do that, later in this page it's explained how to use a local +installation of cppcheck for the Xen analysis. + +Dependencies are listed in the readme.md of the project repository. + +Use cppcheck to analyse Xen +=========================== + +Using cppcheck integration is very simple, it requires few steps: + + 1) Compile Xen + 2) call the cppcheck make target to generate a report in xml format: + make CPPCHECK_MISRA=y cppcheck + 3) call the cppcheck-html make target to generate a report in xml and html + format: + make CPPCHECK_MISRA=y cppcheck-html + + In case the cppcheck binaries are not in the PATH, CPPCHECK and + CPPCHECK_HTMLREPORT variables can be overridden with the full path to the + binaries: + + make -C xen \ + CPPCHECK=/path/to/cppcheck \ + CPPCHECK_HTMLREPORT=/path/to/cppcheck-htmlreport \ + CPPCHECK_MISRA=y \ + cppcheck-html + +The output is by default in a folder named cppcheck-htmlreport, but the name +can be changed by passing it in the CPPCHECK_HTMLREPORT_OUTDIR variable. + + +[1] https://sourceforge.net/p/cppcheck/discussion/general/thread/bfc3ab6c41/?limit=25 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 12:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 12:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360355.589695 (Exim 4.92) (envelope-from ) id 1o8Lbq-0001V8-9l; Mon, 04 Jul 2022 12:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360355.589695; Mon, 04 Jul 2022 12:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Lbq-0001V1-6g; Mon, 04 Jul 2022 12:55:26 +0000 Received: by outflank-mailman (input) for mailman id 360355; Mon, 04 Jul 2022 12:55:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Lbp-0001Uj-F7 for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Lbp-0007f4-ER for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8Lbp-0001tp-DO for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9QrdCAtxmkYDrVLZoIEl9Pq9WymwyDB3qYad3VKekDs=; b=NaNfyGSu/0XbCGmPcSOH+CUl3K FgnfLH7JqZcFbXpTcxGSreJ9cfhOrACLG6z2Jk8JjkzBq21ejLLdk60/dW7v7RCZO7y0piMfS18aV u1bsu+Yt4vBB3uP0PzuvSe+U1QbSNzyOsjNlZ3CYDfDPpohtghb/QxS/0q5oDGRtaOIU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xsm: create idle domain privileged and demote after setup Message-Id: Date: Mon, 04 Jul 2022 12:55:25 +0000 commit 4b540e8c9f72b904198364bc7b8261ed2dbb36fa Author: Daniel P. Smith AuthorDate: Mon Jul 4 14:46:02 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 4 14:46:02 2022 +0200 xsm: create idle domain privileged and demote after setup There are new capabilities, dom0less and hyperlaunch, that introduce internal hypervisor logic, which needs to make resource allocation calls that are protected by XSM access checks. The need for these resource allocations are necessary for dom0less and hyperlaunch when they are constructing the initial domain(s). This creates an issue as a subset of the hypervisor code is executed under a system domain, the idle domain, that is represented by a per-CPU non-privileged struct domain. To enable these new capabilities to function correctly but in a controlled manner, this commit changes the idle system domain to be created as a privileged domain under the default policy and demoted before transitioning to running. A new XSM hook, xsm_set_system_active(), is introduced to allow each XSM policy type to demote the idle domain appropriately for that policy type. In the case of SILO, it inherits the default policy's hook for xsm_set_system_active(). For flask, a stub is added to ensure that flask policy system will function correctly with this patch until flask is extended with support for starting the idle domain privileged and properly demoting it on the call to xsm_set_system_active(). Signed-off-by: Daniel P. Smith Reviewed-by: Jason Andryuk Reviewed-by: Luca Fancellu Acked-by: Julien Grall # arm Reviewed-by: Rahul Singh Tested-by: Rahul Singh Acked-by: Roger Pau Monné --- xen/arch/arm/setup.c | 3 +++ xen/arch/x86/setup.c | 4 ++++ xen/common/sched/core.c | 7 ++++++- xen/include/xsm/dummy.h | 17 +++++++++++++++++ xen/include/xsm/xsm.h | 6 ++++++ xen/xsm/dummy.c | 1 + xen/xsm/flask/hooks.c | 23 +++++++++++++++++++++++ 7 files changed, 60 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 577c54e6fb..85ff956ec2 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -1063,6 +1063,9 @@ void __init start_xen(unsigned long boot_phys_offset, /* Hide UART from DOM0 if we're using it */ serial_endboot(); + if ( (rc = xsm_set_system_active()) != 0 ) + panic("xsm: unable to switch to SYSTEM_ACTIVE privilege: %d\n", rc); + system_state = SYS_STATE_active; for_each_domain( d ) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 53a73010e0..f08b07b8de 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -619,6 +619,10 @@ static void noreturn init_done(void) { void *va; unsigned long start, end; + int err; + + if ( (err = xsm_set_system_active()) != 0 ) + panic("xsm: unable to switch to SYSTEM_ACTIVE privilege: %d\n", err); system_state = SYS_STATE_active; diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 8c73489654..250207038e 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -3033,7 +3033,12 @@ void __init scheduler_init(void) sched_ratelimit_us = SCHED_DEFAULT_RATELIMIT_US; } - idle_domain = domain_create(DOMID_IDLE, NULL, 0); + /* + * The idle dom is created privileged to ensure unrestricted access during + * setup and will be demoted by xsm_set_system_active() when setup is + * complete. + */ + idle_domain = domain_create(DOMID_IDLE, NULL, CDF_privileged); BUG_ON(IS_ERR(idle_domain)); BUG_ON(nr_cpu_ids > ARRAY_SIZE(idle_vcpu)); idle_domain->vcpu = idle_vcpu; diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 58afc1d589..77f27e7163 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -101,6 +101,23 @@ static always_inline int xsm_default_action( } } +static XSM_INLINE int cf_check xsm_set_system_active(void) +{ + struct domain *d = current->domain; + + ASSERT(d->is_privileged); + + if ( d->domain_id != DOMID_IDLE ) + { + printk("%s: should only be called by idle domain\n", __func__); + return -EPERM; + } + + d->is_privileged = false; + + return 0; +} + static XSM_INLINE void cf_check xsm_security_domaininfo( struct domain *d, struct xen_domctl_getdomaininfo *info) { diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 3e2b7fe3db..8dad03fd3d 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -52,6 +52,7 @@ typedef enum xsm_default xsm_default_t; * !!! WARNING !!! */ struct xsm_ops { + int (*set_system_active)(void); void (*security_domaininfo)(struct domain *d, struct xen_domctl_getdomaininfo *info); int (*domain_create)(struct domain *d, uint32_t ssidref); @@ -208,6 +209,11 @@ extern struct xsm_ops xsm_ops; #ifndef XSM_NO_WRAPPERS +static inline int xsm_set_system_active(void) +{ + return alternative_call(xsm_ops.set_system_active); +} + static inline void xsm_security_domaininfo( struct domain *d, struct xen_domctl_getdomaininfo *info) { diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 8c044ef615..e6ffa948f7 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -14,6 +14,7 @@ #include static const struct xsm_ops __initconst_cf_clobber dummy_ops = { + .set_system_active = xsm_set_system_active, .security_domaininfo = xsm_security_domaininfo, .domain_create = xsm_domain_create, .getdomaininfo = xsm_getdomaininfo, diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 6ffafc2f44..c97c44f803 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -191,6 +191,28 @@ static int cf_check flask_domain_alloc_security(struct domain *d) return 0; } +static int cf_check flask_set_system_active(void) +{ + struct domain *d = current->domain; + + ASSERT(d->is_privileged); + + if ( d->domain_id != DOMID_IDLE ) + { + printk("%s: should only be called by idle domain\n", __func__); + return -EPERM; + } + + /* + * While is_privileged has no significant meaning under flask, set to false + * as is_privileged is not only used for a privilege check but also as a + * type of domain check, specifically if the domain is the control domain. + */ + d->is_privileged = false; + + return 0; +} + static void cf_check flask_domain_free_security(struct domain *d) { struct domain_security_struct *dsec = d->ssid; @@ -1774,6 +1796,7 @@ static int cf_check flask_argo_send( #endif static const struct xsm_ops __initconst_cf_clobber flask_ops = { + .set_system_active = flask_set_system_active, .security_domaininfo = flask_security_domaininfo, .domain_create = flask_domain_create, .getdomaininfo = flask_getdomaininfo, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 12:55:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 12:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360356.589699 (Exim 4.92) (envelope-from ) id 1o8Lc0-0001Xo-B9; Mon, 04 Jul 2022 12:55:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360356.589699; Mon, 04 Jul 2022 12:55:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Lc0-0001Xh-8A; Mon, 04 Jul 2022 12:55:36 +0000 Received: by outflank-mailman (input) for mailman id 360356; Mon, 04 Jul 2022 12:55:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Lbz-0001XY-Iv for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Lbz-0007fz-Hu for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8Lbz-0001uJ-Gr for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xNOtZyjqlRcNWHnIatbW7Iy4zGy82p//YZmzWsPlQr4=; b=7BIisu0uGtG4C1X3r5enUAYFko 8fMkUUvqVyw/jySA6TDLsBxLxB+Bk9As97b7BCbDZK8WiC8IOwa3iqZAtI2O/TlRnGDKnt+x/yReo M1FXRFJh04vBUwM8NKh4ElXg+ovLJMJeBPqvx6N/0pI5w5+LKhF9u9l85QbZs33aiCY8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] flask: implement xsm_set_system_active Message-Id: Date: Mon, 04 Jul 2022 12:55:35 +0000 commit a0bb0960e5ed2d6b59aff5c0eae74d8347bab32b Author: Daniel P. Smith AuthorDate: Mon Jul 4 14:47:00 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 4 14:47:00 2022 +0200 flask: implement xsm_set_system_active This commit implements full support for starting the idle domain privileged by introducing a new flask label xenboot_t which the idle domain is labeled with at creation. It then provides the implementation for the XSM hook xsm_set_system_active to relabel the idle domain to the existing xen_t flask label. In the reference flask policy a new macro, xen_build_domain(target), is introduced for creating policies for dom0less/hyperlaunch allowing the hypervisor to create and assign the necessary resources for domain construction. Signed-off-by: Daniel P. Smith Reviewed-by: Jason Andryuk Reviewed-by: Luca Fancellu Tested-by: Luca Fancellu Reviewed-by: Rahul Singh Tested-by: Rahul Singh --- tools/flask/policy/modules/xen.if | 7 +++++++ tools/flask/policy/modules/xen.te | 1 + tools/flask/policy/policy/initial_sids | 1 + xen/xsm/flask/hooks.c | 9 ++++++++- xen/xsm/flask/policy/initial_sids | 1 + 5 files changed, 18 insertions(+), 1 deletion(-) diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/modules/xen.if index 5e2aa472b6..424daab6a0 100644 --- a/tools/flask/policy/modules/xen.if +++ b/tools/flask/policy/modules/xen.if @@ -62,6 +62,13 @@ define(`create_domain_common', ` setparam altp2mhvm altp2mhvm_op dm }; ') +# xen_build_domain(target) +# Allow a domain to be created at boot by the hypervisor +define(`xen_build_domain', ` + allow xenboot_t $1:domain create; + allow xenboot_t $1_channel:event create; +') + # create_domain(priv, target) # Allow a domain to be created directly define(`create_domain', ` diff --git a/tools/flask/policy/modules/xen.te b/tools/flask/policy/modules/xen.te index 3dbf93d2b8..de98206fdd 100644 --- a/tools/flask/policy/modules/xen.te +++ b/tools/flask/policy/modules/xen.te @@ -24,6 +24,7 @@ attribute mls_priv; ################################################################################ # The hypervisor itself +type xenboot_t, xen_type, mls_priv; type xen_t, xen_type, mls_priv; # Domain 0 diff --git a/tools/flask/policy/policy/initial_sids b/tools/flask/policy/policy/initial_sids index 6b7b7eff21..ec729d3ba3 100644 --- a/tools/flask/policy/policy/initial_sids +++ b/tools/flask/policy/policy/initial_sids @@ -2,6 +2,7 @@ # objects created before the policy is loaded or for objects that do not have a # label defined in some other manner. +sid xenboot gen_context(system_u:system_r:xenboot_t,s0) sid xen gen_context(system_u:system_r:xen_t,s0) sid dom0 gen_context(system_u:system_r:dom0_t,s0) sid domxen gen_context(system_u:system_r:domxen_t,s0) diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index c97c44f803..8c9cd0f297 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -173,7 +173,7 @@ static int cf_check flask_domain_alloc_security(struct domain *d) switch ( d->domain_id ) { case DOMID_IDLE: - dsec->sid = SECINITSID_XEN; + dsec->sid = SECINITSID_XENBOOT; break; case DOMID_XEN: dsec->sid = SECINITSID_DOMXEN; @@ -193,9 +193,14 @@ static int cf_check flask_domain_alloc_security(struct domain *d) static int cf_check flask_set_system_active(void) { + struct domain_security_struct *dsec; struct domain *d = current->domain; + dsec = d->ssid; + ASSERT(d->is_privileged); + ASSERT(dsec->sid == SECINITSID_XENBOOT); + ASSERT(dsec->self_sid == SECINITSID_XENBOOT); if ( d->domain_id != DOMID_IDLE ) { @@ -210,6 +215,8 @@ static int cf_check flask_set_system_active(void) */ d->is_privileged = false; + dsec->self_sid = dsec->sid = SECINITSID_XEN; + return 0; } diff --git a/xen/xsm/flask/policy/initial_sids b/xen/xsm/flask/policy/initial_sids index 7eca70d339..e8b55b8368 100644 --- a/xen/xsm/flask/policy/initial_sids +++ b/xen/xsm/flask/policy/initial_sids @@ -3,6 +3,7 @@ # # Define initial security identifiers # +sid xenboot sid xen sid dom0 sid domio -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 04 12:55:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 04 Jul 2022 12:55:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360357.589704 (Exim 4.92) (envelope-from ) id 1o8LcA-0001be-Dc; Mon, 04 Jul 2022 12:55:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360357.589704; Mon, 04 Jul 2022 12:55:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8LcA-0001bW-Az; Mon, 04 Jul 2022 12:55:46 +0000 Received: by outflank-mailman (input) for mailman id 360357; Mon, 04 Jul 2022 12:55:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Lc9-0001bL-Lc for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Lc9-0007h9-Kh for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8Lc9-0001un-Jy for xen-changelog@lists.xenproject.org; Mon, 04 Jul 2022 12:55:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XaZu3hO1/MtX3GHVzbPaB0VLi+j3TOM8acfIKL/hE90=; b=ipWKF8xgLmrl2gc4FcByUi1pWI zNZDpAGRYo6HaHQo4IKWD+qlQYg8ZZGMW2I7PgAW38bUFjaUVtRHpsI1QLeJvCvd7TQg7879kXvAd nhTnxlKEyAtWnCC1Lky0Xc/+/wEZr1+JluuLwDfpDseqYvfMBMfc9KWKGgRiOhKfN45g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] console/serial: set the default transmit buffer size in Kconfig Message-Id: Date: Mon, 04 Jul 2022 12:55:45 +0000 commit 4df2e99d731402da48afb19dc970ccab5a0814d6 Author: Roger Pau Monné AuthorDate: Mon Jul 4 14:48:14 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 4 14:48:14 2022 +0200 console/serial: set the default transmit buffer size in Kconfig Take the opportunity to convert the variable to read-only after init. No functional change intended. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/drivers/char/Kconfig | 10 ++++++++++ xen/drivers/char/serial.c | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/xen/drivers/char/Kconfig b/xen/drivers/char/Kconfig index e5f7b1d8eb..dec58bc993 100644 --- a/xen/drivers/char/Kconfig +++ b/xen/drivers/char/Kconfig @@ -74,3 +74,13 @@ config HAS_EHCI help This selects the USB based EHCI debug port to be used as a UART. If you have an x86 based system with USB, say Y. + +config SERIAL_TX_BUFSIZE + int "Size of the transmit serial buffer" + default 16384 + help + Controls the default size of the transmit buffer (in bytes) used by + the serial driver. Note the value provided will be rounded down to + the nearest power of 2. + + Default value is 16384 (16kiB). diff --git a/xen/drivers/char/serial.c b/xen/drivers/char/serial.c index 5ecba0af33..f6c944bd30 100644 --- a/xen/drivers/char/serial.c +++ b/xen/drivers/char/serial.c @@ -16,7 +16,7 @@ /* Never drop characters, even if the async transmit buffer fills. */ /* #define SERIAL_NEVER_DROP_CHARS 1 */ -unsigned int __read_mostly serial_txbufsz = 16384; +unsigned int __ro_after_init serial_txbufsz = CONFIG_SERIAL_TX_BUFSIZE; size_param("serial_tx_buffer", serial_txbufsz); #define mask_serial_rxbuf_idx(_i) ((_i)&(serial_rxbufsz-1)) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 05 00:44:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Jul 2022 00:44:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360551.589960 (Exim 4.92) (envelope-from ) id 1o8Wfb-0001nW-JC; Tue, 05 Jul 2022 00:44:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360551.589960; Tue, 05 Jul 2022 00:44:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Wfb-0001nO-Fl; Tue, 05 Jul 2022 00:44:03 +0000 Received: by outflank-mailman (input) for mailman id 360551; Tue, 05 Jul 2022 00:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Wfa-0001nI-26 for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Wfa-00052F-1D for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8WfZ-0000KF-Vt for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nxc7vlxqySYCxADbOz2ohFTkMvZI5s4wE6aHD3xLIgE=; b=Jkf1G3sRSvFdIVb1rxFYvAR45h AMoInDW3HeU2tswW22ezBqw9AJSU68pBqmC1whvR0ftlFfvA1Ijqs10vJVqicIwBueO0SM4HQplwH 757wPCbm/MrViu34GM5zut8JdVY8O8LyS7pfTWD9BrAJ4+wmiZSNyKA8GN0Nht0q+7zM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: Add MISRA support to cppcheck make rule Message-Id: Date: Tue, 05 Jul 2022 00:44:01 +0000 commit 57caa5375321291d40dbb598087eb6f03d1c8d2d Author: Bertrand Marquis AuthorDate: Mon Jul 4 14:45:04 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 4 14:45:04 2022 +0200 xen: Add MISRA support to cppcheck make rule cppcheck MISRA addon can be used to check for non compliance to some of the MISRA standard rules. Add a CPPCHECK_MISRA variable that can be set to "y" using make command line to generate a cppcheck report including cppcheck misra checks. When MISRA checking is enabled, a file with a text description suitable for cppcheck misra addon is generated out of Xen documentation file which lists the rules followed by Xen (docs/misra/rules.rst). By default MISRA checking is turned off. While adding cppcheck-misra files to gitignore, also fix the missing / for htmlreport gitignore Signed-off-by: Bertrand Marquis Reviewed-by: Michal Orzel Tested-by: Michal Orzel Acked-by: Stefano Stabellini --- .gitignore | 5 +- xen/Makefile | 29 ++++++- xen/tools/convert_misra_doc.py | 173 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 203 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 18ef56a780..c9951063c3 100644 --- a/.gitignore +++ b/.gitignore @@ -297,7 +297,6 @@ xen/.banner xen/.config xen/.config.old xen/.xen.elf32 -xen/xen-cppcheck.xml xen/System.map xen/arch/x86/boot/mkelf32 xen/arch/x86/boot/cmdline.S @@ -318,7 +317,8 @@ xen/arch/*/efi/runtime.c xen/arch/*/include/asm/asm-offsets.h xen/common/config_data.S xen/common/config.gz -xen/cppcheck-htmlreport +xen/cppcheck-htmlreport/ +xen/cppcheck-misra.* xen/include/headers*.chk xen/include/compat/* xen/include/config/ @@ -347,6 +347,7 @@ xen/xsm/flask/xenpolicy-* tools/flask/policy/policy.conf tools/flask/policy/xenpolicy-* xen/xen +xen/xen-cppcheck.xml xen/xen-syms xen/xen-syms.map xen/xen.* diff --git a/xen/Makefile b/xen/Makefile index ede4f15b18..4d770fef84 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -547,7 +547,7 @@ _clean: rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET).efi $(TARGET).efi.map $(TARGET)-syms $(TARGET)-syms.map rm -f asm-offsets.s arch/*/include/asm/asm-offsets.h rm -f .banner .allconfig.tmp include/xen/compile.h - rm -f xen-cppcheck.xml + rm -f cppcheck-misra.* xen-cppcheck.xml .PHONY: _distclean _distclean: clean @@ -641,6 +641,10 @@ CPPCHECK_HTMLREPORT ?= cppcheck-htmlreport # build directory. This can be changed by giving a directory in this variable. CPPCHECK_HTMLREPORT_OUTDIR ?= cppcheck-htmlreport +# By default we do not check misra rules, to enable pass "CPPCHECK_MISRA=y" to +# make command line. +CPPCHECK_MISRA ?= n + # Compile flags to pass to cppcheck: # - include directories and defines Xen Makefile is passing (from CFLAGS) # - include config.h as this is passed directly to the compiler. @@ -665,6 +669,15 @@ CPPCHECKFILES := $(wildcard $(patsubst $(objtree)/%.o,$(srctree)/%.c, \ $(filter-out $(objtree)/tools/%, \ $(shell find $(objtree) -name "*.o")))) +# Headers and files required to run cppcheck on a file +CPPCHECKDEPS := $(objtree)/include/generated/autoconf.h \ + $(objtree)/include/generated/compiler-def.h + +ifeq ($(CPPCHECK_MISRA),y) + CPPCHECKFLAGS += --addon=cppcheck-misra.json + CPPCHECKDEPS += cppcheck-misra.json +endif + quiet_cmd_cppcheck_xml = CPPCHECK $(patsubst $(srctree)/%,%,$<) cmd_cppcheck_xml = $(CPPCHECK) -v -q --xml $(CPPCHECKFLAGS) \ --output-file=$@ $< @@ -689,7 +702,7 @@ ifeq ($(CPPCHECKFILES),) endif $(call if_changed,merge_cppcheck_reports) -$(objtree)/%.c.cppcheck: $(srctree)/%.c $(objtree)/include/generated/autoconf.h $(objtree)/include/generated/compiler-def.h | cppcheck-version +$(objtree)/%.c.cppcheck: $(srctree)/%.c $(CPPCHECKDEPS) | cppcheck-version $(call if_changed,cppcheck_xml) cppcheck-version: @@ -702,6 +715,18 @@ cppcheck-version: exit 1; \ fi +# List of Misra rules to respect is written inside a doc. +# In order to have some helpful text in the cppcheck output, generate a text +# file containing the rules identifier, classification and text from the Xen +# documentation file. Also generate a json file with the right arguments for +# cppcheck in json format including the list of rules to ignore. +# +cppcheck-misra.txt: $(XEN_ROOT)/docs/misra/rules.rst $(srctree)/tools/convert_misra_doc.py + $(Q)$(srctree)/tools/convert_misra_doc.py -i $< -o $@ -j $(@:.txt=.json) + +# convert_misra_doc is generating both files. +cppcheck-misra.json: cppcheck-misra.txt + # Put this in generated headers this way it is cleaned by include/Makefile $(objtree)/include/generated/compiler-def.h: $(Q)$(CC) -dM -E -o $@ - < /dev/null diff --git a/xen/tools/convert_misra_doc.py b/xen/tools/convert_misra_doc.py new file mode 100644 index 0000000000..caa4487f64 --- /dev/null +++ b/xen/tools/convert_misra_doc.py @@ -0,0 +1,173 @@ +#!/usr/bin/env python + +""" +This script is converting the misra documentation RST file into a text file +that can be used as text-rules for cppcheck. +Usage: + convert_misr_doc.py -i INPUT [-o OUTPUT] [-j JSON] + + INPUT - RST file containing the list of misra rules. + OUTPUT - file to store the text output to be used by cppcheck. + If not specified, the result will be printed to stdout. + JSON - cppcheck json file to be created (optional). +""" + +import sys, getopt, re + +def main(argv): + infile = '' + outfile = '' + outstr = sys.stdout + jsonfile = '' + + try: + opts, args = getopt.getopt(argv,"hi:o:j:",["input=","output=","json="]) + except getopt.GetoptError: + print('convert-misra.py -i [-o ] [-j ') + sys.exit(2) + for opt, arg in opts: + if opt == '-h': + print('convert-misra.py -i [-o ] [-j ') + print(' If output is not specified, print to stdout') + sys.exit(1) + elif opt in ("-i", "--input"): + infile = arg + elif opt in ("-o", "--output"): + outfile = arg + elif opt in ("-j", "--json"): + jsonfile = arg + + try: + file_stream = open(infile, 'rt') + except: + print('Error opening ' + infile) + sys.exit(1) + + if outfile: + try: + outstr = open(outfile, "w") + except: + print('Error creating ' + outfile) + sys.exit(1) + + # Each rule start with ' * - `[Dir|Rule]' and is followed by the + # severity, the summary and then notes + # Only the summary can be multi line + pattern_dir = re.compile(r'^ \* - `Dir ([0-9]+.[0-9]+).*$') + pattern_rule = re.compile(r'^ \* - `Rule ([0-9]+.[0-9]+).*$') + pattern_col = re.compile(r'^ - (.*)$') + # allow empty notes + pattern_notes = re.compile(r'^ -.*$') + pattern_cont = re.compile(r'^ (.*)$') + + rule_number = '' + rule_severity = '' + rule_summary = '' + rule_state = 0 + rule_list = [] + + # Start search by cppcheck misra + outstr.write('Appendix A Summary of guidelines\n') + + for line in file_stream: + + line = line.replace('\r', '').replace('\n', '') + + if len(line) == 0: + continue + + # New Rule or Directive + if rule_state == 0: + # new Rule + res = pattern_rule.match(line) + if res: + rule_number = res.group(1) + rule_list.append(rule_number) + rule_state = 1 + continue + + # new Directive + res = pattern_dir.match(line) + if res: + rule_number = res.group(1) + rule_list.append(rule_number) + rule_state = 1 + continue + continue + + # Severity + elif rule_state == 1: + res =pattern_col.match(line) + if res: + rule_severity = res.group(1) + rule_state = 2 + continue + + print('No severity for rule ' + rule_number) + sys.exit(1) + + # Summary + elif rule_state == 2: + res = pattern_col.match(line) + if res: + rule_summary = res.group(1) + rule_state = 3 + continue + + print('No summary for rule ' + rule_number) + sys.exit(1) + + # Notes or summary continuation + elif rule_state == 3: + res = pattern_cont.match(line) + if res: + rule_summary += res.group(1) + continue + res = pattern_notes.match(line) + if res: + outstr.write('Rule ' + rule_number + ' ' + rule_severity + + '\n') + outstr.write(rule_summary + ' (Misra rule ' + rule_number + + ')\n') + rule_state = 0 + rule_number = '' + continue + print('No notes for rule ' + rule_number) + sys.exit(1) + + else: + print('Impossible case in state machine') + sys.exit(1) + + skip_list = [] + + # Search for missing rules and add a dummy text with the rule number + for i in list(range(1,22)): + for j in list(range(1,22)): + if str(i) + '.' + str(j) not in rule_list: + outstr.write('Rule ' + str(i) + '.' + str(j) + '\n') + outstr.write('No description for rule ' + str(i) + '.' + str(j) + + '\n') + skip_list.append(str(i) + '.' + str(j)) + + # Make cppcheck happy by starting the appendix + outstr.write('Appendix B\n') + outstr.write('\n') + if outfile: + outstr.close() + + if jsonfile: + with open(jsonfile, "w") as f: + f.write('{\n') + f.write(' "script": "misra.py",\n') + f.write(' "args": [\n') + if outfile: + f.write(' "--rule-texts=' + outfile + '",\n') + + f.write(' "--suppress-rules=' + ",".join(skip_list) + '"\n') + f.write(' ]\n') + f.write('}\n') + f.close() + +if __name__ == "__main__": + main(sys.argv[1:]) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 05 00:44:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Jul 2022 00:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360552.589964 (Exim 4.92) (envelope-from ) id 1o8Wfl-0001qD-K6; Tue, 05 Jul 2022 00:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360552.589964; Tue, 05 Jul 2022 00:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Wfl-0001q6-HX; Tue, 05 Jul 2022 00:44:13 +0000 Received: by outflank-mailman (input) for mailman id 360552; Tue, 05 Jul 2022 00:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Wfk-0001pq-5v for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Wfk-00052d-58 for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8Wfk-0000MP-3M for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gWlrk8cLepbk9JfHM4m6CAOGV5EQPbCRHxz+D5sPsTo=; b=Mlh5GfE+8bo9EKc5m3FB5+0Qir JdOgEbMz03Jj/7jGs6/OncH7jDFYU/GjiVpK5k20TWiZ1/0l/4a2uZokjjL4XTPvhfEFZqpsXyyMm 4DKdQ4nFTdnMTNFsoHLrkEuC+/D9KqNwWKb9ViUSbLesXs/Y3x6iq4obVkJEOttADeIw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] docs/misra: Add instructions for cppcheck Message-Id: Date: Tue, 05 Jul 2022 00:44:12 +0000 commit 4a0da1c741415b0b3288ae8406df40f607b612c5 Author: Luca Fancellu AuthorDate: Mon Jul 4 14:45:39 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 4 14:45:39 2022 +0200 docs/misra: Add instructions for cppcheck Add instructions on how to build cppcheck, the version currently used and an example to use the cppcheck integration to run the analysis on the Xen codebase Signed-off-by: Luca Fancellu Acked-by: Julien Grall --- docs/misra/cppcheck.txt | 64 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/docs/misra/cppcheck.txt b/docs/misra/cppcheck.txt new file mode 100644 index 0000000000..25d8c3050b --- /dev/null +++ b/docs/misra/cppcheck.txt @@ -0,0 +1,64 @@ +Cppcheck for Xen static and MISRA analysis +========================================== + +Xen can be analysed for both static analysis problems and MISRA violation using +cppcheck, the open source tool allows the creation of a report with all the +findings. Xen has introduced the support in the Makefile so it's very easy to +use and in this document we can see how. + +The minimum version required for cppcheck is 2.7. Note that at the time of +writing (June 2022), the version 2.8 is known to be broken [1]. + +Install cppcheck on the system +============================== + +Cppcheck can be retrieved from the github repository or by downloading the +tarball, the version tested so far is the 2.7: + + - https://github.com/danmar/cppcheck/tree/2.7 + - https://github.com/danmar/cppcheck/archive/2.7.tar.gz + +To compile and install it, the complete command line can be found in readme.md, +section "GNU make", please add the "install" target to that line and use every +argument as it is in the documentation of the tool, so that every Xen developer +following this page can reproduce the same findings. + +This will compile and install cppcheck in /usr/bin and all the cppcheck config +files and addons will be installed in /usr/share/cppcheck folder, please modify +that path in FILESDIR if it's not convinient for your system. + +If you don't want to overwrite a possible cppcheck binary installed in your +system, you can omit the "install" target and FILESDIR, cppcheck will be just +compiled and the binaries will be available in the same folder. +If you choose to do that, later in this page it's explained how to use a local +installation of cppcheck for the Xen analysis. + +Dependencies are listed in the readme.md of the project repository. + +Use cppcheck to analyse Xen +=========================== + +Using cppcheck integration is very simple, it requires few steps: + + 1) Compile Xen + 2) call the cppcheck make target to generate a report in xml format: + make CPPCHECK_MISRA=y cppcheck + 3) call the cppcheck-html make target to generate a report in xml and html + format: + make CPPCHECK_MISRA=y cppcheck-html + + In case the cppcheck binaries are not in the PATH, CPPCHECK and + CPPCHECK_HTMLREPORT variables can be overridden with the full path to the + binaries: + + make -C xen \ + CPPCHECK=/path/to/cppcheck \ + CPPCHECK_HTMLREPORT=/path/to/cppcheck-htmlreport \ + CPPCHECK_MISRA=y \ + cppcheck-html + +The output is by default in a folder named cppcheck-htmlreport, but the name +can be changed by passing it in the CPPCHECK_HTMLREPORT_OUTDIR variable. + + +[1] https://sourceforge.net/p/cppcheck/discussion/general/thread/bfc3ab6c41/?limit=25 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 05 00:44:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Jul 2022 00:44:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360553.589969 (Exim 4.92) (envelope-from ) id 1o8Wfv-0001sv-MH; Tue, 05 Jul 2022 00:44:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360553.589969; Tue, 05 Jul 2022 00:44:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Wfv-0001sm-JH; Tue, 05 Jul 2022 00:44:23 +0000 Received: by outflank-mailman (input) for mailman id 360553; Tue, 05 Jul 2022 00:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Wfu-0001sS-Ac for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Wfu-00052z-9u for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8Wfu-0000Mt-7i for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jokSDtXz3I1QtQZForI1+1CuJORizBRyELP8kSukUv0=; b=OLPp1MMCM71TF9nyUnMulQeINB xh+kw9FshciTBdcfeUT8RRibJTge6O0tv24KfYm+Doz4mjCQy+mRsCSuSf+HN8OSdMB57LnoudHbF 4D4whf3hfQokHGHsAOwGEch0Z44tQw6pSo0Ec/+p+SZ2Cjfl0sbI7EDcPprtrZY+Yt3k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xsm: create idle domain privileged and demote after setup Message-Id: Date: Tue, 05 Jul 2022 00:44:22 +0000 commit 4b540e8c9f72b904198364bc7b8261ed2dbb36fa Author: Daniel P. Smith AuthorDate: Mon Jul 4 14:46:02 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 4 14:46:02 2022 +0200 xsm: create idle domain privileged and demote after setup There are new capabilities, dom0less and hyperlaunch, that introduce internal hypervisor logic, which needs to make resource allocation calls that are protected by XSM access checks. The need for these resource allocations are necessary for dom0less and hyperlaunch when they are constructing the initial domain(s). This creates an issue as a subset of the hypervisor code is executed under a system domain, the idle domain, that is represented by a per-CPU non-privileged struct domain. To enable these new capabilities to function correctly but in a controlled manner, this commit changes the idle system domain to be created as a privileged domain under the default policy and demoted before transitioning to running. A new XSM hook, xsm_set_system_active(), is introduced to allow each XSM policy type to demote the idle domain appropriately for that policy type. In the case of SILO, it inherits the default policy's hook for xsm_set_system_active(). For flask, a stub is added to ensure that flask policy system will function correctly with this patch until flask is extended with support for starting the idle domain privileged and properly demoting it on the call to xsm_set_system_active(). Signed-off-by: Daniel P. Smith Reviewed-by: Jason Andryuk Reviewed-by: Luca Fancellu Acked-by: Julien Grall # arm Reviewed-by: Rahul Singh Tested-by: Rahul Singh Acked-by: Roger Pau Monné --- xen/arch/arm/setup.c | 3 +++ xen/arch/x86/setup.c | 4 ++++ xen/common/sched/core.c | 7 ++++++- xen/include/xsm/dummy.h | 17 +++++++++++++++++ xen/include/xsm/xsm.h | 6 ++++++ xen/xsm/dummy.c | 1 + xen/xsm/flask/hooks.c | 23 +++++++++++++++++++++++ 7 files changed, 60 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 577c54e6fb..85ff956ec2 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -1063,6 +1063,9 @@ void __init start_xen(unsigned long boot_phys_offset, /* Hide UART from DOM0 if we're using it */ serial_endboot(); + if ( (rc = xsm_set_system_active()) != 0 ) + panic("xsm: unable to switch to SYSTEM_ACTIVE privilege: %d\n", rc); + system_state = SYS_STATE_active; for_each_domain( d ) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 53a73010e0..f08b07b8de 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -619,6 +619,10 @@ static void noreturn init_done(void) { void *va; unsigned long start, end; + int err; + + if ( (err = xsm_set_system_active()) != 0 ) + panic("xsm: unable to switch to SYSTEM_ACTIVE privilege: %d\n", err); system_state = SYS_STATE_active; diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 8c73489654..250207038e 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -3033,7 +3033,12 @@ void __init scheduler_init(void) sched_ratelimit_us = SCHED_DEFAULT_RATELIMIT_US; } - idle_domain = domain_create(DOMID_IDLE, NULL, 0); + /* + * The idle dom is created privileged to ensure unrestricted access during + * setup and will be demoted by xsm_set_system_active() when setup is + * complete. + */ + idle_domain = domain_create(DOMID_IDLE, NULL, CDF_privileged); BUG_ON(IS_ERR(idle_domain)); BUG_ON(nr_cpu_ids > ARRAY_SIZE(idle_vcpu)); idle_domain->vcpu = idle_vcpu; diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 58afc1d589..77f27e7163 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -101,6 +101,23 @@ static always_inline int xsm_default_action( } } +static XSM_INLINE int cf_check xsm_set_system_active(void) +{ + struct domain *d = current->domain; + + ASSERT(d->is_privileged); + + if ( d->domain_id != DOMID_IDLE ) + { + printk("%s: should only be called by idle domain\n", __func__); + return -EPERM; + } + + d->is_privileged = false; + + return 0; +} + static XSM_INLINE void cf_check xsm_security_domaininfo( struct domain *d, struct xen_domctl_getdomaininfo *info) { diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 3e2b7fe3db..8dad03fd3d 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -52,6 +52,7 @@ typedef enum xsm_default xsm_default_t; * !!! WARNING !!! */ struct xsm_ops { + int (*set_system_active)(void); void (*security_domaininfo)(struct domain *d, struct xen_domctl_getdomaininfo *info); int (*domain_create)(struct domain *d, uint32_t ssidref); @@ -208,6 +209,11 @@ extern struct xsm_ops xsm_ops; #ifndef XSM_NO_WRAPPERS +static inline int xsm_set_system_active(void) +{ + return alternative_call(xsm_ops.set_system_active); +} + static inline void xsm_security_domaininfo( struct domain *d, struct xen_domctl_getdomaininfo *info) { diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 8c044ef615..e6ffa948f7 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -14,6 +14,7 @@ #include static const struct xsm_ops __initconst_cf_clobber dummy_ops = { + .set_system_active = xsm_set_system_active, .security_domaininfo = xsm_security_domaininfo, .domain_create = xsm_domain_create, .getdomaininfo = xsm_getdomaininfo, diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 6ffafc2f44..c97c44f803 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -191,6 +191,28 @@ static int cf_check flask_domain_alloc_security(struct domain *d) return 0; } +static int cf_check flask_set_system_active(void) +{ + struct domain *d = current->domain; + + ASSERT(d->is_privileged); + + if ( d->domain_id != DOMID_IDLE ) + { + printk("%s: should only be called by idle domain\n", __func__); + return -EPERM; + } + + /* + * While is_privileged has no significant meaning under flask, set to false + * as is_privileged is not only used for a privilege check but also as a + * type of domain check, specifically if the domain is the control domain. + */ + d->is_privileged = false; + + return 0; +} + static void cf_check flask_domain_free_security(struct domain *d) { struct domain_security_struct *dsec = d->ssid; @@ -1774,6 +1796,7 @@ static int cf_check flask_argo_send( #endif static const struct xsm_ops __initconst_cf_clobber flask_ops = { + .set_system_active = flask_set_system_active, .security_domaininfo = flask_security_domaininfo, .domain_create = flask_domain_create, .getdomaininfo = flask_getdomaininfo, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 05 00:44:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Jul 2022 00:44:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360554.589973 (Exim 4.92) (envelope-from ) id 1o8Wg5-0001w9-PC; Tue, 05 Jul 2022 00:44:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360554.589973; Tue, 05 Jul 2022 00:44:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Wg5-0001w1-MS; Tue, 05 Jul 2022 00:44:33 +0000 Received: by outflank-mailman (input) for mailman id 360554; Tue, 05 Jul 2022 00:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Wg4-0001vl-Dk for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8Wg4-000539-D2 for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8Wg4-0000Nk-C6 for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wDsTcmvlhw4ONGrDvLBaUqWccIUI5gN8yCz0PvOWpAE=; b=TlqZl4YQs9X9BnTmdCee2athaS jc2czxLpUVybDZG1/sQw9KeZuu2OAp7JeZewEeP1l4U+6JkH49HQr+kyE/s4UzInTupf3qDoeA0eJ vPH4iJ2fV0PFbBklMGxcY19XJVFkiiPbPLviL/qFK3Q1oNfhqgGQLMNOsYMuw2vP/gOM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] flask: implement xsm_set_system_active Message-Id: Date: Tue, 05 Jul 2022 00:44:32 +0000 commit a0bb0960e5ed2d6b59aff5c0eae74d8347bab32b Author: Daniel P. Smith AuthorDate: Mon Jul 4 14:47:00 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 4 14:47:00 2022 +0200 flask: implement xsm_set_system_active This commit implements full support for starting the idle domain privileged by introducing a new flask label xenboot_t which the idle domain is labeled with at creation. It then provides the implementation for the XSM hook xsm_set_system_active to relabel the idle domain to the existing xen_t flask label. In the reference flask policy a new macro, xen_build_domain(target), is introduced for creating policies for dom0less/hyperlaunch allowing the hypervisor to create and assign the necessary resources for domain construction. Signed-off-by: Daniel P. Smith Reviewed-by: Jason Andryuk Reviewed-by: Luca Fancellu Tested-by: Luca Fancellu Reviewed-by: Rahul Singh Tested-by: Rahul Singh --- tools/flask/policy/modules/xen.if | 7 +++++++ tools/flask/policy/modules/xen.te | 1 + tools/flask/policy/policy/initial_sids | 1 + xen/xsm/flask/hooks.c | 9 ++++++++- xen/xsm/flask/policy/initial_sids | 1 + 5 files changed, 18 insertions(+), 1 deletion(-) diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/modules/xen.if index 5e2aa472b6..424daab6a0 100644 --- a/tools/flask/policy/modules/xen.if +++ b/tools/flask/policy/modules/xen.if @@ -62,6 +62,13 @@ define(`create_domain_common', ` setparam altp2mhvm altp2mhvm_op dm }; ') +# xen_build_domain(target) +# Allow a domain to be created at boot by the hypervisor +define(`xen_build_domain', ` + allow xenboot_t $1:domain create; + allow xenboot_t $1_channel:event create; +') + # create_domain(priv, target) # Allow a domain to be created directly define(`create_domain', ` diff --git a/tools/flask/policy/modules/xen.te b/tools/flask/policy/modules/xen.te index 3dbf93d2b8..de98206fdd 100644 --- a/tools/flask/policy/modules/xen.te +++ b/tools/flask/policy/modules/xen.te @@ -24,6 +24,7 @@ attribute mls_priv; ################################################################################ # The hypervisor itself +type xenboot_t, xen_type, mls_priv; type xen_t, xen_type, mls_priv; # Domain 0 diff --git a/tools/flask/policy/policy/initial_sids b/tools/flask/policy/policy/initial_sids index 6b7b7eff21..ec729d3ba3 100644 --- a/tools/flask/policy/policy/initial_sids +++ b/tools/flask/policy/policy/initial_sids @@ -2,6 +2,7 @@ # objects created before the policy is loaded or for objects that do not have a # label defined in some other manner. +sid xenboot gen_context(system_u:system_r:xenboot_t,s0) sid xen gen_context(system_u:system_r:xen_t,s0) sid dom0 gen_context(system_u:system_r:dom0_t,s0) sid domxen gen_context(system_u:system_r:domxen_t,s0) diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index c97c44f803..8c9cd0f297 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -173,7 +173,7 @@ static int cf_check flask_domain_alloc_security(struct domain *d) switch ( d->domain_id ) { case DOMID_IDLE: - dsec->sid = SECINITSID_XEN; + dsec->sid = SECINITSID_XENBOOT; break; case DOMID_XEN: dsec->sid = SECINITSID_DOMXEN; @@ -193,9 +193,14 @@ static int cf_check flask_domain_alloc_security(struct domain *d) static int cf_check flask_set_system_active(void) { + struct domain_security_struct *dsec; struct domain *d = current->domain; + dsec = d->ssid; + ASSERT(d->is_privileged); + ASSERT(dsec->sid == SECINITSID_XENBOOT); + ASSERT(dsec->self_sid == SECINITSID_XENBOOT); if ( d->domain_id != DOMID_IDLE ) { @@ -210,6 +215,8 @@ static int cf_check flask_set_system_active(void) */ d->is_privileged = false; + dsec->self_sid = dsec->sid = SECINITSID_XEN; + return 0; } diff --git a/xen/xsm/flask/policy/initial_sids b/xen/xsm/flask/policy/initial_sids index 7eca70d339..e8b55b8368 100644 --- a/xen/xsm/flask/policy/initial_sids +++ b/xen/xsm/flask/policy/initial_sids @@ -3,6 +3,7 @@ # # Define initial security identifiers # +sid xenboot sid xen sid dom0 sid domio -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 05 00:44:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Jul 2022 00:44:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360555.589977 (Exim 4.92) (envelope-from ) id 1o8WgF-0001z2-Qs; Tue, 05 Jul 2022 00:44:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360555.589977; Tue, 05 Jul 2022 00:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8WgF-0001yu-Nz; Tue, 05 Jul 2022 00:44:43 +0000 Received: by outflank-mailman (input) for mailman id 360555; Tue, 05 Jul 2022 00:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8WgE-0001yi-HQ for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8WgE-00053J-Gi for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8WgE-0000Og-F7 for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 00:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lStPA8Iv9cfb7GUCCBT2DvYzuVQozKQPc0Bqhh22XXs=; b=RVWLDntBX/sVEnqvma/36VHgGW NoIejhete1qr8ElyrFhberobkydQceEl0ilGmxpGD+RF0IN93bCmMndc4UHuc1X/VQZSVYPRdfCw6 qXGkdj5NirsfLECF94jNgAQoF0oCMYgkstAJWrzrijqq0SfrOlbXCzPvC6LguxT3xx20=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] console/serial: set the default transmit buffer size in Kconfig Message-Id: Date: Tue, 05 Jul 2022 00:44:42 +0000 commit 4df2e99d731402da48afb19dc970ccab5a0814d6 Author: Roger Pau Monné AuthorDate: Mon Jul 4 14:48:14 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 4 14:48:14 2022 +0200 console/serial: set the default transmit buffer size in Kconfig Take the opportunity to convert the variable to read-only after init. No functional change intended. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/drivers/char/Kconfig | 10 ++++++++++ xen/drivers/char/serial.c | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/xen/drivers/char/Kconfig b/xen/drivers/char/Kconfig index e5f7b1d8eb..dec58bc993 100644 --- a/xen/drivers/char/Kconfig +++ b/xen/drivers/char/Kconfig @@ -74,3 +74,13 @@ config HAS_EHCI help This selects the USB based EHCI debug port to be used as a UART. If you have an x86 based system with USB, say Y. + +config SERIAL_TX_BUFSIZE + int "Size of the transmit serial buffer" + default 16384 + help + Controls the default size of the transmit buffer (in bytes) used by + the serial driver. Note the value provided will be rounded down to + the nearest power of 2. + + Default value is 16384 (16kiB). diff --git a/xen/drivers/char/serial.c b/xen/drivers/char/serial.c index 5ecba0af33..f6c944bd30 100644 --- a/xen/drivers/char/serial.c +++ b/xen/drivers/char/serial.c @@ -16,7 +16,7 @@ /* Never drop characters, even if the async transmit buffer fills. */ /* #define SERIAL_NEVER_DROP_CHARS 1 */ -unsigned int __read_mostly serial_txbufsz = 16384; +unsigned int __ro_after_init serial_txbufsz = CONFIG_SERIAL_TX_BUFSIZE; size_param("serial_tx_buffer", serial_txbufsz); #define mask_serial_rxbuf_idx(_i) ((_i)&(serial_rxbufsz-1)) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 05 11:22:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Jul 2022 11:22:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360798.590229 (Exim 4.92) (envelope-from ) id 1o8gd4-0006n1-Ny; Tue, 05 Jul 2022 11:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360798.590229; Tue, 05 Jul 2022 11:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8gd4-0006mt-LA; Tue, 05 Jul 2022 11:22:06 +0000 Received: by outflank-mailman (input) for mailman id 360798; Tue, 05 Jul 2022 11:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8gd2-0006mn-KA for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 11:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8gd2-0002dJ-IQ for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 11:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8gd2-00023N-H5 for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 11:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aaSyAOCcIrH56v87mipZEzGn9IeVmX2oQ4M+zcy3Oto=; b=dM3Gn+CefJZ2nvpUOYRG7nlmYN ngXKTjvtoqkCsxNqImKLLKZCX85Z1ePpCPJB64JgM0QOkfXT/tiFHGWDHusYzCEVNiXKAE9dHM/yK CuK1ynBrAlt/uJ/3Nmrp1mULy7Hxb8jRLl8eVhwVGxEK28TplusZ0YSvKyMcaTKLDTfI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] EFI: preserve the System Resource Table for dom0 Message-Id: Date: Tue, 05 Jul 2022 11:22:04 +0000 commit 8d410ac2c178e1dd1001cadddbe9ca75a9738c95 Author: Demi Marie Obenour AuthorDate: Tue Jul 5 13:10:46 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 5 13:10:46 2022 +0200 EFI: preserve the System Resource Table for dom0 The EFI System Resource Table (ESRT) is necessary for fwupd to identify firmware updates to install. According to the UEFI specification §23.4, the ESRT shall be stored in memory of type EfiBootServicesData. However, memory of type EfiBootServicesData is considered general-purpose memory by Xen, so the ESRT needs to be moved somewhere where Xen will not overwrite it. Copy the ESRT to memory of type EfiRuntimeServicesData, which Xen will not reuse. dom0 can use the ESRT if (and only if) it is in memory of type EfiRuntimeServicesData. Earlier versions of this patch reserved the memory in which the ESRT was located. This created awkward alignment problems, and required either splitting the E820 table or wasting memory. It also would have required a new platform op for dom0 to use to indicate if the ESRT is reserved. By copying the ESRT into EfiRuntimeServicesData memory, the E820 table does not need to be modified, and dom0 can just check the type of the memory region containing the ESRT. The copy is only done if the ESRT is not already in EfiRuntimeServicesData memory, avoiding memory leaks on repeated kexec. See https://lore.kernel.org/xen-devel/20200818184018.GN1679@mail-itl/T/ for details. Signed-off-by: Demi Marie Obenour Reviewed-by: Jan Beulich --- xen/common/efi/boot.c | 135 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index a25e1d29f1..e35f56e9ec 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -39,6 +39,26 @@ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } #define APPLE_PROPERTIES_PROTOCOL_GUID \ { 0x91bd12fe, 0xf6c3, 0x44fb, { 0xa5, 0xb7, 0x51, 0x22, 0xab, 0x30, 0x3a, 0xe0} } +#define EFI_SYSTEM_RESOURCE_TABLE_GUID \ + { 0xb122a263, 0x3661, 0x4f68, {0x99, 0x29, 0x78, 0xf8, 0xb0, 0xd6, 0x21, 0x80} } +#define EFI_SYSTEM_RESOURCE_TABLE_FIRMWARE_RESOURCE_VERSION 1 + +typedef struct { + EFI_GUID FwClass; + UINT32 FwType; + UINT32 FwVersion; + UINT32 LowestSupportedFwVersion; + UINT32 CapsuleFlags; + UINT32 LastAttemptVersion; + UINT32 LastAttemptStatus; +} EFI_SYSTEM_RESOURCE_ENTRY; + +typedef struct { + UINT32 FwResourceCount; + UINT32 FwResourceCountMax; + UINT64 FwResourceVersion; + EFI_SYSTEM_RESOURCE_ENTRY Entries[]; +} EFI_SYSTEM_RESOURCE_TABLE; typedef EFI_STATUS (/* _not_ EFIAPI */ *EFI_SHIM_LOCK_VERIFY) ( @@ -567,6 +587,41 @@ static int __init efi_check_dt_boot(const EFI_LOADED_IMAGE *loaded_image) } #endif +static UINTN __initdata esrt = EFI_INVALID_TABLE_ADDR; + +static size_t __init get_esrt_size(const EFI_MEMORY_DESCRIPTOR *desc) +{ + size_t available_len, len; + const UINTN physical_start = desc->PhysicalStart; + const EFI_SYSTEM_RESOURCE_TABLE *esrt_ptr; + + len = desc->NumberOfPages << EFI_PAGE_SHIFT; + if ( esrt == EFI_INVALID_TABLE_ADDR ) + return 0; + if ( physical_start > esrt || esrt - physical_start >= len ) + return 0; + /* + * The specification requires EfiBootServicesData, but accept + * EfiRuntimeServicesData, which is a more logical choice. + */ + if ( (desc->Type != EfiRuntimeServicesData) && + (desc->Type != EfiBootServicesData) ) + return 0; + available_len = len - (esrt - physical_start); + if ( available_len <= offsetof(EFI_SYSTEM_RESOURCE_TABLE, Entries) ) + return 0; + available_len -= offsetof(EFI_SYSTEM_RESOURCE_TABLE, Entries); + esrt_ptr = (const EFI_SYSTEM_RESOURCE_TABLE *)esrt; + if ( (esrt_ptr->FwResourceVersion != + EFI_SYSTEM_RESOURCE_TABLE_FIRMWARE_RESOURCE_VERSION) || + !esrt_ptr->FwResourceCount ) + return 0; + if ( esrt_ptr->FwResourceCount > available_len / sizeof(esrt_ptr->Entries[0]) ) + return 0; + + return esrt_ptr->FwResourceCount * sizeof(esrt_ptr->Entries[0]); +} + /* * Include architecture specific implementation here, which references the * static globals defined above. @@ -845,6 +900,8 @@ static UINTN __init efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, return gop_mode; } +static EFI_GUID __initdata esrt_guid = EFI_SYSTEM_RESOURCE_TABLE_GUID; + static void __init efi_tables(void) { unsigned int i; @@ -868,6 +925,8 @@ static void __init efi_tables(void) efi.smbios = (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&smbios3_guid, &efi_ct[i].VendorGuid) ) efi.smbios3 = (unsigned long)efi_ct[i].VendorTable; + if ( match_guid(&esrt_guid, &efi_ct[i].VendorGuid) ) + esrt = (UINTN)efi_ct[i].VendorTable; } #ifndef CONFIG_ARM /* TODO - disabled until implemented on ARM */ @@ -1051,6 +1110,71 @@ static void __init efi_set_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, UINTN gop #define INVALID_VIRTUAL_ADDRESS (0xBAAADUL << \ (EFI_PAGE_SHIFT + BITS_PER_LONG - 32)) +static void __init efi_relocate_esrt(EFI_SYSTEM_TABLE *SystemTable) +{ + EFI_STATUS status; + UINTN info_size = 0, map_key, mdesc_size; + void *memory_map = NULL; + UINT32 ver; + unsigned int i; + + for ( ; ; ) + { + status = efi_bs->GetMemoryMap(&info_size, memory_map, &map_key, + &mdesc_size, &ver); + if ( status == EFI_SUCCESS && memory_map != NULL ) + break; + if ( status == EFI_BUFFER_TOO_SMALL || memory_map == NULL ) + { + info_size += 8 * efi_mdesc_size; + if ( memory_map != NULL ) + efi_bs->FreePool(memory_map); + memory_map = NULL; + status = efi_bs->AllocatePool(EfiLoaderData, info_size, &memory_map); + if ( status == EFI_SUCCESS ) + continue; + PrintErr(L"Cannot allocate memory to relocate ESRT\r\n"); + } + else + PrintErr(L"Cannot obtain memory map to relocate ESRT\r\n"); + return; + } + + /* Try to obtain the ESRT. Errors are not fatal. */ + for ( i = 0; i < info_size; i += efi_mdesc_size ) + { + /* + * ESRT needs to be moved to memory of type EfiRuntimeServicesData + * so that the memory it is in will not be used for other purposes. + */ + void *new_esrt = NULL; + size_t esrt_size = get_esrt_size(efi_memmap + i); + + if ( !esrt_size ) + continue; + if ( ((EFI_MEMORY_DESCRIPTOR *)(efi_memmap + i))->Type == + EfiRuntimeServicesData ) + break; /* ESRT already safe from reuse */ + status = efi_bs->AllocatePool(EfiRuntimeServicesData, esrt_size, + &new_esrt); + if ( status == EFI_SUCCESS && new_esrt ) + { + memcpy(new_esrt, (void *)esrt, esrt_size); + status = efi_bs->InstallConfigurationTable(&esrt_guid, new_esrt); + if ( status != EFI_SUCCESS ) + { + PrintErr(L"Cannot install new ESRT\r\n"); + efi_bs->FreePool(new_esrt); + } + } + else + PrintErr(L"Cannot allocate memory for ESRT\r\n"); + break; + } + + efi_bs->FreePool(memory_map); +} + static void __init efi_exit_boot(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) { EFI_STATUS status; @@ -1413,6 +1537,8 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) if ( gop ) efi_set_gop_mode(gop, gop_mode); + efi_relocate_esrt(SystemTable); + efi_exit_boot(ImageHandle, SystemTable); efi_arch_post_exit_boot(); /* Doesn't return. */ @@ -1753,3 +1879,12 @@ void __init efi_init_memory(void) unmap_domain_page(efi_l4t); } #endif + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 05 11:22:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Jul 2022 11:22:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360799.590232 (Exim 4.92) (envelope-from ) id 1o8gdD-0006ov-PM; Tue, 05 Jul 2022 11:22:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360799.590232; Tue, 05 Jul 2022 11:22:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8gdD-0006oo-Mf; Tue, 05 Jul 2022 11:22:15 +0000 Received: by outflank-mailman (input) for mailman id 360799; Tue, 05 Jul 2022 11:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8gdC-0006og-M3 for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 11:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8gdC-0002dY-LP for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 11:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8gdC-00023p-KR for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 11:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VJLEukz8DVgutZIT5W30gYLxgaTNxduVz0PbZzV+zW4=; b=Uv6RWC4T8wie/621vvHzxGKmHa 8wgVb01/0TcyQiMrBV3EitfSL0GurFcYBa/z1E2uzj3yap0Z1XYMRRY2lHUZIj0IXpebo9on6y+E5 bGe9MBBp/f6CvEiJ+tCAnu1f8eVzXBSW/IK3UGrsMeZ0TV9vqScjDx+wtv74aR6Xbzgs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/helpers: fix snprintf argument in init-dom0less.c Message-Id: Date: Tue, 05 Jul 2022 11:22:14 +0000 commit 2b1ee386122a6e8bf66f5163cbda51084af6e0f4 Author: Luca Fancellu AuthorDate: Tue Jul 5 13:11:25 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 5 13:11:25 2022 +0200 tools/helpers: fix snprintf argument in init-dom0less.c Fix snprintf argument in init-dom0less.c because two instances of the function are using libxl_dominfo struct members that are uint64_t types, so change "%lu" to "%"PRIu64 to handle it properly when building on arm32 and arm64. Signed-off-by: Luca Fancellu Reviewed-by: Bertrand Marquis Acked-by: Anthony PERARD --- tools/helpers/init-dom0less.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/helpers/init-dom0less.c b/tools/helpers/init-dom0less.c index 4c90dd6a0c..fee93459c4 100644 --- a/tools/helpers/init-dom0less.c +++ b/tools/helpers/init-dom0less.c @@ -5,6 +5,7 @@ #include #include #include +#include #include #include #include @@ -138,10 +139,10 @@ static int create_xenstore(struct xs_handle *xsh, "vm/" LIBXL_UUID_FMT, LIBXL_UUID_BYTES(uuid)); if (rc < 0 || rc >= STR_MAX_LENGTH) return rc; - rc = snprintf(max_memkb_str, STR_MAX_LENGTH, "%lu", info->max_memkb); + rc = snprintf(max_memkb_str, STR_MAX_LENGTH, "%"PRIu64, info->max_memkb); if (rc < 0 || rc >= STR_MAX_LENGTH) return rc; - rc = snprintf(target_memkb_str, STR_MAX_LENGTH, "%lu", info->current_memkb); + rc = snprintf(target_memkb_str, STR_MAX_LENGTH, "%"PRIu64, info->current_memkb); if (rc < 0 || rc >= STR_MAX_LENGTH) return rc; rc = snprintf(ring_ref_str, STR_MAX_LENGTH, "%lld", -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 05 11:22:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Jul 2022 11:22:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360800.590236 (Exim 4.92) (envelope-from ) id 1o8gdO-0006rx-Qm; Tue, 05 Jul 2022 11:22:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360800.590236; Tue, 05 Jul 2022 11:22:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8gdO-0006rp-OB; Tue, 05 Jul 2022 11:22:26 +0000 Received: by outflank-mailman (input) for mailman id 360800; Tue, 05 Jul 2022 11:22:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8gdM-0006rc-PN for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 11:22:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8gdM-0002dj-OZ for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 11:22:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8gdM-00024Q-NS for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 11:22:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/IQSoC9FFYS8VvtKc66brKfqAfzgJsQ3vtRVDKGSpZY=; b=umJtQTmms3jsbXxWFPxw91OP+j 5XU9hIkhez5DBmog4xsFsy7tuJIhXi+UogppyzD1NoLExoFvKQJLufl31bog/djTvzN2ADeEVJioB y12s/qpY8+FqvdqZL9VT+65IPTH4EOooliYjIrG6sBmiUvRbeuy6R7deu2rNhGAA+Aeo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] public: constify xsd_errors[] Message-Id: Date: Tue, 05 Jul 2022 11:22:24 +0000 commit c4184bf305dc14c3e150617904c40b120664efe6 Author: Jan Beulich AuthorDate: Tue Jul 5 13:11:51 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 5 13:11:51 2022 +0200 public: constify xsd_errors[] While in principle this could break existing users, I think such users deserve to be put in trouble. After all the table should have been const from the very beginning. Signed-off-by: Jan Beulich Reviewed-by: Juergen Gross --- xen/include/public/io/xs_wire.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/io/xs_wire.h b/xen/include/public/io/xs_wire.h index c573950fbf..05d3069e63 100644 --- a/xen/include/public/io/xs_wire.h +++ b/xen/include/public/io/xs_wire.h @@ -71,7 +71,7 @@ struct xsd_errors #ifdef EINVAL #define XSD_ERROR(x) { x, #x } /* LINTED: static unused */ -static struct xsd_errors xsd_errors[] +static const struct xsd_errors xsd_errors[] #if defined(__GNUC__) __attribute__((unused)) #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 05 11:22:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Jul 2022 11:22:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.360801.590240 (Exim 4.92) (envelope-from ) id 1o8gdY-0006uM-SB; Tue, 05 Jul 2022 11:22:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 360801.590240; Tue, 05 Jul 2022 11:22:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8gdY-0006uF-Pe; Tue, 05 Jul 2022 11:22:36 +0000 Received: by outflank-mailman (input) for mailman id 360801; Tue, 05 Jul 2022 11:22:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8gdW-0006u3-S7 for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 11:22:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8gdW-0002dz-RR for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 11:22:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8gdW-00025B-QW for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 11:22:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O0FRSAuyiqSL8r8QohJ6IgCN1dfGUZoOpXUgcUFsEaw=; b=d7By5z7S3/sIakORN2XpV4Zn/3 HAB15kvhyEsnCXG8+uYY58Rci4S7dLv5Ky7YdO/qXdMYd0gLoR6MESKIv99fr3npqh+fsiTVb5X5h 9oZpbAZL65Jl5YPLcxgTM24fzpKZgHAGHJQCi8WnCeM5Clr1doTPXVgFVji9DFD29HQY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm32: avoid EFI stub wchar_t size linker warning Message-Id: Date: Tue, 05 Jul 2022 11:22:34 +0000 commit a4d4c541f58b378bc9d499dcb554eb9fe22312c8 Author: Wei Chen AuthorDate: Tue Jul 5 13:12:15 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 5 13:12:15 2022 +0200 xen/arm32: avoid EFI stub wchar_t size linker warning Xen uses "-fshort-wchar" in CFLAGS for EFI common code. Arm32 is using stub.c of EFI common code for EFI stub functions. But "-fshort-wchar" CFLAG will cause a warning when build stub.c for Arm32: "arm-linux-gnueabihf-ld: warning: arch/arm/efi/built_in.o uses 2-byte wchar_t yet the output is to use 4-byte wchar_t; use of wchar_t values across objects may fail" This is because the "-fshort-wchar" flag causes GCC to generate code that is not binary compatible with code generated without that flag. Why this warning hasn't been triggered in Arm64 is because Arm64 does not use wchar type directly in any code for parameters, variables and return values. And in EFI code, wchar has been replaced by CHAR16 (the UEFI "abstraction" of wchar_t). CHAR16 has been specified as unsigned short type in typedef, the "-fshort-wchar" flag will not affect CHAR16. So Arm64 object files are exactly the same with "-fshort-wchar" and without "-fshort-wchar". We are also not using wchar in Arm32 codes, but Arm32 will embed ABI information in ".ARM.attributes" section. This section stores some object file attributes, like ABI version, CPU arch and etc. And wchar size is described in this section by "Tag_ABI_PCS_wchar_t" too. Tag_ABI_PCS_wchar_t is 2 for object files with "-fshort-wchar", but for object files without "-fshort-wchar" is 4. Arm32 GCC ld will check this tag, and throw above warning when it finds the object files have different Tag_ABI_PCS_wchar_t values. Xen need to keep "-fshort-wchar" in EFI code to force wchar to use short integers (2 bytes) instead of integers (4 bytes), but this is unnecessary for code out of EFI. So in this patch, we add "-fno-short-wchar" to override "-fshort-wchar" for Arm architectures without EFI enabled to remove above warning." Reported-and-Suggested-by: Jan Beulich Tested-by: Jan Beulich Signed-off-by: Wei Chen Reviewed-by: Jan Beulich Acked-by: Julien Grall --- xen/arch/arm/efi/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/arch/arm/efi/Makefile b/xen/arch/arm/efi/Makefile index dffe72e589..bd954a3b2d 100644 --- a/xen/arch/arm/efi/Makefile +++ b/xen/arch/arm/efi/Makefile @@ -9,4 +9,7 @@ else # will not be cleaned in "make clean". EFIOBJ-y += stub.o obj-y += stub.o + +$(obj)/stub.o: CFLAGS-y += -fno-short-wchar + endif -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 05 12:22:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Jul 2022 12:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.361101.590427 (Exim 4.92) (envelope-from ) id 1o8hZ8-0006kc-0K; Tue, 05 Jul 2022 12:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 361101.590427; Tue, 05 Jul 2022 12:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8hZ7-0006kU-TV; Tue, 05 Jul 2022 12:22:05 +0000 Received: by outflank-mailman (input) for mailman id 361101; Tue, 05 Jul 2022 12:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8hZ6-0006kJ-GW for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 12:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8hZ6-0003lA-EQ for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 12:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8hZ6-0007Dm-Ci for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 12:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pTxaEZ6ZL73mZVrgEpqABK38I0iDx2VgDqHmHqgndCc=; b=zwKkjmSL1y6/PfDiU/cCt1NE/d ldHEnJIHgAeGrvtavQQWUDVSlaYQHJSbqii/xww8pLlxDPIbhHZvh2KmK45jZuBpzCtWFKJMP8qMW lxnFw4EZ1cwPVpHjxmEOEWFu+A1jxGlMLGhOBth9JnpiHPLeu+KE6kSi+0cEPUttebbk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/libxl: report trusted backend status to frontends Message-Id: Date: Tue, 05 Jul 2022 12:22:04 +0000 commit 54d8f27d0477937e1f99a414fc1ffd93d184b38a Author: Roger Pau Monne AuthorDate: Fri Apr 8 10:21:11 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 5 14:16:26 2022 +0200 tools/libxl: report trusted backend status to frontends Allow administrators to notify a frontend driver that it's backend counterpart is not to be trusted, so the frontend can deploy whatever mitigations required in order to secure itself. Allow such option for disk and network frontends only, as those are the only hardened ones currently supported. This is part of XSA-403 Signed-off-by: Roger Pau Monné Reviewed-by: Anthony PERARD --- docs/man/xl-disk-configuration.5.pod.in | 29 +++++++++++++++++++++++++++++ docs/man/xl-network-configuration.5.pod.in | 9 +++++++++ tools/include/libxl.h | 8 ++++++++ tools/libs/light/libxl_disk.c | 3 +++ tools/libs/light/libxl_nic.c | 5 +++++ tools/libs/light/libxl_types.idl | 6 ++++-- tools/libs/util/libxlu_disk_l.l | 3 +++ tools/xl/check-xl-disk-parse | 26 ++++++++++++++++++++++++++ tools/xl/check-xl-vif-parse | 18 ++++++++++++++++++ tools/xl/xl_parse.c | 4 ++++ xen/include/public/io/blkif.h | 8 ++++++++ xen/include/public/io/netif.h | 6 ++++++ 12 files changed, 123 insertions(+), 2 deletions(-) diff --git a/docs/man/xl-disk-configuration.5.pod.in b/docs/man/xl-disk-configuration.5.pod.in index 71d0e86e3d..95d039655a 100644 --- a/docs/man/xl-disk-configuration.5.pod.in +++ b/docs/man/xl-disk-configuration.5.pod.in @@ -344,6 +344,35 @@ can be used to disable "hole punching" for file based backends which were intentionally created non-sparse to avoid fragmentation of the file. +=item B / B + +=over 4 + +=item Description + +Reports whether the backend should be trusted by the frontend + +=item Supported values + +trusted, untrusted + +=item Mandatory + +No + +=item Default value + +trusted + +=back + +An advisory setting for the frontend driver on whether the backend should be +trusted. The frontend should deploy whatever protections it has available to +prevent an untrusted backend from accessing guest data not related to the I/O +processing or causing malfunction to the frontend or the whole domain. + +Note frontends can ignore such recommendation. + =back diff --git a/docs/man/xl-network-configuration.5.pod.in b/docs/man/xl-network-configuration.5.pod.in index cf92d7960c..f3e379bcf8 100644 --- a/docs/man/xl-network-configuration.5.pod.in +++ b/docs/man/xl-network-configuration.5.pod.in @@ -258,3 +258,12 @@ NOTE: This should not be set unless you have a reason to. Specifies the MTU (i.e. the maximum size of an IP payload, exclusing headers). The default value is 1500 but, if the VIF is attached to a bridge, it will be set to match unless overridden by this parameter. + +=head2 trusted / untrusted + +An advisory setting for the frontend driver on whether the backend should be +trusted. The frontend should deploy whatever protections it has available to +prevent an untrusted backend from accessing guest data not related to the I/O +processing or causing malfunction to the frontend or the whole domain. + +Note frontends can ignore such recommendation. diff --git a/tools/include/libxl.h b/tools/include/libxl.h index 7ce978e83c..835dfabc50 100644 --- a/tools/include/libxl.h +++ b/tools/include/libxl.h @@ -527,6 +527,14 @@ */ #define LIBXL_HAVE_MAX_GRANT_VERSION 1 +/* + * LIBXL_HAVE_{DISK,NIC}_TRUSTED indicates that the libxl_device_disk and + * libxl_device_nic structs have a field to signal whether the backend of the + * device is to be trusted. Such information is propagated to the frontend. + */ +#define LIBXL_HAVE_DISK_TRUSTED 1 +#define LIBXL_HAVE_NIC_TRUSTED 1 + /* * libxl ABI compatibility * diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c index a5ca77850f..9da2b2ed27 100644 --- a/tools/libs/light/libxl_disk.c +++ b/tools/libs/light/libxl_disk.c @@ -159,6 +159,7 @@ static int libxl__device_disk_setdefault(libxl__gc *gc, uint32_t domid, libxl_defbool_setdefault(&disk->discard_enable, !!disk->readwrite); libxl_defbool_setdefault(&disk->colo_enable, false); libxl_defbool_setdefault(&disk->colo_restore_enable, false); + libxl_defbool_setdefault(&disk->trusted, true); rc = libxl__resolve_domid(gc, disk->backend_domname, &disk->backend_domid); if (rc < 0) return rc; @@ -395,6 +396,8 @@ static void device_disk_add(libxl__egc *egc, uint32_t domid, flexarray_append(front, GCSPRINTF("%d", device->devid)); flexarray_append(front, "device-type"); flexarray_append(front, disk->is_cdrom ? "cdrom" : "disk"); + flexarray_append(front, "trusted"); + flexarray_append(front, libxl_defbool_val(disk->trusted) ? "1" : "0"); /* * Old PV kernel disk frontends before 2.6.26 rely on tool stack to diff --git a/tools/libs/light/libxl_nic.c b/tools/libs/light/libxl_nic.c index 0b9e70c9d1..d6bf06fc34 100644 --- a/tools/libs/light/libxl_nic.c +++ b/tools/libs/light/libxl_nic.c @@ -116,6 +116,8 @@ static int libxl__device_nic_setdefault(libxl__gc *gc, uint32_t domid, abort(); } + libxl_defbool_setdefault(&nic->trusted, true); + return rc; } @@ -255,6 +257,9 @@ static int libxl__set_xenstore_nic(libxl__gc *gc, uint32_t domid, flexarray_append(back, "hotplug-status"); flexarray_append(back, ""); + flexarray_append(front, "trusted"); + flexarray_append(front, libxl_defbool_val(nic->trusted) ? "1" : "0"); + return 0; } diff --git a/tools/libs/light/libxl_types.idl b/tools/libs/light/libxl_types.idl index 2a42da2f7d..89962218b4 100644 --- a/tools/libs/light/libxl_types.idl +++ b/tools/libs/light/libxl_types.idl @@ -712,7 +712,8 @@ libxl_device_disk = Struct("device_disk", [ ("colo_port", integer), ("colo_export", string), ("active_disk", string), - ("hidden_disk", string) + ("hidden_disk", string), + ("trusted", libxl_defbool), ]) libxl_device_nic = Struct("device_nic", [ @@ -780,7 +781,8 @@ libxl_device_nic = Struct("device_nic", [ ("colo_filter_sec_redirector1_outdev", string), ("colo_filter_sec_rewriter0_queue", string), ("colo_checkpoint_host", string), - ("colo_checkpoint_port", string) + ("colo_checkpoint_port", string), + ("trusted", libxl_defbool), ]) libxl_device_pci = Struct("device_pci", [ diff --git a/tools/libs/util/libxlu_disk_l.l b/tools/libs/util/libxlu_disk_l.l index 3bd639aab0..e115460d99 100644 --- a/tools/libs/util/libxlu_disk_l.l +++ b/tools/libs/util/libxlu_disk_l.l @@ -208,6 +208,9 @@ colo-export=[^,]*,? { STRIP(','); SAVESTRING("colo-export", colo_export, FROMEQU active-disk=[^,]*,? { STRIP(','); SAVESTRING("active-disk", active_disk, FROMEQUALS); } hidden-disk=[^,]*,? { STRIP(','); SAVESTRING("hidden-disk", hidden_disk, FROMEQUALS); } +trusted,? { libxl_defbool_set(&DPC->disk->trusted, true); } +untrusted,? { libxl_defbool_set(&DPC->disk->trusted, false); } + /* the target magic parameter, eats the rest of the string */ target=.* { STRIP(','); SAVESTRING("target", pdev_path, FROMEQUALS); } diff --git a/tools/xl/check-xl-disk-parse b/tools/xl/check-xl-disk-parse index 643f4f4ecb..18fb66940a 100755 --- a/tools/xl/check-xl-disk-parse +++ b/tools/xl/check-xl-disk-parse @@ -178,4 +178,30 @@ disk: { END one 0 cdrom no-discard vdev=hda target=/some/disk/image.iso +# test setting trusted +expected <devid = parse_ulong(oparg); } else if (MATCH_OPTION("mtu", token, oparg)) { nic->mtu = parse_ulong(oparg); + } else if (!strcmp("trusted", token)) { + libxl_defbool_set(&nic->trusted, true); + } else if (!strcmp("untrusted", token)) { + libxl_defbool_set(&nic->trusted, false); } else { fprintf(stderr, "unrecognized argument `%s'\n", token); return 1; diff --git a/xen/include/public/io/blkif.h b/xen/include/public/io/blkif.h index 4cdba79aba..ab863f175a 100644 --- a/xen/include/public/io/blkif.h +++ b/xen/include/public/io/blkif.h @@ -363,6 +363,14 @@ * that the frontend requires that the logical block size is 512 as it * is hardcoded (which is the case in some frontend implementations). * + * trusted + * Values: 0/1 (boolean) + * Default value: 1 + * + * A value of "0" indicates that the frontend should not trust the + * backend, and should deploy whatever measures available to protect from + * a malicious backend on the other end. + * *------------------------- Virtual Device Properties ------------------------- * * device-type diff --git a/xen/include/public/io/netif.h b/xen/include/public/io/netif.h index 00dd258712..3509b096f8 100644 --- a/xen/include/public/io/netif.h +++ b/xen/include/public/io/netif.h @@ -160,6 +160,12 @@ * be applied if it is set. */ +/* + * The setting of "trusted" node to "0" in the frontend path signals that the + * frontend should not trust the backend, and should deploy whatever measures + * available to protect from a malicious backend on the other end. + */ + /* * Control ring * ============ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 05 12:55:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Jul 2022 12:55:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.361224.590618 (Exim 4.92) (envelope-from ) id 1o8i53-0003N1-Tl; Tue, 05 Jul 2022 12:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 361224.590618; Tue, 05 Jul 2022 12:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8i53-0003Mu-Qq; Tue, 05 Jul 2022 12:55:05 +0000 Received: by outflank-mailman (input) for mailman id 361224; Tue, 05 Jul 2022 12:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8i52-0003Mo-EY for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 12:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o8i52-0004Pm-Cw for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 12:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o8i52-0000TG-Bh for xen-changelog@lists.xenproject.org; Tue, 05 Jul 2022 12:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+8n+anxZsOWpb/hcNHcn8BamM6nJbsqlVs/6YNZWH+A=; b=F9+7Px6PFebttHjIU624iiC5gO U+E2E5JgJGTjQpJTsq0jMmLORY5SAryEV0mX0Lr8GPjsxe3HzfBvmy6aUgUG/IPT7HGp4izakIe4r RHp4VvG200GGXGG8U6V//UuzymprrN+kKoUArbwDOBaII9OdOaZvuBoKYYcxlczlVzT0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/common: Use unsigned int instead of plain unsigned Message-Id: Date: Tue, 05 Jul 2022 12:55:04 +0000 commit 61ff2733221e3b5bae5f647d9a460c7a68a5ace8 Author: Michal Orzel AuthorDate: Mon Jun 27 15:15:39 2022 +0200 Commit: Julien Grall CommitDate: Tue Jul 5 13:48:36 2022 +0100 xen/common: Use unsigned int instead of plain unsigned This is just for the style and consistency reasons as the former is being used more often than the latter. Signed-off-by: Michal Orzel Reviewed-by: Juergen Gross Acked-by: Jan Beulich --- xen/common/grant_table.c | 6 +++--- xen/common/gunzip.c | 8 ++++---- xen/common/sched/cpupool.c | 4 ++-- xen/common/trace.c | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 3918e6de6b..2d110d9f41 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -895,7 +895,7 @@ done: static int _set_status(const grant_entry_header_t *shah, grant_status_t *status, struct domain *rd, - unsigned rgt_version, + unsigned int rgt_version, struct active_grant_entry *act, int readonly, int mapflag, @@ -1763,8 +1763,8 @@ static int gnttab_populate_status_frames(struct domain *d, struct grant_table *gt, unsigned int req_nr_frames) { - unsigned i; - unsigned req_status_frames; + unsigned int i; + unsigned int req_status_frames; req_status_frames = grant_to_status_frames(req_nr_frames); diff --git a/xen/common/gunzip.c b/xen/common/gunzip.c index aa16fec4bb..71ec5f26be 100644 --- a/xen/common/gunzip.c +++ b/xen/common/gunzip.c @@ -14,13 +14,13 @@ static memptr __initdata free_mem_end_ptr; #define WSIZE 0x80000000 static unsigned char *__initdata inbuf; -static unsigned __initdata insize; +static unsigned int __initdata insize; /* Index of next byte to be processed in inbuf: */ -static unsigned __initdata inptr; +static unsigned int __initdata inptr; /* Bytes in output buffer: */ -static unsigned __initdata outcnt; +static unsigned int __initdata outcnt; #define OF(args) args @@ -73,7 +73,7 @@ static __init void flush_window(void) * compute the crc. */ unsigned long c = crc; - unsigned n; + unsigned int n; unsigned char *in, ch; in = window; diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index a20e3a5fcb..2afe54f54d 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -850,7 +850,7 @@ int cpupool_do_sysctl(struct xen_sysctl_cpupool_op *op) case XEN_SYSCTL_CPUPOOL_OP_ADDCPU: { - unsigned cpu; + unsigned int cpu; const cpumask_t *cpus; cpu = op->cpu; @@ -895,7 +895,7 @@ int cpupool_do_sysctl(struct xen_sysctl_cpupool_op *op) case XEN_SYSCTL_CPUPOOL_OP_RMCPU: { - unsigned cpu; + unsigned int cpu; c = cpupool_get_by_id(op->cpupool_id); ret = -ENOENT; diff --git a/xen/common/trace.c b/xen/common/trace.c index a7c092fcbb..fb3752ce62 100644 --- a/xen/common/trace.c +++ b/xen/common/trace.c @@ -834,7 +834,7 @@ void __trace_hypercall(uint32_t event, unsigned long op, #define APPEND_ARG32(i) \ do { \ - unsigned i_ = (i); \ + unsigned int i_ = (i); \ *a++ = args[(i_)]; \ d.op |= TRC_PV_HYPERCALL_V2_ARG_32(i_); \ } while( 0 ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 06 11:11:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Jul 2022 11:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.362154.592078 (Exim 4.92) (envelope-from ) id 1o92vx-00078I-9x; Wed, 06 Jul 2022 11:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 362154.592078; Wed, 06 Jul 2022 11:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o92vx-00078A-6q; Wed, 06 Jul 2022 11:11:05 +0000 Received: by outflank-mailman (input) for mailman id 362154; Wed, 06 Jul 2022 11:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o92vw-000784-8B for xen-changelog@lists.xenproject.org; Wed, 06 Jul 2022 11:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o92vw-0007np-6C for xen-changelog@lists.xenproject.org; Wed, 06 Jul 2022 11:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o92vw-0008NU-5C for xen-changelog@lists.xenproject.org; Wed, 06 Jul 2022 11:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=maNceICu8lPqELyTIFa1Hmgxo5V/3DCnKWWzogwzsDg=; b=7IDkLjnTF74/GjsWnc6h4d88bf fJfMEKag7CSlK10mQr0owp4jVOv54zTIp35IJmx+FxAwocSRtCYaEJw3GMsHJQL78SrI2peZ7MSN5 umLj7WlGi7AQRKXsAklzPWqHAtI4JqqPgKSNIRBPbci4JFyONTidMINnKehLm9t8H+v8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Revert "EFI: preserve the System Resource Table for dom0" Message-Id: Date: Wed, 06 Jul 2022 11:11:04 +0000 commit 786049720041539409f47c6c1a1e718de490cf37 Author: Jan Beulich AuthorDate: Wed Jul 6 13:05:23 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 6 13:05:23 2022 +0200 Revert "EFI: preserve the System Resource Table for dom0" This reverts commit 8d410ac2c178e1dd1001cadddbe9ca75a9738c95, for breaking booting (on at least Arm64), apparently due to incomplete refactoring from an earlier version. --- xen/common/efi/boot.c | 135 -------------------------------------------------- 1 file changed, 135 deletions(-) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index e35f56e9ec..a25e1d29f1 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -39,26 +39,6 @@ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } #define APPLE_PROPERTIES_PROTOCOL_GUID \ { 0x91bd12fe, 0xf6c3, 0x44fb, { 0xa5, 0xb7, 0x51, 0x22, 0xab, 0x30, 0x3a, 0xe0} } -#define EFI_SYSTEM_RESOURCE_TABLE_GUID \ - { 0xb122a263, 0x3661, 0x4f68, {0x99, 0x29, 0x78, 0xf8, 0xb0, 0xd6, 0x21, 0x80} } -#define EFI_SYSTEM_RESOURCE_TABLE_FIRMWARE_RESOURCE_VERSION 1 - -typedef struct { - EFI_GUID FwClass; - UINT32 FwType; - UINT32 FwVersion; - UINT32 LowestSupportedFwVersion; - UINT32 CapsuleFlags; - UINT32 LastAttemptVersion; - UINT32 LastAttemptStatus; -} EFI_SYSTEM_RESOURCE_ENTRY; - -typedef struct { - UINT32 FwResourceCount; - UINT32 FwResourceCountMax; - UINT64 FwResourceVersion; - EFI_SYSTEM_RESOURCE_ENTRY Entries[]; -} EFI_SYSTEM_RESOURCE_TABLE; typedef EFI_STATUS (/* _not_ EFIAPI */ *EFI_SHIM_LOCK_VERIFY) ( @@ -587,41 +567,6 @@ static int __init efi_check_dt_boot(const EFI_LOADED_IMAGE *loaded_image) } #endif -static UINTN __initdata esrt = EFI_INVALID_TABLE_ADDR; - -static size_t __init get_esrt_size(const EFI_MEMORY_DESCRIPTOR *desc) -{ - size_t available_len, len; - const UINTN physical_start = desc->PhysicalStart; - const EFI_SYSTEM_RESOURCE_TABLE *esrt_ptr; - - len = desc->NumberOfPages << EFI_PAGE_SHIFT; - if ( esrt == EFI_INVALID_TABLE_ADDR ) - return 0; - if ( physical_start > esrt || esrt - physical_start >= len ) - return 0; - /* - * The specification requires EfiBootServicesData, but accept - * EfiRuntimeServicesData, which is a more logical choice. - */ - if ( (desc->Type != EfiRuntimeServicesData) && - (desc->Type != EfiBootServicesData) ) - return 0; - available_len = len - (esrt - physical_start); - if ( available_len <= offsetof(EFI_SYSTEM_RESOURCE_TABLE, Entries) ) - return 0; - available_len -= offsetof(EFI_SYSTEM_RESOURCE_TABLE, Entries); - esrt_ptr = (const EFI_SYSTEM_RESOURCE_TABLE *)esrt; - if ( (esrt_ptr->FwResourceVersion != - EFI_SYSTEM_RESOURCE_TABLE_FIRMWARE_RESOURCE_VERSION) || - !esrt_ptr->FwResourceCount ) - return 0; - if ( esrt_ptr->FwResourceCount > available_len / sizeof(esrt_ptr->Entries[0]) ) - return 0; - - return esrt_ptr->FwResourceCount * sizeof(esrt_ptr->Entries[0]); -} - /* * Include architecture specific implementation here, which references the * static globals defined above. @@ -900,8 +845,6 @@ static UINTN __init efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, return gop_mode; } -static EFI_GUID __initdata esrt_guid = EFI_SYSTEM_RESOURCE_TABLE_GUID; - static void __init efi_tables(void) { unsigned int i; @@ -925,8 +868,6 @@ static void __init efi_tables(void) efi.smbios = (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&smbios3_guid, &efi_ct[i].VendorGuid) ) efi.smbios3 = (unsigned long)efi_ct[i].VendorTable; - if ( match_guid(&esrt_guid, &efi_ct[i].VendorGuid) ) - esrt = (UINTN)efi_ct[i].VendorTable; } #ifndef CONFIG_ARM /* TODO - disabled until implemented on ARM */ @@ -1110,71 +1051,6 @@ static void __init efi_set_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, UINTN gop #define INVALID_VIRTUAL_ADDRESS (0xBAAADUL << \ (EFI_PAGE_SHIFT + BITS_PER_LONG - 32)) -static void __init efi_relocate_esrt(EFI_SYSTEM_TABLE *SystemTable) -{ - EFI_STATUS status; - UINTN info_size = 0, map_key, mdesc_size; - void *memory_map = NULL; - UINT32 ver; - unsigned int i; - - for ( ; ; ) - { - status = efi_bs->GetMemoryMap(&info_size, memory_map, &map_key, - &mdesc_size, &ver); - if ( status == EFI_SUCCESS && memory_map != NULL ) - break; - if ( status == EFI_BUFFER_TOO_SMALL || memory_map == NULL ) - { - info_size += 8 * efi_mdesc_size; - if ( memory_map != NULL ) - efi_bs->FreePool(memory_map); - memory_map = NULL; - status = efi_bs->AllocatePool(EfiLoaderData, info_size, &memory_map); - if ( status == EFI_SUCCESS ) - continue; - PrintErr(L"Cannot allocate memory to relocate ESRT\r\n"); - } - else - PrintErr(L"Cannot obtain memory map to relocate ESRT\r\n"); - return; - } - - /* Try to obtain the ESRT. Errors are not fatal. */ - for ( i = 0; i < info_size; i += efi_mdesc_size ) - { - /* - * ESRT needs to be moved to memory of type EfiRuntimeServicesData - * so that the memory it is in will not be used for other purposes. - */ - void *new_esrt = NULL; - size_t esrt_size = get_esrt_size(efi_memmap + i); - - if ( !esrt_size ) - continue; - if ( ((EFI_MEMORY_DESCRIPTOR *)(efi_memmap + i))->Type == - EfiRuntimeServicesData ) - break; /* ESRT already safe from reuse */ - status = efi_bs->AllocatePool(EfiRuntimeServicesData, esrt_size, - &new_esrt); - if ( status == EFI_SUCCESS && new_esrt ) - { - memcpy(new_esrt, (void *)esrt, esrt_size); - status = efi_bs->InstallConfigurationTable(&esrt_guid, new_esrt); - if ( status != EFI_SUCCESS ) - { - PrintErr(L"Cannot install new ESRT\r\n"); - efi_bs->FreePool(new_esrt); - } - } - else - PrintErr(L"Cannot allocate memory for ESRT\r\n"); - break; - } - - efi_bs->FreePool(memory_map); -} - static void __init efi_exit_boot(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) { EFI_STATUS status; @@ -1537,8 +1413,6 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) if ( gop ) efi_set_gop_mode(gop, gop_mode); - efi_relocate_esrt(SystemTable); - efi_exit_boot(ImageHandle, SystemTable); efi_arch_post_exit_boot(); /* Doesn't return. */ @@ -1879,12 +1753,3 @@ void __init efi_init_memory(void) unmap_domain_page(efi_l4t); } #endif - -/* - * Local variables: - * mode: C - * c-file-style: "BSD" - * c-basic-offset: 4 - * indent-tabs-mode: nil - * End: - */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 06 11:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Jul 2022 11:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.362155.592082 (Exim 4.92) (envelope-from ) id 1o92w7-0007Bo-BJ; Wed, 06 Jul 2022 11:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 362155.592082; Wed, 06 Jul 2022 11:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o92w7-0007Be-8Q; Wed, 06 Jul 2022 11:11:15 +0000 Received: by outflank-mailman (input) for mailman id 362155; Wed, 06 Jul 2022 11:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o92w6-0007BU-AB for xen-changelog@lists.xenproject.org; Wed, 06 Jul 2022 11:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o92w6-0007oG-9N for xen-changelog@lists.xenproject.org; Wed, 06 Jul 2022 11:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o92w6-0008O1-8Q for xen-changelog@lists.xenproject.org; Wed, 06 Jul 2022 11:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HEp5FPyhlkvlor6fGxriQxYjl48gkAbVGFy4XKhLwLc=; b=XaTWCwKqyvGoiAFl7u1XIsXSrd loDfk9LLTjkqnO8OwR9FJOYjrObFjxGdQHk+o155j8vI3QjqOm8I51s4BJDJMAO4I9blHr/u0eUKj +1OYD3jGDXRh0OPVgZv5jiU/uZrcizXb9KbNNfKVtHyYfgnKfvITqhIlj7erXQUMN2iY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxc: fix compilation error with gcc13 Message-Id: Date: Wed, 06 Jul 2022 11:11:14 +0000 commit 8eeae8c2b4efefda8e946461e86cf2ae9c18e5a9 Author: Charles Arnold AuthorDate: Wed Jul 6 13:06:40 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 6 13:06:40 2022 +0200 libxc: fix compilation error with gcc13 xc_psr.c:161:5: error: conflicting types for 'xc_psr_cmt_get_data' due to enum/integer mismatch; Signed-off-by: Charles Arnold Reviewed-by: Jan Beulich Acked-by: Anthony PERARD --- tools/include/xenctrl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index 5464a68eb2..0c8b4c3aa7 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -2520,7 +2520,7 @@ int xc_psr_cmt_get_l3_event_mask(xc_interface *xch, uint32_t *event_mask); int xc_psr_cmt_get_l3_cache_size(xc_interface *xch, uint32_t cpu, uint32_t *l3_cache_size); int xc_psr_cmt_get_data(xc_interface *xch, uint32_t rmid, uint32_t cpu, - uint32_t psr_cmt_type, uint64_t *monitor_data, + xc_psr_cmt_type type, uint64_t *monitor_data, uint64_t *tsc); int xc_psr_cmt_enabled(xc_interface *xch); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 06 11:11:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Jul 2022 11:11:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.362156.592086 (Exim 4.92) (envelope-from ) id 1o92wH-0007Fc-Dv; Wed, 06 Jul 2022 11:11:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 362156.592086; Wed, 06 Jul 2022 11:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o92wH-0007FU-BJ; Wed, 06 Jul 2022 11:11:25 +0000 Received: by outflank-mailman (input) for mailman id 362156; Wed, 06 Jul 2022 11:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o92wG-0007FK-DA for xen-changelog@lists.xenproject.org; Wed, 06 Jul 2022 11:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o92wG-0007oY-CQ for xen-changelog@lists.xenproject.org; Wed, 06 Jul 2022 11:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o92wG-0008OS-BU for xen-changelog@lists.xenproject.org; Wed, 06 Jul 2022 11:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AC5P/S0VX5wUFgAFYjYsRbBPzH/MfDNCH+WAJ0v4EQ4=; b=Kcyp48KGIMm2pvwXVJQqgvo6F2 7JaX4ChFeOJeZsUOJR7mZNRQca3jl+myrv4nTWs/5syCugvrWaAxf2jH0P69YoYogCgITILV9HQ4S LceYBmAPMOHR5JMoY6AXLTtNP8Xo/DuI289Ysb+XghCe/K73juVZ5DbtfqtsTYfB9qNA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/Kconfig: add option for default x2APIC destination mode Message-Id: Date: Wed, 06 Jul 2022 11:11:24 +0000 commit eb40ae41b658e0421e4275c14dd18c7377b0752a Author: Roger Pau Monné AuthorDate: Wed Jul 6 13:06:57 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 6 13:06:57 2022 +0200 x86/Kconfig: add option for default x2APIC destination mode Allow setting the default x2APIC destination mode from Kconfig to Physical. Note the default destination mode is still Logical (Cluster) mode. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/arch/x86/Kconfig | 18 ++++++++++++++++++ xen/arch/x86/genapic/x2apic.c | 6 ++++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 1e31edc99f..6bed72b791 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -226,6 +226,24 @@ config XEN_ALIGN_2M endchoice +config X2APIC_PHYSICAL + bool "x2APIC Physical Destination mode" + help + Use x2APIC Physical Destination mode by default when available. + + When using this mode APICs are addressed using the Physical + Destination mode, which allows using all dynamic vectors on each + CPU independently. + + Physical Destination has the benefit of having more vectors available + for external interrupts, but it also makes the delivery of multi + destination inter processor interrupts (IPIs) slightly slower than + Logical Destination mode. + + The mode when this option is not selected is Logical Destination. + + If unsure, say N. + config GUEST bool diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c index de5032f202..7dfc793514 100644 --- a/xen/arch/x86/genapic/x2apic.c +++ b/xen/arch/x86/genapic/x2apic.c @@ -228,7 +228,7 @@ static struct notifier_block x2apic_cpu_nfb = { .notifier_call = update_clusterinfo }; -static s8 __initdata x2apic_phys = -1; /* By default we use logical cluster mode. */ +static int8_t __initdata x2apic_phys = -1; boolean_param("x2apic_phys", x2apic_phys); const struct genapic *__init apic_x2apic_probe(void) @@ -241,7 +241,9 @@ const struct genapic *__init apic_x2apic_probe(void) * the usage of the high 16 bits to hold the cluster ID. */ x2apic_phys = !iommu_intremap || - (acpi_gbl_FADT.flags & ACPI_FADT_APIC_PHYSICAL); + (acpi_gbl_FADT.flags & ACPI_FADT_APIC_PHYSICAL) || + (IS_ENABLED(CONFIG_X2APIC_PHYSICAL) && + !(acpi_gbl_FADT.flags & ACPI_FADT_APIC_CLUSTER)); } else if ( !x2apic_phys ) switch ( iommu_intremap ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 06 11:11:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 06 Jul 2022 11:11:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.362157.592092 (Exim 4.92) (envelope-from ) id 1o92wR-0007IC-Gj; Wed, 06 Jul 2022 11:11:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 362157.592092; Wed, 06 Jul 2022 11:11:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o92wR-0007I4-Ck; Wed, 06 Jul 2022 11:11:35 +0000 Received: by outflank-mailman (input) for mailman id 362157; Wed, 06 Jul 2022 11:11:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o92wQ-0007Hm-G3 for xen-changelog@lists.xenproject.org; Wed, 06 Jul 2022 11:11:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o92wQ-0007om-FO for xen-changelog@lists.xenproject.org; Wed, 06 Jul 2022 11:11:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o92wQ-0008Pe-EV for xen-changelog@lists.xenproject.org; Wed, 06 Jul 2022 11:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WOKmDEGHOnpWRdODIoh7DOUBezxDJCNjroE8st7xnkc=; b=C5e1Jv78YX5CAlHyM0yCOK06kg 6frd7N6Io/p5+Q3XAB30nnPv6vA59hZ0cLLP37t1GAr3w3c1SMehcZXHUhnzGHZux31owkh3lfOAa ms6ltX1yz6bHkkmdQX0qXE7D0UfZX0UH/VonNFroMrQlEfAhNDBwd0ynHAcESPT4Sorc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/time: fix MISRA C 2012 Rule 8.7 violation Message-Id: Date: Wed, 06 Jul 2022 11:11:34 +0000 commit 46cbd76faf737e9fe2d57aaf335a0203f66ba21c Author: Xenia Ragiadakou AuthorDate: Wed Jul 6 13:07:43 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 6 13:07:43 2022 +0200 xen/time: fix MISRA C 2012 Rule 8.7 violation The variable __mon_lengths is referenced only in time.c. Change its linkage from external to internal by adding the storage-class specifier static to its definitions. Also, this patch resolves indirectly a MISRA C 2012 Rule 8.4 violation warning. Signed-off-by: Xenia Ragiadakou Acked-by: Julien Grall --- xen/common/time.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/time.c b/xen/common/time.c index 22379f4ae2..92f7b72464 100644 --- a/xen/common/time.c +++ b/xen/common/time.c @@ -28,7 +28,7 @@ ((year) % 4 == 0 && ((year) % 100 != 0 || (year) % 400 == 0)) /* How many days are in each month. */ -const unsigned short int __mon_lengths[2][12] = { +static const unsigned short int __mon_lengths[2][12] = { /* Normal years. */ {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, /* Leap years. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Jul 07 22:44:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Jul 2022 22:44:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363159.593548 (Exim 4.92) (envelope-from ) id 1o9aE6-0000nA-Ks; Thu, 07 Jul 2022 22:44:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363159.593548; Thu, 07 Jul 2022 22:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aE6-0000n3-I3; Thu, 07 Jul 2022 22:44:02 +0000 Received: by outflank-mailman (input) for mailman id 363159; Thu, 07 Jul 2022 22:44:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aE5-0000mt-Jg for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aE5-00012v-Ip for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9aE5-0001yd-Hp for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=P5gHHkwKWrNlxSity1eOPCklyxhPgwmon/AKQWPgkZI=; b=OPwdlRag94xU0biYWg+42kXSxD X4LwFaoxuDEzBZMSOETdjdyhqCZUnv790OGfaMJOPorZYHD0RBmRdP609BdleDsWTvH4eIk8bt7q8 jIGf+DyNH/pOvhwJeFWTMwN+hHkFBeAgEXqmW1XDCXwv2Xvx7BRcrNFhye9MflU9+8iA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] EFI: preserve the System Resource Table for dom0 Message-Id: Date: Thu, 07 Jul 2022 22:44:01 +0000 commit 8d410ac2c178e1dd1001cadddbe9ca75a9738c95 Author: Demi Marie Obenour AuthorDate: Tue Jul 5 13:10:46 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 5 13:10:46 2022 +0200 EFI: preserve the System Resource Table for dom0 The EFI System Resource Table (ESRT) is necessary for fwupd to identify firmware updates to install. According to the UEFI specification §23.4, the ESRT shall be stored in memory of type EfiBootServicesData. However, memory of type EfiBootServicesData is considered general-purpose memory by Xen, so the ESRT needs to be moved somewhere where Xen will not overwrite it. Copy the ESRT to memory of type EfiRuntimeServicesData, which Xen will not reuse. dom0 can use the ESRT if (and only if) it is in memory of type EfiRuntimeServicesData. Earlier versions of this patch reserved the memory in which the ESRT was located. This created awkward alignment problems, and required either splitting the E820 table or wasting memory. It also would have required a new platform op for dom0 to use to indicate if the ESRT is reserved. By copying the ESRT into EfiRuntimeServicesData memory, the E820 table does not need to be modified, and dom0 can just check the type of the memory region containing the ESRT. The copy is only done if the ESRT is not already in EfiRuntimeServicesData memory, avoiding memory leaks on repeated kexec. See https://lore.kernel.org/xen-devel/20200818184018.GN1679@mail-itl/T/ for details. Signed-off-by: Demi Marie Obenour Reviewed-by: Jan Beulich --- xen/common/efi/boot.c | 135 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index a25e1d29f1..e35f56e9ec 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -39,6 +39,26 @@ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } #define APPLE_PROPERTIES_PROTOCOL_GUID \ { 0x91bd12fe, 0xf6c3, 0x44fb, { 0xa5, 0xb7, 0x51, 0x22, 0xab, 0x30, 0x3a, 0xe0} } +#define EFI_SYSTEM_RESOURCE_TABLE_GUID \ + { 0xb122a263, 0x3661, 0x4f68, {0x99, 0x29, 0x78, 0xf8, 0xb0, 0xd6, 0x21, 0x80} } +#define EFI_SYSTEM_RESOURCE_TABLE_FIRMWARE_RESOURCE_VERSION 1 + +typedef struct { + EFI_GUID FwClass; + UINT32 FwType; + UINT32 FwVersion; + UINT32 LowestSupportedFwVersion; + UINT32 CapsuleFlags; + UINT32 LastAttemptVersion; + UINT32 LastAttemptStatus; +} EFI_SYSTEM_RESOURCE_ENTRY; + +typedef struct { + UINT32 FwResourceCount; + UINT32 FwResourceCountMax; + UINT64 FwResourceVersion; + EFI_SYSTEM_RESOURCE_ENTRY Entries[]; +} EFI_SYSTEM_RESOURCE_TABLE; typedef EFI_STATUS (/* _not_ EFIAPI */ *EFI_SHIM_LOCK_VERIFY) ( @@ -567,6 +587,41 @@ static int __init efi_check_dt_boot(const EFI_LOADED_IMAGE *loaded_image) } #endif +static UINTN __initdata esrt = EFI_INVALID_TABLE_ADDR; + +static size_t __init get_esrt_size(const EFI_MEMORY_DESCRIPTOR *desc) +{ + size_t available_len, len; + const UINTN physical_start = desc->PhysicalStart; + const EFI_SYSTEM_RESOURCE_TABLE *esrt_ptr; + + len = desc->NumberOfPages << EFI_PAGE_SHIFT; + if ( esrt == EFI_INVALID_TABLE_ADDR ) + return 0; + if ( physical_start > esrt || esrt - physical_start >= len ) + return 0; + /* + * The specification requires EfiBootServicesData, but accept + * EfiRuntimeServicesData, which is a more logical choice. + */ + if ( (desc->Type != EfiRuntimeServicesData) && + (desc->Type != EfiBootServicesData) ) + return 0; + available_len = len - (esrt - physical_start); + if ( available_len <= offsetof(EFI_SYSTEM_RESOURCE_TABLE, Entries) ) + return 0; + available_len -= offsetof(EFI_SYSTEM_RESOURCE_TABLE, Entries); + esrt_ptr = (const EFI_SYSTEM_RESOURCE_TABLE *)esrt; + if ( (esrt_ptr->FwResourceVersion != + EFI_SYSTEM_RESOURCE_TABLE_FIRMWARE_RESOURCE_VERSION) || + !esrt_ptr->FwResourceCount ) + return 0; + if ( esrt_ptr->FwResourceCount > available_len / sizeof(esrt_ptr->Entries[0]) ) + return 0; + + return esrt_ptr->FwResourceCount * sizeof(esrt_ptr->Entries[0]); +} + /* * Include architecture specific implementation here, which references the * static globals defined above. @@ -845,6 +900,8 @@ static UINTN __init efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, return gop_mode; } +static EFI_GUID __initdata esrt_guid = EFI_SYSTEM_RESOURCE_TABLE_GUID; + static void __init efi_tables(void) { unsigned int i; @@ -868,6 +925,8 @@ static void __init efi_tables(void) efi.smbios = (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&smbios3_guid, &efi_ct[i].VendorGuid) ) efi.smbios3 = (unsigned long)efi_ct[i].VendorTable; + if ( match_guid(&esrt_guid, &efi_ct[i].VendorGuid) ) + esrt = (UINTN)efi_ct[i].VendorTable; } #ifndef CONFIG_ARM /* TODO - disabled until implemented on ARM */ @@ -1051,6 +1110,71 @@ static void __init efi_set_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, UINTN gop #define INVALID_VIRTUAL_ADDRESS (0xBAAADUL << \ (EFI_PAGE_SHIFT + BITS_PER_LONG - 32)) +static void __init efi_relocate_esrt(EFI_SYSTEM_TABLE *SystemTable) +{ + EFI_STATUS status; + UINTN info_size = 0, map_key, mdesc_size; + void *memory_map = NULL; + UINT32 ver; + unsigned int i; + + for ( ; ; ) + { + status = efi_bs->GetMemoryMap(&info_size, memory_map, &map_key, + &mdesc_size, &ver); + if ( status == EFI_SUCCESS && memory_map != NULL ) + break; + if ( status == EFI_BUFFER_TOO_SMALL || memory_map == NULL ) + { + info_size += 8 * efi_mdesc_size; + if ( memory_map != NULL ) + efi_bs->FreePool(memory_map); + memory_map = NULL; + status = efi_bs->AllocatePool(EfiLoaderData, info_size, &memory_map); + if ( status == EFI_SUCCESS ) + continue; + PrintErr(L"Cannot allocate memory to relocate ESRT\r\n"); + } + else + PrintErr(L"Cannot obtain memory map to relocate ESRT\r\n"); + return; + } + + /* Try to obtain the ESRT. Errors are not fatal. */ + for ( i = 0; i < info_size; i += efi_mdesc_size ) + { + /* + * ESRT needs to be moved to memory of type EfiRuntimeServicesData + * so that the memory it is in will not be used for other purposes. + */ + void *new_esrt = NULL; + size_t esrt_size = get_esrt_size(efi_memmap + i); + + if ( !esrt_size ) + continue; + if ( ((EFI_MEMORY_DESCRIPTOR *)(efi_memmap + i))->Type == + EfiRuntimeServicesData ) + break; /* ESRT already safe from reuse */ + status = efi_bs->AllocatePool(EfiRuntimeServicesData, esrt_size, + &new_esrt); + if ( status == EFI_SUCCESS && new_esrt ) + { + memcpy(new_esrt, (void *)esrt, esrt_size); + status = efi_bs->InstallConfigurationTable(&esrt_guid, new_esrt); + if ( status != EFI_SUCCESS ) + { + PrintErr(L"Cannot install new ESRT\r\n"); + efi_bs->FreePool(new_esrt); + } + } + else + PrintErr(L"Cannot allocate memory for ESRT\r\n"); + break; + } + + efi_bs->FreePool(memory_map); +} + static void __init efi_exit_boot(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) { EFI_STATUS status; @@ -1413,6 +1537,8 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) if ( gop ) efi_set_gop_mode(gop, gop_mode); + efi_relocate_esrt(SystemTable); + efi_exit_boot(ImageHandle, SystemTable); efi_arch_post_exit_boot(); /* Doesn't return. */ @@ -1753,3 +1879,12 @@ void __init efi_init_memory(void) unmap_domain_page(efi_l4t); } #endif + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 07 22:44:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Jul 2022 22:44:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363162.593552 (Exim 4.92) (envelope-from ) id 1o9aEG-0000te-MT; Thu, 07 Jul 2022 22:44:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363162.593552; Thu, 07 Jul 2022 22:44:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEG-0000tW-Ji; Thu, 07 Jul 2022 22:44:12 +0000 Received: by outflank-mailman (input) for mailman id 363162; Thu, 07 Jul 2022 22:44:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEF-0000tB-Mj for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEF-00013D-M0 for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9aEF-00020f-L2 for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yV9DNzobxStlaWyPkawn/1q3dm2Pdz4ZXJmAnk0h57Y=; b=sLLlsQ/h9DLKfT+kzWEj6P2vCZ ojsYAiwLDogMZWvLP78QnwWDbNs9gHPsuffKUuM7UtKO80P8uDNlAEc7ZRG2s5IxXFZL9L3fDSxai xgGLTnsfQf7P06ND4EEmPfOW7xdwZDsKbIYJQOydWa/CXdRRqmg/ZjdrfIHtoqIOsUsA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/helpers: fix snprintf argument in init-dom0less.c Message-Id: Date: Thu, 07 Jul 2022 22:44:11 +0000 commit 2b1ee386122a6e8bf66f5163cbda51084af6e0f4 Author: Luca Fancellu AuthorDate: Tue Jul 5 13:11:25 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 5 13:11:25 2022 +0200 tools/helpers: fix snprintf argument in init-dom0less.c Fix snprintf argument in init-dom0less.c because two instances of the function are using libxl_dominfo struct members that are uint64_t types, so change "%lu" to "%"PRIu64 to handle it properly when building on arm32 and arm64. Signed-off-by: Luca Fancellu Reviewed-by: Bertrand Marquis Acked-by: Anthony PERARD --- tools/helpers/init-dom0less.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/helpers/init-dom0less.c b/tools/helpers/init-dom0less.c index 4c90dd6a0c..fee93459c4 100644 --- a/tools/helpers/init-dom0less.c +++ b/tools/helpers/init-dom0less.c @@ -5,6 +5,7 @@ #include #include #include +#include #include #include #include @@ -138,10 +139,10 @@ static int create_xenstore(struct xs_handle *xsh, "vm/" LIBXL_UUID_FMT, LIBXL_UUID_BYTES(uuid)); if (rc < 0 || rc >= STR_MAX_LENGTH) return rc; - rc = snprintf(max_memkb_str, STR_MAX_LENGTH, "%lu", info->max_memkb); + rc = snprintf(max_memkb_str, STR_MAX_LENGTH, "%"PRIu64, info->max_memkb); if (rc < 0 || rc >= STR_MAX_LENGTH) return rc; - rc = snprintf(target_memkb_str, STR_MAX_LENGTH, "%lu", info->current_memkb); + rc = snprintf(target_memkb_str, STR_MAX_LENGTH, "%"PRIu64, info->current_memkb); if (rc < 0 || rc >= STR_MAX_LENGTH) return rc; rc = snprintf(ring_ref_str, STR_MAX_LENGTH, "%lld", -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 07 22:44:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Jul 2022 22:44:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363163.593557 (Exim 4.92) (envelope-from ) id 1o9aEQ-0000wr-Nu; Thu, 07 Jul 2022 22:44:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363163.593557; Thu, 07 Jul 2022 22:44:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEQ-0000wj-LD; Thu, 07 Jul 2022 22:44:22 +0000 Received: by outflank-mailman (input) for mailman id 363163; Thu, 07 Jul 2022 22:44:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEP-0000wX-Po for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEP-00013c-P1 for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9aEP-000216-OA for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1bfShjDzx8AyAWQVhS6GcSJBN16vfUub6nYr8m/wHuc=; b=1hzMlKFCsbuxEctp5ltE1WeLtv uxy8Dcoqcy+kYpYk2ISqAuotvp05x4zxh867falYck8tpCRhbGOMCWlbvH2sPJEhoOsP91VdlmWp+ SkjBurC1YzRKbYkbQpifOBBTg9SIrrtQVIMcOxDw1VBfAtUN7x9Fya68xSluYZnmYqmQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] public: constify xsd_errors[] Message-Id: Date: Thu, 07 Jul 2022 22:44:21 +0000 commit c4184bf305dc14c3e150617904c40b120664efe6 Author: Jan Beulich AuthorDate: Tue Jul 5 13:11:51 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 5 13:11:51 2022 +0200 public: constify xsd_errors[] While in principle this could break existing users, I think such users deserve to be put in trouble. After all the table should have been const from the very beginning. Signed-off-by: Jan Beulich Reviewed-by: Juergen Gross --- xen/include/public/io/xs_wire.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/io/xs_wire.h b/xen/include/public/io/xs_wire.h index c573950fbf..05d3069e63 100644 --- a/xen/include/public/io/xs_wire.h +++ b/xen/include/public/io/xs_wire.h @@ -71,7 +71,7 @@ struct xsd_errors #ifdef EINVAL #define XSD_ERROR(x) { x, #x } /* LINTED: static unused */ -static struct xsd_errors xsd_errors[] +static const struct xsd_errors xsd_errors[] #if defined(__GNUC__) __attribute__((unused)) #endif -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 07 22:44:32 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Jul 2022 22:44:32 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363164.593561 (Exim 4.92) (envelope-from ) id 1o9aEa-0000zg-PF; Thu, 07 Jul 2022 22:44:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363164.593561; Thu, 07 Jul 2022 22:44:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEa-0000zY-Mf; Thu, 07 Jul 2022 22:44:32 +0000 Received: by outflank-mailman (input) for mailman id 363164; Thu, 07 Jul 2022 22:44:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEZ-0000zR-Sm for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEZ-000143-S0 for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9aEZ-00021Y-R4 for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Tr+y89ZLiRPctMD5W00I+8Guj5SUoR7EijZQMVqe/0c=; b=2SUBU3b0yGEnfhuyH6xhGvnTs3 6D+GzcBrwsV7HeycG5F+dyTE5Fa3Ia7Wmom1vQGryYvmK3pC03drqlwN5gb5bBKGRjTLiNiOKtc7I s5ZM7UzuNXqTr4875vWJOS11xu1MA81Zj1tX7qu2MYZv66N2LI6r2Up36VAFNyuJO0u0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm32: avoid EFI stub wchar_t size linker warning Message-Id: Date: Thu, 07 Jul 2022 22:44:31 +0000 commit a4d4c541f58b378bc9d499dcb554eb9fe22312c8 Author: Wei Chen AuthorDate: Tue Jul 5 13:12:15 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 5 13:12:15 2022 +0200 xen/arm32: avoid EFI stub wchar_t size linker warning Xen uses "-fshort-wchar" in CFLAGS for EFI common code. Arm32 is using stub.c of EFI common code for EFI stub functions. But "-fshort-wchar" CFLAG will cause a warning when build stub.c for Arm32: "arm-linux-gnueabihf-ld: warning: arch/arm/efi/built_in.o uses 2-byte wchar_t yet the output is to use 4-byte wchar_t; use of wchar_t values across objects may fail" This is because the "-fshort-wchar" flag causes GCC to generate code that is not binary compatible with code generated without that flag. Why this warning hasn't been triggered in Arm64 is because Arm64 does not use wchar type directly in any code for parameters, variables and return values. And in EFI code, wchar has been replaced by CHAR16 (the UEFI "abstraction" of wchar_t). CHAR16 has been specified as unsigned short type in typedef, the "-fshort-wchar" flag will not affect CHAR16. So Arm64 object files are exactly the same with "-fshort-wchar" and without "-fshort-wchar". We are also not using wchar in Arm32 codes, but Arm32 will embed ABI information in ".ARM.attributes" section. This section stores some object file attributes, like ABI version, CPU arch and etc. And wchar size is described in this section by "Tag_ABI_PCS_wchar_t" too. Tag_ABI_PCS_wchar_t is 2 for object files with "-fshort-wchar", but for object files without "-fshort-wchar" is 4. Arm32 GCC ld will check this tag, and throw above warning when it finds the object files have different Tag_ABI_PCS_wchar_t values. Xen need to keep "-fshort-wchar" in EFI code to force wchar to use short integers (2 bytes) instead of integers (4 bytes), but this is unnecessary for code out of EFI. So in this patch, we add "-fno-short-wchar" to override "-fshort-wchar" for Arm architectures without EFI enabled to remove above warning." Reported-and-Suggested-by: Jan Beulich Tested-by: Jan Beulich Signed-off-by: Wei Chen Reviewed-by: Jan Beulich Acked-by: Julien Grall --- xen/arch/arm/efi/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/arch/arm/efi/Makefile b/xen/arch/arm/efi/Makefile index dffe72e589..bd954a3b2d 100644 --- a/xen/arch/arm/efi/Makefile +++ b/xen/arch/arm/efi/Makefile @@ -9,4 +9,7 @@ else # will not be cleaned in "make clean". EFIOBJ-y += stub.o obj-y += stub.o + +$(obj)/stub.o: CFLAGS-y += -fno-short-wchar + endif -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 07 22:44:42 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Jul 2022 22:44:42 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363165.593564 (Exim 4.92) (envelope-from ) id 1o9aEk-00012r-R2; Thu, 07 Jul 2022 22:44:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363165.593564; Thu, 07 Jul 2022 22:44:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEk-00012j-ON; Thu, 07 Jul 2022 22:44:42 +0000 Received: by outflank-mailman (input) for mailman id 363165; Thu, 07 Jul 2022 22:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEk-00012W-07 for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEj-000152-VZ for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9aEj-00022R-Ui for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DWHMblP3goKoXob28Wg3+l8bALD2k3p+v3/AR73tSB0=; b=VeU1D4jg0g49gt/mvNXaikybom KHePUnnoYRkRQk9stafV8nLIvCJdDeYzyNQ0tRu3piA4Y3pI0kJBgbt7j9jFnirvgg7O2RtnS11Ln 7JtEyyPA+gYg5wSgp9Wi6ckjIv6Mlu92gdqdy9s8AVQu24hB6nJ1ic7281CBKwGu3WZw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/libxl: report trusted backend status to frontends Message-Id: Date: Thu, 07 Jul 2022 22:44:41 +0000 commit 54d8f27d0477937e1f99a414fc1ffd93d184b38a Author: Roger Pau Monne AuthorDate: Fri Apr 8 10:21:11 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 5 14:16:26 2022 +0200 tools/libxl: report trusted backend status to frontends Allow administrators to notify a frontend driver that it's backend counterpart is not to be trusted, so the frontend can deploy whatever mitigations required in order to secure itself. Allow such option for disk and network frontends only, as those are the only hardened ones currently supported. This is part of XSA-403 Signed-off-by: Roger Pau Monné Reviewed-by: Anthony PERARD --- docs/man/xl-disk-configuration.5.pod.in | 29 +++++++++++++++++++++++++++++ docs/man/xl-network-configuration.5.pod.in | 9 +++++++++ tools/include/libxl.h | 8 ++++++++ tools/libs/light/libxl_disk.c | 3 +++ tools/libs/light/libxl_nic.c | 5 +++++ tools/libs/light/libxl_types.idl | 6 ++++-- tools/libs/util/libxlu_disk_l.l | 3 +++ tools/xl/check-xl-disk-parse | 26 ++++++++++++++++++++++++++ tools/xl/check-xl-vif-parse | 18 ++++++++++++++++++ tools/xl/xl_parse.c | 4 ++++ xen/include/public/io/blkif.h | 8 ++++++++ xen/include/public/io/netif.h | 6 ++++++ 12 files changed, 123 insertions(+), 2 deletions(-) diff --git a/docs/man/xl-disk-configuration.5.pod.in b/docs/man/xl-disk-configuration.5.pod.in index 71d0e86e3d..95d039655a 100644 --- a/docs/man/xl-disk-configuration.5.pod.in +++ b/docs/man/xl-disk-configuration.5.pod.in @@ -344,6 +344,35 @@ can be used to disable "hole punching" for file based backends which were intentionally created non-sparse to avoid fragmentation of the file. +=item B / B + +=over 4 + +=item Description + +Reports whether the backend should be trusted by the frontend + +=item Supported values + +trusted, untrusted + +=item Mandatory + +No + +=item Default value + +trusted + +=back + +An advisory setting for the frontend driver on whether the backend should be +trusted. The frontend should deploy whatever protections it has available to +prevent an untrusted backend from accessing guest data not related to the I/O +processing or causing malfunction to the frontend or the whole domain. + +Note frontends can ignore such recommendation. + =back diff --git a/docs/man/xl-network-configuration.5.pod.in b/docs/man/xl-network-configuration.5.pod.in index cf92d7960c..f3e379bcf8 100644 --- a/docs/man/xl-network-configuration.5.pod.in +++ b/docs/man/xl-network-configuration.5.pod.in @@ -258,3 +258,12 @@ NOTE: This should not be set unless you have a reason to. Specifies the MTU (i.e. the maximum size of an IP payload, exclusing headers). The default value is 1500 but, if the VIF is attached to a bridge, it will be set to match unless overridden by this parameter. + +=head2 trusted / untrusted + +An advisory setting for the frontend driver on whether the backend should be +trusted. The frontend should deploy whatever protections it has available to +prevent an untrusted backend from accessing guest data not related to the I/O +processing or causing malfunction to the frontend or the whole domain. + +Note frontends can ignore such recommendation. diff --git a/tools/include/libxl.h b/tools/include/libxl.h index 7ce978e83c..835dfabc50 100644 --- a/tools/include/libxl.h +++ b/tools/include/libxl.h @@ -527,6 +527,14 @@ */ #define LIBXL_HAVE_MAX_GRANT_VERSION 1 +/* + * LIBXL_HAVE_{DISK,NIC}_TRUSTED indicates that the libxl_device_disk and + * libxl_device_nic structs have a field to signal whether the backend of the + * device is to be trusted. Such information is propagated to the frontend. + */ +#define LIBXL_HAVE_DISK_TRUSTED 1 +#define LIBXL_HAVE_NIC_TRUSTED 1 + /* * libxl ABI compatibility * diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c index a5ca77850f..9da2b2ed27 100644 --- a/tools/libs/light/libxl_disk.c +++ b/tools/libs/light/libxl_disk.c @@ -159,6 +159,7 @@ static int libxl__device_disk_setdefault(libxl__gc *gc, uint32_t domid, libxl_defbool_setdefault(&disk->discard_enable, !!disk->readwrite); libxl_defbool_setdefault(&disk->colo_enable, false); libxl_defbool_setdefault(&disk->colo_restore_enable, false); + libxl_defbool_setdefault(&disk->trusted, true); rc = libxl__resolve_domid(gc, disk->backend_domname, &disk->backend_domid); if (rc < 0) return rc; @@ -395,6 +396,8 @@ static void device_disk_add(libxl__egc *egc, uint32_t domid, flexarray_append(front, GCSPRINTF("%d", device->devid)); flexarray_append(front, "device-type"); flexarray_append(front, disk->is_cdrom ? "cdrom" : "disk"); + flexarray_append(front, "trusted"); + flexarray_append(front, libxl_defbool_val(disk->trusted) ? "1" : "0"); /* * Old PV kernel disk frontends before 2.6.26 rely on tool stack to diff --git a/tools/libs/light/libxl_nic.c b/tools/libs/light/libxl_nic.c index 0b9e70c9d1..d6bf06fc34 100644 --- a/tools/libs/light/libxl_nic.c +++ b/tools/libs/light/libxl_nic.c @@ -116,6 +116,8 @@ static int libxl__device_nic_setdefault(libxl__gc *gc, uint32_t domid, abort(); } + libxl_defbool_setdefault(&nic->trusted, true); + return rc; } @@ -255,6 +257,9 @@ static int libxl__set_xenstore_nic(libxl__gc *gc, uint32_t domid, flexarray_append(back, "hotplug-status"); flexarray_append(back, ""); + flexarray_append(front, "trusted"); + flexarray_append(front, libxl_defbool_val(nic->trusted) ? "1" : "0"); + return 0; } diff --git a/tools/libs/light/libxl_types.idl b/tools/libs/light/libxl_types.idl index 2a42da2f7d..89962218b4 100644 --- a/tools/libs/light/libxl_types.idl +++ b/tools/libs/light/libxl_types.idl @@ -712,7 +712,8 @@ libxl_device_disk = Struct("device_disk", [ ("colo_port", integer), ("colo_export", string), ("active_disk", string), - ("hidden_disk", string) + ("hidden_disk", string), + ("trusted", libxl_defbool), ]) libxl_device_nic = Struct("device_nic", [ @@ -780,7 +781,8 @@ libxl_device_nic = Struct("device_nic", [ ("colo_filter_sec_redirector1_outdev", string), ("colo_filter_sec_rewriter0_queue", string), ("colo_checkpoint_host", string), - ("colo_checkpoint_port", string) + ("colo_checkpoint_port", string), + ("trusted", libxl_defbool), ]) libxl_device_pci = Struct("device_pci", [ diff --git a/tools/libs/util/libxlu_disk_l.l b/tools/libs/util/libxlu_disk_l.l index 3bd639aab0..e115460d99 100644 --- a/tools/libs/util/libxlu_disk_l.l +++ b/tools/libs/util/libxlu_disk_l.l @@ -208,6 +208,9 @@ colo-export=[^,]*,? { STRIP(','); SAVESTRING("colo-export", colo_export, FROMEQU active-disk=[^,]*,? { STRIP(','); SAVESTRING("active-disk", active_disk, FROMEQUALS); } hidden-disk=[^,]*,? { STRIP(','); SAVESTRING("hidden-disk", hidden_disk, FROMEQUALS); } +trusted,? { libxl_defbool_set(&DPC->disk->trusted, true); } +untrusted,? { libxl_defbool_set(&DPC->disk->trusted, false); } + /* the target magic parameter, eats the rest of the string */ target=.* { STRIP(','); SAVESTRING("target", pdev_path, FROMEQUALS); } diff --git a/tools/xl/check-xl-disk-parse b/tools/xl/check-xl-disk-parse index 643f4f4ecb..18fb66940a 100755 --- a/tools/xl/check-xl-disk-parse +++ b/tools/xl/check-xl-disk-parse @@ -178,4 +178,30 @@ disk: { END one 0 cdrom no-discard vdev=hda target=/some/disk/image.iso +# test setting trusted +expected <devid = parse_ulong(oparg); } else if (MATCH_OPTION("mtu", token, oparg)) { nic->mtu = parse_ulong(oparg); + } else if (!strcmp("trusted", token)) { + libxl_defbool_set(&nic->trusted, true); + } else if (!strcmp("untrusted", token)) { + libxl_defbool_set(&nic->trusted, false); } else { fprintf(stderr, "unrecognized argument `%s'\n", token); return 1; diff --git a/xen/include/public/io/blkif.h b/xen/include/public/io/blkif.h index 4cdba79aba..ab863f175a 100644 --- a/xen/include/public/io/blkif.h +++ b/xen/include/public/io/blkif.h @@ -363,6 +363,14 @@ * that the frontend requires that the logical block size is 512 as it * is hardcoded (which is the case in some frontend implementations). * + * trusted + * Values: 0/1 (boolean) + * Default value: 1 + * + * A value of "0" indicates that the frontend should not trust the + * backend, and should deploy whatever measures available to protect from + * a malicious backend on the other end. + * *------------------------- Virtual Device Properties ------------------------- * * device-type diff --git a/xen/include/public/io/netif.h b/xen/include/public/io/netif.h index 00dd258712..3509b096f8 100644 --- a/xen/include/public/io/netif.h +++ b/xen/include/public/io/netif.h @@ -160,6 +160,12 @@ * be applied if it is set. */ +/* + * The setting of "trusted" node to "0" in the frontend path signals that the + * frontend should not trust the backend, and should deploy whatever measures + * available to protect from a malicious backend on the other end. + */ + /* * Control ring * ============ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 07 22:44:52 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Jul 2022 22:44:52 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363166.593569 (Exim 4.92) (envelope-from ) id 1o9aEu-00016W-UE; Thu, 07 Jul 2022 22:44:52 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363166.593569; Thu, 07 Jul 2022 22:44:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEu-00016O-RU; Thu, 07 Jul 2022 22:44:52 +0000 Received: by outflank-mailman (input) for mailman id 363166; Thu, 07 Jul 2022 22:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEu-00016D-3W for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aEu-00015D-2L for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9aEu-00023A-1f for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:44:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8DDbXDxJmlc9a+2OQ11+p0xvdXLGVlPN0CXcC4aMTB0=; b=tfNjShk0+WhwC54GjNZcNRxf9g qCoDLHYfjl+Cu+mZKAh8GduXNm087msvYSJjVBu2d+uVKrrWIpwgEuPVLdWyeSgkgkVndyR0x+z0t OgUJGrJeKkjILplDO+HBM9OilK18cyAua6hlRR7pmzZIRXEWWQhyKr7IcxR2eSz0ILrw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/common: Use unsigned int instead of plain unsigned Message-Id: Date: Thu, 07 Jul 2022 22:44:52 +0000 commit 61ff2733221e3b5bae5f647d9a460c7a68a5ace8 Author: Michal Orzel AuthorDate: Mon Jun 27 15:15:39 2022 +0200 Commit: Julien Grall CommitDate: Tue Jul 5 13:48:36 2022 +0100 xen/common: Use unsigned int instead of plain unsigned This is just for the style and consistency reasons as the former is being used more often than the latter. Signed-off-by: Michal Orzel Reviewed-by: Juergen Gross Acked-by: Jan Beulich --- xen/common/grant_table.c | 6 +++--- xen/common/gunzip.c | 8 ++++---- xen/common/sched/cpupool.c | 4 ++-- xen/common/trace.c | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 3918e6de6b..2d110d9f41 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -895,7 +895,7 @@ done: static int _set_status(const grant_entry_header_t *shah, grant_status_t *status, struct domain *rd, - unsigned rgt_version, + unsigned int rgt_version, struct active_grant_entry *act, int readonly, int mapflag, @@ -1763,8 +1763,8 @@ static int gnttab_populate_status_frames(struct domain *d, struct grant_table *gt, unsigned int req_nr_frames) { - unsigned i; - unsigned req_status_frames; + unsigned int i; + unsigned int req_status_frames; req_status_frames = grant_to_status_frames(req_nr_frames); diff --git a/xen/common/gunzip.c b/xen/common/gunzip.c index aa16fec4bb..71ec5f26be 100644 --- a/xen/common/gunzip.c +++ b/xen/common/gunzip.c @@ -14,13 +14,13 @@ static memptr __initdata free_mem_end_ptr; #define WSIZE 0x80000000 static unsigned char *__initdata inbuf; -static unsigned __initdata insize; +static unsigned int __initdata insize; /* Index of next byte to be processed in inbuf: */ -static unsigned __initdata inptr; +static unsigned int __initdata inptr; /* Bytes in output buffer: */ -static unsigned __initdata outcnt; +static unsigned int __initdata outcnt; #define OF(args) args @@ -73,7 +73,7 @@ static __init void flush_window(void) * compute the crc. */ unsigned long c = crc; - unsigned n; + unsigned int n; unsigned char *in, ch; in = window; diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index a20e3a5fcb..2afe54f54d 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -850,7 +850,7 @@ int cpupool_do_sysctl(struct xen_sysctl_cpupool_op *op) case XEN_SYSCTL_CPUPOOL_OP_ADDCPU: { - unsigned cpu; + unsigned int cpu; const cpumask_t *cpus; cpu = op->cpu; @@ -895,7 +895,7 @@ int cpupool_do_sysctl(struct xen_sysctl_cpupool_op *op) case XEN_SYSCTL_CPUPOOL_OP_RMCPU: { - unsigned cpu; + unsigned int cpu; c = cpupool_get_by_id(op->cpupool_id); ret = -ENOENT; diff --git a/xen/common/trace.c b/xen/common/trace.c index a7c092fcbb..fb3752ce62 100644 --- a/xen/common/trace.c +++ b/xen/common/trace.c @@ -834,7 +834,7 @@ void __trace_hypercall(uint32_t event, unsigned long op, #define APPEND_ARG32(i) \ do { \ - unsigned i_ = (i); \ + unsigned int i_ = (i); \ *a++ = args[(i_)]; \ d.op |= TRC_PV_HYPERCALL_V2_ARG_32(i_); \ } while( 0 ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 07 22:45:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Jul 2022 22:45:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363167.593572 (Exim 4.92) (envelope-from ) id 1o9aF4-00019P-WD; Thu, 07 Jul 2022 22:45:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363167.593572; Thu, 07 Jul 2022 22:45:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aF4-00019H-TD; Thu, 07 Jul 2022 22:45:02 +0000 Received: by outflank-mailman (input) for mailman id 363167; Thu, 07 Jul 2022 22:45:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aF4-000199-7C for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:45:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aF4-000166-6W for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:45:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9aF4-00024R-4e for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:45:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vr47xE9BpMU+8zoqMpi+QEjry2kg5y9xVJyzn6HrlEw=; b=UuGkMZRzFaJIlNhF4J7TUakt7g CcC+togs/dMamCbvGsZ/jTxZjVHNVU88AQSq+gOq1eJ9FKb1NQMn2hR+6SyeaAcqlvp8yNoE+USFf +wcy+gZKjnTgRgEwFo7ffXNLqZfEvuYbxmNU2mz25QPFnwllo81IdlbRVtt3Wg0xOtn0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] Revert "EFI: preserve the System Resource Table for dom0" Message-Id: Date: Thu, 07 Jul 2022 22:45:02 +0000 commit 786049720041539409f47c6c1a1e718de490cf37 Author: Jan Beulich AuthorDate: Wed Jul 6 13:05:23 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 6 13:05:23 2022 +0200 Revert "EFI: preserve the System Resource Table for dom0" This reverts commit 8d410ac2c178e1dd1001cadddbe9ca75a9738c95, for breaking booting (on at least Arm64), apparently due to incomplete refactoring from an earlier version. --- xen/common/efi/boot.c | 135 -------------------------------------------------- 1 file changed, 135 deletions(-) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index e35f56e9ec..a25e1d29f1 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -39,26 +39,6 @@ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } #define APPLE_PROPERTIES_PROTOCOL_GUID \ { 0x91bd12fe, 0xf6c3, 0x44fb, { 0xa5, 0xb7, 0x51, 0x22, 0xab, 0x30, 0x3a, 0xe0} } -#define EFI_SYSTEM_RESOURCE_TABLE_GUID \ - { 0xb122a263, 0x3661, 0x4f68, {0x99, 0x29, 0x78, 0xf8, 0xb0, 0xd6, 0x21, 0x80} } -#define EFI_SYSTEM_RESOURCE_TABLE_FIRMWARE_RESOURCE_VERSION 1 - -typedef struct { - EFI_GUID FwClass; - UINT32 FwType; - UINT32 FwVersion; - UINT32 LowestSupportedFwVersion; - UINT32 CapsuleFlags; - UINT32 LastAttemptVersion; - UINT32 LastAttemptStatus; -} EFI_SYSTEM_RESOURCE_ENTRY; - -typedef struct { - UINT32 FwResourceCount; - UINT32 FwResourceCountMax; - UINT64 FwResourceVersion; - EFI_SYSTEM_RESOURCE_ENTRY Entries[]; -} EFI_SYSTEM_RESOURCE_TABLE; typedef EFI_STATUS (/* _not_ EFIAPI */ *EFI_SHIM_LOCK_VERIFY) ( @@ -587,41 +567,6 @@ static int __init efi_check_dt_boot(const EFI_LOADED_IMAGE *loaded_image) } #endif -static UINTN __initdata esrt = EFI_INVALID_TABLE_ADDR; - -static size_t __init get_esrt_size(const EFI_MEMORY_DESCRIPTOR *desc) -{ - size_t available_len, len; - const UINTN physical_start = desc->PhysicalStart; - const EFI_SYSTEM_RESOURCE_TABLE *esrt_ptr; - - len = desc->NumberOfPages << EFI_PAGE_SHIFT; - if ( esrt == EFI_INVALID_TABLE_ADDR ) - return 0; - if ( physical_start > esrt || esrt - physical_start >= len ) - return 0; - /* - * The specification requires EfiBootServicesData, but accept - * EfiRuntimeServicesData, which is a more logical choice. - */ - if ( (desc->Type != EfiRuntimeServicesData) && - (desc->Type != EfiBootServicesData) ) - return 0; - available_len = len - (esrt - physical_start); - if ( available_len <= offsetof(EFI_SYSTEM_RESOURCE_TABLE, Entries) ) - return 0; - available_len -= offsetof(EFI_SYSTEM_RESOURCE_TABLE, Entries); - esrt_ptr = (const EFI_SYSTEM_RESOURCE_TABLE *)esrt; - if ( (esrt_ptr->FwResourceVersion != - EFI_SYSTEM_RESOURCE_TABLE_FIRMWARE_RESOURCE_VERSION) || - !esrt_ptr->FwResourceCount ) - return 0; - if ( esrt_ptr->FwResourceCount > available_len / sizeof(esrt_ptr->Entries[0]) ) - return 0; - - return esrt_ptr->FwResourceCount * sizeof(esrt_ptr->Entries[0]); -} - /* * Include architecture specific implementation here, which references the * static globals defined above. @@ -900,8 +845,6 @@ static UINTN __init efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, return gop_mode; } -static EFI_GUID __initdata esrt_guid = EFI_SYSTEM_RESOURCE_TABLE_GUID; - static void __init efi_tables(void) { unsigned int i; @@ -925,8 +868,6 @@ static void __init efi_tables(void) efi.smbios = (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&smbios3_guid, &efi_ct[i].VendorGuid) ) efi.smbios3 = (unsigned long)efi_ct[i].VendorTable; - if ( match_guid(&esrt_guid, &efi_ct[i].VendorGuid) ) - esrt = (UINTN)efi_ct[i].VendorTable; } #ifndef CONFIG_ARM /* TODO - disabled until implemented on ARM */ @@ -1110,71 +1051,6 @@ static void __init efi_set_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, UINTN gop #define INVALID_VIRTUAL_ADDRESS (0xBAAADUL << \ (EFI_PAGE_SHIFT + BITS_PER_LONG - 32)) -static void __init efi_relocate_esrt(EFI_SYSTEM_TABLE *SystemTable) -{ - EFI_STATUS status; - UINTN info_size = 0, map_key, mdesc_size; - void *memory_map = NULL; - UINT32 ver; - unsigned int i; - - for ( ; ; ) - { - status = efi_bs->GetMemoryMap(&info_size, memory_map, &map_key, - &mdesc_size, &ver); - if ( status == EFI_SUCCESS && memory_map != NULL ) - break; - if ( status == EFI_BUFFER_TOO_SMALL || memory_map == NULL ) - { - info_size += 8 * efi_mdesc_size; - if ( memory_map != NULL ) - efi_bs->FreePool(memory_map); - memory_map = NULL; - status = efi_bs->AllocatePool(EfiLoaderData, info_size, &memory_map); - if ( status == EFI_SUCCESS ) - continue; - PrintErr(L"Cannot allocate memory to relocate ESRT\r\n"); - } - else - PrintErr(L"Cannot obtain memory map to relocate ESRT\r\n"); - return; - } - - /* Try to obtain the ESRT. Errors are not fatal. */ - for ( i = 0; i < info_size; i += efi_mdesc_size ) - { - /* - * ESRT needs to be moved to memory of type EfiRuntimeServicesData - * so that the memory it is in will not be used for other purposes. - */ - void *new_esrt = NULL; - size_t esrt_size = get_esrt_size(efi_memmap + i); - - if ( !esrt_size ) - continue; - if ( ((EFI_MEMORY_DESCRIPTOR *)(efi_memmap + i))->Type == - EfiRuntimeServicesData ) - break; /* ESRT already safe from reuse */ - status = efi_bs->AllocatePool(EfiRuntimeServicesData, esrt_size, - &new_esrt); - if ( status == EFI_SUCCESS && new_esrt ) - { - memcpy(new_esrt, (void *)esrt, esrt_size); - status = efi_bs->InstallConfigurationTable(&esrt_guid, new_esrt); - if ( status != EFI_SUCCESS ) - { - PrintErr(L"Cannot install new ESRT\r\n"); - efi_bs->FreePool(new_esrt); - } - } - else - PrintErr(L"Cannot allocate memory for ESRT\r\n"); - break; - } - - efi_bs->FreePool(memory_map); -} - static void __init efi_exit_boot(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) { EFI_STATUS status; @@ -1537,8 +1413,6 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) if ( gop ) efi_set_gop_mode(gop, gop_mode); - efi_relocate_esrt(SystemTable); - efi_exit_boot(ImageHandle, SystemTable); efi_arch_post_exit_boot(); /* Doesn't return. */ @@ -1879,12 +1753,3 @@ void __init efi_init_memory(void) unmap_domain_page(efi_l4t); } #endif - -/* - * Local variables: - * mode: C - * c-file-style: "BSD" - * c-basic-offset: 4 - * indent-tabs-mode: nil - * End: - */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 07 22:45:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Jul 2022 22:45:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363168.593576 (Exim 4.92) (envelope-from ) id 1o9aFF-0001Cc-18; Thu, 07 Jul 2022 22:45:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363168.593576; Thu, 07 Jul 2022 22:45:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aFE-0001CV-Us; Thu, 07 Jul 2022 22:45:12 +0000 Received: by outflank-mailman (input) for mailman id 363168; Thu, 07 Jul 2022 22:45:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aFE-0001CM-AX for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:45:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aFE-00016J-9i for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:45:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9aFE-000252-8o for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:45:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9SsV+FZpkCgj35utYJDpUEOW9e2HJTjG1YQ80bEU1Xo=; b=t5dYtesWMi3SFFvMGEbYM94QiN FITG4aS9zJEQqCtdQt3KBjSOWr5ToFEe+pcwTbYFvCJvaapQMyLiJFolNSt1wJses6KakjqL/wI53 9gf/DMQr2ShxsuPRVjDahvQyVGIdRvpfZGlyHNts0jxqZ+Mgf+9UrJdQz51NYSXZfTac=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libxc: fix compilation error with gcc13 Message-Id: Date: Thu, 07 Jul 2022 22:45:12 +0000 commit 8eeae8c2b4efefda8e946461e86cf2ae9c18e5a9 Author: Charles Arnold AuthorDate: Wed Jul 6 13:06:40 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 6 13:06:40 2022 +0200 libxc: fix compilation error with gcc13 xc_psr.c:161:5: error: conflicting types for 'xc_psr_cmt_get_data' due to enum/integer mismatch; Signed-off-by: Charles Arnold Reviewed-by: Jan Beulich Acked-by: Anthony PERARD --- tools/include/xenctrl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index 5464a68eb2..0c8b4c3aa7 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -2520,7 +2520,7 @@ int xc_psr_cmt_get_l3_event_mask(xc_interface *xch, uint32_t *event_mask); int xc_psr_cmt_get_l3_cache_size(xc_interface *xch, uint32_t cpu, uint32_t *l3_cache_size); int xc_psr_cmt_get_data(xc_interface *xch, uint32_t rmid, uint32_t cpu, - uint32_t psr_cmt_type, uint64_t *monitor_data, + xc_psr_cmt_type type, uint64_t *monitor_data, uint64_t *tsc); int xc_psr_cmt_enabled(xc_interface *xch); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 07 22:45:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Jul 2022 22:45:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363169.593583 (Exim 4.92) (envelope-from ) id 1o9aFP-0001FS-43; Thu, 07 Jul 2022 22:45:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363169.593583; Thu, 07 Jul 2022 22:45:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aFP-0001FF-0M; Thu, 07 Jul 2022 22:45:23 +0000 Received: by outflank-mailman (input) for mailman id 363169; Thu, 07 Jul 2022 22:45:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aFO-0001F9-DK for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:45:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aFO-00016U-Ce for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:45:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9aFO-00025k-Bv for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:45:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zxZ6o/DcWKYO66+M0ibYwW70vpZ4sXNLMSTaRVC4/kU=; b=j/dqir3kPWKw6ufRImD7spnK43 90m5/4CLqFo+0jUFGmUpi5ZuJTzzhPlZVAHwWa7nZzSgqLrF9/BC3Pyjwk9UYkxPjSmg0JrguMi36 Rsvt5gFjFSDVTfgrOFrwOBo4GRCivYK6KYa6m5CmwNwscrDqAxBTMmc1Y7xbN+i/P5aw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/Kconfig: add option for default x2APIC destination mode Message-Id: Date: Thu, 07 Jul 2022 22:45:22 +0000 commit eb40ae41b658e0421e4275c14dd18c7377b0752a Author: Roger Pau Monné AuthorDate: Wed Jul 6 13:06:57 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 6 13:06:57 2022 +0200 x86/Kconfig: add option for default x2APIC destination mode Allow setting the default x2APIC destination mode from Kconfig to Physical. Note the default destination mode is still Logical (Cluster) mode. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/arch/x86/Kconfig | 18 ++++++++++++++++++ xen/arch/x86/genapic/x2apic.c | 6 ++++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 1e31edc99f..6bed72b791 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -226,6 +226,24 @@ config XEN_ALIGN_2M endchoice +config X2APIC_PHYSICAL + bool "x2APIC Physical Destination mode" + help + Use x2APIC Physical Destination mode by default when available. + + When using this mode APICs are addressed using the Physical + Destination mode, which allows using all dynamic vectors on each + CPU independently. + + Physical Destination has the benefit of having more vectors available + for external interrupts, but it also makes the delivery of multi + destination inter processor interrupts (IPIs) slightly slower than + Logical Destination mode. + + The mode when this option is not selected is Logical Destination. + + If unsure, say N. + config GUEST bool diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c index de5032f202..7dfc793514 100644 --- a/xen/arch/x86/genapic/x2apic.c +++ b/xen/arch/x86/genapic/x2apic.c @@ -228,7 +228,7 @@ static struct notifier_block x2apic_cpu_nfb = { .notifier_call = update_clusterinfo }; -static s8 __initdata x2apic_phys = -1; /* By default we use logical cluster mode. */ +static int8_t __initdata x2apic_phys = -1; boolean_param("x2apic_phys", x2apic_phys); const struct genapic *__init apic_x2apic_probe(void) @@ -241,7 +241,9 @@ const struct genapic *__init apic_x2apic_probe(void) * the usage of the high 16 bits to hold the cluster ID. */ x2apic_phys = !iommu_intremap || - (acpi_gbl_FADT.flags & ACPI_FADT_APIC_PHYSICAL); + (acpi_gbl_FADT.flags & ACPI_FADT_APIC_PHYSICAL) || + (IS_ENABLED(CONFIG_X2APIC_PHYSICAL) && + !(acpi_gbl_FADT.flags & ACPI_FADT_APIC_CLUSTER)); } else if ( !x2apic_phys ) switch ( iommu_intremap ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 07 22:45:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 07 Jul 2022 22:45:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363170.593586 (Exim 4.92) (envelope-from ) id 1o9aFa-0001IC-64; Thu, 07 Jul 2022 22:45:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363170.593586; Thu, 07 Jul 2022 22:45:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aFa-0001I4-27; Thu, 07 Jul 2022 22:45:34 +0000 Received: by outflank-mailman (input) for mailman id 363170; Thu, 07 Jul 2022 22:45:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aFY-0001Hn-GG for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:45:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9aFY-00016w-Fb for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:45:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9aFY-00026W-En for xen-changelog@lists.xenproject.org; Thu, 07 Jul 2022 22:45:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=e/RR/TSloZk2YU/pL23x4hKKclPeKtWWSXWGD2p9w70=; b=i4wvhhPB07p3MDvBwIy4UGrzkB ry1FKxW5atz7sK3blDeL48qbns2THuuJnDKzZesiH8rMh+Xua0JQd7f/966iPUzG/d0hSUKmubtDw xTOwb3QlYud14UDdaTAZfUa6QDKyKVY3Rtzrc5bJWO4ZuwdqXt4HPAK5pcAYSm1YFtgo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/time: fix MISRA C 2012 Rule 8.7 violation Message-Id: Date: Thu, 07 Jul 2022 22:45:32 +0000 commit 46cbd76faf737e9fe2d57aaf335a0203f66ba21c Author: Xenia Ragiadakou AuthorDate: Wed Jul 6 13:07:43 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 6 13:07:43 2022 +0200 xen/time: fix MISRA C 2012 Rule 8.7 violation The variable __mon_lengths is referenced only in time.c. Change its linkage from external to internal by adding the storage-class specifier static to its definitions. Also, this patch resolves indirectly a MISRA C 2012 Rule 8.4 violation warning. Signed-off-by: Xenia Ragiadakou Acked-by: Julien Grall --- xen/common/time.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/time.c b/xen/common/time.c index 22379f4ae2..92f7b72464 100644 --- a/xen/common/time.c +++ b/xen/common/time.c @@ -28,7 +28,7 @@ ((year) % 4 == 0 && ((year) % 100 != 0 || (year) % 400 == 0)) /* How many days are in each month. */ -const unsigned short int __mon_lengths[2][12] = { +static const unsigned short int __mon_lengths[2][12] = { /* Normal years. */ {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, /* Leap years. */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Jul 08 07:44:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Jul 2022 07:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363259.593721 (Exim 4.92) (envelope-from ) id 1o9iek-0004lY-0I; Fri, 08 Jul 2022 07:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363259.593721; Fri, 08 Jul 2022 07:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9iej-0004lQ-TH; Fri, 08 Jul 2022 07:44:05 +0000 Received: by outflank-mailman (input) for mailman id 363259; Fri, 08 Jul 2022 07:44:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9iej-0004lK-05 for xen-changelog@lists.xenproject.org; Fri, 08 Jul 2022 07:44:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9iei-0005lf-Sn for xen-changelog@lists.xenproject.org; Fri, 08 Jul 2022 07:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9iei-0006Az-Rm for xen-changelog@lists.xenproject.org; Fri, 08 Jul 2022 07:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8b8cIxGz8bU2CGbo0g6XcjPQS3u44zeevlK99mbCbFI=; b=O6MSShykKh5qdKtWU0Xgwgz1QJ TmksIJA8GXxqU0j2pPTJbkch4GX0cn/P1R6kchplyPub68vR7B4Du5G8jmNe9ZseovGc0j0lbQ2nJ a33J7xtFWkKTfbdoAsJNHl8N/d/ChFXdkSDQWcpUp9Vau4yaIIU0JUo/NWlJUtBsRlk4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/pv_console: Fix MISRA C 2012 Rule 2.1 violation Message-Id: Date: Fri, 08 Jul 2022 07:44:04 +0000 commit 2b5c2c64a9b55a1bb91c41fc7cbf0461b6c55ed4 Author: Xenia Ragiadakou AuthorDate: Fri Jul 8 09:41:36 2022 +0200 Commit: Jan Beulich CommitDate: Fri Jul 8 09:41:36 2022 +0200 xen/pv_console: Fix MISRA C 2012 Rule 2.1 violation Remove the definition of the function pv_console_evtchn(), when CONFIG_XEN_GUEST is not set, because the function is not used. Signed-off-by: Xenia Ragiadakou Reviewed-by: Stefano Stabellini Tested-by: Jiamei Xie # arm64 --- xen/include/xen/pv_console.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/xen/include/xen/pv_console.h b/xen/include/xen/pv_console.h index 4745f46f2d..55b20323fb 100644 --- a/xen/include/xen/pv_console.h +++ b/xen/include/xen/pv_console.h @@ -19,11 +19,6 @@ static inline void pv_console_set_rx_handler(serial_rx_fn fn) { } static inline void pv_console_init_postirq(void) { } static inline void pv_console_puts(const char *buf, size_t nr) { } static inline size_t pv_console_rx(struct cpu_user_regs *regs) { return 0; } -evtchn_port_t pv_console_evtchn(void) -{ - ASSERT_UNREACHABLE(); - return 0; -} #endif /* !CONFIG_XEN_GUEST */ #endif /* __XEN_PV_CONSOLE_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 08 07:44:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Jul 2022 07:44:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363260.593725 (Exim 4.92) (envelope-from ) id 1o9ieu-0004oH-1f; Fri, 08 Jul 2022 07:44:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363260.593725; Fri, 08 Jul 2022 07:44:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9iet-0004o5-V4; Fri, 08 Jul 2022 07:44:15 +0000 Received: by outflank-mailman (input) for mailman id 363260; Fri, 08 Jul 2022 07:44:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9iet-0004nq-0U for xen-changelog@lists.xenproject.org; Fri, 08 Jul 2022 07:44:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9ies-0005lq-Vw for xen-changelog@lists.xenproject.org; Fri, 08 Jul 2022 07:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9ies-0006DN-V0 for xen-changelog@lists.xenproject.org; Fri, 08 Jul 2022 07:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nOps1eNH7PqkJYwAGrJk5nqNZZUonhRnop5MQStHT+w=; b=fCQXLBxnaW4PWl5gJ3xQCLpACZ JSkEaTj2pxZ/wQs/Y6gYm/Ocq+oRDOLS9pQdgferyEEYoyGM7c78rRgkKriwLDGERMudWIqDLSdNE d0hw19rjrYR9AmULRS7AxgxPMZIzNNBl8Py5cMcwv09R6RlB1yTv34Adz7sFgi8fKPSo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] update SUPPORT.md for static allocation Message-Id: Date: Fri, 08 Jul 2022 07:44:14 +0000 commit f81fcc3919c35b19137cb9cf129ccc1a35f9008b Author: Penny Zheng AuthorDate: Fri Jul 8 09:42:14 2022 +0200 Commit: Jan Beulich CommitDate: Fri Jul 8 09:42:14 2022 +0200 update SUPPORT.md for static allocation SUPPORT.md doesn't seem to explicitly say whether static memory is supported, so this commit updates SUPPORT.md to add feature static allocation tech preview for now. Signed-off-by: Penny Zheng Reviewed-by: Stefano Stabellini --- SUPPORT.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/SUPPORT.md b/SUPPORT.md index 70e98964cb..8e040d1c1e 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -286,6 +286,13 @@ to boot with memory < maxmem. Status, x86 HVM: Supported +### Static Allocation + +Static allocation refers to domains for which memory areas are +pre-defined by configuration using physical address ranges. + + Status, ARM: Tech Preview + ### Memory Sharing Allow sharing of identical pages between guests -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 08 07:44:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 08 Jul 2022 07:44:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363261.593729 (Exim 4.92) (envelope-from ) id 1o9if4-0004ro-4c; Fri, 08 Jul 2022 07:44:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363261.593729; Fri, 08 Jul 2022 07:44:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9if4-0004rg-1k; Fri, 08 Jul 2022 07:44:26 +0000 Received: by outflank-mailman (input) for mailman id 363261; Fri, 08 Jul 2022 07:44:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9if3-0004rT-3V for xen-changelog@lists.xenproject.org; Fri, 08 Jul 2022 07:44:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9if3-0005m8-2o for xen-changelog@lists.xenproject.org; Fri, 08 Jul 2022 07:44:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9if3-0006EO-1n for xen-changelog@lists.xenproject.org; Fri, 08 Jul 2022 07:44:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8GlbeHbY7RRScSZD1eZESPJRfEwLXh3uE4uR/ev+X3I=; b=IiJQYG+wyJfxxhBWN3U4WpBxY2 NYLwmzEZkw+p+U1B6XjAeVQonSAyct6B7ty5s4JES5AXEhMgfm/BrCOH70wPxvH6oLdwStaj99eVD a8bjlUEPMkPPm+P/yjIOmvQGtwfCog+cbfcDLibayMnEAbhLPRFyXGPnK8pKqmG4bwec=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Config.mk: use newest Mini-OS commit Message-Id: Date: Fri, 08 Jul 2022 07:44:25 +0000 commit 980bfb1ac9247e95790e283dbc03e231e02cced9 Author: Juergen Gross AuthorDate: Fri Jul 8 09:42:27 2022 +0200 Commit: Jan Beulich CommitDate: Fri Jul 8 09:42:27 2022 +0200 Config.mk: use newest Mini-OS commit Switch to use the newest Mini-OS commit in order to get the recent fixes. Signed-off-by: Juergen Gross Acked-by: Jan Beulich --- Config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index a806ef0afb..e56844d964 100644 --- a/Config.mk +++ b/Config.mk @@ -230,7 +230,7 @@ MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= 7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5 QEMU_UPSTREAM_REVISION ?= master -MINIOS_UPSTREAM_REVISION ?= 83ff43bff4bdd6879539fcb2b3d6ba5e61a64135 +MINIOS_UPSTREAM_REVISION ?= 5bcb28aaeba1c2506a82fab0cdad0201cd9b54b3 SEABIOS_UPSTREAM_REVISION ?= rel-1.16.0 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sat Jul 09 02:11:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Jul 2022 02:11:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363705.594393 (Exim 4.92) (envelope-from ) id 1o9zvy-0007NY-Q5; Sat, 09 Jul 2022 02:11:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363705.594393; Sat, 09 Jul 2022 02:11:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9zvy-0007NQ-ND; Sat, 09 Jul 2022 02:11:02 +0000 Received: by outflank-mailman (input) for mailman id 363705; Sat, 09 Jul 2022 02:11:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9zvx-0007NK-Jr for xen-changelog@lists.xenproject.org; Sat, 09 Jul 2022 02:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9zvx-0004rN-Hx for xen-changelog@lists.xenproject.org; Sat, 09 Jul 2022 02:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9zvx-0008Ot-Fl for xen-changelog@lists.xenproject.org; Sat, 09 Jul 2022 02:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Lijy+fQ2U0ADzx1V4ANWacBWrLI0MiAQyb4I/vg7TlQ=; b=l46exeGsqpl+4HVJgtIEFZC8wE /17Xunamdfz3EMRNOndn3fkohK84ovZnbadj62VMZ8TOMikQACDg7EhT/NqtIAWDZQQVlMTj3WvWH rU1cJ809FanJULJp/p0KAYVfImv89jN3EiJCymqPBcgqmVGd7kP326A5W/XSehhFTDbk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/pv_console: Fix MISRA C 2012 Rule 2.1 violation Message-Id: Date: Sat, 09 Jul 2022 02:11:01 +0000 commit 2b5c2c64a9b55a1bb91c41fc7cbf0461b6c55ed4 Author: Xenia Ragiadakou AuthorDate: Fri Jul 8 09:41:36 2022 +0200 Commit: Jan Beulich CommitDate: Fri Jul 8 09:41:36 2022 +0200 xen/pv_console: Fix MISRA C 2012 Rule 2.1 violation Remove the definition of the function pv_console_evtchn(), when CONFIG_XEN_GUEST is not set, because the function is not used. Signed-off-by: Xenia Ragiadakou Reviewed-by: Stefano Stabellini Tested-by: Jiamei Xie # arm64 --- xen/include/xen/pv_console.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/xen/include/xen/pv_console.h b/xen/include/xen/pv_console.h index 4745f46f2d..55b20323fb 100644 --- a/xen/include/xen/pv_console.h +++ b/xen/include/xen/pv_console.h @@ -19,11 +19,6 @@ static inline void pv_console_set_rx_handler(serial_rx_fn fn) { } static inline void pv_console_init_postirq(void) { } static inline void pv_console_puts(const char *buf, size_t nr) { } static inline size_t pv_console_rx(struct cpu_user_regs *regs) { return 0; } -evtchn_port_t pv_console_evtchn(void) -{ - ASSERT_UNREACHABLE(); - return 0; -} #endif /* !CONFIG_XEN_GUEST */ #endif /* __XEN_PV_CONSOLE_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Jul 09 02:11:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Jul 2022 02:11:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363706.594397 (Exim 4.92) (envelope-from ) id 1o9zw8-0007Qm-S5; Sat, 09 Jul 2022 02:11:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363706.594397; Sat, 09 Jul 2022 02:11:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9zw8-0007Qe-Oq; Sat, 09 Jul 2022 02:11:12 +0000 Received: by outflank-mailman (input) for mailman id 363706; Sat, 09 Jul 2022 02:11:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9zw7-0007Pk-Lo for xen-changelog@lists.xenproject.org; Sat, 09 Jul 2022 02:11:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9zw7-0004rV-L4 for xen-changelog@lists.xenproject.org; Sat, 09 Jul 2022 02:11:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9zw7-0008PW-KE for xen-changelog@lists.xenproject.org; Sat, 09 Jul 2022 02:11:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=L4yiMVwINj1UwtrRf4EdbiRrLXKJJxNSUUURPb5b2sI=; b=kTvGrhAuyf21XSyF6YZRM9n9Ug BEd7p5J3nU5uPgxBEZlSn/A3WKNr8YG6CX/AXzl4/gCjRIqjGxqe+JeDW0Wb/S1Ywhr88x/wsceVK R7TuiIacb2yGrM0oyXZxdueGJtggRSmmIkzkxQW5ReTgn/Xhh7nJHInJO4WrO75DkTw4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] update SUPPORT.md for static allocation Message-Id: Date: Sat, 09 Jul 2022 02:11:11 +0000 commit f81fcc3919c35b19137cb9cf129ccc1a35f9008b Author: Penny Zheng AuthorDate: Fri Jul 8 09:42:14 2022 +0200 Commit: Jan Beulich CommitDate: Fri Jul 8 09:42:14 2022 +0200 update SUPPORT.md for static allocation SUPPORT.md doesn't seem to explicitly say whether static memory is supported, so this commit updates SUPPORT.md to add feature static allocation tech preview for now. Signed-off-by: Penny Zheng Reviewed-by: Stefano Stabellini --- SUPPORT.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/SUPPORT.md b/SUPPORT.md index 70e98964cb..8e040d1c1e 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -286,6 +286,13 @@ to boot with memory < maxmem. Status, x86 HVM: Supported +### Static Allocation + +Static allocation refers to domains for which memory areas are +pre-defined by configuration using physical address ranges. + + Status, ARM: Tech Preview + ### Memory Sharing Allow sharing of identical pages between guests -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Jul 09 02:11:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 09 Jul 2022 02:11:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.363707.594401 (Exim 4.92) (envelope-from ) id 1o9zwI-0007Tg-T3; Sat, 09 Jul 2022 02:11:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 363707.594401; Sat, 09 Jul 2022 02:11:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9zwI-0007TY-QN; Sat, 09 Jul 2022 02:11:22 +0000 Received: by outflank-mailman (input) for mailman id 363707; Sat, 09 Jul 2022 02:11:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9zwH-0007TJ-Oo for xen-changelog@lists.xenproject.org; Sat, 09 Jul 2022 02:11:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o9zwH-0004ro-O3 for xen-changelog@lists.xenproject.org; Sat, 09 Jul 2022 02:11:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1o9zwH-0008Q3-N4 for xen-changelog@lists.xenproject.org; Sat, 09 Jul 2022 02:11:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=g2B+ilcvodqZRTPe094mmR53XioTRLukbjrCC9aU79o=; b=w8P8IH/FglPyfh+puVBiNV+MqY C7wWUt3ydOWJn0EuZM+Uv4Urw2TuGbA+0i7vQP0CVewKBuLR1UsKawEL51sfScq6EQ/zvljrYUecU hzbjbBIRKxDsptIDGQ4CiJDOE/8aWQfMe9Nw3JHdXGFuu9LpqwfWMarxLQANnY4U3Y30=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] Config.mk: use newest Mini-OS commit Message-Id: Date: Sat, 09 Jul 2022 02:11:21 +0000 commit 980bfb1ac9247e95790e283dbc03e231e02cced9 Author: Juergen Gross AuthorDate: Fri Jul 8 09:42:27 2022 +0200 Commit: Jan Beulich CommitDate: Fri Jul 8 09:42:27 2022 +0200 Config.mk: use newest Mini-OS commit Switch to use the newest Mini-OS commit in order to get the recent fixes. Signed-off-by: Juergen Gross Acked-by: Jan Beulich --- Config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index a806ef0afb..e56844d964 100644 --- a/Config.mk +++ b/Config.mk @@ -230,7 +230,7 @@ MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= 7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5 QEMU_UPSTREAM_REVISION ?= master -MINIOS_UPSTREAM_REVISION ?= 83ff43bff4bdd6879539fcb2b3d6ba5e61a64135 +MINIOS_UPSTREAM_REVISION ?= 5bcb28aaeba1c2506a82fab0cdad0201cd9b54b3 SEABIOS_UPSTREAM_REVISION ?= rel-1.16.0 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 10:22:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 10:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365002.594988 (Exim 4.92) (envelope-from ) id 1oAqYH-0001b2-Fh; Mon, 11 Jul 2022 10:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365002.594988; Mon, 11 Jul 2022 10:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYH-0001au-Cj; Mon, 11 Jul 2022 10:22:05 +0000 Received: by outflank-mailman (input) for mailman id 365002; Mon, 11 Jul 2022 10:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYG-0001ao-BI for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYG-0003p7-7m for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAqYG-0006rr-6u for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=J95jpqxg84+eNbdfVe20YHrexNTzF0lFD3uPredvjYc=; b=E8i62VF9lH2Kaebyfg4QDvh8j6 k/iKTOZRkrTY+1rrmZCazYkMAVUgAx7jHoh0wfOGMf3zxQsuXu/OhRl9VMSTkVBefqPxyjzU0/3KY N2GMazhlaa1T2xn/wN/cz5osYgryFaNiUhN59TXpTG+cxf4XY75FLtDbstHOclwWVygM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: harmonize return types of hypercall handlers Message-Id: Date: Mon, 11 Jul 2022 10:22:04 +0000 commit 7e21b25059ed7e8f70dcc4626403fc9986c98932 Author: Juergen Gross AuthorDate: Mon Jul 11 11:58:21 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 11:58:21 2022 +0200 xen: harmonize return types of hypercall handlers Today most hypercall handlers have a return type of long, while the compat ones return an int. There are a few exceptions from that rule, however. Get rid of the exceptions by letting compat handlers always return int and others always return long, with the exception of the Arm specific physdev_op handler. For the compat hvm case use eax instead of rax for the stored result as it should have been from the beginning. Additionally move some prototypes to include/asm-x86/hypercall.h as they are x86 specific. Move the compat_platform_op() prototype to the common header. Rename paging_domctl_continuation() to do_paging_domctl_cont() and add a matching define for the associated hypercall. Make do_callback_op() and compat_callback_op() more similar by adding the const attribute to compat_callback_op()'s 2nd parameter. Change the type of the cmd parameter for [do|compat]_kexec_op() to unsigned int, as this is more appropriate for the compat case. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich Reviewed-by: Christopher Clark # argo --- xen/arch/x86/domctl.c | 4 ++-- xen/arch/x86/hvm/hypercall.c | 8 ++------ xen/arch/x86/hypercall.c | 2 +- xen/arch/x86/include/asm/hypercall.h | 31 ++++++++++++++++--------------- xen/arch/x86/include/asm/paging.h | 3 --- xen/arch/x86/mm/paging.c | 3 ++- xen/arch/x86/pv/callback.c | 14 +++++++------- xen/arch/x86/pv/hypercall.c | 5 +---- xen/arch/x86/pv/iret.c | 4 ++-- xen/arch/x86/pv/misc-hypercalls.c | 14 +++++++++----- xen/common/argo.c | 6 +++--- xen/common/kexec.c | 6 +++--- xen/include/xen/hypercall.h | 20 +++++++++----------- 13 files changed, 57 insertions(+), 63 deletions(-) diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index 1c62046c01..020df615bd 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -212,8 +212,8 @@ long arch_do_domctl( case XEN_DOMCTL_shadow_op: ret = paging_domctl(d, &domctl->u.shadow_op, u_domctl, 0); if ( ret == -ERESTART ) - return hypercall_create_continuation(__HYPERVISOR_arch_1, - "h", u_domctl); + return hypercall_create_continuation( + __HYPERVISOR_paging_domctl_cont, "h", u_domctl); copyback = true; break; diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index 62b5349e7d..3a35543997 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -124,8 +124,6 @@ static long cf_check hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) do_ ## x, \ (hypercall_fn_t *) compat_ ## x } -#define do_arch_1 paging_domctl_continuation - static const struct { hypercall_fn_t *native, *compat; } hvm_hypercall_table[] = { @@ -158,11 +156,9 @@ static const struct { #ifdef CONFIG_HYPFS HYPERCALL(hypfs_op), #endif - HYPERCALL(arch_1) + HYPERCALL(paging_domctl_cont) }; -#undef do_arch_1 - #undef HYPERCALL #undef HVM_CALL #undef COMPAT_CALL @@ -300,7 +296,7 @@ int hvm_hypercall(struct cpu_user_regs *regs) #endif curr->hcall_compat = true; - regs->rax = hvm_hypercall_table[eax].compat(ebx, ecx, edx, esi, edi); + regs->eax = hvm_hypercall_table[eax].compat(ebx, ecx, edx, esi, edi); curr->hcall_compat = false; #ifndef NDEBUG diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 2370d31d3f..07e1a45ef5 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -75,7 +75,7 @@ const hypercall_args_t hypercall_args_table[NR_hypercalls] = ARGS(dm_op, 3), ARGS(hypfs_op, 5), ARGS(mca, 1), - ARGS(arch_1, 1), + ARGS(paging_domctl_cont, 1), }; #undef COMP diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index 1c57236dc7..81ca25f7b3 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -15,6 +15,8 @@ #include /* for do_mca */ #include +#define __HYPERVISOR_paging_domctl_cont __HYPERVISOR_arch_1 + typedef unsigned long hypercall_fn_t( unsigned long, unsigned long, unsigned long, unsigned long, unsigned long); @@ -84,7 +86,7 @@ do_set_debugreg( int reg, unsigned long value); -extern unsigned long cf_check +extern long cf_check do_get_debugreg( int reg); @@ -122,7 +124,7 @@ do_mmuext_op( extern long cf_check do_callback_op( int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg); -extern unsigned long cf_check +extern long cf_check do_iret( void); @@ -137,17 +139,20 @@ do_set_segment_base( unsigned int which, unsigned long base); +long cf_check do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); + +long cf_check do_xenpmu_op(unsigned int op, + XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg); + +long cf_check do_paging_domctl_cont( + XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); + #ifdef CONFIG_COMPAT #include #include #include -extern int cf_check -compat_physdev_op( - int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - extern int compat_common_vcpu_op( int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); @@ -158,12 +163,8 @@ extern int cf_check compat_mmuext_op( XEN_GUEST_HANDLE_PARAM(uint) pdone, unsigned int foreigndom); -DEFINE_XEN_GUEST_HANDLE(compat_platform_op_t); -extern int cf_check compat_platform_op( - XEN_GUEST_HANDLE_PARAM(compat_platform_op_t) u_xenpf_op); - -extern long cf_check compat_callback_op( - int cmd, XEN_GUEST_HANDLE(void) arg); +extern int cf_check compat_callback_op( + int cmd, XEN_GUEST_HANDLE(const_void) arg); extern int cf_check compat_update_va_mapping( unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags); @@ -181,12 +182,12 @@ extern int cf_check compat_set_gdt( extern int cf_check compat_update_descriptor( uint32_t pa_lo, uint32_t pa_hi, uint32_t desc_lo, uint32_t desc_hi); -extern unsigned int cf_check compat_iret(void); +extern int cf_check compat_iret(void); extern int cf_check compat_nmi_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long cf_check compat_set_callbacks( +extern int cf_check compat_set_callbacks( unsigned long event_selector, unsigned long event_address, unsigned long failsafe_selector, unsigned long failsafe_address); diff --git a/xen/arch/x86/include/asm/paging.h b/xen/arch/x86/include/asm/paging.h index b7ecfd4721..b2b243a4ff 100644 --- a/xen/arch/x86/include/asm/paging.h +++ b/xen/arch/x86/include/asm/paging.h @@ -231,9 +231,6 @@ int paging_domctl(struct domain *d, struct xen_domctl_shadow_op *sc, XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl, bool_t resuming); -/* Helper hypercall for dealing with continuations. */ -long cf_check paging_domctl_continuation(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)); - /* Call when destroying a vcpu/domain */ void paging_vcpu_teardown(struct vcpu *v); int paging_teardown(struct domain *d); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index b7e2750817..eb9155f81c 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -21,6 +21,7 @@ #include #include +#include #include #include #include @@ -759,7 +760,7 @@ int paging_domctl(struct domain *d, struct xen_domctl_shadow_op *sc, return shadow_domctl(d, sc, u_domctl); } -long cf_check paging_domctl_continuation( +long cf_check do_paging_domctl_cont( XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { struct xen_domctl op; diff --git a/xen/arch/x86/pv/callback.c b/xen/arch/x86/pv/callback.c index 55148c7f9e..1be9d3f731 100644 --- a/xen/arch/x86/pv/callback.c +++ b/xen/arch/x86/pv/callback.c @@ -207,9 +207,9 @@ long cf_check do_set_callbacks( #include #include -static long compat_register_guest_callback(struct compat_callback_register *reg) +static int compat_register_guest_callback(struct compat_callback_register *reg) { - long ret = 0; + int ret = 0; struct vcpu *curr = current; fixup_guest_code_selector(curr->domain, reg->address.cs); @@ -256,10 +256,10 @@ static long compat_register_guest_callback(struct compat_callback_register *reg) return ret; } -static long compat_unregister_guest_callback( +static int compat_unregister_guest_callback( struct compat_callback_unregister *unreg) { - long ret; + int ret; switch ( unreg->type ) { @@ -283,9 +283,9 @@ static long compat_unregister_guest_callback( return ret; } -long cf_check compat_callback_op(int cmd, XEN_GUEST_HANDLE(void) arg) +int cf_check compat_callback_op(int cmd, XEN_GUEST_HANDLE(const_void) arg) { - long ret; + int ret; switch ( cmd ) { @@ -321,7 +321,7 @@ long cf_check compat_callback_op(int cmd, XEN_GUEST_HANDLE(void) arg) return ret; } -long cf_check compat_set_callbacks( +int cf_check compat_set_callbacks( unsigned long event_selector, unsigned long event_address, unsigned long failsafe_selector, unsigned long failsafe_address) { diff --git a/xen/arch/x86/pv/hypercall.c b/xen/arch/x86/pv/hypercall.c index e8fbee7bbb..fe8dfe9e8f 100644 --- a/xen/arch/x86/pv/hypercall.c +++ b/xen/arch/x86/pv/hypercall.c @@ -47,8 +47,6 @@ typedef struct { #define COMPAT_CALL(x) HYPERCALL(x) #endif -#define do_arch_1 paging_domctl_continuation - static const pv_hypercall_table_t pv_hypercall_table[] = { COMPAT_CALL(set_trap_table), HYPERCALL(mmu_update), @@ -109,11 +107,10 @@ static const pv_hypercall_table_t pv_hypercall_table[] = { #endif HYPERCALL(mca), #ifndef CONFIG_PV_SHIM_EXCLUSIVE - HYPERCALL(arch_1), + HYPERCALL(paging_domctl_cont), #endif }; -#undef do_arch_1 #undef COMPAT_CALL #undef HYPERCALL diff --git a/xen/arch/x86/pv/iret.c b/xen/arch/x86/pv/iret.c index 797a427ffa..58de9f7922 100644 --- a/xen/arch/x86/pv/iret.c +++ b/xen/arch/x86/pv/iret.c @@ -49,7 +49,7 @@ static void async_exception_cleanup(struct vcpu *curr) curr->arch.async_exception_state(trap).old_mask; } -unsigned long cf_check do_iret(void) +long cf_check do_iret(void) { struct cpu_user_regs *regs = guest_cpu_user_regs(); struct iret_context iret_saved; @@ -106,7 +106,7 @@ unsigned long cf_check do_iret(void) } #ifdef CONFIG_PV32 -unsigned int cf_check compat_iret(void) +int cf_check compat_iret(void) { struct cpu_user_regs *regs = guest_cpu_user_regs(); struct vcpu *v = current; diff --git a/xen/arch/x86/pv/misc-hypercalls.c b/xen/arch/x86/pv/misc-hypercalls.c index 5649aaab44..635f5a644a 100644 --- a/xen/arch/x86/pv/misc-hypercalls.c +++ b/xen/arch/x86/pv/misc-hypercalls.c @@ -28,12 +28,16 @@ long cf_check do_set_debugreg(int reg, unsigned long value) return set_debugreg(current, reg, value); } -unsigned long cf_check do_get_debugreg(int reg) +long cf_check do_get_debugreg(int reg) { - unsigned long val; - int res = x86emul_read_dr(reg, &val, NULL); - - return res == X86EMUL_OKAY ? val : -ENODEV; + /* Avoid implementation defined behavior casting unsigned long to long. */ + union { + unsigned long val; + long ret; + } u; + int res = x86emul_read_dr(reg, &u.val, NULL); + + return res == X86EMUL_OKAY ? u.ret : -ENODEV; } long cf_check do_fpu_taskswitch(int set) diff --git a/xen/common/argo.c b/xen/common/argo.c index 297f6d11f0..26a01c2188 100644 --- a/xen/common/argo.c +++ b/xen/common/argo.c @@ -2207,13 +2207,13 @@ do_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, } #ifdef CONFIG_COMPAT -long cf_check +int cf_check compat_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, unsigned long arg3, unsigned long arg4) { struct domain *currd = current->domain; - long rc; + int rc; xen_argo_send_addr_t send_addr; xen_argo_iov_t iovs[XEN_ARGO_MAXIOV]; compat_argo_iov_t compat_iovs[XEN_ARGO_MAXIOV]; @@ -2267,7 +2267,7 @@ compat_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, rc = sendv(currd, &send_addr.src, &send_addr.dst, iovs, niov, arg4); out: - argo_dprintk("<-compat_argo_op(%u)=%ld\n", cmd, rc); + argo_dprintk("<-compat_argo_op(%u)=%d\n", cmd, rc); return rc; } diff --git a/xen/common/kexec.c b/xen/common/kexec.c index a2ffb6530c..41669964d2 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -1213,7 +1213,7 @@ static int kexec_status(XEN_GUEST_HANDLE_PARAM(void) uarg) return !!test_bit(bit, &kexec_flags); } -static int do_kexec_op_internal(unsigned long op, +static int do_kexec_op_internal(unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg, bool_t compat) { @@ -1265,13 +1265,13 @@ static int do_kexec_op_internal(unsigned long op, return ret; } -long cf_check do_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg) +long cf_check do_kexec_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg) { return do_kexec_op_internal(op, uarg, 0); } #ifdef CONFIG_COMPAT -int cf_check compat_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg) +int cf_check compat_kexec_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg) { return do_kexec_op_internal(op, uarg, 1); } diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index 81aae7a662..a032ba2b4a 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -114,11 +114,6 @@ common_vcpu_op(int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long cf_check -do_nmi_op( - unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - extern long cf_check do_hvm_op( unsigned long op, @@ -126,7 +121,7 @@ do_hvm_op( extern long cf_check do_kexec_op( - unsigned long op, + unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg); extern long cf_check @@ -145,9 +140,6 @@ extern long cf_check do_argo_op( extern long cf_check do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long cf_check -do_xenpmu_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg); - extern long cf_check do_dm_op( domid_t domid, @@ -205,15 +197,21 @@ extern int cf_check compat_xsm_op( XEN_GUEST_HANDLE_PARAM(void) op); extern int cf_check compat_kexec_op( - unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg); + unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg); DEFINE_XEN_GUEST_HANDLE(multicall_entry_compat_t); extern int cf_check compat_multicall( XEN_GUEST_HANDLE_PARAM(multicall_entry_compat_t) call_list, uint32_t nr_calls); +int compat_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); + +typedef struct compat_platform_op compat_platform_op_t; +DEFINE_XEN_GUEST_HANDLE(compat_platform_op_t); +int compat_platform_op(XEN_GUEST_HANDLE_PARAM(compat_platform_op_t) u_xenpf_op); + #ifdef CONFIG_ARGO -extern long cf_check compat_argo_op( +extern int cf_check compat_argo_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 10:22:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 10:22:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365003.594992 (Exim 4.92) (envelope-from ) id 1oAqYR-0001cs-Ht; Mon, 11 Jul 2022 10:22:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365003.594992; Mon, 11 Jul 2022 10:22:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYR-0001ck-EK; Mon, 11 Jul 2022 10:22:15 +0000 Received: by outflank-mailman (input) for mailman id 365003; Mon, 11 Jul 2022 10:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYQ-0001cb-C8 for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYQ-0003pc-BG for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAqYQ-0006sG-A6 for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KA7L0Gb1gNoUApNWuDA+4Ame+oQMeBUmdIPYAPI/O1U=; b=CwxqDuixQjs92tae/nu3VR/NnP SE/i9AazxvV8TYJpnLO99EzUGsyPtH9d2UWiZ1eG3YwGhqpzGadhuwxqFv6RH6V4lPcqoA+k6IvpD +48TJBU5DirD3QEwPOR3M4nJQoxHKxuiUCwy6XcnJm4jOYDtnJjlG3YaqLpsf3mplXPA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: include compat/platform.h from hypercall.h Message-Id: Date: Mon, 11 Jul 2022 10:22:14 +0000 commit e1664942b296e5a7bd82153bbead65c716779f35 Author: Juergen Gross AuthorDate: Mon Jul 11 11:59:16 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 11:59:16 2022 +0200 xen: include compat/platform.h from hypercall.h The definition of compat_platform_op_t is in compat/platform.h already, so include that file from hypercall.h instead of repeating the typedef. This allows to remove the related include statement from arch/x86/x86_64/platform_hypercall.c. Signed-off-by: Juergen Gross Acked-by: Jan Beulich --- xen/arch/x86/x86_64/platform_hypercall.c | 1 - xen/include/xen/hypercall.h | 4 +++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/x86_64/platform_hypercall.c b/xen/arch/x86/x86_64/platform_hypercall.c index 966fd27b5f..5bf6b958d2 100644 --- a/xen/arch/x86/x86_64/platform_hypercall.c +++ b/xen/arch/x86/x86_64/platform_hypercall.c @@ -5,7 +5,6 @@ EMIT_FILE; #include -#include #include #define xen_platform_op compat_platform_op diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index a032ba2b4a..ca8ee22717 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -15,6 +15,9 @@ #include #include #include +#ifdef CONFIG_COMPAT +#include +#endif #include #include @@ -206,7 +209,6 @@ extern int cf_check compat_multicall( int compat_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -typedef struct compat_platform_op compat_platform_op_t; DEFINE_XEN_GUEST_HANDLE(compat_platform_op_t); int compat_platform_op(XEN_GUEST_HANDLE_PARAM(compat_platform_op_t) u_xenpf_op); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 10:22:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 10:22:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365004.594995 (Exim 4.92) (envelope-from ) id 1oAqYb-0001ff-Im; Mon, 11 Jul 2022 10:22:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365004.594995; Mon, 11 Jul 2022 10:22:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYb-0001fW-Fs; Mon, 11 Jul 2022 10:22:25 +0000 Received: by outflank-mailman (input) for mailman id 365004; Mon, 11 Jul 2022 10:22:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYa-0001fM-Fa for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYa-0003pt-Eg for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAqYa-0006sj-DQ for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=J97QiQPjF0O6rwCrjyvqSWJ6l0Xv7jFIvEudQwQ3o4U=; b=OcSRbEOnXlL+ZeS6I7bdSh8SBu ERXHwn6SFVeY23Dj2jUTrOKKr6IAX7h3Cu86vjuQHvjGQTONWbyTd9r+RN313uU5RVsVrawK7PtT2 EwuEOIj7wtHjZD79cYZtzDyMFRwBQiUmWX3Zh5Rg/giHEbW2iLCSVb3QD2csdOnc5UBw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: generate hypercall interface related code Message-Id: Date: Mon, 11 Jul 2022 10:22:24 +0000 commit eca1f00d02274ad6c1d604ded30cd7cae21e43f0 Author: Juergen Gross AuthorDate: Mon Jul 11 12:06:19 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:06:19 2022 +0200 xen: generate hypercall interface related code Instead of repeating similar data multiple times use a single source file and a generator script for producing prototypes and call sequences of the hypercalls. As the script already knows the number of parameters used add generating a macro for populating an array with the number of parameters per hypercall. The priorities for the specific hypercalls are based on two benchamrks performed in guests (PV and PVH): - make -j 4 of the Xen hypervisor (resulting in cpu load with lots of processes created) - scp of a large file to the guest (network load) With a small additional debug patch applied the number of the different hypercalls in the guest and in dom0 (for looking at backend activity related hypercalls) were counted while the benchmark in domU was running: PV-hypercall PV-guest build PV-guest scp dom0 build dom0 scp mmu_update 186175729 2865 20936 33725 stack_switch 1273311 62381 108589 270764 multicall 2182803 50 302 524 update_va_mapping 571868 10 60 80 xen_version 73061 850 859 5432 grant_table_op 0 0 35557 139110 iret 75673006 484132 268157 757958 vcpu_op 453037 71199 138224 334988 set_segment_base 1650249 62387 108645 270823 mmuext_op 11225681 188 7239 3426 sched_op 280153 134645 70729 137943 event_channel_op 192327 66204 71409 214191 physdev_op 0 0 7721 4315 (the dom0 values are for the guest running the build or scp test, so dom0 acting as backend) HVM-hypercall PVH-guest build PVH-guest scp vcpu_op 277684 2324 event_channel_op 350233 57383 (the related dom0 counter values are in the same range as with the test running in the PV guest) Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich Acked-by: Julien Grall --- .gitignore | 1 + xen/include/Makefile | 13 ++ xen/include/hypercall-defs.c | 285 ++++++++++++++++++++++++++++++++++++++ xen/scripts/gen_hypercall.awk | 314 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 613 insertions(+) diff --git a/.gitignore b/.gitignore index c9951063c3..def9339ff1 100644 --- a/.gitignore +++ b/.gitignore @@ -327,6 +327,7 @@ xen/include/public/public xen/include/xen/*.new xen/include/xen/acm_policy.h xen/include/xen/compile.h +xen/include/xen/hypercall-defs.h xen/include/xen/lib/x86/cpuid-autogen.h xen/source xen/test/livepatch/config.h diff --git a/xen/include/Makefile b/xen/include/Makefile index 510f65c92a..39d9f5556c 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -104,6 +104,18 @@ cmd_xlat_h = \ $(obj)/compat/xlat.h: $(addprefix $(obj)/compat/.xlat/,$(xlat-y)) FORCE $(call if_changed,xlat_h) +quiet_cmd_genhyp = GEN $@ +define cmd_genhyp + awk -f $(srctree)/scripts/gen_hypercall.awk <$< >$@ +endef + +all: $(obj)/xen/hypercall-defs.h + +$(obj)/xen/hypercall-defs.h: $(obj)/hypercall-defs.i $(srctree)/scripts/gen_hypercall.awk FORCE + $(call if_changed,genhyp) + +targets += xen/hypercall-defs.h + ifeq ($(XEN_TARGET_ARCH),$(XEN_COMPILE_ARCH)) all: $(obj)/headers.chk $(obj)/headers99.chk $(obj)/headers++.chk @@ -213,3 +225,4 @@ all: lib-x86-all endif clean-files := compat config generated headers*.chk xen/lib/x86/cpuid-autogen.h +clean-files += xen/hypercall-defs.h hypercall-defs.i diff --git a/xen/include/hypercall-defs.c b/xen/include/hypercall-defs.c new file mode 100644 index 0000000000..60cbeb18e4 --- /dev/null +++ b/xen/include/hypercall-defs.c @@ -0,0 +1,285 @@ +/* + * Hypercall interface description: + * Used by scripts/gen_hypercall.awk to generate hypercall prototypes and call + * sequences. + * + * Syntax is like a prototype, but without return type and without the ";" at + * the end. Pointer types will be automatically converted to use the + * XEN_GUEST_HANDLE_PARAM() macro. Handlers with no parameters just use a + * definition like "fn()". + * Hypercall/function names are without the leading "__HYPERVISOR_"/"do_" + * strings. + * + * The return type of a class of prototypes using the same prefix is set via: + * rettype: + * Default return type is "long". A return type for a prefix can be set only + * once and it needs to be set before that prefix is being used via the + * "prefix:" directive. + * + * The prefix of the prototypes is set via a line: + * prefix: ... + * Multiple prefixes are possible (restriction see below). Prefixes are without + * a trailing "_". The current prefix settings are active until a new "prefix:" + * line. + * + * Caller macros are suffixed with a selectable name via lines like: + * caller: + * When a caller suffix is active, there is only one active prefix allowed. + * + * With a "defhandle:" line it is possible to add a DEFINE_XEN_GUEST_HANDLE() + * to the generated header: + * defhandle: [] + * Without specifying only a DEFINE_XEN_GUEST_HANDLE() + * will be generated, otherwise it will be a + * __DEFINE_XEN_GUEST_HANDLE(, ) being generated. Note that + * the latter will include the related "const" handle "const_". + * + * In order to support using coding style compliant pointers in the + * prototypes it is possible to add translation entries to generate the correct + * handle types: + * handle: + * This will result in the prototype translation from " *" to + * "XEN_GUEST_HANDLE_PARAM()". + * + * The hypercall handler calling code will be generated from a final table in + * the source file, which is started via the line: + * table: ... + * with the s specifying the designated caller macro of each column of + * the table. Any column of a not having been set via a "caller:" + * line will be ignored. + * The first column of the table contains the hypercall/prototype, each + * column contains the prefix for the function to use for that caller. + * A function prefix can be annotated with a priority by adding ":" to it + * ("1" being the highest priority, higher numbers mean lower priority, no + * priority specified is the lowest priority). The generated code will try to + * achieve better performance for calling high priority handlers. + * A column not being supported by a is marked with "-". Lines with all + * entries being "-" after removal of inactive columns are ignored. + * + * This file is being preprocessed using $(CPP), so #ifdef CONFIG_* conditionals + * are possible. + */ + +#ifdef CONFIG_HVM +#define PREFIX_hvm hvm +#else +#define PREFIX_hvm +#endif + +#ifdef CONFIG_COMPAT +#define PREFIX_compat compat +rettype: compat int +#else +#define PREFIX_compat +#endif + +#ifdef CONFIG_ARM +#define PREFIX_dep dep +#define PREFIX_do_arm do_arm +rettype: do_arm int +#else +#define PREFIX_dep +#define PREFIX_do_arm +#endif + +handle: uint unsigned int +handle: const_void const void +handle: const_char const char + +#ifdef CONFIG_COMPAT +defhandle: multicall_entry_compat_t +#ifndef CONFIG_PV_SHIM_EXCLUSIVE +defhandle: compat_platform_op_t +#endif +#endif +#ifdef CONFIG_PV32 +defhandle: trap_info_compat_t +defhandle: physdev_op_compat_t +#endif + +prefix: do PREFIX_hvm PREFIX_compat PREFIX_do_arm +physdev_op(int cmd, void *arg) + +prefix: do PREFIX_hvm PREFIX_compat +#if defined(CONFIG_GRANT_TABLE) || defined(CONFIG_PV_SHIM) +grant_table_op(unsigned int cmd, void *uop, unsigned int count) +#endif + +prefix: do PREFIX_hvm +memory_op(unsigned long cmd, void *arg) + +prefix: do PREFIX_compat +xen_version(int cmd, void *arg) +vcpu_op(int cmd, unsigned int vcpuid, void *arg) +sched_op(int cmd, void *arg) +xsm_op(void *op) +callback_op(int cmd, const void *arg) +#ifdef CONFIG_ARGO +argo_op(unsigned int cmd, void *arg1, void *arg2, unsigned long arg3, unsigned long arg4) +#endif +#ifdef CONFIG_KEXEC +kexec_op(unsigned int op, void *uarg) +#endif +#ifdef CONFIG_PV +iret() +nmi_op(unsigned int cmd, void *arg) +#ifdef CONFIG_XENOPROF +xenoprof_op(int op, void *arg) +#endif +#endif /* CONFIG_PV */ + +#ifdef CONFIG_COMPAT +prefix: compat +set_timer_op(uint32_t lo, int32_t hi) +multicall(multicall_entry_compat_t *call_list, uint32_t nr_calls) +memory_op(unsigned int cmd, void *arg) +#ifdef CONFIG_IOREQ_SERVER +dm_op(domid_t domid, unsigned int nr_bufs, void *bufs) +#endif +mmuext_op(void *arg, unsigned int count, uint *pdone, unsigned int foreigndom) +#ifdef CONFIG_PV32 +set_trap_table(trap_info_compat_t *traps) +set_gdt(unsigned int *frame_list, unsigned int entries) +set_callbacks(unsigned long event_selector, unsigned long event_address, unsigned long failsafe_selector, unsigned long failsafe_address) +update_descriptor(uint32_t pa_lo, uint32_t pa_hi, uint32_t desc_lo, uint32_t desc_hi) +update_va_mapping(unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags) +physdev_op_compat(physdev_op_compat_t *uop) +update_va_mapping_otherdomain(unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags, domid_t domid) +#endif +#ifndef CONFIG_PV_SHIM_EXCLUSIVE +platform_op(compat_platform_op_t *u_xenpf_op) +#endif +#endif /* CONFIG_COMPAT */ + +#if defined(CONFIG_PV) || defined(CONFIG_ARM) +prefix: do PREFIX_dep +event_channel_op_compat(evtchn_op_t *uop) +physdev_op_compat(physdev_op_t *uop) +/* Legacy hypercall (as of 0x00030101). */ +sched_op_compat(int cmd, unsigned long arg) +#endif + +prefix: do +set_timer_op(s_time_t timeout) +console_io(unsigned int cmd, unsigned int count, char *buffer) +vm_assist(unsigned int cmd, unsigned int type) +event_channel_op(int cmd, void *arg) +mmuext_op(mmuext_op_t *uops, unsigned int count, unsigned int *pdone, unsigned int foreigndom) +multicall(multicall_entry_t *call_list, unsigned int nr_calls) +#ifdef CONFIG_PV +mmu_update(mmu_update_t *ureqs, unsigned int count, unsigned int *pdone, unsigned int foreigndom) +stack_switch(unsigned long ss, unsigned long esp) +fpu_taskswitch(int set) +set_debugreg(int reg, unsigned long value) +get_debugreg(int reg) +set_segment_base(unsigned int which, unsigned long base) +mca(xen_mc_t *u_xen_mc) +set_trap_table(const_trap_info_t *traps) +set_gdt(xen_ulong_t *frame_list, unsigned int entries) +set_callbacks(unsigned long event_address, unsigned long failsafe_address, unsigned long syscall_address) +update_descriptor(uint64_t gaddr, seg_desc_t desc) +update_va_mapping(unsigned long va, uint64_t val64, unsigned long flags) +update_va_mapping_otherdomain(unsigned long va, uint64_t val64, unsigned long flags, domid_t domid) +#endif +#ifdef CONFIG_IOREQ_SERVER +dm_op(domid_t domid, unsigned int nr_bufs, xen_dm_op_buf_t *bufs) +#endif +#ifndef CONFIG_PV_SHIM_EXCLUSIVE +sysctl(xen_sysctl_t *u_sysctl) +domctl(xen_domctl_t *u_domctl) +paging_domctl_cont(xen_domctl_t *u_domctl) +platform_op(xen_platform_op_t *u_xenpf_op) +#endif +#ifdef CONFIG_HVM +hvm_op(unsigned long op, void *arg) +#endif +#ifdef CONFIG_HYPFS +hypfs_op(unsigned int cmd, const char *arg1, unsigned long arg2, void *arg3, unsigned long arg4) +#endif +#ifdef CONFIG_X86 +xenpmu_op(unsigned int op, xen_pmu_params_t *arg) +#endif + +#ifdef CONFIG_PV +caller: pv64 +#ifdef CONFIG_PV32 +caller: pv32 +#endif +#endif +#if defined(CONFIG_HVM) && defined(CONFIG_X86) +caller: hvm64 +#ifdef CONFIG_COMPAT +caller: hvm32 +#endif +#endif +#ifdef CONFIG_ARM +caller: arm +#endif + +table: pv32 pv64 hvm32 hvm64 arm +set_trap_table compat do - - - +mmu_update do:1 do:1 - - - +set_gdt compat do - - - +stack_switch do:2 do:2 - - - +set_callbacks compat do - - - +fpu_taskswitch do do - - - +sched_op_compat do do - - dep +#ifndef CONFIG_PV_SHIM_EXCLUSIVE +platform_op compat do compat do do +#endif +set_debugreg do do - - - +get_debugreg do do - - - +update_descriptor compat do - - - +memory_op compat do hvm hvm do +multicall compat:2 do:2 compat do do +update_va_mapping compat do - - - +set_timer_op compat do compat do - +event_channel_op_compat do do - - dep +xen_version compat do compat do do +console_io do do do do do +physdev_op_compat compat do - - dep +#if defined(CONFIG_GRANT_TABLE) || defined(CONFIG_PV_SHIM) +grant_table_op compat do hvm hvm do +#endif +vm_assist do do do do do +update_va_mapping_otherdomain compat do - - - +iret compat:1 do:1 - - - +vcpu_op compat do compat:1 do:1 do +set_segment_base do:2 do:2 - - - +#ifdef CONFIG_PV +mmuext_op compat:2 do:2 compat do - +#endif +xsm_op compat do compat do do +nmi_op compat do - - - +sched_op compat do compat do do +callback_op compat do - - - +#ifdef CONFIG_XENOPROF +xenoprof_op compat do - - - +#endif +event_channel_op do do do:1 do:1 do:1 +physdev_op compat do hvm hvm do_arm +#ifdef CONFIG_HVM +hvm_op do do do do do +#endif +#ifndef CONFIG_PV_SHIM_EXCLUSIVE +sysctl do do do do do +domctl do do do do do +#endif +#ifdef CONFIG_KEXEC +kexec_op compat do - - - +#endif +tmem_op - - - - - +#ifdef CONFIG_ARGO +argo_op compat do compat do do +#endif +xenpmu_op do do do do - +#ifdef CONFIG_IOREQ_SERVER +dm_op compat do compat do do +#endif +#ifdef CONFIG_HYPFS +hypfs_op do do do do do +#endif +mca do do - - - +#ifndef CONFIG_PV_SHIM_EXCLUSIVE +paging_domctl_cont do do do do - +#endif diff --git a/xen/scripts/gen_hypercall.awk b/xen/scripts/gen_hypercall.awk new file mode 100644 index 0000000000..403758be21 --- /dev/null +++ b/xen/scripts/gen_hypercall.awk @@ -0,0 +1,314 @@ +# awk script to generate hypercall handler prototypes and a macro for doing +# the calls of the handlers inside a switch() statement. + +BEGIN { + printf("/* Generated file, do not edit! */\n\n"); + e = 0; + n = 0; + p = 0; + nc = 0; +} + +# Issue error to stderr +function do_err(msg) { + print "Error: "msg": "$0 >"/dev/stderr"; + exit 1; +} + +# Generate handler call +function do_call(f, p, i) { + printf(" ret = %s_%s(", pre[f, p], fn[f]); + for (i = 1; i <= n_args[f]; i++) { + if (i > 1) + printf(", "); + if (ptr[f, i]) + printf("(XEN_GUEST_HANDLE_PARAM(%s)){ _p(a%d) }", typ[f, i], i); + else + printf("(%s)(a%d)", typ[f, i], i); + } + printf("); \\\n"); +} + +# Generate case statement for call +function do_case(f, p) { + printf(" case __HYPERVISOR_%s: \\\n", fn[f]); + do_call(f, p); + printf(" break; \\\n"); +} + +# Generate switch statement for calling handlers +function do_switch(ca, p, i) { + printf(" switch ( num ) \\\n"); + printf(" { \\\n"); + for (i = 1; i <= nc; i++) + if (call[i] == ca && call_prio[i] == p) + do_case(call_fn[i], call_p[i]); + printf(" default: \\\n"); + printf(" ret = -ENOSYS; \\\n"); + printf(" break; \\\n"); + printf(" } \\\n"); +} + +function rest_of_line(par, i, val) { + val = $(par); + for (i = par + 1; i <= NF; i++) + val = val " " $(i); + return val; +} + +# Handle comments (multi- and single line) +$1 == "/*" { + comment = 1; +} +comment == 1 { + if ($(NF) == "*/") comment = 0; + next; +} + +# Skip preprocessing artefacts +$1 == "extern" { + next; +} +/^#/ { + next; +} + +# Drop empty lines +NF == 0 { + next; +} + +# Handle "handle:" line +$1 == "handle:" { + if (NF < 3) + do_err("\"handle:\" requires at least two parameters"); + val = rest_of_line(3); + xlate[val] = $2; + next; +} + +# Handle "defhandle:" line +$1 == "defhandle:" { + if (NF < 2) + do_err("\"defhandle:\" requires at least one parameter"); + e++; + if (NF == 2) { + emit[e] = sprintf("DEFINE_XEN_GUEST_HANDLE(%s);", $2); + } else { + val = rest_of_line(3); + emit[e] = sprintf("__DEFINE_XEN_GUEST_HANDLE(%s, %s);", $2, val); + xlate[val] = $2; + } + next; +} + +# Handle "rettype:" line +$1 == "rettype:" { + if (NF < 3) + do_err("\"rettype:\" requires at least two parameters"); + if ($2 in rettype) + do_err("rettype can be set only once for each prefix"); + rettype[$2] = rest_of_line(3); + next; +} + +# Handle "caller:" line +$1 == "caller:" { + caller[$2] = 1; + next; +} + +# Handle "prefix:" line +$1 == "prefix:" { + p = NF - 1; + for (i = 2; i <= NF; i++) { + prefix[i - 1] = $(i); + if (!(prefix[i - 1] in rettype)) + rettype[prefix[i - 1]] = "long"; + } + next; +} + +# Handle "table:" line +$1 == "table:" { + table = 1; + for (i = 2; i <= NF; i++) + col[i - 1] = $(i); + n_cols = NF - 1; + next; +} + +# Handle table definition line +table == 1 { + if (NF != n_cols + 1) + do_err("Table definition line has wrong number of fields"); + for (c = 1; c <= n_cols; c++) { + if (caller[col[c]] != 1) + continue; + if ($(c + 1) == "-") + continue; + pref = $(c + 1); + idx = index(pref, ":"); + if (idx == 0) + prio = 100; + else { + prio = substr(pref, idx + 1) + 0; + pref = substr(pref, 1, idx - 1); + if (prio >= 100 || prio < 1) + do_err("Priority must be in the range 1..99"); + } + fnd = 0; + for (i = 1; i <= n; i++) { + if (fn[i] != $1) + continue; + for (j = 1; j <= n_pre[i]; j++) { + if (pre[i, j] == pref) { + prios[col[c], prio]++; + if (prios[col[c], prio] == 1) { + n_prios[col[c]]++; + prio_list[col[c], n_prios[col[c]]] = prio; + prio_mask[col[c], prio] = "(1ULL << __HYPERVISOR_"$1")"; + } else + prio_mask[col[c], prio] = prio_mask[col[c], prio] " | (1ULL << __HYPERVISOR_"$1")"; + nc++; + call[nc] = col[c]; + call_fn[nc] = i; + call_p[nc] = j; + call_prio[nc] = prio; + fnd = 1; + } + } + } + if (fnd == 0) + do_err("No prototype for prefix/hypercall combination"); + } + next; +} + +# Prototype line +{ + bro = index($0, "("); + brc = index($0, ")"); + if (bro < 2 || brc < bro) + do_err("No valid prototype line"); + n++; + fn[n] = substr($0, 1, bro - 1); + n_pre[n] = p; + for (i = 1; i <= p; i++) + pre[n, i] = prefix[i]; + args = substr($0, bro + 1, brc - bro - 1); + n_args[n] = split(args, a, ","); + if (n_args[n] > 5) + do_err("Too many parameters"); + for (i = 1; i <= n_args[n]; i++) { + sub("^ *", "", a[i]); # Remove leading white space + sub(" +", " ", a[i]); # Replace multiple spaces with single ones + sub(" *$", "", a[i]); # Remove trailing white space + ptr[n, i] = index(a[i], "*"); # Is it a pointer type? + sub("[*]", "", a[i]); # Remove "*" + if (index(a[i], " ") == 0) + do_err("Parameter with no type or no name"); + typ[n, i] = a[i]; + sub(" [^ ]+$", "", typ[n, i]); # Remove parameter name + if (ptr[n, i] && (typ[n, i] in xlate)) + typ[n, i] = xlate[typ[n, i]]; + arg[n, i] = a[i]; + sub("^([^ ]+ )+", "", arg[n, i]); # Remove parameter type + } +} + +# Generate the output +END { + # Verbatim generated lines + for (i = 1; i <= e; i++) + printf("%s\n", emit[i]); + printf("\n"); + # Generate prototypes + for (i = 1; i <= n; i++) { + for (p = 1; p <= n_pre[i]; p++) { + printf("%s cf_check %s_%s(", rettype[pre[i, p]], pre[i, p], fn[i]); + if (n_args[i] == 0) + printf("void"); + else + for (j = 1; j <= n_args[i]; j++) { + if (j > 1) + printf(", "); + if (ptr[i, j]) + printf("XEN_GUEST_HANDLE_PARAM(%s)", typ[i, j]); + else + printf("%s", typ[i, j]); + printf(" %s", arg[i, j]); + } + printf(");\n"); + } + } + # Generate call sequences and args array contents + for (ca in caller) { + if (caller[ca] != 1) + continue; + need_mask = 0; + for (pl = 1; pl <= n_prios[ca]; pl++) { + for (pll = pl; pll > 1; pll--) { + if (prio_list[ca, pl] > p_list[pll - 1]) + break; + else + p_list[pll] = p_list[pll - 1]; + } + p_list[pll] = prio_list[ca, pl]; + # If any prio but the default one has more than 1 entry we need "mask" + if (p_list[pll] != 100 && prios[ca, p_list[pll]] > 1) + need_mask = 1; + } + printf("\n"); + printf("#define call_handlers_%s(num, ret, a1, a2, a3, a4, a5) \\\n", ca); + printf("({ \\\n"); + if (need_mask) + printf(" uint64_t mask = 1ULL << num; \\\n"); + printf(" "); + for (pl = 1; pl <= n_prios[ca]; pl++) { + if (prios[ca, p_list[pl]] > 1) { + if (pl < n_prios[ca]) { + printf(" if ( likely(mask & (%s)) ) \\\n", prio_mask[ca, p_list[pl]]); + printf(" { \\\n"); + } + if (prios[ca, p_list[pl]] == 2) { + fnd = 0; + for (i = 1; i <= nc; i++) + if (call[i] == ca && call_prio[i] == p_list[pl]) { + fnd++; + if (fnd == 1) + printf(" if ( num == __HYPERVISOR_%s ) \\\n", fn[call_fn[i]]); + else + printf(" else \\\n"); + do_call(call_fn[i], call_p[i]); + } + } else { + do_switch(ca, p_list[pl]); + } + if (pl < n_prios[ca]) + printf(" } \\\n"); + } else { + for (i = 1; i <= nc; i++) + if (call[i] == ca && call_prio[i] == p_list[pl]) { + printf("if ( likely(num == __HYPERVISOR_%s) ) \\\n", fn[call_fn[i]]); + do_call(call_fn[i], call_p[i]); + } + } + if (pl < n_prios[ca] || prios[ca, p_list[pl]] <= 2) + printf(" else \\\n"); + } + if (prios[ca, p_list[n_prios[ca]]] <= 2) { + printf("\\\n"); + printf(" ret = -ENOSYS; \\\n"); + } + printf("})\n"); + delete p_list; + printf("\n"); + printf("#define hypercall_args_%s \\\n", ca); + printf("{ \\\n"); + for (i = 1; i <= nc; i++) + if (call[i] == ca) + printf("[__HYPERVISOR_%s] = %d, \\\n", fn[call_fn[i]], n_args[call_fn[i]]); + printf("}\n"); + } +} -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 10:22:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 10:22:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365005.595000 (Exim 4.92) (envelope-from ) id 1oAqYl-0001j9-Lv; Mon, 11 Jul 2022 10:22:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365005.595000; Mon, 11 Jul 2022 10:22:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYl-0001j2-JB; Mon, 11 Jul 2022 10:22:35 +0000 Received: by outflank-mailman (input) for mailman id 365005; Mon, 11 Jul 2022 10:22:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYk-0001im-IY for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYk-0003q4-Hh for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAqYk-0006tJ-H2 for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OBvaxiIxhG751y8iSA2vWqjnxAKV7qU4A5Lrpxc7GkQ=; b=LqTcWQyYg7w0sHuk2Hnwr0u71p 1A975MvafP/iqxtSMMJYaVxG3xoLNqYgHN/2XUv1Q/ddspe94wYQJmtMS4ClDMAtozxzDaA/ymQ8z vYQQh4G0Cdk6r6bgCH5KxzIaAyt6TMp5a8azF7StUJTLB1SZdEQhaptF/7DialAHNhDY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: use generated prototypes for hypercall handlers Message-Id: Date: Mon, 11 Jul 2022 10:22:34 +0000 commit f9db6bc39d28d9c9835549e10ccc1b4d4be1922f Author: Juergen Gross AuthorDate: Mon Jul 11 12:08:03 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:08:03 2022 +0200 xen: use generated prototypes for hypercall handlers Remove the hypercall handler's prototypes in the related header files and use the generated ones instead. Some handlers having been static before need to be made globally visible. Signed-off-by: Juergen Gross Acked-by: Jan Beulich Acked-by: Julien Grall --- xen/arch/arm/include/asm/hypercall.h | 1 - xen/arch/x86/hvm/hypercall.c | 7 +- xen/arch/x86/include/asm/hypercall.h | 141 ---------------------------- xen/include/xen/hypercall.h | 177 +---------------------------------- 4 files changed, 5 insertions(+), 321 deletions(-) diff --git a/xen/arch/arm/include/asm/hypercall.h b/xen/arch/arm/include/asm/hypercall.h index 8182895358..ccd26c5184 100644 --- a/xen/arch/arm/include/asm/hypercall.h +++ b/xen/arch/arm/include/asm/hypercall.h @@ -6,7 +6,6 @@ #define __ASM_ARM_HYPERCALL_H__ #include /* for arch_do_domctl */ -int do_arm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); long subarch_do_domctl(struct xen_domctl *domctl, struct domain *d, XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index 3a35543997..a9c9ad721f 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -31,8 +31,7 @@ #include #include -static long cf_check hvm_memory_op( - unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long cf_check hvm_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { long rc; @@ -52,7 +51,7 @@ static long cf_check hvm_memory_op( } #ifdef CONFIG_GRANT_TABLE -static long cf_check hvm_grant_table_op( +long cf_check hvm_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { switch ( cmd ) @@ -78,7 +77,7 @@ static long cf_check hvm_grant_table_op( } #endif -static long cf_check hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long cf_check hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { const struct vcpu *curr = current; const struct domain *currd = curr->domain; diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index 81ca25f7b3..2d243b48bc 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -44,109 +44,6 @@ void pv_ring3_init_hypercall_page(void *ptr); */ #define MMU_UPDATE_PREEMPTED (~(~0U>>1)) -extern long cf_check -do_event_channel_op_compat( - XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop); - -/* Legacy hypercall (as of 0x00030202). */ -extern long cf_check do_physdev_op_compat( - XEN_GUEST_HANDLE(physdev_op_t) uop); - -/* Legacy hypercall (as of 0x00030101). */ -extern long cf_check do_sched_op_compat( - int cmd, unsigned long arg); - -extern long cf_check -do_set_trap_table( - XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps); - -extern long cf_check -do_mmu_update( - XEN_GUEST_HANDLE_PARAM(mmu_update_t) ureqs, - unsigned int count, - XEN_GUEST_HANDLE_PARAM(uint) pdone, - unsigned int foreigndom); - -extern long cf_check -do_set_gdt( - XEN_GUEST_HANDLE_PARAM(xen_ulong_t) frame_list, - unsigned int entries); - -extern long cf_check -do_stack_switch( - unsigned long ss, - unsigned long esp); - -extern long cf_check -do_fpu_taskswitch( - int set); - -extern long cf_check -do_set_debugreg( - int reg, - unsigned long value); - -extern long cf_check -do_get_debugreg( - int reg); - -extern long cf_check -do_update_descriptor( - uint64_t gaddr, seg_desc_t desc); - -extern long cf_check -do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc); - -extern long cf_check -do_update_va_mapping( - unsigned long va, - uint64_t val64, - unsigned long flags); - -extern long cf_check -do_physdev_op( - int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); - -extern long cf_check -do_update_va_mapping_otherdomain( - unsigned long va, - uint64_t val64, - unsigned long flags, - domid_t domid); - -extern long cf_check -do_mmuext_op( - XEN_GUEST_HANDLE_PARAM(mmuext_op_t) uops, - unsigned int count, - XEN_GUEST_HANDLE_PARAM(uint) pdone, - unsigned int foreigndom); - -extern long cf_check do_callback_op( - int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg); - -extern long cf_check -do_iret( - void); - -extern long cf_check -do_set_callbacks( - unsigned long event_address, - unsigned long failsafe_address, - unsigned long syscall_address); - -extern long cf_check -do_set_segment_base( - unsigned int which, - unsigned long base); - -long cf_check do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); - -long cf_check do_xenpmu_op(unsigned int op, - XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg); - -long cf_check do_paging_domctl_cont( - XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); - #ifdef CONFIG_COMPAT #include @@ -157,44 +54,6 @@ extern int compat_common_vcpu_op( int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); -extern int cf_check compat_mmuext_op( - XEN_GUEST_HANDLE_PARAM(void) arg, - unsigned int count, - XEN_GUEST_HANDLE_PARAM(uint) pdone, - unsigned int foreigndom); - -extern int cf_check compat_callback_op( - int cmd, XEN_GUEST_HANDLE(const_void) arg); - -extern int cf_check compat_update_va_mapping( - unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags); - -extern int cf_check compat_update_va_mapping_otherdomain( - unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags, domid_t domid); - -DEFINE_XEN_GUEST_HANDLE(trap_info_compat_t); -extern int cf_check compat_set_trap_table( - XEN_GUEST_HANDLE(trap_info_compat_t) traps); - -extern int cf_check compat_set_gdt( - XEN_GUEST_HANDLE_PARAM(uint) frame_list, unsigned int entries); - -extern int cf_check compat_update_descriptor( - uint32_t pa_lo, uint32_t pa_hi, uint32_t desc_lo, uint32_t desc_hi); - -extern int cf_check compat_iret(void); - -extern int cf_check compat_nmi_op( - unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); - -extern int cf_check compat_set_callbacks( - unsigned long event_selector, unsigned long event_address, - unsigned long failsafe_selector, unsigned long failsafe_address); - -DEFINE_XEN_GUEST_HANDLE(physdev_op_compat_t); -extern int cf_check compat_physdev_op_compat( - XEN_GUEST_HANDLE(physdev_op_compat_t) uop); - #endif /* CONFIG_COMPAT */ #endif /* __ASM_X86_HYPERCALL_H__ */ diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index ca8ee22717..f307dfb597 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -21,33 +21,19 @@ #include #include -extern long cf_check -do_sched_op( - int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern long cf_check -do_domctl( - XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); +/* Needs to be after asm/hypercall.h. */ +#include extern long arch_do_domctl( struct xen_domctl *domctl, struct domain *d, XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); -extern long cf_check -do_sysctl( - XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl); - extern long arch_do_sysctl( struct xen_sysctl *sysctl, XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl); -extern long cf_check -do_platform_op( - XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op); - extern long pci_physdev_op( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); @@ -65,170 +51,11 @@ pci_physdev_op( #define MEMOP_EXTENT_SHIFT 6 /* cmd[:6] == start_extent */ #define MEMOP_CMD_MASK ((1 << MEMOP_EXTENT_SHIFT) - 1) -extern long cf_check -do_memory_op( - unsigned long cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern long cf_check -do_multicall( - XEN_GUEST_HANDLE_PARAM(multicall_entry_t) call_list, - unsigned int nr_calls); - -extern long cf_check -do_set_timer_op( - s_time_t timeout); - -extern long cf_check -do_event_channel_op( - int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); - -extern long cf_check -do_xen_version( - int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern long cf_check -do_console_io( - unsigned int cmd, - unsigned int count, - XEN_GUEST_HANDLE_PARAM(char) buffer); - -extern long cf_check -do_grant_table_op( - unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) uop, - unsigned int count); - -extern long cf_check -do_vm_assist( - unsigned int cmd, - unsigned int type); - -extern long cf_check -do_vcpu_op( - int cmd, - unsigned int vcpuid, - XEN_GUEST_HANDLE_PARAM(void) arg); - -struct vcpu; extern long common_vcpu_op(int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long cf_check -do_hvm_op( - unsigned long op, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern long cf_check -do_kexec_op( - unsigned int op, - XEN_GUEST_HANDLE_PARAM(void) uarg); - -extern long cf_check -do_xsm_op( - XEN_GUEST_HANDLE_PARAM(void) u_xsm_op); - -#ifdef CONFIG_ARGO -extern long cf_check do_argo_op( - unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg1, - XEN_GUEST_HANDLE_PARAM(void) arg2, - unsigned long arg3, - unsigned long arg4); -#endif - -extern long cf_check -do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg); - -extern long cf_check -do_dm_op( - domid_t domid, - unsigned int nr_bufs, - XEN_GUEST_HANDLE_PARAM(xen_dm_op_buf_t) bufs); - -#ifdef CONFIG_HYPFS -extern long cf_check -do_hypfs_op( - unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(const_char) arg1, - unsigned long arg2, - XEN_GUEST_HANDLE_PARAM(void) arg3, - unsigned long arg4); -#endif - -#ifdef CONFIG_COMPAT - -extern int cf_check -compat_memory_op( - unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern int cf_check -compat_grant_table_op( - unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) uop, - unsigned int count); - -extern int cf_check -compat_vcpu_op( - int cmd, - unsigned int vcpuid, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern int cf_check -compat_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg); - -extern int cf_check -compat_xen_version( - int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern int cf_check -compat_sched_op( - int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern int cf_check -compat_set_timer_op( - uint32_t lo, - int32_t hi); - -extern int cf_check compat_xsm_op( - XEN_GUEST_HANDLE_PARAM(void) op); - -extern int cf_check compat_kexec_op( - unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg); - -DEFINE_XEN_GUEST_HANDLE(multicall_entry_compat_t); -extern int cf_check compat_multicall( - XEN_GUEST_HANDLE_PARAM(multicall_entry_compat_t) call_list, - uint32_t nr_calls); - -int compat_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); - -DEFINE_XEN_GUEST_HANDLE(compat_platform_op_t); -int compat_platform_op(XEN_GUEST_HANDLE_PARAM(compat_platform_op_t) u_xenpf_op); - -#ifdef CONFIG_ARGO -extern int cf_check compat_argo_op( - unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg1, - XEN_GUEST_HANDLE_PARAM(void) arg2, - unsigned long arg3, - unsigned long arg4); -#endif - -extern int cf_check -compat_dm_op( - domid_t domid, - unsigned int nr_bufs, - XEN_GUEST_HANDLE_PARAM(void) bufs); - -#endif - void arch_get_xen_caps(xen_capabilities_info_t *info); #endif /* __XEN_HYPERCALL_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 10:22:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 10:22:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365006.595004 (Exim 4.92) (envelope-from ) id 1oAqYv-0001m3-NV; Mon, 11 Jul 2022 10:22:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365006.595004; Mon, 11 Jul 2022 10:22:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYv-0001lv-Kw; Mon, 11 Jul 2022 10:22:45 +0000 Received: by outflank-mailman (input) for mailman id 365006; Mon, 11 Jul 2022 10:22:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYu-0001lf-Lv for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqYu-0003qE-L3 for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAqYu-0006tx-Jx for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gclR98eB/TYN4JmFKyMTkaSWXrrp7uBMnzS25D3jPqM=; b=LQBMCECkUWccfLxiv22laVGp4q tqz4DZN5pJ07QiiPrskyQVKEztT5/TT4WFSZIo0OgeUjlaNb3aUMWH7TyvoBIv4jHmpCiF5R0WnJf l1WJwE8qtCxfKUNj938kTLk6AoKQmKkeDiaT11koBNFV28zPk4E38BdTv4jAD3hoWNWg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/x86: call hypercall handlers via generated macro Message-Id: Date: Mon, 11 Jul 2022 10:22:44 +0000 commit 8523851dbc497088b5b207ff230b12d5514be121 Author: Juergen Gross AuthorDate: Mon Jul 11 12:09:13 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:09:13 2022 +0200 xen/x86: call hypercall handlers via generated macro Instead of using a function table use the generated macros for calling the appropriate hypercall handlers. This is beneficial to performance and avoids speculation issues. With calling the handlers using the correct number of parameters now it is possible to do the parameter register clobbering in the NDEBUG case after returning from the handler. With the additional generated data the hard coded hypercall_args_table[] can be replaced by tables using the generated number of parameters. Note that this change modifies behavior of clobbering registers in a minor way: in case a hypercall is returning -ENOSYS (or the unsigned equivalent thereof) for any reason the parameter registers will no longer be clobbered. This should be of no real concern, as those cases ought to be extremely rare and reuse of the registers in those cases seems rather far fetched. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/hypercall.c | 166 ++++--------------------------- xen/arch/x86/hypercall.c | 59 ----------- xen/arch/x86/include/asm/hypercall.h | 55 ++++++++--- xen/arch/x86/pv/hypercall.c | 184 ++++------------------------------- 4 files changed, 76 insertions(+), 388 deletions(-) diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index a9c9ad721f..ae601185fc 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -111,56 +111,10 @@ long cf_check hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) return compat_physdev_op(cmd, arg); } -#define HYPERCALL(x) \ - [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) do_ ## x, \ - (hypercall_fn_t *) do_ ## x } - -#define HVM_CALL(x) \ - [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) hvm_ ## x, \ - (hypercall_fn_t *) hvm_ ## x } - -#define COMPAT_CALL(x) \ - [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) do_ ## x, \ - (hypercall_fn_t *) compat_ ## x } - -static const struct { - hypercall_fn_t *native, *compat; -} hvm_hypercall_table[] = { - HVM_CALL(memory_op), - COMPAT_CALL(multicall), -#ifdef CONFIG_GRANT_TABLE - HVM_CALL(grant_table_op), -#endif - HYPERCALL(vm_assist), - COMPAT_CALL(vcpu_op), - HVM_CALL(physdev_op), - COMPAT_CALL(xen_version), - HYPERCALL(console_io), - HYPERCALL(event_channel_op), - COMPAT_CALL(sched_op), - COMPAT_CALL(set_timer_op), - COMPAT_CALL(xsm_op), - HYPERCALL(hvm_op), - HYPERCALL(sysctl), - HYPERCALL(domctl), -#ifdef CONFIG_ARGO - COMPAT_CALL(argo_op), -#endif - COMPAT_CALL(platform_op), -#ifdef CONFIG_PV - COMPAT_CALL(mmuext_op), -#endif - HYPERCALL(xenpmu_op), - COMPAT_CALL(dm_op), -#ifdef CONFIG_HYPFS - HYPERCALL(hypfs_op), +#ifndef NDEBUG +static const unsigned char hypercall_args_64[] = hypercall_args_hvm64; +static const unsigned char hypercall_args_32[] = hypercall_args_hvm32; #endif - HYPERCALL(paging_domctl_cont) -}; - -#undef HYPERCALL -#undef HVM_CALL -#undef COMPAT_CALL int hvm_hypercall(struct cpu_user_regs *regs) { @@ -206,23 +160,6 @@ int hvm_hypercall(struct cpu_user_regs *regs) return ret; } - BUILD_BUG_ON(ARRAY_SIZE(hvm_hypercall_table) > - ARRAY_SIZE(hypercall_args_table)); - - if ( eax >= ARRAY_SIZE(hvm_hypercall_table) ) - { - regs->rax = -ENOSYS; - return HVM_HCALL_completed; - } - - eax = array_index_nospec(eax, ARRAY_SIZE(hvm_hypercall_table)); - - if ( !hvm_hypercall_table[eax].native ) - { - regs->rax = -ENOSYS; - return HVM_HCALL_completed; - } - /* * Caching is intended for instruction emulation only. Disable it * for any accesses by hypercall argument copy-in / copy-out. @@ -233,85 +170,27 @@ int hvm_hypercall(struct cpu_user_regs *regs) if ( mode == 8 ) { - unsigned long rdi = regs->rdi; - unsigned long rsi = regs->rsi; - unsigned long rdx = regs->rdx; - unsigned long r10 = regs->r10; - unsigned long r8 = regs->r8; - HVM_DBG_LOG(DBG_LEVEL_HCALL, "hcall%lu(%lx, %lx, %lx, %lx, %lx)", - eax, rdi, rsi, rdx, r10, r8); - -#ifndef NDEBUG - /* Deliberately corrupt parameter regs not used by this hypercall. */ - switch ( hypercall_args_table[eax].native ) - { - case 0: rdi = 0xdeadbeefdeadf00dUL; fallthrough; - case 1: rsi = 0xdeadbeefdeadf00dUL; fallthrough; - case 2: rdx = 0xdeadbeefdeadf00dUL; fallthrough; - case 3: r10 = 0xdeadbeefdeadf00dUL; fallthrough; - case 4: r8 = 0xdeadbeefdeadf00dUL; - } -#endif + eax, regs->rdi, regs->rsi, regs->rdx, regs->r10, regs->r8); - regs->rax = hvm_hypercall_table[eax].native(rdi, rsi, rdx, r10, r8); + call_handlers_hvm64(eax, regs->rax, regs->rdi, regs->rsi, regs->rdx, + regs->r10, regs->r8); -#ifndef NDEBUG - if ( !curr->hcall_preempted ) - { - /* Deliberately corrupt parameter regs used by this hypercall. */ - switch ( hypercall_args_table[eax].native ) - { - case 5: regs->r8 = 0xdeadbeefdeadf00dUL; fallthrough; - case 4: regs->r10 = 0xdeadbeefdeadf00dUL; fallthrough; - case 3: regs->rdx = 0xdeadbeefdeadf00dUL; fallthrough; - case 2: regs->rsi = 0xdeadbeefdeadf00dUL; fallthrough; - case 1: regs->rdi = 0xdeadbeefdeadf00dUL; - } - } -#endif + if ( !curr->hcall_preempted && regs->rax != -ENOSYS ) + clobber_regs(regs, get_nargs(hypercall_args_64, eax)); } else { - unsigned int ebx = regs->ebx; - unsigned int ecx = regs->ecx; - unsigned int edx = regs->edx; - unsigned int esi = regs->esi; - unsigned int edi = regs->edi; - HVM_DBG_LOG(DBG_LEVEL_HCALL, "hcall%lu(%x, %x, %x, %x, %x)", eax, - ebx, ecx, edx, esi, edi); - -#ifndef NDEBUG - /* Deliberately corrupt parameter regs not used by this hypercall. */ - switch ( hypercall_args_table[eax].compat ) - { - case 0: ebx = 0xdeadf00d; fallthrough; - case 1: ecx = 0xdeadf00d; fallthrough; - case 2: edx = 0xdeadf00d; fallthrough; - case 3: esi = 0xdeadf00d; fallthrough; - case 4: edi = 0xdeadf00d; - } -#endif + regs->ebx, regs->ecx, regs->edx, regs->esi, regs->edi); curr->hcall_compat = true; - regs->eax = hvm_hypercall_table[eax].compat(ebx, ecx, edx, esi, edi); + call_handlers_hvm32(eax, regs->eax, regs->ebx, regs->ecx, regs->edx, + regs->esi, regs->edi); curr->hcall_compat = false; -#ifndef NDEBUG - if ( !curr->hcall_preempted ) - { - /* Deliberately corrupt parameter regs used by this hypercall. */ - switch ( hypercall_args_table[eax].compat ) - { - case 5: regs->rdi = 0xdeadf00d; fallthrough; - case 4: regs->rsi = 0xdeadf00d; fallthrough; - case 3: regs->rdx = 0xdeadf00d; fallthrough; - case 2: regs->rcx = 0xdeadf00d; fallthrough; - case 1: regs->rbx = 0xdeadf00d; - } - } -#endif + if ( !curr->hcall_preempted && regs->eax != -ENOSYS ) + clobber_regs32(regs, get_nargs(hypercall_args_32, eax)); } hvmemul_cache_restore(curr, token); @@ -332,31 +211,20 @@ int hvm_hypercall(struct cpu_user_regs *regs) enum mc_disposition hvm_do_multicall_call(struct mc_state *state) { struct vcpu *curr = current; - hypercall_fn_t *func = NULL; if ( hvm_guest_x86_mode(curr) == 8 ) { struct multicall_entry *call = &state->call; - if ( call->op < ARRAY_SIZE(hvm_hypercall_table) ) - func = array_access_nospec(hvm_hypercall_table, call->op).native; - if ( func ) - call->result = func(call->args[0], call->args[1], call->args[2], - call->args[3], call->args[4]); - else - call->result = -ENOSYS; + call_handlers_hvm64(call->op, call->result, call->args[0], call->args[1], + call->args[2], call->args[3], call->args[4]); } else { struct compat_multicall_entry *call = &state->compat_call; - if ( call->op < ARRAY_SIZE(hvm_hypercall_table) ) - func = array_access_nospec(hvm_hypercall_table, call->op).compat; - if ( func ) - call->result = func(call->args[0], call->args[1], call->args[2], - call->args[3], call->args[4]); - else - call->result = -ENOSYS; + call_handlers_hvm32(call->op, call->result, call->args[0], call->args[1], + call->args[2], call->args[3], call->args[4]); } return !hvm_get_cpl(curr) ? mc_continue : mc_preempt; diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 07e1a45ef5..6b73cff9b9 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -22,65 +22,6 @@ #include #include -#ifdef CONFIG_COMPAT -#define ARGS(x, n) \ - [ __HYPERVISOR_ ## x ] = { n, n } -#define COMP(x, n, c) \ - [ __HYPERVISOR_ ## x ] = { n, c } -#else -#define ARGS(x, n) [ __HYPERVISOR_ ## x ] = { n } -#define COMP(x, n, c) ARGS(x, n) -#endif - -const hypercall_args_t hypercall_args_table[NR_hypercalls] = -{ - ARGS(set_trap_table, 1), - ARGS(mmu_update, 4), - ARGS(set_gdt, 2), - ARGS(stack_switch, 2), - COMP(set_callbacks, 3, 4), - ARGS(fpu_taskswitch, 1), - ARGS(sched_op_compat, 2), - ARGS(platform_op, 1), - ARGS(set_debugreg, 2), - ARGS(get_debugreg, 1), - COMP(update_descriptor, 2, 4), - ARGS(memory_op, 2), - ARGS(multicall, 2), - COMP(update_va_mapping, 3, 4), - COMP(set_timer_op, 1, 2), - ARGS(event_channel_op_compat, 1), - ARGS(xen_version, 2), - ARGS(console_io, 3), - ARGS(physdev_op_compat, 1), - ARGS(grant_table_op, 3), - ARGS(vm_assist, 2), - COMP(update_va_mapping_otherdomain, 4, 5), - ARGS(vcpu_op, 3), - COMP(set_segment_base, 2, 0), - ARGS(mmuext_op, 4), - ARGS(xsm_op, 1), - ARGS(nmi_op, 2), - ARGS(sched_op, 2), - ARGS(callback_op, 2), - ARGS(xenoprof_op, 2), - ARGS(event_channel_op, 2), - ARGS(physdev_op, 2), - ARGS(sysctl, 1), - ARGS(domctl, 1), - ARGS(kexec_op, 2), - ARGS(argo_op, 5), - ARGS(xenpmu_op, 2), - ARGS(hvm_op, 2), - ARGS(dm_op, 3), - ARGS(hypfs_op, 5), - ARGS(mca, 1), - ARGS(paging_domctl_cont, 1), -}; - -#undef COMP -#undef ARGS - #define NEXT_ARG(fmt, args) \ ({ \ unsigned long __arg; \ diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index 2d243b48bc..ab8bd12e60 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -17,19 +17,6 @@ #define __HYPERVISOR_paging_domctl_cont __HYPERVISOR_arch_1 -typedef unsigned long hypercall_fn_t( - unsigned long, unsigned long, unsigned long, - unsigned long, unsigned long); - -typedef struct { - uint8_t native; -#ifdef CONFIG_COMPAT - uint8_t compat; -#endif -} hypercall_args_t; - -extern const hypercall_args_t hypercall_args_table[NR_hypercalls]; - #ifdef CONFIG_PV void pv_hypercall(struct cpu_user_regs *regs); #endif @@ -56,4 +43,46 @@ compat_common_vcpu_op( #endif /* CONFIG_COMPAT */ +#ifndef NDEBUG +static inline unsigned int _get_nargs(const unsigned char *tbl, unsigned int c) +{ + return tbl[c]; +} +#define get_nargs(t, c) _get_nargs(t, array_index_nospec(c, ARRAY_SIZE(t))) +#else +#define get_nargs(tbl, c) 0 +#endif + +static inline void clobber_regs(struct cpu_user_regs *regs, + unsigned int nargs) +{ +#ifndef NDEBUG + /* Deliberately corrupt used parameter regs. */ + switch ( nargs ) + { + case 5: regs->r8 = 0xdeadbeefdeadf00dUL; fallthrough; + case 4: regs->r10 = 0xdeadbeefdeadf00dUL; fallthrough; + case 3: regs->rdx = 0xdeadbeefdeadf00dUL; fallthrough; + case 2: regs->rsi = 0xdeadbeefdeadf00dUL; fallthrough; + case 1: regs->rdi = 0xdeadbeefdeadf00dUL; + } +#endif +} + +static inline void clobber_regs32(struct cpu_user_regs *regs, + unsigned int nargs) +{ +#ifndef NDEBUG + /* Deliberately corrupt used parameter regs. */ + switch ( nargs ) + { + case 5: regs->edi = 0xdeadf00dU; fallthrough; + case 4: regs->esi = 0xdeadf00dU; fallthrough; + case 3: regs->edx = 0xdeadf00dU; fallthrough; + case 2: regs->ecx = 0xdeadf00dU; fallthrough; + case 1: regs->ebx = 0xdeadf00dU; + } +#endif +} + #endif /* __ASM_X86_HYPERCALL_H__ */ diff --git a/xen/arch/x86/pv/hypercall.c b/xen/arch/x86/pv/hypercall.c index fe8dfe9e8f..bf64bb41bb 100644 --- a/xen/arch/x86/pv/hypercall.c +++ b/xen/arch/x86/pv/hypercall.c @@ -27,119 +27,22 @@ #include #include -typedef struct { - hypercall_fn_t *native; -#ifdef CONFIG_PV32 - hypercall_fn_t *compat; -#endif -} pv_hypercall_table_t; - +#ifndef NDEBUG +static const unsigned char hypercall_args_64[] = hypercall_args_pv64; #ifdef CONFIG_PV32 -#define HYPERCALL(x) \ - [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) do_ ## x, \ - (hypercall_fn_t *) do_ ## x } -#define COMPAT_CALL(x) \ - [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) do_ ## x, \ - (hypercall_fn_t *) compat_ ## x } -#else -#define HYPERCALL(x) \ - [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) do_ ## x } -#define COMPAT_CALL(x) HYPERCALL(x) -#endif - -static const pv_hypercall_table_t pv_hypercall_table[] = { - COMPAT_CALL(set_trap_table), - HYPERCALL(mmu_update), - COMPAT_CALL(set_gdt), - HYPERCALL(stack_switch), - COMPAT_CALL(set_callbacks), - HYPERCALL(fpu_taskswitch), - HYPERCALL(sched_op_compat), -#ifndef CONFIG_PV_SHIM_EXCLUSIVE - COMPAT_CALL(platform_op), -#endif - HYPERCALL(set_debugreg), - HYPERCALL(get_debugreg), - COMPAT_CALL(update_descriptor), - COMPAT_CALL(memory_op), - COMPAT_CALL(multicall), - COMPAT_CALL(update_va_mapping), - COMPAT_CALL(set_timer_op), - HYPERCALL(event_channel_op_compat), - COMPAT_CALL(xen_version), - HYPERCALL(console_io), - COMPAT_CALL(physdev_op_compat), -#if defined(CONFIG_GRANT_TABLE) || defined(CONFIG_PV_SHIM) - COMPAT_CALL(grant_table_op), -#endif - HYPERCALL(vm_assist), - COMPAT_CALL(update_va_mapping_otherdomain), - COMPAT_CALL(iret), - COMPAT_CALL(vcpu_op), - HYPERCALL(set_segment_base), - COMPAT_CALL(mmuext_op), - COMPAT_CALL(xsm_op), - COMPAT_CALL(nmi_op), - COMPAT_CALL(sched_op), - COMPAT_CALL(callback_op), -#ifdef CONFIG_XENOPROF - COMPAT_CALL(xenoprof_op), -#endif - HYPERCALL(event_channel_op), - COMPAT_CALL(physdev_op), -#ifndef CONFIG_PV_SHIM_EXCLUSIVE - HYPERCALL(sysctl), - HYPERCALL(domctl), -#endif -#ifdef CONFIG_KEXEC - COMPAT_CALL(kexec_op), +static const unsigned char hypercall_args_32[] = hypercall_args_pv32; #endif -#ifdef CONFIG_ARGO - COMPAT_CALL(argo_op), #endif - HYPERCALL(xenpmu_op), -#ifdef CONFIG_HVM - HYPERCALL(hvm_op), - COMPAT_CALL(dm_op), -#endif -#ifdef CONFIG_HYPFS - HYPERCALL(hypfs_op), -#endif - HYPERCALL(mca), -#ifndef CONFIG_PV_SHIM_EXCLUSIVE - HYPERCALL(paging_domctl_cont), -#endif -}; - -#undef COMPAT_CALL -#undef HYPERCALL /* Forced inline to cause 'compat' to be evaluated at compile time. */ static void always_inline _pv_hypercall(struct cpu_user_regs *regs, bool compat) { struct vcpu *curr = current; - unsigned long eax = compat ? regs->eax : regs->rax; + unsigned long eax; ASSERT(guest_kernel_mode(curr, regs)); - BUILD_BUG_ON(ARRAY_SIZE(pv_hypercall_table) > - ARRAY_SIZE(hypercall_args_table)); - - if ( eax >= ARRAY_SIZE(pv_hypercall_table) ) - { - regs->rax = -ENOSYS; - return; - } - - eax = array_index_nospec(eax, ARRAY_SIZE(pv_hypercall_table)); - - if ( !pv_hypercall_table[eax].native ) - { - regs->rax = -ENOSYS; - return; - } - curr->hcall_preempted = false; if ( !compat ) @@ -150,17 +53,8 @@ _pv_hypercall(struct cpu_user_regs *regs, bool compat) unsigned long r10 = regs->r10; unsigned long r8 = regs->r8; -#ifndef NDEBUG - /* Deliberately corrupt parameter regs not used by this hypercall. */ - switch ( hypercall_args_table[eax].native ) - { - case 0: rdi = 0xdeadbeefdeadf00dUL; fallthrough; - case 1: rsi = 0xdeadbeefdeadf00dUL; fallthrough; - case 2: rdx = 0xdeadbeefdeadf00dUL; fallthrough; - case 3: r10 = 0xdeadbeefdeadf00dUL; fallthrough; - case 4: r8 = 0xdeadbeefdeadf00dUL; - } -#endif + eax = regs->rax; + if ( unlikely(tb_init_done) ) { unsigned long args[5] = { rdi, rsi, rdx, r10, r8 }; @@ -168,22 +62,10 @@ _pv_hypercall(struct cpu_user_regs *regs, bool compat) __trace_hypercall(TRC_PV_HYPERCALL_V2, eax, args); } - regs->rax = pv_hypercall_table[eax].native(rdi, rsi, rdx, r10, r8); + call_handlers_pv64(eax, regs->rax, rdi, rsi, rdx, r10, r8); -#ifndef NDEBUG - if ( !curr->hcall_preempted ) - { - /* Deliberately corrupt parameter regs used by this hypercall. */ - switch ( hypercall_args_table[eax].native ) - { - case 5: regs->r8 = 0xdeadbeefdeadf00dUL; fallthrough; - case 4: regs->r10 = 0xdeadbeefdeadf00dUL; fallthrough; - case 3: regs->rdx = 0xdeadbeefdeadf00dUL; fallthrough; - case 2: regs->rsi = 0xdeadbeefdeadf00dUL; fallthrough; - case 1: regs->rdi = 0xdeadbeefdeadf00dUL; - } - } -#endif + if ( !curr->hcall_preempted && regs->rax != -ENOSYS ) + clobber_regs(regs, get_nargs(hypercall_args_64, eax)); } #ifdef CONFIG_PV32 else @@ -194,17 +76,7 @@ _pv_hypercall(struct cpu_user_regs *regs, bool compat) unsigned int esi = regs->esi; unsigned int edi = regs->edi; -#ifndef NDEBUG - /* Deliberately corrupt parameter regs not used by this hypercall. */ - switch ( hypercall_args_table[eax].compat ) - { - case 0: ebx = 0xdeadf00d; fallthrough; - case 1: ecx = 0xdeadf00d; fallthrough; - case 2: edx = 0xdeadf00d; fallthrough; - case 3: esi = 0xdeadf00d; fallthrough; - case 4: edi = 0xdeadf00d; - } -#endif + eax = regs->eax; if ( unlikely(tb_init_done) ) { @@ -214,23 +86,11 @@ _pv_hypercall(struct cpu_user_regs *regs, bool compat) } curr->hcall_compat = true; - regs->eax = pv_hypercall_table[eax].compat(ebx, ecx, edx, esi, edi); + call_handlers_pv32(eax, regs->eax, ebx, ecx, edx, esi, edi); curr->hcall_compat = false; -#ifndef NDEBUG - if ( !curr->hcall_preempted ) - { - /* Deliberately corrupt parameter regs used by this hypercall. */ - switch ( hypercall_args_table[eax].compat ) - { - case 5: regs->edi = 0xdeadf00d; fallthrough; - case 4: regs->esi = 0xdeadf00d; fallthrough; - case 3: regs->edx = 0xdeadf00d; fallthrough; - case 2: regs->ecx = 0xdeadf00d; fallthrough; - case 1: regs->ebx = 0xdeadf00d; - } - } -#endif + if ( !curr->hcall_preempted && regs->eax != -ENOSYS ) + clobber_regs32(regs, get_nargs(hypercall_args_32, eax)); } #endif /* CONFIG_PV32 */ @@ -256,13 +116,8 @@ enum mc_disposition pv_do_multicall_call(struct mc_state *state) struct compat_multicall_entry *call = &state->compat_call; op = call->op; - if ( (op < ARRAY_SIZE(pv_hypercall_table)) && - pv_hypercall_table[op].compat ) - call->result = pv_hypercall_table[op].compat( - call->args[0], call->args[1], call->args[2], - call->args[3], call->args[4]); - else - call->result = -ENOSYS; + call_handlers_pv32(op, call->result, call->args[0], call->args[1], + call->args[2], call->args[3], call->args[4]); } else #endif @@ -270,13 +125,8 @@ enum mc_disposition pv_do_multicall_call(struct mc_state *state) struct multicall_entry *call = &state->call; op = call->op; - if ( (op < ARRAY_SIZE(pv_hypercall_table)) && - pv_hypercall_table[op].native ) - call->result = pv_hypercall_table[op].native( - call->args[0], call->args[1], call->args[2], - call->args[3], call->args[4]); - else - call->result = -ENOSYS; + call_handlers_pv64(op, call->result, call->args[0], call->args[1], + call->args[2], call->args[3], call->args[4]); } return unlikely(op == __HYPERVISOR_iret) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 10:22:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 10:22:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365007.595007 (Exim 4.92) (envelope-from ) id 1oAqZ5-0001pS-QW; Mon, 11 Jul 2022 10:22:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365007.595007; Mon, 11 Jul 2022 10:22:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZ5-0001pK-Ny; Mon, 11 Jul 2022 10:22:55 +0000 Received: by outflank-mailman (input) for mailman id 365007; Mon, 11 Jul 2022 10:22:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZ4-0001p9-Pf for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZ4-0003qR-Ot for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAqZ4-0006uM-NN for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:22:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kyudx5ll0p6d3TyjdiUvzEhQf750QdblD23CCw6GnZw=; b=sIctpRq56N7tUmpHbvb0s6QJXN ESz/QgtUJ3jJwrtJ8O+lAKCxSrFlc+4fvcC/TnhBvD84pwTUpkE5AoQi2O4xRUT5JBMZGoGRs37IG W2QrtWzY7H+T2m1NKJ4LqAQE4hblaC4eHM2EUU6GLF36r5u+VdIoikFSSLuR/7HfJq0o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: call hypercall handlers via generated macro Message-Id: Date: Mon, 11 Jul 2022 10:22:54 +0000 commit 39fc5f5c02c2cb5ce7b7ef8d30dc8ee0737d0ec8 Author: Juergen Gross AuthorDate: Mon Jul 11 12:09:48 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:09:48 2022 +0200 xen/arm: call hypercall handlers via generated macro Instead of using a function table use the generated macros for calling the appropriate hypercall handlers. This makes the calls of the handlers type safe. For deprecated hypercalls define stub functions. Signed-off-by: Juergen Gross Reviewed-by: Julien Grall Tested-by: Michal Orzel --- xen/arch/arm/traps.c | 117 +++++++++++---------------------------------------- 1 file changed, 24 insertions(+), 93 deletions(-) diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 785f2121d1..79f9ed0725 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1331,67 +1331,20 @@ static register_t do_deprecated_hypercall(void) return -ENOSYS; } -typedef register_t (*arm_hypercall_fn_t)( - register_t, register_t, register_t, register_t, register_t); - -typedef struct { - arm_hypercall_fn_t fn; - int nr_args; -} arm_hypercall_t; - -#define HYPERCALL(_name, _nr_args) \ - [ __HYPERVISOR_ ## _name ] = { \ - .fn = (arm_hypercall_fn_t) &do_ ## _name, \ - .nr_args = _nr_args, \ - } +long dep_sched_op_compat(int cmd, unsigned long arg) +{ + return do_deprecated_hypercall(); +} -#define HYPERCALL_ARM(_name, _nr_args) \ - [ __HYPERVISOR_ ## _name ] = { \ - .fn = (arm_hypercall_fn_t) &do_arm_ ## _name, \ - .nr_args = _nr_args, \ - } -/* - * Only use this for hypercalls which were deprecated (i.e. replaced - * by something else) before Xen on ARM was created, i.e. *not* for - * hypercalls which are simply not yet used on ARM. - */ -#define HYPERCALL_DEPRECATED(_name, _nr_args) \ - [ __HYPERVISOR_##_name ] = { \ - .fn = (arm_hypercall_fn_t) &do_deprecated_hypercall, \ - .nr_args = _nr_args, \ - } +long dep_event_channel_op_compat(XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop) +{ + return do_deprecated_hypercall(); +} -static arm_hypercall_t arm_hypercall_table[] = { - HYPERCALL(memory_op, 2), - HYPERCALL(domctl, 1), - HYPERCALL(sched_op, 2), - HYPERCALL_DEPRECATED(sched_op_compat, 2), - HYPERCALL(console_io, 3), - HYPERCALL(xen_version, 2), - HYPERCALL(xsm_op, 1), - HYPERCALL(event_channel_op, 2), - HYPERCALL_DEPRECATED(event_channel_op_compat, 1), - HYPERCALL_ARM(physdev_op, 2), - HYPERCALL_DEPRECATED(physdev_op_compat, 1), - HYPERCALL(sysctl, 2), - HYPERCALL(hvm_op, 2), -#ifdef CONFIG_GRANT_TABLE - HYPERCALL(grant_table_op, 3), -#endif - HYPERCALL(multicall, 2), - HYPERCALL(platform_op, 1), - HYPERCALL(vcpu_op, 3), - HYPERCALL(vm_assist, 2), -#ifdef CONFIG_ARGO - HYPERCALL(argo_op, 5), -#endif -#ifdef CONFIG_HYPFS - HYPERCALL(hypfs_op, 5), -#endif -#ifdef CONFIG_IOREQ_SERVER - HYPERCALL(dm_op, 3), -#endif -}; +long dep_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) +{ + return do_deprecated_hypercall(); +} #ifndef NDEBUG static void do_debug_trap(struct cpu_user_regs *regs, unsigned int code) @@ -1430,7 +1383,6 @@ static void do_debug_trap(struct cpu_user_regs *regs, unsigned int code) #define HYPERCALL_ARG3(r) (r)->x2 #define HYPERCALL_ARG4(r) (r)->x3 #define HYPERCALL_ARG5(r) (r)->x4 -#define HYPERCALL_ARGS(r) (r)->x0, (r)->x1, (r)->x2, (r)->x3, (r)->x4 #else #define HYPERCALL_RESULT_REG(r) (r)->r0 #define HYPERCALL_ARG1(r) (r)->r0 @@ -1438,52 +1390,40 @@ static void do_debug_trap(struct cpu_user_regs *regs, unsigned int code) #define HYPERCALL_ARG3(r) (r)->r2 #define HYPERCALL_ARG4(r) (r)->r3 #define HYPERCALL_ARG5(r) (r)->r4 -#define HYPERCALL_ARGS(r) (r)->r0, (r)->r1, (r)->r2, (r)->r3, (r)->r4 #endif +static const unsigned char hypercall_args[] = hypercall_args_arm; + static void do_trap_hypercall(struct cpu_user_regs *regs, register_t *nr, const union hsr hsr) { - arm_hypercall_fn_t call = NULL; struct vcpu *curr = current; - BUILD_BUG_ON(NR_hypercalls < ARRAY_SIZE(arm_hypercall_table) ); - if ( hsr.iss != XEN_HYPERCALL_TAG ) { gprintk(XENLOG_WARNING, "Invalid HVC imm 0x%x\n", hsr.iss); return inject_undef_exception(regs, hsr); } - if ( *nr >= ARRAY_SIZE(arm_hypercall_table) ) - { - perfc_incr(invalid_hypercalls); - HYPERCALL_RESULT_REG(regs) = -ENOSYS; - return; - } - curr->hcall_preempted = false; perfc_incra(hypercalls, *nr); - call = arm_hypercall_table[*nr].fn; - if ( call == NULL ) - { - HYPERCALL_RESULT_REG(regs) = -ENOSYS; - return; - } - HYPERCALL_RESULT_REG(regs) = call(HYPERCALL_ARGS(regs)); + call_handlers_arm(*nr, HYPERCALL_RESULT_REG(regs), HYPERCALL_ARG1(regs), + HYPERCALL_ARG2(regs), HYPERCALL_ARG3(regs), + HYPERCALL_ARG4(regs), HYPERCALL_ARG5(regs)); #ifndef NDEBUG - if ( !curr->hcall_preempted ) + if ( !curr->hcall_preempted && HYPERCALL_RESULT_REG(regs) != -ENOSYS ) { /* Deliberately corrupt parameter regs used by this hypercall. */ - switch ( arm_hypercall_table[*nr].nr_args ) { + switch ( hypercall_args[*nr] ) { case 5: HYPERCALL_ARG5(regs) = 0xDEADBEEF; case 4: HYPERCALL_ARG4(regs) = 0xDEADBEEF; case 3: HYPERCALL_ARG3(regs) = 0xDEADBEEF; case 2: HYPERCALL_ARG2(regs) = 0xDEADBEEF; case 1: /* Don't clobber x0/r0 -- it's the return value */ + case 0: /* -ENOSYS case */ break; default: BUG(); } @@ -1520,7 +1460,7 @@ static bool check_multicall_32bit_clean(struct multicall_entry *multi) { int i; - for ( i = 0; i < arm_hypercall_table[multi->op].nr_args; i++ ) + for ( i = 0; i < hypercall_args[multi->op]; i++ ) { if ( unlikely(multi->args[i] & 0xffffffff00000000ULL) ) { @@ -1537,16 +1477,8 @@ static bool check_multicall_32bit_clean(struct multicall_entry *multi) enum mc_disposition arch_do_multicall_call(struct mc_state *state) { struct multicall_entry *multi = &state->call; - arm_hypercall_fn_t call = NULL; - - if ( multi->op >= ARRAY_SIZE(arm_hypercall_table) ) - { - multi->result = -ENOSYS; - return mc_continue; - } - call = arm_hypercall_table[multi->op].fn; - if ( call == NULL ) + if ( multi->op >= ARRAY_SIZE(hypercall_args) ) { multi->result = -ENOSYS; return mc_continue; @@ -1556,9 +1488,8 @@ enum mc_disposition arch_do_multicall_call(struct mc_state *state) !check_multicall_32bit_clean(multi) ) return mc_continue; - multi->result = call(multi->args[0], multi->args[1], - multi->args[2], multi->args[3], - multi->args[4]); + call_handlers_arm(multi->op, multi->result, multi->args[0], multi->args[1], + multi->args[2], multi->args[3], multi->args[4]); return likely(!regs_mode_is_user(guest_cpu_user_regs())) ? mc_continue : mc_preempt; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 10:23:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 10:23:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365008.595011 (Exim 4.92) (envelope-from ) id 1oAqZG-0001sU-SL; Mon, 11 Jul 2022 10:23:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365008.595011; Mon, 11 Jul 2022 10:23:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZG-0001sN-Pa; Mon, 11 Jul 2022 10:23:06 +0000 Received: by outflank-mailman (input) for mailman id 365008; Mon, 11 Jul 2022 10:23:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZE-0001sE-Vf for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZE-0003qr-Ul for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAqZE-0006v2-Tr for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OrwSdb8jlb1f/+XdBdo6aUy6Xqky6xl6GhkAn2923Uw=; b=mBwYBGFCpFMBwAHQXigc204yBp KypwcJxmHFf4ZI2EIYqwRmZeVsT0N54PmL1NuAVNHcJvBvY3ERUrqHGvirpsXyVuc9TldWU8VVQT8 9ElvPhw/BUNJ/6hK/amunpVYRTKRmghexXfBsGDMzhIUDMcGeH1FWf697xFVVxBGuLHM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/x86: remove cf_check attribute from hypercall handlers Message-Id: Date: Mon, 11 Jul 2022 10:23:04 +0000 commit 796dae0fe434cc34ebc7ad53fb54c07850899990 Author: Juergen Gross AuthorDate: Mon Jul 11 12:11:17 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:11:17 2022 +0200 xen/x86: remove cf_check attribute from hypercall handlers Now that the hypercall handlers are all being called directly instead through a function vector, the "cf_check" attribute can be removed. Signed-off-by: Juergen Gross Reviewed-by: Daniel P. Smith # xsm parts Acked-by: Jan Beulich Tested-by: Téo Couprie Diaz Acked-by: Dario Faggioli --- xen/arch/x86/compat.c | 6 +++--- xen/arch/x86/cpu/mcheck/mce.c | 2 +- xen/arch/x86/cpu/vpmu.c | 2 +- xen/arch/x86/domain.c | 3 +-- xen/arch/x86/hvm/dm.c | 2 +- xen/arch/x86/hvm/hvm.c | 2 +- xen/arch/x86/hvm/hypercall.c | 6 +++--- xen/arch/x86/mm.c | 12 ++++++------ xen/arch/x86/mm/paging.c | 2 +- xen/arch/x86/physdev.c | 2 +- xen/arch/x86/platform_hypercall.c | 2 +- xen/arch/x86/pv/callback.c | 16 ++++++++-------- xen/arch/x86/pv/descriptor-tables.c | 8 ++++---- xen/arch/x86/pv/iret.c | 4 ++-- xen/arch/x86/pv/misc-hypercalls.c | 10 +++++----- xen/arch/x86/pv/shim.c | 4 ++-- xen/arch/x86/x86_64/compat/mm.c | 2 +- xen/arch/x86/x86_64/domain.c | 2 +- xen/common/argo.c | 4 ++-- xen/common/compat/grant_table.c | 2 +- xen/common/compat/kernel.c | 2 +- xen/common/compat/memory.c | 3 +-- xen/common/dm.c | 2 +- xen/common/domain.c | 2 +- xen/common/domctl.c | 2 +- xen/common/event_channel.c | 2 +- xen/common/grant_table.c | 3 +-- xen/common/hypfs.c | 2 +- xen/common/kernel.c | 2 +- xen/common/kexec.c | 4 ++-- xen/common/memory.c | 2 +- xen/common/multicall.c | 3 +-- xen/common/sched/compat.c | 2 +- xen/common/sched/core.c | 4 ++-- xen/common/sysctl.c | 2 +- xen/common/xenoprof.c | 2 +- xen/drivers/char/console.c | 2 +- xen/scripts/gen_hypercall.awk | 2 +- xen/xsm/xsm_core.c | 4 ++-- 39 files changed, 68 insertions(+), 72 deletions(-) diff --git a/xen/arch/x86/compat.c b/xen/arch/x86/compat.c index 28281a262a..a031062830 100644 --- a/xen/arch/x86/compat.c +++ b/xen/arch/x86/compat.c @@ -15,7 +15,7 @@ typedef long ret_t; #endif /* Legacy hypercall (as of 0x00030202). */ -ret_t cf_check do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) +ret_t do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) { struct physdev_op op; @@ -28,7 +28,7 @@ ret_t cf_check do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) #ifndef COMPAT /* Legacy hypercall (as of 0x00030101). */ -long cf_check do_sched_op_compat(int cmd, unsigned long arg) +long do_sched_op_compat(int cmd, unsigned long arg) { switch ( cmd ) { @@ -50,7 +50,7 @@ long cf_check do_sched_op_compat(int cmd, unsigned long arg) } /* Legacy hypercall (as of 0x00030202). */ -long cf_check do_event_channel_op_compat( +long do_event_channel_op_compat( XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop) { struct evtchn_op op; diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 275c54be7c..f68e31b643 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -1351,7 +1351,7 @@ CHECK_mcinfo_recovery; # endif /* CONFIG_COMPAT */ /* Machine Check Architecture Hypercall */ -long cf_check do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc) +long do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc) { long ret = 0; struct xen_mc curop, *op = &curop; diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index 51d171615f..d2c03a1104 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -672,7 +672,7 @@ void vpmu_dump(struct vcpu *v) alternative_vcall(vpmu_ops.arch_vpmu_dump, v); } -long cf_check do_xenpmu_op( +long do_xenpmu_op( unsigned int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg) { int ret; diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 0d2944fe14..9ba3704f36 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1491,8 +1491,7 @@ int arch_vcpu_reset(struct vcpu *v) return 0; } -long cf_check do_vcpu_op(int cmd, unsigned int vcpuid, - XEN_GUEST_HANDLE_PARAM(void) arg) +long do_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) { long rc = 0; struct domain *d = current->domain; diff --git a/xen/arch/x86/hvm/dm.c b/xen/arch/x86/hvm/dm.c index d80975efcf..f8e6089870 100644 --- a/xen/arch/x86/hvm/dm.c +++ b/xen/arch/x86/hvm/dm.c @@ -654,7 +654,7 @@ CHECK_dm_op_relocate_memory; CHECK_dm_op_pin_memory_cacheattr; CHECK_dm_op_nr_vcpus; -int cf_check compat_dm_op( +int compat_dm_op( domid_t domid, unsigned int nr_bufs, XEN_GUEST_HANDLE_PARAM(void) bufs) { struct dmop_args args; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 5b16fb4cd8..273fed35e6 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -5022,7 +5022,7 @@ static int hvmop_get_mem_type( return rc; } -long cf_check do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) +long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) { long rc = 0; diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index ae601185fc..29d1ca7a13 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -31,7 +31,7 @@ #include #include -long cf_check hvm_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long hvm_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { long rc; @@ -51,7 +51,7 @@ long cf_check hvm_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) } #ifdef CONFIG_GRANT_TABLE -long cf_check hvm_grant_table_op( +long hvm_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { switch ( cmd ) @@ -77,7 +77,7 @@ long cf_check hvm_grant_table_op( } #endif -long cf_check hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { const struct vcpu *curr = current; const struct domain *currd = curr->domain; diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 57751d2ed7..5b81d5fbdb 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3421,7 +3421,7 @@ static int vcpumask_to_pcpumask( } } -long cf_check do_mmuext_op( +long do_mmuext_op( XEN_GUEST_HANDLE_PARAM(mmuext_op_t) uops, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, @@ -3960,7 +3960,7 @@ long cf_check do_mmuext_op( return rc; } -long cf_check do_mmu_update( +long do_mmu_update( XEN_GUEST_HANDLE_PARAM(mmu_update_t) ureqs, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, @@ -4545,7 +4545,7 @@ static int __do_update_va_mapping( return rc; } -long cf_check do_update_va_mapping( +long do_update_va_mapping( unsigned long va, u64 val64, unsigned long flags) { int rc = __do_update_va_mapping(va, val64, flags, current->domain); @@ -4557,7 +4557,7 @@ long cf_check do_update_va_mapping( return rc; } -long cf_check do_update_va_mapping_otherdomain( +long do_update_va_mapping_otherdomain( unsigned long va, u64 val64, unsigned long flags, domid_t domid) { struct domain *pg_owner; @@ -4580,7 +4580,7 @@ long cf_check do_update_va_mapping_otherdomain( #endif /* CONFIG_PV */ #ifdef CONFIG_PV32 -int cf_check compat_update_va_mapping( +int compat_update_va_mapping( unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags) { int rc = __do_update_va_mapping(va, ((uint64_t)hi << 32) | lo, @@ -4593,7 +4593,7 @@ int cf_check compat_update_va_mapping( return rc; } -int cf_check compat_update_va_mapping_otherdomain( +int compat_update_va_mapping_otherdomain( unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags, domid_t domid) { diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index eb9155f81c..3a355eee9c 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -760,7 +760,7 @@ int paging_domctl(struct domain *d, struct xen_domctl_shadow_op *sc, return shadow_domctl(d, sc, u_domctl); } -long cf_check do_paging_domctl_cont( +long do_paging_domctl_cont( XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { struct xen_domctl op; diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c index 2ddcf44f33..ea38be8b79 100644 --- a/xen/arch/x86/physdev.c +++ b/xen/arch/x86/physdev.c @@ -174,7 +174,7 @@ int physdev_unmap_pirq(domid_t domid, int pirq) } #endif /* COMPAT */ -ret_t cf_check do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { int irq; ret_t ret; diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index eeb4f7a20e..a7341dc3d7 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -214,7 +214,7 @@ void cf_check resource_access(void *info) } #endif -ret_t cf_check do_platform_op( +ret_t do_platform_op( XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) { ret_t ret; diff --git a/xen/arch/x86/pv/callback.c b/xen/arch/x86/pv/callback.c index 1be9d3f731..067ee3b795 100644 --- a/xen/arch/x86/pv/callback.c +++ b/xen/arch/x86/pv/callback.c @@ -140,7 +140,7 @@ static long unregister_guest_callback(struct callback_unregister *unreg) return ret; } -long cf_check do_callback_op(int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg) +long do_callback_op(int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg) { long ret; @@ -178,7 +178,7 @@ long cf_check do_callback_op(int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg) return ret; } -long cf_check do_set_callbacks( +long do_set_callbacks( unsigned long event_address, unsigned long failsafe_address, unsigned long syscall_address) { @@ -283,7 +283,7 @@ static int compat_unregister_guest_callback( return ret; } -int cf_check compat_callback_op(int cmd, XEN_GUEST_HANDLE(const_void) arg) +int compat_callback_op(int cmd, XEN_GUEST_HANDLE(const_void) arg) { int ret; @@ -321,7 +321,7 @@ int cf_check compat_callback_op(int cmd, XEN_GUEST_HANDLE(const_void) arg) return ret; } -int cf_check compat_set_callbacks( +int compat_set_callbacks( unsigned long event_selector, unsigned long event_address, unsigned long failsafe_selector, unsigned long failsafe_address) { @@ -348,7 +348,7 @@ int cf_check compat_set_callbacks( #endif /* CONFIG_PV32 */ -long cf_check do_set_trap_table(XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps) +long do_set_trap_table(XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps) { struct trap_info cur; struct vcpu *curr = current; @@ -394,7 +394,7 @@ long cf_check do_set_trap_table(XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps) } #ifdef CONFIG_PV32 -int cf_check compat_set_trap_table(XEN_GUEST_HANDLE(trap_info_compat_t) traps) +int compat_set_trap_table(XEN_GUEST_HANDLE(trap_info_compat_t) traps) { struct vcpu *curr = current; struct compat_trap_info cur; @@ -437,7 +437,7 @@ int cf_check compat_set_trap_table(XEN_GUEST_HANDLE(trap_info_compat_t) traps) } #endif -long cf_check do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { struct xennmi_callback cb; long rc = 0; @@ -463,7 +463,7 @@ long cf_check do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) } #ifdef CONFIG_PV32 -int cf_check compat_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +int compat_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { struct compat_nmi_callback cb; int rc = 0; diff --git a/xen/arch/x86/pv/descriptor-tables.c b/xen/arch/x86/pv/descriptor-tables.c index 653a61d0b5..b4135b450c 100644 --- a/xen/arch/x86/pv/descriptor-tables.c +++ b/xen/arch/x86/pv/descriptor-tables.c @@ -124,7 +124,7 @@ int pv_set_gdt(struct vcpu *v, const unsigned long frames[], return -EINVAL; } -long cf_check do_set_gdt( +long do_set_gdt( XEN_GUEST_HANDLE_PARAM(xen_ulong_t) frame_list, unsigned int entries) { unsigned int nr_frames = DIV_ROUND_UP(entries, 512); @@ -151,7 +151,7 @@ long cf_check do_set_gdt( #ifdef CONFIG_PV32 -int cf_check compat_set_gdt( +int compat_set_gdt( XEN_GUEST_HANDLE_PARAM(uint) frame_list, unsigned int entries) { struct vcpu *curr = current; @@ -187,7 +187,7 @@ int cf_check compat_set_gdt( return ret; } -int cf_check compat_update_descriptor( +int compat_update_descriptor( uint32_t pa_lo, uint32_t pa_hi, uint32_t desc_lo, uint32_t desc_hi) { seg_desc_t d; @@ -299,7 +299,7 @@ int validate_segdesc_page(struct page_info *page) return i == 512 ? 0 : -EINVAL; } -long cf_check do_update_descriptor(uint64_t gaddr, seg_desc_t d) +long do_update_descriptor(uint64_t gaddr, seg_desc_t d) { struct domain *currd = current->domain; gfn_t gfn = gaddr_to_gfn(gaddr); diff --git a/xen/arch/x86/pv/iret.c b/xen/arch/x86/pv/iret.c index 58de9f7922..316a23e77e 100644 --- a/xen/arch/x86/pv/iret.c +++ b/xen/arch/x86/pv/iret.c @@ -49,7 +49,7 @@ static void async_exception_cleanup(struct vcpu *curr) curr->arch.async_exception_state(trap).old_mask; } -long cf_check do_iret(void) +long do_iret(void) { struct cpu_user_regs *regs = guest_cpu_user_regs(); struct iret_context iret_saved; @@ -106,7 +106,7 @@ long cf_check do_iret(void) } #ifdef CONFIG_PV32 -int cf_check compat_iret(void) +int compat_iret(void) { struct cpu_user_regs *regs = guest_cpu_user_regs(); struct vcpu *v = current; diff --git a/xen/arch/x86/pv/misc-hypercalls.c b/xen/arch/x86/pv/misc-hypercalls.c index 635f5a644a..aaaf70eb63 100644 --- a/xen/arch/x86/pv/misc-hypercalls.c +++ b/xen/arch/x86/pv/misc-hypercalls.c @@ -23,12 +23,12 @@ #include -long cf_check do_set_debugreg(int reg, unsigned long value) +long do_set_debugreg(int reg, unsigned long value) { return set_debugreg(current, reg, value); } -long cf_check do_get_debugreg(int reg) +long do_get_debugreg(int reg) { /* Avoid implementation defined behavior casting unsigned long to long. */ union { @@ -40,7 +40,7 @@ long cf_check do_get_debugreg(int reg) return res == X86EMUL_OKAY ? u.ret : -ENODEV; } -long cf_check do_fpu_taskswitch(int set) +long do_fpu_taskswitch(int set) { struct vcpu *v = current; @@ -175,7 +175,7 @@ long set_debugreg(struct vcpu *v, unsigned int reg, unsigned long value) return 0; } -long cf_check do_stack_switch(unsigned long ss, unsigned long esp) +long do_stack_switch(unsigned long ss, unsigned long esp) { fixup_guest_stack_selector(current->domain, ss); current->arch.pv.kernel_ss = ss; @@ -184,7 +184,7 @@ long cf_check do_stack_switch(unsigned long ss, unsigned long esp) return 0; } -long cf_check do_set_segment_base(unsigned int which, unsigned long base) +long do_set_segment_base(unsigned int which, unsigned long base) { struct vcpu *v = current; long ret = 0; diff --git a/xen/arch/x86/pv/shim.c b/xen/arch/x86/pv/shim.c index 2ee290a392..2b74fea181 100644 --- a/xen/arch/x86/pv/shim.c +++ b/xen/arch/x86/pv/shim.c @@ -824,7 +824,7 @@ long pv_shim_grant_table_op(unsigned int cmd, #ifndef CONFIG_GRANT_TABLE /* Thin wrapper(s) needed. */ -long cf_check do_grant_table_op( +long do_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { if ( !pv_shim ) @@ -834,7 +834,7 @@ long cf_check do_grant_table_op( } #ifdef CONFIG_PV32 -int cf_check compat_grant_table_op( +int compat_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { if ( !pv_shim ) diff --git a/xen/arch/x86/x86_64/compat/mm.c b/xen/arch/x86/x86_64/compat/mm.c index 70b08a832a..d54efaad21 100644 --- a/xen/arch/x86/x86_64/compat/mm.c +++ b/xen/arch/x86/x86_64/compat/mm.c @@ -177,7 +177,7 @@ int compat_arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) #ifdef CONFIG_PV DEFINE_XEN_GUEST_HANDLE(mmuext_op_compat_t); -int cf_check compat_mmuext_op( +int compat_mmuext_op( XEN_GUEST_HANDLE_PARAM(void) arg, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, unsigned int foreigndom) { diff --git a/xen/arch/x86/x86_64/domain.c b/xen/arch/x86/x86_64/domain.c index 9c559aa3ea..62fe51ee74 100644 --- a/xen/arch/x86/x86_64/domain.c +++ b/xen/arch/x86/x86_64/domain.c @@ -12,7 +12,7 @@ CHECK_vcpu_get_physid; #undef xen_vcpu_get_physid -int cf_check +int compat_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) { int rc; diff --git a/xen/common/argo.c b/xen/common/argo.c index 26a01c2188..748b8714d6 100644 --- a/xen/common/argo.c +++ b/xen/common/argo.c @@ -2069,7 +2069,7 @@ sendv(struct domain *src_d, xen_argo_addr_t *src_addr, return ( ret < 0 ) ? ret : len; } -long cf_check +long do_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, unsigned long raw_arg3, unsigned long raw_arg4) @@ -2207,7 +2207,7 @@ do_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, } #ifdef CONFIG_COMPAT -int cf_check +int compat_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, unsigned long arg3, unsigned long arg4) diff --git a/xen/common/compat/grant_table.c b/xen/common/compat/grant_table.c index d5787e3719..4705ee5f76 100644 --- a/xen/common/compat/grant_table.c +++ b/xen/common/compat/grant_table.c @@ -56,7 +56,7 @@ CHECK_gnttab_swap_grant_ref; CHECK_gnttab_cache_flush; #undef xen_gnttab_cache_flush -int cf_check compat_grant_table_op( +int compat_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) cmp_uop, unsigned int count) { int rc = 0; diff --git a/xen/common/compat/kernel.c b/xen/common/compat/kernel.c index 8e8c413bf1..804b919bdc 100644 --- a/xen/common/compat/kernel.c +++ b/xen/common/compat/kernel.c @@ -37,7 +37,7 @@ CHECK_TYPE(capabilities_info); CHECK_TYPE(domain_handle); -#define DO(fn) int cf_check compat_##fn +#define DO(fn) int compat_##fn #define COMPAT #include "../kernel.c" diff --git a/xen/common/compat/memory.c b/xen/common/compat/memory.c index 82fb250efa..56c7de1dea 100644 --- a/xen/common/compat/memory.c +++ b/xen/common/compat/memory.c @@ -53,8 +53,7 @@ static int cf_check get_reserved_device_memory( } #endif -int cf_check compat_memory_op( - unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) compat) +int compat_memory_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) compat) { struct vcpu *curr = current; struct domain *currd = curr->domain; diff --git a/xen/common/dm.c b/xen/common/dm.c index fcb3a1aa05..201b652deb 100644 --- a/xen/common/dm.c +++ b/xen/common/dm.c @@ -19,7 +19,7 @@ #include #include -long cf_check do_dm_op( +long do_dm_op( domid_t domid, unsigned int nr_bufs, XEN_GUEST_HANDLE_PARAM(xen_dm_op_buf_t) bufs) { diff --git a/xen/common/domain.c b/xen/common/domain.c index 3b1169d79b..618410e3b2 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -1753,7 +1753,7 @@ long common_vcpu_op(int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg) } #ifdef arch_vm_assist_valid_mask -long cf_check do_vm_assist(unsigned int cmd, unsigned int type) +long do_vm_assist(unsigned int cmd, unsigned int type) { struct domain *currd = current->domain; const unsigned long valid = arch_vm_assist_valid_mask(currd); diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 0a866e3132..452266710a 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -278,7 +278,7 @@ static struct vnuma_info *vnuma_init(const struct xen_domctl_vnuma *uinfo, return ERR_PTR(ret); } -long cf_check do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) +long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { long ret = 0; bool_t copyback = 0; diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index e60cd98d75..e25fa91913 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -1191,7 +1191,7 @@ static int evtchn_set_priority(const struct evtchn_set_priority *set_priority) return ret; } -long cf_check do_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long do_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { int rc; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 2d110d9f41..aea0ad30a7 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3559,8 +3559,7 @@ gnttab_cache_flush(XEN_GUEST_HANDLE_PARAM(gnttab_cache_flush_t) uop, return 0; } -long cf_check -do_grant_table_op( +long do_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { long rc; diff --git a/xen/common/hypfs.c b/xen/common/hypfs.c index 0d22396f5d..acd258edf2 100644 --- a/xen/common/hypfs.c +++ b/xen/common/hypfs.c @@ -670,7 +670,7 @@ static int hypfs_write(struct hypfs_entry *entry, return entry->funcs->write(l, uaddr, ulen); } -long cf_check do_hypfs_op( +long do_hypfs_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(const_char) arg1, unsigned long arg2, XEN_GUEST_HANDLE_PARAM(void) arg3, unsigned long arg4) { diff --git a/xen/common/kernel.c b/xen/common/kernel.c index adff2d2c77..08bdae082a 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -451,7 +451,7 @@ static int __init cf_check param_init(void) __initcall(param_init); #endif -# define DO(fn) long cf_check do_##fn +# define DO(fn) long do_##fn #endif diff --git a/xen/common/kexec.c b/xen/common/kexec.c index 41669964d2..7095651605 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -1265,13 +1265,13 @@ static int do_kexec_op_internal(unsigned int op, return ret; } -long cf_check do_kexec_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg) +long do_kexec_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg) { return do_kexec_op_internal(op, uarg, 0); } #ifdef CONFIG_COMPAT -int cf_check compat_kexec_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg) +int compat_kexec_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg) { return do_kexec_op_internal(op, uarg, 1); } diff --git a/xen/common/memory.c b/xen/common/memory.c index f2d009843a..f6f794914d 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -1367,7 +1367,7 @@ static int acquire_resource( return rc; } -long cf_check do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { struct domain *d, *curr_d = current->domain; long rc; diff --git a/xen/common/multicall.c b/xen/common/multicall.c index 9db49092b4..1f0cc4cb26 100644 --- a/xen/common/multicall.c +++ b/xen/common/multicall.c @@ -33,8 +33,7 @@ static void trace_multicall_call(multicall_entry_t *call) __trace_multicall_call(call); } -ret_t cf_check -do_multicall( +ret_t do_multicall( XEN_GUEST_HANDLE_PARAM(multicall_entry_t) call_list, uint32_t nr_calls) { struct vcpu *curr = current; diff --git a/xen/common/sched/compat.c b/xen/common/sched/compat.c index 66ba0fe88f..040b4caca2 100644 --- a/xen/common/sched/compat.c +++ b/xen/common/sched/compat.c @@ -39,7 +39,7 @@ static int compat_poll(struct compat_sched_poll *compat) #include "core.c" -int cf_check compat_set_timer_op(u32 lo, s32 hi) +int compat_set_timer_op(u32 lo, s32 hi) { return do_set_timer_op(((s64)hi << 32) | lo); } diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 250207038e..f689b55783 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -1862,7 +1862,7 @@ typedef long ret_t; #endif /* !COMPAT */ -ret_t cf_check do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { ret_t ret = 0; @@ -1999,7 +1999,7 @@ ret_t cf_check do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) #ifndef COMPAT /* Per-vcpu oneshot-timer hypercall. */ -long cf_check do_set_timer_op(s_time_t timeout) +long do_set_timer_op(s_time_t timeout) { struct vcpu *v = current; s_time_t offset = timeout - NOW(); diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c index fc4a0b31d6..1ad3c29351 100644 --- a/xen/common/sysctl.c +++ b/xen/common/sysctl.c @@ -29,7 +29,7 @@ #include #include -long cf_check do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) +long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) { long ret = 0; int copyback = -1; diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c index af617f1d0b..1926a92fe4 100644 --- a/xen/common/xenoprof.c +++ b/xen/common/xenoprof.c @@ -721,7 +721,7 @@ static int xenoprof_op_get_buffer(XEN_GUEST_HANDLE_PARAM(void) arg) || (op == XENOPROF_disable_virq) \ || (op == XENOPROF_get_buffer)) -ret_t cf_check do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) +ret_t do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) { int ret = 0; diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index f9937c5134..e8468c121a 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -675,7 +675,7 @@ static long guest_console_write(XEN_GUEST_HANDLE_PARAM(char) buffer, return 0; } -long cf_check do_console_io( +long do_console_io( unsigned int cmd, unsigned int count, XEN_GUEST_HANDLE_PARAM(char) buffer) { long rc; diff --git a/xen/scripts/gen_hypercall.awk b/xen/scripts/gen_hypercall.awk index 403758be21..34840c514f 100644 --- a/xen/scripts/gen_hypercall.awk +++ b/xen/scripts/gen_hypercall.awk @@ -226,7 +226,7 @@ END { # Generate prototypes for (i = 1; i <= n; i++) { for (p = 1; p <= n_pre[i]; p++) { - printf("%s cf_check %s_%s(", rettype[pre[i, p]], pre[i, p], fn[i]); + printf("%s %s_%s(", rettype[pre[i, p]], pre[i, p], fn[i]); if (n_args[i] == 0) printf("void"); else diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index 2286a502e3..eaa028109b 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -219,13 +219,13 @@ bool __init has_xsm_magic(paddr_t start) #endif -long cf_check do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) +long do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { return xsm_do_xsm_op(op); } #ifdef CONFIG_COMPAT -int cf_check compat_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) +int compat_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { return xsm_do_compat_op(op); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 10:23:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 10:23:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365009.595015 (Exim 4.92) (envelope-from ) id 1oAqZQ-0001vo-VB; Mon, 11 Jul 2022 10:23:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365009.595015; Mon, 11 Jul 2022 10:23:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZQ-0001vh-Sg; Mon, 11 Jul 2022 10:23:16 +0000 Received: by outflank-mailman (input) for mailman id 365009; Mon, 11 Jul 2022 10:23:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZP-0001vR-3H for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZP-0003rH-2E for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAqZP-0006vW-0j for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=drSqilEdKWqwHjHLhJtQWoqM7FJKJ8bL+LE4VBdvKAU=; b=1+2y73NGkTOMk0Z3kzU7ENYxSi T7BbkPEBkA9TsJModLxBMokkPWUmSRtpzPFLEsJ7Qz4CrgC5Sy/1ESEQRsheGrBKadU9S41FLmzD2 2VEUZFHS6ZEh3hND4gbwfL5RL/T3M1P7YoqvlIHJsPgfBUCBgdf0lYWglKfYoXd86mcw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/console: have one Makefile per program/directory Message-Id: Date: Mon, 11 Jul 2022 10:23:15 +0000 commit 524cf4da66ec95d7304a09b81853b250e669eeb3 Author: Anthony PERARD AuthorDate: Mon Jul 11 12:13:07 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:13:07 2022 +0200 tools/console: have one Makefile per program/directory Sources of both xenconsoled and xenconsole are already separated into different directory and don't share anything in common. Having two different Makefile means it's easier to deal with *FLAGS. Some common changes: Rename $(BIN) to $(TARGETS), this will be useful later. Stop removing *.so *.rpm *.a as they aren't created here. Use $(OBJS-y) to list objects. Update $(CFLAGS) for the directory rather than a single object. daemon: Remove the need for $(LDLIBS_xenconsoled), use $(LDLIBS) instead. Remove the need for $(CONSOLE_CFLAGS-y) and use $(CFLAGS-y) instead. client: Remove the unused $(LDLIBS_xenconsole) Signed-off-by: Anthony PERARD Reviewed-by: Luca Fancellu --- .gitignore | 2 -- tools/console/Makefile | 49 +++------------------------------------- tools/console/client/.gitignore | 1 + tools/console/client/Makefile | 39 ++++++++++++++++++++++++++++++++ tools/console/daemon/.gitignore | 1 + tools/console/daemon/Makefile | 50 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 94 insertions(+), 48 deletions(-) diff --git a/.gitignore b/.gitignore index def9339ff1..4729911c51 100644 --- a/.gitignore +++ b/.gitignore @@ -160,8 +160,6 @@ tools/libs/util/libxenutil.map tools/libs/vchan/headers.chk tools/libs/vchan/libxenvchan.map tools/libs/vchan/xenvchan.pc -tools/console/xenconsole -tools/console/xenconsoled tools/debugger/gdb/gdb-6.2.1-linux-i386-xen/* tools/debugger/gdb/gdb-6.2.1/* tools/debugger/gdb/gdb-6.2.1.tar.bz2 diff --git a/tools/console/Makefile b/tools/console/Makefile index 207c04c9cd..63bd2ac302 100644 --- a/tools/console/Makefile +++ b/tools/console/Makefile @@ -1,50 +1,7 @@ XEN_ROOT=$(CURDIR)/../.. include $(XEN_ROOT)/tools/Rules.mk -CFLAGS += -Werror +SUBDIRS-y := daemon client -CFLAGS += $(CFLAGS_libxenctrl) -CFLAGS += $(CFLAGS_libxenstore) -LDLIBS += $(LDLIBS_libxenctrl) -LDLIBS += $(LDLIBS_libxenstore) -LDLIBS += $(SOCKET_LIBS) - -LDLIBS_xenconsoled += $(UTIL_LIBS) -LDLIBS_xenconsoled += -lrt -CONSOLE_CFLAGS-$(CONFIG_ARM) = -DCONFIG_ARM - -BIN = xenconsoled xenconsole - -.PHONY: all -all: $(BIN) - -.PHONY: clean -clean: - $(RM) *.a *.so *.o *.rpm $(BIN) $(DEPS_RM) - $(RM) client/*.o daemon/*.o - -.PHONY: distclean -distclean: clean - -daemon/main.o: CFLAGS += -include $(XEN_ROOT)/tools/config.h -daemon/io.o: CFLAGS += $(CFLAGS_libxenevtchn) $(CFLAGS_libxengnttab) $(CFLAGS_libxenforeignmemory) $(CONSOLE_CFLAGS-y) -xenconsoled: $(patsubst %.c,%.o,$(wildcard daemon/*.c)) - $(CC) $(LDFLAGS) $^ -o $@ $(LDLIBS) $(LDLIBS_libxenevtchn) $(LDLIBS_libxengnttab) $(LDLIBS_libxenforeignmemory) $(LDLIBS_xenconsoled) $(APPEND_LDFLAGS) - -client/main.o: CFLAGS += -include $(XEN_ROOT)/tools/config.h -xenconsole: $(patsubst %.c,%.o,$(wildcard client/*.c)) - $(CC) $(LDFLAGS) $^ -o $@ $(LDLIBS) $(LDLIBS_xenconsole) $(APPEND_LDFLAGS) - -.PHONY: install -install: $(BIN) - $(INSTALL_DIR) $(DESTDIR)/$(sbindir) - $(INSTALL_PROG) xenconsoled $(DESTDIR)/$(sbindir) - $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_BIN) - $(INSTALL_PROG) xenconsole $(DESTDIR)$(LIBEXEC_BIN) - -.PHONY: uninstall -uninstall: - rm -f $(DESTDIR)$(LIBEXEC_BIN)/xenconsole - rm -f $(DESTDIR)$(sbindir)/xenconsoled - --include $(DEPS_INCLUDE) +.PHONY: all clean install distclean uninstall +all clean install distclean uninstall: %: subdirs-% diff --git a/tools/console/client/.gitignore b/tools/console/client/.gitignore new file mode 100644 index 0000000000..b096a1d841 --- /dev/null +++ b/tools/console/client/.gitignore @@ -0,0 +1 @@ +/xenconsole diff --git a/tools/console/client/Makefile b/tools/console/client/Makefile new file mode 100644 index 0000000000..44176c6d93 --- /dev/null +++ b/tools/console/client/Makefile @@ -0,0 +1,39 @@ +XEN_ROOT=$(CURDIR)/../../.. +include $(XEN_ROOT)/tools/Rules.mk + +CFLAGS += -Werror +CFLAGS += $(CFLAGS_libxenctrl) +CFLAGS += $(CFLAGS_libxenstore) +CFLAGS += -include $(XEN_ROOT)/tools/config.h + +LDLIBS += $(LDLIBS_libxenctrl) +LDLIBS += $(LDLIBS_libxenstore) +LDLIBS += $(SOCKET_LIBS) + +OBJS-y := main.o + +TARGETS := xenconsole + +.PHONY: all +all: $(TARGETS) + +xenconsole: $(OBJS-y) + $(CC) $(LDFLAGS) $^ -o $@ $(LDLIBS) $(APPEND_LDFLAGS) + +.PHONY: install +install: all + $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_BIN) + $(INSTALL_PROG) xenconsole $(DESTDIR)$(LIBEXEC_BIN) + +.PHONY: uninstall +uninstall: + rm -f $(DESTDIR)$(LIBEXEC_BIN)/xenconsole + +.PHONY: clean +clean: + $(RM) *.o $(TARGETS) $(DEPS_RM) + +.PHONY: distclean +distclean: clean + +-include $(DEPS_INCLUDE) diff --git a/tools/console/daemon/.gitignore b/tools/console/daemon/.gitignore new file mode 100644 index 0000000000..55c8f84664 --- /dev/null +++ b/tools/console/daemon/.gitignore @@ -0,0 +1 @@ +/xenconsoled diff --git a/tools/console/daemon/Makefile b/tools/console/daemon/Makefile new file mode 100644 index 0000000000..0f004f0b14 --- /dev/null +++ b/tools/console/daemon/Makefile @@ -0,0 +1,50 @@ +XEN_ROOT=$(CURDIR)/../../.. +include $(XEN_ROOT)/tools/Rules.mk + +CFLAGS += -Werror +CFLAGS += $(CFLAGS_libxenctrl) +CFLAGS += $(CFLAGS_libxenstore) +CFLAGS += $(CFLAGS_libxenevtchn) +CFLAGS += $(CFLAGS_libxengnttab) +CFLAGS += $(CFLAGS_libxenforeignmemory) +CFLAGS-$(CONFIG_ARM) += -DCONFIG_ARM +CFLAGS += -include $(XEN_ROOT)/tools/config.h + +LDLIBS += $(LDLIBS_libxenctrl) +LDLIBS += $(LDLIBS_libxenstore) +LDLIBS += $(LDLIBS_libxenevtchn) +LDLIBS += $(LDLIBS_libxengnttab) +LDLIBS += $(LDLIBS_libxenforeignmemory) +LDLIBS += $(SOCKET_LIBS) +LDLIBS += $(UTIL_LIBS) +LDLIBS += -lrt + +OBJS-y := main.o +OBJS-y += io.o +OBJS-y += utils.o + +TARGETS := xenconsoled + +.PHONY: all +all: $(TARGETS) + +xenconsoled: $(OBJS-y) + $(CC) $(LDFLAGS) $^ -o $@ $(LDLIBS) $(APPEND_LDFLAGS) + +.PHONY: install +install: all + $(INSTALL_DIR) $(DESTDIR)/$(sbindir) + $(INSTALL_PROG) xenconsoled $(DESTDIR)/$(sbindir) + +.PHONY: uninstall +uninstall: + rm -f $(DESTDIR)$(sbindir)/xenconsoled + +.PHONY: clean +clean: + $(RM) *.o $(TARGETS) $(DEPS_RM) + +.PHONY: distclean +distclean: clean + +-include $(DEPS_INCLUDE) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 10:23:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 10:23:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365010.595020 (Exim 4.92) (envelope-from ) id 1oAqZb-0001yQ-10; Mon, 11 Jul 2022 10:23:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365010.595020; Mon, 11 Jul 2022 10:23:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZa-0001yJ-UR; Mon, 11 Jul 2022 10:23:26 +0000 Received: by outflank-mailman (input) for mailman id 365010; Mon, 11 Jul 2022 10:23:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZZ-0001y7-5v for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZZ-0003rN-5E for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAqZZ-0006w2-4K for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iT+b8vDZU45FJ3rxGEfC2EpgprU28Z14wjCs2tlVmJ8=; b=5rm0TDwBg0KuJJPwVHm3srBJ9v NcSmzomYce5VnKdPLHk0b0okRHpFbxdxJHOQAEObClF/NJfHRTTV6IRQhCncse6afnSqzz5wKhe/6 ngWu8eKpFI3TmogrdWyGFPdXkyCKAVA46eVm07e/YXO344S/BcUu/nvQ52ObqsnGnovU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/examples: cleanup Makefile Message-Id: Date: Mon, 11 Jul 2022 10:23:25 +0000 commit 6899af760972e1815add7f532160ae238e58b7cd Author: Anthony PERARD AuthorDate: Mon Jul 11 12:13:24 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:13:24 2022 +0200 tools/examples: cleanup Makefile Don't check if a target exist before installing it. For directory, install doesn't complain, and for file it would prevent from updating them. Also remove the existing loop and instead install all files with a single call to $(INSTALL_DATA). Remove XEN_CONFIGS-y which isn't used. Remove "build" target. Add an empty line after the first comment. The comment isn't about $(XEN_READMES), it is about the makefile as a whole. Signed-off-by: Anthony PERARD Reviewed-by: Luca Fancellu --- tools/examples/Makefile | 25 ++++++------------------- 1 file changed, 6 insertions(+), 19 deletions(-) diff --git a/tools/examples/Makefile b/tools/examples/Makefile index 14e24f4cb3..c839bf5603 100644 --- a/tools/examples/Makefile +++ b/tools/examples/Makefile @@ -2,6 +2,7 @@ XEN_ROOT = $(CURDIR)/../.. include $(XEN_ROOT)/tools/Rules.mk # Xen configuration dir and configs to go there. + XEN_READMES = README XEN_CONFIGS += xlexample.hvm @@ -10,14 +11,9 @@ XEN_CONFIGS += xlexample.pvhlinux XEN_CONFIGS += xl.conf XEN_CONFIGS += cpupool -XEN_CONFIGS += $(XEN_CONFIGS-y) - .PHONY: all all: -.PHONY: build -build: - .PHONY: install install: all install-readmes install-configs @@ -26,12 +22,8 @@ uninstall: uninstall-readmes uninstall-configs .PHONY: install-readmes install-readmes: - [ -d $(DESTDIR)$(XEN_CONFIG_DIR) ] || \ - $(INSTALL_DIR) $(DESTDIR)$(XEN_CONFIG_DIR) - set -e; for i in $(XEN_READMES); \ - do [ -e $(DESTDIR)$(XEN_CONFIG_DIR)/$$i ] || \ - $(INSTALL_DATA) $$i $(DESTDIR)$(XEN_CONFIG_DIR); \ - done + $(INSTALL_DIR) $(DESTDIR)$(XEN_CONFIG_DIR) + $(INSTALL_DATA) $(XEN_READMES) $(DESTDIR)$(XEN_CONFIG_DIR) .PHONY: uninstall-readmes uninstall-readmes: @@ -39,14 +31,9 @@ uninstall-readmes: .PHONY: install-configs install-configs: $(XEN_CONFIGS) - [ -d $(DESTDIR)$(XEN_CONFIG_DIR) ] || \ - $(INSTALL_DIR) $(DESTDIR)$(XEN_CONFIG_DIR) - [ -d $(DESTDIR)$(XEN_CONFIG_DIR)/auto ] || \ - $(INSTALL_DIR) $(DESTDIR)$(XEN_CONFIG_DIR)/auto - set -e; for i in $(XEN_CONFIGS); \ - do [ -e $(DESTDIR)$(XEN_CONFIG_DIR)/$$i ] || \ - $(INSTALL_DATA) $$i $(DESTDIR)$(XEN_CONFIG_DIR); \ - done + $(INSTALL_DIR) $(DESTDIR)$(XEN_CONFIG_DIR) + $(INSTALL_DIR) $(DESTDIR)$(XEN_CONFIG_DIR)/auto + $(INSTALL_DATA) $(XEN_CONFIGS) $(DESTDIR)$(XEN_CONFIG_DIR) .PHONY: uninstall-configs uninstall-configs: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 10:23:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 10:23:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365011.595024 (Exim 4.92) (envelope-from ) id 1oAqZl-00021X-2t; Mon, 11 Jul 2022 10:23:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365011.595024; Mon, 11 Jul 2022 10:23:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZk-00021P-WB; Mon, 11 Jul 2022 10:23:36 +0000 Received: by outflank-mailman (input) for mailman id 365011; Mon, 11 Jul 2022 10:23:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZj-000216-9e for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZj-0003rX-8y for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAqZj-0006wX-7N for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yGN3nBp809JES/5Yrmd8kr8F9YHjDU+vR91keUb6Evo=; b=l0qZw4lQXa5/qlTnOB6w3qvlBe wNFQC7bG5WdZsioOag7KiDiw+7UrI9DRXg9BFRmi/BXBi7UsBDLuf3QSoHEvkLLNZbNTRJQWk/p2Y 4qrsoQZg8TzaeOEAEpJMCXmCAAOPfD+DLMngZTGo6/CVf7+bHVjbnxjRJEBWb0DllSBg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] docs: add reference to release cycle discussion Message-Id: Date: Mon, 11 Jul 2022 10:23:35 +0000 commit a58fca51abd46a88d87390fce333c90376e68367 Author: Juergen Gross AuthorDate: Mon Jul 11 12:13:40 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:13:40 2022 +0200 docs: add reference to release cycle discussion As it is coming up basically every release cycle of Xen, add a reference to the discussion why the current release scheme has been selected in the release management documentation. Signed-off-by: Juergen Gross Reviewed-by: Henry Wang Acked-by: Jan Beulich --- docs/process/xen-release-management.pandoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/process/xen-release-management.pandoc b/docs/process/xen-release-management.pandoc index b746c7157d..8f80d61d2f 100644 --- a/docs/process/xen-release-management.pandoc +++ b/docs/process/xen-release-management.pandoc @@ -19,6 +19,8 @@ The Xen hypervisor project now releases every 8 months. We aim to release in the first half of March/July/November. These dates have been chosen to avoid major holidays and cultural events; if one release slips, ideally the subsequent release cycle would be shortened. +The reasons for this schedule have been discussed on +[xen-devel](https://lists.xen.org/archives/html/xen-devel/2018-07/msg02240.html). We can roughly divide one release into two periods. The development period and the freeze period. The former is 6 months long and the latter is about 2 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 10:23:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 10:23:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365012.595030 (Exim 4.92) (envelope-from ) id 1oAqZv-00024H-5Z; Mon, 11 Jul 2022 10:23:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365012.595030; Mon, 11 Jul 2022 10:23:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZv-000249-1N; Mon, 11 Jul 2022 10:23:47 +0000 Received: by outflank-mailman (input) for mailman id 365012; Mon, 11 Jul 2022 10:23:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZt-00023w-Dr for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqZt-0003rd-D4 for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAqZt-0006yU-CG for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NkqLTsR3nASGPMNYL1mHm8ugY/GKgSP0JRf48F7HLQU=; b=U7ZRE6zBR0c/IVKwpT2sJ2YUVQ m2ETwScaxBBgwkKG8un4lqk0S4l9dcyoDG9QG4ea4wRcfgy8qkXfeNDHTBLUrasA8Nq/RiZEdvzFh QhCFJVpw8QYyB9jeUTxZlSIvl2j6M68xbbDY1LUzZVuPkbsMa7ej7E3e9GUH4wKYV2QI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: report Interrupt Controller Virtualization capabilities Message-Id: Date: Mon, 11 Jul 2022 10:23:45 +0000 commit 6b2b9b3405092c3ad38d7342988a584b8efa674c Author: Jane Malalane AuthorDate: Mon Jul 11 12:13:59 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:13:59 2022 +0200 x86: report Interrupt Controller Virtualization capabilities Add XEN_SYSCTL_PHYSCAP_X86_ASSISTED_XAPIC and XEN_SYSCTL_PHYSCAP_X86_ASSISTED_X2APIC to report accelerated xAPIC and x2APIC, on x86 hardware. This is so that xAPIC and x2APIC virtualization can subsequently be enabled on a per-domain basis. No such features are currently implemented on AMD hardware. HW assisted xAPIC virtualization will be reported if HW, at the minimum, supports virtualize_apic_accesses as this feature alone means that an access to the APIC page will cause an APIC-access VM exit. An APIC-access VM exit provides a VMM with information about the access causing the VM exit, unlike a regular EPT fault, thus simplifying some internal handling. HW assisted x2APIC virtualization will be reported if HW supports virtualize_x2apic_mode and, at least, either apic_reg_virt or virtual_intr_delivery. This also means that sysctl follows the conditionals in vmx_vlapic_msr_changed(). For that purpose, also add an arch-specific "capabilities" parameter to struct xen_sysctl_physinfo. Note that this interface is intended to be compatible with AMD so that AVIC support can be introduced in a future patch. Unlike Intel that has multiple controls for APIC Virtualization, AMD has one global 'AVIC Enable' control bit, so fine-graining of APIC virtualization control cannot be done on a common interface. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: "Roger Pau Monné" Reviewed-by: Jan Beulich Reviewed-by: Anthony PERARD Reviewed-by: Kevin Tian Reviewed-by: George Dunlap Acked-by: Christian Lindig --- tools/golang/xenlight/helpers.gen.go | 4 ++++ tools/golang/xenlight/types.gen.go | 2 ++ tools/include/libxl.h | 7 +++++++ tools/libs/light/libxl.c | 3 +++ tools/libs/light/libxl_arch.h | 4 ++++ tools/libs/light/libxl_arm.c | 5 +++++ tools/libs/light/libxl_types.idl | 2 ++ tools/libs/light/libxl_x86.c | 11 +++++++++++ tools/ocaml/libs/xc/xenctrl.ml | 9 +++++++++ tools/ocaml/libs/xc/xenctrl.mli | 8 ++++++++ tools/ocaml/libs/xc/xenctrl_stubs.c | 18 ++++++++++++++++-- tools/xl/xl_info.c | 6 ++++-- xen/arch/x86/hvm/hvm.c | 3 +++ xen/arch/x86/hvm/vmx/vmcs.c | 7 +++++++ xen/arch/x86/include/asm/hvm/hvm.h | 5 +++++ xen/arch/x86/sysctl.c | 4 ++++ xen/include/public/sysctl.h | 11 ++++++++++- 17 files changed, 104 insertions(+), 5 deletions(-) diff --git a/tools/golang/xenlight/helpers.gen.go b/tools/golang/xenlight/helpers.gen.go index b746ff1081..dd4e6c9f14 100644 --- a/tools/golang/xenlight/helpers.gen.go +++ b/tools/golang/xenlight/helpers.gen.go @@ -3373,6 +3373,8 @@ x.CapVmtrace = bool(xc.cap_vmtrace) x.CapVpmu = bool(xc.cap_vpmu) x.CapGnttabV1 = bool(xc.cap_gnttab_v1) x.CapGnttabV2 = bool(xc.cap_gnttab_v2) +x.CapAssistedXapic = bool(xc.cap_assisted_xapic) +x.CapAssistedX2Apic = bool(xc.cap_assisted_x2apic) return nil} @@ -3407,6 +3409,8 @@ xc.cap_vmtrace = C.bool(x.CapVmtrace) xc.cap_vpmu = C.bool(x.CapVpmu) xc.cap_gnttab_v1 = C.bool(x.CapGnttabV1) xc.cap_gnttab_v2 = C.bool(x.CapGnttabV2) +xc.cap_assisted_xapic = C.bool(x.CapAssistedXapic) +xc.cap_assisted_x2apic = C.bool(x.CapAssistedX2Apic) return nil } diff --git a/tools/golang/xenlight/types.gen.go b/tools/golang/xenlight/types.gen.go index b1e84d5258..87be46c745 100644 --- a/tools/golang/xenlight/types.gen.go +++ b/tools/golang/xenlight/types.gen.go @@ -1014,6 +1014,8 @@ CapVmtrace bool CapVpmu bool CapGnttabV1 bool CapGnttabV2 bool +CapAssistedXapic bool +CapAssistedX2Apic bool } type Connectorinfo struct { diff --git a/tools/include/libxl.h b/tools/include/libxl.h index 835dfabc50..3a68e1b55a 100644 --- a/tools/include/libxl.h +++ b/tools/include/libxl.h @@ -535,6 +535,13 @@ #define LIBXL_HAVE_DISK_TRUSTED 1 #define LIBXL_HAVE_NIC_TRUSTED 1 +/* + * LIBXL_HAVE_PHYSINFO_ASSISTED_APIC indicates that libxl_physinfo has + * cap_assisted_xapic and cap_assisted_x2apic fields, which indicates + * the availability of x{2}APIC hardware assisted virtualization. + */ +#define LIBXL_HAVE_PHYSINFO_ASSISTED_APIC 1 + /* * libxl ABI compatibility * diff --git a/tools/libs/light/libxl.c b/tools/libs/light/libxl.c index a0bf7d186f..6d699951e2 100644 --- a/tools/libs/light/libxl.c +++ b/tools/libs/light/libxl.c @@ -15,6 +15,7 @@ #include "libxl_osdeps.h" #include "libxl_internal.h" +#include "libxl_arch.h" int libxl_ctx_alloc(libxl_ctx **pctx, int version, unsigned flags, xentoollog_logger * lg) @@ -410,6 +411,8 @@ int libxl_get_physinfo(libxl_ctx *ctx, libxl_physinfo *physinfo) physinfo->cap_gnttab_v2 = !!(xcphysinfo.capabilities & XEN_SYSCTL_PHYSCAP_gnttab_v2); + libxl__arch_get_physinfo(physinfo, &xcphysinfo); + GC_FREE; return 0; } diff --git a/tools/libs/light/libxl_arch.h b/tools/libs/light/libxl_arch.h index 1522ecb97f..207ceac6a1 100644 --- a/tools/libs/light/libxl_arch.h +++ b/tools/libs/light/libxl_arch.h @@ -85,6 +85,10 @@ int libxl__arch_extra_memory(libxl__gc *gc, const libxl_domain_build_info *info, uint64_t *out); +_hidden +void libxl__arch_get_physinfo(libxl_physinfo *physinfo, + const xc_physinfo_t *xcphysinfo); + _hidden void libxl__arch_update_domain_config(libxl__gc *gc, libxl_domain_config *dst, diff --git a/tools/libs/light/libxl_arm.c b/tools/libs/light/libxl_arm.c index eef1de0939..39fdca1b49 100644 --- a/tools/libs/light/libxl_arm.c +++ b/tools/libs/light/libxl_arm.c @@ -1431,6 +1431,11 @@ int libxl__arch_passthrough_mode_setdefault(libxl__gc *gc, return rc; } +void libxl__arch_get_physinfo(libxl_physinfo *physinfo, + const xc_physinfo_t *xcphysinfo) +{ +} + void libxl__arch_update_domain_config(libxl__gc *gc, libxl_domain_config *dst, const libxl_domain_config *src) diff --git a/tools/libs/light/libxl_types.idl b/tools/libs/light/libxl_types.idl index 89962218b4..47f6a30cde 100644 --- a/tools/libs/light/libxl_types.idl +++ b/tools/libs/light/libxl_types.idl @@ -1070,6 +1070,8 @@ libxl_physinfo = Struct("physinfo", [ ("cap_vpmu", bool), ("cap_gnttab_v1", bool), ("cap_gnttab_v2", bool), + ("cap_assisted_xapic", bool), + ("cap_assisted_x2apic", bool), ], dir=DIR_OUT) libxl_connectorinfo = Struct("connectorinfo", [ diff --git a/tools/libs/light/libxl_x86.c b/tools/libs/light/libxl_x86.c index 1feadebb18..e0a06ecfe3 100644 --- a/tools/libs/light/libxl_x86.c +++ b/tools/libs/light/libxl_x86.c @@ -866,6 +866,17 @@ int libxl__arch_passthrough_mode_setdefault(libxl__gc *gc, return rc; } +void libxl__arch_get_physinfo(libxl_physinfo *physinfo, + const xc_physinfo_t *xcphysinfo) +{ + physinfo->cap_assisted_xapic = + !!(xcphysinfo->arch_capabilities & + XEN_SYSCTL_PHYSCAP_X86_ASSISTED_XAPIC); + physinfo->cap_assisted_x2apic = + !!(xcphysinfo->arch_capabilities & + XEN_SYSCTL_PHYSCAP_X86_ASSISTED_X2APIC); +} + void libxl__arch_update_domain_config(libxl__gc *gc, libxl_domain_config *dst, const libxl_domain_config *src) diff --git a/tools/ocaml/libs/xc/xenctrl.ml b/tools/ocaml/libs/xc/xenctrl.ml index 8eab6f60eb..6fa30ddb56 100644 --- a/tools/ocaml/libs/xc/xenctrl.ml +++ b/tools/ocaml/libs/xc/xenctrl.ml @@ -128,6 +128,14 @@ type physinfo_cap_flag = | CAP_Gnttab_v1 | CAP_Gnttab_v2 + +type x86_physinfo_arch_cap_flag = + | CAP_X86_ASSISTED_XAPIC + | CAP_X86_ASSISTED_X2APIC + +type physinfo_arch_cap_flag = + | X86 of x86_physinfo_arch_cap_flag + type physinfo = { threads_per_core : int; @@ -141,6 +149,7 @@ type physinfo = (* XXX hw_cap *) capabilities : physinfo_cap_flag list; max_nr_cpus : int; + arch_capabilities : physinfo_arch_cap_flag list; } type version = diff --git a/tools/ocaml/libs/xc/xenctrl.mli b/tools/ocaml/libs/xc/xenctrl.mli index d3014a2708..01774da768 100644 --- a/tools/ocaml/libs/xc/xenctrl.mli +++ b/tools/ocaml/libs/xc/xenctrl.mli @@ -113,6 +113,13 @@ type physinfo_cap_flag = | CAP_Gnttab_v1 | CAP_Gnttab_v2 +type x86_physinfo_arch_cap_flag = + | CAP_X86_ASSISTED_XAPIC + | CAP_X86_ASSISTED_X2APIC + +type physinfo_arch_cap_flag = + | X86 of x86_physinfo_arch_cap_flag + type physinfo = { threads_per_core : int; cores_per_socket : int; @@ -124,6 +131,7 @@ type physinfo = { scrub_pages : nativeint; capabilities : physinfo_cap_flag list; max_nr_cpus : int; (** compile-time max possible number of nr_cpus *) + arch_capabilities : physinfo_arch_cap_flag list; } type version = { major : int; minor : int; extra : string; } type compile_info = { diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c index 513ee142d2..42c2bcd333 100644 --- a/tools/ocaml/libs/xc/xenctrl_stubs.c +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c @@ -718,7 +718,7 @@ CAMLprim value stub_xc_send_debug_keys(value xch, value keys) CAMLprim value stub_xc_physinfo(value xch) { CAMLparam1(xch); - CAMLlocal2(physinfo, cap_list); + CAMLlocal4(physinfo, cap_list, x86_arch_cap_list, arch_cap_list); xc_physinfo_t c_physinfo; int r; @@ -737,7 +737,7 @@ CAMLprim value stub_xc_physinfo(value xch) /* ! XEN_SYSCTL_PHYSCAP_ XEN_SYSCTL_PHYSCAP_MAX max */ (c_physinfo.capabilities); - physinfo = caml_alloc_tuple(10); + physinfo = caml_alloc_tuple(11); Store_field(physinfo, 0, Val_int(c_physinfo.threads_per_core)); Store_field(physinfo, 1, Val_int(c_physinfo.cores_per_socket)); Store_field(physinfo, 2, Val_int(c_physinfo.nr_cpus)); @@ -749,6 +749,20 @@ CAMLprim value stub_xc_physinfo(value xch) Store_field(physinfo, 8, cap_list); Store_field(physinfo, 9, Val_int(c_physinfo.max_cpu_id + 1)); +#if defined(__i386__) || defined(__x86_64__) + x86_arch_cap_list = c_bitmap_to_ocaml_list + /* ! x86_physinfo_arch_cap_flag CAP_X86_ none */ + /* ! XEN_SYSCTL_PHYSCAP_X86_ XEN_SYSCTL_PHYSCAP_X86_MAX max */ + (c_physinfo.arch_capabilities); + /* + * arch_capabilities: physinfo_arch_cap_flag list; + */ + arch_cap_list = x86_arch_cap_list; +#else + arch_cap_list = Val_emptylist; +#endif + Store_field(physinfo, 10, arch_cap_list); + CAMLreturn(physinfo); } diff --git a/tools/xl/xl_info.c b/tools/xl/xl_info.c index 712b7638b0..3205270754 100644 --- a/tools/xl/xl_info.c +++ b/tools/xl/xl_info.c @@ -210,7 +210,7 @@ static void output_physinfo(void) info.hw_cap[4], info.hw_cap[5], info.hw_cap[6], info.hw_cap[7] ); - maybe_printf("virt_caps :%s%s%s%s%s%s%s%s%s%s%s\n", + maybe_printf("virt_caps :%s%s%s%s%s%s%s%s%s%s%s%s%s\n", info.cap_pv ? " pv" : "", info.cap_hvm ? " hvm" : "", info.cap_hvm && info.cap_hvm_directio ? " hvm_directio" : "", @@ -221,7 +221,9 @@ static void output_physinfo(void) info.cap_vmtrace ? " vmtrace" : "", info.cap_vpmu ? " vpmu" : "", info.cap_gnttab_v1 ? " gnttab-v1" : "", - info.cap_gnttab_v2 ? " gnttab-v2" : "" + info.cap_gnttab_v2 ? " gnttab-v2" : "", + info.cap_assisted_xapic ? " assisted_xapic" : "", + info.cap_assisted_x2apic ? " assisted_x2apic" : "" ); vinfo = libxl_get_version_info(ctx); diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 273fed35e6..bb996b4c42 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -117,6 +117,9 @@ static const char __initconst warning_hvm_fep[] = static bool_t __initdata opt_altp2m_enabled = 0; boolean_param("altp2m", opt_altp2m_enabled); +bool __ro_after_init assisted_xapic_available; +bool __ro_after_init assisted_x2apic_available; + static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 56fed2db03..7329622dd4 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -2146,7 +2146,14 @@ int __init vmx_vmcs_init(void) ret = _vmx_cpu_up(true); if ( !ret ) + { + /* Check whether hardware supports accelerated xapic and x2apic. */ + assisted_xapic_available = cpu_has_vmx_virtualize_apic_accesses; + assisted_x2apic_available = cpu_has_vmx_virtualize_x2apic_mode && + (cpu_has_vmx_apic_reg_virt || + cpu_has_vmx_virtual_intr_delivery); register_keyhandler('v', vmcs_dump, "dump VT-x VMCSs", 1); + } return ret; } diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index caaeacabc7..8d162b2c99 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -388,6 +388,9 @@ int hvm_get_param(struct domain *d, uint32_t index, uint64_t *value); #define hvm_tsc_scaling_ratio(d) \ ((d)->arch.hvm.tsc_scaling_ratio) +extern bool assisted_xapic_available; +extern bool assisted_x2apic_available; + #define hvm_get_guest_time(v) hvm_get_guest_time_fixed(v, 0) #define hvm_paging_enabled(v) \ @@ -901,6 +904,8 @@ static inline void hvm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) #define hvm_tsc_scaling_supported false #define hap_has_1gb false #define hap_has_2mb false +#define assisted_xapic_available false +#define assisted_x2apic_available false #define hvm_paging_enabled(v) ((void)(v), false) #define hvm_wp_enabled(v) ((void)(v), false) diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c index f82abc2488..716525f72f 100644 --- a/xen/arch/x86/sysctl.c +++ b/xen/arch/x86/sysctl.c @@ -135,6 +135,10 @@ void arch_do_physinfo(struct xen_sysctl_physinfo *pi) pi->capabilities |= XEN_SYSCTL_PHYSCAP_hap; if ( IS_ENABLED(CONFIG_SHADOW_PAGING) ) pi->capabilities |= XEN_SYSCTL_PHYSCAP_shadow; + if ( assisted_xapic_available ) + pi->arch_capabilities |= XEN_SYSCTL_PHYSCAP_X86_ASSISTED_XAPIC; + if ( assisted_x2apic_available ) + pi->arch_capabilities |= XEN_SYSCTL_PHYSCAP_X86_ASSISTED_X2APIC; } long arch_do_sysctl( diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index 60c8711483..5672906729 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -35,7 +35,7 @@ #include "domctl.h" #include "physdev.h" -#define XEN_SYSCTL_INTERFACE_VERSION 0x00000014 +#define XEN_SYSCTL_INTERFACE_VERSION 0x00000015 /* * Read console content from Xen buffer ring. @@ -111,6 +111,13 @@ struct xen_sysctl_tbuf_op { /* Max XEN_SYSCTL_PHYSCAP_* constant. Used for ABI checking. */ #define XEN_SYSCTL_PHYSCAP_MAX XEN_SYSCTL_PHYSCAP_gnttab_v2 +/* The platform supports x{2}apic hardware assisted emulation. */ +#define XEN_SYSCTL_PHYSCAP_X86_ASSISTED_XAPIC (1u << 0) +#define XEN_SYSCTL_PHYSCAP_X86_ASSISTED_X2APIC (1u << 1) + +/* Max XEN_SYSCTL_PHYSCAP_X86_* constant. Used for ABI checking. */ +#define XEN_SYSCTL_PHYSCAP_X86_MAX XEN_SYSCTL_PHYSCAP_X86_ASSISTED_X2APIC + struct xen_sysctl_physinfo { uint32_t threads_per_core; uint32_t cores_per_socket; @@ -120,6 +127,8 @@ struct xen_sysctl_physinfo { uint32_t max_node_id; /* Largest possible node ID on this host */ uint32_t cpu_khz; uint32_t capabilities;/* XEN_SYSCTL_PHYSCAP_??? */ + uint32_t arch_capabilities;/* XEN_SYSCTL_PHYSCAP_{X86,ARM,...}_??? */ + uint32_t pad; uint64_aligned_t total_pages; uint64_aligned_t free_pages; uint64_aligned_t scrub_pages; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 10:23:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 10:23:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365013.595031 (Exim 4.92) (envelope-from ) id 1oAqa4-00027f-7j; Mon, 11 Jul 2022 10:23:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365013.595031; Mon, 11 Jul 2022 10:23:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqa4-00027Y-59; Mon, 11 Jul 2022 10:23:56 +0000 Received: by outflank-mailman (input) for mailman id 365013; Mon, 11 Jul 2022 10:23:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqa3-00027O-JM for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAqa3-0003ri-IR for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAqa3-0006z1-Gz for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 10:23:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3S953+3oOyGtFUYNplDdECmP5N/pcq8BzXX/KB1kWQM=; b=sFujhP9jcLu+3Eo8Xd5o0q4h0v iadJNCGoCpOLXivqfyI054O5WRFvAWW4WyJZIiFQVzrhVmzH+mOcCJH58rCN3llA0FBagfdeEL9q3 jCsmuldfuXtdQinMY3JN7ei+p77MmTqsKY4x3zGWSl4Z4CqGKNG5Vy0ww6CdS7FKo/60=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/HVM: allow per-domain usage of hardware virtualized APIC Message-Id: Date: Mon, 11 Jul 2022 10:23:55 +0000 commit 2ce11ce249a3981bac50914c6a90f681ad7a4222 Author: Jane Malalane AuthorDate: Mon Jul 11 12:15:05 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:15:05 2022 +0200 x86/HVM: allow per-domain usage of hardware virtualized APIC Introduce a new per-domain creation x86 specific flag to select whether hardware assisted virtualization should be used for x{2}APIC. A per-domain option is added to xl in order to select the usage of x{2}APIC hardware assisted virtualization, as well as a global configuration option. Having all APIC interaction exit to Xen for emulation is slow and can induce much overhead. Hardware can speed up x{2}APIC by decoding the APIC access and providing a VM exit with a more specific exit reason than a regular EPT fault or by altogether avoiding a VM exit. On the other hand, being able to disable x{2}APIC hardware assisted virtualization can be useful for testing and debugging purposes. Note: - vmx_install_vlapic_mapping doesn't require modifications regardless of whether the guest has "Virtualize APIC accesses" enabled or not, i.e., setting the APIC_ACCESS_ADDR VMCS field is fine so long as virtualize_apic_accesses is supported by the CPU. - Both per-domain and global assisted_x{2}apic options are not part of the migration stream, unless explicitly set in the respective configuration files. Default settings of assisted_x{2}apic done internally by the toolstack, based on host capabilities at create time, are not migrated. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Acked-by: Christian Lindig Reviewed-by: "Roger Pau Monné" Reviewed-by: Anthony PERARD Reviewed-by: Kevin Tian Reviewed-by: George Dunlap --- docs/man/xl.cfg.5.pod.in | 15 +++++++++++++++ docs/man/xl.conf.5.pod.in | 12 ++++++++++++ tools/golang/xenlight/helpers.gen.go | 12 ++++++++++++ tools/golang/xenlight/types.gen.go | 2 ++ tools/include/libxl.h | 7 +++++++ tools/libs/light/libxl_arch.h | 5 +++-- tools/libs/light/libxl_arm.c | 9 ++++++--- tools/libs/light/libxl_create.c | 22 +++++++++++++--------- tools/libs/light/libxl_types.idl | 2 ++ tools/libs/light/libxl_x86.c | 28 ++++++++++++++++++++++++++-- tools/ocaml/libs/xc/xenctrl.ml | 2 ++ tools/ocaml/libs/xc/xenctrl.mli | 2 ++ tools/ocaml/libs/xc/xenctrl_stubs.c | 2 +- tools/xl/xl.c | 8 ++++++++ tools/xl/xl.h | 2 ++ tools/xl/xl_parse.c | 19 +++++++++++++++++++ xen/arch/x86/domain.c | 29 ++++++++++++++++++++++++++++- xen/arch/x86/hvm/vmx/vmcs.c | 4 ++++ xen/arch/x86/hvm/vmx/vmx.c | 13 ++++--------- xen/arch/x86/include/asm/hvm/domain.h | 6 ++++++ xen/arch/x86/include/asm/hvm/hvm.h | 5 +++++ xen/arch/x86/traps.c | 5 +++-- xen/include/public/arch-x86/xen.h | 5 +++++ 23 files changed, 187 insertions(+), 29 deletions(-) diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in index b98d161398..6d98d73d76 100644 --- a/docs/man/xl.cfg.5.pod.in +++ b/docs/man/xl.cfg.5.pod.in @@ -1862,6 +1862,21 @@ firmware tables when using certain older guest Operating Systems. These tables have been superseded by newer constructs within the ACPI tables. +=item B + +B<(x86 only)> Enables or disables hardware assisted virtualization for +xAPIC. With this option enabled, a memory-mapped APIC access will be +decoded by hardware and either issue a more specific VM exit than just +a p2m fault, or altogether avoid a VM exit. The +default is settable via L. + +=item B + +B<(x86 only)> Enables or disables hardware assisted virtualization for +x2APIC. With this option enabled, certain accesses to MSR APIC +registers will avoid a VM exit into the hypervisor. The default is +settable via L. + =item B B<(x86 only)> Hides or exposes the No-eXecute capability. This allows a guest diff --git a/docs/man/xl.conf.5.pod.in b/docs/man/xl.conf.5.pod.in index df20c08137..95d136d1ea 100644 --- a/docs/man/xl.conf.5.pod.in +++ b/docs/man/xl.conf.5.pod.in @@ -107,6 +107,18 @@ Sets the default value for the C domain config value. Default: maximum grant version supported by the hypervisor. +=item B + +If enabled, domains will use xAPIC hardware assisted virtualization by default. + +Default: enabled if supported. + +=item B + +If enabled, domains will use x2APIC hardware assisted virtualization by default. + +Default: enabled if supported. + =item B Configures the default hotplug script used by virtual network devices. diff --git a/tools/golang/xenlight/helpers.gen.go b/tools/golang/xenlight/helpers.gen.go index dd4e6c9f14..dece545ee0 100644 --- a/tools/golang/xenlight/helpers.gen.go +++ b/tools/golang/xenlight/helpers.gen.go @@ -1120,6 +1120,12 @@ x.ArchArm.Vuart = VuartType(xc.arch_arm.vuart) if err := x.ArchX86.MsrRelaxed.fromC(&xc.arch_x86.msr_relaxed);err != nil { return fmt.Errorf("converting field ArchX86.MsrRelaxed: %v", err) } +if err := x.ArchX86.AssistedXapic.fromC(&xc.arch_x86.assisted_xapic);err != nil { +return fmt.Errorf("converting field ArchX86.AssistedXapic: %v", err) +} +if err := x.ArchX86.AssistedX2Apic.fromC(&xc.arch_x86.assisted_x2apic);err != nil { +return fmt.Errorf("converting field ArchX86.AssistedX2Apic: %v", err) +} x.Altp2M = Altp2MMode(xc.altp2m) x.VmtraceBufKb = int(xc.vmtrace_buf_kb) if err := x.Vpmu.fromC(&xc.vpmu);err != nil { @@ -1605,6 +1611,12 @@ xc.arch_arm.vuart = C.libxl_vuart_type(x.ArchArm.Vuart) if err := x.ArchX86.MsrRelaxed.toC(&xc.arch_x86.msr_relaxed); err != nil { return fmt.Errorf("converting field ArchX86.MsrRelaxed: %v", err) } +if err := x.ArchX86.AssistedXapic.toC(&xc.arch_x86.assisted_xapic); err != nil { +return fmt.Errorf("converting field ArchX86.AssistedXapic: %v", err) +} +if err := x.ArchX86.AssistedX2Apic.toC(&xc.arch_x86.assisted_x2apic); err != nil { +return fmt.Errorf("converting field ArchX86.AssistedX2Apic: %v", err) +} xc.altp2m = C.libxl_altp2m_mode(x.Altp2M) xc.vmtrace_buf_kb = C.int(x.VmtraceBufKb) if err := x.Vpmu.toC(&xc.vpmu); err != nil { diff --git a/tools/golang/xenlight/types.gen.go b/tools/golang/xenlight/types.gen.go index 87be46c745..253c9ad93d 100644 --- a/tools/golang/xenlight/types.gen.go +++ b/tools/golang/xenlight/types.gen.go @@ -520,6 +520,8 @@ Vuart VuartType } ArchX86 struct { MsrRelaxed Defbool +AssistedXapic Defbool +AssistedX2Apic Defbool } Altp2M Altp2MMode VmtraceBufKb int diff --git a/tools/include/libxl.h b/tools/include/libxl.h index 3a68e1b55a..f351669039 100644 --- a/tools/include/libxl.h +++ b/tools/include/libxl.h @@ -542,6 +542,13 @@ */ #define LIBXL_HAVE_PHYSINFO_ASSISTED_APIC 1 +/* + * LIBXL_HAVE_ASSISTED_APIC indicates that libxl_domain_build_info has + * assisted_xapic and assisted_x2apic fields for enabling hardware + * assisted virtualization for x{2}apic per domain. + */ +#define LIBXL_HAVE_ASSISTED_APIC 1 + /* * libxl ABI compatibility * diff --git a/tools/libs/light/libxl_arch.h b/tools/libs/light/libxl_arch.h index 207ceac6a1..03b89929e6 100644 --- a/tools/libs/light/libxl_arch.h +++ b/tools/libs/light/libxl_arch.h @@ -71,8 +71,9 @@ void libxl__arch_domain_create_info_setdefault(libxl__gc *gc, libxl_domain_create_info *c_info); _hidden -void libxl__arch_domain_build_info_setdefault(libxl__gc *gc, - libxl_domain_build_info *b_info); +int libxl__arch_domain_build_info_setdefault(libxl__gc *gc, + libxl_domain_build_info *b_info, + const libxl_physinfo *physinfo); _hidden int libxl__arch_passthrough_mode_setdefault(libxl__gc *gc, diff --git a/tools/libs/light/libxl_arm.c b/tools/libs/light/libxl_arm.c index 39fdca1b49..7dee2afd4b 100644 --- a/tools/libs/light/libxl_arm.c +++ b/tools/libs/light/libxl_arm.c @@ -1384,14 +1384,15 @@ void libxl__arch_domain_create_info_setdefault(libxl__gc *gc, } } -void libxl__arch_domain_build_info_setdefault(libxl__gc *gc, - libxl_domain_build_info *b_info) +int libxl__arch_domain_build_info_setdefault(libxl__gc *gc, + libxl_domain_build_info *b_info, + const libxl_physinfo *physinfo) { /* ACPI is disabled by default */ libxl_defbool_setdefault(&b_info->acpi, false); if (b_info->type != LIBXL_DOMAIN_TYPE_PV) - return; + return 0; LOG(DEBUG, "Converting build_info to PVH"); @@ -1399,6 +1400,8 @@ void libxl__arch_domain_build_info_setdefault(libxl__gc *gc, memset(&b_info->u, '\0', sizeof(b_info->u)); b_info->type = LIBXL_DOMAIN_TYPE_INVALID; libxl_domain_build_info_init_type(b_info, LIBXL_DOMAIN_TYPE_PVH); + + return 0; } int libxl__arch_passthrough_mode_setdefault(libxl__gc *gc, diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 2339f09e95..b9dd2deedf 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -75,6 +75,7 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, libxl_domain_build_info *b_info) { int i, rc; + libxl_physinfo info; if (b_info->type != LIBXL_DOMAIN_TYPE_HVM && b_info->type != LIBXL_DOMAIN_TYPE_PV && @@ -264,7 +265,18 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, if (!b_info->event_channels) b_info->event_channels = 1023; - libxl__arch_domain_build_info_setdefault(gc, b_info); + rc = libxl_get_physinfo(CTX, &info); + if (rc) { + LOG(ERROR, "failed to get hypervisor info"); + return rc; + } + + rc = libxl__arch_domain_build_info_setdefault(gc, b_info, &info); + if (rc) { + LOG(ERROR, "unable to set domain arch build info defaults"); + return rc; + } + libxl_defbool_setdefault(&b_info->dm_restrict, false); if (b_info->iommu_memkb == LIBXL_MEMKB_DEFAULT) @@ -457,14 +469,6 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, } if (b_info->max_grant_version == LIBXL_MAX_GRANT_DEFAULT) { - libxl_physinfo info; - - rc = libxl_get_physinfo(CTX, &info); - if (rc) { - LOG(ERROR, "failed to get hypervisor info"); - return rc; - } - if (info.cap_gnttab_v2) b_info->max_grant_version = 2; else if (info.cap_gnttab_v1) diff --git a/tools/libs/light/libxl_types.idl b/tools/libs/light/libxl_types.idl index 47f6a30cde..f3ceb38c9e 100644 --- a/tools/libs/light/libxl_types.idl +++ b/tools/libs/light/libxl_types.idl @@ -648,6 +648,8 @@ libxl_domain_build_info = Struct("domain_build_info",[ ("vuart", libxl_vuart_type), ])), ("arch_x86", Struct(None, [("msr_relaxed", libxl_defbool), + ("assisted_xapic", libxl_defbool), + ("assisted_x2apic", libxl_defbool), ])), # Alternate p2m is not bound to any architecture or guest type, as it is # supported by x86 HVM and ARM support is planned. diff --git a/tools/libs/light/libxl_x86.c b/tools/libs/light/libxl_x86.c index e0a06ecfe3..7c5ee74443 100644 --- a/tools/libs/light/libxl_x86.c +++ b/tools/libs/light/libxl_x86.c @@ -23,6 +23,15 @@ int libxl__arch_domain_prepare_config(libxl__gc *gc, if (libxl_defbool_val(d_config->b_info.arch_x86.msr_relaxed)) config->arch.misc_flags |= XEN_X86_MSR_RELAXED; + if (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV) + { + if (libxl_defbool_val(d_config->b_info.arch_x86.assisted_xapic)) + config->arch.misc_flags |= XEN_X86_ASSISTED_XAPIC; + + if (libxl_defbool_val(d_config->b_info.arch_x86.assisted_x2apic)) + config->arch.misc_flags |= XEN_X86_ASSISTED_X2APIC; + } + return 0; } @@ -819,11 +828,26 @@ void libxl__arch_domain_create_info_setdefault(libxl__gc *gc, { } -void libxl__arch_domain_build_info_setdefault(libxl__gc *gc, - libxl_domain_build_info *b_info) +int libxl__arch_domain_build_info_setdefault(libxl__gc *gc, + libxl_domain_build_info *b_info, + const libxl_physinfo *physinfo) { libxl_defbool_setdefault(&b_info->acpi, true); libxl_defbool_setdefault(&b_info->arch_x86.msr_relaxed, false); + + if (b_info->type != LIBXL_DOMAIN_TYPE_PV) { + libxl_defbool_setdefault(&b_info->arch_x86.assisted_xapic, + physinfo->cap_assisted_xapic); + libxl_defbool_setdefault(&b_info->arch_x86.assisted_x2apic, + physinfo->cap_assisted_x2apic); + } + else if (!libxl_defbool_is_default(b_info->arch_x86.assisted_xapic) || + !libxl_defbool_is_default(b_info->arch_x86.assisted_x2apic)) { + LOG(ERROR, "Interrupt Controller Virtualization not supported for PV"); + return ERROR_INVAL; + } + + return 0; } int libxl__arch_passthrough_mode_setdefault(libxl__gc *gc, diff --git a/tools/ocaml/libs/xc/xenctrl.ml b/tools/ocaml/libs/xc/xenctrl.ml index 6fa30ddb56..0c71e5eef3 100644 --- a/tools/ocaml/libs/xc/xenctrl.ml +++ b/tools/ocaml/libs/xc/xenctrl.ml @@ -50,6 +50,8 @@ type x86_arch_emulation_flags = type x86_arch_misc_flags = | X86_MSR_RELAXED + | X86_ASSISTED_XAPIC + | X86_ASSISTED_X2APIC type xen_x86_arch_domainconfig = { diff --git a/tools/ocaml/libs/xc/xenctrl.mli b/tools/ocaml/libs/xc/xenctrl.mli index 01774da768..a8458e19ca 100644 --- a/tools/ocaml/libs/xc/xenctrl.mli +++ b/tools/ocaml/libs/xc/xenctrl.mli @@ -44,6 +44,8 @@ type x86_arch_emulation_flags = type x86_arch_misc_flags = | X86_MSR_RELAXED + | X86_ASSISTED_XAPIC + | X86_ASSISTED_X2APIC type xen_x86_arch_domainconfig = { emulation_flags: x86_arch_emulation_flags list; diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c index 42c2bcd333..19335bdf45 100644 --- a/tools/ocaml/libs/xc/xenctrl_stubs.c +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c @@ -244,7 +244,7 @@ CAMLprim value stub_xc_domain_create(value xch, value wanted_domid, value config cfg.arch.misc_flags = ocaml_list_to_c_bitmap /* ! x86_arch_misc_flags X86_ none */ - /* ! XEN_X86_ XEN_X86_MSR_RELAXED all */ + /* ! XEN_X86_ XEN_X86_MISC_FLAGS_MAX max */ (VAL_MISC_FLAGS); #undef VAL_MISC_FLAGS diff --git a/tools/xl/xl.c b/tools/xl/xl.c index 2d1ec18ea3..31eb223309 100644 --- a/tools/xl/xl.c +++ b/tools/xl/xl.c @@ -57,6 +57,8 @@ int max_grant_frames = -1; int max_maptrack_frames = -1; int max_grant_version = LIBXL_MAX_GRANT_DEFAULT; libxl_domid domid_policy = INVALID_DOMID; +int assisted_xapic = -1; +int assisted_x2apic = -1; xentoollog_level minmsglevel = minmsglevel_default; @@ -201,6 +203,12 @@ static void parse_global_config(const char *configfile, if (!xlu_cfg_get_long (config, "claim_mode", &l, 0)) claim_mode = l; + if (!xlu_cfg_get_long (config, "assisted_xapic", &l, 0)) + assisted_xapic = l; + + if (!xlu_cfg_get_long (config, "assisted_x2apic", &l, 0)) + assisted_x2apic = l; + xlu_cfg_replace_string (config, "remus.default.netbufscript", &default_remus_netbufscript, 0); xlu_cfg_replace_string (config, "colo.default.proxyscript", diff --git a/tools/xl/xl.h b/tools/xl/xl.h index c5c4bedbdd..528deb3feb 100644 --- a/tools/xl/xl.h +++ b/tools/xl/xl.h @@ -286,6 +286,8 @@ extern libxl_bitmap global_vm_affinity_mask; extern libxl_bitmap global_hvm_affinity_mask; extern libxl_bitmap global_pv_affinity_mask; extern libxl_domid domid_policy; +extern int assisted_xapic; +extern int assisted_x2apic; enum output_format { OUTPUT_FORMAT_JSON, diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 644ab8f8fd..1b5381cef0 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -2765,6 +2765,25 @@ skip_usbdev: xlu_cfg_get_defbool(config, "vpmu", &b_info->vpmu, 0); + if (b_info->type != LIBXL_DOMAIN_TYPE_PV) { + e = xlu_cfg_get_long(config, "assisted_xapic", &l , 0); + if (!e) + libxl_defbool_set(&b_info->arch_x86.assisted_xapic, l); + else if (e != ESRCH) + exit(1); + else if (assisted_xapic != -1) /* use global default if present */ + libxl_defbool_set(&b_info->arch_x86.assisted_xapic, assisted_xapic); + + e = xlu_cfg_get_long(config, "assisted_x2apic", &l, 0); + if (!e) + libxl_defbool_set(&b_info->arch_x86.assisted_x2apic, l); + else if (e != ESRCH) + exit(1); + else if (assisted_x2apic != -1) /* use global default if present */ + libxl_defbool_set(&b_info->arch_x86.assisted_x2apic, + assisted_x2apic); + } + xlu_cfg_destroy(config); } diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 9ba3704f36..408ee284ed 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -50,6 +50,7 @@ #include #include #include +#include #include #include #include @@ -619,6 +620,8 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config) bool hvm = config->flags & XEN_DOMCTL_CDF_hvm; bool hap = config->flags & XEN_DOMCTL_CDF_hap; bool nested_virt = config->flags & XEN_DOMCTL_CDF_nested_virt; + bool assisted_xapic = config->arch.misc_flags & XEN_X86_ASSISTED_XAPIC; + bool assisted_x2apic = config->arch.misc_flags & XEN_X86_ASSISTED_X2APIC; unsigned int max_vcpus; if ( hvm ? !hvm_enabled : !IS_ENABLED(CONFIG_PV) ) @@ -685,13 +688,31 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config) } } - if ( config->arch.misc_flags & ~XEN_X86_MSR_RELAXED ) + if ( config->arch.misc_flags & ~(XEN_X86_MSR_RELAXED | + XEN_X86_ASSISTED_XAPIC | + XEN_X86_ASSISTED_X2APIC) ) { dprintk(XENLOG_INFO, "Invalid arch misc flags %#x\n", config->arch.misc_flags); return -EINVAL; } + if ( (assisted_xapic || assisted_x2apic) && !hvm ) + { + dprintk(XENLOG_INFO, + "Interrupt Controller Virtualization not supported for PV\n"); + return -EINVAL; + } + + if ( (assisted_xapic && !assisted_xapic_available) || + (assisted_x2apic && !assisted_x2apic_available) ) + { + dprintk(XENLOG_INFO, + "Hardware assisted x%sAPIC requested but not available\n", + assisted_xapic && !assisted_xapic_available ? "" : "2"); + return -ENODEV; + } + return 0; } @@ -864,6 +885,12 @@ int arch_domain_create(struct domain *d, d->arch.msr_relaxed = config->arch.misc_flags & XEN_X86_MSR_RELAXED; + d->arch.hvm.assisted_xapic = + config->arch.misc_flags & XEN_X86_ASSISTED_XAPIC; + + d->arch.hvm.assisted_x2apic = + config->arch.misc_flags & XEN_X86_ASSISTED_X2APIC; + spec_ctrl_init_domain(d); return 0; diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 7329622dd4..683c650d77 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1134,6 +1134,10 @@ static int construct_vmcs(struct vcpu *v) __vmwrite(PLE_WINDOW, ple_window); } + if ( !has_assisted_xapic(d) ) + v->arch.hvm.vmx.secondary_exec_control &= + ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; + if ( cpu_has_vmx_secondary_exec_control ) __vmwrite(SECONDARY_VM_EXEC_CONTROL, v->arch.hvm.vmx.secondary_exec_control); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index f08a00dcbb..47554cc004 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3376,16 +3376,11 @@ static void vmx_install_vlapic_mapping(struct vcpu *v) void vmx_vlapic_msr_changed(struct vcpu *v) { - int virtualize_x2apic_mode; struct vlapic *vlapic = vcpu_vlapic(v); unsigned int msr; - virtualize_x2apic_mode = ( (cpu_has_vmx_apic_reg_virt || - cpu_has_vmx_virtual_intr_delivery) && - cpu_has_vmx_virtualize_x2apic_mode ); - - if ( !cpu_has_vmx_virtualize_apic_accesses && - !virtualize_x2apic_mode ) + if ( !has_assisted_xapic(v->domain) && + !has_assisted_x2apic(v->domain) ) return; vmx_vmcs_enter(v); @@ -3395,7 +3390,7 @@ void vmx_vlapic_msr_changed(struct vcpu *v) if ( !vlapic_hw_disabled(vlapic) && (vlapic_base_address(vlapic) == APIC_DEFAULT_PHYS_BASE) ) { - if ( virtualize_x2apic_mode && vlapic_x2apic_mode(vlapic) ) + if ( has_assisted_x2apic(v->domain) && vlapic_x2apic_mode(vlapic) ) { v->arch.hvm.vmx.secondary_exec_control |= SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE; @@ -3416,7 +3411,7 @@ void vmx_vlapic_msr_changed(struct vcpu *v) vmx_clear_msr_intercept(v, MSR_X2APIC_SELF, VMX_MSR_W); } } - else + else if ( has_assisted_xapic(v->domain) ) v->arch.hvm.vmx.secondary_exec_control |= SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; } diff --git a/xen/arch/x86/include/asm/hvm/domain.h b/xen/arch/x86/include/asm/hvm/domain.h index 698455444e..92bf53483c 100644 --- a/xen/arch/x86/include/asm/hvm/domain.h +++ b/xen/arch/x86/include/asm/hvm/domain.h @@ -117,6 +117,12 @@ struct hvm_domain { bool is_s3_suspended; + /* xAPIC hardware assisted virtualization. */ + bool assisted_xapic; + + /* x2APIC hardware assisted virtualization. */ + bool assisted_x2apic; + /* hypervisor intercepted msix table */ struct list_head msixtbl_list; diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 8d162b2c99..03096f31ef 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -391,6 +391,9 @@ int hvm_get_param(struct domain *d, uint32_t index, uint64_t *value); extern bool assisted_xapic_available; extern bool assisted_x2apic_available; +#define has_assisted_xapic(d) ((d)->arch.hvm.assisted_xapic) +#define has_assisted_x2apic(d) ((d)->arch.hvm.assisted_x2apic) + #define hvm_get_guest_time(v) hvm_get_guest_time_fixed(v, 0) #define hvm_paging_enabled(v) \ @@ -907,6 +910,8 @@ static inline void hvm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) #define assisted_xapic_available false #define assisted_x2apic_available false +#define has_assisted_xapic(d) ((void)(d), false) +#define has_assisted_x2apic(d) ((void)(d), false) #define hvm_paging_enabled(v) ((void)(v), false) #define hvm_wp_enabled(v) ((void)(v), false) #define hvm_pcid_enabled(v) ((void)(v), false) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index bb3dfcc90f..cabebf4f5b 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -1117,7 +1117,8 @@ void cpuid_hypervisor_leaves(const struct vcpu *v, uint32_t leaf, if ( !is_hvm_domain(d) || subleaf != 0 ) break; - if ( cpu_has_vmx_apic_reg_virt ) + if ( cpu_has_vmx_apic_reg_virt && + has_assisted_xapic(d) ) res->a |= XEN_HVM_CPUID_APIC_ACCESS_VIRT; /* @@ -1126,7 +1127,7 @@ void cpuid_hypervisor_leaves(const struct vcpu *v, uint32_t leaf, * and wrmsr in the guest will run without VMEXITs (see * vmx_vlapic_msr_changed()). */ - if ( cpu_has_vmx_virtualize_x2apic_mode && + if ( has_assisted_x2apic(d) && cpu_has_vmx_apic_reg_virt && cpu_has_vmx_virtual_intr_delivery ) res->a |= XEN_HVM_CPUID_X2APIC_VIRT; diff --git a/xen/include/public/arch-x86/xen.h b/xen/include/public/arch-x86/xen.h index 7acd94c8eb..58a1e87ee9 100644 --- a/xen/include/public/arch-x86/xen.h +++ b/xen/include/public/arch-x86/xen.h @@ -317,9 +317,14 @@ struct xen_arch_domainconfig { * doesn't allow the guest to read or write to the underlying MSR. */ #define XEN_X86_MSR_RELAXED (1u << 0) +#define XEN_X86_ASSISTED_XAPIC (1u << 1) +#define XEN_X86_ASSISTED_X2APIC (1u << 2) uint32_t misc_flags; }; +/* Max XEN_X86_* constant. Used for ABI checking. */ +#define XEN_X86_MISC_FLAGS_MAX XEN_X86_ASSISTED_X2APIC + /* Location of online VCPU bitmap. */ #define XEN_ACPI_CPU_MAP 0xaf00 #define XEN_ACPI_CPU_MAP_LEN ((HVM_MAX_VCPUS + 7) / 8) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 14:22:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 14:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365174.595280 (Exim 4.92) (envelope-from ) id 1oAuIY-0005Oe-3q; Mon, 11 Jul 2022 14:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365174.595280; Mon, 11 Jul 2022 14:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAuIX-0005OW-WE; Mon, 11 Jul 2022 14:22:06 +0000 Received: by outflank-mailman (input) for mailman id 365174; Mon, 11 Jul 2022 14:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAuIW-0005OQ-PY for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 14:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAuIW-000120-Nv for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 14:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAuIW-0002Pi-M6 for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 14:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1kLki0KzjB90c/WDA5O6WzKxmtlP2+na8+ADwTTQM0Y=; b=GxrHI2xv68BOZ4OUnyq61qbXSf aAKENPhXI4kKC/G8OwvxD/khUY7IAotojNLC+Z2L6waFEr/zxbqRPAEDxcUx6ykyrMiwV9WndyhL5 H1no6I5xucx1Ju3I0IkJkTDHRCR+rrKzxL9c5GtbAW0mv3jBzKuO60UKslaZOiDV9DsQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option Message-Id: Date: Mon, 11 Jul 2022 14:22:04 +0000 commit 4cdb519d797c19ebb8fadc5938cdb47479d5a21b Author: Andrew Cooper AuthorDate: Fri Jul 8 16:11:40 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 11 15:21:35 2022 +0100 x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option This was an oversight from when unpriv-mmio was introduced. Fixes: 8c24b70fedcb ("x86/spec-ctrl: Add spec-ctrl=unpriv-mmio") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/spec_ctrl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 7a4550db83..ba64a09048 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -122,6 +122,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_l1d_flush = 0; opt_branch_harden = false; opt_srb_lock = 0; + opt_unpriv_mmio = false; } else if ( val > 0 ) rc = -EINVAL; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 14:22:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 14:22:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365175.595282 (Exim 4.92) (envelope-from ) id 1oAuIi-0005Qo-4K; Mon, 11 Jul 2022 14:22:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365175.595282; Mon, 11 Jul 2022 14:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAuIi-0005Qe-1T; Mon, 11 Jul 2022 14:22:16 +0000 Received: by outflank-mailman (input) for mailman id 365175; Mon, 11 Jul 2022 14:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAuIg-0005QT-Rc for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 14:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAuIg-000124-Qu for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 14:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAuIg-0002QS-Q2 for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 14:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=B+19Bycg2Gc2IIgS8HfXjoyZoiasw+6/cXnVg+Ju24w=; b=OE8mkLPdO9hoG5HT2ihQ20IbQA 3DhMgtZjV+hhFnpBYnm5uCxfduo/vGvWfvAMTnmWz2aZFHw9+0k4czMgv1XOPq8fIs4/nmru0fud5 RWCN7tjGDGXoudobzueOAi+M1OBIbcpkRPEo0ss4Bs7CoQWfrzyZbqeZTb60x/KrhMZU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/cmdline: Extend parse_boolean() to signal a name match Message-Id: Date: Mon, 11 Jul 2022 14:22:14 +0000 commit 382326cac528dd1eb0d04efd5c05363c453e29f4 Author: Andrew Cooper AuthorDate: Tue Jul 5 19:19:01 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 11 15:21:35 2022 +0100 xen/cmdline: Extend parse_boolean() to signal a name match This will help parsing a sub-option which has boolean and non-boolean options available. First, rework 'int val' into 'bool has_neg_prefix'. This inverts it's value, but the resulting logic is far easier to follow. Second, reject anything of the form 'no-$FOO=' which excludes ambiguous constructs such as 'no-$foo=yes' which have never been valid. This just leaves the case where everything is otherwise fine, but parse_bool() can't interpret the provided string. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/common/kernel.c | 20 ++++++++++++++++---- xen/include/xen/lib.h | 3 ++- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index 08bdae082a..f8134d3e7a 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -272,9 +272,9 @@ int parse_bool(const char *s, const char *e) int parse_boolean(const char *name, const char *s, const char *e) { size_t slen, nlen; - int val = !!strncmp(s, "no-", 3); + bool has_neg_prefix = !strncmp(s, "no-", 3); - if ( !val ) + if ( has_neg_prefix ) s += 3; slen = e ? ({ ASSERT(e >= s); e - s; }) : strlen(s); @@ -286,11 +286,23 @@ int parse_boolean(const char *name, const char *s, const char *e) /* Exact, unadorned name? Result depends on the 'no-' prefix. */ if ( slen == nlen ) - return val; + return !has_neg_prefix; + + /* Inexact match with a 'no-' prefix? Not valid. */ + if ( has_neg_prefix ) + return -1; /* =$SOMETHING? Defer to the regular boolean parsing. */ if ( s[nlen] == '=' ) - return parse_bool(&s[nlen + 1], e); + { + int b = parse_bool(&s[nlen + 1], e); + + if ( b >= 0 ) + return b; + + /* Not a boolean, but the name matched. Signal specially. */ + return -2; + } /* Unrecognised. Give up. */ return -1; diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index aab1fc7c4a..05ee1e18af 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -89,7 +89,8 @@ int parse_bool(const char *s, const char *e); /** * Given a specific name, parses a string of the form: * [no-]$NAME[=...] - * returning 0 or 1 for a recognised boolean, or -1 for an error. + * returning 0 or 1 for a recognised boolean. Returns -1 for general errors, + * and -2 for "not a boolean, but $NAME= matches". */ int parse_boolean(const char *name, const char *s, const char *e); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 14:22:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 14:22:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365176.595286 (Exim 4.92) (envelope-from ) id 1oAuIs-0005TS-5u; Mon, 11 Jul 2022 14:22:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365176.595286; Mon, 11 Jul 2022 14:22:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAuIs-0005TJ-2x; Mon, 11 Jul 2022 14:22:26 +0000 Received: by outflank-mailman (input) for mailman id 365176; Mon, 11 Jul 2022 14:22:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAuIq-0005Sz-Uo for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 14:22:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oAuIq-00012f-U3 for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 14:22:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oAuIq-0002Qt-T5 for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 14:22:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Lc0CJtCMmEgWQTEViFZjOF2xkhI7Mk6EC25ylaTur+w=; b=LhOoT4wcqpQkG21r17+VyhG0OL 2OONSUDsbGCsJBxpCM1LEY9Y0u+oeSXDh/AtqjhacpUnjOQ+Revce+VBV2eV4Hj5k64lNd8u6r3ff CDf/TgzLoIx6FB/+HgN3ZX8MsFZ/Kb+55Socgf4ZYs0BUgLR0gttJYj+iHFlT8+FxaIs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Message-Id: Date: Mon, 11 Jul 2022 14:22:24 +0000 commit 27357c394ba6e1571a89105b840ce1c6f026485c Author: Andrew Cooper AuthorDate: Fri Jul 8 16:44:43 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 11 15:21:35 2022 +0100 x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Support controling the PV/HVM suboption of msr-sc/rsb/md-clear, which previously wasn't possible. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- docs/misc/xen-command-line.pandoc | 12 +++++-- xen/arch/x86/spec_ctrl.c | 66 +++++++++++++++++++++++++++++++++------ 2 files changed, 66 insertions(+), 12 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index da18172e50..de33ccc005 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2257,7 +2257,8 @@ not be able to control the state of the mitigation. By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) -> `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, +> `= List of [ , xen=, {pv,hvm}=, +> {msr-sc,rsb,md-clear}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2282,12 +2283,17 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The booleans `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` offer fine +The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and Xen's ability to virtualise support for guests to use. +protect itself, and/or Xen's ability to virtualise support for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. +* Each other option can be used either as a plain boolean + (e.g. `spec-ctrl=rsb` to control both the PV and HVM sub-options), or with + `pv=` or `hvm=` subsuboptions (e.g. `spec-ctrl=rsb=no-hvm` to disable HVM + RSB only). + * `msr-sc=` offers control over Xen's support for manipulating `MSR_SPEC_CTRL` on entry and exit. These blocks are necessary to virtualise support for guests and if disabled, guests will be unable to use IBRS/STIBP/SSBD/etc. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ba64a09048..328862bdf5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -147,20 +147,68 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_md_clear_hvm = val; } - else if ( (val = parse_boolean("msr-sc", s, ss)) >= 0 ) + else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { - opt_msr_sc_pv = val; - opt_msr_sc_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_msr_sc_pv = opt_msr_sc_hvm = val; + break; + + case -2: + s += strlen("msr-sc="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_msr_sc_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_msr_sc_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("rsb", s, ss)) >= 0 ) + else if ( (val = parse_boolean("rsb", s, ss)) != -1 ) { - opt_rsb_pv = val; - opt_rsb_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_rsb_pv = opt_rsb_hvm = val; + break; + + case -2: + s += strlen("rsb="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_rsb_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_rsb_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("md-clear", s, ss)) >= 0 ) + else if ( (val = parse_boolean("md-clear", s, ss)) != -1 ) { - opt_md_clear_pv = val; - opt_md_clear_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_md_clear_pv = opt_md_clear_hvm = val; + break; + + case -2: + s += strlen("md-clear="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_md_clear_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_md_clear_hvm = val; + else + default: + rc = -EINVAL; + break; + } } /* Xen's speculative sidechannel mitigation settings. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 23:33:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 23:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365390.595500 (Exim 4.92) (envelope-from ) id 1oB2ti-0004G9-VF; Mon, 11 Jul 2022 23:33:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365390.595500; Mon, 11 Jul 2022 23:33:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2ti-0004G2-Rf; Mon, 11 Jul 2022 23:33:02 +0000 Received: by outflank-mailman (input) for mailman id 365390; Mon, 11 Jul 2022 23:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2ti-0004Fw-Ce for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2ti-0004Q3-Aq for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB2ti-00035b-9s for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lD7wJmAARnTDU2cGhX4OoyvGJadH/knIfgW6U84DQUw=; b=VCTndHxBz7Ht9JQpxhpawIU36t 3MUIxuOjpFMXRu0u59v0Ojn0BbOeD8oyMyABCZLFSfuhbE8ctBFgq57WZrl7gAEXBYE5eiOpLr54g XT7SbcYxKjIvX3fmdOQcdaOEIC/rZf3di+ENpmEeTKbt0cEXYWGps+tcIlIsab/nGIqQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: harmonize return types of hypercall handlers Message-Id: Date: Mon, 11 Jul 2022 23:33:02 +0000 commit 7e21b25059ed7e8f70dcc4626403fc9986c98932 Author: Juergen Gross AuthorDate: Mon Jul 11 11:58:21 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 11:58:21 2022 +0200 xen: harmonize return types of hypercall handlers Today most hypercall handlers have a return type of long, while the compat ones return an int. There are a few exceptions from that rule, however. Get rid of the exceptions by letting compat handlers always return int and others always return long, with the exception of the Arm specific physdev_op handler. For the compat hvm case use eax instead of rax for the stored result as it should have been from the beginning. Additionally move some prototypes to include/asm-x86/hypercall.h as they are x86 specific. Move the compat_platform_op() prototype to the common header. Rename paging_domctl_continuation() to do_paging_domctl_cont() and add a matching define for the associated hypercall. Make do_callback_op() and compat_callback_op() more similar by adding the const attribute to compat_callback_op()'s 2nd parameter. Change the type of the cmd parameter for [do|compat]_kexec_op() to unsigned int, as this is more appropriate for the compat case. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich Reviewed-by: Christopher Clark # argo --- xen/arch/x86/domctl.c | 4 ++-- xen/arch/x86/hvm/hypercall.c | 8 ++------ xen/arch/x86/hypercall.c | 2 +- xen/arch/x86/include/asm/hypercall.h | 31 ++++++++++++++++--------------- xen/arch/x86/include/asm/paging.h | 3 --- xen/arch/x86/mm/paging.c | 3 ++- xen/arch/x86/pv/callback.c | 14 +++++++------- xen/arch/x86/pv/hypercall.c | 5 +---- xen/arch/x86/pv/iret.c | 4 ++-- xen/arch/x86/pv/misc-hypercalls.c | 14 +++++++++----- xen/common/argo.c | 6 +++--- xen/common/kexec.c | 6 +++--- xen/include/xen/hypercall.h | 20 +++++++++----------- 13 files changed, 57 insertions(+), 63 deletions(-) diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index 1c62046c01..020df615bd 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -212,8 +212,8 @@ long arch_do_domctl( case XEN_DOMCTL_shadow_op: ret = paging_domctl(d, &domctl->u.shadow_op, u_domctl, 0); if ( ret == -ERESTART ) - return hypercall_create_continuation(__HYPERVISOR_arch_1, - "h", u_domctl); + return hypercall_create_continuation( + __HYPERVISOR_paging_domctl_cont, "h", u_domctl); copyback = true; break; diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index 62b5349e7d..3a35543997 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -124,8 +124,6 @@ static long cf_check hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) do_ ## x, \ (hypercall_fn_t *) compat_ ## x } -#define do_arch_1 paging_domctl_continuation - static const struct { hypercall_fn_t *native, *compat; } hvm_hypercall_table[] = { @@ -158,11 +156,9 @@ static const struct { #ifdef CONFIG_HYPFS HYPERCALL(hypfs_op), #endif - HYPERCALL(arch_1) + HYPERCALL(paging_domctl_cont) }; -#undef do_arch_1 - #undef HYPERCALL #undef HVM_CALL #undef COMPAT_CALL @@ -300,7 +296,7 @@ int hvm_hypercall(struct cpu_user_regs *regs) #endif curr->hcall_compat = true; - regs->rax = hvm_hypercall_table[eax].compat(ebx, ecx, edx, esi, edi); + regs->eax = hvm_hypercall_table[eax].compat(ebx, ecx, edx, esi, edi); curr->hcall_compat = false; #ifndef NDEBUG diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 2370d31d3f..07e1a45ef5 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -75,7 +75,7 @@ const hypercall_args_t hypercall_args_table[NR_hypercalls] = ARGS(dm_op, 3), ARGS(hypfs_op, 5), ARGS(mca, 1), - ARGS(arch_1, 1), + ARGS(paging_domctl_cont, 1), }; #undef COMP diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index 1c57236dc7..81ca25f7b3 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -15,6 +15,8 @@ #include /* for do_mca */ #include +#define __HYPERVISOR_paging_domctl_cont __HYPERVISOR_arch_1 + typedef unsigned long hypercall_fn_t( unsigned long, unsigned long, unsigned long, unsigned long, unsigned long); @@ -84,7 +86,7 @@ do_set_debugreg( int reg, unsigned long value); -extern unsigned long cf_check +extern long cf_check do_get_debugreg( int reg); @@ -122,7 +124,7 @@ do_mmuext_op( extern long cf_check do_callback_op( int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg); -extern unsigned long cf_check +extern long cf_check do_iret( void); @@ -137,17 +139,20 @@ do_set_segment_base( unsigned int which, unsigned long base); +long cf_check do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); + +long cf_check do_xenpmu_op(unsigned int op, + XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg); + +long cf_check do_paging_domctl_cont( + XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); + #ifdef CONFIG_COMPAT #include #include #include -extern int cf_check -compat_physdev_op( - int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - extern int compat_common_vcpu_op( int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); @@ -158,12 +163,8 @@ extern int cf_check compat_mmuext_op( XEN_GUEST_HANDLE_PARAM(uint) pdone, unsigned int foreigndom); -DEFINE_XEN_GUEST_HANDLE(compat_platform_op_t); -extern int cf_check compat_platform_op( - XEN_GUEST_HANDLE_PARAM(compat_platform_op_t) u_xenpf_op); - -extern long cf_check compat_callback_op( - int cmd, XEN_GUEST_HANDLE(void) arg); +extern int cf_check compat_callback_op( + int cmd, XEN_GUEST_HANDLE(const_void) arg); extern int cf_check compat_update_va_mapping( unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags); @@ -181,12 +182,12 @@ extern int cf_check compat_set_gdt( extern int cf_check compat_update_descriptor( uint32_t pa_lo, uint32_t pa_hi, uint32_t desc_lo, uint32_t desc_hi); -extern unsigned int cf_check compat_iret(void); +extern int cf_check compat_iret(void); extern int cf_check compat_nmi_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long cf_check compat_set_callbacks( +extern int cf_check compat_set_callbacks( unsigned long event_selector, unsigned long event_address, unsigned long failsafe_selector, unsigned long failsafe_address); diff --git a/xen/arch/x86/include/asm/paging.h b/xen/arch/x86/include/asm/paging.h index b7ecfd4721..b2b243a4ff 100644 --- a/xen/arch/x86/include/asm/paging.h +++ b/xen/arch/x86/include/asm/paging.h @@ -231,9 +231,6 @@ int paging_domctl(struct domain *d, struct xen_domctl_shadow_op *sc, XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl, bool_t resuming); -/* Helper hypercall for dealing with continuations. */ -long cf_check paging_domctl_continuation(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)); - /* Call when destroying a vcpu/domain */ void paging_vcpu_teardown(struct vcpu *v); int paging_teardown(struct domain *d); diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index b7e2750817..eb9155f81c 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -21,6 +21,7 @@ #include #include +#include #include #include #include @@ -759,7 +760,7 @@ int paging_domctl(struct domain *d, struct xen_domctl_shadow_op *sc, return shadow_domctl(d, sc, u_domctl); } -long cf_check paging_domctl_continuation( +long cf_check do_paging_domctl_cont( XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { struct xen_domctl op; diff --git a/xen/arch/x86/pv/callback.c b/xen/arch/x86/pv/callback.c index 55148c7f9e..1be9d3f731 100644 --- a/xen/arch/x86/pv/callback.c +++ b/xen/arch/x86/pv/callback.c @@ -207,9 +207,9 @@ long cf_check do_set_callbacks( #include #include -static long compat_register_guest_callback(struct compat_callback_register *reg) +static int compat_register_guest_callback(struct compat_callback_register *reg) { - long ret = 0; + int ret = 0; struct vcpu *curr = current; fixup_guest_code_selector(curr->domain, reg->address.cs); @@ -256,10 +256,10 @@ static long compat_register_guest_callback(struct compat_callback_register *reg) return ret; } -static long compat_unregister_guest_callback( +static int compat_unregister_guest_callback( struct compat_callback_unregister *unreg) { - long ret; + int ret; switch ( unreg->type ) { @@ -283,9 +283,9 @@ static long compat_unregister_guest_callback( return ret; } -long cf_check compat_callback_op(int cmd, XEN_GUEST_HANDLE(void) arg) +int cf_check compat_callback_op(int cmd, XEN_GUEST_HANDLE(const_void) arg) { - long ret; + int ret; switch ( cmd ) { @@ -321,7 +321,7 @@ long cf_check compat_callback_op(int cmd, XEN_GUEST_HANDLE(void) arg) return ret; } -long cf_check compat_set_callbacks( +int cf_check compat_set_callbacks( unsigned long event_selector, unsigned long event_address, unsigned long failsafe_selector, unsigned long failsafe_address) { diff --git a/xen/arch/x86/pv/hypercall.c b/xen/arch/x86/pv/hypercall.c index e8fbee7bbb..fe8dfe9e8f 100644 --- a/xen/arch/x86/pv/hypercall.c +++ b/xen/arch/x86/pv/hypercall.c @@ -47,8 +47,6 @@ typedef struct { #define COMPAT_CALL(x) HYPERCALL(x) #endif -#define do_arch_1 paging_domctl_continuation - static const pv_hypercall_table_t pv_hypercall_table[] = { COMPAT_CALL(set_trap_table), HYPERCALL(mmu_update), @@ -109,11 +107,10 @@ static const pv_hypercall_table_t pv_hypercall_table[] = { #endif HYPERCALL(mca), #ifndef CONFIG_PV_SHIM_EXCLUSIVE - HYPERCALL(arch_1), + HYPERCALL(paging_domctl_cont), #endif }; -#undef do_arch_1 #undef COMPAT_CALL #undef HYPERCALL diff --git a/xen/arch/x86/pv/iret.c b/xen/arch/x86/pv/iret.c index 797a427ffa..58de9f7922 100644 --- a/xen/arch/x86/pv/iret.c +++ b/xen/arch/x86/pv/iret.c @@ -49,7 +49,7 @@ static void async_exception_cleanup(struct vcpu *curr) curr->arch.async_exception_state(trap).old_mask; } -unsigned long cf_check do_iret(void) +long cf_check do_iret(void) { struct cpu_user_regs *regs = guest_cpu_user_regs(); struct iret_context iret_saved; @@ -106,7 +106,7 @@ unsigned long cf_check do_iret(void) } #ifdef CONFIG_PV32 -unsigned int cf_check compat_iret(void) +int cf_check compat_iret(void) { struct cpu_user_regs *regs = guest_cpu_user_regs(); struct vcpu *v = current; diff --git a/xen/arch/x86/pv/misc-hypercalls.c b/xen/arch/x86/pv/misc-hypercalls.c index 5649aaab44..635f5a644a 100644 --- a/xen/arch/x86/pv/misc-hypercalls.c +++ b/xen/arch/x86/pv/misc-hypercalls.c @@ -28,12 +28,16 @@ long cf_check do_set_debugreg(int reg, unsigned long value) return set_debugreg(current, reg, value); } -unsigned long cf_check do_get_debugreg(int reg) +long cf_check do_get_debugreg(int reg) { - unsigned long val; - int res = x86emul_read_dr(reg, &val, NULL); - - return res == X86EMUL_OKAY ? val : -ENODEV; + /* Avoid implementation defined behavior casting unsigned long to long. */ + union { + unsigned long val; + long ret; + } u; + int res = x86emul_read_dr(reg, &u.val, NULL); + + return res == X86EMUL_OKAY ? u.ret : -ENODEV; } long cf_check do_fpu_taskswitch(int set) diff --git a/xen/common/argo.c b/xen/common/argo.c index 297f6d11f0..26a01c2188 100644 --- a/xen/common/argo.c +++ b/xen/common/argo.c @@ -2207,13 +2207,13 @@ do_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, } #ifdef CONFIG_COMPAT -long cf_check +int cf_check compat_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, unsigned long arg3, unsigned long arg4) { struct domain *currd = current->domain; - long rc; + int rc; xen_argo_send_addr_t send_addr; xen_argo_iov_t iovs[XEN_ARGO_MAXIOV]; compat_argo_iov_t compat_iovs[XEN_ARGO_MAXIOV]; @@ -2267,7 +2267,7 @@ compat_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, rc = sendv(currd, &send_addr.src, &send_addr.dst, iovs, niov, arg4); out: - argo_dprintk("<-compat_argo_op(%u)=%ld\n", cmd, rc); + argo_dprintk("<-compat_argo_op(%u)=%d\n", cmd, rc); return rc; } diff --git a/xen/common/kexec.c b/xen/common/kexec.c index a2ffb6530c..41669964d2 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -1213,7 +1213,7 @@ static int kexec_status(XEN_GUEST_HANDLE_PARAM(void) uarg) return !!test_bit(bit, &kexec_flags); } -static int do_kexec_op_internal(unsigned long op, +static int do_kexec_op_internal(unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg, bool_t compat) { @@ -1265,13 +1265,13 @@ static int do_kexec_op_internal(unsigned long op, return ret; } -long cf_check do_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg) +long cf_check do_kexec_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg) { return do_kexec_op_internal(op, uarg, 0); } #ifdef CONFIG_COMPAT -int cf_check compat_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg) +int cf_check compat_kexec_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg) { return do_kexec_op_internal(op, uarg, 1); } diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index 81aae7a662..a032ba2b4a 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -114,11 +114,6 @@ common_vcpu_op(int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long cf_check -do_nmi_op( - unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - extern long cf_check do_hvm_op( unsigned long op, @@ -126,7 +121,7 @@ do_hvm_op( extern long cf_check do_kexec_op( - unsigned long op, + unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg); extern long cf_check @@ -145,9 +140,6 @@ extern long cf_check do_argo_op( extern long cf_check do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long cf_check -do_xenpmu_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg); - extern long cf_check do_dm_op( domid_t domid, @@ -205,15 +197,21 @@ extern int cf_check compat_xsm_op( XEN_GUEST_HANDLE_PARAM(void) op); extern int cf_check compat_kexec_op( - unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg); + unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg); DEFINE_XEN_GUEST_HANDLE(multicall_entry_compat_t); extern int cf_check compat_multicall( XEN_GUEST_HANDLE_PARAM(multicall_entry_compat_t) call_list, uint32_t nr_calls); +int compat_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); + +typedef struct compat_platform_op compat_platform_op_t; +DEFINE_XEN_GUEST_HANDLE(compat_platform_op_t); +int compat_platform_op(XEN_GUEST_HANDLE_PARAM(compat_platform_op_t) u_xenpf_op); + #ifdef CONFIG_ARGO -extern long cf_check compat_argo_op( +extern int cf_check compat_argo_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 23:33:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 23:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365391.595504 (Exim 4.92) (envelope-from ) id 1oB2tt-0004Ii-2G; Mon, 11 Jul 2022 23:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365391.595504; Mon, 11 Jul 2022 23:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2ts-0004IY-Vi; Mon, 11 Jul 2022 23:33:12 +0000 Received: by outflank-mailman (input) for mailman id 365391; Mon, 11 Jul 2022 23:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2ts-0004IN-Fl for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2ts-0004QB-Et for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB2ts-00036D-DG for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=leyDlRvUFD+27ONX7rzPQHFlWxOUnNuxfri+TvKK7CY=; b=KgUyHU4n1K8ceHBBNKsmUtK8mi 3Yn/vy1/WaBMsKr560uWvXvD0EXLRKDmxrKSFa5qpcBaYymUNzAY/k4RLqkEjVEh8VzJl1PJuXQJs 9hoyzODFUZCg91U6pqAlIxt8oyTSGxeYi5LV9bvpx6xuNUZTIoY/NmQ5QN89OeA4pJYw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: include compat/platform.h from hypercall.h Message-Id: Date: Mon, 11 Jul 2022 23:33:12 +0000 commit e1664942b296e5a7bd82153bbead65c716779f35 Author: Juergen Gross AuthorDate: Mon Jul 11 11:59:16 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 11:59:16 2022 +0200 xen: include compat/platform.h from hypercall.h The definition of compat_platform_op_t is in compat/platform.h already, so include that file from hypercall.h instead of repeating the typedef. This allows to remove the related include statement from arch/x86/x86_64/platform_hypercall.c. Signed-off-by: Juergen Gross Acked-by: Jan Beulich --- xen/arch/x86/x86_64/platform_hypercall.c | 1 - xen/include/xen/hypercall.h | 4 +++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/x86_64/platform_hypercall.c b/xen/arch/x86/x86_64/platform_hypercall.c index 966fd27b5f..5bf6b958d2 100644 --- a/xen/arch/x86/x86_64/platform_hypercall.c +++ b/xen/arch/x86/x86_64/platform_hypercall.c @@ -5,7 +5,6 @@ EMIT_FILE; #include -#include #include #define xen_platform_op compat_platform_op diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index a032ba2b4a..ca8ee22717 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -15,6 +15,9 @@ #include #include #include +#ifdef CONFIG_COMPAT +#include +#endif #include #include @@ -206,7 +209,6 @@ extern int cf_check compat_multicall( int compat_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -typedef struct compat_platform_op compat_platform_op_t; DEFINE_XEN_GUEST_HANDLE(compat_platform_op_t); int compat_platform_op(XEN_GUEST_HANDLE_PARAM(compat_platform_op_t) u_xenpf_op); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 23:33:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 23:33:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365392.595507 (Exim 4.92) (envelope-from ) id 1oB2u4-0004Lc-4E; Mon, 11 Jul 2022 23:33:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365392.595507; Mon, 11 Jul 2022 23:33:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2u4-0004LV-0y; Mon, 11 Jul 2022 23:33:24 +0000 Received: by outflank-mailman (input) for mailman id 365392; Mon, 11 Jul 2022 23:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2u2-0004Kz-JI for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2u2-0004Ql-Hz for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB2u2-00036h-HE for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PLd14D+13wRLJ1PBGnXNfGVliGrQCpipsZCiTGierOY=; b=aREWavRXXU8g2IvGd1yvg0ULpW l2Lg9K6jgginqb8wSLsjc23U+10bbAPwdQIdF7mpcVTOpQPWUhe8/hYSlcnBOyvIX4NzMU2ux/zG5 PZpUqJmlWbzts7iOCexYLqYTur3OQkTQ+d4KdFaarcvhN675RYUIL7WSiGIpTOU0wcns=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: generate hypercall interface related code Message-Id: Date: Mon, 11 Jul 2022 23:33:22 +0000 commit eca1f00d02274ad6c1d604ded30cd7cae21e43f0 Author: Juergen Gross AuthorDate: Mon Jul 11 12:06:19 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:06:19 2022 +0200 xen: generate hypercall interface related code Instead of repeating similar data multiple times use a single source file and a generator script for producing prototypes and call sequences of the hypercalls. As the script already knows the number of parameters used add generating a macro for populating an array with the number of parameters per hypercall. The priorities for the specific hypercalls are based on two benchamrks performed in guests (PV and PVH): - make -j 4 of the Xen hypervisor (resulting in cpu load with lots of processes created) - scp of a large file to the guest (network load) With a small additional debug patch applied the number of the different hypercalls in the guest and in dom0 (for looking at backend activity related hypercalls) were counted while the benchmark in domU was running: PV-hypercall PV-guest build PV-guest scp dom0 build dom0 scp mmu_update 186175729 2865 20936 33725 stack_switch 1273311 62381 108589 270764 multicall 2182803 50 302 524 update_va_mapping 571868 10 60 80 xen_version 73061 850 859 5432 grant_table_op 0 0 35557 139110 iret 75673006 484132 268157 757958 vcpu_op 453037 71199 138224 334988 set_segment_base 1650249 62387 108645 270823 mmuext_op 11225681 188 7239 3426 sched_op 280153 134645 70729 137943 event_channel_op 192327 66204 71409 214191 physdev_op 0 0 7721 4315 (the dom0 values are for the guest running the build or scp test, so dom0 acting as backend) HVM-hypercall PVH-guest build PVH-guest scp vcpu_op 277684 2324 event_channel_op 350233 57383 (the related dom0 counter values are in the same range as with the test running in the PV guest) Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich Acked-by: Julien Grall --- .gitignore | 1 + xen/include/Makefile | 13 ++ xen/include/hypercall-defs.c | 285 ++++++++++++++++++++++++++++++++++++++ xen/scripts/gen_hypercall.awk | 314 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 613 insertions(+) diff --git a/.gitignore b/.gitignore index c9951063c3..def9339ff1 100644 --- a/.gitignore +++ b/.gitignore @@ -327,6 +327,7 @@ xen/include/public/public xen/include/xen/*.new xen/include/xen/acm_policy.h xen/include/xen/compile.h +xen/include/xen/hypercall-defs.h xen/include/xen/lib/x86/cpuid-autogen.h xen/source xen/test/livepatch/config.h diff --git a/xen/include/Makefile b/xen/include/Makefile index 510f65c92a..39d9f5556c 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -104,6 +104,18 @@ cmd_xlat_h = \ $(obj)/compat/xlat.h: $(addprefix $(obj)/compat/.xlat/,$(xlat-y)) FORCE $(call if_changed,xlat_h) +quiet_cmd_genhyp = GEN $@ +define cmd_genhyp + awk -f $(srctree)/scripts/gen_hypercall.awk <$< >$@ +endef + +all: $(obj)/xen/hypercall-defs.h + +$(obj)/xen/hypercall-defs.h: $(obj)/hypercall-defs.i $(srctree)/scripts/gen_hypercall.awk FORCE + $(call if_changed,genhyp) + +targets += xen/hypercall-defs.h + ifeq ($(XEN_TARGET_ARCH),$(XEN_COMPILE_ARCH)) all: $(obj)/headers.chk $(obj)/headers99.chk $(obj)/headers++.chk @@ -213,3 +225,4 @@ all: lib-x86-all endif clean-files := compat config generated headers*.chk xen/lib/x86/cpuid-autogen.h +clean-files += xen/hypercall-defs.h hypercall-defs.i diff --git a/xen/include/hypercall-defs.c b/xen/include/hypercall-defs.c new file mode 100644 index 0000000000..60cbeb18e4 --- /dev/null +++ b/xen/include/hypercall-defs.c @@ -0,0 +1,285 @@ +/* + * Hypercall interface description: + * Used by scripts/gen_hypercall.awk to generate hypercall prototypes and call + * sequences. + * + * Syntax is like a prototype, but without return type and without the ";" at + * the end. Pointer types will be automatically converted to use the + * XEN_GUEST_HANDLE_PARAM() macro. Handlers with no parameters just use a + * definition like "fn()". + * Hypercall/function names are without the leading "__HYPERVISOR_"/"do_" + * strings. + * + * The return type of a class of prototypes using the same prefix is set via: + * rettype: + * Default return type is "long". A return type for a prefix can be set only + * once and it needs to be set before that prefix is being used via the + * "prefix:" directive. + * + * The prefix of the prototypes is set via a line: + * prefix: ... + * Multiple prefixes are possible (restriction see below). Prefixes are without + * a trailing "_". The current prefix settings are active until a new "prefix:" + * line. + * + * Caller macros are suffixed with a selectable name via lines like: + * caller: + * When a caller suffix is active, there is only one active prefix allowed. + * + * With a "defhandle:" line it is possible to add a DEFINE_XEN_GUEST_HANDLE() + * to the generated header: + * defhandle: [] + * Without specifying only a DEFINE_XEN_GUEST_HANDLE() + * will be generated, otherwise it will be a + * __DEFINE_XEN_GUEST_HANDLE(, ) being generated. Note that + * the latter will include the related "const" handle "const_". + * + * In order to support using coding style compliant pointers in the + * prototypes it is possible to add translation entries to generate the correct + * handle types: + * handle: + * This will result in the prototype translation from " *" to + * "XEN_GUEST_HANDLE_PARAM()". + * + * The hypercall handler calling code will be generated from a final table in + * the source file, which is started via the line: + * table: ... + * with the s specifying the designated caller macro of each column of + * the table. Any column of a not having been set via a "caller:" + * line will be ignored. + * The first column of the table contains the hypercall/prototype, each + * column contains the prefix for the function to use for that caller. + * A function prefix can be annotated with a priority by adding ":" to it + * ("1" being the highest priority, higher numbers mean lower priority, no + * priority specified is the lowest priority). The generated code will try to + * achieve better performance for calling high priority handlers. + * A column not being supported by a is marked with "-". Lines with all + * entries being "-" after removal of inactive columns are ignored. + * + * This file is being preprocessed using $(CPP), so #ifdef CONFIG_* conditionals + * are possible. + */ + +#ifdef CONFIG_HVM +#define PREFIX_hvm hvm +#else +#define PREFIX_hvm +#endif + +#ifdef CONFIG_COMPAT +#define PREFIX_compat compat +rettype: compat int +#else +#define PREFIX_compat +#endif + +#ifdef CONFIG_ARM +#define PREFIX_dep dep +#define PREFIX_do_arm do_arm +rettype: do_arm int +#else +#define PREFIX_dep +#define PREFIX_do_arm +#endif + +handle: uint unsigned int +handle: const_void const void +handle: const_char const char + +#ifdef CONFIG_COMPAT +defhandle: multicall_entry_compat_t +#ifndef CONFIG_PV_SHIM_EXCLUSIVE +defhandle: compat_platform_op_t +#endif +#endif +#ifdef CONFIG_PV32 +defhandle: trap_info_compat_t +defhandle: physdev_op_compat_t +#endif + +prefix: do PREFIX_hvm PREFIX_compat PREFIX_do_arm +physdev_op(int cmd, void *arg) + +prefix: do PREFIX_hvm PREFIX_compat +#if defined(CONFIG_GRANT_TABLE) || defined(CONFIG_PV_SHIM) +grant_table_op(unsigned int cmd, void *uop, unsigned int count) +#endif + +prefix: do PREFIX_hvm +memory_op(unsigned long cmd, void *arg) + +prefix: do PREFIX_compat +xen_version(int cmd, void *arg) +vcpu_op(int cmd, unsigned int vcpuid, void *arg) +sched_op(int cmd, void *arg) +xsm_op(void *op) +callback_op(int cmd, const void *arg) +#ifdef CONFIG_ARGO +argo_op(unsigned int cmd, void *arg1, void *arg2, unsigned long arg3, unsigned long arg4) +#endif +#ifdef CONFIG_KEXEC +kexec_op(unsigned int op, void *uarg) +#endif +#ifdef CONFIG_PV +iret() +nmi_op(unsigned int cmd, void *arg) +#ifdef CONFIG_XENOPROF +xenoprof_op(int op, void *arg) +#endif +#endif /* CONFIG_PV */ + +#ifdef CONFIG_COMPAT +prefix: compat +set_timer_op(uint32_t lo, int32_t hi) +multicall(multicall_entry_compat_t *call_list, uint32_t nr_calls) +memory_op(unsigned int cmd, void *arg) +#ifdef CONFIG_IOREQ_SERVER +dm_op(domid_t domid, unsigned int nr_bufs, void *bufs) +#endif +mmuext_op(void *arg, unsigned int count, uint *pdone, unsigned int foreigndom) +#ifdef CONFIG_PV32 +set_trap_table(trap_info_compat_t *traps) +set_gdt(unsigned int *frame_list, unsigned int entries) +set_callbacks(unsigned long event_selector, unsigned long event_address, unsigned long failsafe_selector, unsigned long failsafe_address) +update_descriptor(uint32_t pa_lo, uint32_t pa_hi, uint32_t desc_lo, uint32_t desc_hi) +update_va_mapping(unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags) +physdev_op_compat(physdev_op_compat_t *uop) +update_va_mapping_otherdomain(unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags, domid_t domid) +#endif +#ifndef CONFIG_PV_SHIM_EXCLUSIVE +platform_op(compat_platform_op_t *u_xenpf_op) +#endif +#endif /* CONFIG_COMPAT */ + +#if defined(CONFIG_PV) || defined(CONFIG_ARM) +prefix: do PREFIX_dep +event_channel_op_compat(evtchn_op_t *uop) +physdev_op_compat(physdev_op_t *uop) +/* Legacy hypercall (as of 0x00030101). */ +sched_op_compat(int cmd, unsigned long arg) +#endif + +prefix: do +set_timer_op(s_time_t timeout) +console_io(unsigned int cmd, unsigned int count, char *buffer) +vm_assist(unsigned int cmd, unsigned int type) +event_channel_op(int cmd, void *arg) +mmuext_op(mmuext_op_t *uops, unsigned int count, unsigned int *pdone, unsigned int foreigndom) +multicall(multicall_entry_t *call_list, unsigned int nr_calls) +#ifdef CONFIG_PV +mmu_update(mmu_update_t *ureqs, unsigned int count, unsigned int *pdone, unsigned int foreigndom) +stack_switch(unsigned long ss, unsigned long esp) +fpu_taskswitch(int set) +set_debugreg(int reg, unsigned long value) +get_debugreg(int reg) +set_segment_base(unsigned int which, unsigned long base) +mca(xen_mc_t *u_xen_mc) +set_trap_table(const_trap_info_t *traps) +set_gdt(xen_ulong_t *frame_list, unsigned int entries) +set_callbacks(unsigned long event_address, unsigned long failsafe_address, unsigned long syscall_address) +update_descriptor(uint64_t gaddr, seg_desc_t desc) +update_va_mapping(unsigned long va, uint64_t val64, unsigned long flags) +update_va_mapping_otherdomain(unsigned long va, uint64_t val64, unsigned long flags, domid_t domid) +#endif +#ifdef CONFIG_IOREQ_SERVER +dm_op(domid_t domid, unsigned int nr_bufs, xen_dm_op_buf_t *bufs) +#endif +#ifndef CONFIG_PV_SHIM_EXCLUSIVE +sysctl(xen_sysctl_t *u_sysctl) +domctl(xen_domctl_t *u_domctl) +paging_domctl_cont(xen_domctl_t *u_domctl) +platform_op(xen_platform_op_t *u_xenpf_op) +#endif +#ifdef CONFIG_HVM +hvm_op(unsigned long op, void *arg) +#endif +#ifdef CONFIG_HYPFS +hypfs_op(unsigned int cmd, const char *arg1, unsigned long arg2, void *arg3, unsigned long arg4) +#endif +#ifdef CONFIG_X86 +xenpmu_op(unsigned int op, xen_pmu_params_t *arg) +#endif + +#ifdef CONFIG_PV +caller: pv64 +#ifdef CONFIG_PV32 +caller: pv32 +#endif +#endif +#if defined(CONFIG_HVM) && defined(CONFIG_X86) +caller: hvm64 +#ifdef CONFIG_COMPAT +caller: hvm32 +#endif +#endif +#ifdef CONFIG_ARM +caller: arm +#endif + +table: pv32 pv64 hvm32 hvm64 arm +set_trap_table compat do - - - +mmu_update do:1 do:1 - - - +set_gdt compat do - - - +stack_switch do:2 do:2 - - - +set_callbacks compat do - - - +fpu_taskswitch do do - - - +sched_op_compat do do - - dep +#ifndef CONFIG_PV_SHIM_EXCLUSIVE +platform_op compat do compat do do +#endif +set_debugreg do do - - - +get_debugreg do do - - - +update_descriptor compat do - - - +memory_op compat do hvm hvm do +multicall compat:2 do:2 compat do do +update_va_mapping compat do - - - +set_timer_op compat do compat do - +event_channel_op_compat do do - - dep +xen_version compat do compat do do +console_io do do do do do +physdev_op_compat compat do - - dep +#if defined(CONFIG_GRANT_TABLE) || defined(CONFIG_PV_SHIM) +grant_table_op compat do hvm hvm do +#endif +vm_assist do do do do do +update_va_mapping_otherdomain compat do - - - +iret compat:1 do:1 - - - +vcpu_op compat do compat:1 do:1 do +set_segment_base do:2 do:2 - - - +#ifdef CONFIG_PV +mmuext_op compat:2 do:2 compat do - +#endif +xsm_op compat do compat do do +nmi_op compat do - - - +sched_op compat do compat do do +callback_op compat do - - - +#ifdef CONFIG_XENOPROF +xenoprof_op compat do - - - +#endif +event_channel_op do do do:1 do:1 do:1 +physdev_op compat do hvm hvm do_arm +#ifdef CONFIG_HVM +hvm_op do do do do do +#endif +#ifndef CONFIG_PV_SHIM_EXCLUSIVE +sysctl do do do do do +domctl do do do do do +#endif +#ifdef CONFIG_KEXEC +kexec_op compat do - - - +#endif +tmem_op - - - - - +#ifdef CONFIG_ARGO +argo_op compat do compat do do +#endif +xenpmu_op do do do do - +#ifdef CONFIG_IOREQ_SERVER +dm_op compat do compat do do +#endif +#ifdef CONFIG_HYPFS +hypfs_op do do do do do +#endif +mca do do - - - +#ifndef CONFIG_PV_SHIM_EXCLUSIVE +paging_domctl_cont do do do do - +#endif diff --git a/xen/scripts/gen_hypercall.awk b/xen/scripts/gen_hypercall.awk new file mode 100644 index 0000000000..403758be21 --- /dev/null +++ b/xen/scripts/gen_hypercall.awk @@ -0,0 +1,314 @@ +# awk script to generate hypercall handler prototypes and a macro for doing +# the calls of the handlers inside a switch() statement. + +BEGIN { + printf("/* Generated file, do not edit! */\n\n"); + e = 0; + n = 0; + p = 0; + nc = 0; +} + +# Issue error to stderr +function do_err(msg) { + print "Error: "msg": "$0 >"/dev/stderr"; + exit 1; +} + +# Generate handler call +function do_call(f, p, i) { + printf(" ret = %s_%s(", pre[f, p], fn[f]); + for (i = 1; i <= n_args[f]; i++) { + if (i > 1) + printf(", "); + if (ptr[f, i]) + printf("(XEN_GUEST_HANDLE_PARAM(%s)){ _p(a%d) }", typ[f, i], i); + else + printf("(%s)(a%d)", typ[f, i], i); + } + printf("); \\\n"); +} + +# Generate case statement for call +function do_case(f, p) { + printf(" case __HYPERVISOR_%s: \\\n", fn[f]); + do_call(f, p); + printf(" break; \\\n"); +} + +# Generate switch statement for calling handlers +function do_switch(ca, p, i) { + printf(" switch ( num ) \\\n"); + printf(" { \\\n"); + for (i = 1; i <= nc; i++) + if (call[i] == ca && call_prio[i] == p) + do_case(call_fn[i], call_p[i]); + printf(" default: \\\n"); + printf(" ret = -ENOSYS; \\\n"); + printf(" break; \\\n"); + printf(" } \\\n"); +} + +function rest_of_line(par, i, val) { + val = $(par); + for (i = par + 1; i <= NF; i++) + val = val " " $(i); + return val; +} + +# Handle comments (multi- and single line) +$1 == "/*" { + comment = 1; +} +comment == 1 { + if ($(NF) == "*/") comment = 0; + next; +} + +# Skip preprocessing artefacts +$1 == "extern" { + next; +} +/^#/ { + next; +} + +# Drop empty lines +NF == 0 { + next; +} + +# Handle "handle:" line +$1 == "handle:" { + if (NF < 3) + do_err("\"handle:\" requires at least two parameters"); + val = rest_of_line(3); + xlate[val] = $2; + next; +} + +# Handle "defhandle:" line +$1 == "defhandle:" { + if (NF < 2) + do_err("\"defhandle:\" requires at least one parameter"); + e++; + if (NF == 2) { + emit[e] = sprintf("DEFINE_XEN_GUEST_HANDLE(%s);", $2); + } else { + val = rest_of_line(3); + emit[e] = sprintf("__DEFINE_XEN_GUEST_HANDLE(%s, %s);", $2, val); + xlate[val] = $2; + } + next; +} + +# Handle "rettype:" line +$1 == "rettype:" { + if (NF < 3) + do_err("\"rettype:\" requires at least two parameters"); + if ($2 in rettype) + do_err("rettype can be set only once for each prefix"); + rettype[$2] = rest_of_line(3); + next; +} + +# Handle "caller:" line +$1 == "caller:" { + caller[$2] = 1; + next; +} + +# Handle "prefix:" line +$1 == "prefix:" { + p = NF - 1; + for (i = 2; i <= NF; i++) { + prefix[i - 1] = $(i); + if (!(prefix[i - 1] in rettype)) + rettype[prefix[i - 1]] = "long"; + } + next; +} + +# Handle "table:" line +$1 == "table:" { + table = 1; + for (i = 2; i <= NF; i++) + col[i - 1] = $(i); + n_cols = NF - 1; + next; +} + +# Handle table definition line +table == 1 { + if (NF != n_cols + 1) + do_err("Table definition line has wrong number of fields"); + for (c = 1; c <= n_cols; c++) { + if (caller[col[c]] != 1) + continue; + if ($(c + 1) == "-") + continue; + pref = $(c + 1); + idx = index(pref, ":"); + if (idx == 0) + prio = 100; + else { + prio = substr(pref, idx + 1) + 0; + pref = substr(pref, 1, idx - 1); + if (prio >= 100 || prio < 1) + do_err("Priority must be in the range 1..99"); + } + fnd = 0; + for (i = 1; i <= n; i++) { + if (fn[i] != $1) + continue; + for (j = 1; j <= n_pre[i]; j++) { + if (pre[i, j] == pref) { + prios[col[c], prio]++; + if (prios[col[c], prio] == 1) { + n_prios[col[c]]++; + prio_list[col[c], n_prios[col[c]]] = prio; + prio_mask[col[c], prio] = "(1ULL << __HYPERVISOR_"$1")"; + } else + prio_mask[col[c], prio] = prio_mask[col[c], prio] " | (1ULL << __HYPERVISOR_"$1")"; + nc++; + call[nc] = col[c]; + call_fn[nc] = i; + call_p[nc] = j; + call_prio[nc] = prio; + fnd = 1; + } + } + } + if (fnd == 0) + do_err("No prototype for prefix/hypercall combination"); + } + next; +} + +# Prototype line +{ + bro = index($0, "("); + brc = index($0, ")"); + if (bro < 2 || brc < bro) + do_err("No valid prototype line"); + n++; + fn[n] = substr($0, 1, bro - 1); + n_pre[n] = p; + for (i = 1; i <= p; i++) + pre[n, i] = prefix[i]; + args = substr($0, bro + 1, brc - bro - 1); + n_args[n] = split(args, a, ","); + if (n_args[n] > 5) + do_err("Too many parameters"); + for (i = 1; i <= n_args[n]; i++) { + sub("^ *", "", a[i]); # Remove leading white space + sub(" +", " ", a[i]); # Replace multiple spaces with single ones + sub(" *$", "", a[i]); # Remove trailing white space + ptr[n, i] = index(a[i], "*"); # Is it a pointer type? + sub("[*]", "", a[i]); # Remove "*" + if (index(a[i], " ") == 0) + do_err("Parameter with no type or no name"); + typ[n, i] = a[i]; + sub(" [^ ]+$", "", typ[n, i]); # Remove parameter name + if (ptr[n, i] && (typ[n, i] in xlate)) + typ[n, i] = xlate[typ[n, i]]; + arg[n, i] = a[i]; + sub("^([^ ]+ )+", "", arg[n, i]); # Remove parameter type + } +} + +# Generate the output +END { + # Verbatim generated lines + for (i = 1; i <= e; i++) + printf("%s\n", emit[i]); + printf("\n"); + # Generate prototypes + for (i = 1; i <= n; i++) { + for (p = 1; p <= n_pre[i]; p++) { + printf("%s cf_check %s_%s(", rettype[pre[i, p]], pre[i, p], fn[i]); + if (n_args[i] == 0) + printf("void"); + else + for (j = 1; j <= n_args[i]; j++) { + if (j > 1) + printf(", "); + if (ptr[i, j]) + printf("XEN_GUEST_HANDLE_PARAM(%s)", typ[i, j]); + else + printf("%s", typ[i, j]); + printf(" %s", arg[i, j]); + } + printf(");\n"); + } + } + # Generate call sequences and args array contents + for (ca in caller) { + if (caller[ca] != 1) + continue; + need_mask = 0; + for (pl = 1; pl <= n_prios[ca]; pl++) { + for (pll = pl; pll > 1; pll--) { + if (prio_list[ca, pl] > p_list[pll - 1]) + break; + else + p_list[pll] = p_list[pll - 1]; + } + p_list[pll] = prio_list[ca, pl]; + # If any prio but the default one has more than 1 entry we need "mask" + if (p_list[pll] != 100 && prios[ca, p_list[pll]] > 1) + need_mask = 1; + } + printf("\n"); + printf("#define call_handlers_%s(num, ret, a1, a2, a3, a4, a5) \\\n", ca); + printf("({ \\\n"); + if (need_mask) + printf(" uint64_t mask = 1ULL << num; \\\n"); + printf(" "); + for (pl = 1; pl <= n_prios[ca]; pl++) { + if (prios[ca, p_list[pl]] > 1) { + if (pl < n_prios[ca]) { + printf(" if ( likely(mask & (%s)) ) \\\n", prio_mask[ca, p_list[pl]]); + printf(" { \\\n"); + } + if (prios[ca, p_list[pl]] == 2) { + fnd = 0; + for (i = 1; i <= nc; i++) + if (call[i] == ca && call_prio[i] == p_list[pl]) { + fnd++; + if (fnd == 1) + printf(" if ( num == __HYPERVISOR_%s ) \\\n", fn[call_fn[i]]); + else + printf(" else \\\n"); + do_call(call_fn[i], call_p[i]); + } + } else { + do_switch(ca, p_list[pl]); + } + if (pl < n_prios[ca]) + printf(" } \\\n"); + } else { + for (i = 1; i <= nc; i++) + if (call[i] == ca && call_prio[i] == p_list[pl]) { + printf("if ( likely(num == __HYPERVISOR_%s) ) \\\n", fn[call_fn[i]]); + do_call(call_fn[i], call_p[i]); + } + } + if (pl < n_prios[ca] || prios[ca, p_list[pl]] <= 2) + printf(" else \\\n"); + } + if (prios[ca, p_list[n_prios[ca]]] <= 2) { + printf("\\\n"); + printf(" ret = -ENOSYS; \\\n"); + } + printf("})\n"); + delete p_list; + printf("\n"); + printf("#define hypercall_args_%s \\\n", ca); + printf("{ \\\n"); + for (i = 1; i <= nc; i++) + if (call[i] == ca) + printf("[__HYPERVISOR_%s] = %d, \\\n", fn[call_fn[i]], n_args[call_fn[i]]); + printf("}\n"); + } +} -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 23:33:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 23:33:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365393.595513 (Exim 4.92) (envelope-from ) id 1oB2uE-0004OU-7K; Mon, 11 Jul 2022 23:33:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365393.595513; Mon, 11 Jul 2022 23:33:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2uE-0004OM-43; Mon, 11 Jul 2022 23:33:34 +0000 Received: by outflank-mailman (input) for mailman id 365393; Mon, 11 Jul 2022 23:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2uC-0004OE-ME for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2uC-0004Qw-LL for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB2uC-00037G-KK for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IwkBdLnF4Xr4/f4f/g7axviMMufdpzp2wyT0pJxRLxs=; b=bQVNd5s7TpvKADYX1PjVCfq4Ce KhNtmcYirNfOGzwkLm8T3xhBOxX4ZT3XicFfQC7K4sG+JcHkCTkfGvrwcSMZ7X6Qd//HaLTexGvYY OuGzE/IQ7nIQEcr1Dd3Cpaigm/MjNLlZDo0qAmhW8OB+mBkdf2SKpCdzjM2LmjNR0ngI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: use generated prototypes for hypercall handlers Message-Id: Date: Mon, 11 Jul 2022 23:33:32 +0000 commit f9db6bc39d28d9c9835549e10ccc1b4d4be1922f Author: Juergen Gross AuthorDate: Mon Jul 11 12:08:03 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:08:03 2022 +0200 xen: use generated prototypes for hypercall handlers Remove the hypercall handler's prototypes in the related header files and use the generated ones instead. Some handlers having been static before need to be made globally visible. Signed-off-by: Juergen Gross Acked-by: Jan Beulich Acked-by: Julien Grall --- xen/arch/arm/include/asm/hypercall.h | 1 - xen/arch/x86/hvm/hypercall.c | 7 +- xen/arch/x86/include/asm/hypercall.h | 141 ---------------------------- xen/include/xen/hypercall.h | 177 +---------------------------------- 4 files changed, 5 insertions(+), 321 deletions(-) diff --git a/xen/arch/arm/include/asm/hypercall.h b/xen/arch/arm/include/asm/hypercall.h index 8182895358..ccd26c5184 100644 --- a/xen/arch/arm/include/asm/hypercall.h +++ b/xen/arch/arm/include/asm/hypercall.h @@ -6,7 +6,6 @@ #define __ASM_ARM_HYPERCALL_H__ #include /* for arch_do_domctl */ -int do_arm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); long subarch_do_domctl(struct xen_domctl *domctl, struct domain *d, XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index 3a35543997..a9c9ad721f 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -31,8 +31,7 @@ #include #include -static long cf_check hvm_memory_op( - unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long cf_check hvm_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { long rc; @@ -52,7 +51,7 @@ static long cf_check hvm_memory_op( } #ifdef CONFIG_GRANT_TABLE -static long cf_check hvm_grant_table_op( +long cf_check hvm_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { switch ( cmd ) @@ -78,7 +77,7 @@ static long cf_check hvm_grant_table_op( } #endif -static long cf_check hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long cf_check hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { const struct vcpu *curr = current; const struct domain *currd = curr->domain; diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index 81ca25f7b3..2d243b48bc 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -44,109 +44,6 @@ void pv_ring3_init_hypercall_page(void *ptr); */ #define MMU_UPDATE_PREEMPTED (~(~0U>>1)) -extern long cf_check -do_event_channel_op_compat( - XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop); - -/* Legacy hypercall (as of 0x00030202). */ -extern long cf_check do_physdev_op_compat( - XEN_GUEST_HANDLE(physdev_op_t) uop); - -/* Legacy hypercall (as of 0x00030101). */ -extern long cf_check do_sched_op_compat( - int cmd, unsigned long arg); - -extern long cf_check -do_set_trap_table( - XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps); - -extern long cf_check -do_mmu_update( - XEN_GUEST_HANDLE_PARAM(mmu_update_t) ureqs, - unsigned int count, - XEN_GUEST_HANDLE_PARAM(uint) pdone, - unsigned int foreigndom); - -extern long cf_check -do_set_gdt( - XEN_GUEST_HANDLE_PARAM(xen_ulong_t) frame_list, - unsigned int entries); - -extern long cf_check -do_stack_switch( - unsigned long ss, - unsigned long esp); - -extern long cf_check -do_fpu_taskswitch( - int set); - -extern long cf_check -do_set_debugreg( - int reg, - unsigned long value); - -extern long cf_check -do_get_debugreg( - int reg); - -extern long cf_check -do_update_descriptor( - uint64_t gaddr, seg_desc_t desc); - -extern long cf_check -do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc); - -extern long cf_check -do_update_va_mapping( - unsigned long va, - uint64_t val64, - unsigned long flags); - -extern long cf_check -do_physdev_op( - int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); - -extern long cf_check -do_update_va_mapping_otherdomain( - unsigned long va, - uint64_t val64, - unsigned long flags, - domid_t domid); - -extern long cf_check -do_mmuext_op( - XEN_GUEST_HANDLE_PARAM(mmuext_op_t) uops, - unsigned int count, - XEN_GUEST_HANDLE_PARAM(uint) pdone, - unsigned int foreigndom); - -extern long cf_check do_callback_op( - int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg); - -extern long cf_check -do_iret( - void); - -extern long cf_check -do_set_callbacks( - unsigned long event_address, - unsigned long failsafe_address, - unsigned long syscall_address); - -extern long cf_check -do_set_segment_base( - unsigned int which, - unsigned long base); - -long cf_check do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); - -long cf_check do_xenpmu_op(unsigned int op, - XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg); - -long cf_check do_paging_domctl_cont( - XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); - #ifdef CONFIG_COMPAT #include @@ -157,44 +54,6 @@ extern int compat_common_vcpu_op( int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); -extern int cf_check compat_mmuext_op( - XEN_GUEST_HANDLE_PARAM(void) arg, - unsigned int count, - XEN_GUEST_HANDLE_PARAM(uint) pdone, - unsigned int foreigndom); - -extern int cf_check compat_callback_op( - int cmd, XEN_GUEST_HANDLE(const_void) arg); - -extern int cf_check compat_update_va_mapping( - unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags); - -extern int cf_check compat_update_va_mapping_otherdomain( - unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags, domid_t domid); - -DEFINE_XEN_GUEST_HANDLE(trap_info_compat_t); -extern int cf_check compat_set_trap_table( - XEN_GUEST_HANDLE(trap_info_compat_t) traps); - -extern int cf_check compat_set_gdt( - XEN_GUEST_HANDLE_PARAM(uint) frame_list, unsigned int entries); - -extern int cf_check compat_update_descriptor( - uint32_t pa_lo, uint32_t pa_hi, uint32_t desc_lo, uint32_t desc_hi); - -extern int cf_check compat_iret(void); - -extern int cf_check compat_nmi_op( - unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); - -extern int cf_check compat_set_callbacks( - unsigned long event_selector, unsigned long event_address, - unsigned long failsafe_selector, unsigned long failsafe_address); - -DEFINE_XEN_GUEST_HANDLE(physdev_op_compat_t); -extern int cf_check compat_physdev_op_compat( - XEN_GUEST_HANDLE(physdev_op_compat_t) uop); - #endif /* CONFIG_COMPAT */ #endif /* __ASM_X86_HYPERCALL_H__ */ diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index ca8ee22717..f307dfb597 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -21,33 +21,19 @@ #include #include -extern long cf_check -do_sched_op( - int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern long cf_check -do_domctl( - XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); +/* Needs to be after asm/hypercall.h. */ +#include extern long arch_do_domctl( struct xen_domctl *domctl, struct domain *d, XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); -extern long cf_check -do_sysctl( - XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl); - extern long arch_do_sysctl( struct xen_sysctl *sysctl, XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl); -extern long cf_check -do_platform_op( - XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op); - extern long pci_physdev_op( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); @@ -65,170 +51,11 @@ pci_physdev_op( #define MEMOP_EXTENT_SHIFT 6 /* cmd[:6] == start_extent */ #define MEMOP_CMD_MASK ((1 << MEMOP_EXTENT_SHIFT) - 1) -extern long cf_check -do_memory_op( - unsigned long cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern long cf_check -do_multicall( - XEN_GUEST_HANDLE_PARAM(multicall_entry_t) call_list, - unsigned int nr_calls); - -extern long cf_check -do_set_timer_op( - s_time_t timeout); - -extern long cf_check -do_event_channel_op( - int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); - -extern long cf_check -do_xen_version( - int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern long cf_check -do_console_io( - unsigned int cmd, - unsigned int count, - XEN_GUEST_HANDLE_PARAM(char) buffer); - -extern long cf_check -do_grant_table_op( - unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) uop, - unsigned int count); - -extern long cf_check -do_vm_assist( - unsigned int cmd, - unsigned int type); - -extern long cf_check -do_vcpu_op( - int cmd, - unsigned int vcpuid, - XEN_GUEST_HANDLE_PARAM(void) arg); - -struct vcpu; extern long common_vcpu_op(int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long cf_check -do_hvm_op( - unsigned long op, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern long cf_check -do_kexec_op( - unsigned int op, - XEN_GUEST_HANDLE_PARAM(void) uarg); - -extern long cf_check -do_xsm_op( - XEN_GUEST_HANDLE_PARAM(void) u_xsm_op); - -#ifdef CONFIG_ARGO -extern long cf_check do_argo_op( - unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg1, - XEN_GUEST_HANDLE_PARAM(void) arg2, - unsigned long arg3, - unsigned long arg4); -#endif - -extern long cf_check -do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg); - -extern long cf_check -do_dm_op( - domid_t domid, - unsigned int nr_bufs, - XEN_GUEST_HANDLE_PARAM(xen_dm_op_buf_t) bufs); - -#ifdef CONFIG_HYPFS -extern long cf_check -do_hypfs_op( - unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(const_char) arg1, - unsigned long arg2, - XEN_GUEST_HANDLE_PARAM(void) arg3, - unsigned long arg4); -#endif - -#ifdef CONFIG_COMPAT - -extern int cf_check -compat_memory_op( - unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern int cf_check -compat_grant_table_op( - unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) uop, - unsigned int count); - -extern int cf_check -compat_vcpu_op( - int cmd, - unsigned int vcpuid, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern int cf_check -compat_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg); - -extern int cf_check -compat_xen_version( - int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern int cf_check -compat_sched_op( - int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg); - -extern int cf_check -compat_set_timer_op( - uint32_t lo, - int32_t hi); - -extern int cf_check compat_xsm_op( - XEN_GUEST_HANDLE_PARAM(void) op); - -extern int cf_check compat_kexec_op( - unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg); - -DEFINE_XEN_GUEST_HANDLE(multicall_entry_compat_t); -extern int cf_check compat_multicall( - XEN_GUEST_HANDLE_PARAM(multicall_entry_compat_t) call_list, - uint32_t nr_calls); - -int compat_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); - -DEFINE_XEN_GUEST_HANDLE(compat_platform_op_t); -int compat_platform_op(XEN_GUEST_HANDLE_PARAM(compat_platform_op_t) u_xenpf_op); - -#ifdef CONFIG_ARGO -extern int cf_check compat_argo_op( - unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) arg1, - XEN_GUEST_HANDLE_PARAM(void) arg2, - unsigned long arg3, - unsigned long arg4); -#endif - -extern int cf_check -compat_dm_op( - domid_t domid, - unsigned int nr_bufs, - XEN_GUEST_HANDLE_PARAM(void) bufs); - -#endif - void arch_get_xen_caps(xen_capabilities_info_t *info); #endif /* __XEN_HYPERCALL_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 23:33:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 23:33:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365394.595516 (Exim 4.92) (envelope-from ) id 1oB2uO-0004RH-8b; Mon, 11 Jul 2022 23:33:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365394.595516; Mon, 11 Jul 2022 23:33:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2uO-0004RA-5i; Mon, 11 Jul 2022 23:33:44 +0000 Received: by outflank-mailman (input) for mailman id 365394; Mon, 11 Jul 2022 23:33:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2uM-0004Qy-P3 for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2uM-0004R8-OD for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB2uM-00039E-NZ for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=i+Tbw5nEjhJM6TLnCA9UA6lND/U0LFZ7oqcnSLg53kE=; b=SpsAUgOenQ3qfhk7gFZiJ9FlRi YTJDxvY5U4+oDwuJe+jEWuvDVF1KNVhNixBN35IUWkKguWUGVtOxYfl3jBRaHTkwzbKpT94KzWvyp Fc8CzXKowQGVhRMVUVDcE3tLEk/n40IGR2+cPQsI8riUZOv7q1AvMtYziunr3caXFwgo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/x86: call hypercall handlers via generated macro Message-Id: Date: Mon, 11 Jul 2022 23:33:42 +0000 commit 8523851dbc497088b5b207ff230b12d5514be121 Author: Juergen Gross AuthorDate: Mon Jul 11 12:09:13 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:09:13 2022 +0200 xen/x86: call hypercall handlers via generated macro Instead of using a function table use the generated macros for calling the appropriate hypercall handlers. This is beneficial to performance and avoids speculation issues. With calling the handlers using the correct number of parameters now it is possible to do the parameter register clobbering in the NDEBUG case after returning from the handler. With the additional generated data the hard coded hypercall_args_table[] can be replaced by tables using the generated number of parameters. Note that this change modifies behavior of clobbering registers in a minor way: in case a hypercall is returning -ENOSYS (or the unsigned equivalent thereof) for any reason the parameter registers will no longer be clobbered. This should be of no real concern, as those cases ought to be extremely rare and reuse of the registers in those cases seems rather far fetched. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/hypercall.c | 166 ++++--------------------------- xen/arch/x86/hypercall.c | 59 ----------- xen/arch/x86/include/asm/hypercall.h | 55 ++++++++--- xen/arch/x86/pv/hypercall.c | 184 ++++------------------------------- 4 files changed, 76 insertions(+), 388 deletions(-) diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index a9c9ad721f..ae601185fc 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -111,56 +111,10 @@ long cf_check hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) return compat_physdev_op(cmd, arg); } -#define HYPERCALL(x) \ - [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) do_ ## x, \ - (hypercall_fn_t *) do_ ## x } - -#define HVM_CALL(x) \ - [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) hvm_ ## x, \ - (hypercall_fn_t *) hvm_ ## x } - -#define COMPAT_CALL(x) \ - [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) do_ ## x, \ - (hypercall_fn_t *) compat_ ## x } - -static const struct { - hypercall_fn_t *native, *compat; -} hvm_hypercall_table[] = { - HVM_CALL(memory_op), - COMPAT_CALL(multicall), -#ifdef CONFIG_GRANT_TABLE - HVM_CALL(grant_table_op), -#endif - HYPERCALL(vm_assist), - COMPAT_CALL(vcpu_op), - HVM_CALL(physdev_op), - COMPAT_CALL(xen_version), - HYPERCALL(console_io), - HYPERCALL(event_channel_op), - COMPAT_CALL(sched_op), - COMPAT_CALL(set_timer_op), - COMPAT_CALL(xsm_op), - HYPERCALL(hvm_op), - HYPERCALL(sysctl), - HYPERCALL(domctl), -#ifdef CONFIG_ARGO - COMPAT_CALL(argo_op), -#endif - COMPAT_CALL(platform_op), -#ifdef CONFIG_PV - COMPAT_CALL(mmuext_op), -#endif - HYPERCALL(xenpmu_op), - COMPAT_CALL(dm_op), -#ifdef CONFIG_HYPFS - HYPERCALL(hypfs_op), +#ifndef NDEBUG +static const unsigned char hypercall_args_64[] = hypercall_args_hvm64; +static const unsigned char hypercall_args_32[] = hypercall_args_hvm32; #endif - HYPERCALL(paging_domctl_cont) -}; - -#undef HYPERCALL -#undef HVM_CALL -#undef COMPAT_CALL int hvm_hypercall(struct cpu_user_regs *regs) { @@ -206,23 +160,6 @@ int hvm_hypercall(struct cpu_user_regs *regs) return ret; } - BUILD_BUG_ON(ARRAY_SIZE(hvm_hypercall_table) > - ARRAY_SIZE(hypercall_args_table)); - - if ( eax >= ARRAY_SIZE(hvm_hypercall_table) ) - { - regs->rax = -ENOSYS; - return HVM_HCALL_completed; - } - - eax = array_index_nospec(eax, ARRAY_SIZE(hvm_hypercall_table)); - - if ( !hvm_hypercall_table[eax].native ) - { - regs->rax = -ENOSYS; - return HVM_HCALL_completed; - } - /* * Caching is intended for instruction emulation only. Disable it * for any accesses by hypercall argument copy-in / copy-out. @@ -233,85 +170,27 @@ int hvm_hypercall(struct cpu_user_regs *regs) if ( mode == 8 ) { - unsigned long rdi = regs->rdi; - unsigned long rsi = regs->rsi; - unsigned long rdx = regs->rdx; - unsigned long r10 = regs->r10; - unsigned long r8 = regs->r8; - HVM_DBG_LOG(DBG_LEVEL_HCALL, "hcall%lu(%lx, %lx, %lx, %lx, %lx)", - eax, rdi, rsi, rdx, r10, r8); - -#ifndef NDEBUG - /* Deliberately corrupt parameter regs not used by this hypercall. */ - switch ( hypercall_args_table[eax].native ) - { - case 0: rdi = 0xdeadbeefdeadf00dUL; fallthrough; - case 1: rsi = 0xdeadbeefdeadf00dUL; fallthrough; - case 2: rdx = 0xdeadbeefdeadf00dUL; fallthrough; - case 3: r10 = 0xdeadbeefdeadf00dUL; fallthrough; - case 4: r8 = 0xdeadbeefdeadf00dUL; - } -#endif + eax, regs->rdi, regs->rsi, regs->rdx, regs->r10, regs->r8); - regs->rax = hvm_hypercall_table[eax].native(rdi, rsi, rdx, r10, r8); + call_handlers_hvm64(eax, regs->rax, regs->rdi, regs->rsi, regs->rdx, + regs->r10, regs->r8); -#ifndef NDEBUG - if ( !curr->hcall_preempted ) - { - /* Deliberately corrupt parameter regs used by this hypercall. */ - switch ( hypercall_args_table[eax].native ) - { - case 5: regs->r8 = 0xdeadbeefdeadf00dUL; fallthrough; - case 4: regs->r10 = 0xdeadbeefdeadf00dUL; fallthrough; - case 3: regs->rdx = 0xdeadbeefdeadf00dUL; fallthrough; - case 2: regs->rsi = 0xdeadbeefdeadf00dUL; fallthrough; - case 1: regs->rdi = 0xdeadbeefdeadf00dUL; - } - } -#endif + if ( !curr->hcall_preempted && regs->rax != -ENOSYS ) + clobber_regs(regs, get_nargs(hypercall_args_64, eax)); } else { - unsigned int ebx = regs->ebx; - unsigned int ecx = regs->ecx; - unsigned int edx = regs->edx; - unsigned int esi = regs->esi; - unsigned int edi = regs->edi; - HVM_DBG_LOG(DBG_LEVEL_HCALL, "hcall%lu(%x, %x, %x, %x, %x)", eax, - ebx, ecx, edx, esi, edi); - -#ifndef NDEBUG - /* Deliberately corrupt parameter regs not used by this hypercall. */ - switch ( hypercall_args_table[eax].compat ) - { - case 0: ebx = 0xdeadf00d; fallthrough; - case 1: ecx = 0xdeadf00d; fallthrough; - case 2: edx = 0xdeadf00d; fallthrough; - case 3: esi = 0xdeadf00d; fallthrough; - case 4: edi = 0xdeadf00d; - } -#endif + regs->ebx, regs->ecx, regs->edx, regs->esi, regs->edi); curr->hcall_compat = true; - regs->eax = hvm_hypercall_table[eax].compat(ebx, ecx, edx, esi, edi); + call_handlers_hvm32(eax, regs->eax, regs->ebx, regs->ecx, regs->edx, + regs->esi, regs->edi); curr->hcall_compat = false; -#ifndef NDEBUG - if ( !curr->hcall_preempted ) - { - /* Deliberately corrupt parameter regs used by this hypercall. */ - switch ( hypercall_args_table[eax].compat ) - { - case 5: regs->rdi = 0xdeadf00d; fallthrough; - case 4: regs->rsi = 0xdeadf00d; fallthrough; - case 3: regs->rdx = 0xdeadf00d; fallthrough; - case 2: regs->rcx = 0xdeadf00d; fallthrough; - case 1: regs->rbx = 0xdeadf00d; - } - } -#endif + if ( !curr->hcall_preempted && regs->eax != -ENOSYS ) + clobber_regs32(regs, get_nargs(hypercall_args_32, eax)); } hvmemul_cache_restore(curr, token); @@ -332,31 +211,20 @@ int hvm_hypercall(struct cpu_user_regs *regs) enum mc_disposition hvm_do_multicall_call(struct mc_state *state) { struct vcpu *curr = current; - hypercall_fn_t *func = NULL; if ( hvm_guest_x86_mode(curr) == 8 ) { struct multicall_entry *call = &state->call; - if ( call->op < ARRAY_SIZE(hvm_hypercall_table) ) - func = array_access_nospec(hvm_hypercall_table, call->op).native; - if ( func ) - call->result = func(call->args[0], call->args[1], call->args[2], - call->args[3], call->args[4]); - else - call->result = -ENOSYS; + call_handlers_hvm64(call->op, call->result, call->args[0], call->args[1], + call->args[2], call->args[3], call->args[4]); } else { struct compat_multicall_entry *call = &state->compat_call; - if ( call->op < ARRAY_SIZE(hvm_hypercall_table) ) - func = array_access_nospec(hvm_hypercall_table, call->op).compat; - if ( func ) - call->result = func(call->args[0], call->args[1], call->args[2], - call->args[3], call->args[4]); - else - call->result = -ENOSYS; + call_handlers_hvm32(call->op, call->result, call->args[0], call->args[1], + call->args[2], call->args[3], call->args[4]); } return !hvm_get_cpl(curr) ? mc_continue : mc_preempt; diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 07e1a45ef5..6b73cff9b9 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -22,65 +22,6 @@ #include #include -#ifdef CONFIG_COMPAT -#define ARGS(x, n) \ - [ __HYPERVISOR_ ## x ] = { n, n } -#define COMP(x, n, c) \ - [ __HYPERVISOR_ ## x ] = { n, c } -#else -#define ARGS(x, n) [ __HYPERVISOR_ ## x ] = { n } -#define COMP(x, n, c) ARGS(x, n) -#endif - -const hypercall_args_t hypercall_args_table[NR_hypercalls] = -{ - ARGS(set_trap_table, 1), - ARGS(mmu_update, 4), - ARGS(set_gdt, 2), - ARGS(stack_switch, 2), - COMP(set_callbacks, 3, 4), - ARGS(fpu_taskswitch, 1), - ARGS(sched_op_compat, 2), - ARGS(platform_op, 1), - ARGS(set_debugreg, 2), - ARGS(get_debugreg, 1), - COMP(update_descriptor, 2, 4), - ARGS(memory_op, 2), - ARGS(multicall, 2), - COMP(update_va_mapping, 3, 4), - COMP(set_timer_op, 1, 2), - ARGS(event_channel_op_compat, 1), - ARGS(xen_version, 2), - ARGS(console_io, 3), - ARGS(physdev_op_compat, 1), - ARGS(grant_table_op, 3), - ARGS(vm_assist, 2), - COMP(update_va_mapping_otherdomain, 4, 5), - ARGS(vcpu_op, 3), - COMP(set_segment_base, 2, 0), - ARGS(mmuext_op, 4), - ARGS(xsm_op, 1), - ARGS(nmi_op, 2), - ARGS(sched_op, 2), - ARGS(callback_op, 2), - ARGS(xenoprof_op, 2), - ARGS(event_channel_op, 2), - ARGS(physdev_op, 2), - ARGS(sysctl, 1), - ARGS(domctl, 1), - ARGS(kexec_op, 2), - ARGS(argo_op, 5), - ARGS(xenpmu_op, 2), - ARGS(hvm_op, 2), - ARGS(dm_op, 3), - ARGS(hypfs_op, 5), - ARGS(mca, 1), - ARGS(paging_domctl_cont, 1), -}; - -#undef COMP -#undef ARGS - #define NEXT_ARG(fmt, args) \ ({ \ unsigned long __arg; \ diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index 2d243b48bc..ab8bd12e60 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -17,19 +17,6 @@ #define __HYPERVISOR_paging_domctl_cont __HYPERVISOR_arch_1 -typedef unsigned long hypercall_fn_t( - unsigned long, unsigned long, unsigned long, - unsigned long, unsigned long); - -typedef struct { - uint8_t native; -#ifdef CONFIG_COMPAT - uint8_t compat; -#endif -} hypercall_args_t; - -extern const hypercall_args_t hypercall_args_table[NR_hypercalls]; - #ifdef CONFIG_PV void pv_hypercall(struct cpu_user_regs *regs); #endif @@ -56,4 +43,46 @@ compat_common_vcpu_op( #endif /* CONFIG_COMPAT */ +#ifndef NDEBUG +static inline unsigned int _get_nargs(const unsigned char *tbl, unsigned int c) +{ + return tbl[c]; +} +#define get_nargs(t, c) _get_nargs(t, array_index_nospec(c, ARRAY_SIZE(t))) +#else +#define get_nargs(tbl, c) 0 +#endif + +static inline void clobber_regs(struct cpu_user_regs *regs, + unsigned int nargs) +{ +#ifndef NDEBUG + /* Deliberately corrupt used parameter regs. */ + switch ( nargs ) + { + case 5: regs->r8 = 0xdeadbeefdeadf00dUL; fallthrough; + case 4: regs->r10 = 0xdeadbeefdeadf00dUL; fallthrough; + case 3: regs->rdx = 0xdeadbeefdeadf00dUL; fallthrough; + case 2: regs->rsi = 0xdeadbeefdeadf00dUL; fallthrough; + case 1: regs->rdi = 0xdeadbeefdeadf00dUL; + } +#endif +} + +static inline void clobber_regs32(struct cpu_user_regs *regs, + unsigned int nargs) +{ +#ifndef NDEBUG + /* Deliberately corrupt used parameter regs. */ + switch ( nargs ) + { + case 5: regs->edi = 0xdeadf00dU; fallthrough; + case 4: regs->esi = 0xdeadf00dU; fallthrough; + case 3: regs->edx = 0xdeadf00dU; fallthrough; + case 2: regs->ecx = 0xdeadf00dU; fallthrough; + case 1: regs->ebx = 0xdeadf00dU; + } +#endif +} + #endif /* __ASM_X86_HYPERCALL_H__ */ diff --git a/xen/arch/x86/pv/hypercall.c b/xen/arch/x86/pv/hypercall.c index fe8dfe9e8f..bf64bb41bb 100644 --- a/xen/arch/x86/pv/hypercall.c +++ b/xen/arch/x86/pv/hypercall.c @@ -27,119 +27,22 @@ #include #include -typedef struct { - hypercall_fn_t *native; -#ifdef CONFIG_PV32 - hypercall_fn_t *compat; -#endif -} pv_hypercall_table_t; - +#ifndef NDEBUG +static const unsigned char hypercall_args_64[] = hypercall_args_pv64; #ifdef CONFIG_PV32 -#define HYPERCALL(x) \ - [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) do_ ## x, \ - (hypercall_fn_t *) do_ ## x } -#define COMPAT_CALL(x) \ - [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) do_ ## x, \ - (hypercall_fn_t *) compat_ ## x } -#else -#define HYPERCALL(x) \ - [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) do_ ## x } -#define COMPAT_CALL(x) HYPERCALL(x) -#endif - -static const pv_hypercall_table_t pv_hypercall_table[] = { - COMPAT_CALL(set_trap_table), - HYPERCALL(mmu_update), - COMPAT_CALL(set_gdt), - HYPERCALL(stack_switch), - COMPAT_CALL(set_callbacks), - HYPERCALL(fpu_taskswitch), - HYPERCALL(sched_op_compat), -#ifndef CONFIG_PV_SHIM_EXCLUSIVE - COMPAT_CALL(platform_op), -#endif - HYPERCALL(set_debugreg), - HYPERCALL(get_debugreg), - COMPAT_CALL(update_descriptor), - COMPAT_CALL(memory_op), - COMPAT_CALL(multicall), - COMPAT_CALL(update_va_mapping), - COMPAT_CALL(set_timer_op), - HYPERCALL(event_channel_op_compat), - COMPAT_CALL(xen_version), - HYPERCALL(console_io), - COMPAT_CALL(physdev_op_compat), -#if defined(CONFIG_GRANT_TABLE) || defined(CONFIG_PV_SHIM) - COMPAT_CALL(grant_table_op), -#endif - HYPERCALL(vm_assist), - COMPAT_CALL(update_va_mapping_otherdomain), - COMPAT_CALL(iret), - COMPAT_CALL(vcpu_op), - HYPERCALL(set_segment_base), - COMPAT_CALL(mmuext_op), - COMPAT_CALL(xsm_op), - COMPAT_CALL(nmi_op), - COMPAT_CALL(sched_op), - COMPAT_CALL(callback_op), -#ifdef CONFIG_XENOPROF - COMPAT_CALL(xenoprof_op), -#endif - HYPERCALL(event_channel_op), - COMPAT_CALL(physdev_op), -#ifndef CONFIG_PV_SHIM_EXCLUSIVE - HYPERCALL(sysctl), - HYPERCALL(domctl), -#endif -#ifdef CONFIG_KEXEC - COMPAT_CALL(kexec_op), +static const unsigned char hypercall_args_32[] = hypercall_args_pv32; #endif -#ifdef CONFIG_ARGO - COMPAT_CALL(argo_op), #endif - HYPERCALL(xenpmu_op), -#ifdef CONFIG_HVM - HYPERCALL(hvm_op), - COMPAT_CALL(dm_op), -#endif -#ifdef CONFIG_HYPFS - HYPERCALL(hypfs_op), -#endif - HYPERCALL(mca), -#ifndef CONFIG_PV_SHIM_EXCLUSIVE - HYPERCALL(paging_domctl_cont), -#endif -}; - -#undef COMPAT_CALL -#undef HYPERCALL /* Forced inline to cause 'compat' to be evaluated at compile time. */ static void always_inline _pv_hypercall(struct cpu_user_regs *regs, bool compat) { struct vcpu *curr = current; - unsigned long eax = compat ? regs->eax : regs->rax; + unsigned long eax; ASSERT(guest_kernel_mode(curr, regs)); - BUILD_BUG_ON(ARRAY_SIZE(pv_hypercall_table) > - ARRAY_SIZE(hypercall_args_table)); - - if ( eax >= ARRAY_SIZE(pv_hypercall_table) ) - { - regs->rax = -ENOSYS; - return; - } - - eax = array_index_nospec(eax, ARRAY_SIZE(pv_hypercall_table)); - - if ( !pv_hypercall_table[eax].native ) - { - regs->rax = -ENOSYS; - return; - } - curr->hcall_preempted = false; if ( !compat ) @@ -150,17 +53,8 @@ _pv_hypercall(struct cpu_user_regs *regs, bool compat) unsigned long r10 = regs->r10; unsigned long r8 = regs->r8; -#ifndef NDEBUG - /* Deliberately corrupt parameter regs not used by this hypercall. */ - switch ( hypercall_args_table[eax].native ) - { - case 0: rdi = 0xdeadbeefdeadf00dUL; fallthrough; - case 1: rsi = 0xdeadbeefdeadf00dUL; fallthrough; - case 2: rdx = 0xdeadbeefdeadf00dUL; fallthrough; - case 3: r10 = 0xdeadbeefdeadf00dUL; fallthrough; - case 4: r8 = 0xdeadbeefdeadf00dUL; - } -#endif + eax = regs->rax; + if ( unlikely(tb_init_done) ) { unsigned long args[5] = { rdi, rsi, rdx, r10, r8 }; @@ -168,22 +62,10 @@ _pv_hypercall(struct cpu_user_regs *regs, bool compat) __trace_hypercall(TRC_PV_HYPERCALL_V2, eax, args); } - regs->rax = pv_hypercall_table[eax].native(rdi, rsi, rdx, r10, r8); + call_handlers_pv64(eax, regs->rax, rdi, rsi, rdx, r10, r8); -#ifndef NDEBUG - if ( !curr->hcall_preempted ) - { - /* Deliberately corrupt parameter regs used by this hypercall. */ - switch ( hypercall_args_table[eax].native ) - { - case 5: regs->r8 = 0xdeadbeefdeadf00dUL; fallthrough; - case 4: regs->r10 = 0xdeadbeefdeadf00dUL; fallthrough; - case 3: regs->rdx = 0xdeadbeefdeadf00dUL; fallthrough; - case 2: regs->rsi = 0xdeadbeefdeadf00dUL; fallthrough; - case 1: regs->rdi = 0xdeadbeefdeadf00dUL; - } - } -#endif + if ( !curr->hcall_preempted && regs->rax != -ENOSYS ) + clobber_regs(regs, get_nargs(hypercall_args_64, eax)); } #ifdef CONFIG_PV32 else @@ -194,17 +76,7 @@ _pv_hypercall(struct cpu_user_regs *regs, bool compat) unsigned int esi = regs->esi; unsigned int edi = regs->edi; -#ifndef NDEBUG - /* Deliberately corrupt parameter regs not used by this hypercall. */ - switch ( hypercall_args_table[eax].compat ) - { - case 0: ebx = 0xdeadf00d; fallthrough; - case 1: ecx = 0xdeadf00d; fallthrough; - case 2: edx = 0xdeadf00d; fallthrough; - case 3: esi = 0xdeadf00d; fallthrough; - case 4: edi = 0xdeadf00d; - } -#endif + eax = regs->eax; if ( unlikely(tb_init_done) ) { @@ -214,23 +86,11 @@ _pv_hypercall(struct cpu_user_regs *regs, bool compat) } curr->hcall_compat = true; - regs->eax = pv_hypercall_table[eax].compat(ebx, ecx, edx, esi, edi); + call_handlers_pv32(eax, regs->eax, ebx, ecx, edx, esi, edi); curr->hcall_compat = false; -#ifndef NDEBUG - if ( !curr->hcall_preempted ) - { - /* Deliberately corrupt parameter regs used by this hypercall. */ - switch ( hypercall_args_table[eax].compat ) - { - case 5: regs->edi = 0xdeadf00d; fallthrough; - case 4: regs->esi = 0xdeadf00d; fallthrough; - case 3: regs->edx = 0xdeadf00d; fallthrough; - case 2: regs->ecx = 0xdeadf00d; fallthrough; - case 1: regs->ebx = 0xdeadf00d; - } - } -#endif + if ( !curr->hcall_preempted && regs->eax != -ENOSYS ) + clobber_regs32(regs, get_nargs(hypercall_args_32, eax)); } #endif /* CONFIG_PV32 */ @@ -256,13 +116,8 @@ enum mc_disposition pv_do_multicall_call(struct mc_state *state) struct compat_multicall_entry *call = &state->compat_call; op = call->op; - if ( (op < ARRAY_SIZE(pv_hypercall_table)) && - pv_hypercall_table[op].compat ) - call->result = pv_hypercall_table[op].compat( - call->args[0], call->args[1], call->args[2], - call->args[3], call->args[4]); - else - call->result = -ENOSYS; + call_handlers_pv32(op, call->result, call->args[0], call->args[1], + call->args[2], call->args[3], call->args[4]); } else #endif @@ -270,13 +125,8 @@ enum mc_disposition pv_do_multicall_call(struct mc_state *state) struct multicall_entry *call = &state->call; op = call->op; - if ( (op < ARRAY_SIZE(pv_hypercall_table)) && - pv_hypercall_table[op].native ) - call->result = pv_hypercall_table[op].native( - call->args[0], call->args[1], call->args[2], - call->args[3], call->args[4]); - else - call->result = -ENOSYS; + call_handlers_pv64(op, call->result, call->args[0], call->args[1], + call->args[2], call->args[3], call->args[4]); } return unlikely(op == __HYPERVISOR_iret) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 23:33:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 23:33:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365395.595520 (Exim 4.92) (envelope-from ) id 1oB2uY-0004Uw-CA; Mon, 11 Jul 2022 23:33:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365395.595520; Mon, 11 Jul 2022 23:33:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2uY-0004Up-9Y; Mon, 11 Jul 2022 23:33:54 +0000 Received: by outflank-mailman (input) for mailman id 365395; Mon, 11 Jul 2022 23:33:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2uW-0004Uc-SE for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2uW-0004RI-RK for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB2uW-00039i-QV for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:33:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=k5AgSXsSWNwTenc+pKrlOKOC4TvJnPVX/fVMWFQupF4=; b=xsSJPnNl7havQqxEbpEB1uVqSF FE+TNu2jXoq/q0ysfS5IK/RahIJLS1ERD1RPIZax/iemNcxiTLF02xDH9/c0hhYVja1Q2lZVchiH8 i8MihyNPCliif6Dyyqf3XyoUkvCwLXXEE5N+0/akCRA4Sf0HpcBmFBXTj4c9YcJza7Vk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: call hypercall handlers via generated macro Message-Id: Date: Mon, 11 Jul 2022 23:33:52 +0000 commit 39fc5f5c02c2cb5ce7b7ef8d30dc8ee0737d0ec8 Author: Juergen Gross AuthorDate: Mon Jul 11 12:09:48 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:09:48 2022 +0200 xen/arm: call hypercall handlers via generated macro Instead of using a function table use the generated macros for calling the appropriate hypercall handlers. This makes the calls of the handlers type safe. For deprecated hypercalls define stub functions. Signed-off-by: Juergen Gross Reviewed-by: Julien Grall Tested-by: Michal Orzel --- xen/arch/arm/traps.c | 117 +++++++++++---------------------------------------- 1 file changed, 24 insertions(+), 93 deletions(-) diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 785f2121d1..79f9ed0725 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1331,67 +1331,20 @@ static register_t do_deprecated_hypercall(void) return -ENOSYS; } -typedef register_t (*arm_hypercall_fn_t)( - register_t, register_t, register_t, register_t, register_t); - -typedef struct { - arm_hypercall_fn_t fn; - int nr_args; -} arm_hypercall_t; - -#define HYPERCALL(_name, _nr_args) \ - [ __HYPERVISOR_ ## _name ] = { \ - .fn = (arm_hypercall_fn_t) &do_ ## _name, \ - .nr_args = _nr_args, \ - } +long dep_sched_op_compat(int cmd, unsigned long arg) +{ + return do_deprecated_hypercall(); +} -#define HYPERCALL_ARM(_name, _nr_args) \ - [ __HYPERVISOR_ ## _name ] = { \ - .fn = (arm_hypercall_fn_t) &do_arm_ ## _name, \ - .nr_args = _nr_args, \ - } -/* - * Only use this for hypercalls which were deprecated (i.e. replaced - * by something else) before Xen on ARM was created, i.e. *not* for - * hypercalls which are simply not yet used on ARM. - */ -#define HYPERCALL_DEPRECATED(_name, _nr_args) \ - [ __HYPERVISOR_##_name ] = { \ - .fn = (arm_hypercall_fn_t) &do_deprecated_hypercall, \ - .nr_args = _nr_args, \ - } +long dep_event_channel_op_compat(XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop) +{ + return do_deprecated_hypercall(); +} -static arm_hypercall_t arm_hypercall_table[] = { - HYPERCALL(memory_op, 2), - HYPERCALL(domctl, 1), - HYPERCALL(sched_op, 2), - HYPERCALL_DEPRECATED(sched_op_compat, 2), - HYPERCALL(console_io, 3), - HYPERCALL(xen_version, 2), - HYPERCALL(xsm_op, 1), - HYPERCALL(event_channel_op, 2), - HYPERCALL_DEPRECATED(event_channel_op_compat, 1), - HYPERCALL_ARM(physdev_op, 2), - HYPERCALL_DEPRECATED(physdev_op_compat, 1), - HYPERCALL(sysctl, 2), - HYPERCALL(hvm_op, 2), -#ifdef CONFIG_GRANT_TABLE - HYPERCALL(grant_table_op, 3), -#endif - HYPERCALL(multicall, 2), - HYPERCALL(platform_op, 1), - HYPERCALL(vcpu_op, 3), - HYPERCALL(vm_assist, 2), -#ifdef CONFIG_ARGO - HYPERCALL(argo_op, 5), -#endif -#ifdef CONFIG_HYPFS - HYPERCALL(hypfs_op, 5), -#endif -#ifdef CONFIG_IOREQ_SERVER - HYPERCALL(dm_op, 3), -#endif -}; +long dep_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) +{ + return do_deprecated_hypercall(); +} #ifndef NDEBUG static void do_debug_trap(struct cpu_user_regs *regs, unsigned int code) @@ -1430,7 +1383,6 @@ static void do_debug_trap(struct cpu_user_regs *regs, unsigned int code) #define HYPERCALL_ARG3(r) (r)->x2 #define HYPERCALL_ARG4(r) (r)->x3 #define HYPERCALL_ARG5(r) (r)->x4 -#define HYPERCALL_ARGS(r) (r)->x0, (r)->x1, (r)->x2, (r)->x3, (r)->x4 #else #define HYPERCALL_RESULT_REG(r) (r)->r0 #define HYPERCALL_ARG1(r) (r)->r0 @@ -1438,52 +1390,40 @@ static void do_debug_trap(struct cpu_user_regs *regs, unsigned int code) #define HYPERCALL_ARG3(r) (r)->r2 #define HYPERCALL_ARG4(r) (r)->r3 #define HYPERCALL_ARG5(r) (r)->r4 -#define HYPERCALL_ARGS(r) (r)->r0, (r)->r1, (r)->r2, (r)->r3, (r)->r4 #endif +static const unsigned char hypercall_args[] = hypercall_args_arm; + static void do_trap_hypercall(struct cpu_user_regs *regs, register_t *nr, const union hsr hsr) { - arm_hypercall_fn_t call = NULL; struct vcpu *curr = current; - BUILD_BUG_ON(NR_hypercalls < ARRAY_SIZE(arm_hypercall_table) ); - if ( hsr.iss != XEN_HYPERCALL_TAG ) { gprintk(XENLOG_WARNING, "Invalid HVC imm 0x%x\n", hsr.iss); return inject_undef_exception(regs, hsr); } - if ( *nr >= ARRAY_SIZE(arm_hypercall_table) ) - { - perfc_incr(invalid_hypercalls); - HYPERCALL_RESULT_REG(regs) = -ENOSYS; - return; - } - curr->hcall_preempted = false; perfc_incra(hypercalls, *nr); - call = arm_hypercall_table[*nr].fn; - if ( call == NULL ) - { - HYPERCALL_RESULT_REG(regs) = -ENOSYS; - return; - } - HYPERCALL_RESULT_REG(regs) = call(HYPERCALL_ARGS(regs)); + call_handlers_arm(*nr, HYPERCALL_RESULT_REG(regs), HYPERCALL_ARG1(regs), + HYPERCALL_ARG2(regs), HYPERCALL_ARG3(regs), + HYPERCALL_ARG4(regs), HYPERCALL_ARG5(regs)); #ifndef NDEBUG - if ( !curr->hcall_preempted ) + if ( !curr->hcall_preempted && HYPERCALL_RESULT_REG(regs) != -ENOSYS ) { /* Deliberately corrupt parameter regs used by this hypercall. */ - switch ( arm_hypercall_table[*nr].nr_args ) { + switch ( hypercall_args[*nr] ) { case 5: HYPERCALL_ARG5(regs) = 0xDEADBEEF; case 4: HYPERCALL_ARG4(regs) = 0xDEADBEEF; case 3: HYPERCALL_ARG3(regs) = 0xDEADBEEF; case 2: HYPERCALL_ARG2(regs) = 0xDEADBEEF; case 1: /* Don't clobber x0/r0 -- it's the return value */ + case 0: /* -ENOSYS case */ break; default: BUG(); } @@ -1520,7 +1460,7 @@ static bool check_multicall_32bit_clean(struct multicall_entry *multi) { int i; - for ( i = 0; i < arm_hypercall_table[multi->op].nr_args; i++ ) + for ( i = 0; i < hypercall_args[multi->op]; i++ ) { if ( unlikely(multi->args[i] & 0xffffffff00000000ULL) ) { @@ -1537,16 +1477,8 @@ static bool check_multicall_32bit_clean(struct multicall_entry *multi) enum mc_disposition arch_do_multicall_call(struct mc_state *state) { struct multicall_entry *multi = &state->call; - arm_hypercall_fn_t call = NULL; - - if ( multi->op >= ARRAY_SIZE(arm_hypercall_table) ) - { - multi->result = -ENOSYS; - return mc_continue; - } - call = arm_hypercall_table[multi->op].fn; - if ( call == NULL ) + if ( multi->op >= ARRAY_SIZE(hypercall_args) ) { multi->result = -ENOSYS; return mc_continue; @@ -1556,9 +1488,8 @@ enum mc_disposition arch_do_multicall_call(struct mc_state *state) !check_multicall_32bit_clean(multi) ) return mc_continue; - multi->result = call(multi->args[0], multi->args[1], - multi->args[2], multi->args[3], - multi->args[4]); + call_handlers_arm(multi->op, multi->result, multi->args[0], multi->args[1], + multi->args[2], multi->args[3], multi->args[4]); return likely(!regs_mode_is_user(guest_cpu_user_regs())) ? mc_continue : mc_preempt; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 23:34:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 23:34:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365396.595524 (Exim 4.92) (envelope-from ) id 1oB2ui-0004YC-FN; Mon, 11 Jul 2022 23:34:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365396.595524; Mon, 11 Jul 2022 23:34:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2ui-0004Y3-BJ; Mon, 11 Jul 2022 23:34:04 +0000 Received: by outflank-mailman (input) for mailman id 365396; Mon, 11 Jul 2022 23:34:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2uh-0004Xr-1D for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2uh-0004Rf-0G for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB2ug-0003AK-Vm for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MPXbvMQVrWzgskVFl2hP7evcjH5stae3nhC7tfxPHAg=; b=2VebAT6nEhV5oCvC2WNsJ4EGVb O35Iy3mGkkJ9vVMfCM5wJ1p2l/ifmgiFOG50C8SCVGUMsrcETkv/EGMFX+8uokNpTcBjOZ7OlF+tt GoBx5YOGIqNrcq7bOubSSAlwl0b2kY0U1lk1Y5GyG+D3k+VLRuNdz3YvUWn67lbtn6i0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/x86: remove cf_check attribute from hypercall handlers Message-Id: Date: Mon, 11 Jul 2022 23:34:02 +0000 commit 796dae0fe434cc34ebc7ad53fb54c07850899990 Author: Juergen Gross AuthorDate: Mon Jul 11 12:11:17 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:11:17 2022 +0200 xen/x86: remove cf_check attribute from hypercall handlers Now that the hypercall handlers are all being called directly instead through a function vector, the "cf_check" attribute can be removed. Signed-off-by: Juergen Gross Reviewed-by: Daniel P. Smith # xsm parts Acked-by: Jan Beulich Tested-by: Téo Couprie Diaz Acked-by: Dario Faggioli --- xen/arch/x86/compat.c | 6 +++--- xen/arch/x86/cpu/mcheck/mce.c | 2 +- xen/arch/x86/cpu/vpmu.c | 2 +- xen/arch/x86/domain.c | 3 +-- xen/arch/x86/hvm/dm.c | 2 +- xen/arch/x86/hvm/hvm.c | 2 +- xen/arch/x86/hvm/hypercall.c | 6 +++--- xen/arch/x86/mm.c | 12 ++++++------ xen/arch/x86/mm/paging.c | 2 +- xen/arch/x86/physdev.c | 2 +- xen/arch/x86/platform_hypercall.c | 2 +- xen/arch/x86/pv/callback.c | 16 ++++++++-------- xen/arch/x86/pv/descriptor-tables.c | 8 ++++---- xen/arch/x86/pv/iret.c | 4 ++-- xen/arch/x86/pv/misc-hypercalls.c | 10 +++++----- xen/arch/x86/pv/shim.c | 4 ++-- xen/arch/x86/x86_64/compat/mm.c | 2 +- xen/arch/x86/x86_64/domain.c | 2 +- xen/common/argo.c | 4 ++-- xen/common/compat/grant_table.c | 2 +- xen/common/compat/kernel.c | 2 +- xen/common/compat/memory.c | 3 +-- xen/common/dm.c | 2 +- xen/common/domain.c | 2 +- xen/common/domctl.c | 2 +- xen/common/event_channel.c | 2 +- xen/common/grant_table.c | 3 +-- xen/common/hypfs.c | 2 +- xen/common/kernel.c | 2 +- xen/common/kexec.c | 4 ++-- xen/common/memory.c | 2 +- xen/common/multicall.c | 3 +-- xen/common/sched/compat.c | 2 +- xen/common/sched/core.c | 4 ++-- xen/common/sysctl.c | 2 +- xen/common/xenoprof.c | 2 +- xen/drivers/char/console.c | 2 +- xen/scripts/gen_hypercall.awk | 2 +- xen/xsm/xsm_core.c | 4 ++-- 39 files changed, 68 insertions(+), 72 deletions(-) diff --git a/xen/arch/x86/compat.c b/xen/arch/x86/compat.c index 28281a262a..a031062830 100644 --- a/xen/arch/x86/compat.c +++ b/xen/arch/x86/compat.c @@ -15,7 +15,7 @@ typedef long ret_t; #endif /* Legacy hypercall (as of 0x00030202). */ -ret_t cf_check do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) +ret_t do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) { struct physdev_op op; @@ -28,7 +28,7 @@ ret_t cf_check do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) #ifndef COMPAT /* Legacy hypercall (as of 0x00030101). */ -long cf_check do_sched_op_compat(int cmd, unsigned long arg) +long do_sched_op_compat(int cmd, unsigned long arg) { switch ( cmd ) { @@ -50,7 +50,7 @@ long cf_check do_sched_op_compat(int cmd, unsigned long arg) } /* Legacy hypercall (as of 0x00030202). */ -long cf_check do_event_channel_op_compat( +long do_event_channel_op_compat( XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop) { struct evtchn_op op; diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 275c54be7c..f68e31b643 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -1351,7 +1351,7 @@ CHECK_mcinfo_recovery; # endif /* CONFIG_COMPAT */ /* Machine Check Architecture Hypercall */ -long cf_check do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc) +long do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc) { long ret = 0; struct xen_mc curop, *op = &curop; diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index 51d171615f..d2c03a1104 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -672,7 +672,7 @@ void vpmu_dump(struct vcpu *v) alternative_vcall(vpmu_ops.arch_vpmu_dump, v); } -long cf_check do_xenpmu_op( +long do_xenpmu_op( unsigned int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg) { int ret; diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 0d2944fe14..9ba3704f36 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1491,8 +1491,7 @@ int arch_vcpu_reset(struct vcpu *v) return 0; } -long cf_check do_vcpu_op(int cmd, unsigned int vcpuid, - XEN_GUEST_HANDLE_PARAM(void) arg) +long do_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) { long rc = 0; struct domain *d = current->domain; diff --git a/xen/arch/x86/hvm/dm.c b/xen/arch/x86/hvm/dm.c index d80975efcf..f8e6089870 100644 --- a/xen/arch/x86/hvm/dm.c +++ b/xen/arch/x86/hvm/dm.c @@ -654,7 +654,7 @@ CHECK_dm_op_relocate_memory; CHECK_dm_op_pin_memory_cacheattr; CHECK_dm_op_nr_vcpus; -int cf_check compat_dm_op( +int compat_dm_op( domid_t domid, unsigned int nr_bufs, XEN_GUEST_HANDLE_PARAM(void) bufs) { struct dmop_args args; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 5b16fb4cd8..273fed35e6 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -5022,7 +5022,7 @@ static int hvmop_get_mem_type( return rc; } -long cf_check do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) +long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) { long rc = 0; diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index ae601185fc..29d1ca7a13 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -31,7 +31,7 @@ #include #include -long cf_check hvm_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long hvm_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { long rc; @@ -51,7 +51,7 @@ long cf_check hvm_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) } #ifdef CONFIG_GRANT_TABLE -long cf_check hvm_grant_table_op( +long hvm_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { switch ( cmd ) @@ -77,7 +77,7 @@ long cf_check hvm_grant_table_op( } #endif -long cf_check hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { const struct vcpu *curr = current; const struct domain *currd = curr->domain; diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 57751d2ed7..5b81d5fbdb 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3421,7 +3421,7 @@ static int vcpumask_to_pcpumask( } } -long cf_check do_mmuext_op( +long do_mmuext_op( XEN_GUEST_HANDLE_PARAM(mmuext_op_t) uops, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, @@ -3960,7 +3960,7 @@ long cf_check do_mmuext_op( return rc; } -long cf_check do_mmu_update( +long do_mmu_update( XEN_GUEST_HANDLE_PARAM(mmu_update_t) ureqs, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, @@ -4545,7 +4545,7 @@ static int __do_update_va_mapping( return rc; } -long cf_check do_update_va_mapping( +long do_update_va_mapping( unsigned long va, u64 val64, unsigned long flags) { int rc = __do_update_va_mapping(va, val64, flags, current->domain); @@ -4557,7 +4557,7 @@ long cf_check do_update_va_mapping( return rc; } -long cf_check do_update_va_mapping_otherdomain( +long do_update_va_mapping_otherdomain( unsigned long va, u64 val64, unsigned long flags, domid_t domid) { struct domain *pg_owner; @@ -4580,7 +4580,7 @@ long cf_check do_update_va_mapping_otherdomain( #endif /* CONFIG_PV */ #ifdef CONFIG_PV32 -int cf_check compat_update_va_mapping( +int compat_update_va_mapping( unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags) { int rc = __do_update_va_mapping(va, ((uint64_t)hi << 32) | lo, @@ -4593,7 +4593,7 @@ int cf_check compat_update_va_mapping( return rc; } -int cf_check compat_update_va_mapping_otherdomain( +int compat_update_va_mapping_otherdomain( unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags, domid_t domid) { diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index eb9155f81c..3a355eee9c 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -760,7 +760,7 @@ int paging_domctl(struct domain *d, struct xen_domctl_shadow_op *sc, return shadow_domctl(d, sc, u_domctl); } -long cf_check do_paging_domctl_cont( +long do_paging_domctl_cont( XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { struct xen_domctl op; diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c index 2ddcf44f33..ea38be8b79 100644 --- a/xen/arch/x86/physdev.c +++ b/xen/arch/x86/physdev.c @@ -174,7 +174,7 @@ int physdev_unmap_pirq(domid_t domid, int pirq) } #endif /* COMPAT */ -ret_t cf_check do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { int irq; ret_t ret; diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index eeb4f7a20e..a7341dc3d7 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -214,7 +214,7 @@ void cf_check resource_access(void *info) } #endif -ret_t cf_check do_platform_op( +ret_t do_platform_op( XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) { ret_t ret; diff --git a/xen/arch/x86/pv/callback.c b/xen/arch/x86/pv/callback.c index 1be9d3f731..067ee3b795 100644 --- a/xen/arch/x86/pv/callback.c +++ b/xen/arch/x86/pv/callback.c @@ -140,7 +140,7 @@ static long unregister_guest_callback(struct callback_unregister *unreg) return ret; } -long cf_check do_callback_op(int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg) +long do_callback_op(int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg) { long ret; @@ -178,7 +178,7 @@ long cf_check do_callback_op(int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg) return ret; } -long cf_check do_set_callbacks( +long do_set_callbacks( unsigned long event_address, unsigned long failsafe_address, unsigned long syscall_address) { @@ -283,7 +283,7 @@ static int compat_unregister_guest_callback( return ret; } -int cf_check compat_callback_op(int cmd, XEN_GUEST_HANDLE(const_void) arg) +int compat_callback_op(int cmd, XEN_GUEST_HANDLE(const_void) arg) { int ret; @@ -321,7 +321,7 @@ int cf_check compat_callback_op(int cmd, XEN_GUEST_HANDLE(const_void) arg) return ret; } -int cf_check compat_set_callbacks( +int compat_set_callbacks( unsigned long event_selector, unsigned long event_address, unsigned long failsafe_selector, unsigned long failsafe_address) { @@ -348,7 +348,7 @@ int cf_check compat_set_callbacks( #endif /* CONFIG_PV32 */ -long cf_check do_set_trap_table(XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps) +long do_set_trap_table(XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps) { struct trap_info cur; struct vcpu *curr = current; @@ -394,7 +394,7 @@ long cf_check do_set_trap_table(XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps) } #ifdef CONFIG_PV32 -int cf_check compat_set_trap_table(XEN_GUEST_HANDLE(trap_info_compat_t) traps) +int compat_set_trap_table(XEN_GUEST_HANDLE(trap_info_compat_t) traps) { struct vcpu *curr = current; struct compat_trap_info cur; @@ -437,7 +437,7 @@ int cf_check compat_set_trap_table(XEN_GUEST_HANDLE(trap_info_compat_t) traps) } #endif -long cf_check do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { struct xennmi_callback cb; long rc = 0; @@ -463,7 +463,7 @@ long cf_check do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) } #ifdef CONFIG_PV32 -int cf_check compat_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +int compat_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { struct compat_nmi_callback cb; int rc = 0; diff --git a/xen/arch/x86/pv/descriptor-tables.c b/xen/arch/x86/pv/descriptor-tables.c index 653a61d0b5..b4135b450c 100644 --- a/xen/arch/x86/pv/descriptor-tables.c +++ b/xen/arch/x86/pv/descriptor-tables.c @@ -124,7 +124,7 @@ int pv_set_gdt(struct vcpu *v, const unsigned long frames[], return -EINVAL; } -long cf_check do_set_gdt( +long do_set_gdt( XEN_GUEST_HANDLE_PARAM(xen_ulong_t) frame_list, unsigned int entries) { unsigned int nr_frames = DIV_ROUND_UP(entries, 512); @@ -151,7 +151,7 @@ long cf_check do_set_gdt( #ifdef CONFIG_PV32 -int cf_check compat_set_gdt( +int compat_set_gdt( XEN_GUEST_HANDLE_PARAM(uint) frame_list, unsigned int entries) { struct vcpu *curr = current; @@ -187,7 +187,7 @@ int cf_check compat_set_gdt( return ret; } -int cf_check compat_update_descriptor( +int compat_update_descriptor( uint32_t pa_lo, uint32_t pa_hi, uint32_t desc_lo, uint32_t desc_hi) { seg_desc_t d; @@ -299,7 +299,7 @@ int validate_segdesc_page(struct page_info *page) return i == 512 ? 0 : -EINVAL; } -long cf_check do_update_descriptor(uint64_t gaddr, seg_desc_t d) +long do_update_descriptor(uint64_t gaddr, seg_desc_t d) { struct domain *currd = current->domain; gfn_t gfn = gaddr_to_gfn(gaddr); diff --git a/xen/arch/x86/pv/iret.c b/xen/arch/x86/pv/iret.c index 58de9f7922..316a23e77e 100644 --- a/xen/arch/x86/pv/iret.c +++ b/xen/arch/x86/pv/iret.c @@ -49,7 +49,7 @@ static void async_exception_cleanup(struct vcpu *curr) curr->arch.async_exception_state(trap).old_mask; } -long cf_check do_iret(void) +long do_iret(void) { struct cpu_user_regs *regs = guest_cpu_user_regs(); struct iret_context iret_saved; @@ -106,7 +106,7 @@ long cf_check do_iret(void) } #ifdef CONFIG_PV32 -int cf_check compat_iret(void) +int compat_iret(void) { struct cpu_user_regs *regs = guest_cpu_user_regs(); struct vcpu *v = current; diff --git a/xen/arch/x86/pv/misc-hypercalls.c b/xen/arch/x86/pv/misc-hypercalls.c index 635f5a644a..aaaf70eb63 100644 --- a/xen/arch/x86/pv/misc-hypercalls.c +++ b/xen/arch/x86/pv/misc-hypercalls.c @@ -23,12 +23,12 @@ #include -long cf_check do_set_debugreg(int reg, unsigned long value) +long do_set_debugreg(int reg, unsigned long value) { return set_debugreg(current, reg, value); } -long cf_check do_get_debugreg(int reg) +long do_get_debugreg(int reg) { /* Avoid implementation defined behavior casting unsigned long to long. */ union { @@ -40,7 +40,7 @@ long cf_check do_get_debugreg(int reg) return res == X86EMUL_OKAY ? u.ret : -ENODEV; } -long cf_check do_fpu_taskswitch(int set) +long do_fpu_taskswitch(int set) { struct vcpu *v = current; @@ -175,7 +175,7 @@ long set_debugreg(struct vcpu *v, unsigned int reg, unsigned long value) return 0; } -long cf_check do_stack_switch(unsigned long ss, unsigned long esp) +long do_stack_switch(unsigned long ss, unsigned long esp) { fixup_guest_stack_selector(current->domain, ss); current->arch.pv.kernel_ss = ss; @@ -184,7 +184,7 @@ long cf_check do_stack_switch(unsigned long ss, unsigned long esp) return 0; } -long cf_check do_set_segment_base(unsigned int which, unsigned long base) +long do_set_segment_base(unsigned int which, unsigned long base) { struct vcpu *v = current; long ret = 0; diff --git a/xen/arch/x86/pv/shim.c b/xen/arch/x86/pv/shim.c index 2ee290a392..2b74fea181 100644 --- a/xen/arch/x86/pv/shim.c +++ b/xen/arch/x86/pv/shim.c @@ -824,7 +824,7 @@ long pv_shim_grant_table_op(unsigned int cmd, #ifndef CONFIG_GRANT_TABLE /* Thin wrapper(s) needed. */ -long cf_check do_grant_table_op( +long do_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { if ( !pv_shim ) @@ -834,7 +834,7 @@ long cf_check do_grant_table_op( } #ifdef CONFIG_PV32 -int cf_check compat_grant_table_op( +int compat_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { if ( !pv_shim ) diff --git a/xen/arch/x86/x86_64/compat/mm.c b/xen/arch/x86/x86_64/compat/mm.c index 70b08a832a..d54efaad21 100644 --- a/xen/arch/x86/x86_64/compat/mm.c +++ b/xen/arch/x86/x86_64/compat/mm.c @@ -177,7 +177,7 @@ int compat_arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) #ifdef CONFIG_PV DEFINE_XEN_GUEST_HANDLE(mmuext_op_compat_t); -int cf_check compat_mmuext_op( +int compat_mmuext_op( XEN_GUEST_HANDLE_PARAM(void) arg, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, unsigned int foreigndom) { diff --git a/xen/arch/x86/x86_64/domain.c b/xen/arch/x86/x86_64/domain.c index 9c559aa3ea..62fe51ee74 100644 --- a/xen/arch/x86/x86_64/domain.c +++ b/xen/arch/x86/x86_64/domain.c @@ -12,7 +12,7 @@ CHECK_vcpu_get_physid; #undef xen_vcpu_get_physid -int cf_check +int compat_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) { int rc; diff --git a/xen/common/argo.c b/xen/common/argo.c index 26a01c2188..748b8714d6 100644 --- a/xen/common/argo.c +++ b/xen/common/argo.c @@ -2069,7 +2069,7 @@ sendv(struct domain *src_d, xen_argo_addr_t *src_addr, return ( ret < 0 ) ? ret : len; } -long cf_check +long do_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, unsigned long raw_arg3, unsigned long raw_arg4) @@ -2207,7 +2207,7 @@ do_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, } #ifdef CONFIG_COMPAT -int cf_check +int compat_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, unsigned long arg3, unsigned long arg4) diff --git a/xen/common/compat/grant_table.c b/xen/common/compat/grant_table.c index d5787e3719..4705ee5f76 100644 --- a/xen/common/compat/grant_table.c +++ b/xen/common/compat/grant_table.c @@ -56,7 +56,7 @@ CHECK_gnttab_swap_grant_ref; CHECK_gnttab_cache_flush; #undef xen_gnttab_cache_flush -int cf_check compat_grant_table_op( +int compat_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) cmp_uop, unsigned int count) { int rc = 0; diff --git a/xen/common/compat/kernel.c b/xen/common/compat/kernel.c index 8e8c413bf1..804b919bdc 100644 --- a/xen/common/compat/kernel.c +++ b/xen/common/compat/kernel.c @@ -37,7 +37,7 @@ CHECK_TYPE(capabilities_info); CHECK_TYPE(domain_handle); -#define DO(fn) int cf_check compat_##fn +#define DO(fn) int compat_##fn #define COMPAT #include "../kernel.c" diff --git a/xen/common/compat/memory.c b/xen/common/compat/memory.c index 82fb250efa..56c7de1dea 100644 --- a/xen/common/compat/memory.c +++ b/xen/common/compat/memory.c @@ -53,8 +53,7 @@ static int cf_check get_reserved_device_memory( } #endif -int cf_check compat_memory_op( - unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) compat) +int compat_memory_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) compat) { struct vcpu *curr = current; struct domain *currd = curr->domain; diff --git a/xen/common/dm.c b/xen/common/dm.c index fcb3a1aa05..201b652deb 100644 --- a/xen/common/dm.c +++ b/xen/common/dm.c @@ -19,7 +19,7 @@ #include #include -long cf_check do_dm_op( +long do_dm_op( domid_t domid, unsigned int nr_bufs, XEN_GUEST_HANDLE_PARAM(xen_dm_op_buf_t) bufs) { diff --git a/xen/common/domain.c b/xen/common/domain.c index 3b1169d79b..618410e3b2 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -1753,7 +1753,7 @@ long common_vcpu_op(int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg) } #ifdef arch_vm_assist_valid_mask -long cf_check do_vm_assist(unsigned int cmd, unsigned int type) +long do_vm_assist(unsigned int cmd, unsigned int type) { struct domain *currd = current->domain; const unsigned long valid = arch_vm_assist_valid_mask(currd); diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 0a866e3132..452266710a 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -278,7 +278,7 @@ static struct vnuma_info *vnuma_init(const struct xen_domctl_vnuma *uinfo, return ERR_PTR(ret); } -long cf_check do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) +long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { long ret = 0; bool_t copyback = 0; diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index e60cd98d75..e25fa91913 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -1191,7 +1191,7 @@ static int evtchn_set_priority(const struct evtchn_set_priority *set_priority) return ret; } -long cf_check do_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long do_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { int rc; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 2d110d9f41..aea0ad30a7 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3559,8 +3559,7 @@ gnttab_cache_flush(XEN_GUEST_HANDLE_PARAM(gnttab_cache_flush_t) uop, return 0; } -long cf_check -do_grant_table_op( +long do_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { long rc; diff --git a/xen/common/hypfs.c b/xen/common/hypfs.c index 0d22396f5d..acd258edf2 100644 --- a/xen/common/hypfs.c +++ b/xen/common/hypfs.c @@ -670,7 +670,7 @@ static int hypfs_write(struct hypfs_entry *entry, return entry->funcs->write(l, uaddr, ulen); } -long cf_check do_hypfs_op( +long do_hypfs_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(const_char) arg1, unsigned long arg2, XEN_GUEST_HANDLE_PARAM(void) arg3, unsigned long arg4) { diff --git a/xen/common/kernel.c b/xen/common/kernel.c index adff2d2c77..08bdae082a 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -451,7 +451,7 @@ static int __init cf_check param_init(void) __initcall(param_init); #endif -# define DO(fn) long cf_check do_##fn +# define DO(fn) long do_##fn #endif diff --git a/xen/common/kexec.c b/xen/common/kexec.c index 41669964d2..7095651605 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -1265,13 +1265,13 @@ static int do_kexec_op_internal(unsigned int op, return ret; } -long cf_check do_kexec_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg) +long do_kexec_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg) { return do_kexec_op_internal(op, uarg, 0); } #ifdef CONFIG_COMPAT -int cf_check compat_kexec_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg) +int compat_kexec_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(void) uarg) { return do_kexec_op_internal(op, uarg, 1); } diff --git a/xen/common/memory.c b/xen/common/memory.c index f2d009843a..f6f794914d 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -1367,7 +1367,7 @@ static int acquire_resource( return rc; } -long cf_check do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { struct domain *d, *curr_d = current->domain; long rc; diff --git a/xen/common/multicall.c b/xen/common/multicall.c index 9db49092b4..1f0cc4cb26 100644 --- a/xen/common/multicall.c +++ b/xen/common/multicall.c @@ -33,8 +33,7 @@ static void trace_multicall_call(multicall_entry_t *call) __trace_multicall_call(call); } -ret_t cf_check -do_multicall( +ret_t do_multicall( XEN_GUEST_HANDLE_PARAM(multicall_entry_t) call_list, uint32_t nr_calls) { struct vcpu *curr = current; diff --git a/xen/common/sched/compat.c b/xen/common/sched/compat.c index 66ba0fe88f..040b4caca2 100644 --- a/xen/common/sched/compat.c +++ b/xen/common/sched/compat.c @@ -39,7 +39,7 @@ static int compat_poll(struct compat_sched_poll *compat) #include "core.c" -int cf_check compat_set_timer_op(u32 lo, s32 hi) +int compat_set_timer_op(u32 lo, s32 hi) { return do_set_timer_op(((s64)hi << 32) | lo); } diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 250207038e..f689b55783 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -1862,7 +1862,7 @@ typedef long ret_t; #endif /* !COMPAT */ -ret_t cf_check do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { ret_t ret = 0; @@ -1999,7 +1999,7 @@ ret_t cf_check do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) #ifndef COMPAT /* Per-vcpu oneshot-timer hypercall. */ -long cf_check do_set_timer_op(s_time_t timeout) +long do_set_timer_op(s_time_t timeout) { struct vcpu *v = current; s_time_t offset = timeout - NOW(); diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c index fc4a0b31d6..1ad3c29351 100644 --- a/xen/common/sysctl.c +++ b/xen/common/sysctl.c @@ -29,7 +29,7 @@ #include #include -long cf_check do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) +long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) { long ret = 0; int copyback = -1; diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c index af617f1d0b..1926a92fe4 100644 --- a/xen/common/xenoprof.c +++ b/xen/common/xenoprof.c @@ -721,7 +721,7 @@ static int xenoprof_op_get_buffer(XEN_GUEST_HANDLE_PARAM(void) arg) || (op == XENOPROF_disable_virq) \ || (op == XENOPROF_get_buffer)) -ret_t cf_check do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) +ret_t do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) { int ret = 0; diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index f9937c5134..e8468c121a 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -675,7 +675,7 @@ static long guest_console_write(XEN_GUEST_HANDLE_PARAM(char) buffer, return 0; } -long cf_check do_console_io( +long do_console_io( unsigned int cmd, unsigned int count, XEN_GUEST_HANDLE_PARAM(char) buffer) { long rc; diff --git a/xen/scripts/gen_hypercall.awk b/xen/scripts/gen_hypercall.awk index 403758be21..34840c514f 100644 --- a/xen/scripts/gen_hypercall.awk +++ b/xen/scripts/gen_hypercall.awk @@ -226,7 +226,7 @@ END { # Generate prototypes for (i = 1; i <= n; i++) { for (p = 1; p <= n_pre[i]; p++) { - printf("%s cf_check %s_%s(", rettype[pre[i, p]], pre[i, p], fn[i]); + printf("%s %s_%s(", rettype[pre[i, p]], pre[i, p], fn[i]); if (n_args[i] == 0) printf("void"); else diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index 2286a502e3..eaa028109b 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -219,13 +219,13 @@ bool __init has_xsm_magic(paddr_t start) #endif -long cf_check do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) +long do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { return xsm_do_xsm_op(op); } #ifdef CONFIG_COMPAT -int cf_check compat_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) +int compat_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { return xsm_do_compat_op(op); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 23:34:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 23:34:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365397.595528 (Exim 4.92) (envelope-from ) id 1oB2us-0004b1-IS; Mon, 11 Jul 2022 23:34:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365397.595528; Mon, 11 Jul 2022 23:34:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2us-0004at-Fi; Mon, 11 Jul 2022 23:34:14 +0000 Received: by outflank-mailman (input) for mailman id 365397; Mon, 11 Jul 2022 23:34:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2ur-0004an-40 for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2ur-0004Rp-3C for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB2ur-0003B8-2c for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=J+avoQzze+I3EVkcRsS4kJWoCqlLeisOBTq5e5Njjes=; b=e64YXBdektK+GYRZsREsV8BpZT BvQWr/viirEm9mChr3MBNGwoO6UD0F8NemU5zaN0zWOGaCD/hw8PaoyZr9LI8jOCh2bV7dT7aRbo4 SaF4acotsIl+6KMaxYk5oq0OLACWY3sS9tVY/5pkMwBqePLnLKY+mmADN80FC7jJ5Rik=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/console: have one Makefile per program/directory Message-Id: Date: Mon, 11 Jul 2022 23:34:13 +0000 commit 524cf4da66ec95d7304a09b81853b250e669eeb3 Author: Anthony PERARD AuthorDate: Mon Jul 11 12:13:07 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:13:07 2022 +0200 tools/console: have one Makefile per program/directory Sources of both xenconsoled and xenconsole are already separated into different directory and don't share anything in common. Having two different Makefile means it's easier to deal with *FLAGS. Some common changes: Rename $(BIN) to $(TARGETS), this will be useful later. Stop removing *.so *.rpm *.a as they aren't created here. Use $(OBJS-y) to list objects. Update $(CFLAGS) for the directory rather than a single object. daemon: Remove the need for $(LDLIBS_xenconsoled), use $(LDLIBS) instead. Remove the need for $(CONSOLE_CFLAGS-y) and use $(CFLAGS-y) instead. client: Remove the unused $(LDLIBS_xenconsole) Signed-off-by: Anthony PERARD Reviewed-by: Luca Fancellu --- .gitignore | 2 -- tools/console/Makefile | 49 +++------------------------------------- tools/console/client/.gitignore | 1 + tools/console/client/Makefile | 39 ++++++++++++++++++++++++++++++++ tools/console/daemon/.gitignore | 1 + tools/console/daemon/Makefile | 50 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 94 insertions(+), 48 deletions(-) diff --git a/.gitignore b/.gitignore index def9339ff1..4729911c51 100644 --- a/.gitignore +++ b/.gitignore @@ -160,8 +160,6 @@ tools/libs/util/libxenutil.map tools/libs/vchan/headers.chk tools/libs/vchan/libxenvchan.map tools/libs/vchan/xenvchan.pc -tools/console/xenconsole -tools/console/xenconsoled tools/debugger/gdb/gdb-6.2.1-linux-i386-xen/* tools/debugger/gdb/gdb-6.2.1/* tools/debugger/gdb/gdb-6.2.1.tar.bz2 diff --git a/tools/console/Makefile b/tools/console/Makefile index 207c04c9cd..63bd2ac302 100644 --- a/tools/console/Makefile +++ b/tools/console/Makefile @@ -1,50 +1,7 @@ XEN_ROOT=$(CURDIR)/../.. include $(XEN_ROOT)/tools/Rules.mk -CFLAGS += -Werror +SUBDIRS-y := daemon client -CFLAGS += $(CFLAGS_libxenctrl) -CFLAGS += $(CFLAGS_libxenstore) -LDLIBS += $(LDLIBS_libxenctrl) -LDLIBS += $(LDLIBS_libxenstore) -LDLIBS += $(SOCKET_LIBS) - -LDLIBS_xenconsoled += $(UTIL_LIBS) -LDLIBS_xenconsoled += -lrt -CONSOLE_CFLAGS-$(CONFIG_ARM) = -DCONFIG_ARM - -BIN = xenconsoled xenconsole - -.PHONY: all -all: $(BIN) - -.PHONY: clean -clean: - $(RM) *.a *.so *.o *.rpm $(BIN) $(DEPS_RM) - $(RM) client/*.o daemon/*.o - -.PHONY: distclean -distclean: clean - -daemon/main.o: CFLAGS += -include $(XEN_ROOT)/tools/config.h -daemon/io.o: CFLAGS += $(CFLAGS_libxenevtchn) $(CFLAGS_libxengnttab) $(CFLAGS_libxenforeignmemory) $(CONSOLE_CFLAGS-y) -xenconsoled: $(patsubst %.c,%.o,$(wildcard daemon/*.c)) - $(CC) $(LDFLAGS) $^ -o $@ $(LDLIBS) $(LDLIBS_libxenevtchn) $(LDLIBS_libxengnttab) $(LDLIBS_libxenforeignmemory) $(LDLIBS_xenconsoled) $(APPEND_LDFLAGS) - -client/main.o: CFLAGS += -include $(XEN_ROOT)/tools/config.h -xenconsole: $(patsubst %.c,%.o,$(wildcard client/*.c)) - $(CC) $(LDFLAGS) $^ -o $@ $(LDLIBS) $(LDLIBS_xenconsole) $(APPEND_LDFLAGS) - -.PHONY: install -install: $(BIN) - $(INSTALL_DIR) $(DESTDIR)/$(sbindir) - $(INSTALL_PROG) xenconsoled $(DESTDIR)/$(sbindir) - $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_BIN) - $(INSTALL_PROG) xenconsole $(DESTDIR)$(LIBEXEC_BIN) - -.PHONY: uninstall -uninstall: - rm -f $(DESTDIR)$(LIBEXEC_BIN)/xenconsole - rm -f $(DESTDIR)$(sbindir)/xenconsoled - --include $(DEPS_INCLUDE) +.PHONY: all clean install distclean uninstall +all clean install distclean uninstall: %: subdirs-% diff --git a/tools/console/client/.gitignore b/tools/console/client/.gitignore new file mode 100644 index 0000000000..b096a1d841 --- /dev/null +++ b/tools/console/client/.gitignore @@ -0,0 +1 @@ +/xenconsole diff --git a/tools/console/client/Makefile b/tools/console/client/Makefile new file mode 100644 index 0000000000..44176c6d93 --- /dev/null +++ b/tools/console/client/Makefile @@ -0,0 +1,39 @@ +XEN_ROOT=$(CURDIR)/../../.. +include $(XEN_ROOT)/tools/Rules.mk + +CFLAGS += -Werror +CFLAGS += $(CFLAGS_libxenctrl) +CFLAGS += $(CFLAGS_libxenstore) +CFLAGS += -include $(XEN_ROOT)/tools/config.h + +LDLIBS += $(LDLIBS_libxenctrl) +LDLIBS += $(LDLIBS_libxenstore) +LDLIBS += $(SOCKET_LIBS) + +OBJS-y := main.o + +TARGETS := xenconsole + +.PHONY: all +all: $(TARGETS) + +xenconsole: $(OBJS-y) + $(CC) $(LDFLAGS) $^ -o $@ $(LDLIBS) $(APPEND_LDFLAGS) + +.PHONY: install +install: all + $(INSTALL_DIR) $(DESTDIR)$(LIBEXEC_BIN) + $(INSTALL_PROG) xenconsole $(DESTDIR)$(LIBEXEC_BIN) + +.PHONY: uninstall +uninstall: + rm -f $(DESTDIR)$(LIBEXEC_BIN)/xenconsole + +.PHONY: clean +clean: + $(RM) *.o $(TARGETS) $(DEPS_RM) + +.PHONY: distclean +distclean: clean + +-include $(DEPS_INCLUDE) diff --git a/tools/console/daemon/.gitignore b/tools/console/daemon/.gitignore new file mode 100644 index 0000000000..55c8f84664 --- /dev/null +++ b/tools/console/daemon/.gitignore @@ -0,0 +1 @@ +/xenconsoled diff --git a/tools/console/daemon/Makefile b/tools/console/daemon/Makefile new file mode 100644 index 0000000000..0f004f0b14 --- /dev/null +++ b/tools/console/daemon/Makefile @@ -0,0 +1,50 @@ +XEN_ROOT=$(CURDIR)/../../.. +include $(XEN_ROOT)/tools/Rules.mk + +CFLAGS += -Werror +CFLAGS += $(CFLAGS_libxenctrl) +CFLAGS += $(CFLAGS_libxenstore) +CFLAGS += $(CFLAGS_libxenevtchn) +CFLAGS += $(CFLAGS_libxengnttab) +CFLAGS += $(CFLAGS_libxenforeignmemory) +CFLAGS-$(CONFIG_ARM) += -DCONFIG_ARM +CFLAGS += -include $(XEN_ROOT)/tools/config.h + +LDLIBS += $(LDLIBS_libxenctrl) +LDLIBS += $(LDLIBS_libxenstore) +LDLIBS += $(LDLIBS_libxenevtchn) +LDLIBS += $(LDLIBS_libxengnttab) +LDLIBS += $(LDLIBS_libxenforeignmemory) +LDLIBS += $(SOCKET_LIBS) +LDLIBS += $(UTIL_LIBS) +LDLIBS += -lrt + +OBJS-y := main.o +OBJS-y += io.o +OBJS-y += utils.o + +TARGETS := xenconsoled + +.PHONY: all +all: $(TARGETS) + +xenconsoled: $(OBJS-y) + $(CC) $(LDFLAGS) $^ -o $@ $(LDLIBS) $(APPEND_LDFLAGS) + +.PHONY: install +install: all + $(INSTALL_DIR) $(DESTDIR)/$(sbindir) + $(INSTALL_PROG) xenconsoled $(DESTDIR)/$(sbindir) + +.PHONY: uninstall +uninstall: + rm -f $(DESTDIR)$(sbindir)/xenconsoled + +.PHONY: clean +clean: + $(RM) *.o $(TARGETS) $(DEPS_RM) + +.PHONY: distclean +distclean: clean + +-include $(DEPS_INCLUDE) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 23:34:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 23:34:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365398.595534 (Exim 4.92) (envelope-from ) id 1oB2v2-0004dy-KU; Mon, 11 Jul 2022 23:34:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365398.595534; Mon, 11 Jul 2022 23:34:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2v2-0004dl-HD; Mon, 11 Jul 2022 23:34:24 +0000 Received: by outflank-mailman (input) for mailman id 365398; Mon, 11 Jul 2022 23:34:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2v1-0004dS-73 for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2v1-0004SJ-6B for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB2v1-0003Bx-5Q for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sZjOcFkdhLErneNxhHoudxWRP3EtV+01XFY4T79A5hs=; b=RmITAZXodBu79JCfDkUKpDjBbd AeOE5m2h1eH3gNTI4PWvV2kEwePmvRiD+eTkKyPp10rK5ON64nBElpeRKEFaPBKyCtHhboTS9ExOj JchMpKsgDwr9nMfcvDNWg0Eezw651sHKlKQIkgLjHF1FUj/cpzwygh4bzVGAP82kx+8I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/examples: cleanup Makefile Message-Id: Date: Mon, 11 Jul 2022 23:34:23 +0000 commit 6899af760972e1815add7f532160ae238e58b7cd Author: Anthony PERARD AuthorDate: Mon Jul 11 12:13:24 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:13:24 2022 +0200 tools/examples: cleanup Makefile Don't check if a target exist before installing it. For directory, install doesn't complain, and for file it would prevent from updating them. Also remove the existing loop and instead install all files with a single call to $(INSTALL_DATA). Remove XEN_CONFIGS-y which isn't used. Remove "build" target. Add an empty line after the first comment. The comment isn't about $(XEN_READMES), it is about the makefile as a whole. Signed-off-by: Anthony PERARD Reviewed-by: Luca Fancellu --- tools/examples/Makefile | 25 ++++++------------------- 1 file changed, 6 insertions(+), 19 deletions(-) diff --git a/tools/examples/Makefile b/tools/examples/Makefile index 14e24f4cb3..c839bf5603 100644 --- a/tools/examples/Makefile +++ b/tools/examples/Makefile @@ -2,6 +2,7 @@ XEN_ROOT = $(CURDIR)/../.. include $(XEN_ROOT)/tools/Rules.mk # Xen configuration dir and configs to go there. + XEN_READMES = README XEN_CONFIGS += xlexample.hvm @@ -10,14 +11,9 @@ XEN_CONFIGS += xlexample.pvhlinux XEN_CONFIGS += xl.conf XEN_CONFIGS += cpupool -XEN_CONFIGS += $(XEN_CONFIGS-y) - .PHONY: all all: -.PHONY: build -build: - .PHONY: install install: all install-readmes install-configs @@ -26,12 +22,8 @@ uninstall: uninstall-readmes uninstall-configs .PHONY: install-readmes install-readmes: - [ -d $(DESTDIR)$(XEN_CONFIG_DIR) ] || \ - $(INSTALL_DIR) $(DESTDIR)$(XEN_CONFIG_DIR) - set -e; for i in $(XEN_READMES); \ - do [ -e $(DESTDIR)$(XEN_CONFIG_DIR)/$$i ] || \ - $(INSTALL_DATA) $$i $(DESTDIR)$(XEN_CONFIG_DIR); \ - done + $(INSTALL_DIR) $(DESTDIR)$(XEN_CONFIG_DIR) + $(INSTALL_DATA) $(XEN_READMES) $(DESTDIR)$(XEN_CONFIG_DIR) .PHONY: uninstall-readmes uninstall-readmes: @@ -39,14 +31,9 @@ uninstall-readmes: .PHONY: install-configs install-configs: $(XEN_CONFIGS) - [ -d $(DESTDIR)$(XEN_CONFIG_DIR) ] || \ - $(INSTALL_DIR) $(DESTDIR)$(XEN_CONFIG_DIR) - [ -d $(DESTDIR)$(XEN_CONFIG_DIR)/auto ] || \ - $(INSTALL_DIR) $(DESTDIR)$(XEN_CONFIG_DIR)/auto - set -e; for i in $(XEN_CONFIGS); \ - do [ -e $(DESTDIR)$(XEN_CONFIG_DIR)/$$i ] || \ - $(INSTALL_DATA) $$i $(DESTDIR)$(XEN_CONFIG_DIR); \ - done + $(INSTALL_DIR) $(DESTDIR)$(XEN_CONFIG_DIR) + $(INSTALL_DIR) $(DESTDIR)$(XEN_CONFIG_DIR)/auto + $(INSTALL_DATA) $(XEN_CONFIGS) $(DESTDIR)$(XEN_CONFIG_DIR) .PHONY: uninstall-configs uninstall-configs: -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 23:34:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 23:34:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365399.595536 (Exim 4.92) (envelope-from ) id 1oB2vC-0004gJ-LY; Mon, 11 Jul 2022 23:34:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365399.595536; Mon, 11 Jul 2022 23:34:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2vC-0004g9-Ih; Mon, 11 Jul 2022 23:34:34 +0000 Received: by outflank-mailman (input) for mailman id 365399; Mon, 11 Jul 2022 23:34:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2vB-0004g1-Aa for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2vB-0004SU-9i for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB2vB-0003Cm-8M for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zQl/mBJuZTybob2GIQyxiIM/eusmZmG5NNU/xkIufKs=; b=6QwDCNHzgQVObvRskYDT1okrYA 6ZR9UqYd80HofXQM2u2VaqtiHCRJOELul9e0gz8qnp+dcHtbdA4GkKHadl7Gpjmjdtbv0fx7NGmc2 8dl3xyiqczHEyPwTKzYwa8dX/nNhQ+R1/s2KOBoCqwps4bKYxp9VYfxmGvxzYi9KAITQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] docs: add reference to release cycle discussion Message-Id: Date: Mon, 11 Jul 2022 23:34:33 +0000 commit a58fca51abd46a88d87390fce333c90376e68367 Author: Juergen Gross AuthorDate: Mon Jul 11 12:13:40 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:13:40 2022 +0200 docs: add reference to release cycle discussion As it is coming up basically every release cycle of Xen, add a reference to the discussion why the current release scheme has been selected in the release management documentation. Signed-off-by: Juergen Gross Reviewed-by: Henry Wang Acked-by: Jan Beulich --- docs/process/xen-release-management.pandoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/process/xen-release-management.pandoc b/docs/process/xen-release-management.pandoc index b746c7157d..8f80d61d2f 100644 --- a/docs/process/xen-release-management.pandoc +++ b/docs/process/xen-release-management.pandoc @@ -19,6 +19,8 @@ The Xen hypervisor project now releases every 8 months. We aim to release in the first half of March/July/November. These dates have been chosen to avoid major holidays and cultural events; if one release slips, ideally the subsequent release cycle would be shortened. +The reasons for this schedule have been discussed on +[xen-devel](https://lists.xen.org/archives/html/xen-devel/2018-07/msg02240.html). We can roughly divide one release into two periods. The development period and the freeze period. The former is 6 months long and the latter is about 2 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 23:34:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 23:34:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365400.595542 (Exim 4.92) (envelope-from ) id 1oB2vM-0004jl-Ob; Mon, 11 Jul 2022 23:34:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365400.595542; Mon, 11 Jul 2022 23:34:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2vM-0004jd-KC; Mon, 11 Jul 2022 23:34:44 +0000 Received: by outflank-mailman (input) for mailman id 365400; Mon, 11 Jul 2022 23:34:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2vL-0004jU-Ej for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2vL-0004Se-Ds for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB2vL-0003Dm-DG for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O/hG8HUVsXIex8tQIg3vId5zzGf6DoQ8NNSgxHWRJRM=; b=U31eW37esiuaDfboje1tcDJhsn tsUUUEoIxXORyBehWPel8K+trq0wN1X8t1JCiMKmznNGNKk0JGq7segjYKXNqlU/94wEL0Uc3kNcM vMSZqyLbV/4VmjKKKVp3/SWtlHE+tyPCm432S7aqsKsxU/L/DrcxNrgK6JTJehFZeAas=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: report Interrupt Controller Virtualization capabilities Message-Id: Date: Mon, 11 Jul 2022 23:34:43 +0000 commit 6b2b9b3405092c3ad38d7342988a584b8efa674c Author: Jane Malalane AuthorDate: Mon Jul 11 12:13:59 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:13:59 2022 +0200 x86: report Interrupt Controller Virtualization capabilities Add XEN_SYSCTL_PHYSCAP_X86_ASSISTED_XAPIC and XEN_SYSCTL_PHYSCAP_X86_ASSISTED_X2APIC to report accelerated xAPIC and x2APIC, on x86 hardware. This is so that xAPIC and x2APIC virtualization can subsequently be enabled on a per-domain basis. No such features are currently implemented on AMD hardware. HW assisted xAPIC virtualization will be reported if HW, at the minimum, supports virtualize_apic_accesses as this feature alone means that an access to the APIC page will cause an APIC-access VM exit. An APIC-access VM exit provides a VMM with information about the access causing the VM exit, unlike a regular EPT fault, thus simplifying some internal handling. HW assisted x2APIC virtualization will be reported if HW supports virtualize_x2apic_mode and, at least, either apic_reg_virt or virtual_intr_delivery. This also means that sysctl follows the conditionals in vmx_vlapic_msr_changed(). For that purpose, also add an arch-specific "capabilities" parameter to struct xen_sysctl_physinfo. Note that this interface is intended to be compatible with AMD so that AVIC support can be introduced in a future patch. Unlike Intel that has multiple controls for APIC Virtualization, AMD has one global 'AVIC Enable' control bit, so fine-graining of APIC virtualization control cannot be done on a common interface. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Reviewed-by: "Roger Pau Monné" Reviewed-by: Jan Beulich Reviewed-by: Anthony PERARD Reviewed-by: Kevin Tian Reviewed-by: George Dunlap Acked-by: Christian Lindig --- tools/golang/xenlight/helpers.gen.go | 4 ++++ tools/golang/xenlight/types.gen.go | 2 ++ tools/include/libxl.h | 7 +++++++ tools/libs/light/libxl.c | 3 +++ tools/libs/light/libxl_arch.h | 4 ++++ tools/libs/light/libxl_arm.c | 5 +++++ tools/libs/light/libxl_types.idl | 2 ++ tools/libs/light/libxl_x86.c | 11 +++++++++++ tools/ocaml/libs/xc/xenctrl.ml | 9 +++++++++ tools/ocaml/libs/xc/xenctrl.mli | 8 ++++++++ tools/ocaml/libs/xc/xenctrl_stubs.c | 18 ++++++++++++++++-- tools/xl/xl_info.c | 6 ++++-- xen/arch/x86/hvm/hvm.c | 3 +++ xen/arch/x86/hvm/vmx/vmcs.c | 7 +++++++ xen/arch/x86/include/asm/hvm/hvm.h | 5 +++++ xen/arch/x86/sysctl.c | 4 ++++ xen/include/public/sysctl.h | 11 ++++++++++- 17 files changed, 104 insertions(+), 5 deletions(-) diff --git a/tools/golang/xenlight/helpers.gen.go b/tools/golang/xenlight/helpers.gen.go index b746ff1081..dd4e6c9f14 100644 --- a/tools/golang/xenlight/helpers.gen.go +++ b/tools/golang/xenlight/helpers.gen.go @@ -3373,6 +3373,8 @@ x.CapVmtrace = bool(xc.cap_vmtrace) x.CapVpmu = bool(xc.cap_vpmu) x.CapGnttabV1 = bool(xc.cap_gnttab_v1) x.CapGnttabV2 = bool(xc.cap_gnttab_v2) +x.CapAssistedXapic = bool(xc.cap_assisted_xapic) +x.CapAssistedX2Apic = bool(xc.cap_assisted_x2apic) return nil} @@ -3407,6 +3409,8 @@ xc.cap_vmtrace = C.bool(x.CapVmtrace) xc.cap_vpmu = C.bool(x.CapVpmu) xc.cap_gnttab_v1 = C.bool(x.CapGnttabV1) xc.cap_gnttab_v2 = C.bool(x.CapGnttabV2) +xc.cap_assisted_xapic = C.bool(x.CapAssistedXapic) +xc.cap_assisted_x2apic = C.bool(x.CapAssistedX2Apic) return nil } diff --git a/tools/golang/xenlight/types.gen.go b/tools/golang/xenlight/types.gen.go index b1e84d5258..87be46c745 100644 --- a/tools/golang/xenlight/types.gen.go +++ b/tools/golang/xenlight/types.gen.go @@ -1014,6 +1014,8 @@ CapVmtrace bool CapVpmu bool CapGnttabV1 bool CapGnttabV2 bool +CapAssistedXapic bool +CapAssistedX2Apic bool } type Connectorinfo struct { diff --git a/tools/include/libxl.h b/tools/include/libxl.h index 835dfabc50..3a68e1b55a 100644 --- a/tools/include/libxl.h +++ b/tools/include/libxl.h @@ -535,6 +535,13 @@ #define LIBXL_HAVE_DISK_TRUSTED 1 #define LIBXL_HAVE_NIC_TRUSTED 1 +/* + * LIBXL_HAVE_PHYSINFO_ASSISTED_APIC indicates that libxl_physinfo has + * cap_assisted_xapic and cap_assisted_x2apic fields, which indicates + * the availability of x{2}APIC hardware assisted virtualization. + */ +#define LIBXL_HAVE_PHYSINFO_ASSISTED_APIC 1 + /* * libxl ABI compatibility * diff --git a/tools/libs/light/libxl.c b/tools/libs/light/libxl.c index a0bf7d186f..6d699951e2 100644 --- a/tools/libs/light/libxl.c +++ b/tools/libs/light/libxl.c @@ -15,6 +15,7 @@ #include "libxl_osdeps.h" #include "libxl_internal.h" +#include "libxl_arch.h" int libxl_ctx_alloc(libxl_ctx **pctx, int version, unsigned flags, xentoollog_logger * lg) @@ -410,6 +411,8 @@ int libxl_get_physinfo(libxl_ctx *ctx, libxl_physinfo *physinfo) physinfo->cap_gnttab_v2 = !!(xcphysinfo.capabilities & XEN_SYSCTL_PHYSCAP_gnttab_v2); + libxl__arch_get_physinfo(physinfo, &xcphysinfo); + GC_FREE; return 0; } diff --git a/tools/libs/light/libxl_arch.h b/tools/libs/light/libxl_arch.h index 1522ecb97f..207ceac6a1 100644 --- a/tools/libs/light/libxl_arch.h +++ b/tools/libs/light/libxl_arch.h @@ -85,6 +85,10 @@ int libxl__arch_extra_memory(libxl__gc *gc, const libxl_domain_build_info *info, uint64_t *out); +_hidden +void libxl__arch_get_physinfo(libxl_physinfo *physinfo, + const xc_physinfo_t *xcphysinfo); + _hidden void libxl__arch_update_domain_config(libxl__gc *gc, libxl_domain_config *dst, diff --git a/tools/libs/light/libxl_arm.c b/tools/libs/light/libxl_arm.c index eef1de0939..39fdca1b49 100644 --- a/tools/libs/light/libxl_arm.c +++ b/tools/libs/light/libxl_arm.c @@ -1431,6 +1431,11 @@ int libxl__arch_passthrough_mode_setdefault(libxl__gc *gc, return rc; } +void libxl__arch_get_physinfo(libxl_physinfo *physinfo, + const xc_physinfo_t *xcphysinfo) +{ +} + void libxl__arch_update_domain_config(libxl__gc *gc, libxl_domain_config *dst, const libxl_domain_config *src) diff --git a/tools/libs/light/libxl_types.idl b/tools/libs/light/libxl_types.idl index 89962218b4..47f6a30cde 100644 --- a/tools/libs/light/libxl_types.idl +++ b/tools/libs/light/libxl_types.idl @@ -1070,6 +1070,8 @@ libxl_physinfo = Struct("physinfo", [ ("cap_vpmu", bool), ("cap_gnttab_v1", bool), ("cap_gnttab_v2", bool), + ("cap_assisted_xapic", bool), + ("cap_assisted_x2apic", bool), ], dir=DIR_OUT) libxl_connectorinfo = Struct("connectorinfo", [ diff --git a/tools/libs/light/libxl_x86.c b/tools/libs/light/libxl_x86.c index 1feadebb18..e0a06ecfe3 100644 --- a/tools/libs/light/libxl_x86.c +++ b/tools/libs/light/libxl_x86.c @@ -866,6 +866,17 @@ int libxl__arch_passthrough_mode_setdefault(libxl__gc *gc, return rc; } +void libxl__arch_get_physinfo(libxl_physinfo *physinfo, + const xc_physinfo_t *xcphysinfo) +{ + physinfo->cap_assisted_xapic = + !!(xcphysinfo->arch_capabilities & + XEN_SYSCTL_PHYSCAP_X86_ASSISTED_XAPIC); + physinfo->cap_assisted_x2apic = + !!(xcphysinfo->arch_capabilities & + XEN_SYSCTL_PHYSCAP_X86_ASSISTED_X2APIC); +} + void libxl__arch_update_domain_config(libxl__gc *gc, libxl_domain_config *dst, const libxl_domain_config *src) diff --git a/tools/ocaml/libs/xc/xenctrl.ml b/tools/ocaml/libs/xc/xenctrl.ml index 8eab6f60eb..6fa30ddb56 100644 --- a/tools/ocaml/libs/xc/xenctrl.ml +++ b/tools/ocaml/libs/xc/xenctrl.ml @@ -128,6 +128,14 @@ type physinfo_cap_flag = | CAP_Gnttab_v1 | CAP_Gnttab_v2 + +type x86_physinfo_arch_cap_flag = + | CAP_X86_ASSISTED_XAPIC + | CAP_X86_ASSISTED_X2APIC + +type physinfo_arch_cap_flag = + | X86 of x86_physinfo_arch_cap_flag + type physinfo = { threads_per_core : int; @@ -141,6 +149,7 @@ type physinfo = (* XXX hw_cap *) capabilities : physinfo_cap_flag list; max_nr_cpus : int; + arch_capabilities : physinfo_arch_cap_flag list; } type version = diff --git a/tools/ocaml/libs/xc/xenctrl.mli b/tools/ocaml/libs/xc/xenctrl.mli index d3014a2708..01774da768 100644 --- a/tools/ocaml/libs/xc/xenctrl.mli +++ b/tools/ocaml/libs/xc/xenctrl.mli @@ -113,6 +113,13 @@ type physinfo_cap_flag = | CAP_Gnttab_v1 | CAP_Gnttab_v2 +type x86_physinfo_arch_cap_flag = + | CAP_X86_ASSISTED_XAPIC + | CAP_X86_ASSISTED_X2APIC + +type physinfo_arch_cap_flag = + | X86 of x86_physinfo_arch_cap_flag + type physinfo = { threads_per_core : int; cores_per_socket : int; @@ -124,6 +131,7 @@ type physinfo = { scrub_pages : nativeint; capabilities : physinfo_cap_flag list; max_nr_cpus : int; (** compile-time max possible number of nr_cpus *) + arch_capabilities : physinfo_arch_cap_flag list; } type version = { major : int; minor : int; extra : string; } type compile_info = { diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c index 513ee142d2..42c2bcd333 100644 --- a/tools/ocaml/libs/xc/xenctrl_stubs.c +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c @@ -718,7 +718,7 @@ CAMLprim value stub_xc_send_debug_keys(value xch, value keys) CAMLprim value stub_xc_physinfo(value xch) { CAMLparam1(xch); - CAMLlocal2(physinfo, cap_list); + CAMLlocal4(physinfo, cap_list, x86_arch_cap_list, arch_cap_list); xc_physinfo_t c_physinfo; int r; @@ -737,7 +737,7 @@ CAMLprim value stub_xc_physinfo(value xch) /* ! XEN_SYSCTL_PHYSCAP_ XEN_SYSCTL_PHYSCAP_MAX max */ (c_physinfo.capabilities); - physinfo = caml_alloc_tuple(10); + physinfo = caml_alloc_tuple(11); Store_field(physinfo, 0, Val_int(c_physinfo.threads_per_core)); Store_field(physinfo, 1, Val_int(c_physinfo.cores_per_socket)); Store_field(physinfo, 2, Val_int(c_physinfo.nr_cpus)); @@ -749,6 +749,20 @@ CAMLprim value stub_xc_physinfo(value xch) Store_field(physinfo, 8, cap_list); Store_field(physinfo, 9, Val_int(c_physinfo.max_cpu_id + 1)); +#if defined(__i386__) || defined(__x86_64__) + x86_arch_cap_list = c_bitmap_to_ocaml_list + /* ! x86_physinfo_arch_cap_flag CAP_X86_ none */ + /* ! XEN_SYSCTL_PHYSCAP_X86_ XEN_SYSCTL_PHYSCAP_X86_MAX max */ + (c_physinfo.arch_capabilities); + /* + * arch_capabilities: physinfo_arch_cap_flag list; + */ + arch_cap_list = x86_arch_cap_list; +#else + arch_cap_list = Val_emptylist; +#endif + Store_field(physinfo, 10, arch_cap_list); + CAMLreturn(physinfo); } diff --git a/tools/xl/xl_info.c b/tools/xl/xl_info.c index 712b7638b0..3205270754 100644 --- a/tools/xl/xl_info.c +++ b/tools/xl/xl_info.c @@ -210,7 +210,7 @@ static void output_physinfo(void) info.hw_cap[4], info.hw_cap[5], info.hw_cap[6], info.hw_cap[7] ); - maybe_printf("virt_caps :%s%s%s%s%s%s%s%s%s%s%s\n", + maybe_printf("virt_caps :%s%s%s%s%s%s%s%s%s%s%s%s%s\n", info.cap_pv ? " pv" : "", info.cap_hvm ? " hvm" : "", info.cap_hvm && info.cap_hvm_directio ? " hvm_directio" : "", @@ -221,7 +221,9 @@ static void output_physinfo(void) info.cap_vmtrace ? " vmtrace" : "", info.cap_vpmu ? " vpmu" : "", info.cap_gnttab_v1 ? " gnttab-v1" : "", - info.cap_gnttab_v2 ? " gnttab-v2" : "" + info.cap_gnttab_v2 ? " gnttab-v2" : "", + info.cap_assisted_xapic ? " assisted_xapic" : "", + info.cap_assisted_x2apic ? " assisted_x2apic" : "" ); vinfo = libxl_get_version_info(ctx); diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 273fed35e6..bb996b4c42 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -117,6 +117,9 @@ static const char __initconst warning_hvm_fep[] = static bool_t __initdata opt_altp2m_enabled = 0; boolean_param("altp2m", opt_altp2m_enabled); +bool __ro_after_init assisted_xapic_available; +bool __ro_after_init assisted_x2apic_available; + static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 56fed2db03..7329622dd4 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -2146,7 +2146,14 @@ int __init vmx_vmcs_init(void) ret = _vmx_cpu_up(true); if ( !ret ) + { + /* Check whether hardware supports accelerated xapic and x2apic. */ + assisted_xapic_available = cpu_has_vmx_virtualize_apic_accesses; + assisted_x2apic_available = cpu_has_vmx_virtualize_x2apic_mode && + (cpu_has_vmx_apic_reg_virt || + cpu_has_vmx_virtual_intr_delivery); register_keyhandler('v', vmcs_dump, "dump VT-x VMCSs", 1); + } return ret; } diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index caaeacabc7..8d162b2c99 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -388,6 +388,9 @@ int hvm_get_param(struct domain *d, uint32_t index, uint64_t *value); #define hvm_tsc_scaling_ratio(d) \ ((d)->arch.hvm.tsc_scaling_ratio) +extern bool assisted_xapic_available; +extern bool assisted_x2apic_available; + #define hvm_get_guest_time(v) hvm_get_guest_time_fixed(v, 0) #define hvm_paging_enabled(v) \ @@ -901,6 +904,8 @@ static inline void hvm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) #define hvm_tsc_scaling_supported false #define hap_has_1gb false #define hap_has_2mb false +#define assisted_xapic_available false +#define assisted_x2apic_available false #define hvm_paging_enabled(v) ((void)(v), false) #define hvm_wp_enabled(v) ((void)(v), false) diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c index f82abc2488..716525f72f 100644 --- a/xen/arch/x86/sysctl.c +++ b/xen/arch/x86/sysctl.c @@ -135,6 +135,10 @@ void arch_do_physinfo(struct xen_sysctl_physinfo *pi) pi->capabilities |= XEN_SYSCTL_PHYSCAP_hap; if ( IS_ENABLED(CONFIG_SHADOW_PAGING) ) pi->capabilities |= XEN_SYSCTL_PHYSCAP_shadow; + if ( assisted_xapic_available ) + pi->arch_capabilities |= XEN_SYSCTL_PHYSCAP_X86_ASSISTED_XAPIC; + if ( assisted_x2apic_available ) + pi->arch_capabilities |= XEN_SYSCTL_PHYSCAP_X86_ASSISTED_X2APIC; } long arch_do_sysctl( diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index 60c8711483..5672906729 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -35,7 +35,7 @@ #include "domctl.h" #include "physdev.h" -#define XEN_SYSCTL_INTERFACE_VERSION 0x00000014 +#define XEN_SYSCTL_INTERFACE_VERSION 0x00000015 /* * Read console content from Xen buffer ring. @@ -111,6 +111,13 @@ struct xen_sysctl_tbuf_op { /* Max XEN_SYSCTL_PHYSCAP_* constant. Used for ABI checking. */ #define XEN_SYSCTL_PHYSCAP_MAX XEN_SYSCTL_PHYSCAP_gnttab_v2 +/* The platform supports x{2}apic hardware assisted emulation. */ +#define XEN_SYSCTL_PHYSCAP_X86_ASSISTED_XAPIC (1u << 0) +#define XEN_SYSCTL_PHYSCAP_X86_ASSISTED_X2APIC (1u << 1) + +/* Max XEN_SYSCTL_PHYSCAP_X86_* constant. Used for ABI checking. */ +#define XEN_SYSCTL_PHYSCAP_X86_MAX XEN_SYSCTL_PHYSCAP_X86_ASSISTED_X2APIC + struct xen_sysctl_physinfo { uint32_t threads_per_core; uint32_t cores_per_socket; @@ -120,6 +127,8 @@ struct xen_sysctl_physinfo { uint32_t max_node_id; /* Largest possible node ID on this host */ uint32_t cpu_khz; uint32_t capabilities;/* XEN_SYSCTL_PHYSCAP_??? */ + uint32_t arch_capabilities;/* XEN_SYSCTL_PHYSCAP_{X86,ARM,...}_??? */ + uint32_t pad; uint64_aligned_t total_pages; uint64_aligned_t free_pages; uint64_aligned_t scrub_pages; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 11 23:34:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 11 Jul 2022 23:34:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365401.595544 (Exim 4.92) (envelope-from ) id 1oB2vW-0004nL-R2; Mon, 11 Jul 2022 23:34:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365401.595544; Mon, 11 Jul 2022 23:34:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2vW-0004nD-OE; Mon, 11 Jul 2022 23:34:54 +0000 Received: by outflank-mailman (input) for mailman id 365401; Mon, 11 Jul 2022 23:34:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2vV-0004mt-JN for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB2vV-0004Su-IY for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB2vV-0003EZ-Hw for xen-changelog@lists.xenproject.org; Mon, 11 Jul 2022 23:34:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4mPb/cVcHepSdfdDXBHsUOcNOPj3DJNRbEeLho39UOs=; b=jBL407EI05bCCtvl8Y1Yl0ZIGo sTDPl1dPpe8/QDOAfV04+2YwtG3CYVm2Q2M0MxYP8UKPwbEiS0OGEJp7ofLQCdX00fyM4Bs45aryz eRLAXvaCkrdA2L14gwPju8spC4q6hSb+wANedIKH839lS44sXfFCg5U5iIfIzoIq2Qns=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/HVM: allow per-domain usage of hardware virtualized APIC Message-Id: Date: Mon, 11 Jul 2022 23:34:53 +0000 commit 2ce11ce249a3981bac50914c6a90f681ad7a4222 Author: Jane Malalane AuthorDate: Mon Jul 11 12:15:05 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 11 12:15:05 2022 +0200 x86/HVM: allow per-domain usage of hardware virtualized APIC Introduce a new per-domain creation x86 specific flag to select whether hardware assisted virtualization should be used for x{2}APIC. A per-domain option is added to xl in order to select the usage of x{2}APIC hardware assisted virtualization, as well as a global configuration option. Having all APIC interaction exit to Xen for emulation is slow and can induce much overhead. Hardware can speed up x{2}APIC by decoding the APIC access and providing a VM exit with a more specific exit reason than a regular EPT fault or by altogether avoiding a VM exit. On the other hand, being able to disable x{2}APIC hardware assisted virtualization can be useful for testing and debugging purposes. Note: - vmx_install_vlapic_mapping doesn't require modifications regardless of whether the guest has "Virtualize APIC accesses" enabled or not, i.e., setting the APIC_ACCESS_ADDR VMCS field is fine so long as virtualize_apic_accesses is supported by the CPU. - Both per-domain and global assisted_x{2}apic options are not part of the migration stream, unless explicitly set in the respective configuration files. Default settings of assisted_x{2}apic done internally by the toolstack, based on host capabilities at create time, are not migrated. Suggested-by: Andrew Cooper Signed-off-by: Jane Malalane Acked-by: Christian Lindig Reviewed-by: "Roger Pau Monné" Reviewed-by: Anthony PERARD Reviewed-by: Kevin Tian Reviewed-by: George Dunlap --- docs/man/xl.cfg.5.pod.in | 15 +++++++++++++++ docs/man/xl.conf.5.pod.in | 12 ++++++++++++ tools/golang/xenlight/helpers.gen.go | 12 ++++++++++++ tools/golang/xenlight/types.gen.go | 2 ++ tools/include/libxl.h | 7 +++++++ tools/libs/light/libxl_arch.h | 5 +++-- tools/libs/light/libxl_arm.c | 9 ++++++--- tools/libs/light/libxl_create.c | 22 +++++++++++++--------- tools/libs/light/libxl_types.idl | 2 ++ tools/libs/light/libxl_x86.c | 28 ++++++++++++++++++++++++++-- tools/ocaml/libs/xc/xenctrl.ml | 2 ++ tools/ocaml/libs/xc/xenctrl.mli | 2 ++ tools/ocaml/libs/xc/xenctrl_stubs.c | 2 +- tools/xl/xl.c | 8 ++++++++ tools/xl/xl.h | 2 ++ tools/xl/xl_parse.c | 19 +++++++++++++++++++ xen/arch/x86/domain.c | 29 ++++++++++++++++++++++++++++- xen/arch/x86/hvm/vmx/vmcs.c | 4 ++++ xen/arch/x86/hvm/vmx/vmx.c | 13 ++++--------- xen/arch/x86/include/asm/hvm/domain.h | 6 ++++++ xen/arch/x86/include/asm/hvm/hvm.h | 5 +++++ xen/arch/x86/traps.c | 5 +++-- xen/include/public/arch-x86/xen.h | 5 +++++ 23 files changed, 187 insertions(+), 29 deletions(-) diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in index b98d161398..6d98d73d76 100644 --- a/docs/man/xl.cfg.5.pod.in +++ b/docs/man/xl.cfg.5.pod.in @@ -1862,6 +1862,21 @@ firmware tables when using certain older guest Operating Systems. These tables have been superseded by newer constructs within the ACPI tables. +=item B + +B<(x86 only)> Enables or disables hardware assisted virtualization for +xAPIC. With this option enabled, a memory-mapped APIC access will be +decoded by hardware and either issue a more specific VM exit than just +a p2m fault, or altogether avoid a VM exit. The +default is settable via L. + +=item B + +B<(x86 only)> Enables or disables hardware assisted virtualization for +x2APIC. With this option enabled, certain accesses to MSR APIC +registers will avoid a VM exit into the hypervisor. The default is +settable via L. + =item B B<(x86 only)> Hides or exposes the No-eXecute capability. This allows a guest diff --git a/docs/man/xl.conf.5.pod.in b/docs/man/xl.conf.5.pod.in index df20c08137..95d136d1ea 100644 --- a/docs/man/xl.conf.5.pod.in +++ b/docs/man/xl.conf.5.pod.in @@ -107,6 +107,18 @@ Sets the default value for the C domain config value. Default: maximum grant version supported by the hypervisor. +=item B + +If enabled, domains will use xAPIC hardware assisted virtualization by default. + +Default: enabled if supported. + +=item B + +If enabled, domains will use x2APIC hardware assisted virtualization by default. + +Default: enabled if supported. + =item B Configures the default hotplug script used by virtual network devices. diff --git a/tools/golang/xenlight/helpers.gen.go b/tools/golang/xenlight/helpers.gen.go index dd4e6c9f14..dece545ee0 100644 --- a/tools/golang/xenlight/helpers.gen.go +++ b/tools/golang/xenlight/helpers.gen.go @@ -1120,6 +1120,12 @@ x.ArchArm.Vuart = VuartType(xc.arch_arm.vuart) if err := x.ArchX86.MsrRelaxed.fromC(&xc.arch_x86.msr_relaxed);err != nil { return fmt.Errorf("converting field ArchX86.MsrRelaxed: %v", err) } +if err := x.ArchX86.AssistedXapic.fromC(&xc.arch_x86.assisted_xapic);err != nil { +return fmt.Errorf("converting field ArchX86.AssistedXapic: %v", err) +} +if err := x.ArchX86.AssistedX2Apic.fromC(&xc.arch_x86.assisted_x2apic);err != nil { +return fmt.Errorf("converting field ArchX86.AssistedX2Apic: %v", err) +} x.Altp2M = Altp2MMode(xc.altp2m) x.VmtraceBufKb = int(xc.vmtrace_buf_kb) if err := x.Vpmu.fromC(&xc.vpmu);err != nil { @@ -1605,6 +1611,12 @@ xc.arch_arm.vuart = C.libxl_vuart_type(x.ArchArm.Vuart) if err := x.ArchX86.MsrRelaxed.toC(&xc.arch_x86.msr_relaxed); err != nil { return fmt.Errorf("converting field ArchX86.MsrRelaxed: %v", err) } +if err := x.ArchX86.AssistedXapic.toC(&xc.arch_x86.assisted_xapic); err != nil { +return fmt.Errorf("converting field ArchX86.AssistedXapic: %v", err) +} +if err := x.ArchX86.AssistedX2Apic.toC(&xc.arch_x86.assisted_x2apic); err != nil { +return fmt.Errorf("converting field ArchX86.AssistedX2Apic: %v", err) +} xc.altp2m = C.libxl_altp2m_mode(x.Altp2M) xc.vmtrace_buf_kb = C.int(x.VmtraceBufKb) if err := x.Vpmu.toC(&xc.vpmu); err != nil { diff --git a/tools/golang/xenlight/types.gen.go b/tools/golang/xenlight/types.gen.go index 87be46c745..253c9ad93d 100644 --- a/tools/golang/xenlight/types.gen.go +++ b/tools/golang/xenlight/types.gen.go @@ -520,6 +520,8 @@ Vuart VuartType } ArchX86 struct { MsrRelaxed Defbool +AssistedXapic Defbool +AssistedX2Apic Defbool } Altp2M Altp2MMode VmtraceBufKb int diff --git a/tools/include/libxl.h b/tools/include/libxl.h index 3a68e1b55a..f351669039 100644 --- a/tools/include/libxl.h +++ b/tools/include/libxl.h @@ -542,6 +542,13 @@ */ #define LIBXL_HAVE_PHYSINFO_ASSISTED_APIC 1 +/* + * LIBXL_HAVE_ASSISTED_APIC indicates that libxl_domain_build_info has + * assisted_xapic and assisted_x2apic fields for enabling hardware + * assisted virtualization for x{2}apic per domain. + */ +#define LIBXL_HAVE_ASSISTED_APIC 1 + /* * libxl ABI compatibility * diff --git a/tools/libs/light/libxl_arch.h b/tools/libs/light/libxl_arch.h index 207ceac6a1..03b89929e6 100644 --- a/tools/libs/light/libxl_arch.h +++ b/tools/libs/light/libxl_arch.h @@ -71,8 +71,9 @@ void libxl__arch_domain_create_info_setdefault(libxl__gc *gc, libxl_domain_create_info *c_info); _hidden -void libxl__arch_domain_build_info_setdefault(libxl__gc *gc, - libxl_domain_build_info *b_info); +int libxl__arch_domain_build_info_setdefault(libxl__gc *gc, + libxl_domain_build_info *b_info, + const libxl_physinfo *physinfo); _hidden int libxl__arch_passthrough_mode_setdefault(libxl__gc *gc, diff --git a/tools/libs/light/libxl_arm.c b/tools/libs/light/libxl_arm.c index 39fdca1b49..7dee2afd4b 100644 --- a/tools/libs/light/libxl_arm.c +++ b/tools/libs/light/libxl_arm.c @@ -1384,14 +1384,15 @@ void libxl__arch_domain_create_info_setdefault(libxl__gc *gc, } } -void libxl__arch_domain_build_info_setdefault(libxl__gc *gc, - libxl_domain_build_info *b_info) +int libxl__arch_domain_build_info_setdefault(libxl__gc *gc, + libxl_domain_build_info *b_info, + const libxl_physinfo *physinfo) { /* ACPI is disabled by default */ libxl_defbool_setdefault(&b_info->acpi, false); if (b_info->type != LIBXL_DOMAIN_TYPE_PV) - return; + return 0; LOG(DEBUG, "Converting build_info to PVH"); @@ -1399,6 +1400,8 @@ void libxl__arch_domain_build_info_setdefault(libxl__gc *gc, memset(&b_info->u, '\0', sizeof(b_info->u)); b_info->type = LIBXL_DOMAIN_TYPE_INVALID; libxl_domain_build_info_init_type(b_info, LIBXL_DOMAIN_TYPE_PVH); + + return 0; } int libxl__arch_passthrough_mode_setdefault(libxl__gc *gc, diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 2339f09e95..b9dd2deedf 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -75,6 +75,7 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, libxl_domain_build_info *b_info) { int i, rc; + libxl_physinfo info; if (b_info->type != LIBXL_DOMAIN_TYPE_HVM && b_info->type != LIBXL_DOMAIN_TYPE_PV && @@ -264,7 +265,18 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, if (!b_info->event_channels) b_info->event_channels = 1023; - libxl__arch_domain_build_info_setdefault(gc, b_info); + rc = libxl_get_physinfo(CTX, &info); + if (rc) { + LOG(ERROR, "failed to get hypervisor info"); + return rc; + } + + rc = libxl__arch_domain_build_info_setdefault(gc, b_info, &info); + if (rc) { + LOG(ERROR, "unable to set domain arch build info defaults"); + return rc; + } + libxl_defbool_setdefault(&b_info->dm_restrict, false); if (b_info->iommu_memkb == LIBXL_MEMKB_DEFAULT) @@ -457,14 +469,6 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, } if (b_info->max_grant_version == LIBXL_MAX_GRANT_DEFAULT) { - libxl_physinfo info; - - rc = libxl_get_physinfo(CTX, &info); - if (rc) { - LOG(ERROR, "failed to get hypervisor info"); - return rc; - } - if (info.cap_gnttab_v2) b_info->max_grant_version = 2; else if (info.cap_gnttab_v1) diff --git a/tools/libs/light/libxl_types.idl b/tools/libs/light/libxl_types.idl index 47f6a30cde..f3ceb38c9e 100644 --- a/tools/libs/light/libxl_types.idl +++ b/tools/libs/light/libxl_types.idl @@ -648,6 +648,8 @@ libxl_domain_build_info = Struct("domain_build_info",[ ("vuart", libxl_vuart_type), ])), ("arch_x86", Struct(None, [("msr_relaxed", libxl_defbool), + ("assisted_xapic", libxl_defbool), + ("assisted_x2apic", libxl_defbool), ])), # Alternate p2m is not bound to any architecture or guest type, as it is # supported by x86 HVM and ARM support is planned. diff --git a/tools/libs/light/libxl_x86.c b/tools/libs/light/libxl_x86.c index e0a06ecfe3..7c5ee74443 100644 --- a/tools/libs/light/libxl_x86.c +++ b/tools/libs/light/libxl_x86.c @@ -23,6 +23,15 @@ int libxl__arch_domain_prepare_config(libxl__gc *gc, if (libxl_defbool_val(d_config->b_info.arch_x86.msr_relaxed)) config->arch.misc_flags |= XEN_X86_MSR_RELAXED; + if (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV) + { + if (libxl_defbool_val(d_config->b_info.arch_x86.assisted_xapic)) + config->arch.misc_flags |= XEN_X86_ASSISTED_XAPIC; + + if (libxl_defbool_val(d_config->b_info.arch_x86.assisted_x2apic)) + config->arch.misc_flags |= XEN_X86_ASSISTED_X2APIC; + } + return 0; } @@ -819,11 +828,26 @@ void libxl__arch_domain_create_info_setdefault(libxl__gc *gc, { } -void libxl__arch_domain_build_info_setdefault(libxl__gc *gc, - libxl_domain_build_info *b_info) +int libxl__arch_domain_build_info_setdefault(libxl__gc *gc, + libxl_domain_build_info *b_info, + const libxl_physinfo *physinfo) { libxl_defbool_setdefault(&b_info->acpi, true); libxl_defbool_setdefault(&b_info->arch_x86.msr_relaxed, false); + + if (b_info->type != LIBXL_DOMAIN_TYPE_PV) { + libxl_defbool_setdefault(&b_info->arch_x86.assisted_xapic, + physinfo->cap_assisted_xapic); + libxl_defbool_setdefault(&b_info->arch_x86.assisted_x2apic, + physinfo->cap_assisted_x2apic); + } + else if (!libxl_defbool_is_default(b_info->arch_x86.assisted_xapic) || + !libxl_defbool_is_default(b_info->arch_x86.assisted_x2apic)) { + LOG(ERROR, "Interrupt Controller Virtualization not supported for PV"); + return ERROR_INVAL; + } + + return 0; } int libxl__arch_passthrough_mode_setdefault(libxl__gc *gc, diff --git a/tools/ocaml/libs/xc/xenctrl.ml b/tools/ocaml/libs/xc/xenctrl.ml index 6fa30ddb56..0c71e5eef3 100644 --- a/tools/ocaml/libs/xc/xenctrl.ml +++ b/tools/ocaml/libs/xc/xenctrl.ml @@ -50,6 +50,8 @@ type x86_arch_emulation_flags = type x86_arch_misc_flags = | X86_MSR_RELAXED + | X86_ASSISTED_XAPIC + | X86_ASSISTED_X2APIC type xen_x86_arch_domainconfig = { diff --git a/tools/ocaml/libs/xc/xenctrl.mli b/tools/ocaml/libs/xc/xenctrl.mli index 01774da768..a8458e19ca 100644 --- a/tools/ocaml/libs/xc/xenctrl.mli +++ b/tools/ocaml/libs/xc/xenctrl.mli @@ -44,6 +44,8 @@ type x86_arch_emulation_flags = type x86_arch_misc_flags = | X86_MSR_RELAXED + | X86_ASSISTED_XAPIC + | X86_ASSISTED_X2APIC type xen_x86_arch_domainconfig = { emulation_flags: x86_arch_emulation_flags list; diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c index 42c2bcd333..19335bdf45 100644 --- a/tools/ocaml/libs/xc/xenctrl_stubs.c +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c @@ -244,7 +244,7 @@ CAMLprim value stub_xc_domain_create(value xch, value wanted_domid, value config cfg.arch.misc_flags = ocaml_list_to_c_bitmap /* ! x86_arch_misc_flags X86_ none */ - /* ! XEN_X86_ XEN_X86_MSR_RELAXED all */ + /* ! XEN_X86_ XEN_X86_MISC_FLAGS_MAX max */ (VAL_MISC_FLAGS); #undef VAL_MISC_FLAGS diff --git a/tools/xl/xl.c b/tools/xl/xl.c index 2d1ec18ea3..31eb223309 100644 --- a/tools/xl/xl.c +++ b/tools/xl/xl.c @@ -57,6 +57,8 @@ int max_grant_frames = -1; int max_maptrack_frames = -1; int max_grant_version = LIBXL_MAX_GRANT_DEFAULT; libxl_domid domid_policy = INVALID_DOMID; +int assisted_xapic = -1; +int assisted_x2apic = -1; xentoollog_level minmsglevel = minmsglevel_default; @@ -201,6 +203,12 @@ static void parse_global_config(const char *configfile, if (!xlu_cfg_get_long (config, "claim_mode", &l, 0)) claim_mode = l; + if (!xlu_cfg_get_long (config, "assisted_xapic", &l, 0)) + assisted_xapic = l; + + if (!xlu_cfg_get_long (config, "assisted_x2apic", &l, 0)) + assisted_x2apic = l; + xlu_cfg_replace_string (config, "remus.default.netbufscript", &default_remus_netbufscript, 0); xlu_cfg_replace_string (config, "colo.default.proxyscript", diff --git a/tools/xl/xl.h b/tools/xl/xl.h index c5c4bedbdd..528deb3feb 100644 --- a/tools/xl/xl.h +++ b/tools/xl/xl.h @@ -286,6 +286,8 @@ extern libxl_bitmap global_vm_affinity_mask; extern libxl_bitmap global_hvm_affinity_mask; extern libxl_bitmap global_pv_affinity_mask; extern libxl_domid domid_policy; +extern int assisted_xapic; +extern int assisted_x2apic; enum output_format { OUTPUT_FORMAT_JSON, diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 644ab8f8fd..1b5381cef0 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -2765,6 +2765,25 @@ skip_usbdev: xlu_cfg_get_defbool(config, "vpmu", &b_info->vpmu, 0); + if (b_info->type != LIBXL_DOMAIN_TYPE_PV) { + e = xlu_cfg_get_long(config, "assisted_xapic", &l , 0); + if (!e) + libxl_defbool_set(&b_info->arch_x86.assisted_xapic, l); + else if (e != ESRCH) + exit(1); + else if (assisted_xapic != -1) /* use global default if present */ + libxl_defbool_set(&b_info->arch_x86.assisted_xapic, assisted_xapic); + + e = xlu_cfg_get_long(config, "assisted_x2apic", &l, 0); + if (!e) + libxl_defbool_set(&b_info->arch_x86.assisted_x2apic, l); + else if (e != ESRCH) + exit(1); + else if (assisted_x2apic != -1) /* use global default if present */ + libxl_defbool_set(&b_info->arch_x86.assisted_x2apic, + assisted_x2apic); + } + xlu_cfg_destroy(config); } diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 9ba3704f36..408ee284ed 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -50,6 +50,7 @@ #include #include #include +#include #include #include #include @@ -619,6 +620,8 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config) bool hvm = config->flags & XEN_DOMCTL_CDF_hvm; bool hap = config->flags & XEN_DOMCTL_CDF_hap; bool nested_virt = config->flags & XEN_DOMCTL_CDF_nested_virt; + bool assisted_xapic = config->arch.misc_flags & XEN_X86_ASSISTED_XAPIC; + bool assisted_x2apic = config->arch.misc_flags & XEN_X86_ASSISTED_X2APIC; unsigned int max_vcpus; if ( hvm ? !hvm_enabled : !IS_ENABLED(CONFIG_PV) ) @@ -685,13 +688,31 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config) } } - if ( config->arch.misc_flags & ~XEN_X86_MSR_RELAXED ) + if ( config->arch.misc_flags & ~(XEN_X86_MSR_RELAXED | + XEN_X86_ASSISTED_XAPIC | + XEN_X86_ASSISTED_X2APIC) ) { dprintk(XENLOG_INFO, "Invalid arch misc flags %#x\n", config->arch.misc_flags); return -EINVAL; } + if ( (assisted_xapic || assisted_x2apic) && !hvm ) + { + dprintk(XENLOG_INFO, + "Interrupt Controller Virtualization not supported for PV\n"); + return -EINVAL; + } + + if ( (assisted_xapic && !assisted_xapic_available) || + (assisted_x2apic && !assisted_x2apic_available) ) + { + dprintk(XENLOG_INFO, + "Hardware assisted x%sAPIC requested but not available\n", + assisted_xapic && !assisted_xapic_available ? "" : "2"); + return -ENODEV; + } + return 0; } @@ -864,6 +885,12 @@ int arch_domain_create(struct domain *d, d->arch.msr_relaxed = config->arch.misc_flags & XEN_X86_MSR_RELAXED; + d->arch.hvm.assisted_xapic = + config->arch.misc_flags & XEN_X86_ASSISTED_XAPIC; + + d->arch.hvm.assisted_x2apic = + config->arch.misc_flags & XEN_X86_ASSISTED_X2APIC; + spec_ctrl_init_domain(d); return 0; diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 7329622dd4..683c650d77 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1134,6 +1134,10 @@ static int construct_vmcs(struct vcpu *v) __vmwrite(PLE_WINDOW, ple_window); } + if ( !has_assisted_xapic(d) ) + v->arch.hvm.vmx.secondary_exec_control &= + ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; + if ( cpu_has_vmx_secondary_exec_control ) __vmwrite(SECONDARY_VM_EXEC_CONTROL, v->arch.hvm.vmx.secondary_exec_control); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index f08a00dcbb..47554cc004 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3376,16 +3376,11 @@ static void vmx_install_vlapic_mapping(struct vcpu *v) void vmx_vlapic_msr_changed(struct vcpu *v) { - int virtualize_x2apic_mode; struct vlapic *vlapic = vcpu_vlapic(v); unsigned int msr; - virtualize_x2apic_mode = ( (cpu_has_vmx_apic_reg_virt || - cpu_has_vmx_virtual_intr_delivery) && - cpu_has_vmx_virtualize_x2apic_mode ); - - if ( !cpu_has_vmx_virtualize_apic_accesses && - !virtualize_x2apic_mode ) + if ( !has_assisted_xapic(v->domain) && + !has_assisted_x2apic(v->domain) ) return; vmx_vmcs_enter(v); @@ -3395,7 +3390,7 @@ void vmx_vlapic_msr_changed(struct vcpu *v) if ( !vlapic_hw_disabled(vlapic) && (vlapic_base_address(vlapic) == APIC_DEFAULT_PHYS_BASE) ) { - if ( virtualize_x2apic_mode && vlapic_x2apic_mode(vlapic) ) + if ( has_assisted_x2apic(v->domain) && vlapic_x2apic_mode(vlapic) ) { v->arch.hvm.vmx.secondary_exec_control |= SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE; @@ -3416,7 +3411,7 @@ void vmx_vlapic_msr_changed(struct vcpu *v) vmx_clear_msr_intercept(v, MSR_X2APIC_SELF, VMX_MSR_W); } } - else + else if ( has_assisted_xapic(v->domain) ) v->arch.hvm.vmx.secondary_exec_control |= SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; } diff --git a/xen/arch/x86/include/asm/hvm/domain.h b/xen/arch/x86/include/asm/hvm/domain.h index 698455444e..92bf53483c 100644 --- a/xen/arch/x86/include/asm/hvm/domain.h +++ b/xen/arch/x86/include/asm/hvm/domain.h @@ -117,6 +117,12 @@ struct hvm_domain { bool is_s3_suspended; + /* xAPIC hardware assisted virtualization. */ + bool assisted_xapic; + + /* x2APIC hardware assisted virtualization. */ + bool assisted_x2apic; + /* hypervisor intercepted msix table */ struct list_head msixtbl_list; diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 8d162b2c99..03096f31ef 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -391,6 +391,9 @@ int hvm_get_param(struct domain *d, uint32_t index, uint64_t *value); extern bool assisted_xapic_available; extern bool assisted_x2apic_available; +#define has_assisted_xapic(d) ((d)->arch.hvm.assisted_xapic) +#define has_assisted_x2apic(d) ((d)->arch.hvm.assisted_x2apic) + #define hvm_get_guest_time(v) hvm_get_guest_time_fixed(v, 0) #define hvm_paging_enabled(v) \ @@ -907,6 +910,8 @@ static inline void hvm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) #define assisted_xapic_available false #define assisted_x2apic_available false +#define has_assisted_xapic(d) ((void)(d), false) +#define has_assisted_x2apic(d) ((void)(d), false) #define hvm_paging_enabled(v) ((void)(v), false) #define hvm_wp_enabled(v) ((void)(v), false) #define hvm_pcid_enabled(v) ((void)(v), false) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index bb3dfcc90f..cabebf4f5b 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -1117,7 +1117,8 @@ void cpuid_hypervisor_leaves(const struct vcpu *v, uint32_t leaf, if ( !is_hvm_domain(d) || subleaf != 0 ) break; - if ( cpu_has_vmx_apic_reg_virt ) + if ( cpu_has_vmx_apic_reg_virt && + has_assisted_xapic(d) ) res->a |= XEN_HVM_CPUID_APIC_ACCESS_VIRT; /* @@ -1126,7 +1127,7 @@ void cpuid_hypervisor_leaves(const struct vcpu *v, uint32_t leaf, * and wrmsr in the guest will run without VMEXITs (see * vmx_vlapic_msr_changed()). */ - if ( cpu_has_vmx_virtualize_x2apic_mode && + if ( has_assisted_x2apic(d) && cpu_has_vmx_apic_reg_virt && cpu_has_vmx_virtual_intr_delivery ) res->a |= XEN_HVM_CPUID_X2APIC_VIRT; diff --git a/xen/include/public/arch-x86/xen.h b/xen/include/public/arch-x86/xen.h index 7acd94c8eb..58a1e87ee9 100644 --- a/xen/include/public/arch-x86/xen.h +++ b/xen/include/public/arch-x86/xen.h @@ -317,9 +317,14 @@ struct xen_arch_domainconfig { * doesn't allow the guest to read or write to the underlying MSR. */ #define XEN_X86_MSR_RELAXED (1u << 0) +#define XEN_X86_ASSISTED_XAPIC (1u << 1) +#define XEN_X86_ASSISTED_X2APIC (1u << 2) uint32_t misc_flags; }; +/* Max XEN_X86_* constant. Used for ABI checking. */ +#define XEN_X86_MISC_FLAGS_MAX XEN_X86_ASSISTED_X2APIC + /* Location of online VCPU bitmap. */ #define XEN_ACPI_CPU_MAP 0xaf00 #define XEN_ACPI_CPU_MAP_LEN ((HVM_MAX_VCPUS + 7) / 8) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 06:44:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 06:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365495.595673 (Exim 4.92) (envelope-from ) id 1oB9cr-00040N-S9; Tue, 12 Jul 2022 06:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365495.595673; Tue, 12 Jul 2022 06:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB9cr-000409-Oc; Tue, 12 Jul 2022 06:44:05 +0000 Received: by outflank-mailman (input) for mailman id 365495; Tue, 12 Jul 2022 06:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB9cq-000401-4C for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 06:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB9cq-0005L6-1U for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 06:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB9cq-00087S-0p for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 06:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hetZ3FvkwTiieGB0rOyuDj/FOcGzkmgUujQoIIGC4Qg=; b=UcjhZ0jcKvD1qZ//JWt3ne/27f QFhMfntad4oK0j5dS0hont2aAS9b/htyE+OX/70YxVXgEvD+nBljyois7BDE1AUYAMGQk8UJU/vcg akK51SwCkG+Gfw8yLBKQkqVKk3araZ9ogLbGEZckf9H3o12GUOtRQhkOl69r5p0eshIY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/fuzz/libelf: rework makefile Message-Id: Date: Tue, 12 Jul 2022 06:44:04 +0000 commit ee3810899181170d21ab2c4e1aeba8dcdcd6f2b6 Author: Anthony PERARD AuthorDate: Tue Jul 12 08:35:48 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 08:36:37 2022 +0200 tools/fuzz/libelf: rework makefile Rename ELF_LIB_OBJS to LIBELF_OBJS as to have the same name as in libs/guest/. Replace "-I" by "-iquote". Remove the use of "vpath". It will not works when we will convert this makefile to subdirmk. Instead, we create symlinks to the source files. Since we are creating a new .gitignore for the links, also move the existing entry to it. Signed-off-by: Anthony PERARD Reviewed-by: Luca Fancellu --- .gitignore | 1 - tools/fuzz/libelf/.gitignore | 2 ++ tools/fuzz/libelf/Makefile | 21 ++++++++++----------- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index 4729911c51..ed7bd8bdc7 100644 --- a/.gitignore +++ b/.gitignore @@ -195,7 +195,6 @@ tools/flask/utils/flask-loadpolicy tools/flask/utils/flask-setenforce tools/flask/utils/flask-set-bool tools/flask/utils/flask-label-pci -tools/fuzz/libelf/afl-libelf-fuzzer tools/fuzz/x86_instruction_emulator/asm tools/fuzz/x86_instruction_emulator/afl-harness tools/fuzz/x86_instruction_emulator/afl-harness-cov diff --git a/tools/fuzz/libelf/.gitignore b/tools/fuzz/libelf/.gitignore new file mode 100644 index 0000000000..ed634214c9 --- /dev/null +++ b/tools/fuzz/libelf/.gitignore @@ -0,0 +1,2 @@ +/afl-libelf-fuzzer +/libelf-*.c diff --git a/tools/fuzz/libelf/Makefile b/tools/fuzz/libelf/Makefile index 9eb30ee40c..9211f75951 100644 --- a/tools/fuzz/libelf/Makefile +++ b/tools/fuzz/libelf/Makefile @@ -1,25 +1,24 @@ XEN_ROOT = $(CURDIR)/../../.. include $(XEN_ROOT)/tools/Rules.mk -# libelf fuzz target -vpath %.c ../../../xen/common/libelf -CFLAGS += -I../../../xen/common/libelf -ELF_SRCS-y += libelf-tools.c libelf-loader.c libelf-dominfo.c -ELF_LIB_OBJS := $(patsubst %.c,%.o,$(ELF_SRCS-y)) +LIBELF_OBJS := libelf-tools.o libelf-loader.o libelf-dominfo.o -$(patsubst %.c,%.o,$(ELF_SRCS-y)): CFLAGS += -Wno-pointer-sign - -$(ELF_LIB_OBJS): CFLAGS += -DFUZZ_NO_LIBXC $(CFLAGS_xeninclude) +CFLAGS += -iquote ../../../xen/common/libelf +$(LIBELF_OBJS): CFLAGS += -Wno-pointer-sign +$(LIBELF_OBJS): CFLAGS += -DFUZZ_NO_LIBXC $(CFLAGS_xeninclude) libelf-fuzzer.o: CFLAGS += $(CFLAGS_xeninclude) -libelf.a: libelf-fuzzer.o $(ELF_LIB_OBJS) +$(LIBELF_OBJS:.o=.c): libelf-%.c: ../../../xen/common/libelf/libelf-%.c FORCE + ln -nsf $< $@ + +libelf.a: libelf-fuzzer.o $(LIBELF_OBJS) $(AR) rc $@ $^ .PHONY: libelf-fuzzer-all libelf-fuzzer-all: libelf.a libelf-fuzzer.o -afl-libelf-fuzzer: afl-libelf-fuzzer.o libelf-fuzzer.o $(ELF_LIB_OBJS) +afl-libelf-fuzzer: afl-libelf-fuzzer.o libelf-fuzzer.o $(LIBELF_OBJS) $(CC) $(CFLAGS) $^ -o $@ # Common targets @@ -31,7 +30,7 @@ distclean: clean .PHONY: clean clean: - rm -f *.o .*.d *.a *-libelf-fuzzer + rm -f *.o .*.d *.a *-libelf-fuzzer $(LIBELF_OBJS:.o=.c) .PHONY: install install: all -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 06:44:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 06:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365496.595677 (Exim 4.92) (envelope-from ) id 1oB9d1-00042u-V3; Tue, 12 Jul 2022 06:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365496.595677; Tue, 12 Jul 2022 06:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB9d1-00042l-Rz; Tue, 12 Jul 2022 06:44:15 +0000 Received: by outflank-mailman (input) for mailman id 365496; Tue, 12 Jul 2022 06:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB9d0-00042M-5m for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 06:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB9d0-0005LA-4P for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 06:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB9d0-00087r-3h for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 06:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YtsMXKIIeMeAQ45JMPEc+yCfk4D5EAtSD3kLq1BPdt8=; b=fXutv2c/F1oGxGbzU67MHPz/dB 4HRs6SPwvVLMXPZAtmagU0/5QUNAQVcKGXYmt4VhSN09vNlb+8QOP72liq0YHs20eAtUTXdU9Ztu7 u2vnsa04Spi153o8Jqa56TZ1x+SnUfg5j4npUOKMbZm84wK40v6FM++CqcOp48Ej1vFI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/helpers: fix build of xen-init-dom0 with -Werror Message-Id: Date: Tue, 12 Jul 2022 06:44:14 +0000 commit d693b22733044d68e9974766b5c9e6259c9b1708 Author: Anthony PERARD AuthorDate: Tue Jul 12 08:38:35 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 08:38:35 2022 +0200 tools/helpers: fix build of xen-init-dom0 with -Werror Missing prototype of asprintf() without _GNU_SOURCE. Signed-off-by: Anthony PERARD Reviewed-by: Henry Wang --- tools/helpers/xen-init-dom0.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/helpers/xen-init-dom0.c b/tools/helpers/xen-init-dom0.c index 37eff8868f..764f837887 100644 --- a/tools/helpers/xen-init-dom0.c +++ b/tools/helpers/xen-init-dom0.c @@ -1,3 +1,5 @@ +#define _GNU_SOURCE + #include #include #include -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 06:44:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 06:44:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365497.595681 (Exim 4.92) (envelope-from ) id 1oB9dB-00045g-Vy; Tue, 12 Jul 2022 06:44:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365497.595681; Tue, 12 Jul 2022 06:44:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB9dB-00045Y-TO; Tue, 12 Jul 2022 06:44:25 +0000 Received: by outflank-mailman (input) for mailman id 365497; Tue, 12 Jul 2022 06:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB9dA-00045H-8G for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 06:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB9dA-0005LR-7K for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 06:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB9dA-00088K-6m for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 06:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=itYInTedxxk0zCxevg6w2Mta5aBxdc/ptBT+kgmzSb0=; b=zqMGJmDYWzg9G7MWOYpagZT27h zHreX/4PneqbwVBR4KMEnuUqtJZ/dZlFXaG+dqHEg7zAejtr0X5w/VHRshR+juqS9xoyHtFngWGmG ZKymetB4kaMgazd7NkJ07lbEK9D8gC49kieC8iB7Jqgew0Ty+h04QIWALB2nht4M+4PM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxl: check return value of libxl__xs_directory in name2bdf Message-Id: Date: Tue, 12 Jul 2022 06:44:24 +0000 commit d778089ac70e5b8e3bdea0c85fc8c0b9ed0eaf2f Author: Anthony PERARD AuthorDate: Tue Jul 12 08:38:51 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 08:38:51 2022 +0200 libxl: check return value of libxl__xs_directory in name2bdf libxl__xs_directory() can potentially return NULL without setting `n`. As `n` isn't initialised, we need to check libxl__xs_directory() return value before checking `n`. Otherwise, `n` might be non-zero with `bdfs` NULL which would lead to a segv. Fixes: 57bff091f4 ("libxl: add 'name' field to 'libxl_device_pci' in the IDL...") Reported-by: "G.R." Signed-off-by: Anthony PERARD Reviewed-by: Juergen Gross Tested-by: "G.R." --- tools/libs/light/libxl_pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_pci.c b/tools/libs/light/libxl_pci.c index 96f88795b6..f4c4f17545 100644 --- a/tools/libs/light/libxl_pci.c +++ b/tools/libs/light/libxl_pci.c @@ -859,7 +859,7 @@ static int name2bdf(libxl__gc *gc, libxl_device_pci *pci) int rc = ERROR_NOTFOUND; bdfs = libxl__xs_directory(gc, XBT_NULL, PCI_INFO_PATH, &n); - if (!n) + if (!bdfs || !n) goto out; for (i = 0; i < n; i++) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 06:44:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 06:44:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365498.595685 (Exim 4.92) (envelope-from ) id 1oB9dM-00048C-1V; Tue, 12 Jul 2022 06:44:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365498.595685; Tue, 12 Jul 2022 06:44:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB9dL-000484-Uv; Tue, 12 Jul 2022 06:44:35 +0000 Received: by outflank-mailman (input) for mailman id 365498; Tue, 12 Jul 2022 06:44:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB9dK-00047l-BG for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 06:44:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oB9dK-0005Lv-AH for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 06:44:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oB9dK-00088j-9c for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 06:44:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=24oy0rjYIHH8wyDhtL4xMojT2ytvwtn0mDL2Aoy/Ls8=; b=wn/Cwz1kGhy/oofgtzbkWncedd 6PT2RPvZxV0QqSYKtCfRhYa3dOrMtdGF+A+HEgxHDkXqKrM2Oy1aV/iORXjT9BWnd58QSnrwmhRC/ nXIZC1XFCaW/DU/5FJSSr3rpAxHECUXVqPX9lveXi0tun3eHDPfzJlUC81B52LB2XpIw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] EFI: preserve the System Resource Table for dom0 Message-Id: Date: Tue, 12 Jul 2022 06:44:34 +0000 commit dc7da0874ba4e8fab4c5783055755938ef19fc37 Author: Demi Marie Obenour AuthorDate: Tue Jul 12 08:39:19 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 08:39:19 2022 +0200 EFI: preserve the System Resource Table for dom0 The EFI System Resource Table (ESRT) is necessary for fwupd to identify firmware updates to install. According to the UEFI specification §23.4, the ESRT shall be stored in memory of type EfiBootServicesData. However, memory of type EfiBootServicesData is considered general-purpose memory by Xen, so the ESRT needs to be moved somewhere where Xen will not overwrite it. Copy the ESRT to memory of type EfiRuntimeServicesData, which Xen will not reuse. dom0 can use the ESRT if (and only if) it is in memory of type EfiRuntimeServicesData. Earlier versions of this patch reserved the memory in which the ESRT was located. This created awkward alignment problems, and required either splitting the E820 table or wasting memory. It also would have required a new platform op for dom0 to use to indicate if the ESRT is reserved. By copying the ESRT into EfiRuntimeServicesData memory, the E820 table does not need to be modified, and dom0 can just check the type of the memory region containing the ESRT. The copy is only done if the ESRT is not already in EfiRuntimeServicesData memory, avoiding memory leaks on repeated kexec. See https://lore.kernel.org/xen-devel/20200818184018.GN1679@mail-itl/T/ for details. Signed-off-by: Demi Marie Obenour Tested-by: Luca Fancellu Reviewed-by: Jan Beulich --- xen/common/efi/boot.c | 135 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index a25e1d29f1..a5b2d6ddb8 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -39,6 +39,26 @@ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } #define APPLE_PROPERTIES_PROTOCOL_GUID \ { 0x91bd12fe, 0xf6c3, 0x44fb, { 0xa5, 0xb7, 0x51, 0x22, 0xab, 0x30, 0x3a, 0xe0} } +#define EFI_SYSTEM_RESOURCE_TABLE_GUID \ + { 0xb122a263, 0x3661, 0x4f68, {0x99, 0x29, 0x78, 0xf8, 0xb0, 0xd6, 0x21, 0x80} } +#define EFI_SYSTEM_RESOURCE_TABLE_FIRMWARE_RESOURCE_VERSION 1 + +typedef struct { + EFI_GUID FwClass; + UINT32 FwType; + UINT32 FwVersion; + UINT32 LowestSupportedFwVersion; + UINT32 CapsuleFlags; + UINT32 LastAttemptVersion; + UINT32 LastAttemptStatus; +} EFI_SYSTEM_RESOURCE_ENTRY; + +typedef struct { + UINT32 FwResourceCount; + UINT32 FwResourceCountMax; + UINT64 FwResourceVersion; + EFI_SYSTEM_RESOURCE_ENTRY Entries[]; +} EFI_SYSTEM_RESOURCE_TABLE; typedef EFI_STATUS (/* _not_ EFIAPI */ *EFI_SHIM_LOCK_VERIFY) ( @@ -567,6 +587,41 @@ static int __init efi_check_dt_boot(const EFI_LOADED_IMAGE *loaded_image) } #endif +static UINTN __initdata esrt = EFI_INVALID_TABLE_ADDR; + +static size_t __init get_esrt_size(const EFI_MEMORY_DESCRIPTOR *desc) +{ + size_t available_len, len; + const UINTN physical_start = desc->PhysicalStart; + const EFI_SYSTEM_RESOURCE_TABLE *esrt_ptr; + + len = desc->NumberOfPages << EFI_PAGE_SHIFT; + if ( esrt == EFI_INVALID_TABLE_ADDR ) + return 0; + if ( physical_start > esrt || esrt - physical_start >= len ) + return 0; + /* + * The specification requires EfiBootServicesData, but accept + * EfiRuntimeServicesData, which is a more logical choice. + */ + if ( (desc->Type != EfiRuntimeServicesData) && + (desc->Type != EfiBootServicesData) ) + return 0; + available_len = len - (esrt - physical_start); + if ( available_len <= offsetof(EFI_SYSTEM_RESOURCE_TABLE, Entries) ) + return 0; + available_len -= offsetof(EFI_SYSTEM_RESOURCE_TABLE, Entries); + esrt_ptr = (const EFI_SYSTEM_RESOURCE_TABLE *)esrt; + if ( (esrt_ptr->FwResourceVersion != + EFI_SYSTEM_RESOURCE_TABLE_FIRMWARE_RESOURCE_VERSION) || + !esrt_ptr->FwResourceCount ) + return 0; + if ( esrt_ptr->FwResourceCount > available_len / sizeof(esrt_ptr->Entries[0]) ) + return 0; + + return esrt_ptr->FwResourceCount * sizeof(esrt_ptr->Entries[0]); +} + /* * Include architecture specific implementation here, which references the * static globals defined above. @@ -845,6 +900,8 @@ static UINTN __init efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, return gop_mode; } +static EFI_GUID __initdata esrt_guid = EFI_SYSTEM_RESOURCE_TABLE_GUID; + static void __init efi_tables(void) { unsigned int i; @@ -868,6 +925,8 @@ static void __init efi_tables(void) efi.smbios = (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&smbios3_guid, &efi_ct[i].VendorGuid) ) efi.smbios3 = (unsigned long)efi_ct[i].VendorTable; + if ( match_guid(&esrt_guid, &efi_ct[i].VendorGuid) ) + esrt = (UINTN)efi_ct[i].VendorTable; } #ifndef CONFIG_ARM /* TODO - disabled until implemented on ARM */ @@ -1051,6 +1110,71 @@ static void __init efi_set_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, UINTN gop #define INVALID_VIRTUAL_ADDRESS (0xBAAADUL << \ (EFI_PAGE_SHIFT + BITS_PER_LONG - 32)) +static void __init efi_relocate_esrt(EFI_SYSTEM_TABLE *SystemTable) +{ + EFI_STATUS status; + UINTN info_size = 0, map_key, mdesc_size; + void *memory_map = NULL; + UINT32 ver; + unsigned int i; + + for ( ; ; ) + { + status = efi_bs->GetMemoryMap(&info_size, memory_map, &map_key, + &mdesc_size, &ver); + if ( status == EFI_SUCCESS && memory_map != NULL ) + break; + if ( status == EFI_BUFFER_TOO_SMALL || memory_map == NULL ) + { + info_size += 8 * mdesc_size; + if ( memory_map != NULL ) + efi_bs->FreePool(memory_map); + memory_map = NULL; + status = efi_bs->AllocatePool(EfiLoaderData, info_size, &memory_map); + if ( status == EFI_SUCCESS ) + continue; + PrintErr(L"Cannot allocate memory to relocate ESRT\r\n"); + } + else + PrintErr(L"Cannot obtain memory map to relocate ESRT\r\n"); + return; + } + + /* Try to obtain the ESRT. Errors are not fatal. */ + for ( i = 0; i < info_size; i += mdesc_size ) + { + /* + * ESRT needs to be moved to memory of type EfiRuntimeServicesData + * so that the memory it is in will not be used for other purposes. + */ + void *new_esrt = NULL; + size_t esrt_size = get_esrt_size(memory_map + i); + + if ( !esrt_size ) + continue; + if ( ((EFI_MEMORY_DESCRIPTOR *)(memory_map + i))->Type == + EfiRuntimeServicesData ) + break; /* ESRT already safe from reuse */ + status = efi_bs->AllocatePool(EfiRuntimeServicesData, esrt_size, + &new_esrt); + if ( status == EFI_SUCCESS && new_esrt ) + { + memcpy(new_esrt, (void *)esrt, esrt_size); + status = efi_bs->InstallConfigurationTable(&esrt_guid, new_esrt); + if ( status != EFI_SUCCESS ) + { + PrintErr(L"Cannot install new ESRT\r\n"); + efi_bs->FreePool(new_esrt); + } + } + else + PrintErr(L"Cannot allocate memory for ESRT\r\n"); + break; + } + + efi_bs->FreePool(memory_map); +} + static void __init efi_exit_boot(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) { EFI_STATUS status; @@ -1413,6 +1537,8 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) if ( gop ) efi_set_gop_mode(gop, gop_mode); + efi_relocate_esrt(SystemTable); + efi_exit_boot(ImageHandle, SystemTable); efi_arch_post_exit_boot(); /* Doesn't return. */ @@ -1753,3 +1879,12 @@ void __init efi_init_memory(void) unmap_domain_page(efi_l4t); } #endif + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 08:55:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 08:55:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365567.595758 (Exim 4.92) (envelope-from ) id 1oBBfb-00050d-Kj; Tue, 12 Jul 2022 08:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365567.595758; Tue, 12 Jul 2022 08:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBBfb-00050W-Hq; Tue, 12 Jul 2022 08:55:03 +0000 Received: by outflank-mailman (input) for mailman id 365567; Tue, 12 Jul 2022 08:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBBfa-00050I-8q for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 08:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBBfa-00008o-7i for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 08:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBBfa-0007Qp-6m for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 08:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xNKrGIHEsH5Z386hN0fBA5uColzxKYnh+BcZOpngoKc=; b=reHo8QxAyGzjaI/KOJfZLEyE8u ROO4ZNyjxaE9yCENtHmg6NKCFUVlRLV14bze/rd7T7xj3mfdexTEPLcZXkNn4NCVuk4WHDRUxuuLS jbNNOv8aeEjADqIzE7ga0oPYjVUnwQQJ8Qohp0vWZeZrqYOkarwTQjrDhlUIoG6CNYOE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option Message-Id: Date: Tue, 12 Jul 2022 08:55:02 +0000 commit 4cdb519d797c19ebb8fadc5938cdb47479d5a21b Author: Andrew Cooper AuthorDate: Fri Jul 8 16:11:40 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 11 15:21:35 2022 +0100 x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option This was an oversight from when unpriv-mmio was introduced. Fixes: 8c24b70fedcb ("x86/spec-ctrl: Add spec-ctrl=unpriv-mmio") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/spec_ctrl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 7a4550db83..ba64a09048 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -122,6 +122,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_l1d_flush = 0; opt_branch_harden = false; opt_srb_lock = 0; + opt_unpriv_mmio = false; } else if ( val > 0 ) rc = -EINVAL; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 08:55:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 08:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365568.595762 (Exim 4.92) (envelope-from ) id 1oBBfl-000532-MK; Tue, 12 Jul 2022 08:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365568.595762; Tue, 12 Jul 2022 08:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBBfl-00052v-Jm; Tue, 12 Jul 2022 08:55:13 +0000 Received: by outflank-mailman (input) for mailman id 365568; Tue, 12 Jul 2022 08:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBBfk-00052h-Bl for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 08:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBBfk-000090-Aw for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 08:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBBfk-0007RJ-9y for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 08:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lL36CQdJCVPWRigTLZORQJMm56W2jIipLqubESh4vuA=; b=3DmyI8J75HpxxpQ70wvnuCTmaW 5ujntPua74ILI0oM0uMGAyndEWF0YcINSQ01Z1QZW8/q5+66cNqo7ICog8BAgeIphbB0iFpv35bgJ jNVB9wcsYpn4UuOU4m+RgA8cYtaZUsyOkJDPTTtUImPE98whzsJC5j1owGQML4TMuB0s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/cmdline: Extend parse_boolean() to signal a name match Message-Id: Date: Tue, 12 Jul 2022 08:55:12 +0000 commit 382326cac528dd1eb0d04efd5c05363c453e29f4 Author: Andrew Cooper AuthorDate: Tue Jul 5 19:19:01 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 11 15:21:35 2022 +0100 xen/cmdline: Extend parse_boolean() to signal a name match This will help parsing a sub-option which has boolean and non-boolean options available. First, rework 'int val' into 'bool has_neg_prefix'. This inverts it's value, but the resulting logic is far easier to follow. Second, reject anything of the form 'no-$FOO=' which excludes ambiguous constructs such as 'no-$foo=yes' which have never been valid. This just leaves the case where everything is otherwise fine, but parse_bool() can't interpret the provided string. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/common/kernel.c | 20 ++++++++++++++++---- xen/include/xen/lib.h | 3 ++- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index 08bdae082a..f8134d3e7a 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -272,9 +272,9 @@ int parse_bool(const char *s, const char *e) int parse_boolean(const char *name, const char *s, const char *e) { size_t slen, nlen; - int val = !!strncmp(s, "no-", 3); + bool has_neg_prefix = !strncmp(s, "no-", 3); - if ( !val ) + if ( has_neg_prefix ) s += 3; slen = e ? ({ ASSERT(e >= s); e - s; }) : strlen(s); @@ -286,11 +286,23 @@ int parse_boolean(const char *name, const char *s, const char *e) /* Exact, unadorned name? Result depends on the 'no-' prefix. */ if ( slen == nlen ) - return val; + return !has_neg_prefix; + + /* Inexact match with a 'no-' prefix? Not valid. */ + if ( has_neg_prefix ) + return -1; /* =$SOMETHING? Defer to the regular boolean parsing. */ if ( s[nlen] == '=' ) - return parse_bool(&s[nlen + 1], e); + { + int b = parse_bool(&s[nlen + 1], e); + + if ( b >= 0 ) + return b; + + /* Not a boolean, but the name matched. Signal specially. */ + return -2; + } /* Unrecognised. Give up. */ return -1; diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index aab1fc7c4a..05ee1e18af 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -89,7 +89,8 @@ int parse_bool(const char *s, const char *e); /** * Given a specific name, parses a string of the form: * [no-]$NAME[=...] - * returning 0 or 1 for a recognised boolean, or -1 for an error. + * returning 0 or 1 for a recognised boolean. Returns -1 for general errors, + * and -2 for "not a boolean, but $NAME= matches". */ int parse_boolean(const char *name, const char *s, const char *e); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 08:55:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 08:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365569.595767 (Exim 4.92) (envelope-from ) id 1oBBfv-00056D-O3; Tue, 12 Jul 2022 08:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365569.595767; Tue, 12 Jul 2022 08:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBBfv-000565-LS; Tue, 12 Jul 2022 08:55:23 +0000 Received: by outflank-mailman (input) for mailman id 365569; Tue, 12 Jul 2022 08:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBBfu-00055k-FD for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 08:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBBfu-00009F-EJ for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 08:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBBfu-0007Rl-DQ for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 08:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lSPWfx4sNBtw6JluqiqZng+o/cyg8+oPDkHvyhT1Jg4=; b=IKy7f2/YxUR3pj6vEwJaaDvBOx q1lV36QhgBXe+3Ju3f2efWHPW8LPybiP/yFhANUhdU7QzGX07p/SMWvDm7Sa2896ATwSbd1kG8Xgy Ve9X+JETEfqEUAefjLhoHsedm8hHk8LPv1FCpxechlCJFZ7MM+IDUtnlvsITJVh+fR24=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Message-Id: Date: Tue, 12 Jul 2022 08:55:22 +0000 commit 27357c394ba6e1571a89105b840ce1c6f026485c Author: Andrew Cooper AuthorDate: Fri Jul 8 16:44:43 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 11 15:21:35 2022 +0100 x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Support controling the PV/HVM suboption of msr-sc/rsb/md-clear, which previously wasn't possible. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- docs/misc/xen-command-line.pandoc | 12 +++++-- xen/arch/x86/spec_ctrl.c | 66 +++++++++++++++++++++++++++++++++------ 2 files changed, 66 insertions(+), 12 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index da18172e50..de33ccc005 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2257,7 +2257,8 @@ not be able to control the state of the mitigation. By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) -> `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, +> `= List of [ , xen=, {pv,hvm}=, +> {msr-sc,rsb,md-clear}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2282,12 +2283,17 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The booleans `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` offer fine +The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and Xen's ability to virtualise support for guests to use. +protect itself, and/or Xen's ability to virtualise support for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. +* Each other option can be used either as a plain boolean + (e.g. `spec-ctrl=rsb` to control both the PV and HVM sub-options), or with + `pv=` or `hvm=` subsuboptions (e.g. `spec-ctrl=rsb=no-hvm` to disable HVM + RSB only). + * `msr-sc=` offers control over Xen's support for manipulating `MSR_SPEC_CTRL` on entry and exit. These blocks are necessary to virtualise support for guests and if disabled, guests will be unable to use IBRS/STIBP/SSBD/etc. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ba64a09048..328862bdf5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -147,20 +147,68 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_md_clear_hvm = val; } - else if ( (val = parse_boolean("msr-sc", s, ss)) >= 0 ) + else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { - opt_msr_sc_pv = val; - opt_msr_sc_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_msr_sc_pv = opt_msr_sc_hvm = val; + break; + + case -2: + s += strlen("msr-sc="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_msr_sc_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_msr_sc_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("rsb", s, ss)) >= 0 ) + else if ( (val = parse_boolean("rsb", s, ss)) != -1 ) { - opt_rsb_pv = val; - opt_rsb_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_rsb_pv = opt_rsb_hvm = val; + break; + + case -2: + s += strlen("rsb="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_rsb_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_rsb_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("md-clear", s, ss)) >= 0 ) + else if ( (val = parse_boolean("md-clear", s, ss)) != -1 ) { - opt_md_clear_pv = val; - opt_md_clear_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_md_clear_pv = opt_md_clear_hvm = val; + break; + + case -2: + s += strlen("md-clear="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_md_clear_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_md_clear_hvm = val; + else + default: + rc = -EINVAL; + break; + } } /* Xen's speculative sidechannel mitigation settings. */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:22:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:22:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365587.595793 (Exim 4.92) (envelope-from ) id 1oBC5m-0000y3-8z; Tue, 12 Jul 2022 09:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365587.595793; Tue, 12 Jul 2022 09:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC5m-0000xv-67; Tue, 12 Jul 2022 09:22:06 +0000 Received: by outflank-mailman (input) for mailman id 365587; Tue, 12 Jul 2022 09:22:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC5k-0000xp-VW for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC5k-0000mj-UT for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBC5k-0000nU-Th for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Exfr4gcN8WsUuGvEGgnS5TT1NTYiHwfIaBwJBBvQEMs=; b=ptRNlpdcyJJWBm029iQhD+vBsH 4GAU/lWD0dgzx0Wh5bRaC+zv/FtaDHR70np3l6ZkO5lJxOOvxj5EALLDi5iKR+1HYSq41JQeUjv5x W6Pyrb5Ya0pqnIWI30ErmQP2ic1nQ0lLaMdGz3bVj7clwWYwrHMvAAGT2qgUy0VsiOGU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] IOMMU/x86: work around bogus gcc12 warning in hvm_gsi_eoi() Message-Id: Date: Tue, 12 Jul 2022 09:22:04 +0000 commit 460b08d6c6c16b3f32aa138e772b759ae02a4479 Author: Jan Beulich AuthorDate: Tue Jul 12 11:10:34 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:10:34 2022 +0200 IOMMU/x86: work around bogus gcc12 warning in hvm_gsi_eoi() As per [1] the expansion of the pirq_dpci() macro causes a -Waddress controlled warning (enabled implicitly in our builds, if not by default) tying the middle part of the involved conditional expression to the surrounding boolean context. Work around this by introducing a local inline function in the affected source file. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102967 master commit: 80ad8db8a4d9bb24952f0aea788ce6f47566fa76 master date: 2022-06-15 10:19:32 +0200 --- xen/drivers/passthrough/x86/hvm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c index 0b37cd145b..ba0f6c53d7 100644 --- a/xen/drivers/passthrough/x86/hvm.c +++ b/xen/drivers/passthrough/x86/hvm.c @@ -25,6 +25,18 @@ #include #include +/* + * Gcc12 takes issue with pirq_dpci() being used in boolean context (see gcc + * bug 102967). While we can't replace the macro definition in the header by an + * inline function, we can do so here. + */ +static inline struct hvm_pirq_dpci *_pirq_dpci(struct pirq *pirq) +{ + return pirq_dpci(pirq); +} +#undef pirq_dpci +#define pirq_dpci(pirq) _pirq_dpci(pirq) + static DEFINE_PER_CPU(struct list_head, dpci_list); /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:22:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:22:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365588.595796 (Exim 4.92) (envelope-from ) id 1oBC5w-000100-AG; Tue, 12 Jul 2022 09:22:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365588.595796; Tue, 12 Jul 2022 09:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC5w-0000zv-7b; Tue, 12 Jul 2022 09:22:16 +0000 Received: by outflank-mailman (input) for mailman id 365588; Tue, 12 Jul 2022 09:22:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC5v-0000zj-3Z for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC5v-0000mw-2i for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBC5v-0000nv-0R for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hifzJfVkEpRhumXIUADkv/gGZRxqy04YUQBzlrQAi7I=; b=3ksiQfBh97S3p5bd+/LryRLfJx wop1qx2V2ItOPn1dq4N6B41z77x9hadxO0AuydeBmS6EpKsBtH0yWTQ9MxGtH1zZ40FgJvbELbNfB bVMWbQXv5nLDwWnFfJdyevLG3//F175u7aDRqiF2evUbmqHBLH/PeL+fkCPOkcvbS8xk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] ehci-dbgp: fix selecting n-th ehci controller Message-Id: Date: Tue, 12 Jul 2022 09:22:15 +0000 commit 5cb8142076ce1ce53eafd7e00acb4d0eac4e7784 Author: Marek Marczykowski-Górecki AuthorDate: Tue Jul 12 11:11:35 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:11:35 2022 +0200 ehci-dbgp: fix selecting n-th ehci controller The ehci number was parsed but ignored. Fixes: 322ecbe4ac85 ("console: add EHCI debug port based serial console") Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich master commit: d6d0cb659fda64430d4649f8680c5cead32da8fd master date: 2022-06-16 14:23:37 +0100 --- xen/drivers/char/ehci-dbgp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/char/ehci-dbgp.c b/xen/drivers/char/ehci-dbgp.c index c893d246de..66b4811af2 100644 --- a/xen/drivers/char/ehci-dbgp.c +++ b/xen/drivers/char/ehci-dbgp.c @@ -1478,7 +1478,7 @@ void __init ehci_dbgp_init(void) unsigned int num = 0; if ( opt_dbgp[4] ) - simple_strtoul(opt_dbgp + 4, &e, 10); + num = simple_strtoul(opt_dbgp + 4, &e, 10); dbgp->cap = find_dbgp(dbgp, num); if ( !dbgp->cap ) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:22:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:22:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365589.595801 (Exim 4.92) (envelope-from ) id 1oBC66-000130-Bl; Tue, 12 Jul 2022 09:22:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365589.595801; Tue, 12 Jul 2022 09:22:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC66-00012s-99; Tue, 12 Jul 2022 09:22:26 +0000 Received: by outflank-mailman (input) for mailman id 365589; Tue, 12 Jul 2022 09:22:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC65-00012i-6V for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC65-0000n7-5i for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBC65-0000oK-4w for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=c2eurCOTYwqqD7JX4mSJ4QcuiaB2lwcXXncTIqe1o98=; b=fZICoQ2LUFP7oPgoGGDUCEyyRd BEGkHYOqmjuaOo4YCTc2FpYlmy7Dl3mGm/jnY2fiNmXb9g7TiNW48lE4C3FyGbTRrxM527nvEv3ih lKJePdieZBgMge8x+Q615l6Z4NAOfPN886zHmNk1SZz2fk2YvCMStOkYfNYeFhrUGLJY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] tools/xenstored: Harden corrupt() Message-Id: Date: Tue, 12 Jul 2022 09:22:25 +0000 commit 81ee3d08351be1ef2a14d371993604098d6a4673 Author: Julien Grall AuthorDate: Tue Jul 12 11:12:13 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:12:13 2022 +0200 tools/xenstored: Harden corrupt() At the moment, corrupt() is neither checking for allocation failure nor freeing the allocated memory. Harden the code by printing ENOMEM if the allocation failed and free 'str' after the last use. This is not considered to be a security issue because corrupt() should only be called when Xenstored thinks the database is corrupted. Note that the trigger (i.e. a guest reliably provoking the call) would be a security issue. Fixes: 06d17943f0cd ("Added a basic integrity checker, and some basic ability to recover from store") Signed-off-by: Julien Grall Reviewed-by: Juergen Gross master commit: db3382dd4f468c763512d6bf91c96773395058fb master date: 2022-06-23 13:44:10 +0100 --- tools/xenstore/xenstored_core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c index 91d093a12e..0c8ee276f8 100644 --- a/tools/xenstore/xenstored_core.c +++ b/tools/xenstore/xenstored_core.c @@ -2087,7 +2087,10 @@ void corrupt(struct connection *conn, const char *fmt, ...) va_end(arglist); log("corruption detected by connection %i: err %s: %s", - conn ? (int)conn->id : -1, strerror(saved_errno), str); + conn ? (int)conn->id : -1, strerror(saved_errno), + str ?: "ENOMEM"); + + talloc_free(str); check_store(); } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:22:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:22:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365590.595805 (Exim 4.92) (envelope-from ) id 1oBC6G-00015S-DO; Tue, 12 Jul 2022 09:22:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365590.595805; Tue, 12 Jul 2022 09:22:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6G-00015K-Ar; Tue, 12 Jul 2022 09:22:36 +0000 Received: by outflank-mailman (input) for mailman id 365590; Tue, 12 Jul 2022 09:22:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6F-00015C-9W for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6F-0000na-8b for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBC6F-0000on-7r for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3NqCY8AGYNknlB0DX3QkzreNMR0zC67Cxuq5i2NmpqE=; b=HIKH3jvyZC1NPS+CtGpgR8Kefl K4slz1O6wycFGha/i4KNHZs7nIDYAipMUl0jHqevT0G2etApwDjqxxBj8NJLm1JCBbZX3ijlw56wg XjFmzu9gT8tIHm+/saJViBEg777aAveoE6X3IgrO97phdOYmC/0v3EWvfLkDCVsrOOEo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Message-Id: Date: Tue, 12 Jul 2022 09:22:35 +0000 commit 09d533f4c80b7eaf9fb4e36ebba8259580857a9d Author: Andrew Cooper AuthorDate: Tue Jul 12 11:12:46 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:12:46 2022 +0200 x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Back at the time of the original Spectre-v2 fixes, it was recommended to clear MSR_SPEC_CTRL when going idle. This is because of the side effects on the sibling thread caused by the microcode IBRS and STIBP implementations which were retrofitted to existing CPUs. However, there are no relevant cross-thread impacts for the hardware IBRS/STIBP implementations, so this logic should not be used on Intel CPUs supporting eIBRS, or any AMD CPUs; doing so only adds unnecessary latency to the idle path. Furthermore, there's no point playing with MSR_SPEC_CTRL in the idle paths if SMT is disabled for other reasons. Fixes: 8d03080d2a33 ("x86/spec-ctrl: Cease using thunk=lfence on AMD") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné master commit: ffc7694e0c99eea158c32aa164b7d1e1bb1dc46b master date: 2022-06-30 18:07:13 +0100 --- xen/arch/x86/spec_ctrl.c | 10 ++++++++-- xen/include/asm-x86/cpufeatures.h | 2 +- xen/include/asm-x86/spec_ctrl.h | 5 +++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 099113ba41..1ed5ceda8b 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1150,8 +1150,14 @@ void __init init_speculation_mitigations(void) /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ init_shadow_spec_ctrl_state(); - /* If Xen is using any MSR_SPEC_CTRL settings, adjust the idle path. */ - if ( default_xen_spec_ctrl ) + /* + * For microcoded IBRS only (i.e. Intel, pre eIBRS), it is recommended to + * clear MSR_SPEC_CTRL before going idle, to avoid impacting sibling + * threads. Activate this if SMT is enabled, and Xen is using a non-zero + * MSR_SPEC_CTRL setting. + */ + if ( boot_cpu_has(X86_FEATURE_IBRSB) && !(caps & ARCH_CAPS_IBRS_ALL) && + hw_smt_enabled && default_xen_spec_ctrl ) setup_force_cpu_cap(X86_FEATURE_SC_MSR_IDLE); xpti_init_default(caps); diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index bd45a144ee..493d338a08 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -33,7 +33,7 @@ XEN_CPUFEATURE(SC_MSR_HVM, X86_SYNTH(17)) /* MSR_SPEC_CTRL used by Xen fo XEN_CPUFEATURE(SC_RSB_PV, X86_SYNTH(18)) /* RSB overwrite needed for PV */ XEN_CPUFEATURE(SC_RSB_HVM, X86_SYNTH(19)) /* RSB overwrite needed for HVM */ XEN_CPUFEATURE(XEN_SELFSNOOP, X86_SYNTH(20)) /* SELFSNOOP gets used by Xen itself */ -XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* (SC_MSR_PV || SC_MSR_HVM) && default_xen_spec_ctrl */ +XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on idle */ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ /* Bits 23,24 unused. */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 751355f471..7e83e0179f 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -78,7 +78,8 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) uint32_t val = 0; /* - * Branch Target Injection: + * It is recommended in some cases to clear MSR_SPEC_CTRL when going idle, + * to avoid impacting sibling threads. * * Latch the new shadow value, then enable shadowing, then update the MSR. * There are no SMP issues here; only local processor ordering concerns. @@ -114,7 +115,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) uint32_t val = info->xen_spec_ctrl; /* - * Branch Target Injection: + * Restore MSR_SPEC_CTRL on exit from idle. * * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:22:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:22:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365591.595809 (Exim 4.92) (envelope-from ) id 1oBC6Q-00018o-FJ; Tue, 12 Jul 2022 09:22:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365591.595809; Tue, 12 Jul 2022 09:22:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6Q-00018h-CS; Tue, 12 Jul 2022 09:22:46 +0000 Received: by outflank-mailman (input) for mailman id 365591; Tue, 12 Jul 2022 09:22:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6P-00018O-CT for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6P-0000nk-BX for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBC6P-0000pC-Aw for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uySR5MZs0bxqN4yYwVbLuJdIBpy0D2unmqv8kELO/r8=; b=INux/g4kUW5MWdA7mjisU1r48u pc32DZn/dcKE2E/5qYSR5VdY5GSt+ZaPo16xiOtA3sizBsYbms92W3l8nKenwPfYVnFx4e+NkhDDE DYE4uHrMbZAP+P1qLuSm5UCMsYR2YspsUCb4ZlecL8Z/0ctwKitsCwxlkfmYFTgUgjGc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint Message-Id: Date: Tue, 12 Jul 2022 09:22:45 +0000 commit db6ca8176ccc4ff7dfe3c06969af9ebfab0d7b04 Author: Andrew Cooper AuthorDate: Tue Jul 12 11:13:33 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:13:33 2022 +0200 x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint STIBP and PSFD are slightly weird bits, because they're both implied by other bits in MSR_SPEC_CTRL. Add fine grain controls for them, and take the implications into account when setting IBRS/SSBD. Rearrange the IBPB text/variables/logic to keep all the MSR_SPEC_CTRL bits together, for consistency. However, AMD have a hardware hint CPUID bit recommending that STIBP be set unilaterally. This is advertised on Zen3, so follow the recommendation. Furthermore, in such cases, set STIBP behind the guest's back for now. This has negligible overhead for the guest, but saves a WRMSR on vmentry. This is the only default change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Roger Pau Monné master commit: fef244b179c06fcdfa581f7d57fa6e578c49ff50 master date: 2022-06-30 18:07:13 +0100 --- docs/misc/xen-command-line.pandoc | 21 ++++++++++--- xen/arch/x86/hvm/svm/vmcb.c | 9 ++++++ xen/arch/x86/spec_ctrl.c | 65 +++++++++++++++++++++++++++++++++------ 3 files changed, 81 insertions(+), 14 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index a642e43476..46e9c58d35 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2234,8 +2234,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, -> l1d-flush,branch-harden,srb-lock,unpriv-mmio}= ]` +> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> eager-fpu,l1d-flush,branch-harden,srb-lock, +> unpriv-mmio}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2285,9 +2286,10 @@ On hardware supporting IBRS (Indirect Branch Restricted Speculation), the If Xen is not using IBRS itself, functionality is still set up so IBRS can be virtualised for guests. -On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` -option can be used to force (the default) or prevent Xen from issuing branch -prediction barriers on vcpu context switches. +On hardware supporting STIBP (Single Thread Indirect Branch Predictors), the +`stibp=` option can be used to force or prevent Xen using the feature itself. +By default, Xen will use STIBP when IBRS is in use (IBRS implies STIBP), and +when hardware hints recommend using it as a blanket setting. On hardware supporting SSBD (Speculative Store Bypass Disable), the `ssbd=` option can be used to force or prevent Xen using the feature itself. On AMD @@ -2295,6 +2297,15 @@ hardware, this is a global option applied at boot, and not virtualised for guest use. On Intel hardware, the feature is virtualised for guests, independently of Xen's choice of setting. +On hardware supporting PSFD (Predictive Store Forwarding Disable), the `psfd=` +option can be used to force or prevent Xen using the feature itself. By +default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by +default. + +On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` +option can be used to force (the default) or prevent Xen from issuing branch +prediction barriers on vcpu context switches. + On all hardware, the `eager-fpu=` option can be used to force or prevent Xen from using fully eager FPU context switches. This is currently implemented as a global control. By default, Xen will choose to use fully eager context diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 565e997155..ef7224eb5d 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -29,6 +29,7 @@ #include #include #include +#include struct vmcb_struct *alloc_vmcb(void) { @@ -176,6 +177,14 @@ static int construct_vmcb(struct vcpu *v) vmcb->_pause_filter_thresh = SVM_PAUSETHRESH_INIT; } + /* + * When default_xen_spec_ctrl simply SPEC_CTRL_STIBP, default this behind + * the back of the VM too. Our SMT topology isn't accurate, the overhead + * is neglegable, and doing this saves a WRMSR on the vmentry path. + */ + if ( default_xen_spec_ctrl == SPEC_CTRL_STIBP ) + v->arch.msrs->spec_ctrl.raw = SPEC_CTRL_STIBP; + return 0; } diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 1ed5ceda8b..dfdd45c358 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -48,9 +48,13 @@ static enum ind_thunk { THUNK_LFENCE, THUNK_JMP, } opt_thunk __initdata = THUNK_DEFAULT; + static int8_t __initdata opt_ibrs = -1; +int8_t __initdata opt_stibp = -1; +bool __read_mostly opt_ssbd; +int8_t __initdata opt_psfd = -1; + bool __read_mostly opt_ibpb = true; -bool __read_mostly opt_ssbd = false; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; static bool __initdata opt_branch_harden = true; @@ -172,12 +176,20 @@ static int __init parse_spec_ctrl(const char *s) else rc = -EINVAL; } + + /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) opt_ibrs = val; - else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + else if ( (val = parse_boolean("stibp", s, ss)) >= 0 ) + opt_stibp = val; else if ( (val = parse_boolean("ssbd", s, ss)) >= 0 ) opt_ssbd = val; + else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) + opt_psfd = val; + + /* Misc settings. */ + else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) + opt_ibpb = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -376,7 +388,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -390,6 +402,9 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (!boot_cpu_has(X86_FEATURE_SSBD) && !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", + (!boot_cpu_has(X86_FEATURE_PSFD) && + !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -979,10 +994,7 @@ void __init init_speculation_mitigations(void) if ( !has_spec_ctrl ) printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); else if ( opt_ibrs == -1 ) - { opt_ibrs = ibrs = true; - default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; - } if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) thunk = THUNK_JMP; @@ -1086,14 +1098,49 @@ void __init init_speculation_mitigations(void) setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - /* If we have IBRS available, see whether we should use it. */ + /* Figure out default_xen_spec_ctrl. */ if ( has_spec_ctrl && ibrs ) + { + /* IBRS implies STIBP. */ + if ( opt_stibp == -1 ) + opt_stibp = 1; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + } + + /* + * Use STIBP by default if the hardware hint is set. Otherwise, leave it + * off as it a severe performance pentalty on pre-eIBRS Intel hardware + * where it was retrofitted in microcode. + */ + if ( opt_stibp == -1 ) + opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + + if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || + boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) + default_xen_spec_ctrl |= SPEC_CTRL_STIBP; - /* If we have SSBD available, see whether we should use it. */ if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) + { + /* SSBD implies PSFD */ + if ( opt_psfd == -1 ) + opt_psfd = 1; + default_xen_spec_ctrl |= SPEC_CTRL_SSBD; + } + + /* + * Don't use PSFD by default. AMD designed the predictor to + * auto-clear on privilege change. PSFD is implied by SSBD, which is + * off by default. + */ + if ( opt_psfd == -1 ) + opt_psfd = 0; + + if ( opt_psfd && (boot_cpu_has(X86_FEATURE_PSFD) || + boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ) + default_xen_spec_ctrl |= SPEC_CTRL_PSFD; /* * PV guests can create RSB entries for any linear address they control, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:22:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:22:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365592.595812 (Exim 4.92) (envelope-from ) id 1oBC6b-0001BW-HI; Tue, 12 Jul 2022 09:22:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365592.595812; Tue, 12 Jul 2022 09:22:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6b-0001BP-E9; Tue, 12 Jul 2022 09:22:57 +0000 Received: by outflank-mailman (input) for mailman id 365592; Tue, 12 Jul 2022 09:22:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6Z-0001B1-FJ for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6Z-0000nx-ET for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBC6Z-0000q6-Dj for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:22:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZVkRLQCXZkjDYnXw5WkdisdtPuiJgqtaBKRwWM5N5BM=; b=L51OjHlkkTZOn4uBftbZi3n/T3 aaGhrHNPwVkFgZuTF6iA8Cbfdv3T2bRVCYQ3N0kRdDmvpQRm01DMub4IzxSCS/BG6Cq4jZ04IgWlW NwxntlKm8+E9WYpcn1m/d6/bGBY1TLs8SLuks62iEqAC421QVVwDzntBridrY+ZNqc9k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] libxc: fix compilation error with gcc13 Message-Id: Date: Tue, 12 Jul 2022 09:22:55 +0000 commit cd3d6b4cd46cd05590805b4a6c0b6654af60106e Author: Charles Arnold AuthorDate: Tue Jul 12 11:14:07 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:14:07 2022 +0200 libxc: fix compilation error with gcc13 xc_psr.c:161:5: error: conflicting types for 'xc_psr_cmt_get_data' due to enum/integer mismatch; Signed-off-by: Charles Arnold Reviewed-by: Jan Beulich Acked-by: Anthony PERARD master commit: 8eeae8c2b4efefda8e946461e86cf2ae9c18e5a9 master date: 2022-07-06 13:06:40 +0200 --- tools/include/xenctrl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index 07b96e6671..893ae39e4a 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -2516,7 +2516,7 @@ int xc_psr_cmt_get_l3_event_mask(xc_interface *xch, uint32_t *event_mask); int xc_psr_cmt_get_l3_cache_size(xc_interface *xch, uint32_t cpu, uint32_t *l3_cache_size); int xc_psr_cmt_get_data(xc_interface *xch, uint32_t rmid, uint32_t cpu, - uint32_t psr_cmt_type, uint64_t *monitor_data, + xc_psr_cmt_type type, uint64_t *monitor_data, uint64_t *tsc); int xc_psr_cmt_enabled(xc_interface *xch); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:23:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:23:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365593.595817 (Exim 4.92) (envelope-from ) id 1oBC6l-0001F0-K9; Tue, 12 Jul 2022 09:23:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365593.595817; Tue, 12 Jul 2022 09:23:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6l-0001Es-HQ; Tue, 12 Jul 2022 09:23:07 +0000 Received: by outflank-mailman (input) for mailman id 365593; Tue, 12 Jul 2022 09:23:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6j-0001Ed-JP for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6j-0000oN-Ic for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBC6j-0000qx-Gc for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=x3aLIv1PVwYcR/iNIrlg/xQ5ghX/LolmTgS++5SBdvE=; b=fVhz74XWepnduYCfE6Oeyz7BlG LioF4nAzaNbBueANeeU2Y8FcgjMv0ogE59RykRQb/jiIvVhPRrhCfzOqPDi/sPjbFy+y7ZElHuulK aCV0CI4IGsjDh4AwM2V5G0jjiK87v+7JFvq/82HhxqK/AUTwDTHnyo3XOW91Gbsf5F4Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option Message-Id: Date: Tue, 12 Jul 2022 09:23:05 +0000 commit 61b9c2ceeb94b0cdaff01023cc5523b1f13e66e2 Author: Andrew Cooper AuthorDate: Tue Jul 12 11:14:34 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:14:34 2022 +0200 x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option This was an oversight from when unpriv-mmio was introduced. Fixes: 8c24b70fedcb ("x86/spec-ctrl: Add spec-ctrl=unpriv-mmio") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 4cdb519d797c19ebb8fadc5938cdb47479d5a21b master date: 2022-07-11 15:21:35 +0100 --- xen/arch/x86/spec_ctrl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index dfdd45c358..ae74943c10 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -122,6 +122,7 @@ static int __init parse_spec_ctrl(const char *s) opt_l1d_flush = 0; opt_branch_harden = false; opt_srb_lock = 0; + opt_unpriv_mmio = false; } else if ( val > 0 ) rc = -EINVAL; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:23:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:23:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365594.595821 (Exim 4.92) (envelope-from ) id 1oBC6v-0001Hc-Lb; Tue, 12 Jul 2022 09:23:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365594.595821; Tue, 12 Jul 2022 09:23:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6v-0001HU-Ix; Tue, 12 Jul 2022 09:23:17 +0000 Received: by outflank-mailman (input) for mailman id 365594; Tue, 12 Jul 2022 09:23:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6t-0001H9-M9 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC6t-0000oX-LS for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBC6t-0000rR-Kl for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NHczoHrqGX75gkMX0wFmFdc1lahfY9vJ0FwYwxLo394=; b=5oZaO2SDRb9KwMoSzVvC/SAJQm PTUqcWoVe/ksn1Kjcq3GKzRgKrdNztHEFmLmL1iMYP1YX1KIzZQq02DTu1hpSW7107DBFfo50JAUN ZQNFvjnHLOcyZDXUGokjVEkflqhRvWYmC8BWIVd9rBHpzTZwRJw8IT3nR5NkUsQbdXXw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xen/cmdline: Extend parse_boolean() to signal a name match Message-Id: Date: Tue, 12 Jul 2022 09:23:15 +0000 commit eec5b02403a9df2523527caad24f17af5060fbe7 Author: Andrew Cooper AuthorDate: Tue Jul 12 11:15:03 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:15:03 2022 +0200 xen/cmdline: Extend parse_boolean() to signal a name match This will help parsing a sub-option which has boolean and non-boolean options available. First, rework 'int val' into 'bool has_neg_prefix'. This inverts it's value, but the resulting logic is far easier to follow. Second, reject anything of the form 'no-$FOO=' which excludes ambiguous constructs such as 'no-$foo=yes' which have never been valid. This just leaves the case where everything is otherwise fine, but parse_bool() can't interpret the provided string. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross Reviewed-by: Jan Beulich master commit: 382326cac528dd1eb0d04efd5c05363c453e29f4 master date: 2022-07-11 15:21:35 +0100 --- xen/common/kernel.c | 20 ++++++++++++++++---- xen/include/xen/lib.h | 3 ++- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index e119e5401f..7ed96521f9 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -272,9 +272,9 @@ int parse_bool(const char *s, const char *e) int parse_boolean(const char *name, const char *s, const char *e) { size_t slen, nlen; - int val = !!strncmp(s, "no-", 3); + bool has_neg_prefix = !strncmp(s, "no-", 3); - if ( !val ) + if ( has_neg_prefix ) s += 3; slen = e ? ({ ASSERT(e >= s); e - s; }) : strlen(s); @@ -286,11 +286,23 @@ int parse_boolean(const char *name, const char *s, const char *e) /* Exact, unadorned name? Result depends on the 'no-' prefix. */ if ( slen == nlen ) - return val; + return !has_neg_prefix; + + /* Inexact match with a 'no-' prefix? Not valid. */ + if ( has_neg_prefix ) + return -1; /* =$SOMETHING? Defer to the regular boolean parsing. */ if ( s[nlen] == '=' ) - return parse_bool(&s[nlen + 1], e); + { + int b = parse_bool(&s[nlen + 1], e); + + if ( b >= 0 ) + return b; + + /* Not a boolean, but the name matched. Signal specially. */ + return -2; + } /* Unrecognised. Give up. */ return -1; diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index c6987973bf..2296044caf 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -80,7 +80,8 @@ int parse_bool(const char *s, const char *e); /** * Given a specific name, parses a string of the form: * [no-]$NAME[=...] - * returning 0 or 1 for a recognised boolean, or -1 for an error. + * returning 0 or 1 for a recognised boolean. Returns -1 for general errors, + * and -2 for "not a boolean, but $NAME= matches". */ int parse_boolean(const char *name, const char *s, const char *e); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:23:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:23:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365595.595824 (Exim 4.92) (envelope-from ) id 1oBC75-0001KC-N1; Tue, 12 Jul 2022 09:23:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365595.595824; Tue, 12 Jul 2022 09:23:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC75-0001K5-KP; Tue, 12 Jul 2022 09:23:27 +0000 Received: by outflank-mailman (input) for mailman id 365595; Tue, 12 Jul 2022 09:23:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC73-0001Ju-Qu for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC73-0000ol-OL for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBC73-0000sN-Ni for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O5M2q1wXd895GLdRWGNxEXbGhO7UpmB3zOsctx8Zduo=; b=VjjV/pGY36WB1+byjmrdHzX1Y7 3vL1bqpYBY6M6uxRBeJNWIxN7Sl+R06TvrQkydgJ/GBrExw/rbBm7mHYAm2GQiwk7vVcyLnJwz7v/ E5E4FxZpS81l2olQsu2lrSynB8cmAm4gUk0mdbV7Bq1MXzpYesZbIxY7e9Kmw9SPAvss=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Message-Id: Date: Tue, 12 Jul 2022 09:23:25 +0000 commit f066c8bb3e5686141cef6fa1dc86ea9f37c5388a Author: Andrew Cooper AuthorDate: Tue Jul 12 11:15:37 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:15:37 2022 +0200 x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Support controling the PV/HVM suboption of msr-sc/rsb/md-clear, which previously wasn't possible. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 27357c394ba6e1571a89105b840ce1c6f026485c master date: 2022-07-11 15:21:35 +0100 --- docs/misc/xen-command-line.pandoc | 12 +++++-- xen/arch/x86/spec_ctrl.c | 66 +++++++++++++++++++++++++++++++++------ 2 files changed, 66 insertions(+), 12 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 46e9c58d35..1bbdb55129 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2233,7 +2233,8 @@ not be able to control the state of the mitigation. By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) -> `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, +> `= List of [ , xen=, {pv,hvm}=, +> {msr-sc,rsb,md-clear}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2258,12 +2259,17 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The booleans `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` offer fine +The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and Xen's ability to virtualise support for guests to use. +protect itself, and/or Xen's ability to virtualise support for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. +* Each other option can be used either as a plain boolean + (e.g. `spec-ctrl=rsb` to control both the PV and HVM sub-options), or with + `pv=` or `hvm=` subsuboptions (e.g. `spec-ctrl=rsb=no-hvm` to disable HVM + RSB only). + * `msr-sc=` offers control over Xen's support for manipulating `MSR_SPEC_CTRL` on entry and exit. These blocks are necessary to virtualise support for guests and if disabled, guests will be unable to use IBRS/STIBP/SSBD/etc. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ae74943c10..9507e5da60 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -147,20 +147,68 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_md_clear_hvm = val; } - else if ( (val = parse_boolean("msr-sc", s, ss)) >= 0 ) + else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { - opt_msr_sc_pv = val; - opt_msr_sc_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_msr_sc_pv = opt_msr_sc_hvm = val; + break; + + case -2: + s += strlen("msr-sc="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_msr_sc_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_msr_sc_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("rsb", s, ss)) >= 0 ) + else if ( (val = parse_boolean("rsb", s, ss)) != -1 ) { - opt_rsb_pv = val; - opt_rsb_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_rsb_pv = opt_rsb_hvm = val; + break; + + case -2: + s += strlen("rsb="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_rsb_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_rsb_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("md-clear", s, ss)) >= 0 ) + else if ( (val = parse_boolean("md-clear", s, ss)) != -1 ) { - opt_md_clear_pv = val; - opt_md_clear_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_md_clear_pv = opt_md_clear_hvm = val; + break; + + case -2: + s += strlen("md-clear="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_md_clear_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_md_clear_hvm = val; + else + default: + rc = -EINVAL; + break; + } } /* Xen's speculative sidechannel mitigation settings. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:23:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:23:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365596.595828 (Exim 4.92) (envelope-from ) id 1oBC7F-0001NI-OX; Tue, 12 Jul 2022 09:23:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365596.595828; Tue, 12 Jul 2022 09:23:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC7F-0001NA-Lv; Tue, 12 Jul 2022 09:23:37 +0000 Received: by outflank-mailman (input) for mailman id 365596; Tue, 12 Jul 2022 09:23:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC7D-0001N0-Rz for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC7D-0000pF-R7 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBC7D-0000st-QR for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YG//RgWNofUv58peAgzcqD2GXxlTq/YFbNqbd66cInQ=; b=lvVm454seZW6YRD36ur6muCYUb 3dUR/9WrvlWKJjgsSe0RkAiVePmTYzE99ztOTbnlocYJWJ0I+xM1bY6QdBamNoFeNpE7htxuGMc0N 5cAo/b2u1lRKEb62hniVZjFlQs+GS0PovivABl8Ic/nt6+2UxnoMseu8RCBs3bx3Ucx8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] tools/helpers: fix build of xen-init-dom0 with -Werror Message-Id: Date: Tue, 12 Jul 2022 09:23:35 +0000 commit 14fd97e3de939a63a6e467f240efb49fe226a5dc Author: Anthony PERARD AuthorDate: Tue Jul 12 11:16:10 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:16:10 2022 +0200 tools/helpers: fix build of xen-init-dom0 with -Werror Missing prototype of asprintf() without _GNU_SOURCE. Signed-off-by: Anthony PERARD Reviewed-by: Henry Wang master commit: d693b22733044d68e9974766b5c9e6259c9b1708 master date: 2022-07-12 08:38:35 +0200 --- tools/helpers/xen-init-dom0.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/helpers/xen-init-dom0.c b/tools/helpers/xen-init-dom0.c index c99224a4b6..b4861c9e80 100644 --- a/tools/helpers/xen-init-dom0.c +++ b/tools/helpers/xen-init-dom0.c @@ -1,3 +1,5 @@ +#define _GNU_SOURCE + #include #include #include -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:23:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:23:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365597.595832 (Exim 4.92) (envelope-from ) id 1oBC7P-0001Q4-Q4; Tue, 12 Jul 2022 09:23:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365597.595832; Tue, 12 Jul 2022 09:23:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC7P-0001Pw-NN; Tue, 12 Jul 2022 09:23:47 +0000 Received: by outflank-mailman (input) for mailman id 365597; Tue, 12 Jul 2022 09:23:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC7N-0001Ph-Un for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBC7N-0000pL-U0 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBC7N-0000uz-TK for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:23:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wpqu+9NgugmwIz6yMnc6GkXcWv6OzdJYzcAa4lcQPO4=; b=dHjdLVrGQFNcVmFpnw12Wcvw2+ BXijUXLj73qt9mHBKHdgAO2o/FtlNphaYGn6FUHbmWRbE3GI/0CTVE4Ip+h/7GZOSyt+FXcrbs+lz AnkbW8MuCwOmj6af6S2GDGib+sfW5nCS5ahM416aPkDFT8L+YdC2JwR8hxTNSV21OqaY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] libxl: check return value of libxl__xs_directory in name2bdf Message-Id: Date: Tue, 12 Jul 2022 09:23:45 +0000 commit 744accad1b73223b3261e3e678e16e030d83b179 Author: Anthony PERARD AuthorDate: Tue Jul 12 11:16:30 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:16:30 2022 +0200 libxl: check return value of libxl__xs_directory in name2bdf libxl__xs_directory() can potentially return NULL without setting `n`. As `n` isn't initialised, we need to check libxl__xs_directory() return value before checking `n`. Otherwise, `n` might be non-zero with `bdfs` NULL which would lead to a segv. Fixes: 57bff091f4 ("libxl: add 'name' field to 'libxl_device_pci' in the IDL...") Reported-by: "G.R." Signed-off-by: Anthony PERARD Reviewed-by: Juergen Gross Tested-by: "G.R." master commit: d778089ac70e5b8e3bdea0c85fc8c0b9ed0eaf2f master date: 2022-07-12 08:38:51 +0200 --- tools/libs/light/libxl_pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_pci.c b/tools/libs/light/libxl_pci.c index 4bbbfe9f16..ce3bf7c0ae 100644 --- a/tools/libs/light/libxl_pci.c +++ b/tools/libs/light/libxl_pci.c @@ -859,7 +859,7 @@ static int name2bdf(libxl__gc *gc, libxl_device_pci *pci) int rc = ERROR_NOTFOUND; bdfs = libxl__xs_directory(gc, XBT_NULL, PCI_INFO_PATH, &n); - if (!n) + if (!bdfs || !n) goto out; for (i = 0; i < n; i++) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:33:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365600.595839 (Exim 4.92) (envelope-from ) id 1oBCGP-0002Tj-HJ; Tue, 12 Jul 2022 09:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365600.595839; Tue, 12 Jul 2022 09:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCGP-0002Tb-DJ; Tue, 12 Jul 2022 09:33:05 +0000 Received: by outflank-mailman (input) for mailman id 365600; Tue, 12 Jul 2022 09:33:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCGO-0002TV-VA for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCGO-0000zH-S8 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBCGO-0001Ti-RF for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nKCiPjoC6h0W0HhXhYX/PjhiU/+EFxZSHc5LNZuRQDY=; b=ebikOrQGD8sEeHiVp3ZqhQs/ju uQ8VA66UHjl+4MEzcPXYKaovJ8elkEijDuZTGQsBUJrFcgq4vKyWD3pnArmhvvX/YDMtUHMEHjXVn 8O4if57pfhNSdjie9SPvyZBCzwWwhetfdILldm3MU91GeE80SM5J/NMMkxIFxOEXApjY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] build: fix exported variable name CFLAGS_stack_boundary Message-Id: Date: Tue, 12 Jul 2022 09:33:04 +0000 commit f6e26ce7d9317abc41130ead6dc2443a7e2dde00 Author: Anthony PERARD AuthorDate: Tue Jul 12 11:20:46 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:20:46 2022 +0200 build: fix exported variable name CFLAGS_stack_boundary Exporting a variable with a dash doesn't work reliably, they may be striped from the environment when calling a sub-make or sub-shell. CFLAGS-stack-boundary start to be removed from env in patch "build: set ALL_OBJS in main Makefile; move prelink.o to main Makefile" when running `make "ALL_OBJS=.."` due to the addition of the quote. At least in my empirical tests. Fixes: 2740d96efd ("xen/build: have the root Makefile generates the CFLAGS") Signed-off-by: Anthony PERARD Acked-by: Jan Beulich master commit: aa390d513a67a6ec0a069eea7478e5ecd54a7ea6 master date: 2022-01-28 11:44:33 +0100 --- xen/arch/x86/Rules.mk | 4 ++-- xen/arch/x86/arch.mk | 4 ++-- xen/arch/x86/efi/Makefile | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/Rules.mk b/xen/arch/x86/Rules.mk index 56fe22c979..7aef93f5f3 100644 --- a/xen/arch/x86/Rules.mk +++ b/xen/arch/x86/Rules.mk @@ -6,5 +6,5 @@ object_label_flags = '-D__OBJECT_LABEL__=$(subst $(BASEDIR)/,,$(CURDIR))/$@' else object_label_flags = '-D__OBJECT_LABEL__=$(subst /,$$,$(subst -,_,$(subst $(BASEDIR)/,,$(CURDIR))/$@))' endif -c_flags += $(object_label_flags) $(CFLAGS-stack-boundary) -a_flags += $(object_label_flags) $(CFLAGS-stack-boundary) +c_flags += $(object_label_flags) $(CFLAGS_stack_boundary) +a_flags += $(object_label_flags) $(CFLAGS_stack_boundary) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 033048ab6b..456e5d5c1a 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -57,8 +57,8 @@ endif # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. -$(call cc-option-add,CFLAGS-stack-boundary,CC,-mpreferred-stack-boundary=3) -export CFLAGS-stack-boundary +$(call cc-option-add,CFLAGS_stack_boundary,CC,-mpreferred-stack-boundary=3) +export CFLAGS_stack_boundary ifeq ($(CONFIG_UBSAN),y) # Don't enable alignment sanitisation. x86 has efficient unaligned accesses, diff --git a/xen/arch/x86/efi/Makefile b/xen/arch/x86/efi/Makefile index e857c0f2cc..a5b2041f9b 100644 --- a/xen/arch/x86/efi/Makefile +++ b/xen/arch/x86/efi/Makefile @@ -11,7 +11,7 @@ boot.init.o: buildid.o EFIOBJ := boot.init.o pe.init.o ebmalloc.o compat.o runtime.o $(call cc-option-add,cflags-stack-boundary,CC,-mpreferred-stack-boundary=4) -$(EFIOBJ): CFLAGS-stack-boundary := $(cflags-stack-boundary) +$(EFIOBJ): CFLAGS_stack_boundary := $(cflags-stack-boundary) obj-y := stub.o obj-$(XEN_BUILD_EFI) := $(filter-out %.init.o,$(EFIOBJ)) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:33:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365601.595841 (Exim 4.92) (envelope-from ) id 1oBCGZ-0002Vp-I5; Tue, 12 Jul 2022 09:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365601.595841; Tue, 12 Jul 2022 09:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCGZ-0002Vh-Ex; Tue, 12 Jul 2022 09:33:15 +0000 Received: by outflank-mailman (input) for mailman id 365601; Tue, 12 Jul 2022 09:33:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCGY-0002Vb-Vp for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCGY-0000zP-Uy for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBCGY-0001UC-UI for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bMKwHwNe8c4Ru/rRph1wTCsiUXQWNCVq0wY/U8215Xc=; b=GHq3y5vblEXPvZdKtKcK08nhmS KFrqh5Ke8/K/7tFxjRGzxAYcwW2paXuGO0hBX8JFrTxbig9WrUV9rY7qYTOCMPRlbJNXRilYd1Lgq IcMw6IAU0pT6xtmvxi49M583dnQycuMd+ggGh2pLKor789yGsAhFvCTkfVWbMgOI9uMw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] IOMMU/x86: work around bogus gcc12 warning in hvm_gsi_eoi() Message-Id: Date: Tue, 12 Jul 2022 09:33:14 +0000 commit b89b932cfe86556c5de4ad56702aed83142e22a3 Author: Jan Beulich AuthorDate: Tue Jul 12 11:21:14 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:21:14 2022 +0200 IOMMU/x86: work around bogus gcc12 warning in hvm_gsi_eoi() As per [1] the expansion of the pirq_dpci() macro causes a -Waddress controlled warning (enabled implicitly in our builds, if not by default) tying the middle part of the involved conditional expression to the surrounding boolean context. Work around this by introducing a local inline function in the affected source file. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102967 master commit: 80ad8db8a4d9bb24952f0aea788ce6f47566fa76 master date: 2022-06-15 10:19:32 +0200 --- xen/drivers/passthrough/x86/hvm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c index 9544f3234e..50865eec2c 100644 --- a/xen/drivers/passthrough/x86/hvm.c +++ b/xen/drivers/passthrough/x86/hvm.c @@ -25,6 +25,18 @@ #include #include +/* + * Gcc12 takes issue with pirq_dpci() being used in boolean context (see gcc + * bug 102967). While we can't replace the macro definition in the header by an + * inline function, we can do so here. + */ +static inline struct hvm_pirq_dpci *_pirq_dpci(struct pirq *pirq) +{ + return pirq_dpci(pirq); +} +#undef pirq_dpci +#define pirq_dpci(pirq) _pirq_dpci(pirq) + static DEFINE_PER_CPU(struct list_head, dpci_list); /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:33:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:33:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365602.595845 (Exim 4.92) (envelope-from ) id 1oBCGj-0002ZK-KY; Tue, 12 Jul 2022 09:33:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365602.595845; Tue, 12 Jul 2022 09:33:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCGj-0002ZC-Ho; Tue, 12 Jul 2022 09:33:25 +0000 Received: by outflank-mailman (input) for mailman id 365602; Tue, 12 Jul 2022 09:33:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCGj-0002Z4-2b for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCGj-0000zf-1j for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBCGj-0001Ug-0s for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jZhT8+1NGb+LL7b2tl/3ocoxQFwYeob1KEhphXwRjIY=; b=WXZ6zPIvykDJZEq8npXY2AughG 49hMiUx/OMVM1AJ5LoQ2JL2tfCKusyuHyp7rSeKa8pfn7hCfaKpC5LO/ZASbeVaPQesBRwjbfMCbJ Hdfk5KiV2FZ7+uaKa1foWnO9+hNbWT+ByhJ5U6dh6LiJsi1nEjywTZvXxv+7t89N+D0c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] ehci-dbgp: fix selecting n-th ehci controller Message-Id: Date: Tue, 12 Jul 2022 09:33:25 +0000 commit b53df5b4341fa97614ad064a7c8e781c88b6ed71 Author: Marek Marczykowski-Górecki AuthorDate: Tue Jul 12 11:22:09 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:22:09 2022 +0200 ehci-dbgp: fix selecting n-th ehci controller The ehci number was parsed but ignored. Fixes: 322ecbe4ac85 ("console: add EHCI debug port based serial console") Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich master commit: d6d0cb659fda64430d4649f8680c5cead32da8fd master date: 2022-06-16 14:23:37 +0100 --- xen/drivers/char/ehci-dbgp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/char/ehci-dbgp.c b/xen/drivers/char/ehci-dbgp.c index c893d246de..66b4811af2 100644 --- a/xen/drivers/char/ehci-dbgp.c +++ b/xen/drivers/char/ehci-dbgp.c @@ -1478,7 +1478,7 @@ void __init ehci_dbgp_init(void) unsigned int num = 0; if ( opt_dbgp[4] ) - simple_strtoul(opt_dbgp + 4, &e, 10); + num = simple_strtoul(opt_dbgp + 4, &e, 10); dbgp->cap = find_dbgp(dbgp, num); if ( !dbgp->cap ) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:33:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:33:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365603.595849 (Exim 4.92) (envelope-from ) id 1oBCGt-0002bs-M7; Tue, 12 Jul 2022 09:33:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365603.595849; Tue, 12 Jul 2022 09:33:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCGt-0002bj-JO; Tue, 12 Jul 2022 09:33:35 +0000 Received: by outflank-mailman (input) for mailman id 365603; Tue, 12 Jul 2022 09:33:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCGt-0002ba-5Y for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCGt-000109-4g for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBCGt-0001V6-3w for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fchODgiJsVG0j/hR95A+wqXasonGJczbuzWyEvEUaOE=; b=Z7lVaO7T8j1+a9kW3Th4S7YsZe PAc8ahbaglDVQUzB8gM1+JIr6INoqOcOotFDL18tEINQ+hGoTRgqPVLoCsUBr+6ETnzBlQ0laNEkF qf6VycmZo8NaEgi5ODwOop4ydQskkJ2hXqLCC/Tu+XQxoRIKzWb0yU0pI6RhPMowvQIA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] tools/xenstored: Harden corrupt() Message-Id: Date: Tue, 12 Jul 2022 09:33:35 +0000 commit 7fe638c28fa693d8bb8f9419de1220d4359a1b2d Author: Julien Grall AuthorDate: Tue Jul 12 11:23:01 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:23:01 2022 +0200 tools/xenstored: Harden corrupt() At the moment, corrupt() is neither checking for allocation failure nor freeing the allocated memory. Harden the code by printing ENOMEM if the allocation failed and free 'str' after the last use. This is not considered to be a security issue because corrupt() should only be called when Xenstored thinks the database is corrupted. Note that the trigger (i.e. a guest reliably provoking the call) would be a security issue. Fixes: 06d17943f0cd ("Added a basic integrity checker, and some basic ability to recover from store") Signed-off-by: Julien Grall Reviewed-by: Juergen Gross master commit: db3382dd4f468c763512d6bf91c96773395058fb master date: 2022-06-23 13:44:10 +0100 --- tools/xenstore/xenstored_core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c index 8033c1e0eb..9172dd7671 100644 --- a/tools/xenstore/xenstored_core.c +++ b/tools/xenstore/xenstored_core.c @@ -1988,7 +1988,10 @@ void corrupt(struct connection *conn, const char *fmt, ...) va_end(arglist); log("corruption detected by connection %i: err %s: %s", - conn ? (int)conn->id : -1, strerror(saved_errno), str); + conn ? (int)conn->id : -1, strerror(saved_errno), + str ?: "ENOMEM"); + + talloc_free(str); check_store(); } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:33:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:33:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365604.595852 (Exim 4.92) (envelope-from ) id 1oBCH3-0002ew-NW; Tue, 12 Jul 2022 09:33:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365604.595852; Tue, 12 Jul 2022 09:33:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCH3-0002ep-Ks; Tue, 12 Jul 2022 09:33:45 +0000 Received: by outflank-mailman (input) for mailman id 365604; Tue, 12 Jul 2022 09:33:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCH3-0002ej-8V for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCH3-00010L-7h for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBCH3-0001X6-6w for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GU+TEC9ejxOCX467/bGDjE9CD2LXNiuK/RKiVNwS0k0=; b=oTnsYV7bFjZqFkBi9wPeWPOwEC rmF8EK5wXV9fivMC9zMVTT4QuUaR4eplFwdN22P6z+2QpkFcPSUoR+Ow9CpfEH8HOLxNdgZeUIxW0 Blm90AlEsU+HNwTXKEE9maGzaL6mrU+tJsfO8+ghUlDC9cJzuJJtbGAmbjd8oWcY7p2g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Message-Id: Date: Tue, 12 Jul 2022 09:33:45 +0000 commit 799a8d49237a62ea0d33c3756a6a7f665b8389b2 Author: Andrew Cooper AuthorDate: Tue Jul 12 11:23:32 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:23:32 2022 +0200 x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Back at the time of the original Spectre-v2 fixes, it was recommended to clear MSR_SPEC_CTRL when going idle. This is because of the side effects on the sibling thread caused by the microcode IBRS and STIBP implementations which were retrofitted to existing CPUs. However, there are no relevant cross-thread impacts for the hardware IBRS/STIBP implementations, so this logic should not be used on Intel CPUs supporting eIBRS, or any AMD CPUs; doing so only adds unnecessary latency to the idle path. Furthermore, there's no point playing with MSR_SPEC_CTRL in the idle paths if SMT is disabled for other reasons. Fixes: 8d03080d2a33 ("x86/spec-ctrl: Cease using thunk=lfence on AMD") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné master commit: ffc7694e0c99eea158c32aa164b7d1e1bb1dc46b master date: 2022-06-30 18:07:13 +0100 --- xen/arch/x86/spec_ctrl.c | 10 ++++++++-- xen/include/asm-x86/cpufeatures.h | 2 +- xen/include/asm-x86/spec_ctrl.h | 5 +++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 83b856fa91..eb7fb70e86 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1103,8 +1103,14 @@ void __init init_speculation_mitigations(void) /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ init_shadow_spec_ctrl_state(); - /* If Xen is using any MSR_SPEC_CTRL settings, adjust the idle path. */ - if ( default_xen_spec_ctrl ) + /* + * For microcoded IBRS only (i.e. Intel, pre eIBRS), it is recommended to + * clear MSR_SPEC_CTRL before going idle, to avoid impacting sibling + * threads. Activate this if SMT is enabled, and Xen is using a non-zero + * MSR_SPEC_CTRL setting. + */ + if ( boot_cpu_has(X86_FEATURE_IBRSB) && !(caps & ARCH_CAPS_IBRS_ALL) && + hw_smt_enabled && default_xen_spec_ctrl ) setup_force_cpu_cap(X86_FEATURE_SC_MSR_IDLE); xpti_init_default(caps); diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 9eaab7a2a1..f7488d3ccb 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -33,7 +33,7 @@ XEN_CPUFEATURE(SC_MSR_HVM, X86_SYNTH(17)) /* MSR_SPEC_CTRL used by Xen fo XEN_CPUFEATURE(SC_RSB_PV, X86_SYNTH(18)) /* RSB overwrite needed for PV */ XEN_CPUFEATURE(SC_RSB_HVM, X86_SYNTH(19)) /* RSB overwrite needed for HVM */ XEN_CPUFEATURE(XEN_SELFSNOOP, X86_SYNTH(20)) /* SELFSNOOP gets used by Xen itself */ -XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* (SC_MSR_PV || SC_MSR_HVM) && default_xen_spec_ctrl */ +XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on idle */ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ /* Bits 23,24 unused. */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 68f6c46c47..12283573cd 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -78,7 +78,8 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) uint32_t val = 0; /* - * Branch Target Injection: + * It is recommended in some cases to clear MSR_SPEC_CTRL when going idle, + * to avoid impacting sibling threads. * * Latch the new shadow value, then enable shadowing, then update the MSR. * There are no SMP issues here; only local processor ordering concerns. @@ -114,7 +115,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) uint32_t val = info->xen_spec_ctrl; /* - * Branch Target Injection: + * Restore MSR_SPEC_CTRL on exit from idle. * * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:33:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:33:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365605.595858 (Exim 4.92) (envelope-from ) id 1oBCHE-0002hq-Ph; Tue, 12 Jul 2022 09:33:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365605.595858; Tue, 12 Jul 2022 09:33:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHE-0002he-MX; Tue, 12 Jul 2022 09:33:56 +0000 Received: by outflank-mailman (input) for mailman id 365605; Tue, 12 Jul 2022 09:33:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHD-0002hS-BZ for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHD-00010V-Al for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBCHD-0001XY-A8 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:33:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AcCrnDbf0CG8pDQ9V7iS8X+V8tsfNOwLbj1CJqbVgeg=; b=RiWlnlX7xnh7umzIDOsJ9A0zNh tTA7Y1V3DiscN22ZBWr/aj3nhiRyIMygFi2FD176YWX8l4s9rKIRU8f6sOn7Zkkf2cnnK7T4GKZ5N KNPi3F6QSiVngiQNgmwFQeEvLhTN+U7nSR2Ir4dcweDw/aeVUzzfUMuFgYu2YK3HB1Gc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint Message-Id: Date: Tue, 12 Jul 2022 09:33:55 +0000 commit cd5081e8c31651e623d86532306b4c56bbcb6e6d Author: Andrew Cooper AuthorDate: Tue Jul 12 11:24:11 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:24:11 2022 +0200 x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint STIBP and PSFD are slightly weird bits, because they're both implied by other bits in MSR_SPEC_CTRL. Add fine grain controls for them, and take the implications into account when setting IBRS/SSBD. Rearrange the IBPB text/variables/logic to keep all the MSR_SPEC_CTRL bits together, for consistency. However, AMD have a hardware hint CPUID bit recommending that STIBP be set unilaterally. This is advertised on Zen3, so follow the recommendation. Furthermore, in such cases, set STIBP behind the guest's back for now. This has negligible overhead for the guest, but saves a WRMSR on vmentry. This is the only default change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Roger Pau Monné master commit: fef244b179c06fcdfa581f7d57fa6e578c49ff50 master date: 2022-06-30 18:07:13 +0100 --- docs/misc/xen-command-line.pandoc | 21 ++++++++++--- xen/arch/x86/hvm/svm/vmcb.c | 9 ++++++ xen/arch/x86/spec_ctrl.c | 65 +++++++++++++++++++++++++++++++++------ 3 files changed, 81 insertions(+), 14 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index e17a835ed2..1db3da9ef7 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2170,8 +2170,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, -> l1d-flush,branch-harden,srb-lock,unpriv-mmio}= ]` +> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> eager-fpu,l1d-flush,branch-harden,srb-lock, +> unpriv-mmio}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2221,9 +2222,10 @@ On hardware supporting IBRS (Indirect Branch Restricted Speculation), the If Xen is not using IBRS itself, functionality is still set up so IBRS can be virtualised for guests. -On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` -option can be used to force (the default) or prevent Xen from issuing branch -prediction barriers on vcpu context switches. +On hardware supporting STIBP (Single Thread Indirect Branch Predictors), the +`stibp=` option can be used to force or prevent Xen using the feature itself. +By default, Xen will use STIBP when IBRS is in use (IBRS implies STIBP), and +when hardware hints recommend using it as a blanket setting. On hardware supporting SSBD (Speculative Store Bypass Disable), the `ssbd=` option can be used to force or prevent Xen using the feature itself. On AMD @@ -2231,6 +2233,15 @@ hardware, this is a global option applied at boot, and not virtualised for guest use. On Intel hardware, the feature is virtualised for guests, independently of Xen's choice of setting. +On hardware supporting PSFD (Predictive Store Forwarding Disable), the `psfd=` +option can be used to force or prevent Xen using the feature itself. By +default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by +default. + +On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` +option can be used to force (the default) or prevent Xen from issuing branch +prediction barriers on vcpu context switches. + On all hardware, the `eager-fpu=` option can be used to force or prevent Xen from using fully eager FPU context switches. This is currently implemented as a global control. By default, Xen will choose to use fully eager context diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 55da9302e5..a0bf9f4e05 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -29,6 +29,7 @@ #include #include #include +#include struct vmcb_struct *alloc_vmcb(void) { @@ -175,6 +176,14 @@ static int construct_vmcb(struct vcpu *v) vmcb->_pause_filter_thresh = SVM_PAUSETHRESH_INIT; } + /* + * When default_xen_spec_ctrl simply SPEC_CTRL_STIBP, default this behind + * the back of the VM too. Our SMT topology isn't accurate, the overhead + * is neglegable, and doing this saves a WRMSR on the vmentry path. + */ + if ( default_xen_spec_ctrl == SPEC_CTRL_STIBP ) + v->arch.msrs->spec_ctrl.raw = SPEC_CTRL_STIBP; + return 0; } diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index eb7fb70e86..8212227ee0 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -48,9 +48,13 @@ static enum ind_thunk { THUNK_LFENCE, THUNK_JMP, } opt_thunk __initdata = THUNK_DEFAULT; + static int8_t __initdata opt_ibrs = -1; +int8_t __initdata opt_stibp = -1; +bool __read_mostly opt_ssbd; +int8_t __initdata opt_psfd = -1; + bool __read_mostly opt_ibpb = true; -bool __read_mostly opt_ssbd = false; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -172,12 +176,20 @@ static int __init parse_spec_ctrl(const char *s) else rc = -EINVAL; } + + /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) opt_ibrs = val; - else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + else if ( (val = parse_boolean("stibp", s, ss)) >= 0 ) + opt_stibp = val; else if ( (val = parse_boolean("ssbd", s, ss)) >= 0 ) opt_ssbd = val; + else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) + opt_psfd = val; + + /* Misc settings. */ + else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) + opt_ibpb = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -376,7 +388,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -390,6 +402,9 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (!boot_cpu_has(X86_FEATURE_SSBD) && !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", + (!boot_cpu_has(X86_FEATURE_PSFD) && + !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -950,10 +965,7 @@ void __init init_speculation_mitigations(void) if ( !has_spec_ctrl ) printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); else if ( opt_ibrs == -1 ) - { opt_ibrs = ibrs = true; - default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; - } if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) thunk = THUNK_JMP; @@ -1057,14 +1069,49 @@ void __init init_speculation_mitigations(void) setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - /* If we have IBRS available, see whether we should use it. */ + /* Figure out default_xen_spec_ctrl. */ if ( has_spec_ctrl && ibrs ) + { + /* IBRS implies STIBP. */ + if ( opt_stibp == -1 ) + opt_stibp = 1; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + } + + /* + * Use STIBP by default if the hardware hint is set. Otherwise, leave it + * off as it a severe performance pentalty on pre-eIBRS Intel hardware + * where it was retrofitted in microcode. + */ + if ( opt_stibp == -1 ) + opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + + if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || + boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) + default_xen_spec_ctrl |= SPEC_CTRL_STIBP; - /* If we have SSBD available, see whether we should use it. */ if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) + { + /* SSBD implies PSFD */ + if ( opt_psfd == -1 ) + opt_psfd = 1; + default_xen_spec_ctrl |= SPEC_CTRL_SSBD; + } + + /* + * Don't use PSFD by default. AMD designed the predictor to + * auto-clear on privilege change. PSFD is implied by SSBD, which is + * off by default. + */ + if ( opt_psfd == -1 ) + opt_psfd = 0; + + if ( opt_psfd && (boot_cpu_has(X86_FEATURE_PSFD) || + boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ) + default_xen_spec_ctrl |= SPEC_CTRL_PSFD; /* * PV guests can poison the RSB to any virtual address from which -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:34:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:34:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365607.595861 (Exim 4.92) (envelope-from ) id 1oBCHO-0002kj-QX; Tue, 12 Jul 2022 09:34:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365607.595861; Tue, 12 Jul 2022 09:34:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHO-0002kc-O3; Tue, 12 Jul 2022 09:34:06 +0000 Received: by outflank-mailman (input) for mailman id 365607; Tue, 12 Jul 2022 09:34:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHN-0002kU-Eh for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHN-00010s-Dm for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBCHN-0001YL-D7 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gYBUfTbfSUI73K8HXIeynB/a/rz+3Efw4rnHMhtxxPQ=; b=VDxJfPiRACM9HxJMhKgdJtY8Mt 0RNiSv4ROHaYSQlNGgGd1QRk7VJGBFXZ87qPdKKRwXlX1XlanI7VTBfg0SRhVMWLr3xo+ba7+z1n5 oBeLv2MLjF8BAhsE4mz+BHwBgCQ4GLXt1pgGv0ngNcXKF3kQ6xFQjdD1/CnCTQtyh1Rw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxc: fix compilation error with gcc13 Message-Id: Date: Tue, 12 Jul 2022 09:34:05 +0000 commit 77deab4233b5d9ec5cf214fdc1652424fd4fc9d6 Author: Charles Arnold AuthorDate: Tue Jul 12 11:24:39 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:24:39 2022 +0200 libxc: fix compilation error with gcc13 xc_psr.c:161:5: error: conflicting types for 'xc_psr_cmt_get_data' due to enum/integer mismatch; Signed-off-by: Charles Arnold Reviewed-by: Jan Beulich Acked-by: Anthony PERARD master commit: 8eeae8c2b4efefda8e946461e86cf2ae9c18e5a9 master date: 2022-07-06 13:06:40 +0200 --- tools/include/xenctrl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index 318920166c..2013200b9e 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -2577,7 +2577,7 @@ int xc_psr_cmt_get_l3_event_mask(xc_interface *xch, uint32_t *event_mask); int xc_psr_cmt_get_l3_cache_size(xc_interface *xch, uint32_t cpu, uint32_t *l3_cache_size); int xc_psr_cmt_get_data(xc_interface *xch, uint32_t rmid, uint32_t cpu, - uint32_t psr_cmt_type, uint64_t *monitor_data, + xc_psr_cmt_type type, uint64_t *monitor_data, uint64_t *tsc); int xc_psr_cmt_enabled(xc_interface *xch); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:34:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:34:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365608.595864 (Exim 4.92) (envelope-from ) id 1oBCHY-0002nX-SD; Tue, 12 Jul 2022 09:34:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365608.595864; Tue, 12 Jul 2022 09:34:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHY-0002nQ-Pj; Tue, 12 Jul 2022 09:34:16 +0000 Received: by outflank-mailman (input) for mailman id 365608; Tue, 12 Jul 2022 09:34:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHX-0002nF-HM for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHX-000115-Gb for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBCHX-0001Z8-Fx for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=StTYFRpcPWC+bKg3PNcZKE+c3VB49p+udlstwkgNJGw=; b=e9/FIeebXDRjEGI0P5VHUvNgi8 207yqmVzkDhei/gPfilkQtG/2bBIpHead2taYlQYmy/2fw1MSL+W+yyiptSVsGwWys7jrO1hQv7eP /Wh6O7QeFKMg2BpH4R5YkT4GSZgX6jAENOSLBLvpWuxDHPX5rvfc+zKtalPv2qg0+lbY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option Message-Id: Date: Tue, 12 Jul 2022 09:34:15 +0000 commit 5be1f46f435f8b05608b1eae029cb17d8bd3a560 Author: Andrew Cooper AuthorDate: Tue Jul 12 11:25:05 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:25:05 2022 +0200 x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option This was an oversight from when unpriv-mmio was introduced. Fixes: 8c24b70fedcb ("x86/spec-ctrl: Add spec-ctrl=unpriv-mmio") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 4cdb519d797c19ebb8fadc5938cdb47479d5a21b master date: 2022-07-11 15:21:35 +0100 --- xen/arch/x86/spec_ctrl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 8212227ee0..06790897e4 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -122,6 +122,7 @@ static int __init parse_spec_ctrl(const char *s) opt_l1d_flush = 0; opt_branch_harden = false; opt_srb_lock = 0; + opt_unpriv_mmio = false; } else if ( val > 0 ) rc = -EINVAL; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:34:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:34:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365609.595869 (Exim 4.92) (envelope-from ) id 1oBCHi-0002qY-W7; Tue, 12 Jul 2022 09:34:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365609.595869; Tue, 12 Jul 2022 09:34:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHi-0002qR-Sr; Tue, 12 Jul 2022 09:34:26 +0000 Received: by outflank-mailman (input) for mailman id 365609; Tue, 12 Jul 2022 09:34:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHh-0002q9-Kb for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHh-00011G-Jl for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBCHh-0001aI-Il for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fYrCYV9jHbWw6VfYACzh30JK0AdlHBGhcKg2tNG1OUY=; b=c83ujV9l/JjVgLshOTg2gc8PA8 yCBLObVyhMJmWzkR2B4ri8xuPC7QeIJSSNKrAhxchVZLVPuoNjcx4DhFJVupPYWhXiZWNCm/Xmhvz S8RZe8k/OUdQ4Gu/d6tAgcYOsJnW9Ig85SUbOn4abbt0m6SDKeS4/NpQUNho9ZoeP8EQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xen/cmdline: Extend parse_boolean() to signal a name match Message-Id: Date: Tue, 12 Jul 2022 09:34:25 +0000 commit ae417706870333bb52ebcf33c527809cdd2d7265 Author: Andrew Cooper AuthorDate: Tue Jul 12 11:25:40 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:25:40 2022 +0200 xen/cmdline: Extend parse_boolean() to signal a name match This will help parsing a sub-option which has boolean and non-boolean options available. First, rework 'int val' into 'bool has_neg_prefix'. This inverts it's value, but the resulting logic is far easier to follow. Second, reject anything of the form 'no-$FOO=' which excludes ambiguous constructs such as 'no-$foo=yes' which have never been valid. This just leaves the case where everything is otherwise fine, but parse_bool() can't interpret the provided string. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross Reviewed-by: Jan Beulich master commit: 382326cac528dd1eb0d04efd5c05363c453e29f4 master date: 2022-07-11 15:21:35 +0100 --- xen/common/kernel.c | 20 ++++++++++++++++---- xen/include/xen/lib.h | 3 ++- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index 7a345ae45e..daf9652665 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -272,9 +272,9 @@ int parse_bool(const char *s, const char *e) int parse_boolean(const char *name, const char *s, const char *e) { size_t slen, nlen; - int val = !!strncmp(s, "no-", 3); + bool has_neg_prefix = !strncmp(s, "no-", 3); - if ( !val ) + if ( has_neg_prefix ) s += 3; slen = e ? ({ ASSERT(e >= s); e - s; }) : strlen(s); @@ -286,11 +286,23 @@ int parse_boolean(const char *name, const char *s, const char *e) /* Exact, unadorned name? Result depends on the 'no-' prefix. */ if ( slen == nlen ) - return val; + return !has_neg_prefix; + + /* Inexact match with a 'no-' prefix? Not valid. */ + if ( has_neg_prefix ) + return -1; /* =$SOMETHING? Defer to the regular boolean parsing. */ if ( s[nlen] == '=' ) - return parse_bool(&s[nlen + 1], e); + { + int b = parse_bool(&s[nlen + 1], e); + + if ( b >= 0 ) + return b; + + /* Not a boolean, but the name matched. Signal specially. */ + return -2; + } /* Unrecognised. Give up. */ return -1; diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index 1198c7c0b2..be74981351 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -80,7 +80,8 @@ int parse_bool(const char *s, const char *e); /** * Given a specific name, parses a string of the form: * [no-]$NAME[=...] - * returning 0 or 1 for a recognised boolean, or -1 for an error. + * returning 0 or 1 for a recognised boolean. Returns -1 for general errors, + * and -2 for "not a boolean, but $NAME= matches". */ int parse_boolean(const char *name, const char *s, const char *e); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:34:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:34:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365610.595873 (Exim 4.92) (envelope-from ) id 1oBCHt-0002te-19; Tue, 12 Jul 2022 09:34:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365610.595873; Tue, 12 Jul 2022 09:34:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHs-0002tW-Um; Tue, 12 Jul 2022 09:34:36 +0000 Received: by outflank-mailman (input) for mailman id 365610; Tue, 12 Jul 2022 09:34:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHr-0002tK-NS for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCHr-00011g-Mc for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBCHr-0001b9-M0 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MPotyMg2FAIPyITT9pqn0ukCQRH1rSn0zEYUI3zDiFU=; b=VnQktM4Y3LZL0/buHghrzGb0g3 bbV2onOvh9zuf7BDxOVfTudOidpbAtM7O3TDl9UFU0JnVyTotJLAyIqtN7xx7Ad8uA01mYvGLEyW3 Bx3S6HwLTj97KlOl96VBfbQz5ZJxPM5rl57wILgrprHjr1Obr5mp2s9XxKzFVCyRZyds=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Message-Id: Date: Tue, 12 Jul 2022 09:34:35 +0000 commit 08bfd4d01185e94fda1be9dd79a981d890a9085e Author: Andrew Cooper AuthorDate: Tue Jul 12 11:26:14 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:26:14 2022 +0200 x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Support controling the PV/HVM suboption of msr-sc/rsb/md-clear, which previously wasn't possible. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 27357c394ba6e1571a89105b840ce1c6f026485c master date: 2022-07-11 15:21:35 +0100 --- docs/misc/xen-command-line.pandoc | 12 +++++-- xen/arch/x86/spec_ctrl.c | 66 +++++++++++++++++++++++++++++++++------ 2 files changed, 66 insertions(+), 12 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 1db3da9ef7..b06db5f654 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2169,7 +2169,8 @@ not be able to control the state of the mitigation. By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) -> `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, +> `= List of [ , xen=, {pv,hvm}=, +> {msr-sc,rsb,md-clear}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2194,12 +2195,17 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The booleans `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` offer fine +The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and Xen's ability to virtualise support for guests to use. +protect itself, and/or Xen's ability to virtualise support for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. +* Each other option can be used either as a plain boolean + (e.g. `spec-ctrl=rsb` to control both the PV and HVM sub-options), or with + `pv=` or `hvm=` subsuboptions (e.g. `spec-ctrl=rsb=no-hvm` to disable HVM + RSB only). + * `msr-sc=` offers control over Xen's support for manipulating `MSR_SPEC_CTRL` on entry and exit. These blocks are necessary to virtualise support for guests and if disabled, guests will be unable to use IBRS/STIBP/SSBD/etc. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 06790897e4..225fe08259 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -147,20 +147,68 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_md_clear_hvm = val; } - else if ( (val = parse_boolean("msr-sc", s, ss)) >= 0 ) + else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { - opt_msr_sc_pv = val; - opt_msr_sc_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_msr_sc_pv = opt_msr_sc_hvm = val; + break; + + case -2: + s += strlen("msr-sc="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_msr_sc_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_msr_sc_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("rsb", s, ss)) >= 0 ) + else if ( (val = parse_boolean("rsb", s, ss)) != -1 ) { - opt_rsb_pv = val; - opt_rsb_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_rsb_pv = opt_rsb_hvm = val; + break; + + case -2: + s += strlen("rsb="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_rsb_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_rsb_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("md-clear", s, ss)) >= 0 ) + else if ( (val = parse_boolean("md-clear", s, ss)) != -1 ) { - opt_md_clear_pv = val; - opt_md_clear_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_md_clear_pv = opt_md_clear_hvm = val; + break; + + case -2: + s += strlen("md-clear="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_md_clear_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_md_clear_hvm = val; + else + default: + rc = -EINVAL; + break; + } } /* Xen's speculative sidechannel mitigation settings. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:34:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:34:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365611.595877 (Exim 4.92) (envelope-from ) id 1oBCI3-0002wc-2r; Tue, 12 Jul 2022 09:34:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365611.595877; Tue, 12 Jul 2022 09:34:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCI3-0002wU-08; Tue, 12 Jul 2022 09:34:47 +0000 Received: by outflank-mailman (input) for mailman id 365611; Tue, 12 Jul 2022 09:34:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCI1-0002wH-QA for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCI1-00011o-PN for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBCI1-0001dK-Of for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iES22tXTRmKOluouchutg6IoNvGX90VVgwu4KHCzwcM=; b=Jz22Y5TgRvMgTIfP5ZSj8ME5yb 7ndX8akKchKOxxbcyyJKwlrn4ZNkPnNG/fkwQ5+g6NW2AWOvP+tXu+pchGJSaCU9nO/8aAJyK2bDT /nXCwgeMbTWW6NCPJyB3tbgPb9buMFZ5xwGmcoxBReBnPGTpJrFBGLN28i3xdwh2nHyA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] tools/helpers: fix build of xen-init-dom0 with -Werror Message-Id: Date: Tue, 12 Jul 2022 09:34:45 +0000 commit f241cc48dabeef6cb0b381db62f2562b0a3970eb Author: Anthony PERARD AuthorDate: Tue Jul 12 11:26:47 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:26:47 2022 +0200 tools/helpers: fix build of xen-init-dom0 with -Werror Missing prototype of asprintf() without _GNU_SOURCE. Signed-off-by: Anthony PERARD Reviewed-by: Henry Wang master commit: d693b22733044d68e9974766b5c9e6259c9b1708 master date: 2022-07-12 08:38:35 +0200 --- tools/helpers/xen-init-dom0.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/helpers/xen-init-dom0.c b/tools/helpers/xen-init-dom0.c index c99224a4b6..b4861c9e80 100644 --- a/tools/helpers/xen-init-dom0.c +++ b/tools/helpers/xen-init-dom0.c @@ -1,3 +1,5 @@ +#define _GNU_SOURCE + #include #include #include -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:34:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:34:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365612.595881 (Exim 4.92) (envelope-from ) id 1oBCID-0002zP-4U; Tue, 12 Jul 2022 09:34:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365612.595881; Tue, 12 Jul 2022 09:34:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCID-0002zI-1i; Tue, 12 Jul 2022 09:34:57 +0000 Received: by outflank-mailman (input) for mailman id 365612; Tue, 12 Jul 2022 09:34:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCIB-0002z4-Sy for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCIB-000124-SF for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBCIB-0001eB-Rh for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:34:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JSfdTBZQF3Wbs+zBiMDLhiKpgoOPEWpqoA0MwLdNSUM=; b=A9jdqVMLaznVEM05yV4EnAd8De Y0QN/hgkDUDmfApXkYcaDc3X3AQa65BqWJxSB2nhBCnfcOlPmicFG27uKP8aCIYh5kctJf238/l8M f5a3ghGaAYqRqfAXR3A5dx0slUcIpV+1923DqUJncD4qeC9gfEOx3/W85936W9BZ89VQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl: check return value of libxl__xs_directory in name2bdf Message-Id: Date: Tue, 12 Jul 2022 09:34:55 +0000 commit d470a54087e0fbd813dae4d773ad0b830eeec4a1 Author: Anthony PERARD AuthorDate: Tue Jul 12 11:26:58 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:26:58 2022 +0200 libxl: check return value of libxl__xs_directory in name2bdf libxl__xs_directory() can potentially return NULL without setting `n`. As `n` isn't initialised, we need to check libxl__xs_directory() return value before checking `n`. Otherwise, `n` might be non-zero with `bdfs` NULL which would lead to a segv. Fixes: 57bff091f4 ("libxl: add 'name' field to 'libxl_device_pci' in the IDL...") Reported-by: "G.R." Signed-off-by: Anthony PERARD Reviewed-by: Juergen Gross Tested-by: "G.R." master commit: d778089ac70e5b8e3bdea0c85fc8c0b9ed0eaf2f master date: 2022-07-12 08:38:51 +0200 --- tools/libs/light/libxl_pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_pci.c b/tools/libs/light/libxl_pci.c index 92bf86b2be..a5f5cdf62b 100644 --- a/tools/libs/light/libxl_pci.c +++ b/tools/libs/light/libxl_pci.c @@ -859,7 +859,7 @@ static int name2bdf(libxl__gc *gc, libxl_device_pci *pci) int rc = ERROR_NOTFOUND; bdfs = libxl__xs_directory(gc, XBT_NULL, PCI_INFO_PATH, &n); - if (!n) + if (!bdfs || !n) goto out; for (i = 0; i < n; i++) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 09:35:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 09:35:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365613.595884 (Exim 4.92) (envelope-from ) id 1oBCIN-00032D-5v; Tue, 12 Jul 2022 09:35:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365613.595884; Tue, 12 Jul 2022 09:35:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCIN-000326-3R; Tue, 12 Jul 2022 09:35:07 +0000 Received: by outflank-mailman (input) for mailman id 365613; Tue, 12 Jul 2022 09:35:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCIM-00031x-0X for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:35:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBCIL-00012R-VB for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:35:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBCIL-0001fD-UQ for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 09:35:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GVeP38/YJyihe9U0EmF6HZPUS8A1+NnBbve84/Cx0eg=; b=ncWsH0n/9FQjO/HwMTche+3rkj n3IGZHfUEoI9CVDrGMUR9/P43N0+YhgRH6b/eqY0jdzK2Ja9EBRDhN2xEj6nyiq7a6wR/Jhl31Ssc gZipaJShKyvm966EUKuaP4rVcFPMVnLMiM7TajLZ5q03gFWqc1Ej8vVdNDUICwSk4EoM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] update Xen version to 4.15.4-pre Message-Id: Date: Tue, 12 Jul 2022 09:35:05 +0000 commit 505771bb1dffdf6f763fad18ee49a913b98abfea Author: Jan Beulich AuthorDate: Tue Jul 12 11:28:33 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:28:33 2022 +0200 update Xen version to 4.15.4-pre --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index e9a88325c4..cd66bb3b1c 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 15 -export XEN_EXTRAVERSION ?= .3$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .4-pre$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 13:33:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 13:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365715.596017 (Exim 4.92) (envelope-from ) id 1oBG0f-0000Si-91; Tue, 12 Jul 2022 13:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365715.596017; Tue, 12 Jul 2022 13:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBG0f-0000Sa-6C; Tue, 12 Jul 2022 13:33:05 +0000 Received: by outflank-mailman (input) for mailman id 365715; Tue, 12 Jul 2022 13:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBG0e-0000SL-5e for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 13:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBG0e-0006Te-3P for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 13:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBG0e-0006Jk-2a for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 13:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CyatW5OrpCP3+xi3uAEYwPornIEGdj82eCDT4cNbYVw=; b=lbKz3kYZX549s9Y3vYjuO/ZHX9 xuIkR0cxRPjlUjkteSAd2cKuDY7Hthg5tRocCgrSsoZFYnwSYfVO35SoCJhO3V4EhWheEWHk1Ryb/ Wt39aJa9mBTNUZJ1idFg+l/neV1BcnzCB5UzUYHuW3HnqIiZhV+VHKeijBeTCVGy+ckg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] MAINTAINERS: Make Daniel P. Smith sole XSM maintainer Message-Id: Date: Tue, 12 Jul 2022 13:33:04 +0000 commit a7f006bb31da0a0e7a976c502ee328f402c044a7 Author: George Dunlap AuthorDate: Tue Jul 12 15:24:30 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 15:24:30 2022 +0200 MAINTAINERS: Make Daniel P. Smith sole XSM maintainer While mail hasn't been bouncing, Daniel De Graaf has not been responding to patch submissions or otherwise interacting with the community for several years. Daniel Smith has at least been working with the code, and is a regular member of our community; and he has agreed to step up into the role. Signed-off-by: George Dunlap Acked-by: Stefano Stabellini --- MAINTAINERS | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 8a99526784..e12c499a28 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -649,8 +649,7 @@ F: xen/common/trace.c F: xen/include/xen/trace.h XSM/FLASK -M: Daniel De Graaf -R: Daniel P. Smith +M: Daniel P. Smith S: Supported F: tools/flask/ F: xen/include/xsm/ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 13:33:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 13:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365718.596021 (Exim 4.92) (envelope-from ) id 1oBG0p-0000ZS-AG; Tue, 12 Jul 2022 13:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365718.596021; Tue, 12 Jul 2022 13:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBG0p-0000ZK-7h; Tue, 12 Jul 2022 13:33:15 +0000 Received: by outflank-mailman (input) for mailman id 365718; Tue, 12 Jul 2022 13:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBG0o-0000Xo-7H for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 13:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBG0o-0006U9-6P for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 13:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBG0o-0006KE-5b for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 13:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=R5Yxby9W5vEAXLCA/XP/dMZsDRSUEKl/m/6hJOL4+eE=; b=R+aBWGAcyV46MpClGmGGM1QTiA DhfjsJXtG+7B4OLy7M9TAMV9cKhzwPg2clhDTFEHjdgGBhIMxlBrqJeKFY8NxN78+zKTSUFHQj5Qa 6wvyJquL/cl91K5BU3T4eun21qwcEiZlq+zFTVh4rFEhNWmToBzF6CeR2n+XUoMdTYqw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xl: relax freemem()'s retry calculation Message-Id: Date: Tue, 12 Jul 2022 13:33:14 +0000 commit e58370df76eacf1f7ca0340e9b96430c77b41a79 Author: Jan Beulich AuthorDate: Tue Jul 12 15:25:00 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 15:25:00 2022 +0200 xl: relax freemem()'s retry calculation While in principle possible also under other conditions as long as other parallel operations potentially consuming memory aren't "locked out", in particular with IOMMU large page mappings used in Dom0 (for PV when in strict mode; for PVH when not sharing page tables with HAP) ballooning out of individual pages can actually lead to less free memory available afterwards. This is because to split a large page, one or more page table pages are necessary (one per level that is split). When rebooting a guest I've observed freemem() to fail: A single page was required to be ballooned out (presumably because of heap fragmentation in the hypervisor). This ballooning out of a single page of course went fast, but freemem() then found that it would require to balloon out another page. This repeating just another time leads to the function to signal failure to the caller - without having come anywhere near the designated 30s that the whole process is allowed to not make any progress at all. Convert from a simple retry count to actually calculating elapsed time, subtracting from an initial credit of 30s. Don't go as far as limiting the "wait_secs" value passed to libxl_wait_for_memory_target(), though. While this leads to the overall process now possibly taking longer (if the previous iteration ended very close to the intended 30s), this compensates to some degree for the value passed really meaning "allowed to run for this long without making progress". Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD --- tools/xl/xl_vmcontrol.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/xl/xl_vmcontrol.c b/tools/xl/xl_vmcontrol.c index d081c6c290..cd338a5422 100644 --- a/tools/xl/xl_vmcontrol.c +++ b/tools/xl/xl_vmcontrol.c @@ -321,7 +321,8 @@ static int domain_wait_event(uint32_t domid, libxl_event **event_r) */ static bool freemem(uint32_t domid, libxl_domain_config *d_config) { - int rc, retries = 3; + int rc; + double credit = 30; uint64_t need_memkb, free_memkb; if (!autoballoon) @@ -332,6 +333,8 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) return false; do { + time_t start; + rc = libxl_get_free_memory(ctx, &free_memkb); if (rc < 0) return false; @@ -345,12 +348,13 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) /* wait until dom0 reaches its target, as long as we are making * progress */ + start = time(NULL); rc = libxl_wait_for_memory_target(ctx, 0, 10); if (rc < 0) return false; - retries--; - } while (retries > 0); + credit -= difftime(time(NULL), start); + } while (credit > 0); return false; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 13:33:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 13:33:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365719.596025 (Exim 4.92) (envelope-from ) id 1oBG0z-0000eT-C9; Tue, 12 Jul 2022 13:33:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365719.596025; Tue, 12 Jul 2022 13:33:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBG0z-0000eJ-9E; Tue, 12 Jul 2022 13:33:25 +0000 Received: by outflank-mailman (input) for mailman id 365719; Tue, 12 Jul 2022 13:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBG0y-0000e8-Av for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 13:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBG0y-0006Up-A8 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 13:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBG0y-0006Kk-8Z for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 13:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kHh6WetKu80KVFliHnOEO2lk+WPRk7MGDe4WAEps5Pc=; b=EJbrrdV3rJItTTFnH9O3cXEbu9 pdp05Tzoe8oZTjW430ylr5f9FSIJgZ5/Kzd04EFIE7+vFR3zRZd7qD6vXKi5/HwGmH8soJ4pvSoUe cct4/UR4k4a3up/FeUCCXiL31RSk2b2ib4ElSDKqlHzBnugnzOqOfEm5V4INtYVuJMQ4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/init-xenstore-domain: fix memory map for PVH stubdom Message-Id: Date: Tue, 12 Jul 2022 13:33:24 +0000 commit 134d53f577076d4f26091e25762f27cc3c73bf58 Author: Juergen Gross AuthorDate: Tue Jul 12 15:25:20 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 15:25:20 2022 +0200 tools/init-xenstore-domain: fix memory map for PVH stubdom In case of maxmem != memsize the E820 map of the PVH stubdom is wrong, as it is missing the RAM above memsize. Additionally the memory map should only specify the Xen special pages as reserved. Signed-off-by: Juergen Gross Reviewed-by: Anthony PERARD --- tools/helpers/init-xenstore-domain.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tools/helpers/init-xenstore-domain.c b/tools/helpers/init-xenstore-domain.c index b4f3c65a8a..2d9ab6f1c5 100644 --- a/tools/helpers/init-xenstore-domain.c +++ b/tools/helpers/init-xenstore-domain.c @@ -71,8 +71,9 @@ static int build(xc_interface *xch) char cmdline[512]; int rv, xs_fd; struct xc_dom_image *dom = NULL; - int limit_kb = (maxmem ? : (memory + 1)) * 1024; + int limit_kb = (maxmem ? : memory) * 1024 + X86_HVM_NR_SPECIAL_PAGES * 4; uint64_t mem_size = MB(memory); + uint64_t max_size = MB(maxmem ? : memory); struct e820entry e820[3]; struct xen_domctl_createdomain config = { .ssidref = SECINITSID_DOMU, @@ -165,13 +166,16 @@ static int build(xc_interface *xch) dom->mmio_start = LAPIC_BASE_ADDRESS; dom->max_vcpus = 1; e820[0].addr = 0; - e820[0].size = dom->lowmem_end; + e820[0].size = (max_size > LAPIC_BASE_ADDRESS) ? + LAPIC_BASE_ADDRESS : max_size; e820[0].type = E820_RAM; - e820[1].addr = LAPIC_BASE_ADDRESS; - e820[1].size = dom->mmio_size; + e820[1].addr = (X86_HVM_END_SPECIAL_REGION - + X86_HVM_NR_SPECIAL_PAGES) << XC_PAGE_SHIFT; + e820[1].size = X86_HVM_NR_SPECIAL_PAGES << XC_PAGE_SHIFT; e820[1].type = E820_RESERVED; e820[2].addr = GB(4); - e820[2].size = dom->highmem_end - GB(4); + e820[2].size = (max_size > LAPIC_BASE_ADDRESS) ? + max_size - LAPIC_BASE_ADDRESS : 0; e820[2].type = E820_RAM; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 13:33:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 13:33:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365720.596029 (Exim 4.92) (envelope-from ) id 1oBG19-0000iU-Do; Tue, 12 Jul 2022 13:33:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365720.596029; Tue, 12 Jul 2022 13:33:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBG19-0000iL-Ar; Tue, 12 Jul 2022 13:33:35 +0000 Received: by outflank-mailman (input) for mailman id 365720; Tue, 12 Jul 2022 13:33:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBG18-0000i8-Dr for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 13:33:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBG18-0006Vf-Cu for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 13:33:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBG18-0006LK-CF for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 13:33:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kkxlfnI0pKeRktKjqY0caK8VM2+Xm5ejnNPa0h3qoqE=; b=lNaWFO9N0bGlmYgndqRbvtN6MK IIuEH9WjhyQ/ed8YOSDc51EjJwMiuqsjOdxn1f3TxtKF81hNwfvVMc8L2G9hFUmL1HWwlbiChXH5H 9xnlR1Rto3n/WJm2yRVB5fadQA/jOP0vw4/p5Yy0mFJNvKK8fDodKzeb5Goc13pLN+H4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/build: remove unneeded enumeration in clean-files of xen/include/Makefile Message-Id: Date: Tue, 12 Jul 2022 13:33:34 +0000 commit 033ae6f88be198b8f56043f94b7076b79b5e447e Author: Juergen Gross AuthorDate: Tue Jul 12 15:25:35 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 15:25:35 2022 +0200 xen/build: remove unneeded enumeration in clean-files of xen/include/Makefile Enumerating a file from $(targets) in $(clean-files) isn't needed. Remove hypercall-defs.h and headers*.chk from $(clean-files) in xen/include/Makefile. Reported-by: Jan Beulich Fixes: eca1f00d0227 ("xen: generate hypercall interface related code") Signed-off-by: Juergen Gross Reviewed-by: Anthony PERARD Acked-by: Jan Beulich --- xen/include/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/include/Makefile b/xen/include/Makefile index 39d9f5556c..65d61fc7f4 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -224,5 +224,5 @@ lib-x86-all: all: lib-x86-all endif -clean-files := compat config generated headers*.chk xen/lib/x86/cpuid-autogen.h -clean-files += xen/hypercall-defs.h hypercall-defs.i +clean-files := compat config generated xen/lib/x86/cpuid-autogen.h +clean-files += hypercall-defs.i -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:44:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:44:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365885.596234 (Exim 4.92) (envelope-from ) id 1oBIzW-0006mI-5g; Tue, 12 Jul 2022 16:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365885.596234; Tue, 12 Jul 2022 16:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBIzW-0006mA-2d; Tue, 12 Jul 2022 16:44:06 +0000 Received: by outflank-mailman (input) for mailman id 365885; Tue, 12 Jul 2022 16:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBIzU-0006m2-TK for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBIzU-00033L-P4 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBIzU-0001nB-OS for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7VgdKR/1DHbiABlbUxk09XX2RO0SBdNwBHT3GjCP3b0=; b=WWFLLLtHem0Many7DQWIRb6/uF ni5uRCrhfO9Q2e5e1bxYWG2Zl7AGRV6NxQEK+3WEdwDQhZ9nPXHFhN8qbG0dSLoBOtQ9PLqkXPmeH mT3pk7+DufdvOlPeeBcvyKWipfOqVhdl0FRr4DyogWcPHxNY5K+0YeoPQOdE9NJBPjjE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Rework spec_ctrl_flags context switching Message-Id: Date: Tue, 12 Jul 2022 16:44:04 +0000 commit 5796912f7279d9348a3166655588d30eae9f72cc Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/spec-ctrl: Rework spec_ctrl_flags context switching We are shortly going to need to context switch new bits in both the vcpu and S3 paths. Introduce SCF_IST_MASK and SCF_DOM_MASK, and rework d->arch.verw into d->arch.spec_ctrl_flags to accommodate. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 8 ++++---- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/include/asm/domain.h | 3 +-- xen/arch/x86/include/asm/spec_ctrl.h | 30 +++++++++++++++++++++++++++++- xen/arch/x86/include/asm/spec_ctrl_asm.h | 3 --- xen/arch/x86/spec_ctrl.c | 9 ++++++--- 6 files changed, 44 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index c4e7e86989..1bb4d78392 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -248,8 +248,8 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; + /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ + ci->spec_ctrl_flags &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -292,8 +292,8 @@ static int enter_state(u32 state) if ( !recheck_cpu_features(0) ) panic("Missing previously available feature(s)\n"); - /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); + /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ + ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 408ee284ed..21dbf7b822 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2123,10 +2123,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the VERW disposition. */ - info->spec_ctrl_flags &= ~SCF_verw; - if ( nextd->arch.verw ) - info->spec_ctrl_flags |= SCF_verw; + /* Update the top-of-stack block with the new spec_ctrl settings. */ + info->spec_ctrl_flags = + (info->spec_ctrl_flags & ~SCF_DOM_MASK) | + (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/domain.h index ad01ee68e1..4e59ca8c4e 100644 --- a/xen/arch/x86/include/asm/domain.h +++ b/xen/arch/x86/include/asm/domain.h @@ -324,8 +324,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - /* Use VERW on return-to-guest for its flushing side effect. */ - bool verw; + uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 7e83e0179f..3cd72e4030 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -20,12 +20,40 @@ #ifndef __X86_SPEC_CTRL_H__ #define __X86_SPEC_CTRL_H__ -/* Encoding of cpuinfo.spec_ctrl_flags */ +/* + * Encoding of: + * cpuinfo.spec_ctrl_flags + * default_spec_ctrl_flags + * domain.spec_ctrl_flags + * + * Live settings are in the top-of-stack block, because they need to be + * accessable when XPTI is active. Some settings are fixed from boot, some + * context switched per domain, and some inhibited in the S3 path. + */ #define SCF_use_shadow (1 << 0) #define SCF_ist_wrmsr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +/* + * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some + * functionality requires updated microcode to work. + * + * On boot, this is easy; we load microcode before figuring out which + * speculative protections to apply. However, on the S3 resume path, we must + * be able to disable the configured mitigations until microcode is reloaded. + * + * These are the controls to inhibit on the S3 resume path until microcode has + * been reloaded. + */ +#define SCF_IST_MASK (SCF_ist_wrmsr) + +/* + * Some speculative protections are per-domain. These settings are merged + * into the top-of-stack block in the context switch path. + */ +#define SCF_DOM_MASK (SCF_verw) + #ifndef __ASSEMBLY__ #include diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 5a590bac44..66b00d511f 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -248,9 +248,6 @@ /* * Use in IST interrupt/exception context. May interrupt Xen or PV context. - * Fine grain control of SCF_ist_wrmsr is needed for safety in the S3 resume - * path to avoid using MSR_SPEC_CTRL before the microcode introducing it has - * been reloaded. */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 328862bdf5..97b0272ecc 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1011,9 +1011,12 @@ void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); - d->arch.verw = - (pv ? opt_md_clear_pv : opt_md_clear_hvm) || - (opt_fb_clear_mmio && is_iommu_enabled(d)); + bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || + (opt_fb_clear_mmio && is_iommu_enabled(d))); + + d->arch.spec_ctrl_flags = + (verw ? SCF_verw : 0) | + 0; } void __init init_speculation_mitigations(void) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:44:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:44:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365886.596237 (Exim 4.92) (envelope-from ) id 1oBIzg-0006oD-7W; Tue, 12 Jul 2022 16:44:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365886.596237; Tue, 12 Jul 2022 16:44:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBIzg-0006o6-4L; Tue, 12 Jul 2022 16:44:16 +0000 Received: by outflank-mailman (input) for mailman id 365886; Tue, 12 Jul 2022 16:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBIze-0006nr-T6 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBIze-00033P-SA for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBIze-0001ng-RO for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mOyg1px5ypg3bx1t64GMj2LKdITJx5pbd9qAq2cruQY=; b=WtzYjPqJ28wOAMHjp93Kf72/Mp iJIYnVdQ98JXHERJ4TZiNSwTENIaaYZuc2tpWsyJn/S8Q8L/BcgCVNld/UzzQcg4hk+bLG5HPCi+R rjl4WE1svmcwG3t4Ak2IMu3ZF0xAMhBroPNeQpPgTaZ+OkRhcIpI+GG9gsCEB20RcHto=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr Message-Id: Date: Tue, 12 Jul 2022 16:44:14 +0000 commit 76d6a36f645dfdbad8830559d4d52caf36efc75e Author: Andrew Cooper AuthorDate: Tue Jun 28 14:36:56 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr We are about to introduce SCF_ist_ibpb, at which point SCF_ist_wrmsr becomes ambiguous. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/spec_ctrl.h | 4 ++-- xen/arch/x86/include/asm/spec_ctrl_asm.h | 8 ++++---- xen/arch/x86/spec_ctrl.c | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 3cd72e4030..f8f0ac47e7 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -31,7 +31,7 @@ * context switched per domain, and some inhibited in the S3 path. */ #define SCF_use_shadow (1 << 0) -#define SCF_ist_wrmsr (1 << 1) +#define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) @@ -46,7 +46,7 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_wrmsr) +#define SCF_IST_MASK (SCF_ist_sc_msr) /* * Some speculative protections are per-domain. These settings are merged diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 66b00d511f..0ff1b118f8 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -266,8 +266,8 @@ .L\@_skip_rsb: - test $SCF_ist_wrmsr, %al - jz .L\@_skip_wrmsr + test $SCF_ist_sc_msr, %al + jz .L\@_skip_msr_spec_ctrl xor %edx, %edx testb $3, UREGS_cs(%rsp) @@ -290,7 +290,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * to speculate around the WRMSR. As a result, we need a dispatch * serialising instruction in the else clause. */ -.L\@_skip_wrmsr: +.L\@_skip_msr_spec_ctrl: lfence UNLIKELY_END(\@_serialise) .endm @@ -301,7 +301,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %rbx=stack_end * Clobbers %rax, %rcx, %rdx */ - testb $SCF_ist_wrmsr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) + testb $SCF_ist_sc_msr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) jz .L\@_skip DO_SPEC_CTRL_EXIT_TO_XEN diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 97b0272ecc..0ef46ee175 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1116,7 +1116,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1127,7 +1127,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1140,7 +1140,7 @@ void __init init_speculation_mitigations(void) * on real hardware matches the availability of MSR_SPEC_CTRL in the * first place. * - * No need for SCF_ist_wrmsr because Xen's value is restored + * No need for SCF_ist_sc_msr because Xen's value is restored * atomically WRT NMIs in the VMExit path. * * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:44:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:44:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365887.596242 (Exim 4.92) (envelope-from ) id 1oBIzq-0006ra-Aw; Tue, 12 Jul 2022 16:44:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365887.596242; Tue, 12 Jul 2022 16:44:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBIzq-0006rS-8D; Tue, 12 Jul 2022 16:44:26 +0000 Received: by outflank-mailman (input) for mailman id 365887; Tue, 12 Jul 2022 16:44:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBIzp-0006qy-0j for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBIzo-00033h-W4 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBIzo-0001o9-UV for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=u7dJvC2YfblTzoCZxTFLUly9OsVxFfW5dL7ULTc+erI=; b=E7+h+PDY1RnVuFaGQlx1im414D w+OWntEH/U5YzuGIATJkNCXC8jiuSka/JvaK8uMHk4gKiTiZnSv/R+byuxjVk/qiZ30NTWmWXzx4s XG2B++0GLtZlyxfsYzknTswLJV3OkGi7BQw4MBK/oaf4Ev059zW2DWRsY5RCjbCaTCQc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch Message-Id: Date: Tue, 12 Jul 2022 16:44:24 +0000 commit a8e5ef079d6f5c88c472e3e620db5a8d1402a50d Author: Andrew Cooper AuthorDate: Mon Jul 4 21:32:17 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch We are about to introduce the use of IBPB at different points in Xen, making opt_ibpb ambiguous. Rename it to opt_ibpb_ctxt_switch. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/domain.c | 2 +- xen/arch/x86/include/asm/spec_ctrl.h | 2 +- xen/arch/x86/spec_ctrl.c | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 21dbf7b822..532b87e8af 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2095,7 +2095,7 @@ void context_switch(struct vcpu *prev, struct vcpu *next) ctxt_switch_levelling(next); - if ( opt_ibpb && !is_idle_domain(nextd) ) + if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) ) { static DEFINE_PER_CPU(unsigned int, last); unsigned int *last_id = &this_cpu(last); diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index f8f0ac47e7..fb43655756 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -63,7 +63,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb; +extern bool opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0ef46ee175..ede0a27c0f 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -54,7 +54,7 @@ int8_t __initdata opt_stibp = -1; bool __ro_after_init opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb = true; +bool __read_mostly opt_ibpb_ctxt_switch = true; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; static bool __initdata opt_branch_harden = true; @@ -117,7 +117,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_thunk = THUNK_JMP; opt_ibrs = 0; - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; opt_ssbd = false; opt_l1d_flush = 0; opt_branch_harden = false; @@ -238,7 +238,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + opt_ibpb_ctxt_switch = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -458,7 +458,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", - opt_ibpb ? " IBPB" : "", + opt_ibpb_ctxt_switch ? " IBPB-ctxt" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm || opt_fb_clear_mmio ? " VERW" : "", @@ -1241,7 +1241,7 @@ void __init init_speculation_mitigations(void) /* Check we have hardware IBPB support before using it... */ if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:44:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:44:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365888.596247 (Exim 4.92) (envelope-from ) id 1oBJ00-0006uU-Cc; Tue, 12 Jul 2022 16:44:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365888.596247; Tue, 12 Jul 2022 16:44:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ00-0006uM-9c; Tue, 12 Jul 2022 16:44:36 +0000 Received: by outflank-mailman (input) for mailman id 365888; Tue, 12 Jul 2022 16:44:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBIzz-0006u9-3m for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBIzz-00034E-2t for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBIzz-0001oY-29 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=76GDdaYZdAwytAxdAdCd6LUqeuYNyQc8RrTubsM3MHM=; b=U6jUTM0vrcg3IuP4Uzpy9od3gk Q2X6zNAsXPTDZLa34M6DEw7oki3BNBRoYO4uHH0acW9xzZSqGAgGpLDpn3ec7fbzc/SV61QqQWh6d 67FWtdZcakJKAhNXx1ZVbArHfu6nIKh92O2PfSSuuRCFSYX9Qutc5zdEEuikxranA4uw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST Message-Id: Date: Tue, 12 Jul 2022 16:44:35 +0000 commit e9b8d31981f184c6539f91ec54bd9cae29cdae36 Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST We are shortly going to add a conditional IBPB in this path. Therefore, we cannot hold spec_ctrl_flags in %eax, and rely on only clobbering it after we're done with its contents. %rbx is available for use, and the more normal register to hold preserved information in. With %rax freed up, use it instead of %rdx for the RSB tmp register, and for the adjustment to spec_ctrl_flags. This leaves no use of %rdx, except as 0 for the upper half of WRMSR. In practice, %rdx is 0 from SAVE_ALL on all paths and isn't likely to change in the foreseeable future, so update the macro entry requirements to state this dependency. This marginal optimisation can be revisited if circumstances change. No practical change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 21 ++++++++++----------- xen/arch/x86/x86_64/entry.S | 4 ++-- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 0ff1b118f8..15e24cde00 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -251,34 +251,33 @@ */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* - * Requires %rsp=regs, %r14=stack_end - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY * maybexen=1, but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %eax + movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx - test $SCF_ist_rsb, %al + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb - DO_OVERWRITE_RSB tmp=rdx /* Clobbers %rcx/%rdx */ + DO_OVERWRITE_RSB /* Clobbers %rax/%rcx */ .L\@_skip_rsb: - test $SCF_ist_sc_msr, %al + test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl - xor %edx, %edx + xor %eax, %eax testb $3, UREGS_cs(%rsp) - setnz %dl - not %edx - and %dl, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + setnz %al + not %eax + and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax - xor %edx, %edx wrmsr /* Opencoded UNLIKELY_START() with no condition. */ diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index ea6f0afbc2..5ad5c36128 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -966,7 +966,7 @@ ENTRY(double_fault) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rbx @@ -1002,7 +1002,7 @@ handle_ist_exception: GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:44:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:44:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365889.596250 (Exim 4.92) (envelope-from ) id 1oBJ0A-0006wv-Dh; Tue, 12 Jul 2022 16:44:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365889.596250; Tue, 12 Jul 2022 16:44:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0A-0006wn-B3; Tue, 12 Jul 2022 16:44:46 +0000 Received: by outflank-mailman (input) for mailman id 365889; Tue, 12 Jul 2022 16:44:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ09-0006we-72 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ09-00034S-69 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ09-0001pE-5M for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XQ/SPO4/IjCA/kZzlmNZzFT3ciLH8B4DM4jbxHAf7lM=; b=2o0KdhtAFPTyb9Kw8JATgofPCb XlHmqKXlFFlBI+fFsb/Tyt3GvYwLshX8MpjF3I/KaoTch5zTklJPMad+l4O6oyC1F/w1bk156Gy7O /MsUTxcGmFloLnB6HMMew3AS1mwphRgqm1q3JMSUx7f0/8E3rAdWfutPiSJdyrcVCay0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Support IBPB-on-entry Message-Id: Date: Tue, 12 Jul 2022 16:44:45 +0000 commit 53a570b285694947776d5190f591a0d5b9b18de7 Author: Andrew Cooper AuthorDate: Thu Feb 24 13:44:33 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/spec-ctrl: Support IBPB-on-entry We are going to need this to mitigate Branch Type Confusion on AMD/Hygon CPUs, but as we've talked about using it in other cases too, arrange to support it generally. However, this is also very expensive in some cases, so we're going to want per-domain controls. Introduce SCF_ist_ibpb and SCF_entry_ibpb controls, adding them to the IST and DOM masks as appropriate. Also introduce X86_FEATURE_IBPB_ENTRY_{PV,HVM} to to patch the code blocks. For SVM, the STGI is serialising enough to protect against Spectre-v1 attacks, so no "else lfence" is necessary. VT-x will use use the MSR host load list, so doesn't need any code in the VMExit path. For the IST path, we can't safely check CPL==0 to skip a flush, as we might have hit an entry path before it's IBPB. As IST hitting Xen is rare, flush irrespective of CPL. A later path, SCF_ist_sc_msr, provides Spectre-v1 safety. For the PV paths, we know we're interrupting CPL>0, while for the INTR paths, we can safely check CPL==0. Only flush when interrupting guest context. An "else lfence" is needed for safety, but we want to be able to skip it on unaffected CPUs, so the block wants to be an alternative, which means the lfence has to be inline rather than UNLIKELY() (the replacement block doesn't have displacements fixed up for anything other than the first instruction). As with SPEC_CTRL_ENTRY_FROM_INTR_IST, %rdx is 0 on entry so rely on this to shrink the logic marginally. Update the comments to specify this new dependency. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 18 +++++++++++- xen/arch/x86/hvm/vmx/vmcs.c | 4 +++ xen/arch/x86/include/asm/cpufeatures.h | 2 ++ xen/arch/x86/include/asm/spec_ctrl.h | 6 ++-- xen/arch/x86/include/asm/spec_ctrl_asm.h | 49 ++++++++++++++++++++++++++++++-- xen/arch/x86/x86_64/compat/entry.S | 2 +- xen/arch/x86/x86_64/entry.S | 12 ++++---- 7 files changed, 81 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 4ae55a2ef6..0ff4008060 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -97,7 +97,19 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + + .macro svm_vmexit_cond_ibpb + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + jz .L_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr +.L_skip_ibpb: + .endm + ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM .macro svm_vmexit_spec_ctrl @@ -114,6 +126,10 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ + /* + * STGI is executed unconditionally, and is sufficiently serialising + * to safely resolve any Spectre-v1 concerns in the above logic. + */ stgi GLOBAL(svm_stgi_label) mov %rsp,%rdi diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 683c650d77..4f12fa06ac 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1335,6 +1335,10 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); + if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, + VMX_MSR_HOST); + out: vmx_vmcs_exit(v); diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 493d338a08..672c9ee22b 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -39,6 +39,8 @@ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ +XEN_CPUFEATURE(IBPB_ENTRY_PV, X86_SYNTH(28)) /* MSR_PRED_CMD used by Xen for PV */ +XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for HVM */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index fb43655756..3fc599a817 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -34,6 +34,8 @@ #define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +#define SCF_ist_ibpb (1 << 4) +#define SCF_entry_ibpb (1 << 5) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -46,13 +48,13 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_sc_msr) +#define SCF_IST_MASK (SCF_ist_sc_msr | SCF_ist_ibpb) /* * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) #ifndef __ASSEMBLY__ diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 15e24cde00..9eb4ad9ab7 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -88,6 +88,35 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ +.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +/* + * Requires %rsp=regs (also cpuinfo if !maybexen) + * Requires %r14=stack_end (if maybexen), %rdx=0 + * Clobbers %rax, %rcx, %rdx + * + * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen + * case, we can safely look at UREGS_cs to skip taking the hit when + * interrupting Xen. + */ + .if \maybexen + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + jz .L\@_skip + testb $3, UREGS_cs(%rsp) + .else + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + .endif + jz .L\@_skip + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + jmp .L\@_done + +.L\@_skip: + lfence +.L\@_done: +.endm + .macro DO_OVERWRITE_RSB tmp=rax /* * Requires nothing @@ -225,12 +254,16 @@ /* Use after an entry from PV context (syscall/sysenter/int80/int82/etc). */ #define SPEC_CTRL_ENTRY_FROM_PV \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV /* Use in interrupt/exception context. May interrupt Xen or PV context. */ #define SPEC_CTRL_ENTRY_FROM_INTR \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV @@ -254,11 +287,23 @@ * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rbx, %rcx, %rdx * - * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY - * maybexen=1, but with conditionals rather than alternatives. + * This is logical merge of: + * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_OVERWRITE_RSB + * DO_SPEC_CTRL_ENTRY maybexen=1 + * but with conditionals rather than alternatives. */ movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + test $SCF_ist_ibpb, %bl + jz .L\@_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + +.L\@_skip_ibpb: + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 5fd6dbbd45..b86d38d1c5 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -18,7 +18,7 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, 4(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ CR4_PV32_RESTORE diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 5ad5c36128..26bf2f1941 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -260,7 +260,7 @@ ENTRY(lstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -298,7 +298,7 @@ ENTRY(cstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -338,7 +338,7 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -392,7 +392,7 @@ ENTRY(int80_direct_trap) movl $0x80, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -674,7 +674,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -708,7 +708,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:44:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:44:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365890.596254 (Exim 4.92) (envelope-from ) id 1oBJ0K-000703-Fd; Tue, 12 Jul 2022 16:44:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365890.596254; Tue, 12 Jul 2022 16:44:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0K-0006zv-Cf; Tue, 12 Jul 2022 16:44:56 +0000 Received: by outflank-mailman (input) for mailman id 365890; Tue, 12 Jul 2022 16:44:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0J-0006zl-A1 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0J-00034c-9D for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ0J-0001pu-8Z for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:44:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6tNdxNNn/vnn6cWT5DXjdbp4XJfq9HD/b69QDaNyF+g=; b=fZrf4FP55bo1gGvvjU5/fcYCue rSCLiH5GhwhVZV768UgtFjChk8vvqBXhrzfENTy2wEd97EIrRYqtMdYLtBXC9hsF3girw8DL9OLxP wLB2heACI6UWtMB/QorhlmmBryILmqNPSi2rUyD+pNKHuIuBaDsy3tv0UD5JGofzR47c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cpuid: Enumeration for BTC_NO Message-Id: Date: Tue, 12 Jul 2022 16:44:55 +0000 commit 76cb04ad64f3ab9ae785988c40655a71dde9c319 Author: Andrew Cooper AuthorDate: Mon May 16 15:48:24 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/cpuid: Enumeration for BTC_NO BTC_NO indicates that hardware is not succeptable to Branch Type Confusion. Zen3 CPUs don't suffer BTC. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/cpu/amd.c | 10 ++++++++++ xen/arch/x86/spec_ctrl.c | 5 +++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index 67ba72dd84..f4735b1c13 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -289,6 +289,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1}, {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, + {"btc-no", 0x80000008, NA, CPUID_REG_EBX, 29, 1}, {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index a9e0fb5d17..1e6b077ba4 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -160,7 +160,7 @@ static const char *const str_e8b[32] = /* [22] */ [23] = "ppin", [24] = "amd-ssbd", [25] = "virt-ssbd", [26] = "ssb-no", - [28] = "psfd", + [28] = "psfd", [29] = "btc-no", }; static const char *const str_7d0[32] = diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index f1d11a1cb7..618c7d5b2a 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -847,6 +847,16 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) warning_add(text); } break; + + case 0x19: + /* + * Zen3 (Fam19h model < 0x10) parts are not susceptible to + * Branch Type Confusion, but predate the allocation of the + * BTC_NO bit. Fill it back in if we're not virtualised. + */ + if (!cpu_has_hypervisor && !cpu_has(c, X86_FEATURE_BTC_NO)) + __set_bit(X86_FEATURE_BTC_NO, c->x86_capability); + break; } display_cacheinfo(c); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ede0a27c0f..e5ea2c5c6c 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -388,7 +388,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * Hardware read-only information, stating immunity to certain issues, or * suggestions of which mitigation to use. */ - printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", @@ -403,7 +403,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (e8b & cpufeat_mask(X86_FEATURE_IBRS_ALWAYS)) ? " IBRS_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", - (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : ""); + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : "", + (e8b & cpufeat_mask(X86_FEATURE_BTC_NO)) ? " BTC_NO" : ""); /* Hardware features which need driving to mitigate issues. */ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 1016989410..c9c4683557 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -268,6 +268,7 @@ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(BTC_NO, 8*32+29) /*A Hardware not vulnerable to Branch Type Confusion */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:45:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:45:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365891.596258 (Exim 4.92) (envelope-from ) id 1oBJ0U-00073a-J0; Tue, 12 Jul 2022 16:45:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365891.596258; Tue, 12 Jul 2022 16:45:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0U-00073S-G7; Tue, 12 Jul 2022 16:45:06 +0000 Received: by outflank-mailman (input) for mailman id 365891; Tue, 12 Jul 2022 16:45:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0T-00073J-D4 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0T-00035H-CA for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ0T-0001qn-BU for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=H5Tbr22vnjqYzQmKmSLwUpgziMOq0e+/9AhRwCXeXrY=; b=WO45Gt6TYXTV/rWMX+XZ++lAMe buuI87WG9HTPBr4qPagJhCBydF69UusK1COCbvSg2Kh8swweTwFRLyFw5CB0rLbsRIZbDhysVBP6m hAAFqi7FbrbExZaqto4C8/b7dq8nObivsX2hMIXJTqLy6SmORZ/af60hpggR/J0r3XzM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Enable Zen2 chickenbit Message-Id: Date: Tue, 12 Jul 2022 16:45:05 +0000 commit 9deaf2d932f08c16c6b96a1c426e4b1142c0cdbe Author: Andrew Cooper AuthorDate: Tue Mar 15 18:30:25 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/spec-ctrl: Enable Zen2 chickenbit ... as instructed in the Branch Type Confusion whitepaper. This is part of XSA-407. Signed-off-by: Andrew Cooper --- xen/arch/x86/cpu/amd.c | 28 ++++++++++++++++++++++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 6 ++++++ xen/arch/x86/include/asm/msr-index.h | 1 + 4 files changed, 36 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 618c7d5b2a..29c59bcba4 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -731,6 +731,31 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) printk_once(XENLOG_ERR "No SSBD controls available\n"); } +/* + * On Zen2 we offer this chicken (bit) on the altar of Speculation. + * + * Refer to the AMD Branch Type Confusion whitepaper: + * https://XXX + * + * Setting this unnamed bit supposedly causes prediction information on + * non-branch instructions to be ignored. It is to be set unilaterally in + * newer microcode. + * + * This chickenbit is something unrelated on Zen1, and Zen1 vs Zen2 isn't a + * simple model number comparison, so use STIBP as a heuristic to separate the + * two uarches in Fam17h(AMD)/18h(Hygon). + */ +void amd_init_spectral_chicken(void) +{ + uint64_t val, chickenbit = 1 << 1; + + if (cpu_has_hypervisor || !boot_cpu_has(X86_FEATURE_AMD_STIBP)) + return; + + if (rdmsr_safe(MSR_AMD64_DE_CFG2, val) == 0 && !(val & chickenbit)) + wrmsr_safe(MSR_AMD64_DE_CFG2, val | chickenbit); +} + void __init detect_zen2_null_seg_behaviour(void) { uint64_t base; @@ -796,6 +821,9 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) amd_init_ssbd(c); + if (c->x86 == 0x17) + amd_init_spectral_chicken(); + /* Probe for NSCB on Zen2 CPUs when not virtualised */ if (!cpu_has_hypervisor && !cpu_has_nscb && c == &boot_cpu_data && c->x86 == 0x17) diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index a228087f91..85a67771f7 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -22,4 +22,5 @@ void cf_check early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); +void amd_init_spectral_chicken(void); void detect_zen2_null_seg_behaviour(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 3c8516e014..361eb6fd41 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -40,6 +40,12 @@ static void cf_check init_hygon(struct cpuinfo_x86 *c) c->x86 == 0x18) detect_zen2_null_seg_behaviour(); + /* + * TODO: Check heuristic safety with Hygon first + if (c->x86 == 0x18) + amd_init_spectral_chicken(); + */ + /* * Hygon CPUs before Zen2 don't clear segment bases/limits when * loading a NULL selector. diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index bcb424a320..8cab8736d8 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -377,6 +377,7 @@ #define MSR_AMD64_DE_CFG 0xc0011029 #define AMD64_DE_CFG_LFENCE_SERIALISE (_AC(1, ULL) << 1) #define MSR_AMD64_EX_CFG 0xc001102c +#define MSR_AMD64_DE_CFG2 0xc00110e3 #define MSR_AMD64_DR0_ADDRESS_MASK 0xc0011027 #define MSR_AMD64_DR1_ADDRESS_MASK 0xc0011019 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:45:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:45:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365892.596262 (Exim 4.92) (envelope-from ) id 1oBJ0e-00075z-KG; Tue, 12 Jul 2022 16:45:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365892.596262; Tue, 12 Jul 2022 16:45:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0e-00075r-Hd; Tue, 12 Jul 2022 16:45:16 +0000 Received: by outflank-mailman (input) for mailman id 365892; Tue, 12 Jul 2022 16:45:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0d-00075a-GJ for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0d-00035U-FN for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ0d-0001rJ-Ed for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NOpNQxzMYnDxiwz81ZeK4ubzXJTlv+wxAz6610occ2A=; b=3gJmT63gEyLU4lTgLeaJcNMY3d 2nXWjXeh5dgXOICACL5dsZJn9ZdTWhGGSoiyFnnpLCRas+9LzvB6vZFobgs2Bd3IFT0nqypWpPpeo vfI5tRWxqRsnlY5NdYqyOCjVbKj7W9nblqO7Vni5yCU6a3Eo3E5A43eH1OjR5TGt1rQQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Mitigate Branch Type Confusion when possible Message-Id: Date: Tue, 12 Jul 2022 16:45:15 +0000 commit d8cb7e0f069e0f106d24941355b59b45a731eabe Author: Andrew Cooper AuthorDate: Mon Jun 27 19:29:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/spec-ctrl: Mitigate Branch Type Confusion when possible Branch Type Confusion affects AMD/Hygon CPUs on Zen2 and earlier. To mitigate, we require SMT safety (STIBP on Zen2, no-SMT on Zen1), and to issue an IBPB on each entry to Xen, to flush the BTB. Due to performance concerns, dom0 (which is trusted in most configurations) is excluded from protections by default. Therefore: * Use STIBP by default on Zen2 too, which now means we want it on by default on all hardware supporting STIBP. * Break the current IBPB logic out into a new function, extending it with IBPB-at-entry logic. * Change the existing IBPB-at-ctxt-switch boolean to be tristate, and disable it by default when IBPB-at-entry is providing sufficient safety. If all PV guests on the system are trusted, then it is recommended to boot with `spec-ctrl=ibpb-entry=no-pv`, as this will provide an additional marginal perf improvement. This is part of XSA-407 / CVE-2022-23825. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- docs/misc/xen-command-line.pandoc | 14 +++-- xen/arch/x86/include/asm/spec_ctrl.h | 2 +- xen/arch/x86/spec_ctrl.c | 113 +++++++++++++++++++++++++++++++---- 3 files changed, 112 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index de33ccc005..971f47a77e 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2258,7 +2258,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,md-clear}=|{pv,hvm}=, +> {msr-sc,rsb,md-clear,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2283,9 +2283,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine -grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and/or Xen's ability to virtualise support for guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `md-clear=` and `ibpb-entry=` options +offer fine grained control over the primitives by Xen. These impact Xen's +ability to protect itself, and/or Xen's ability to virtualise support for +guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2304,6 +2305,11 @@ protect itself, and/or Xen's ability to virtualise support for guests to use. compatibility with development versions of this fix, `mds=` is also accepted on Xen 4.12 and earlier as an alias. Consult vendor documentation in preference to here.* +* `ibpb-entry=` offers control over whether IBPB (Indirect Branch Prediction + Barrier) is used on entry to Xen. This is used by default on hardware + vulnerable to Branch Type Confusion, but for performance reasons, dom0 is + unprotected by default. If it necessary to protect dom0 too, boot with + `spec-ctrl=ibpb-entry`. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 3fc599a817..9403b81dc7 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -65,7 +65,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb_ctxt_switch; +extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index e5ea2c5c6c..9dd4d846f5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -39,6 +39,10 @@ static bool __initdata opt_rsb_hvm = true; static int8_t __ro_after_init opt_md_clear_pv = -1; static int8_t __ro_after_init opt_md_clear_hvm = -1; +static int8_t __ro_after_init opt_ibpb_entry_pv = -1; +static int8_t __ro_after_init opt_ibpb_entry_hvm = -1; +static bool __ro_after_init opt_ibpb_entry_dom0; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -54,7 +58,7 @@ int8_t __initdata opt_stibp = -1; bool __ro_after_init opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb_ctxt_switch = true; +int8_t __ro_after_init opt_ibpb_ctxt_switch = -1; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; static bool __initdata opt_branch_harden = true; @@ -114,6 +118,9 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_hvm = false; opt_md_clear_pv = 0; opt_md_clear_hvm = 0; + opt_ibpb_entry_pv = 0; + opt_ibpb_entry_hvm = 0; + opt_ibpb_entry_dom0 = false; opt_thunk = THUNK_JMP; opt_ibrs = 0; @@ -140,12 +147,14 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_msr_sc_pv = val; opt_rsb_pv = val; opt_md_clear_pv = val; + opt_ibpb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { opt_msr_sc_hvm = val; opt_rsb_hvm = val; opt_md_clear_hvm = val; + opt_ibpb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -210,6 +219,28 @@ static int __init cf_check parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("ibpb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_ibpb_entry_pv = opt_ibpb_entry_hvm = + opt_ibpb_entry_dom0 = val; + break; + + case -2: + s += strlen("ibpb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_ibpb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_ibpb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -477,27 +508,31 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -760,6 +795,55 @@ static bool __init should_use_eager_fpu(void) } } +static void __init ibpb_calculations(void) +{ + /* Check we have hardware IBPB support before using it... */ + if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) + { + opt_ibpb_entry_hvm = opt_ibpb_entry_pv = opt_ibpb_ctxt_switch = 0; + opt_ibpb_entry_dom0 = false; + return; + } + + /* + * IBPB-on-entry mitigations for Branch Type Confusion. + * + * IBPB && !BTC_NO selects all AMD/Hygon hardware, not known to be safe, + * that we can provide some form of mitigation on. + */ + if ( opt_ibpb_entry_pv == -1 ) + opt_ibpb_entry_pv = (IS_ENABLED(CONFIG_PV) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + if ( opt_ibpb_entry_hvm == -1 ) + opt_ibpb_entry_hvm = (IS_ENABLED(CONFIG_HVM) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + + if ( opt_ibpb_entry_pv ) + { + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_PV); + + /* + * We only need to flush in IST context if we're protecting against PV + * guests. HVM IBPB-on-entry protections are both atomic with + * NMI/#MC, so can't interrupt Xen ahead of having already flushed the + * BTB. + */ + default_spec_ctrl_flags |= SCF_ist_ibpb; + } + if ( opt_ibpb_entry_hvm ) + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); + + /* + * If we're using IBPB-on-entry to protect against PV and HVM guests + * (ignoring dom0 if trusted), then there's no need to also issue IBPB on + * context switch too. + */ + if ( opt_ibpb_ctxt_switch == -1 ) + opt_ibpb_ctxt_switch = !(opt_ibpb_entry_hvm && opt_ibpb_entry_pv); +} + /* Calculate whether this CPU is vulnerable to L1TF. */ static __init void l1tf_calculations(uint64_t caps) { @@ -1015,8 +1099,12 @@ void spec_ctrl_init_domain(struct domain *d) bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || (opt_fb_clear_mmio && is_iommu_enabled(d))); + bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && + (d->domain_id != 0 || opt_ibpb_entry_dom0)); + d->arch.spec_ctrl_flags = (verw ? SCF_verw : 0) | + (ibpb ? SCF_entry_ibpb : 0) | 0; } @@ -1163,12 +1251,15 @@ void __init init_speculation_mitigations(void) } /* - * Use STIBP by default if the hardware hint is set. Otherwise, leave it - * off as it a severe performance pentalty on pre-eIBRS Intel hardware - * where it was retrofitted in microcode. + * Use STIBP by default on all AMD systems. Zen3 and later enumerate + * STIBP_ALWAYS, but STIBP is needed on Zen2 as part of the mitigations + * for Branch Type Confusion. + * + * Leave STIBP off by default on Intel. Pre-eIBRS systems suffer a + * substantial perf hit when it was implemented in microcode. */ if ( opt_stibp == -1 ) - opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + opt_stibp = !!boot_cpu_has(X86_FEATURE_AMD_STIBP); if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) @@ -1240,9 +1331,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_hvm ) setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM); - /* Check we have hardware IBPB support before using it... */ - if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb_ctxt_switch = false; + ibpb_calculations(); /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:45:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:45:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365893.596266 (Exim 4.92) (envelope-from ) id 1oBJ0p-000795-M0; Tue, 12 Jul 2022 16:45:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365893.596266; Tue, 12 Jul 2022 16:45:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0p-00078x-JB; Tue, 12 Jul 2022 16:45:27 +0000 Received: by outflank-mailman (input) for mailman id 365893; Tue, 12 Jul 2022 16:45:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0o-00078j-4j for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0o-00037E-3o for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ0o-0001tZ-2v for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=b/TnRatz4SnYz+M/UQaR9u20TujASTnJQ5NNdKLJT4M=; b=Lzwrf2E/lQxqUQwd6+AVLxourt EYKCyezdHaQ7kS7hnRSYzmIUVrJKKYp4LX9Y/Bdv/tDdIKQ1C5nT2o1tf4fHBBSJSliwgoOxZH9Xv sq/9rbPkZ+/bowHB5//++Sm0SmeBhYkt2/u6wbA3SO0d+DPZmgjx+HMrpK1hMMc8nnxI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Rework spec_ctrl_flags context switching Message-Id: Date: Tue, 12 Jul 2022 16:45:26 +0000 commit 3a280cbae7022b83af91c27a8e2211ba3b1234f5 Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/spec-ctrl: Rework spec_ctrl_flags context switching We are shortly going to need to context switch new bits in both the vcpu and S3 paths. Introduce SCF_IST_MASK and SCF_DOM_MASK, and rework d->arch.verw into d->arch.spec_ctrl_flags to accommodate. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5796912f7279d9348a3166655588d30eae9f72cc) --- xen/arch/x86/acpi/power.c | 8 ++++---- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/spec_ctrl.c | 9 ++++++--- xen/include/asm-x86/domain.h | 3 +-- xen/include/asm-x86/spec_ctrl.h | 30 +++++++++++++++++++++++++++++- xen/include/asm-x86/spec_ctrl_asm.h | 3 --- 6 files changed, 44 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 5eaa77f66a..dd397f7130 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -248,8 +248,8 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; + /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ + ci->spec_ctrl_flags &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -292,8 +292,8 @@ static int enter_state(u32 state) if ( !recheck_cpu_features(0) ) panic("Missing previously available feature(s)\n"); - /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); + /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ + ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 1fe6644a71..82a0b73cf6 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2092,10 +2092,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the VERW disposition. */ - info->spec_ctrl_flags &= ~SCF_verw; - if ( nextd->arch.verw ) - info->spec_ctrl_flags |= SCF_verw; + /* Update the top-of-stack block with the new spec_ctrl settings. */ + info->spec_ctrl_flags = + (info->spec_ctrl_flags & ~SCF_DOM_MASK) | + (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 9507e5da60..7e646680f1 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1010,9 +1010,12 @@ void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); - d->arch.verw = - (pv ? opt_md_clear_pv : opt_md_clear_hvm) || - (opt_fb_clear_mmio && is_iommu_enabled(d)); + bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || + (opt_fb_clear_mmio && is_iommu_enabled(d))); + + d->arch.spec_ctrl_flags = + (verw ? SCF_verw : 0) | + 0; } void __init init_speculation_mitigations(void) diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index 2398a1d99d..e4c099262c 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -319,8 +319,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - /* Use VERW on return-to-guest for its flushing side effect. */ - bool verw; + uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 7e83e0179f..3cd72e4030 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -20,12 +20,40 @@ #ifndef __X86_SPEC_CTRL_H__ #define __X86_SPEC_CTRL_H__ -/* Encoding of cpuinfo.spec_ctrl_flags */ +/* + * Encoding of: + * cpuinfo.spec_ctrl_flags + * default_spec_ctrl_flags + * domain.spec_ctrl_flags + * + * Live settings are in the top-of-stack block, because they need to be + * accessable when XPTI is active. Some settings are fixed from boot, some + * context switched per domain, and some inhibited in the S3 path. + */ #define SCF_use_shadow (1 << 0) #define SCF_ist_wrmsr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +/* + * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some + * functionality requires updated microcode to work. + * + * On boot, this is easy; we load microcode before figuring out which + * speculative protections to apply. However, on the S3 resume path, we must + * be able to disable the configured mitigations until microcode is reloaded. + * + * These are the controls to inhibit on the S3 resume path until microcode has + * been reloaded. + */ +#define SCF_IST_MASK (SCF_ist_wrmsr) + +/* + * Some speculative protections are per-domain. These settings are merged + * into the top-of-stack block in the context switch path. + */ +#define SCF_DOM_MASK (SCF_verw) + #ifndef __ASSEMBLY__ #include diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 5a590bac44..66b00d511f 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -248,9 +248,6 @@ /* * Use in IST interrupt/exception context. May interrupt Xen or PV context. - * Fine grain control of SCF_ist_wrmsr is needed for safety in the S3 resume - * path to avoid using MSR_SPEC_CTRL before the microcode introducing it has - * been reloaded. */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:45:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:45:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365894.596270 (Exim 4.92) (envelope-from ) id 1oBJ0z-0007Bq-OA; Tue, 12 Jul 2022 16:45:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365894.596270; Tue, 12 Jul 2022 16:45:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0z-0007Bi-Km; Tue, 12 Jul 2022 16:45:37 +0000 Received: by outflank-mailman (input) for mailman id 365894; Tue, 12 Jul 2022 16:45:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0y-0007BO-7n for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ0y-00037e-6x for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ0y-0001u5-6Q for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sM/ey0acz5ZjgRGxmzNThdvrecjTCTzI5lRVUG9tRiI=; b=304GDBpRiuBxci8jlFF1VU4+X5 YTax/NvjakZViZOU0eLZ5rErbXhKRWWsjsOgIBBTyA5ekr1E94YA2/TRN+dZAVDRTXtvLPibDlFZC MC+/vrl2mOin16aEvtZNyM7C3uy2l/U1QWU/kvLmASPM01IuxqkIh6ccMQJcl01Iy+GA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr Message-Id: Date: Tue, 12 Jul 2022 16:45:36 +0000 commit 31aa2a20bfefc3a8a200da54a56471bf99f9630e Author: Andrew Cooper AuthorDate: Tue Jun 28 14:36:56 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr We are about to introduce SCF_ist_ibpb, at which point SCF_ist_wrmsr becomes ambiguous. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76d6a36f645dfdbad8830559d4d52caf36efc75e) --- xen/arch/x86/spec_ctrl.c | 6 +++--- xen/include/asm-x86/spec_ctrl.h | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 7e646680f1..89f95c083e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1115,7 +1115,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1126,7 +1126,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1139,7 +1139,7 @@ void __init init_speculation_mitigations(void) * on real hardware matches the availability of MSR_SPEC_CTRL in the * first place. * - * No need for SCF_ist_wrmsr because Xen's value is restored + * No need for SCF_ist_sc_msr because Xen's value is restored * atomically WRT NMIs in the VMExit path. * * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 3cd72e4030..f8f0ac47e7 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -31,7 +31,7 @@ * context switched per domain, and some inhibited in the S3 path. */ #define SCF_use_shadow (1 << 0) -#define SCF_ist_wrmsr (1 << 1) +#define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) @@ -46,7 +46,7 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_wrmsr) +#define SCF_IST_MASK (SCF_ist_sc_msr) /* * Some speculative protections are per-domain. These settings are merged diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 66b00d511f..0ff1b118f8 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -266,8 +266,8 @@ .L\@_skip_rsb: - test $SCF_ist_wrmsr, %al - jz .L\@_skip_wrmsr + test $SCF_ist_sc_msr, %al + jz .L\@_skip_msr_spec_ctrl xor %edx, %edx testb $3, UREGS_cs(%rsp) @@ -290,7 +290,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * to speculate around the WRMSR. As a result, we need a dispatch * serialising instruction in the else clause. */ -.L\@_skip_wrmsr: +.L\@_skip_msr_spec_ctrl: lfence UNLIKELY_END(\@_serialise) .endm @@ -301,7 +301,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %rbx=stack_end * Clobbers %rax, %rcx, %rdx */ - testb $SCF_ist_wrmsr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) + testb $SCF_ist_sc_msr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) jz .L\@_skip DO_SPEC_CTRL_EXIT_TO_XEN -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:45:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:45:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365895.596275 (Exim 4.92) (envelope-from ) id 1oBJ19-0007Ga-Sl; Tue, 12 Jul 2022 16:45:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365895.596275; Tue, 12 Jul 2022 16:45:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ19-0007GS-Pa; Tue, 12 Jul 2022 16:45:47 +0000 Received: by outflank-mailman (input) for mailman id 365895; Tue, 12 Jul 2022 16:45:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ18-0007GH-Ax for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ18-00037q-A3 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ18-0001uU-9G for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ePOBXh/BrI2NBnI81NRgBa/PJuW2q80uQLmm24nMzW0=; b=kpLaiIqRMp6sqLWwx5dXtvh/l3 EpccQFk5YN3pg96qAG3J7KJx5ZNIhN927Uj3bvixu68TUCmjf6gZSn8U7oa/BXk588vz6AZKKt0tv DdArKQAPgAcWrz3c5M3heSaUkdKaFh4sWDZb+cg4NfbdwwWjgWdZi07Nl6nbY9ERcf+8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch Message-Id: Date: Tue, 12 Jul 2022 16:45:46 +0000 commit e7671561c84322860875745e57b228a7a310f2bf Author: Andrew Cooper AuthorDate: Mon Jul 4 21:32:17 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch We are about to introduce the use of IBPB at different points in Xen, making opt_ibpb ambiguous. Rename it to opt_ibpb_ctxt_switch. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit a8e5ef079d6f5c88c472e3e620db5a8d1402a50d) --- xen/arch/x86/domain.c | 2 +- xen/arch/x86/spec_ctrl.c | 10 +++++----- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 82a0b73cf6..0d39981550 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2064,7 +2064,7 @@ void context_switch(struct vcpu *prev, struct vcpu *next) ctxt_switch_levelling(next); - if ( opt_ibpb && !is_idle_domain(nextd) ) + if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) ) { static DEFINE_PER_CPU(unsigned int, last); unsigned int *last_id = &this_cpu(last); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 89f95c083e..f4ae36eae2 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -54,7 +54,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb = true; +bool __read_mostly opt_ibpb_ctxt_switch = true; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; static bool __initdata opt_branch_harden = true; @@ -117,7 +117,7 @@ static int __init parse_spec_ctrl(const char *s) opt_thunk = THUNK_JMP; opt_ibrs = 0; - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; opt_ssbd = false; opt_l1d_flush = 0; opt_branch_harden = false; @@ -238,7 +238,7 @@ static int __init parse_spec_ctrl(const char *s) /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + opt_ibpb_ctxt_switch = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -458,7 +458,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", - opt_ibpb ? " IBPB" : "", + opt_ibpb_ctxt_switch ? " IBPB-ctxt" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm || opt_fb_clear_mmio ? " VERW" : "", @@ -1240,7 +1240,7 @@ void __init init_speculation_mitigations(void) /* Check we have hardware IBPB support before using it... */ if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index f8f0ac47e7..fb43655756 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -63,7 +63,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb; +extern bool opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:45:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:45:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365896.596278 (Exim 4.92) (envelope-from ) id 1oBJ1I-0007Jd-Ts; Tue, 12 Jul 2022 16:45:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365896.596278; Tue, 12 Jul 2022 16:45:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1I-0007JV-RD; Tue, 12 Jul 2022 16:45:56 +0000 Received: by outflank-mailman (input) for mailman id 365896; Tue, 12 Jul 2022 16:45:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1I-0007JN-Db for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1I-000380-Cl for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ1I-0001uv-CC for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:45:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bsXJafn6uVswlp0WRFbEgvLhZtx04XnmhgimSOfauQw=; b=e3tCe7nn984d/nqBFIh5dgNJ0i vwOe1/Q0aO2N4fonduqA0D95+ek+4cYAd5l/CS+fKgmZEmltjgGghNh6Dg8hV0C6HkeUQDKRg2BNy KRO3GIap8ddrVfqx0iuopdg22EYahQ1i/Gl0uoZxDkClDM46w03uOK+LUKtxYaDClUWE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST Message-Id: Date: Tue, 12 Jul 2022 16:45:56 +0000 commit 2a9e690a0ad5d54dca4166e089089a07bbe7fc85 Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST We are shortly going to add a conditional IBPB in this path. Therefore, we cannot hold spec_ctrl_flags in %eax, and rely on only clobbering it after we're done with its contents. %rbx is available for use, and the more normal register to hold preserved information in. With %rax freed up, use it instead of %rdx for the RSB tmp register, and for the adjustment to spec_ctrl_flags. This leaves no use of %rdx, except as 0 for the upper half of WRMSR. In practice, %rdx is 0 from SAVE_ALL on all paths and isn't likely to change in the foreseeable future, so update the macro entry requirements to state this dependency. This marginal optimisation can be revisited if circumstances change. No practical change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e9b8d31981f184c6539f91ec54bd9cae29cdae36) --- xen/arch/x86/x86_64/entry.S | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 21 ++++++++++----------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 2a86938f1f..a1810bf4d3 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -932,7 +932,7 @@ ENTRY(double_fault) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rbx @@ -968,7 +968,7 @@ handle_ist_exception: GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 0ff1b118f8..15e24cde00 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -251,34 +251,33 @@ */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* - * Requires %rsp=regs, %r14=stack_end - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY * maybexen=1, but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %eax + movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx - test $SCF_ist_rsb, %al + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb - DO_OVERWRITE_RSB tmp=rdx /* Clobbers %rcx/%rdx */ + DO_OVERWRITE_RSB /* Clobbers %rax/%rcx */ .L\@_skip_rsb: - test $SCF_ist_sc_msr, %al + test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl - xor %edx, %edx + xor %eax, %eax testb $3, UREGS_cs(%rsp) - setnz %dl - not %edx - and %dl, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + setnz %al + not %eax + and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax - xor %edx, %edx wrmsr /* Opencoded UNLIKELY_START() with no condition. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:46:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:46:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365897.596282 (Exim 4.92) (envelope-from ) id 1oBJ1S-0007MP-Vk; Tue, 12 Jul 2022 16:46:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365897.596282; Tue, 12 Jul 2022 16:46:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1S-0007MH-Sw; Tue, 12 Jul 2022 16:46:06 +0000 Received: by outflank-mailman (input) for mailman id 365897; Tue, 12 Jul 2022 16:46:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1S-0007MB-Gj for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1S-00038H-Fr for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ1S-0001vZ-FG for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KbGHiMpRiDDEyAqFrJECtR5pOUxRNrgOh70tS6JkRVw=; b=otmMbpd8Q9uFib4tKEAze3uDxW PuefWyTVG392lnyLYTQeNc94LiHbyOCliOOkonA+NgM8a/o49M6tpi+bj9HJ6/8rFZ3xxsa6V7dYD tPSToQf/scCTO/fjNU+iPyqooUARxrALzOBHNYnUcMopeYN/HPNMAnTCqKXo9R/q54qA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Support IBPB-on-entry Message-Id: Date: Tue, 12 Jul 2022 16:46:06 +0000 commit 76c5fcee9027fb8823dd501086f0ff3ee3c4231c Author: Andrew Cooper AuthorDate: Thu Feb 24 13:44:33 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/spec-ctrl: Support IBPB-on-entry We are going to need this to mitigate Branch Type Confusion on AMD/Hygon CPUs, but as we've talked about using it in other cases too, arrange to support it generally. However, this is also very expensive in some cases, so we're going to want per-domain controls. Introduce SCF_ist_ibpb and SCF_entry_ibpb controls, adding them to the IST and DOM masks as appropriate. Also introduce X86_FEATURE_IBPB_ENTRY_{PV,HVM} to to patch the code blocks. For SVM, the STGI is serialising enough to protect against Spectre-v1 attacks, so no "else lfence" is necessary. VT-x will use use the MSR host load list, so doesn't need any code in the VMExit path. For the IST path, we can't safely check CPL==0 to skip a flush, as we might have hit an entry path before it's IBPB. As IST hitting Xen is rare, flush irrespective of CPL. A later path, SCF_ist_sc_msr, provides Spectre-v1 safety. For the PV paths, we know we're interrupting CPL>0, while for the INTR paths, we can safely check CPL==0. Only flush when interrupting guest context. An "else lfence" is needed for safety, but we want to be able to skip it on unaffected CPUs, so the block wants to be an alternative, which means the lfence has to be inline rather than UNLIKELY() (the replacement block doesn't have displacements fixed up for anything other than the first instruction). As with SPEC_CTRL_ENTRY_FROM_INTR_IST, %rdx is 0 on entry so rely on this to shrink the logic marginally. Update the comments to specify this new dependency. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 53a570b285694947776d5190f591a0d5b9b18de7) --- xen/arch/x86/hvm/svm/entry.S | 18 +++++++++++++- xen/arch/x86/hvm/vmx/vmcs.c | 4 +++ xen/arch/x86/x86_64/compat/entry.S | 2 +- xen/arch/x86/x86_64/entry.S | 12 ++++----- xen/include/asm-x86/cpufeatures.h | 2 ++ xen/include/asm-x86/spec_ctrl.h | 6 +++-- xen/include/asm-x86/spec_ctrl_asm.h | 49 +++++++++++++++++++++++++++++++++++-- 7 files changed, 81 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 4ae55a2ef6..0ff4008060 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -97,7 +97,19 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + + .macro svm_vmexit_cond_ibpb + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + jz .L_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr +.L_skip_ibpb: + .endm + ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM .macro svm_vmexit_spec_ctrl @@ -114,6 +126,10 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ + /* + * STGI is executed unconditionally, and is sufficiently serialising + * to safely resolve any Spectre-v1 concerns in the above logic. + */ stgi GLOBAL(svm_stgi_label) mov %rsp,%rdi diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index f9f9bc18cd..dd817cee4e 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1345,6 +1345,10 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); + if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, + VMX_MSR_HOST); + out: vmx_vmcs_exit(v); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 5fd6dbbd45..b86d38d1c5 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -18,7 +18,7 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, 4(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ CR4_PV32_RESTORE diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index a1810bf4d3..fba8ae498f 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -260,7 +260,7 @@ ENTRY(lstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -298,7 +298,7 @@ ENTRY(cstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -338,7 +338,7 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -392,7 +392,7 @@ ENTRY(int80_direct_trap) movl $0x80, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -674,7 +674,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -708,7 +708,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 493d338a08..672c9ee22b 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -39,6 +39,8 @@ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ +XEN_CPUFEATURE(IBPB_ENTRY_PV, X86_SYNTH(28)) /* MSR_PRED_CMD used by Xen for PV */ +XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for HVM */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index fb43655756..3fc599a817 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -34,6 +34,8 @@ #define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +#define SCF_ist_ibpb (1 << 4) +#define SCF_entry_ibpb (1 << 5) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -46,13 +48,13 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_sc_msr) +#define SCF_IST_MASK (SCF_ist_sc_msr | SCF_ist_ibpb) /* * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 15e24cde00..9eb4ad9ab7 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -88,6 +88,35 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ +.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +/* + * Requires %rsp=regs (also cpuinfo if !maybexen) + * Requires %r14=stack_end (if maybexen), %rdx=0 + * Clobbers %rax, %rcx, %rdx + * + * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen + * case, we can safely look at UREGS_cs to skip taking the hit when + * interrupting Xen. + */ + .if \maybexen + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + jz .L\@_skip + testb $3, UREGS_cs(%rsp) + .else + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + .endif + jz .L\@_skip + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + jmp .L\@_done + +.L\@_skip: + lfence +.L\@_done: +.endm + .macro DO_OVERWRITE_RSB tmp=rax /* * Requires nothing @@ -225,12 +254,16 @@ /* Use after an entry from PV context (syscall/sysenter/int80/int82/etc). */ #define SPEC_CTRL_ENTRY_FROM_PV \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV /* Use in interrupt/exception context. May interrupt Xen or PV context. */ #define SPEC_CTRL_ENTRY_FROM_INTR \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV @@ -254,11 +287,23 @@ * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rbx, %rcx, %rdx * - * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY - * maybexen=1, but with conditionals rather than alternatives. + * This is logical merge of: + * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_OVERWRITE_RSB + * DO_SPEC_CTRL_ENTRY maybexen=1 + * but with conditionals rather than alternatives. */ movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + test $SCF_ist_ibpb, %bl + jz .L\@_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + +.L\@_skip_ibpb: + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:46:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:46:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365898.596286 (Exim 4.92) (envelope-from ) id 1oBJ1d-0007P6-1O; Tue, 12 Jul 2022 16:46:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365898.596286; Tue, 12 Jul 2022 16:46:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1c-0007Oy-Uc; Tue, 12 Jul 2022 16:46:16 +0000 Received: by outflank-mailman (input) for mailman id 365898; Tue, 12 Jul 2022 16:46:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1c-0007Os-Jp for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1c-00038L-Iy for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ1c-0001w6-IL for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9+O+6oEtn5EtP2sYQRpFYE8Lk1B4x5YHOTi9bwPGyzM=; b=t0E8GkuvP/8PKJXR+LfuQOJy+P IN9YiI94LLgDtfYgeqXgBoGBK1JTDOYH1c7LP2RpT6a58F0vbV2+le8m2Mp6iE8d/XG5lwcNEZo1S QhDn8H7S3TtxInpIPBY/w2O6060Z6PDtQ3/LsMCYNaw98iuz0HhOwyhitApL8U4BmOxI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/cpuid: Enumeration for BTC_NO Message-Id: Date: Tue, 12 Jul 2022 16:46:16 +0000 commit 0826c7596d35c887b3b7858137c7ac374d9ef17a Author: Andrew Cooper AuthorDate: Mon May 16 15:48:24 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/cpuid: Enumeration for BTC_NO BTC_NO indicates that hardware is not succeptable to Branch Type Confusion. Zen3 CPUs don't suffer BTC. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76cb04ad64f3ab9ae785988c40655a71dde9c319) --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/cpu/amd.c | 10 ++++++++++ xen/arch/x86/spec_ctrl.c | 5 +++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index d462f9e421..bf6fdee360 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -288,6 +288,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1}, {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, + {"btc-no", 0x80000008, NA, CPUID_REG_EBX, 29, 1}, {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index bc7dcf5575..fe22f5f5b6 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -158,7 +158,7 @@ static const char *const str_e8b[32] = /* [22] */ [23] = "ppin", [24] = "amd-ssbd", [25] = "virt-ssbd", [26] = "ssb-no", - [28] = "psfd", + [28] = "psfd", [29] = "btc-no", }; static const char *const str_7d0[32] = diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index b3b9a0df5f..b158e3acb5 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -847,6 +847,16 @@ static void init_amd(struct cpuinfo_x86 *c) warning_add(text); } break; + + case 0x19: + /* + * Zen3 (Fam19h model < 0x10) parts are not susceptible to + * Branch Type Confusion, but predate the allocation of the + * BTC_NO bit. Fill it back in if we're not virtualised. + */ + if (!cpu_has_hypervisor && !cpu_has(c, X86_FEATURE_BTC_NO)) + __set_bit(X86_FEATURE_BTC_NO, c->x86_capability); + break; } display_cacheinfo(c); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index f4ae36eae2..0f101c057f 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -388,7 +388,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * Hardware read-only information, stating immunity to certain issues, or * suggestions of which mitigation to use. */ - printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", @@ -403,7 +403,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (e8b & cpufeat_mask(X86_FEATURE_IBRS_ALWAYS)) ? " IBRS_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", - (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : ""); + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : "", + (e8b & cpufeat_mask(X86_FEATURE_BTC_NO)) ? " BTC_NO" : ""); /* Hardware features which need driving to mitigate issues. */ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 743b857dcd..e7b8167800 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -266,6 +266,7 @@ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(BTC_NO, 8*32+29) /*A Hardware not vulnerable to Branch Type Confusion */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:46:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:46:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365899.596289 (Exim 4.92) (envelope-from ) id 1oBJ1n-0007SL-4J; Tue, 12 Jul 2022 16:46:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365899.596289; Tue, 12 Jul 2022 16:46:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1n-0007SD-1X; Tue, 12 Jul 2022 16:46:27 +0000 Received: by outflank-mailman (input) for mailman id 365899; Tue, 12 Jul 2022 16:46:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1m-0007S7-Me for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1m-00038P-Ls for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ1m-0001wX-LH for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=URN4zX3mIu6rxQXShgqNsGXVGNQU/Z9cAIE1NLYGBKk=; b=4BCL41w+2v2iqJEbiubfOw/Lsr NXvjGhW5ClcAh3aqx5EGPefHSyfrdiLdHjC9agNs9nYz3VRJiIDL7mn2Iu04JNkczG/rXinPdjlZ+ 5bl6lCI7GNdvnB5dkUqJ30nuAJulHs2EWn/zZKEDtcoJZrE5Nbqk1SZ4Q48rOkGIF8Ek=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Enable Zen2 chickenbit Message-Id: Date: Tue, 12 Jul 2022 16:46:26 +0000 commit 5457a6870eb1369b868f7b8e833966ed43a773ad Author: Andrew Cooper AuthorDate: Tue Mar 15 18:30:25 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/spec-ctrl: Enable Zen2 chickenbit ... as instructed in the Branch Type Confusion whitepaper. This is part of XSA-407. Signed-off-by: Andrew Cooper (cherry picked from commit 9deaf2d932f08c16c6b96a1c426e4b1142c0cdbe) --- xen/arch/x86/cpu/amd.c | 28 ++++++++++++++++++++++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 6 ++++++ xen/include/asm-x86/msr-index.h | 1 + 4 files changed, 36 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index b158e3acb5..37ac84ddd7 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -731,6 +731,31 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) printk_once(XENLOG_ERR "No SSBD controls available\n"); } +/* + * On Zen2 we offer this chicken (bit) on the altar of Speculation. + * + * Refer to the AMD Branch Type Confusion whitepaper: + * https://XXX + * + * Setting this unnamed bit supposedly causes prediction information on + * non-branch instructions to be ignored. It is to be set unilaterally in + * newer microcode. + * + * This chickenbit is something unrelated on Zen1, and Zen1 vs Zen2 isn't a + * simple model number comparison, so use STIBP as a heuristic to separate the + * two uarches in Fam17h(AMD)/18h(Hygon). + */ +void amd_init_spectral_chicken(void) +{ + uint64_t val, chickenbit = 1 << 1; + + if (cpu_has_hypervisor || !boot_cpu_has(X86_FEATURE_AMD_STIBP)) + return; + + if (rdmsr_safe(MSR_AMD64_DE_CFG2, val) == 0 && !(val & chickenbit)) + wrmsr_safe(MSR_AMD64_DE_CFG2, val | chickenbit); +} + void __init detect_zen2_null_seg_behaviour(void) { uint64_t base; @@ -796,6 +821,9 @@ static void init_amd(struct cpuinfo_x86 *c) amd_init_ssbd(c); + if (c->x86 == 0x17) + amd_init_spectral_chicken(); + /* Probe for NSCB on Zen2 CPUs when not virtualised */ if (!cpu_has_hypervisor && !cpu_has_nscb && c == &boot_cpu_data && c->x86 == 0x17) diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index b593bd85f0..145bc5156a 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -22,4 +22,5 @@ void early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); +void amd_init_spectral_chicken(void); void detect_zen2_null_seg_behaviour(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index cdc94130dd..6f8d491297 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -40,6 +40,12 @@ static void init_hygon(struct cpuinfo_x86 *c) c->x86 == 0x18) detect_zen2_null_seg_behaviour(); + /* + * TODO: Check heuristic safety with Hygon first + if (c->x86 == 0x18) + amd_init_spectral_chicken(); + */ + /* * Hygon CPUs before Zen2 don't clear segment bases/limits when * loading a NULL selector. diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 72bc32ba04..d3735e499e 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -361,6 +361,7 @@ #define MSR_AMD64_DE_CFG 0xc0011029 #define AMD64_DE_CFG_LFENCE_SERIALISE (_AC(1, ULL) << 1) #define MSR_AMD64_EX_CFG 0xc001102c +#define MSR_AMD64_DE_CFG2 0xc00110e3 #define MSR_AMD64_DR0_ADDRESS_MASK 0xc0011027 #define MSR_AMD64_DR1_ADDRESS_MASK 0xc0011019 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:46:38 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:46:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365901.596294 (Exim 4.92) (envelope-from ) id 1oBJ1y-0007XO-5n; Tue, 12 Jul 2022 16:46:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365901.596294; Tue, 12 Jul 2022 16:46:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1y-0007XH-38; Tue, 12 Jul 2022 16:46:38 +0000 Received: by outflank-mailman (input) for mailman id 365901; Tue, 12 Jul 2022 16:46:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1w-0007X7-Pr for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ1w-00038t-Ox for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ1w-0001wy-OH for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=54eO9R9ZnEduf7G0NSw28EN4KVX2dIfBcQ4YQ/rJpzY=; b=jj7KpPRvEK0BUMF/POlXCxrM09 II+Llud/Qi4atguzeRWBqX7u0OVP0ks/UXGtD1GcwHsTlfyWShR2TKMEC2omw8Vz5YJrnbqHE9+W+ hVca3Wk242KjitpAIYbqDMXff9nRyRpgdmWim2KztzpUHoQ62KaFFWaZYC1BWbQPYn5Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Mitigate Branch Type Confusion when possible Message-Id: Date: Tue, 12 Jul 2022 16:46:36 +0000 commit 0a5387a01165b46c8c85e7f7e2ddbe60a7f5db44 Author: Andrew Cooper AuthorDate: Mon Jun 27 19:29:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/spec-ctrl: Mitigate Branch Type Confusion when possible Branch Type Confusion affects AMD/Hygon CPUs on Zen2 and earlier. To mitigate, we require SMT safety (STIBP on Zen2, no-SMT on Zen1), and to issue an IBPB on each entry to Xen, to flush the BTB. Due to performance concerns, dom0 (which is trusted in most configurations) is excluded from protections by default. Therefore: * Use STIBP by default on Zen2 too, which now means we want it on by default on all hardware supporting STIBP. * Break the current IBPB logic out into a new function, extending it with IBPB-at-entry logic. * Change the existing IBPB-at-ctxt-switch boolean to be tristate, and disable it by default when IBPB-at-entry is providing sufficient safety. If all PV guests on the system are trusted, then it is recommended to boot with `spec-ctrl=ibpb-entry=no-pv`, as this will provide an additional marginal perf improvement. This is part of XSA-407 / CVE-2022-23825. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit d8cb7e0f069e0f106d24941355b59b45a731eabe) --- docs/misc/xen-command-line.pandoc | 14 +++-- xen/arch/x86/spec_ctrl.c | 113 ++++++++++++++++++++++++++++++++++---- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 112 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 1bbdb55129..bd6826d0ae 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2234,7 +2234,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,md-clear}=|{pv,hvm}=, +> {msr-sc,rsb,md-clear,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2259,9 +2259,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine -grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and/or Xen's ability to virtualise support for guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `md-clear=` and `ibpb-entry=` options +offer fine grained control over the primitives by Xen. These impact Xen's +ability to protect itself, and/or Xen's ability to virtualise support for +guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2280,6 +2281,11 @@ protect itself, and/or Xen's ability to virtualise support for guests to use. compatibility with development versions of this fix, `mds=` is also accepted on Xen 4.12 and earlier as an alias. Consult vendor documentation in preference to here.* +* `ibpb-entry=` offers control over whether IBPB (Indirect Branch Prediction + Barrier) is used on entry to Xen. This is used by default on hardware + vulnerable to Branch Type Confusion, but for performance reasons, dom0 is + unprotected by default. If it necessary to protect dom0 too, boot with + `spec-ctrl=ibpb-entry`. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0f101c057f..1d9796c34d 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -39,6 +39,10 @@ static bool __initdata opt_rsb_hvm = true; static int8_t __read_mostly opt_md_clear_pv = -1; static int8_t __read_mostly opt_md_clear_hvm = -1; +static int8_t __read_mostly opt_ibpb_entry_pv = -1; +static int8_t __read_mostly opt_ibpb_entry_hvm = -1; +static bool __read_mostly opt_ibpb_entry_dom0; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -54,7 +58,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb_ctxt_switch = true; +int8_t __read_mostly opt_ibpb_ctxt_switch = -1; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; static bool __initdata opt_branch_harden = true; @@ -114,6 +118,9 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = false; opt_md_clear_pv = 0; opt_md_clear_hvm = 0; + opt_ibpb_entry_pv = 0; + opt_ibpb_entry_hvm = 0; + opt_ibpb_entry_dom0 = false; opt_thunk = THUNK_JMP; opt_ibrs = 0; @@ -140,12 +147,14 @@ static int __init parse_spec_ctrl(const char *s) opt_msr_sc_pv = val; opt_rsb_pv = val; opt_md_clear_pv = val; + opt_ibpb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { opt_msr_sc_hvm = val; opt_rsb_hvm = val; opt_md_clear_hvm = val; + opt_ibpb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -210,6 +219,28 @@ static int __init parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("ibpb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_ibpb_entry_pv = opt_ibpb_entry_hvm = + opt_ibpb_entry_dom0 = val; + break; + + case -2: + s += strlen("ibpb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_ibpb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_ibpb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -477,27 +508,31 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -759,6 +794,55 @@ static bool __init should_use_eager_fpu(void) } } +static void __init ibpb_calculations(void) +{ + /* Check we have hardware IBPB support before using it... */ + if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) + { + opt_ibpb_entry_hvm = opt_ibpb_entry_pv = opt_ibpb_ctxt_switch = 0; + opt_ibpb_entry_dom0 = false; + return; + } + + /* + * IBPB-on-entry mitigations for Branch Type Confusion. + * + * IBPB && !BTC_NO selects all AMD/Hygon hardware, not known to be safe, + * that we can provide some form of mitigation on. + */ + if ( opt_ibpb_entry_pv == -1 ) + opt_ibpb_entry_pv = (IS_ENABLED(CONFIG_PV) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + if ( opt_ibpb_entry_hvm == -1 ) + opt_ibpb_entry_hvm = (IS_ENABLED(CONFIG_HVM) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + + if ( opt_ibpb_entry_pv ) + { + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_PV); + + /* + * We only need to flush in IST context if we're protecting against PV + * guests. HVM IBPB-on-entry protections are both atomic with + * NMI/#MC, so can't interrupt Xen ahead of having already flushed the + * BTB. + */ + default_spec_ctrl_flags |= SCF_ist_ibpb; + } + if ( opt_ibpb_entry_hvm ) + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); + + /* + * If we're using IBPB-on-entry to protect against PV and HVM guests + * (ignoring dom0 if trusted), then there's no need to also issue IBPB on + * context switch too. + */ + if ( opt_ibpb_ctxt_switch == -1 ) + opt_ibpb_ctxt_switch = !(opt_ibpb_entry_hvm && opt_ibpb_entry_pv); +} + /* Calculate whether this CPU is vulnerable to L1TF. */ static __init void l1tf_calculations(uint64_t caps) { @@ -1014,8 +1098,12 @@ void spec_ctrl_init_domain(struct domain *d) bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || (opt_fb_clear_mmio && is_iommu_enabled(d))); + bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && + (d->domain_id != 0 || opt_ibpb_entry_dom0)); + d->arch.spec_ctrl_flags = (verw ? SCF_verw : 0) | + (ibpb ? SCF_entry_ibpb : 0) | 0; } @@ -1162,12 +1250,15 @@ void __init init_speculation_mitigations(void) } /* - * Use STIBP by default if the hardware hint is set. Otherwise, leave it - * off as it a severe performance pentalty on pre-eIBRS Intel hardware - * where it was retrofitted in microcode. + * Use STIBP by default on all AMD systems. Zen3 and later enumerate + * STIBP_ALWAYS, but STIBP is needed on Zen2 as part of the mitigations + * for Branch Type Confusion. + * + * Leave STIBP off by default on Intel. Pre-eIBRS systems suffer a + * substantial perf hit when it was implemented in microcode. */ if ( opt_stibp == -1 ) - opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + opt_stibp = !!boot_cpu_has(X86_FEATURE_AMD_STIBP); if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) @@ -1239,9 +1330,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_hvm ) setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM); - /* Check we have hardware IBPB support before using it... */ - if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb_ctxt_switch = false; + ibpb_calculations(); /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 3fc599a817..9403b81dc7 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -65,7 +65,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb_ctxt_switch; +extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:46:48 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:46:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365905.596298 (Exim 4.92) (envelope-from ) id 1oBJ28-0007bC-8O; Tue, 12 Jul 2022 16:46:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365905.596298; Tue, 12 Jul 2022 16:46:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ28-0007b4-54; Tue, 12 Jul 2022 16:46:48 +0000 Received: by outflank-mailman (input) for mailman id 365905; Tue, 12 Jul 2022 16:46:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ27-0007au-87 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ27-000394-7E for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ27-0001ya-6c for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8NJz5fd5eyTuIpsWMATXfZQkKFuraB5ogZRsk+CQFz4=; b=GqMkOvQlIYW8ZxQu3iLQEHg3JW eNoUf6wMgcJ3b0+oHXtimVsJej9BrtExFnKEqN+SFXOE1KTtPtkZGxoPp4I3aQQZxIFeNUKhpS4sY WAWb+CqBW11kQdwNvRc7bcx7lpGMP+OO3uWa/B7uSH8WK9v+Ll7xUv6f02hRInLAxlPc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Rework spec_ctrl_flags context switching Message-Id: Date: Tue, 12 Jul 2022 16:46:47 +0000 commit 156ab775769d39b2dfb048ccd34dee7e86ba83a2 Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/spec-ctrl: Rework spec_ctrl_flags context switching We are shortly going to need to context switch new bits in both the vcpu and S3 paths. Introduce SCF_IST_MASK and SCF_DOM_MASK, and rework d->arch.verw into d->arch.spec_ctrl_flags to accommodate. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5796912f7279d9348a3166655588d30eae9f72cc) --- xen/arch/x86/acpi/power.c | 8 ++++---- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/spec_ctrl.c | 9 ++++++--- xen/include/asm-x86/domain.h | 3 +-- xen/include/asm-x86/spec_ctrl.h | 30 +++++++++++++++++++++++++++++- xen/include/asm-x86/spec_ctrl_asm.h | 3 --- 6 files changed, 44 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 5eaa77f66a..dd397f7130 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -248,8 +248,8 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; + /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ + ci->spec_ctrl_flags &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -292,8 +292,8 @@ static int enter_state(u32 state) if ( !recheck_cpu_features(0) ) panic("Missing previously available feature(s)\n"); - /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); + /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ + ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 4a61e951fa..79f2c6ab19 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2069,10 +2069,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the VERW disposition. */ - info->spec_ctrl_flags &= ~SCF_verw; - if ( nextd->arch.verw ) - info->spec_ctrl_flags |= SCF_verw; + /* Update the top-of-stack block with the new spec_ctrl settings. */ + info->spec_ctrl_flags = + (info->spec_ctrl_flags & ~SCF_DOM_MASK) | + (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 225fe08259..0fabfbe2a9 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -981,9 +981,12 @@ void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); - d->arch.verw = - (pv ? opt_md_clear_pv : opt_md_clear_hvm) || - (opt_fb_clear_mmio && is_iommu_enabled(d)); + bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || + (opt_fb_clear_mmio && is_iommu_enabled(d))); + + d->arch.spec_ctrl_flags = + (verw ? SCF_verw : 0) | + 0; } void __init init_speculation_mitigations(void) diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index d0df7f83aa..7d6483f21b 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -319,8 +319,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - /* Use VERW on return-to-guest for its flushing side effect. */ - bool verw; + uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 12283573cd..60d6d2dc94 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -20,12 +20,40 @@ #ifndef __X86_SPEC_CTRL_H__ #define __X86_SPEC_CTRL_H__ -/* Encoding of cpuinfo.spec_ctrl_flags */ +/* + * Encoding of: + * cpuinfo.spec_ctrl_flags + * default_spec_ctrl_flags + * domain.spec_ctrl_flags + * + * Live settings are in the top-of-stack block, because they need to be + * accessable when XPTI is active. Some settings are fixed from boot, some + * context switched per domain, and some inhibited in the S3 path. + */ #define SCF_use_shadow (1 << 0) #define SCF_ist_wrmsr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +/* + * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some + * functionality requires updated microcode to work. + * + * On boot, this is easy; we load microcode before figuring out which + * speculative protections to apply. However, on the S3 resume path, we must + * be able to disable the configured mitigations until microcode is reloaded. + * + * These are the controls to inhibit on the S3 resume path until microcode has + * been reloaded. + */ +#define SCF_IST_MASK (SCF_ist_wrmsr) + +/* + * Some speculative protections are per-domain. These settings are merged + * into the top-of-stack block in the context switch path. + */ +#define SCF_DOM_MASK (SCF_verw) + #ifndef __ASSEMBLY__ #include diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 5a590bac44..66b00d511f 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -248,9 +248,6 @@ /* * Use in IST interrupt/exception context. May interrupt Xen or PV context. - * Fine grain control of SCF_ist_wrmsr is needed for safety in the S3 resume - * path to avoid using MSR_SPEC_CTRL before the microcode introducing it has - * been reloaded. */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:46:58 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:46:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365907.596302 (Exim 4.92) (envelope-from ) id 1oBJ2I-0007i2-9g; Tue, 12 Jul 2022 16:46:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365907.596302; Tue, 12 Jul 2022 16:46:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2I-0007hu-6g; Tue, 12 Jul 2022 16:46:58 +0000 Received: by outflank-mailman (input) for mailman id 365907; Tue, 12 Jul 2022 16:46:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2H-0007hj-As for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2H-00039A-A4 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ2H-0001zC-9T for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:46:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gjEwM34ONBse3Dq7I1G6ECnjaUYBeZWtew9FnNB79HM=; b=YMkNXjQzv5Xmi60NvHaG3RmQUI 1EgRK/vjk2fkS1MEaV8niehV5Sf4Wvvowau0QKppoX2mBuenJ/z7omYpOo+O2znudOhmktzj1Rksa NbmImqZ2nVtFk0VCUEtmLsIL5LNIAcoiwr5zIRJ1+X9RlxuLL8xwr+lnJHDbv90EHHUI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr Message-Id: Date: Tue, 12 Jul 2022 16:46:57 +0000 commit 2cfbca32b9dc3a8d6520549ff468a7f550daf1b1 Author: Andrew Cooper AuthorDate: Tue Jun 28 14:36:56 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr We are about to introduce SCF_ist_ibpb, at which point SCF_ist_wrmsr becomes ambiguous. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76d6a36f645dfdbad8830559d4d52caf36efc75e) --- xen/arch/x86/spec_ctrl.c | 6 +++--- xen/include/asm-x86/spec_ctrl.h | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0fabfbe2a9..a6def47061 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1086,7 +1086,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1097,7 +1097,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1110,7 +1110,7 @@ void __init init_speculation_mitigations(void) * on real hardware matches the availability of MSR_SPEC_CTRL in the * first place. * - * No need for SCF_ist_wrmsr because Xen's value is restored + * No need for SCF_ist_sc_msr because Xen's value is restored * atomically WRT NMIs in the VMExit path. * * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 60d6d2dc94..6f8b0e0934 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -31,7 +31,7 @@ * context switched per domain, and some inhibited in the S3 path. */ #define SCF_use_shadow (1 << 0) -#define SCF_ist_wrmsr (1 << 1) +#define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) @@ -46,7 +46,7 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_wrmsr) +#define SCF_IST_MASK (SCF_ist_sc_msr) /* * Some speculative protections are per-domain. These settings are merged diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 66b00d511f..0ff1b118f8 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -266,8 +266,8 @@ .L\@_skip_rsb: - test $SCF_ist_wrmsr, %al - jz .L\@_skip_wrmsr + test $SCF_ist_sc_msr, %al + jz .L\@_skip_msr_spec_ctrl xor %edx, %edx testb $3, UREGS_cs(%rsp) @@ -290,7 +290,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * to speculate around the WRMSR. As a result, we need a dispatch * serialising instruction in the else clause. */ -.L\@_skip_wrmsr: +.L\@_skip_msr_spec_ctrl: lfence UNLIKELY_END(\@_serialise) .endm @@ -301,7 +301,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %rbx=stack_end * Clobbers %rax, %rcx, %rdx */ - testb $SCF_ist_wrmsr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) + testb $SCF_ist_sc_msr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) jz .L\@_skip DO_SPEC_CTRL_EXIT_TO_XEN -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:47:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:47:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365909.596306 (Exim 4.92) (envelope-from ) id 1oBJ2S-0007nh-Ca; Tue, 12 Jul 2022 16:47:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365909.596306; Tue, 12 Jul 2022 16:47:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2S-0007nZ-9i; Tue, 12 Jul 2022 16:47:08 +0000 Received: by outflank-mailman (input) for mailman id 365909; Tue, 12 Jul 2022 16:47:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2R-0007nO-Dt for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2R-00039X-D4 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ2R-0001zk-CP for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=20KiV9v1fXq2ycJ9Ww7SUeJiO7KvU9HxlcjFni/EgLo=; b=H4x2CYPKylc5OZXdhHAEZOjeS6 1pfDnxF17xD8KNIedJN3j4OK2LZpNLVWS9QucF28zKytqiXXeOIpF9aMYlINc1gGAxVo7W25tn/ew RG0xg4WEqiMb5nkYeQXAojKEcOgnNWImIiy7b7qT7D7/2Fi0sbk51YTggFlOa9ARUUgY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch Message-Id: Date: Tue, 12 Jul 2022 16:47:07 +0000 commit c707015bf118df2c43e3a48b3774916322fca50a Author: Andrew Cooper AuthorDate: Mon Jul 4 21:32:17 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch We are about to introduce the use of IBPB at different points in Xen, making opt_ibpb ambiguous. Rename it to opt_ibpb_ctxt_switch. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit a8e5ef079d6f5c88c472e3e620db5a8d1402a50d) --- xen/arch/x86/domain.c | 2 +- xen/arch/x86/spec_ctrl.c | 10 +++++----- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 79f2c6ab19..2838f976d7 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2041,7 +2041,7 @@ void context_switch(struct vcpu *prev, struct vcpu *next) ctxt_switch_levelling(next); - if ( opt_ibpb && !is_idle_domain(nextd) ) + if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) ) { static DEFINE_PER_CPU(unsigned int, last); unsigned int *last_id = &this_cpu(last); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index a6def47061..ced0f8c2ae 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -54,7 +54,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb = true; +bool __read_mostly opt_ibpb_ctxt_switch = true; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -117,7 +117,7 @@ static int __init parse_spec_ctrl(const char *s) opt_thunk = THUNK_JMP; opt_ibrs = 0; - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; opt_ssbd = false; opt_l1d_flush = 0; opt_branch_harden = false; @@ -238,7 +238,7 @@ static int __init parse_spec_ctrl(const char *s) /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + opt_ibpb_ctxt_switch = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -458,7 +458,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", - opt_ibpb ? " IBPB" : "", + opt_ibpb_ctxt_switch ? " IBPB-ctxt" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm || opt_fb_clear_mmio ? " VERW" : "", @@ -1193,7 +1193,7 @@ void __init init_speculation_mitigations(void) /* Check we have hardware IBPB support before using it... */ if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 6f8b0e0934..fd8162ca9a 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -63,7 +63,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb; +extern bool opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:47:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:47:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365910.596309 (Exim 4.92) (envelope-from ) id 1oBJ2c-0007qG-E5; Tue, 12 Jul 2022 16:47:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365910.596309; Tue, 12 Jul 2022 16:47:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2c-0007q8-BL; Tue, 12 Jul 2022 16:47:18 +0000 Received: by outflank-mailman (input) for mailman id 365910; Tue, 12 Jul 2022 16:47:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2b-0007q1-Gc for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2b-00039h-Fq for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ2b-000209-FH for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Z6A5UY9/YvRhotCFJsCDQLwaGPwtiSIs9m8gUR+APo4=; b=xq6LrXbZ5Ga+mi5fwL90P9Zqfa b3Jz3DxUxOW0Y38JvNQbnnd0zc+9/vXCB+xVfL1Gz4RVhOQyU741N3ZlzSb0K+jgOvM+kMvO10Rw1 rYFNdCT7Sw9nuUpL4fk3gupoEdNXuLS6a74fuWeumhCxop10mxcC1tfpqjfae4R0Ynuo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST Message-Id: Date: Tue, 12 Jul 2022 16:47:17 +0000 commit d7f5fb1e2abd0d56cada9bfcf96ab530d214d9aa Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST We are shortly going to add a conditional IBPB in this path. Therefore, we cannot hold spec_ctrl_flags in %eax, and rely on only clobbering it after we're done with its contents. %rbx is available for use, and the more normal register to hold preserved information in. With %rax freed up, use it instead of %rdx for the RSB tmp register, and for the adjustment to spec_ctrl_flags. This leaves no use of %rdx, except as 0 for the upper half of WRMSR. In practice, %rdx is 0 from SAVE_ALL on all paths and isn't likely to change in the foreseeable future, so update the macro entry requirements to state this dependency. This marginal optimisation can be revisited if circumstances change. No practical change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e9b8d31981f184c6539f91ec54bd9cae29cdae36) --- xen/arch/x86/x86_64/entry.S | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 21 ++++++++++----------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 2f3f48ff27..9bfc5964a9 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -874,7 +874,7 @@ ENTRY(double_fault) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rbx @@ -910,7 +910,7 @@ handle_ist_exception: GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 0ff1b118f8..15e24cde00 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -251,34 +251,33 @@ */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* - * Requires %rsp=regs, %r14=stack_end - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY * maybexen=1, but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %eax + movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx - test $SCF_ist_rsb, %al + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb - DO_OVERWRITE_RSB tmp=rdx /* Clobbers %rcx/%rdx */ + DO_OVERWRITE_RSB /* Clobbers %rax/%rcx */ .L\@_skip_rsb: - test $SCF_ist_sc_msr, %al + test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl - xor %edx, %edx + xor %eax, %eax testb $3, UREGS_cs(%rsp) - setnz %dl - not %edx - and %dl, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + setnz %al + not %eax + and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax - xor %edx, %edx wrmsr /* Opencoded UNLIKELY_START() with no condition. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:47:28 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:47:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365911.596314 (Exim 4.92) (envelope-from ) id 1oBJ2m-0007sz-G4; Tue, 12 Jul 2022 16:47:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365911.596314; Tue, 12 Jul 2022 16:47:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2m-0007sr-D1; Tue, 12 Jul 2022 16:47:28 +0000 Received: by outflank-mailman (input) for mailman id 365911; Tue, 12 Jul 2022 16:47:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2l-0007sf-JY for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2l-00039r-Ik for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ2l-00020c-ID for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4LElS+c2Sw7KaCzk6E14i06wEPc5jeEvsTTj7dsnFIg=; b=a3YfXCrO1mDI2/E1tRkNyTp9/B qrejfZYIttJKdplk3Nrgs/I7j6UAERUXYsRQdSAL+ucI9VFKzebA3aNvyixK5Izm5T9p6k1vFRlBW RG6VRAb4+VNFYWxUQdKlHiExEtzlJzca3wNgQaX2XLlr1v9JIlEaOHYBmffCWolZKn6g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Support IBPB-on-entry Message-Id: Date: Tue, 12 Jul 2022 16:47:27 +0000 commit f0d78e0c11d3984c74f34a7325f862dee93a5835 Author: Andrew Cooper AuthorDate: Thu Feb 24 13:44:33 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/spec-ctrl: Support IBPB-on-entry We are going to need this to mitigate Branch Type Confusion on AMD/Hygon CPUs, but as we've talked about using it in other cases too, arrange to support it generally. However, this is also very expensive in some cases, so we're going to want per-domain controls. Introduce SCF_ist_ibpb and SCF_entry_ibpb controls, adding them to the IST and DOM masks as appropriate. Also introduce X86_FEATURE_IBPB_ENTRY_{PV,HVM} to to patch the code blocks. For SVM, the STGI is serialising enough to protect against Spectre-v1 attacks, so no "else lfence" is necessary. VT-x will use use the MSR host load list, so doesn't need any code in the VMExit path. For the IST path, we can't safely check CPL==0 to skip a flush, as we might have hit an entry path before it's IBPB. As IST hitting Xen is rare, flush irrespective of CPL. A later path, SCF_ist_sc_msr, provides Spectre-v1 safety. For the PV paths, we know we're interrupting CPL>0, while for the INTR paths, we can safely check CPL==0. Only flush when interrupting guest context. An "else lfence" is needed for safety, but we want to be able to skip it on unaffected CPUs, so the block wants to be an alternative, which means the lfence has to be inline rather than UNLIKELY() (the replacement block doesn't have displacements fixed up for anything other than the first instruction). As with SPEC_CTRL_ENTRY_FROM_INTR_IST, %rdx is 0 on entry so rely on this to shrink the logic marginally. Update the comments to specify this new dependency. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 53a570b285694947776d5190f591a0d5b9b18de7) --- xen/arch/x86/hvm/svm/entry.S | 18 +++++++++++++- xen/arch/x86/hvm/vmx/vmcs.c | 4 +++ xen/arch/x86/x86_64/compat/entry.S | 4 +-- xen/arch/x86/x86_64/entry.S | 10 ++++---- xen/include/asm-x86/cpufeatures.h | 2 ++ xen/include/asm-x86/spec_ctrl.h | 6 +++-- xen/include/asm-x86/spec_ctrl_asm.h | 49 +++++++++++++++++++++++++++++++++++-- 7 files changed, 81 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 4ae55a2ef6..0ff4008060 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -97,7 +97,19 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + + .macro svm_vmexit_cond_ibpb + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + jz .L_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr +.L_skip_ibpb: + .endm + ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM .macro svm_vmexit_spec_ctrl @@ -114,6 +126,10 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ + /* + * STGI is executed unconditionally, and is sufficiently serialising + * to safely resolve any Spectre-v1 concerns in the above logic. + */ stgi GLOBAL(svm_stgi_label) mov %rsp,%rdi diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index f9f9bc18cd..dd817cee4e 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1345,6 +1345,10 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); + if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, + VMX_MSR_HOST); + out: vmx_vmcs_exit(v); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 0cfe953142..5c999271e6 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -20,7 +20,7 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, 4(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ CR4_PV32_RESTORE @@ -216,7 +216,7 @@ ENTRY(cstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 9bfc5964a9..3c85933256 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -260,7 +260,7 @@ ENTRY(lstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -299,7 +299,7 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -351,7 +351,7 @@ ENTRY(int80_direct_trap) movl $0x80, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -618,7 +618,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -652,7 +652,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index f7488d3ccb..b233e5835f 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -39,6 +39,8 @@ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ +XEN_CPUFEATURE(IBPB_ENTRY_PV, X86_SYNTH(28)) /* MSR_PRED_CMD used by Xen for PV */ +XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for HVM */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index fd8162ca9a..10cd0cd251 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -34,6 +34,8 @@ #define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +#define SCF_ist_ibpb (1 << 4) +#define SCF_entry_ibpb (1 << 5) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -46,13 +48,13 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_sc_msr) +#define SCF_IST_MASK (SCF_ist_sc_msr | SCF_ist_ibpb) /* * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 15e24cde00..9eb4ad9ab7 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -88,6 +88,35 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ +.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +/* + * Requires %rsp=regs (also cpuinfo if !maybexen) + * Requires %r14=stack_end (if maybexen), %rdx=0 + * Clobbers %rax, %rcx, %rdx + * + * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen + * case, we can safely look at UREGS_cs to skip taking the hit when + * interrupting Xen. + */ + .if \maybexen + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + jz .L\@_skip + testb $3, UREGS_cs(%rsp) + .else + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + .endif + jz .L\@_skip + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + jmp .L\@_done + +.L\@_skip: + lfence +.L\@_done: +.endm + .macro DO_OVERWRITE_RSB tmp=rax /* * Requires nothing @@ -225,12 +254,16 @@ /* Use after an entry from PV context (syscall/sysenter/int80/int82/etc). */ #define SPEC_CTRL_ENTRY_FROM_PV \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV /* Use in interrupt/exception context. May interrupt Xen or PV context. */ #define SPEC_CTRL_ENTRY_FROM_INTR \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV @@ -254,11 +287,23 @@ * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rbx, %rcx, %rdx * - * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY - * maybexen=1, but with conditionals rather than alternatives. + * This is logical merge of: + * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_OVERWRITE_RSB + * DO_SPEC_CTRL_ENTRY maybexen=1 + * but with conditionals rather than alternatives. */ movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + test $SCF_ist_ibpb, %bl + jz .L\@_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + +.L\@_skip_ibpb: + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:47:38 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:47:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365912.596318 (Exim 4.92) (envelope-from ) id 1oBJ2w-0007vq-Hh; Tue, 12 Jul 2022 16:47:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365912.596318; Tue, 12 Jul 2022 16:47:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2w-0007vi-Eg; Tue, 12 Jul 2022 16:47:38 +0000 Received: by outflank-mailman (input) for mailman id 365912; Tue, 12 Jul 2022 16:47:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2v-0007vZ-Me for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ2v-0003AH-Lh for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ2v-00021C-L6 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7IMSZ4XTSszfa69YMOw2OvnzI8t0dOwah1iAJNmhaJw=; b=RgqFL585l/7n57ltplQ3WiIfqi +j61Ud5NXdnhfXS34Lrq/nDP93jO8JoKC/KJpHozs4YDwbXziskEzMe7bmCBddn0rtng0bGl40DZX BpnsjsAiERUIBbF8CbRFwypCV8sEZBq0OX7ZxMrTDKn4oPeug1hKHUOwXffoGONYaU4M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/cpuid: Enumeration for BTC_NO Message-Id: Date: Tue, 12 Jul 2022 16:47:37 +0000 commit 2b29ac476fa0c91655906fac3512202e514ecbed Author: Andrew Cooper AuthorDate: Mon May 16 15:48:24 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/cpuid: Enumeration for BTC_NO BTC_NO indicates that hardware is not succeptable to Branch Type Confusion. Zen3 CPUs don't suffer BTC. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76cb04ad64f3ab9ae785988c40655a71dde9c319) --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/cpu/amd.c | 10 ++++++++++ xen/arch/x86/spec_ctrl.c | 5 +++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index 9a4eb8015a..2632efc6ad 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -283,6 +283,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1}, {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, + {"btc-no", 0x80000008, NA, CPUID_REG_EBX, 29, 1}, {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 12111fe12d..e83bc4793d 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -157,7 +157,7 @@ static const char *const str_e8b[32] = /* [22] */ [23] = "ppin", [24] = "amd-ssbd", [25] = "virt-ssbd", [26] = "ssb-no", - [28] = "psfd", + [28] = "psfd", [29] = "btc-no", }; static const char *const str_7d0[32] = diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 986672a072..675b877f19 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -822,6 +822,16 @@ static void init_amd(struct cpuinfo_x86 *c) warning_add(text); } break; + + case 0x19: + /* + * Zen3 (Fam19h model < 0x10) parts are not susceptible to + * Branch Type Confusion, but predate the allocation of the + * BTC_NO bit. Fill it back in if we're not virtualised. + */ + if (!cpu_has_hypervisor && !cpu_has(c, X86_FEATURE_BTC_NO)) + __set_bit(X86_FEATURE_BTC_NO, c->x86_capability); + break; } display_cacheinfo(c); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ced0f8c2ae..9f66c71551 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -388,7 +388,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * Hardware read-only information, stating immunity to certain issues, or * suggestions of which mitigation to use. */ - printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", @@ -403,7 +403,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (e8b & cpufeat_mask(X86_FEATURE_IBRS_ALWAYS)) ? " IBRS_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", - (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : ""); + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : "", + (e8b & cpufeat_mask(X86_FEATURE_BTC_NO)) ? " BTC_NO" : ""); /* Hardware features which need driving to mitigate issues. */ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 9686c82ed7..1bbc7da4b5 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -265,6 +265,7 @@ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(BTC_NO, 8*32+29) /*A Hardware not vulnerable to Branch Type Confusion */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:47:48 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:47:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365913.596321 (Exim 4.92) (envelope-from ) id 1oBJ36-0007z4-KF; Tue, 12 Jul 2022 16:47:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365913.596321; Tue, 12 Jul 2022 16:47:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ36-0007yx-Hg; Tue, 12 Jul 2022 16:47:48 +0000 Received: by outflank-mailman (input) for mailman id 365913; Tue, 12 Jul 2022 16:47:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ35-0007yq-PP for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ35-0003AU-Oe for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ35-000226-Nx for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=37HIRgLLL3BkjJGzYiaSQp6/ORPq+WBd0WzfQ6AKPoE=; b=tfl/+UP2Yl9IpCxLENJTOTq4Jt F59m/b9lMNbxhVQ5k/G+gDMZNr5iUKFcmt2hUjz03JNlbJSif6zp78AVTQYW/w+poHEVAv3Z1z2l5 GIK33Dk4fHqCJU/jQXv+sdr8B3IrvuAFf1Sdk2yYynjvJFCjOhdsKaK8bg4fqDjvxtRg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Enable Zen2 chickenbit Message-Id: Date: Tue, 12 Jul 2022 16:47:47 +0000 commit 409976bed91f61fb7b053d536d2fc87cf3ad7018 Author: Andrew Cooper AuthorDate: Tue Mar 15 18:30:25 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/spec-ctrl: Enable Zen2 chickenbit ... as instructed in the Branch Type Confusion whitepaper. This is part of XSA-407. Signed-off-by: Andrew Cooper (cherry picked from commit 9deaf2d932f08c16c6b96a1c426e4b1142c0cdbe) --- xen/arch/x86/cpu/amd.c | 28 ++++++++++++++++++++++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 6 ++++++ xen/include/asm-x86/msr-index.h | 1 + 4 files changed, 36 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 675b877f19..60dbe61a61 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -731,6 +731,31 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) printk_once(XENLOG_ERR "No SSBD controls available\n"); } +/* + * On Zen2 we offer this chicken (bit) on the altar of Speculation. + * + * Refer to the AMD Branch Type Confusion whitepaper: + * https://XXX + * + * Setting this unnamed bit supposedly causes prediction information on + * non-branch instructions to be ignored. It is to be set unilaterally in + * newer microcode. + * + * This chickenbit is something unrelated on Zen1, and Zen1 vs Zen2 isn't a + * simple model number comparison, so use STIBP as a heuristic to separate the + * two uarches in Fam17h(AMD)/18h(Hygon). + */ +void amd_init_spectral_chicken(void) +{ + uint64_t val, chickenbit = 1 << 1; + + if (cpu_has_hypervisor || !boot_cpu_has(X86_FEATURE_AMD_STIBP)) + return; + + if (rdmsr_safe(MSR_AMD64_DE_CFG2, val) == 0 && !(val & chickenbit)) + wrmsr_safe(MSR_AMD64_DE_CFG2, val | chickenbit); +} + static void init_amd(struct cpuinfo_x86 *c) { u32 l, h; @@ -783,6 +808,9 @@ static void init_amd(struct cpuinfo_x86 *c) amd_init_ssbd(c); + if (c->x86 == 0x17) + amd_init_spectral_chicken(); + /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 1a5b3918b3..e76ab5ce1a 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -22,3 +22,4 @@ void early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); +void amd_init_spectral_chicken(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 3845e0cf0e..0cb0e7d55e 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -36,6 +36,12 @@ static void init_hygon(struct cpuinfo_x86 *c) amd_init_ssbd(c); + /* + * TODO: Check heuristic safety with Hygon first + if (c->x86 == 0x18) + amd_init_spectral_chicken(); + */ + /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 1e743461e9..b4a360723b 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -359,6 +359,7 @@ #define MSR_AMD64_DE_CFG 0xc0011029 #define AMD64_DE_CFG_LFENCE_SERIALISE (_AC(1, ULL) << 1) #define MSR_AMD64_EX_CFG 0xc001102c +#define MSR_AMD64_DE_CFG2 0xc00110e3 #define MSR_AMD64_DR0_ADDRESS_MASK 0xc0011027 #define MSR_AMD64_DR1_ADDRESS_MASK 0xc0011019 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:47:58 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:47:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365914.596326 (Exim 4.92) (envelope-from ) id 1oBJ3G-000828-M2; Tue, 12 Jul 2022 16:47:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365914.596326; Tue, 12 Jul 2022 16:47:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3G-000820-JE; Tue, 12 Jul 2022 16:47:58 +0000 Received: by outflank-mailman (input) for mailman id 365914; Tue, 12 Jul 2022 16:47:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3F-00081t-SM for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3F-0003AY-Ra for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ3F-00022Y-R2 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:47:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mMB9Npw28Q6SGY05SNKO6adHpK39lUYAN+VcT/114po=; b=LS1dqOxP17ff62SAMVWAumPBXo h7o86VhqhItVJgmlRHxYSjlEtiLPIbnu4JDC5eIku8DhpMAhPVAICD5fHflWWHgCxY2pp1m+bdWib HRIqNU/JIBFJe83Jpwid9OdjXDCSu1mmNwFPk6JOmYxRqVmb1Av4AhVVlY7/M40o9+5U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Mitigate Branch Type Confusion when possible Message-Id: Date: Tue, 12 Jul 2022 16:47:57 +0000 commit 35bf91d30f1a480dcf5bfd99b79384b2b283da7f Author: Andrew Cooper AuthorDate: Mon Jun 27 19:29:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/spec-ctrl: Mitigate Branch Type Confusion when possible Branch Type Confusion affects AMD/Hygon CPUs on Zen2 and earlier. To mitigate, we require SMT safety (STIBP on Zen2, no-SMT on Zen1), and to issue an IBPB on each entry to Xen, to flush the BTB. Due to performance concerns, dom0 (which is trusted in most configurations) is excluded from protections by default. Therefore: * Use STIBP by default on Zen2 too, which now means we want it on by default on all hardware supporting STIBP. * Break the current IBPB logic out into a new function, extending it with IBPB-at-entry logic. * Change the existing IBPB-at-ctxt-switch boolean to be tristate, and disable it by default when IBPB-at-entry is providing sufficient safety. If all PV guests on the system are trusted, then it is recommended to boot with `spec-ctrl=ibpb-entry=no-pv`, as this will provide an additional marginal perf improvement. This is part of XSA-407 / CVE-2022-23825. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit d8cb7e0f069e0f106d24941355b59b45a731eabe) --- docs/misc/xen-command-line.pandoc | 14 +++-- xen/arch/x86/spec_ctrl.c | 113 ++++++++++++++++++++++++++++++++++---- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 112 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index b06db5f654..b73c4a6050 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2170,7 +2170,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,md-clear}=|{pv,hvm}=, +> {msr-sc,rsb,md-clear,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2195,9 +2195,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine -grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and/or Xen's ability to virtualise support for guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `md-clear=` and `ibpb-entry=` options +offer fine grained control over the primitives by Xen. These impact Xen's +ability to protect itself, and/or Xen's ability to virtualise support for +guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2216,6 +2217,11 @@ protect itself, and/or Xen's ability to virtualise support for guests to use. compatibility with development versions of this fix, `mds=` is also accepted on Xen 4.12 and earlier as an alias. Consult vendor documentation in preference to here.* +* `ibpb-entry=` offers control over whether IBPB (Indirect Branch Prediction + Barrier) is used on entry to Xen. This is used by default on hardware + vulnerable to Branch Type Confusion, but for performance reasons, dom0 is + unprotected by default. If it necessary to protect dom0 too, boot with + `spec-ctrl=ibpb-entry`. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 9f66c71551..563519ce0e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -39,6 +39,10 @@ static bool __initdata opt_rsb_hvm = true; static int8_t __read_mostly opt_md_clear_pv = -1; static int8_t __read_mostly opt_md_clear_hvm = -1; +static int8_t __read_mostly opt_ibpb_entry_pv = -1; +static int8_t __read_mostly opt_ibpb_entry_hvm = -1; +static bool __read_mostly opt_ibpb_entry_dom0; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -54,7 +58,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb_ctxt_switch = true; +int8_t __read_mostly opt_ibpb_ctxt_switch = -1; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -114,6 +118,9 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = false; opt_md_clear_pv = 0; opt_md_clear_hvm = 0; + opt_ibpb_entry_pv = 0; + opt_ibpb_entry_hvm = 0; + opt_ibpb_entry_dom0 = false; opt_thunk = THUNK_JMP; opt_ibrs = 0; @@ -140,12 +147,14 @@ static int __init parse_spec_ctrl(const char *s) opt_msr_sc_pv = val; opt_rsb_pv = val; opt_md_clear_pv = val; + opt_ibpb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { opt_msr_sc_hvm = val; opt_rsb_hvm = val; opt_md_clear_hvm = val; + opt_ibpb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -210,6 +219,28 @@ static int __init parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("ibpb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_ibpb_entry_pv = opt_ibpb_entry_hvm = + opt_ibpb_entry_dom0 = val; + break; + + case -2: + s += strlen("ibpb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_ibpb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_ibpb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -477,27 +508,31 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -730,6 +765,55 @@ static bool __init should_use_eager_fpu(void) } } +static void __init ibpb_calculations(void) +{ + /* Check we have hardware IBPB support before using it... */ + if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) + { + opt_ibpb_entry_hvm = opt_ibpb_entry_pv = opt_ibpb_ctxt_switch = 0; + opt_ibpb_entry_dom0 = false; + return; + } + + /* + * IBPB-on-entry mitigations for Branch Type Confusion. + * + * IBPB && !BTC_NO selects all AMD/Hygon hardware, not known to be safe, + * that we can provide some form of mitigation on. + */ + if ( opt_ibpb_entry_pv == -1 ) + opt_ibpb_entry_pv = (IS_ENABLED(CONFIG_PV) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + if ( opt_ibpb_entry_hvm == -1 ) + opt_ibpb_entry_hvm = (IS_ENABLED(CONFIG_HVM) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + + if ( opt_ibpb_entry_pv ) + { + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_PV); + + /* + * We only need to flush in IST context if we're protecting against PV + * guests. HVM IBPB-on-entry protections are both atomic with + * NMI/#MC, so can't interrupt Xen ahead of having already flushed the + * BTB. + */ + default_spec_ctrl_flags |= SCF_ist_ibpb; + } + if ( opt_ibpb_entry_hvm ) + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); + + /* + * If we're using IBPB-on-entry to protect against PV and HVM guests + * (ignoring dom0 if trusted), then there's no need to also issue IBPB on + * context switch too. + */ + if ( opt_ibpb_ctxt_switch == -1 ) + opt_ibpb_ctxt_switch = !(opt_ibpb_entry_hvm && opt_ibpb_entry_pv); +} + /* Calculate whether this CPU is vulnerable to L1TF. */ static __init void l1tf_calculations(uint64_t caps) { @@ -985,8 +1069,12 @@ void spec_ctrl_init_domain(struct domain *d) bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || (opt_fb_clear_mmio && is_iommu_enabled(d))); + bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && + (d->domain_id != 0 || opt_ibpb_entry_dom0)); + d->arch.spec_ctrl_flags = (verw ? SCF_verw : 0) | + (ibpb ? SCF_entry_ibpb : 0) | 0; } @@ -1133,12 +1221,15 @@ void __init init_speculation_mitigations(void) } /* - * Use STIBP by default if the hardware hint is set. Otherwise, leave it - * off as it a severe performance pentalty on pre-eIBRS Intel hardware - * where it was retrofitted in microcode. + * Use STIBP by default on all AMD systems. Zen3 and later enumerate + * STIBP_ALWAYS, but STIBP is needed on Zen2 as part of the mitigations + * for Branch Type Confusion. + * + * Leave STIBP off by default on Intel. Pre-eIBRS systems suffer a + * substantial perf hit when it was implemented in microcode. */ if ( opt_stibp == -1 ) - opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + opt_stibp = !!boot_cpu_has(X86_FEATURE_AMD_STIBP); if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) @@ -1192,9 +1283,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_hvm ) setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM); - /* Check we have hardware IBPB support before using it... */ - if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb_ctxt_switch = false; + ibpb_calculations(); /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 10cd0cd251..33e845991b 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -65,7 +65,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb_ctxt_switch; +extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:48:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:48:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365915.596330 (Exim 4.92) (envelope-from ) id 1oBJ3R-00084w-NT; Tue, 12 Jul 2022 16:48:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365915.596330; Tue, 12 Jul 2022 16:48:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3R-00084o-Kz; Tue, 12 Jul 2022 16:48:09 +0000 Received: by outflank-mailman (input) for mailman id 365915; Tue, 12 Jul 2022 16:48:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3Q-00084d-CA for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3Q-0003Aw-BL for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ3Q-00025G-Aq for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=R9FFsC1x39DGLRHQpsq6GBVdhc14/K3SV2ToLG1QjRc=; b=C1lTAAG7wG1WMX/Fo2m2PhRuFh 24cDojuG0ASCj/eHv1Tj5ndbPlCMYxfTVtE0OYIeT7Lhkr0THaBdlUP0Tx+bdESIbBeLMISp6kqb2 ptvRSK43BMhx/n5feaY8YW/syXKvc5m+MnV0uN8kOUVFqcRUURWif2ToHastgb0iA8PQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option Message-Id: Date: Tue, 12 Jul 2022 16:48:08 +0000 commit 104dd4618ed0aeba098d8cf5e70978969f9e2d5c Author: Andrew Cooper AuthorDate: Fri Jul 8 16:11:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option This was an oversight from when unpriv-mmio was introduced. Fixes: 8c24b70fedcb ("x86/spec-ctrl: Add spec-ctrl=unpriv-mmio") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4cdb519d797c19ebb8fadc5938cdb47479d5a21b) --- xen/arch/x86/spec_ctrl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 83b856fa91..58a2797dfe 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -118,6 +118,7 @@ static int __init parse_spec_ctrl(const char *s) opt_l1d_flush = 0; opt_branch_harden = false; opt_srb_lock = 0; + opt_unpriv_mmio = false; } else if ( val > 0 ) rc = -EINVAL; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:48:19 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:48:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365916.596334 (Exim 4.92) (envelope-from ) id 1oBJ3b-00087w-Pp; Tue, 12 Jul 2022 16:48:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365916.596334; Tue, 12 Jul 2022 16:48:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3b-00087o-MT; Tue, 12 Jul 2022 16:48:19 +0000 Received: by outflank-mailman (input) for mailman id 365916; Tue, 12 Jul 2022 16:48:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3a-00087T-Ev for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3a-0003B6-E9 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ3a-000261-Da for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:18 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fz5RTmm6a57GvvKcrSZ8SbRm/IJEoAg+BpScRneth2U=; b=PfdpX7GLS0gRxXRRdkoA+vlqqp 701kpSjmra3S7kADk4EZtkPt13HImMwp07gswCtIXtHH6t+kAuXHRsJHDfvMQw3Nv0KvDDbtWo3Df JIAMUVMejpLk8IrdPKyTl3JNQ9kYMPU+50ZAyaIiksoIyiQa+ee2pkIWKv6/P531KykU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Message-Id: Date: Tue, 12 Jul 2022 16:48:18 +0000 commit a556377de55116b8d4151315ff85f6615e83d52d Author: Andrew Cooper AuthorDate: Mon Jun 27 11:54:27 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Back at the time of the original Spectre-v2 fixes, it was recommended to clear MSR_SPEC_CTRL when going idle. This is because of the side effects on the sibling thread caused by the microcode IBRS and STIBP implementations which were retrofitted to existing CPUs. However, there are no relevant cross-thread impacts for the hardware IBRS/STIBP implementations, so this logic should not be used on Intel CPUs supporting eIBRS, or any AMD CPUs; doing so only adds unnecessary latency to the idle path. Furthermore, there's no point playing with MSR_SPEC_CTRL in the idle paths if SMT is disabled for other reasons. Fixes: 8d03080d2a33 ("x86/spec-ctrl: Cease using thunk=lfence on AMD") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné (cherry picked from commit ffc7694e0c99eea158c32aa164b7d1e1bb1dc46b) --- xen/arch/x86/spec_ctrl.c | 10 ++++++++-- xen/include/asm-x86/cpufeatures.h | 2 +- xen/include/asm-x86/spec_ctrl.h | 5 +++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 58a2797dfe..d7f767b073 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1104,8 +1104,14 @@ void __init init_speculation_mitigations(void) /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ init_shadow_spec_ctrl_state(); - /* If Xen is using any MSR_SPEC_CTRL settings, adjust the idle path. */ - if ( default_xen_spec_ctrl ) + /* + * For microcoded IBRS only (i.e. Intel, pre eIBRS), it is recommended to + * clear MSR_SPEC_CTRL before going idle, to avoid impacting sibling + * threads. Activate this if SMT is enabled, and Xen is using a non-zero + * MSR_SPEC_CTRL setting. + */ + if ( boot_cpu_has(X86_FEATURE_IBRSB) && !(caps & ARCH_CAPS_IBRS_ALL) && + hw_smt_enabled && default_xen_spec_ctrl ) setup_force_cpu_cap(X86_FEATURE_SC_MSR_IDLE); xpti_init_default(caps); diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 9eaab7a2a1..f7488d3ccb 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -33,7 +33,7 @@ XEN_CPUFEATURE(SC_MSR_HVM, X86_SYNTH(17)) /* MSR_SPEC_CTRL used by Xen fo XEN_CPUFEATURE(SC_RSB_PV, X86_SYNTH(18)) /* RSB overwrite needed for PV */ XEN_CPUFEATURE(SC_RSB_HVM, X86_SYNTH(19)) /* RSB overwrite needed for HVM */ XEN_CPUFEATURE(XEN_SELFSNOOP, X86_SYNTH(20)) /* SELFSNOOP gets used by Xen itself */ -XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* (SC_MSR_PV || SC_MSR_HVM) && default_xen_spec_ctrl */ +XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on idle */ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ /* Bits 23,24 unused. */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 68f6c46c47..12283573cd 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -78,7 +78,8 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) uint32_t val = 0; /* - * Branch Target Injection: + * It is recommended in some cases to clear MSR_SPEC_CTRL when going idle, + * to avoid impacting sibling threads. * * Latch the new shadow value, then enable shadowing, then update the MSR. * There are no SMP issues here; only local processor ordering concerns. @@ -114,7 +115,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) uint32_t val = info->xen_spec_ctrl; /* - * Branch Target Injection: + * Restore MSR_SPEC_CTRL on exit from idle. * * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:48:29 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:48:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365917.596338 (Exim 4.92) (envelope-from ) id 1oBJ3l-0008B8-SY; Tue, 12 Jul 2022 16:48:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365917.596338; Tue, 12 Jul 2022 16:48:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3l-0008B1-Pv; Tue, 12 Jul 2022 16:48:29 +0000 Received: by outflank-mailman (input) for mailman id 365917; Tue, 12 Jul 2022 16:48:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3k-0008At-IQ for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3k-0003BD-HY for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ3k-00026x-Gk for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:28 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OP1dU/SsbdeCvkFJtr9lMlgM3myF5mZFQFx4ycKKOqs=; b=nX/Lw9Rq4Co6AQjJbzUyuOacSM 9f0TB6WIIFdjJC52118SqPf9jnn24sM8A7pX6vNZGYO9ZAc5zzu+oy87euEPPwWSEPTy1WPj6rWDI db1r6GllPhZ5Mfjq+K8EpZu9QpxeMFc2EYZaNyPf4HzSVotp60I+NKbqXW+0XfxItTPw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint Message-Id: Date: Tue, 12 Jul 2022 16:48:28 +0000 commit f1786895f194cdd0c7fec4ff192cef8e4aa3ff9d Author: Andrew Cooper AuthorDate: Wed Mar 16 13:07:40 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint STIBP and PSFD are slightly weird bits, because they're both implied by other bits in MSR_SPEC_CTRL. Add fine grain controls for them, and take the implications into account when setting IBRS/SSBD. Rearrange the IBPB text/variables/logic to keep all the MSR_SPEC_CTRL bits together, for consistency. However, AMD have a hardware hint CPUID bit recommending that STIBP be set unilaterally. This is advertised on Zen3, so follow the recommendation. Furthermore, in such cases, set STIBP behind the guest's back for now. This has negligible overhead for the guest, but saves a WRMSR on vmentry. This is the only default change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit fef244b179c06fcdfa581f7d57fa6e578c49ff50) --- docs/misc/xen-command-line.pandoc | 21 ++++++++++--- xen/arch/x86/hvm/svm/vmcb.c | 9 ++++++ xen/arch/x86/spec_ctrl.c | 65 +++++++++++++++++++++++++++++++++------ 3 files changed, 81 insertions(+), 14 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index d1d5852cdd..2302cec91f 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2105,8 +2105,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, -> l1d-flush,branch-harden,srb-lock,unpriv-mmio}= ]` +> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> eager-fpu,l1d-flush,branch-harden,srb-lock, +> unpriv-mmio}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2156,9 +2157,10 @@ On hardware supporting IBRS (Indirect Branch Restricted Speculation), the If Xen is not using IBRS itself, functionality is still set up so IBRS can be virtualised for guests. -On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` -option can be used to force (the default) or prevent Xen from issuing branch -prediction barriers on vcpu context switches. +On hardware supporting STIBP (Single Thread Indirect Branch Predictors), the +`stibp=` option can be used to force or prevent Xen using the feature itself. +By default, Xen will use STIBP when IBRS is in use (IBRS implies STIBP), and +when hardware hints recommend using it as a blanket setting. On hardware supporting SSBD (Speculative Store Bypass Disable), the `ssbd=` option can be used to force or prevent Xen using the feature itself. On AMD @@ -2166,6 +2168,15 @@ hardware, this is a global option applied at boot, and not virtualised for guest use. On Intel hardware, the feature is virtualised for guests, independently of Xen's choice of setting. +On hardware supporting PSFD (Predictive Store Forwarding Disable), the `psfd=` +option can be used to force or prevent Xen using the feature itself. By +default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by +default. + +On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` +option can be used to force (the default) or prevent Xen from issuing branch +prediction barriers on vcpu context switches. + On all hardware, the `eager-fpu=` option can be used to force or prevent Xen from using fully eager FPU context switches. This is currently implemented as a global control. By default, Xen will choose to use fully eager context diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 55da9302e5..a0bf9f4e05 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -29,6 +29,7 @@ #include #include #include +#include struct vmcb_struct *alloc_vmcb(void) { @@ -175,6 +176,14 @@ static int construct_vmcb(struct vcpu *v) vmcb->_pause_filter_thresh = SVM_PAUSETHRESH_INIT; } + /* + * When default_xen_spec_ctrl simply SPEC_CTRL_STIBP, default this behind + * the back of the VM too. Our SMT topology isn't accurate, the overhead + * is neglegable, and doing this saves a WRMSR on the vmentry path. + */ + if ( default_xen_spec_ctrl == SPEC_CTRL_STIBP ) + v->arch.msrs->spec_ctrl.raw = SPEC_CTRL_STIBP; + return 0; } diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index d7f767b073..06790897e4 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -48,9 +48,13 @@ static enum ind_thunk { THUNK_LFENCE, THUNK_JMP, } opt_thunk __initdata = THUNK_DEFAULT; + static int8_t __initdata opt_ibrs = -1; +int8_t __initdata opt_stibp = -1; +bool __read_mostly opt_ssbd; +int8_t __initdata opt_psfd = -1; + bool __read_mostly opt_ibpb = true; -bool __read_mostly opt_ssbd = false; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -173,12 +177,20 @@ static int __init parse_spec_ctrl(const char *s) else rc = -EINVAL; } + + /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) opt_ibrs = val; - else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + else if ( (val = parse_boolean("stibp", s, ss)) >= 0 ) + opt_stibp = val; else if ( (val = parse_boolean("ssbd", s, ss)) >= 0 ) opt_ssbd = val; + else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) + opt_psfd = val; + + /* Misc settings. */ + else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) + opt_ibpb = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -377,7 +389,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -391,6 +403,9 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (!boot_cpu_has(X86_FEATURE_SSBD) && !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", + (!boot_cpu_has(X86_FEATURE_PSFD) && + !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -951,10 +966,7 @@ void __init init_speculation_mitigations(void) if ( !has_spec_ctrl ) printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); else if ( opt_ibrs == -1 ) - { opt_ibrs = ibrs = true; - default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; - } if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) thunk = THUNK_JMP; @@ -1058,14 +1070,49 @@ void __init init_speculation_mitigations(void) setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - /* If we have IBRS available, see whether we should use it. */ + /* Figure out default_xen_spec_ctrl. */ if ( has_spec_ctrl && ibrs ) + { + /* IBRS implies STIBP. */ + if ( opt_stibp == -1 ) + opt_stibp = 1; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + } + + /* + * Use STIBP by default if the hardware hint is set. Otherwise, leave it + * off as it a severe performance pentalty on pre-eIBRS Intel hardware + * where it was retrofitted in microcode. + */ + if ( opt_stibp == -1 ) + opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + + if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || + boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) + default_xen_spec_ctrl |= SPEC_CTRL_STIBP; - /* If we have SSBD available, see whether we should use it. */ if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) + { + /* SSBD implies PSFD */ + if ( opt_psfd == -1 ) + opt_psfd = 1; + default_xen_spec_ctrl |= SPEC_CTRL_SSBD; + } + + /* + * Don't use PSFD by default. AMD designed the predictor to + * auto-clear on privilege change. PSFD is implied by SSBD, which is + * off by default. + */ + if ( opt_psfd == -1 ) + opt_psfd = 0; + + if ( opt_psfd && (boot_cpu_has(X86_FEATURE_PSFD) || + boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ) + default_xen_spec_ctrl |= SPEC_CTRL_PSFD; /* * PV guests can poison the RSB to any virtual address from which -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:48:39 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:48:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365918.596342 (Exim 4.92) (envelope-from ) id 1oBJ3v-0008E5-UG; Tue, 12 Jul 2022 16:48:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365918.596342; Tue, 12 Jul 2022 16:48:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3v-0008Du-RY; Tue, 12 Jul 2022 16:48:39 +0000 Received: by outflank-mailman (input) for mailman id 365918; Tue, 12 Jul 2022 16:48:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3u-0008Df-L8 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ3u-0003Bg-KM for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ3u-00027e-Jn for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7Fp54IRqf+5+mLKtRbuBpZw4+prdQ5Hh3VejKTKBtAY=; b=A+T4EbOjrEJ9TuvvWFULHnRugg 1W2k7xnO+2Q1GDPpA49jQuNmlZi/7kx5kAD8HHjt+g3tdjL7tqOWlN3UB9yLq9YyUMuj5qwJ+aC3I ozcjpD7eESjBsxoXMpx1YoOa3gUI6Ldv+I+RtIZTGy5pzLC6n0pSySDXlVPyUGlzaIfQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] xen/cmdline: Extend parse_boolean() to signal a name match Message-Id: Date: Tue, 12 Jul 2022 16:48:38 +0000 commit 2d316660e542fb843f8ac394cc0f961787d19301 Author: Andrew Cooper AuthorDate: Tue Jul 5 19:19:01 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 xen/cmdline: Extend parse_boolean() to signal a name match This will help parsing a sub-option which has boolean and non-boolean options available. First, rework 'int val' into 'bool has_neg_prefix'. This inverts it's value, but the resulting logic is far easier to follow. Second, reject anything of the form 'no-$FOO=' which excludes ambiguous constructs such as 'no-$foo=yes' which have never been valid. This just leaves the case where everything is otherwise fine, but parse_bool() can't interpret the provided string. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross Reviewed-by: Jan Beulich (cherry picked from commit 382326cac528dd1eb0d04efd5c05363c453e29f4) --- xen/common/kernel.c | 20 ++++++++++++++++---- xen/include/xen/lib.h | 3 ++- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index c3a943f077..f07ff41d88 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -272,9 +272,9 @@ int parse_bool(const char *s, const char *e) int parse_boolean(const char *name, const char *s, const char *e) { size_t slen, nlen; - int val = !!strncmp(s, "no-", 3); + bool has_neg_prefix = !strncmp(s, "no-", 3); - if ( !val ) + if ( has_neg_prefix ) s += 3; slen = e ? ({ ASSERT(e >= s); e - s; }) : strlen(s); @@ -286,11 +286,23 @@ int parse_boolean(const char *name, const char *s, const char *e) /* Exact, unadorned name? Result depends on the 'no-' prefix. */ if ( slen == nlen ) - return val; + return !has_neg_prefix; + + /* Inexact match with a 'no-' prefix? Not valid. */ + if ( has_neg_prefix ) + return -1; /* =$SOMETHING? Defer to the regular boolean parsing. */ if ( s[nlen] == '=' ) - return parse_bool(&s[nlen + 1], e); + { + int b = parse_bool(&s[nlen + 1], e); + + if ( b >= 0 ) + return b; + + /* Not a boolean, but the name matched. Signal specially. */ + return -2; + } /* Unrecognised. Give up. */ return -1; diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index 076bcfb67d..900c0ce3e4 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -82,7 +82,8 @@ int parse_bool(const char *s, const char *e); /** * Given a specific name, parses a string of the form: * [no-]$NAME[=...] - * returning 0 or 1 for a recognised boolean, or -1 for an error. + * returning 0 or 1 for a recognised boolean. Returns -1 for general errors, + * and -2 for "not a boolean, but $NAME= matches". */ int parse_boolean(const char *name, const char *s, const char *e); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:48:50 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:48:50 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365919.596346 (Exim 4.92) (envelope-from ) id 1oBJ45-0008H5-Vg; Tue, 12 Jul 2022 16:48:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365919.596346; Tue, 12 Jul 2022 16:48:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ45-0008Gq-T4; Tue, 12 Jul 2022 16:48:49 +0000 Received: by outflank-mailman (input) for mailman id 365919; Tue, 12 Jul 2022 16:48:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ44-0008GU-O2 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ44-0003Bs-NH for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ44-0002A8-Ml for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=85S6Y11ltv5X7RRk97/Wtjj/LrMUChlS1x3lSxh4Uic=; b=p3wW6enFA6Aru8KaBboHUzLx0L +W0zb+FHT6uJndBbxrGQKIPQ9D4nHjeBj4ky3jXSYP5tlzupKb2ZEaqK0RU5rXiYx1fR7Qj3Von35 JCwgcO4LPXkc0FEFdNSsK2UzjViU8PzsK/xTPkZgJSCemEvVOcijKPI3PNYMNWw89JpQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Message-Id: Date: Tue, 12 Jul 2022 16:48:48 +0000 commit e5fd5081e078ec4ac6e0f3b60fe6c1475a3f2e18 Author: Andrew Cooper AuthorDate: Fri Jul 8 16:44:43 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Support controling the PV/HVM suboption of msr-sc/rsb/md-clear, which previously wasn't possible. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 27357c394ba6e1571a89105b840ce1c6f026485c) --- docs/misc/xen-command-line.pandoc | 12 +++++-- xen/arch/x86/spec_ctrl.c | 66 +++++++++++++++++++++++++++++++++------ 2 files changed, 66 insertions(+), 12 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 2302cec91f..a84f5c1921 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2104,7 +2104,8 @@ not be able to control the state of the mitigation. By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) -> `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, +> `= List of [ , xen=, {pv,hvm}=, +> {msr-sc,rsb,md-clear}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2129,12 +2130,17 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The booleans `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` offer fine +The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and Xen's ability to virtualise support for guests to use. +protect itself, and/or Xen's ability to virtualise support for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. +* Each other option can be used either as a plain boolean + (e.g. `spec-ctrl=rsb` to control both the PV and HVM sub-options), or with + `pv=` or `hvm=` subsuboptions (e.g. `spec-ctrl=rsb=no-hvm` to disable HVM + RSB only). + * `msr-sc=` offers control over Xen's support for manipulating `MSR_SPEC_CTRL` on entry and exit. These blocks are necessary to virtualise support for guests and if disabled, guests will be unable to use IBRS/STIBP/SSBD/etc. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 06790897e4..225fe08259 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -147,20 +147,68 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_md_clear_hvm = val; } - else if ( (val = parse_boolean("msr-sc", s, ss)) >= 0 ) + else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { - opt_msr_sc_pv = val; - opt_msr_sc_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_msr_sc_pv = opt_msr_sc_hvm = val; + break; + + case -2: + s += strlen("msr-sc="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_msr_sc_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_msr_sc_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("rsb", s, ss)) >= 0 ) + else if ( (val = parse_boolean("rsb", s, ss)) != -1 ) { - opt_rsb_pv = val; - opt_rsb_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_rsb_pv = opt_rsb_hvm = val; + break; + + case -2: + s += strlen("rsb="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_rsb_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_rsb_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("md-clear", s, ss)) >= 0 ) + else if ( (val = parse_boolean("md-clear", s, ss)) != -1 ) { - opt_md_clear_pv = val; - opt_md_clear_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_md_clear_pv = opt_md_clear_hvm = val; + break; + + case -2: + s += strlen("md-clear="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_md_clear_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_md_clear_hvm = val; + else + default: + rc = -EINVAL; + break; + } } /* Xen's speculative sidechannel mitigation settings. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:49:00 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:49:00 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365920.596350 (Exim 4.92) (envelope-from ) id 1oBJ4G-0008Jm-1g; Tue, 12 Jul 2022 16:49:00 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365920.596350; Tue, 12 Jul 2022 16:49:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4F-0008Je-Ua; Tue, 12 Jul 2022 16:48:59 +0000 Received: by outflank-mailman (input) for mailman id 365920; Tue, 12 Jul 2022 16:48:58 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4E-0008JX-Qz for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4E-0003C2-QD for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ4E-0002Be-Pf for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:48:58 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mpmv97PzssMt8bO/fwgqqai9TIA0uxrr1CijvCexr9I=; b=5Eu2P8ZYWFK6W0TBtApud71tNz KBTwgl/FgRcCL8HAgKU5fSssboRKb/KlgtkFBtye7ozI5kwbZTOywT51l4wirJBgCA9NLLH1p4ytc ohq3EPfReLZ+tmhvEJb/S8kQVkqstjiRAXJtgdfr53e9/S1rW3ACikvi0zeg++Ssa9ys=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Rework spec_ctrl_flags context switching Message-Id: Date: Tue, 12 Jul 2022 16:48:58 +0000 commit b60c995d67e764cc634fc1b705b8a9502de0a4e1 Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Rework spec_ctrl_flags context switching We are shortly going to need to context switch new bits in both the vcpu and S3 paths. Introduce SCF_IST_MASK and SCF_DOM_MASK, and rework d->arch.verw into d->arch.spec_ctrl_flags to accommodate. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5796912f7279d9348a3166655588d30eae9f72cc) --- xen/arch/x86/acpi/power.c | 8 ++++---- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/spec_ctrl.c | 9 ++++++--- xen/include/asm-x86/domain.h | 3 +-- xen/include/asm-x86/spec_ctrl.h | 30 +++++++++++++++++++++++++++++- xen/include/asm-x86/spec_ctrl_asm.h | 3 --- 6 files changed, 44 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 774e0fcd35..06f3e0e9f3 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -246,8 +246,8 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; + /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ + ci->spec_ctrl_flags &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -290,8 +290,8 @@ static int enter_state(u32 state) if ( !recheck_cpu_features(0) ) panic("Missing previously available feature(s)\n"); - /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); + /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ + ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 5ea5ef6ba0..305a63b67e 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1838,10 +1838,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the VERW disposition. */ - info->spec_ctrl_flags &= ~SCF_verw; - if ( nextd->arch.verw ) - info->spec_ctrl_flags |= SCF_verw; + /* Update the top-of-stack block with the new spec_ctrl settings. */ + info->spec_ctrl_flags = + (info->spec_ctrl_flags & ~SCF_DOM_MASK) | + (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 225fe08259..0fabfbe2a9 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -981,9 +981,12 @@ void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); - d->arch.verw = - (pv ? opt_md_clear_pv : opt_md_clear_hvm) || - (opt_fb_clear_mmio && is_iommu_enabled(d)); + bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || + (opt_fb_clear_mmio && is_iommu_enabled(d))); + + d->arch.spec_ctrl_flags = + (verw ? SCF_verw : 0) | + 0; } void __init init_speculation_mitigations(void) diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index 4ee76bba45..53d5a43ec0 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -308,8 +308,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - /* Use VERW on return-to-guest for its flushing side effect. */ - bool verw; + uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 12283573cd..60d6d2dc94 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -20,12 +20,40 @@ #ifndef __X86_SPEC_CTRL_H__ #define __X86_SPEC_CTRL_H__ -/* Encoding of cpuinfo.spec_ctrl_flags */ +/* + * Encoding of: + * cpuinfo.spec_ctrl_flags + * default_spec_ctrl_flags + * domain.spec_ctrl_flags + * + * Live settings are in the top-of-stack block, because they need to be + * accessable when XPTI is active. Some settings are fixed from boot, some + * context switched per domain, and some inhibited in the S3 path. + */ #define SCF_use_shadow (1 << 0) #define SCF_ist_wrmsr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +/* + * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some + * functionality requires updated microcode to work. + * + * On boot, this is easy; we load microcode before figuring out which + * speculative protections to apply. However, on the S3 resume path, we must + * be able to disable the configured mitigations until microcode is reloaded. + * + * These are the controls to inhibit on the S3 resume path until microcode has + * been reloaded. + */ +#define SCF_IST_MASK (SCF_ist_wrmsr) + +/* + * Some speculative protections are per-domain. These settings are merged + * into the top-of-stack block in the context switch path. + */ +#define SCF_DOM_MASK (SCF_verw) + #ifndef __ASSEMBLY__ #include diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 5a590bac44..66b00d511f 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -248,9 +248,6 @@ /* * Use in IST interrupt/exception context. May interrupt Xen or PV context. - * Fine grain control of SCF_ist_wrmsr is needed for safety in the S3 resume - * path to avoid using MSR_SPEC_CTRL before the microcode introducing it has - * been reloaded. */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:49:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:49:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365921.596354 (Exim 4.92) (envelope-from ) id 1oBJ4Q-0008N5-5V; Tue, 12 Jul 2022 16:49:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365921.596354; Tue, 12 Jul 2022 16:49:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4Q-0008My-2h; Tue, 12 Jul 2022 16:49:10 +0000 Received: by outflank-mailman (input) for mailman id 365921; Tue, 12 Jul 2022 16:49:09 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4O-0008Mk-Uc for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4O-0003CQ-T7 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ4O-0002Cg-SX for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pwPBdHmx/EMGGargmDL5Ei8Zv7jY2BASbi5K3U20eZs=; b=AmqdcyS42olDk9eajGtGrzFqAC 5YateIZCIIlYNKudd9DjW3vmdwT7iZj6mQ0/ihj9LjrYyhX078vvojvuXaYVO4Exz0fH8/cU73nV0 E4HVtJhW9ECtmAybZ951awNp4fRkuu/ARGIDWKLbVrRzdZIq6YvE7XxC5CfvwaW1xYfM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr Message-Id: Date: Tue, 12 Jul 2022 16:49:08 +0000 commit 73465a7fa1c4a18b9c0c589f5dd861eb57635741 Author: Andrew Cooper AuthorDate: Tue Jun 28 14:36:56 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr We are about to introduce SCF_ist_ibpb, at which point SCF_ist_wrmsr becomes ambiguous. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76d6a36f645dfdbad8830559d4d52caf36efc75e) --- xen/arch/x86/spec_ctrl.c | 6 +++--- xen/include/asm-x86/spec_ctrl.h | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0fabfbe2a9..a6def47061 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1086,7 +1086,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1097,7 +1097,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1110,7 +1110,7 @@ void __init init_speculation_mitigations(void) * on real hardware matches the availability of MSR_SPEC_CTRL in the * first place. * - * No need for SCF_ist_wrmsr because Xen's value is restored + * No need for SCF_ist_sc_msr because Xen's value is restored * atomically WRT NMIs in the VMExit path. * * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 60d6d2dc94..6f8b0e0934 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -31,7 +31,7 @@ * context switched per domain, and some inhibited in the S3 path. */ #define SCF_use_shadow (1 << 0) -#define SCF_ist_wrmsr (1 << 1) +#define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) @@ -46,7 +46,7 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_wrmsr) +#define SCF_IST_MASK (SCF_ist_sc_msr) /* * Some speculative protections are per-domain. These settings are merged diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 66b00d511f..0ff1b118f8 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -266,8 +266,8 @@ .L\@_skip_rsb: - test $SCF_ist_wrmsr, %al - jz .L\@_skip_wrmsr + test $SCF_ist_sc_msr, %al + jz .L\@_skip_msr_spec_ctrl xor %edx, %edx testb $3, UREGS_cs(%rsp) @@ -290,7 +290,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * to speculate around the WRMSR. As a result, we need a dispatch * serialising instruction in the else clause. */ -.L\@_skip_wrmsr: +.L\@_skip_msr_spec_ctrl: lfence UNLIKELY_END(\@_serialise) .endm @@ -301,7 +301,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %rbx=stack_end * Clobbers %rax, %rcx, %rdx */ - testb $SCF_ist_wrmsr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) + testb $SCF_ist_sc_msr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) jz .L\@_skip DO_SPEC_CTRL_EXIT_TO_XEN -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:49:20 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:49:20 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365922.596358 (Exim 4.92) (envelope-from ) id 1oBJ4a-0008Pf-6q; Tue, 12 Jul 2022 16:49:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365922.596358; Tue, 12 Jul 2022 16:49:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4a-0008PY-4H; Tue, 12 Jul 2022 16:49:20 +0000 Received: by outflank-mailman (input) for mailman id 365922; Tue, 12 Jul 2022 16:49:19 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4Z-0008PP-0e for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:19 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4Y-0003CU-W3 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ4Y-0002DX-VV for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:18 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MUK09bQw8G02VR7bdw8nk2yw7Xc9CfixKjvbXdIJmbM=; b=EEfGb7lAAzfo5jiX+yQi8GoZw3 gzaGgAXXsoumG+BTgPBveEYb+kpXKkZDzMzfLJMLrM8rt0KEU4x8O3GkedjsE7U3t9bxD7TjXqQrz hjNzksMEmqMjKq4eJCwR6OGBpR+BEWc1erNU+Ajn+JhonPE/FzoYOdWACfF16GGRJXFI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch Message-Id: Date: Tue, 12 Jul 2022 16:49:18 +0000 commit 51e812af8bd68fbe419b55019aae320679a76f1d Author: Andrew Cooper AuthorDate: Mon Jul 4 21:32:17 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch We are about to introduce the use of IBPB at different points in Xen, making opt_ibpb ambiguous. Rename it to opt_ibpb_ctxt_switch. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit a8e5ef079d6f5c88c472e3e620db5a8d1402a50d) --- xen/arch/x86/domain.c | 2 +- xen/arch/x86/spec_ctrl.c | 10 +++++----- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 305a63b67e..3658e50d56 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1810,7 +1810,7 @@ void context_switch(struct vcpu *prev, struct vcpu *next) ctxt_switch_levelling(next); - if ( opt_ibpb && !is_idle_domain(nextd) ) + if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) ) { static DEFINE_PER_CPU(unsigned int, last); unsigned int *last_id = &this_cpu(last); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index a6def47061..ced0f8c2ae 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -54,7 +54,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb = true; +bool __read_mostly opt_ibpb_ctxt_switch = true; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -117,7 +117,7 @@ static int __init parse_spec_ctrl(const char *s) opt_thunk = THUNK_JMP; opt_ibrs = 0; - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; opt_ssbd = false; opt_l1d_flush = 0; opt_branch_harden = false; @@ -238,7 +238,7 @@ static int __init parse_spec_ctrl(const char *s) /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + opt_ibpb_ctxt_switch = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -458,7 +458,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", - opt_ibpb ? " IBPB" : "", + opt_ibpb_ctxt_switch ? " IBPB-ctxt" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm || opt_fb_clear_mmio ? " VERW" : "", @@ -1193,7 +1193,7 @@ void __init init_speculation_mitigations(void) /* Check we have hardware IBPB support before using it... */ if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 6f8b0e0934..fd8162ca9a 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -63,7 +63,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb; +extern bool opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:49:30 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:49:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365923.596362 (Exim 4.92) (envelope-from ) id 1oBJ4k-0008Sg-8w; Tue, 12 Jul 2022 16:49:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365923.596362; Tue, 12 Jul 2022 16:49:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4k-0008SX-5q; Tue, 12 Jul 2022 16:49:30 +0000 Received: by outflank-mailman (input) for mailman id 365923; Tue, 12 Jul 2022 16:49:29 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4j-0008SP-4I for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:29 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4j-0003CZ-3T for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:29 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ4j-0002EV-21 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:29 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hyLG+bTDI8B3AzSDVHGp5GnW1mcBbzCB1nvunKBL0L8=; b=v2EgRfjZ88zj2hXUDBa+wbX54e GtVjGuLebVqgJ30ctnctgkthR2zF52x6OkbCY+i7v3gasfBZh2XwazIMh1wWlEqZdGDNBLDj7fd/E mrRXrvvW0mm6gyEKaVpqJB6/XrWEtIjDHAgK3Ya/Bp60QY9w0y9twTGpiWn1vNSi0txg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST Message-Id: Date: Tue, 12 Jul 2022 16:49:29 +0000 commit d2f0cf78278f48719e12065d3c6a624420b66926 Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST We are shortly going to add a conditional IBPB in this path. Therefore, we cannot hold spec_ctrl_flags in %eax, and rely on only clobbering it after we're done with its contents. %rbx is available for use, and the more normal register to hold preserved information in. With %rax freed up, use it instead of %rdx for the RSB tmp register, and for the adjustment to spec_ctrl_flags. This leaves no use of %rdx, except as 0 for the upper half of WRMSR. In practice, %rdx is 0 from SAVE_ALL on all paths and isn't likely to change in the foreseeable future, so update the macro entry requirements to state this dependency. This marginal optimisation can be revisited if circumstances change. No practical change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e9b8d31981f184c6539f91ec54bd9cae29cdae36) --- xen/arch/x86/x86_64/entry.S | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 21 ++++++++++----------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index cbf332e752..87bf9cb694 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -854,7 +854,7 @@ ENTRY(double_fault) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rbx @@ -889,7 +889,7 @@ handle_ist_exception: GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 0ff1b118f8..15e24cde00 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -251,34 +251,33 @@ */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* - * Requires %rsp=regs, %r14=stack_end - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY * maybexen=1, but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %eax + movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx - test $SCF_ist_rsb, %al + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb - DO_OVERWRITE_RSB tmp=rdx /* Clobbers %rcx/%rdx */ + DO_OVERWRITE_RSB /* Clobbers %rax/%rcx */ .L\@_skip_rsb: - test $SCF_ist_sc_msr, %al + test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl - xor %edx, %edx + xor %eax, %eax testb $3, UREGS_cs(%rsp) - setnz %dl - not %edx - and %dl, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + setnz %al + not %eax + and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax - xor %edx, %edx wrmsr /* Opencoded UNLIKELY_START() with no condition. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:49:41 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:49:41 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365924.596366 (Exim 4.92) (envelope-from ) id 1oBJ4v-0008VK-AU; Tue, 12 Jul 2022 16:49:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365924.596366; Tue, 12 Jul 2022 16:49:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4v-0008VD-7U; Tue, 12 Jul 2022 16:49:41 +0000 Received: by outflank-mailman (input) for mailman id 365924; Tue, 12 Jul 2022 16:49:39 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4t-0008V4-7j for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:39 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ4t-0003Cz-6r for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:39 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ4t-0002Fi-64 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:39 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=c0fxAz4ouC4FcySCccGpuSgpIsoz2/vhh8sgD4h+Wio=; b=AN1l4tlbZ/LlK5QB+I1mUUUBnb Cmu4bMGuFmuy/Owh6qfe2l5Bzyu2UZrPwL7xAgFYIzdnenwVVXnAG3z4ODm+5BMd00QVLtTVtAk+9 WwnwFRAfWBDacdJsbtto90RtOx+ITOONfZI4E3eWUdA7UlmX4c1qfuPDlsW5vSOqpspQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Support IBPB-on-entry Message-Id: Date: Tue, 12 Jul 2022 16:49:39 +0000 commit 0a6561b20fd8b15e143307f81f30afbd58024a8d Author: Andrew Cooper AuthorDate: Thu Feb 24 13:44:33 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Support IBPB-on-entry We are going to need this to mitigate Branch Type Confusion on AMD/Hygon CPUs, but as we've talked about using it in other cases too, arrange to support it generally. However, this is also very expensive in some cases, so we're going to want per-domain controls. Introduce SCF_ist_ibpb and SCF_entry_ibpb controls, adding them to the IST and DOM masks as appropriate. Also introduce X86_FEATURE_IBPB_ENTRY_{PV,HVM} to to patch the code blocks. For SVM, the STGI is serialising enough to protect against Spectre-v1 attacks, so no "else lfence" is necessary. VT-x will use use the MSR host load list, so doesn't need any code in the VMExit path. For the IST path, we can't safely check CPL==0 to skip a flush, as we might have hit an entry path before it's IBPB. As IST hitting Xen is rare, flush irrespective of CPL. A later path, SCF_ist_sc_msr, provides Spectre-v1 safety. For the PV paths, we know we're interrupting CPL>0, while for the INTR paths, we can safely check CPL==0. Only flush when interrupting guest context. An "else lfence" is needed for safety, but we want to be able to skip it on unaffected CPUs, so the block wants to be an alternative, which means the lfence has to be inline rather than UNLIKELY() (the replacement block doesn't have displacements fixed up for anything other than the first instruction). As with SPEC_CTRL_ENTRY_FROM_INTR_IST, %rdx is 0 on entry so rely on this to shrink the logic marginally. Update the comments to specify this new dependency. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 53a570b285694947776d5190f591a0d5b9b18de7) --- xen/arch/x86/hvm/svm/entry.S | 18 +++++++++++++- xen/arch/x86/hvm/vmx/vmcs.c | 4 +++ xen/arch/x86/x86_64/compat/entry.S | 4 +-- xen/arch/x86/x86_64/entry.S | 10 ++++---- xen/include/asm-x86/cpufeatures.h | 2 ++ xen/include/asm-x86/spec_ctrl.h | 6 +++-- xen/include/asm-x86/spec_ctrl_asm.h | 49 +++++++++++++++++++++++++++++++++++-- 7 files changed, 81 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 055e6f4564..7aab67899b 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,19 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + + .macro svm_vmexit_cond_ibpb + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + jz .L_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr +.L_skip_ibpb: + .endm + ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM .macro svm_vmexit_spec_ctrl @@ -118,6 +130,10 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ + /* + * STGI is executed unconditionally, and is sufficiently serialising + * to safely resolve any Spectre-v1 concerns in the above logic. + */ STGI GLOBAL(svm_stgi_label) mov %rsp,%rdi diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 1466064d0c..3d271178e8 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1332,6 +1332,10 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); + if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, + VMX_MSR_HOST); + out: vmx_vmcs_exit(v); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index b67468f7c9..302530e65e 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -18,7 +18,7 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, 4(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ CR4_PV32_RESTORE @@ -212,7 +212,7 @@ ENTRY(cstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 87bf9cb694..153e89e246 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -248,7 +248,7 @@ ENTRY(lstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -287,7 +287,7 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -339,7 +339,7 @@ ENTRY(int80_direct_trap) movl $0x80, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -600,7 +600,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -633,7 +633,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index f7488d3ccb..b233e5835f 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -39,6 +39,8 @@ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ +XEN_CPUFEATURE(IBPB_ENTRY_PV, X86_SYNTH(28)) /* MSR_PRED_CMD used by Xen for PV */ +XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for HVM */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index fd8162ca9a..10cd0cd251 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -34,6 +34,8 @@ #define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +#define SCF_ist_ibpb (1 << 4) +#define SCF_entry_ibpb (1 << 5) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -46,13 +48,13 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_sc_msr) +#define SCF_IST_MASK (SCF_ist_sc_msr | SCF_ist_ibpb) /* * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 15e24cde00..9eb4ad9ab7 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -88,6 +88,35 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ +.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +/* + * Requires %rsp=regs (also cpuinfo if !maybexen) + * Requires %r14=stack_end (if maybexen), %rdx=0 + * Clobbers %rax, %rcx, %rdx + * + * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen + * case, we can safely look at UREGS_cs to skip taking the hit when + * interrupting Xen. + */ + .if \maybexen + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + jz .L\@_skip + testb $3, UREGS_cs(%rsp) + .else + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + .endif + jz .L\@_skip + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + jmp .L\@_done + +.L\@_skip: + lfence +.L\@_done: +.endm + .macro DO_OVERWRITE_RSB tmp=rax /* * Requires nothing @@ -225,12 +254,16 @@ /* Use after an entry from PV context (syscall/sysenter/int80/int82/etc). */ #define SPEC_CTRL_ENTRY_FROM_PV \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV /* Use in interrupt/exception context. May interrupt Xen or PV context. */ #define SPEC_CTRL_ENTRY_FROM_INTR \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV @@ -254,11 +287,23 @@ * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rbx, %rcx, %rdx * - * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY - * maybexen=1, but with conditionals rather than alternatives. + * This is logical merge of: + * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_OVERWRITE_RSB + * DO_SPEC_CTRL_ENTRY maybexen=1 + * but with conditionals rather than alternatives. */ movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + test $SCF_ist_ibpb, %bl + jz .L\@_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + +.L\@_skip_ibpb: + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:49:51 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:49:51 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365925.596369 (Exim 4.92) (envelope-from ) id 1oBJ55-00007P-Dy; Tue, 12 Jul 2022 16:49:51 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365925.596369; Tue, 12 Jul 2022 16:49:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ55-00007H-BH; Tue, 12 Jul 2022 16:49:51 +0000 Received: by outflank-mailman (input) for mailman id 365925; Tue, 12 Jul 2022 16:49:49 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ53-00006e-Af for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:49 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ53-0003DE-9p for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:49 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ53-0002GX-9I for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:49 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TZ203VwkfBY1zZcR+t8+z600QM1TjB18EZLHW1QSV/o=; b=DP/+ReZjw5YVC55yRlhyh9lPZM 2UTDCv6E0Llaw/5ggVmYdQgTwH4kEXHeK2ZjEu2hmYQbUo9nsAn3NcSnX3X3+6jQxioWINN/EaeRN l8yvM7afjYDQ4BcEgq/J3w9FDAapFzaJJaRcC5uEuc6du8G4t5NPCsw5UuZge4rz9Y8U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/cpuid: Enumeration for BTC_NO Message-Id: Date: Tue, 12 Jul 2022 16:49:49 +0000 commit 318d7bc36aff01930f9e2f3d3ec5b774fb4b869b Author: Andrew Cooper AuthorDate: Mon May 16 15:48:24 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/cpuid: Enumeration for BTC_NO BTC_NO indicates that hardware is not succeptable to Branch Type Confusion. Zen3 CPUs don't suffer BTC. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76cb04ad64f3ab9ae785988c40655a71dde9c319) --- tools/libxl/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/cpu/amd.c | 10 ++++++++++ xen/arch/x86/spec_ctrl.c | 5 +++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c index 86c8d21555..25576b4d99 100644 --- a/tools/libxl/libxl_cpuid.c +++ b/tools/libxl/libxl_cpuid.c @@ -280,6 +280,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1}, {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, + {"btc-no", 0x80000008, NA, CPUID_REG_EBX, 29, 1}, {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 7ebf520a71..e5208cfa45 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -157,7 +157,7 @@ static const char *const str_e8b[32] = /* [22] */ [23] = "ppin", [24] = "amd-ssbd", [25] = "virt-ssbd", [26] = "ssb-no", - [28] = "psfd", + [28] = "psfd", [29] = "btc-no", }; static const char *const str_7d0[32] = diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 142f34af5f..7409af98f6 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -822,6 +822,16 @@ static void init_amd(struct cpuinfo_x86 *c) warning_add(text); } break; + + case 0x19: + /* + * Zen3 (Fam19h model < 0x10) parts are not susceptible to + * Branch Type Confusion, but predate the allocation of the + * BTC_NO bit. Fill it back in if we're not virtualised. + */ + if (!cpu_has_hypervisor && !cpu_has(c, X86_FEATURE_BTC_NO)) + __set_bit(X86_FEATURE_BTC_NO, c->x86_capability); + break; } display_cacheinfo(c); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ced0f8c2ae..9f66c71551 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -388,7 +388,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * Hardware read-only information, stating immunity to certain issues, or * suggestions of which mitigation to use. */ - printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", @@ -403,7 +403,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (e8b & cpufeat_mask(X86_FEATURE_IBRS_ALWAYS)) ? " IBRS_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", - (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : ""); + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : "", + (e8b & cpufeat_mask(X86_FEATURE_BTC_NO)) ? " BTC_NO" : ""); /* Hardware features which need driving to mitigate issues. */ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index c5af6f03cf..746a75200a 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -264,6 +264,7 @@ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(BTC_NO, 8*32+29) /*A Hardware not vulnerable to Branch Type Confusion */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:50:00 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:50:00 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365926.596373 (Exim 4.92) (envelope-from ) id 1oBJ5E-0000AO-FX; Tue, 12 Jul 2022 16:50:00 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365926.596373; Tue, 12 Jul 2022 16:50:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5E-0000AG-Ck; Tue, 12 Jul 2022 16:50:00 +0000 Received: by outflank-mailman (input) for mailman id 365926; Tue, 12 Jul 2022 16:49:59 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5D-0000A1-Di for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:59 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5D-0003DN-Co for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:59 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ5D-0002HU-C7 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:49:59 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=N21hqR1eTQX4oPHLIMX39ZomOq7+d0NNhUgTBMM0WeU=; b=m28jq7eiSD1qDHr1CRb943WOZK fFg7Z9k1IB6S10e16MZ4J48S11g+Wss9ULjO/UhfrbQ6mBDhUaTn0Tw1i7EWwL7yBKSI5s9ZWOqAl vb/3KoYVznnNBvgCNN6noVHC8hcPidqxygTkND6sf0bwuK07pAjW821fX6bPbZt4edyc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Enable Zen2 chickenbit Message-Id: Date: Tue, 12 Jul 2022 16:49:59 +0000 commit 5bccfbb68d7ac8709deb6671e5c87bb96e200c58 Author: Andrew Cooper AuthorDate: Tue Mar 15 18:30:25 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Enable Zen2 chickenbit ... as instructed in the Branch Type Confusion whitepaper. This is part of XSA-407. Signed-off-by: Andrew Cooper (cherry picked from commit 9deaf2d932f08c16c6b96a1c426e4b1142c0cdbe) --- xen/arch/x86/cpu/amd.c | 28 ++++++++++++++++++++++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 6 ++++++ xen/include/asm-x86/msr-index.h | 1 + 4 files changed, 36 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 7409af98f6..f50f91f81e 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -731,6 +731,31 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) printk_once(XENLOG_ERR "No SSBD controls available\n"); } +/* + * On Zen2 we offer this chicken (bit) on the altar of Speculation. + * + * Refer to the AMD Branch Type Confusion whitepaper: + * https://XXX + * + * Setting this unnamed bit supposedly causes prediction information on + * non-branch instructions to be ignored. It is to be set unilaterally in + * newer microcode. + * + * This chickenbit is something unrelated on Zen1, and Zen1 vs Zen2 isn't a + * simple model number comparison, so use STIBP as a heuristic to separate the + * two uarches in Fam17h(AMD)/18h(Hygon). + */ +void amd_init_spectral_chicken(void) +{ + uint64_t val, chickenbit = 1 << 1; + + if (cpu_has_hypervisor || !boot_cpu_has(X86_FEATURE_AMD_STIBP)) + return; + + if (rdmsr_safe(MSR_AMD64_DE_CFG2, val) == 0 && !(val & chickenbit)) + wrmsr_safe(MSR_AMD64_DE_CFG2, val | chickenbit); +} + static void init_amd(struct cpuinfo_x86 *c) { u32 l, h; @@ -783,6 +808,9 @@ static void init_amd(struct cpuinfo_x86 *c) amd_init_ssbd(c); + if (c->x86 == 0x17) + amd_init_spectral_chicken(); + /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 1a5b3918b3..e76ab5ce1a 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -22,3 +22,4 @@ void early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); +void amd_init_spectral_chicken(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 3845e0cf0e..0cb0e7d55e 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -36,6 +36,12 @@ static void init_hygon(struct cpuinfo_x86 *c) amd_init_ssbd(c); + /* + * TODO: Check heuristic safety with Hygon first + if (c->x86 == 0x18) + amd_init_spectral_chicken(); + */ + /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index c8670eab8e..4c1cba589d 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -359,6 +359,7 @@ #define MSR_AMD64_DC_CFG 0xc0011022 #define MSR_AMD64_DE_CFG 0xc0011029 #define AMD64_DE_CFG_LFENCE_SERIALISE (_AC(1, ULL) << 1) +#define MSR_AMD64_DE_CFG2 0xc00110e3 #define MSR_AMD64_DR0_ADDRESS_MASK 0xc0011027 #define MSR_AMD64_DR1_ADDRESS_MASK 0xc0011019 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:50:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:50:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365927.596378 (Exim 4.92) (envelope-from ) id 1oBJ5O-00010R-HF; Tue, 12 Jul 2022 16:50:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365927.596378; Tue, 12 Jul 2022 16:50:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5O-00010K-EQ; Tue, 12 Jul 2022 16:50:10 +0000 Received: by outflank-mailman (input) for mailman id 365927; Tue, 12 Jul 2022 16:50:09 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5N-00010D-HZ for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:09 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5N-0003De-Gj for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:09 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ5N-0002V8-FZ for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:09 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5+z4SHB8IZ7qrMt6ItKpnAB0jL6DRpuGe7F6FfeD4BU=; b=auiI0uTAHI9ILlsJFnfILo0YIW 2dbk3qyWDLCQHcHQQMBC1FOSXEMafnw33hSkFLF5n95q7d8H8+ukB/Fb386HdiRhl2U+UnN6zdJJR 8e5ZqKN5NMwDhr8vaUlO6gIZQuyGe4a5VvmrcLzSgk3kjw3hGVCAJ85wbOAvld3Qu6nI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Mitigate Branch Type Confusion when possible Message-Id: Date: Tue, 12 Jul 2022 16:50:09 +0000 commit 87d90d511c87477609cc4b8c88866bfbe997da46 Author: Andrew Cooper AuthorDate: Mon Jun 27 19:29:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Mitigate Branch Type Confusion when possible Branch Type Confusion affects AMD/Hygon CPUs on Zen2 and earlier. To mitigate, we require SMT safety (STIBP on Zen2, no-SMT on Zen1), and to issue an IBPB on each entry to Xen, to flush the BTB. Due to performance concerns, dom0 (which is trusted in most configurations) is excluded from protections by default. Therefore: * Use STIBP by default on Zen2 too, which now means we want it on by default on all hardware supporting STIBP. * Break the current IBPB logic out into a new function, extending it with IBPB-at-entry logic. * Change the existing IBPB-at-ctxt-switch boolean to be tristate, and disable it by default when IBPB-at-entry is providing sufficient safety. If all PV guests on the system are trusted, then it is recommended to boot with `spec-ctrl=ibpb-entry=no-pv`, as this will provide an additional marginal perf improvement. This is part of XSA-407 / CVE-2022-23825. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit d8cb7e0f069e0f106d24941355b59b45a731eabe) --- docs/misc/xen-command-line.pandoc | 14 +++-- xen/arch/x86/spec_ctrl.c | 113 ++++++++++++++++++++++++++++++++++---- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 112 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index a84f5c1921..f13304ef4e 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2105,7 +2105,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,md-clear}=|{pv,hvm}=, +> {msr-sc,rsb,md-clear,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2130,9 +2130,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine -grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and/or Xen's ability to virtualise support for guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `md-clear=` and `ibpb-entry=` options +offer fine grained control over the primitives by Xen. These impact Xen's +ability to protect itself, and/or Xen's ability to virtualise support for +guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2151,6 +2152,11 @@ protect itself, and/or Xen's ability to virtualise support for guests to use. compatibility with development versions of this fix, `mds=` is also accepted on Xen 4.12 and earlier as an alias. Consult vendor documentation in preference to here.* +* `ibpb-entry=` offers control over whether IBPB (Indirect Branch Prediction + Barrier) is used on entry to Xen. This is used by default on hardware + vulnerable to Branch Type Confusion, but for performance reasons, dom0 is + unprotected by default. If it necessary to protect dom0 too, boot with + `spec-ctrl=ibpb-entry`. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 9f66c71551..563519ce0e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -39,6 +39,10 @@ static bool __initdata opt_rsb_hvm = true; static int8_t __read_mostly opt_md_clear_pv = -1; static int8_t __read_mostly opt_md_clear_hvm = -1; +static int8_t __read_mostly opt_ibpb_entry_pv = -1; +static int8_t __read_mostly opt_ibpb_entry_hvm = -1; +static bool __read_mostly opt_ibpb_entry_dom0; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -54,7 +58,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb_ctxt_switch = true; +int8_t __read_mostly opt_ibpb_ctxt_switch = -1; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -114,6 +118,9 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = false; opt_md_clear_pv = 0; opt_md_clear_hvm = 0; + opt_ibpb_entry_pv = 0; + opt_ibpb_entry_hvm = 0; + opt_ibpb_entry_dom0 = false; opt_thunk = THUNK_JMP; opt_ibrs = 0; @@ -140,12 +147,14 @@ static int __init parse_spec_ctrl(const char *s) opt_msr_sc_pv = val; opt_rsb_pv = val; opt_md_clear_pv = val; + opt_ibpb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { opt_msr_sc_hvm = val; opt_rsb_hvm = val; opt_md_clear_hvm = val; + opt_ibpb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -210,6 +219,28 @@ static int __init parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("ibpb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_ibpb_entry_pv = opt_ibpb_entry_hvm = + opt_ibpb_entry_dom0 = val; + break; + + case -2: + s += strlen("ibpb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_ibpb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_ibpb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -477,27 +508,31 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -730,6 +765,55 @@ static bool __init should_use_eager_fpu(void) } } +static void __init ibpb_calculations(void) +{ + /* Check we have hardware IBPB support before using it... */ + if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) + { + opt_ibpb_entry_hvm = opt_ibpb_entry_pv = opt_ibpb_ctxt_switch = 0; + opt_ibpb_entry_dom0 = false; + return; + } + + /* + * IBPB-on-entry mitigations for Branch Type Confusion. + * + * IBPB && !BTC_NO selects all AMD/Hygon hardware, not known to be safe, + * that we can provide some form of mitigation on. + */ + if ( opt_ibpb_entry_pv == -1 ) + opt_ibpb_entry_pv = (IS_ENABLED(CONFIG_PV) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + if ( opt_ibpb_entry_hvm == -1 ) + opt_ibpb_entry_hvm = (IS_ENABLED(CONFIG_HVM) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + + if ( opt_ibpb_entry_pv ) + { + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_PV); + + /* + * We only need to flush in IST context if we're protecting against PV + * guests. HVM IBPB-on-entry protections are both atomic with + * NMI/#MC, so can't interrupt Xen ahead of having already flushed the + * BTB. + */ + default_spec_ctrl_flags |= SCF_ist_ibpb; + } + if ( opt_ibpb_entry_hvm ) + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); + + /* + * If we're using IBPB-on-entry to protect against PV and HVM guests + * (ignoring dom0 if trusted), then there's no need to also issue IBPB on + * context switch too. + */ + if ( opt_ibpb_ctxt_switch == -1 ) + opt_ibpb_ctxt_switch = !(opt_ibpb_entry_hvm && opt_ibpb_entry_pv); +} + /* Calculate whether this CPU is vulnerable to L1TF. */ static __init void l1tf_calculations(uint64_t caps) { @@ -985,8 +1069,12 @@ void spec_ctrl_init_domain(struct domain *d) bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || (opt_fb_clear_mmio && is_iommu_enabled(d))); + bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && + (d->domain_id != 0 || opt_ibpb_entry_dom0)); + d->arch.spec_ctrl_flags = (verw ? SCF_verw : 0) | + (ibpb ? SCF_entry_ibpb : 0) | 0; } @@ -1133,12 +1221,15 @@ void __init init_speculation_mitigations(void) } /* - * Use STIBP by default if the hardware hint is set. Otherwise, leave it - * off as it a severe performance pentalty on pre-eIBRS Intel hardware - * where it was retrofitted in microcode. + * Use STIBP by default on all AMD systems. Zen3 and later enumerate + * STIBP_ALWAYS, but STIBP is needed on Zen2 as part of the mitigations + * for Branch Type Confusion. + * + * Leave STIBP off by default on Intel. Pre-eIBRS systems suffer a + * substantial perf hit when it was implemented in microcode. */ if ( opt_stibp == -1 ) - opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + opt_stibp = !!boot_cpu_has(X86_FEATURE_AMD_STIBP); if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) @@ -1192,9 +1283,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_hvm ) setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM); - /* Check we have hardware IBPB support before using it... */ - if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb_ctxt_switch = false; + ibpb_calculations(); /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 10cd0cd251..33e845991b 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -65,7 +65,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb_ctxt_switch; +extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:50:20 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:50:20 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365928.596383 (Exim 4.92) (envelope-from ) id 1oBJ5Y-000132-Jr; Tue, 12 Jul 2022 16:50:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365928.596383; Tue, 12 Jul 2022 16:50:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5Y-00012v-G6; Tue, 12 Jul 2022 16:50:20 +0000 Received: by outflank-mailman (input) for mailman id 365928; Tue, 12 Jul 2022 16:50:20 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5Y-00012p-44 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:20 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5Y-0003Ds-3D for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:20 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ5Y-0002d7-2g for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:20 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4PNqC9Zl7QE5cVs/iZ/zVxglNLforCQJJSrzJd169uE=; b=ASKQjs/IBw7tpVUFsXoOCivfty dwnDX6fvwzMZ9Eya6Y8ewC/gUxF7HFpiHz0XcUfj2G9R5DeWt2AqzsC5Tnop9SoAOPyYSdCvXEMV+ /X5siD1W9wH9+a/+Ig9NsNBk8StZqzEE4PVj2QUs4kqNi884vmfIDkVWAhuXFUV304h4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option Message-Id: Date: Tue, 12 Jul 2022 16:50:20 +0000 commit 14c5e0c134228438e56ab956254742aef775b3dd Author: Andrew Cooper AuthorDate: Fri Jul 8 16:11:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option This was an oversight from when unpriv-mmio was introduced. Fixes: 8c24b70fedcb ("x86/spec-ctrl: Add spec-ctrl=unpriv-mmio") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4cdb519d797c19ebb8fadc5938cdb47479d5a21b) --- xen/arch/x86/spec_ctrl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index d4ba941206..3b34ca705c 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -118,6 +118,7 @@ static int __init parse_spec_ctrl(const char *s) opt_l1d_flush = 0; opt_branch_harden = false; opt_srb_lock = 0; + opt_unpriv_mmio = false; } else if ( val > 0 ) rc = -EINVAL; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:50:30 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:50:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365929.596386 (Exim 4.92) (envelope-from ) id 1oBJ5i-00016a-Lh; Tue, 12 Jul 2022 16:50:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365929.596386; Tue, 12 Jul 2022 16:50:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5i-00016T-JA; Tue, 12 Jul 2022 16:50:30 +0000 Received: by outflank-mailman (input) for mailman id 365929; Tue, 12 Jul 2022 16:50:30 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5i-00016L-7T for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:30 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5i-0003Fc-6g for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:30 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ5i-0002de-5W for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:30 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=h7BJsg0qmibc2MaWDrPT7FheBRrSLhcU2FPXW0puwXI=; b=BK4LdcbbkJAuLSZhsQSi4cXFKq yqjoy0d6Xlkr/SymFQQsEJTJhBcp3L0F66xc/V3dbrMK9T1L6d5CsSEXhpoUT7OpHxbrrkss36lOA ewzxq5FZHm8qMB/kPsb9+dDx4sOziVBLpcrRk5iJ4gjO1SsFqIny6Knpn36UEpOG8p+o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Drop SPEC_CTRL_{ENTRY_FROM,EXIT_TO}_HVM Message-Id: Date: Tue, 12 Jul 2022 16:50:30 +0000 commit 8a2cc1ed1aee291de3c06fae90763bd79248b043 Author: Andrew Cooper AuthorDate: Tue Jan 25 13:52:56 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Drop SPEC_CTRL_{ENTRY_FROM,EXIT_TO}_HVM These were written before Spectre/Meltdown went public, and there was large uncertainty in how the protections would evolve. As it turns out, they're very specific to Intel hardware, and not very suitable for AMD. Drop the macros, opencoding the relevant subset of functionality, and leaving grep-fodder to locate the logic. No change at all for VT-x. For AMD, the only relevant piece of functionality is DO_OVERWRITE_RSB, although we will soon be adding (different) logic to handle MSR_SPEC_CTRL. This has a marginal improvement of removing an unconditional pile of long-nops from the vmentry/exit path. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné (cherry picked from commit 95b13fa43e0753b7514bef13abe28253e8614f62) [Forward port over XSA-404] --- xen/arch/x86/hvm/svm/entry.S | 5 +++-- xen/arch/x86/hvm/vmx/entry.S | 7 +++++-- xen/include/asm-x86/spec_ctrl_asm.h | 17 ++++------------- 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index e954d8e021..0684d29050 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -63,7 +63,7 @@ __UNLIKELY_END(nsvm_hap) mov VCPUMSR_spec_ctrl_raw(%rax), %eax /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - SPEC_CTRL_EXIT_TO_HVM /* Req: a=spec_ctrl %rsp=regs/cpuinfo, Clob: cd */ + /* SPEC_CTRL_EXIT_TO_SVM (nothing currently) */ pop %r15 pop %r14 @@ -90,7 +90,8 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - SPEC_CTRL_ENTRY_FROM_HVM /* Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: ac */ + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ STGI diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 62ed0d854d..db3af571c9 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -33,7 +33,9 @@ ENTRY(vmx_asm_vmexit_handler) movb $1,VCPU_vmx_launched(%rbx) mov %rax,VCPU_hvm_guest_cr2(%rbx) - SPEC_CTRL_ENTRY_FROM_HVM /* Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + /* SPEC_CTRL_ENTRY_FROM_VMX Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + ALTERNATIVE "", DO_SPEC_CTRL_ENTRY_FROM_HVM, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* Hardware clears MSR_DEBUGCTL on VMExit. Reinstate it if debugging Xen. */ @@ -80,7 +82,8 @@ UNLIKELY_END(realmode) mov VCPUMSR_spec_ctrl_raw(%rax), %eax /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - SPEC_CTRL_EXIT_TO_HVM /* Req: a=spec_ctrl %rsp=regs/cpuinfo, Clob: cd */ + /* SPEC_CTRL_EXIT_TO_VMX Req: a=spec_ctrl %rsp=regs/cpuinfo, Clob: cd */ + ALTERNATIVE "", DO_SPEC_CTRL_EXIT_TO_GUEST, X86_FEATURE_SC_MSR_HVM DO_SPEC_CTRL_COND_VERW mov VCPU_hvm_guest_cr2(%rbx),%rax diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 4a3777cc52..fe90c80ac3 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -68,14 +68,16 @@ * * The following ASM fragments implement this algorithm. See their local * comments for further details. - * - SPEC_CTRL_ENTRY_FROM_HVM * - SPEC_CTRL_ENTRY_FROM_PV * - SPEC_CTRL_ENTRY_FROM_INTR * - SPEC_CTRL_ENTRY_FROM_INTR_IST * - SPEC_CTRL_EXIT_TO_XEN_IST * - SPEC_CTRL_EXIT_TO_XEN * - SPEC_CTRL_EXIT_TO_PV - * - SPEC_CTRL_EXIT_TO_HVM + * + * Additionally, the following grep-fodder exists to find the HVM logic. + * - SPEC_CTRL_ENTRY_FROM_{SVM,VMX} + * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ .macro DO_OVERWRITE_RSB tmp=rax @@ -228,12 +230,6 @@ wrmsr .endm -/* Use after a VMEXIT from an HVM guest. */ -#define SPEC_CTRL_ENTRY_FROM_HVM \ - ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM; \ - ALTERNATIVE "", DO_SPEC_CTRL_ENTRY_FROM_HVM, \ - X86_FEATURE_SC_MSR_HVM - /* Use after an entry from PV context (syscall/sysenter/int80/int82/etc). */ #define SPEC_CTRL_ENTRY_FROM_PV \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ @@ -257,11 +253,6 @@ DO_SPEC_CTRL_EXIT_TO_GUEST, X86_FEATURE_SC_MSR_PV; \ DO_SPEC_CTRL_COND_VERW -/* Use when exiting to HVM guest context. */ -#define SPEC_CTRL_EXIT_TO_HVM \ - ALTERNATIVE "", \ - DO_SPEC_CTRL_EXIT_TO_GUEST, X86_FEATURE_SC_MSR_HVM; \ - /* * Use in IST interrupt/exception context. May interrupt Xen or PV context. * Fine grain control of SCF_ist_wrmsr is needed for safety in the S3 resume -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:50:41 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:50:41 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365930.596390 (Exim 4.92) (envelope-from ) id 1oBJ5t-000197-NU; Tue, 12 Jul 2022 16:50:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365930.596390; Tue, 12 Jul 2022 16:50:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5t-000190-Kh; Tue, 12 Jul 2022 16:50:41 +0000 Received: by outflank-mailman (input) for mailman id 365930; Tue, 12 Jul 2022 16:50:40 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5s-00018o-AV for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:40 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ5s-0003G2-9X for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:40 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ5s-0002zk-8x for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:40 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=v/cPRMt4Skg1P5u9YwgdgKbQZ+8RHr7tps1GZNku+kI=; b=Q+vR8kihEf8M43ecEpXnXUD72U U809UpCE8en3+RGmoz0k7r0dEejf7ah/Mouwo7mjJZU0JaR7MlLmspBon6bri9WlGQG9xI+ZqJcGN 84r417sUA8tV6FhUGNZcp1J+wDbkX4kSyQ1ZYyiEtR2IEwKdr/o28SfaYP23RdFoFDuM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Split the "Hardware features" diagnostic line Message-Id: Date: Tue, 12 Jul 2022 16:50:40 +0000 commit f614e3c51ae0477f71fcdf31ae48757daccb2ccc Author: Andrew Cooper AuthorDate: Fri Oct 15 11:14:16 2021 +0200 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Split the "Hardware features" diagnostic line Separate the read-only hints from the features requiring active actions on Xen's behalf. Also take the opportunity split the IBRS/IBPB and IBPB mess. More features with overlapping enumeration are on the way, and and it is not useful to split them like this. No practical change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 565ebcda976c05b0c6191510d5e32b621a2b1867) [Forward ported over XSA-404] --- xen/arch/x86/spec_ctrl.c | 51 +++++++++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 3b34ca705c..fec145a7b9 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -322,28 +322,35 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk("Speculative mitigation facilities:\n"); - /* Hardware features which pertain to speculative mitigations. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", - (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS/IBPB" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", - (e8b & cpufeat_mask(X86_FEATURE_IBPB)) ? " IBPB" : "", - (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", - (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", - (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", - (caps & ARCH_CAPS_SKIP_L1DFL) ? " SKIP_L1DFL": "", - (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", - (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", - (caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL" : "", - (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : "", - (caps & ARCH_CAPS_SBDR_SSDP_NO) ? " SBDR_SSDP_NO" : "", - (caps & ARCH_CAPS_FBSDP_NO) ? " FBSDP_NO" : "", - (caps & ARCH_CAPS_PSDP_NO) ? " PSDP_NO" : "", - (caps & ARCH_CAPS_FB_CLEAR) ? " FB_CLEAR" : "", - (caps & ARCH_CAPS_FB_CLEAR_CTRL) ? " FB_CLEAR_CTRL" : ""); + /* + * Hardware read-only information, stating immunity to certain issues, or + * suggestions of which mitigation to use. + */ + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s\n", + (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", + (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", + (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", + (caps & ARCH_CAPS_SKIP_L1DFL) ? " SKIP_L1DFL" : "", + (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", + (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", + (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : "", + (caps & ARCH_CAPS_SBDR_SSDP_NO) ? " SBDR_SSDP_NO" : "", + (caps & ARCH_CAPS_FBSDP_NO) ? " FBSDP_NO" : "", + (caps & ARCH_CAPS_PSDP_NO) ? " PSDP_NO" : ""); + + /* Hardware features which need driving to mitigate issues. */ + printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s\n", + (e8b & cpufeat_mask(X86_FEATURE_IBPB)) || + (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBPB" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", + (caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL" : "", + (caps & ARCH_CAPS_FB_CLEAR) ? " FB_CLEAR" : "", + (caps & ARCH_CAPS_FB_CLEAR_CTRL) ? " FB_CLEAR_CTRL" : ""); /* Compiled-in support which pertains to mitigations. */ if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) || IS_ENABLED(CONFIG_SHADOW_PAGING) ) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:50:51 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:50:51 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365931.596394 (Exim 4.92) (envelope-from ) id 1oBJ63-0001Dw-Oy; Tue, 12 Jul 2022 16:50:51 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365931.596394; Tue, 12 Jul 2022 16:50:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ63-0001Do-MD; Tue, 12 Jul 2022 16:50:51 +0000 Received: by outflank-mailman (input) for mailman id 365931; Tue, 12 Jul 2022 16:50:50 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ62-0001De-Dn for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:50 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ62-0003G7-Cy for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:50 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ62-0003YX-C3 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:50:50 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=El7zUQwOUzmnFynrzzXiHcDSam+qcPv9onJ9QKKjDu8=; b=ZrfldaTmM0K2+izP1/Sc/hC36T LqbOdUSOAjwtOfpaHE+P8W8Qc1tgFJTyV9+VxOCE9bamFTUh0eQiOynHHfrhg06uJYNaGwPHdBL1g JfS7exDcknZ5xvs+ZKl+nEXHXbp1CIMCd/mtH1Ek7Eu2561iVOxjZtKG542zSAMGD7fA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/amd: Enumeration for speculative features/hints Message-Id: Date: Tue, 12 Jul 2022 16:50:50 +0000 commit 4eddf132b5e0246b5e51e6b9edfe9aaa35349ab1 Author: Andrew Cooper AuthorDate: Fri Oct 15 11:14:46 2021 +0200 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/amd: Enumeration for speculative features/hints There is a step change in speculation protections between the Zen1 and Zen2 microarchitectures. Zen1 and older have no special support. Control bits in non-architectural MSRs are used to make lfence be dispatch-serialising (Spectre v1), and to disable Memory Disambiguation (Speculative Store Bypass). IBPB was retrofitted in a microcode update, and software methods are required for Spectre v2 protections. Because the bit controlling Memory Disambiguation is model specific, hypervisors are expected to expose a MSR_VIRT_SPEC_CTRL interface which abstracts the model specific details. Zen2 and later implement the MSR_SPEC_CTRL interface in hardware, and virtualise the interface for HVM guests to use. A number of hint bits are specified too to help guide OS software to the most efficient mitigation strategy. Zen3 introduced a new feature, Predictive Store Forwarding, along with a control to disable it in sensitive code. Add CPUID and VMCB details for all the new functionality. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 747424c664bb164a04e7a9f2ffbf02d4a1630d7d) --- tools/libxl/libxl_cpuid.c | 10 ++++++++++ tools/misc/xen-cpuid.c | 9 ++++++++- xen/arch/x86/hvm/svm/svm.c | 1 + xen/include/asm-x86/cpufeature.h | 5 +++++ xen/include/asm-x86/hvm/svm/svm.h | 2 ++ xen/include/asm-x86/hvm/svm/vmcb.h | 4 +++- xen/include/asm-x86/msr-index.h | 2 ++ xen/include/public/arch-x86/cpufeatureset.h | 10 ++++++++++ 8 files changed, 41 insertions(+), 2 deletions(-) diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c index 083869dcf4..977a4377bf 100644 --- a/tools/libxl/libxl_cpuid.c +++ b/tools/libxl/libxl_cpuid.c @@ -264,6 +264,16 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"rstr-fp-err-ptrs", 0x80000008, NA, CPUID_REG_EBX, 2, 1}, {"wbnoinvd", 0x80000008, NA, CPUID_REG_EBX, 9, 1}, {"ibpb", 0x80000008, NA, CPUID_REG_EBX, 12, 1}, + {"ibrs", 0x80000008, NA, CPUID_REG_EBX, 14, 1}, + {"amd-stibp", 0x80000008, NA, CPUID_REG_EBX, 15, 1}, + {"ibrs-always", 0x80000008, NA, CPUID_REG_EBX, 16, 1}, + {"stibp-always", 0x80000008, NA, CPUID_REG_EBX, 17, 1}, + {"ibrs-fast", 0x80000008, NA, CPUID_REG_EBX, 18, 1}, + {"ibrs-same-mode", 0x80000008, NA, CPUID_REG_EBX, 19, 1}, + {"amd-ssbd", 0x80000008, NA, CPUID_REG_EBX, 24, 1}, + {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1}, + {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, + {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index a09440813b..ff167779df 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -147,9 +147,16 @@ static const char *const str_e8b[32] = [ 0] = "clzero", [ 2] = "rstr-fp-err-ptrs", - /* [ 8] */ [ 9] = "wbnoinvd", + /* [ 8] */ [ 9] = "wbnoinvd", [12] = "ibpb", + [14] = "ibrs", [15] = "amd-stibp", + [16] = "ibrs-always", [17] = "stibp-always", + [18] = "ibrs-fast", [19] = "ibrs-same-mode", + + [24] = "amd-ssbd", [25] = "virt-ssbd", + [26] = "ssb-no", + [28] = "psfd", }; static const char *const str_7d0[32] = diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index a6de9ccb8f..c973411019 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1657,6 +1657,7 @@ const struct hvm_function_table * __init start_svm(void) P(cpu_has_pause_filter, "Pause-Intercept Filter"); P(cpu_has_pause_thresh, "Pause-Intercept Filter Threshold"); P(cpu_has_tsc_ratio, "TSC Rate MSR"); + P(cpu_has_svm_spec_ctrl, "MSR_SPEC_CTRL virtualisation"); #undef P if ( !printed ) diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 00d22caac7..6419b4d2c5 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -124,6 +124,11 @@ /* CPUID level 0x80000007.edx */ #define cpu_has_itsc boot_cpu_has(X86_FEATURE_ITSC) +/* CPUID level 0x80000008.ebx */ +#define cpu_has_amd_ssbd boot_cpu_has(X86_FEATURE_AMD_SSBD) +#define cpu_has_virt_ssbd boot_cpu_has(X86_FEATURE_VIRT_SSBD) +#define cpu_has_ssb_no boot_cpu_has(X86_FEATURE_SSB_NO) + /* CPUID level 0x00000007:0.edx */ #define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW) #define cpu_has_avx512_4fmaps boot_cpu_has(X86_FEATURE_AVX512_4FMAPS) diff --git a/xen/include/asm-x86/hvm/svm/svm.h b/xen/include/asm-x86/hvm/svm/svm.h index 52752fe5ab..2b522ee79b 100644 --- a/xen/include/asm-x86/hvm/svm/svm.h +++ b/xen/include/asm-x86/hvm/svm/svm.h @@ -74,6 +74,7 @@ extern u32 svm_feature_flags; #define SVM_FEATURE_PAUSETHRESH 12 /* Pause intercept filter support */ #define SVM_FEATURE_VLOADSAVE 15 /* virtual vmload/vmsave */ #define SVM_FEATURE_VGIF 16 /* Virtual GIF */ +#define SVM_FEATURE_SPEC_CTRL 20 /* MSR_SPEC_CTRL virtualisation */ #define cpu_has_svm_feature(f) (svm_feature_flags & (1u << (f))) #define cpu_has_svm_npt cpu_has_svm_feature(SVM_FEATURE_NPT) @@ -87,6 +88,7 @@ extern u32 svm_feature_flags; #define cpu_has_pause_thresh cpu_has_svm_feature(SVM_FEATURE_PAUSETHRESH) #define cpu_has_tsc_ratio cpu_has_svm_feature(SVM_FEATURE_TSCRATEMSR) #define cpu_has_svm_vloadsave cpu_has_svm_feature(SVM_FEATURE_VLOADSAVE) +#define cpu_has_svm_spec_ctrl cpu_has_svm_feature(SVM_FEATURE_SPEC_CTRL) #define SVM_PAUSEFILTER_INIT 4000 #define SVM_PAUSETHRESH_INIT 1000 diff --git a/xen/include/asm-x86/hvm/svm/vmcb.h b/xen/include/asm-x86/hvm/svm/vmcb.h index 10b51c64bb..560dbb2873 100644 --- a/xen/include/asm-x86/hvm/svm/vmcb.h +++ b/xen/include/asm-x86/hvm/svm/vmcb.h @@ -494,7 +494,9 @@ struct vmcb_struct { u64 _lastbranchtoip; /* cleanbit 10 */ u64 _lastintfromip; /* cleanbit 10 */ u64 _lastinttoip; /* cleanbit 10 */ - u64 res17[301]; + u64 res17[9]; + u64 spec_ctrl; + u64 res18[291]; }; struct svm_domain { diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 2a80660d84..20653bd660 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -41,6 +41,7 @@ #define SPEC_CTRL_IBRS (_AC(1, ULL) << 0) #define SPEC_CTRL_STIBP (_AC(1, ULL) << 1) #define SPEC_CTRL_SSBD (_AC(1, ULL) << 2) +#define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) #define MSR_PRED_CMD 0x00000049 #define PRED_CMD_IBPB (_AC(1, ULL) << 0) @@ -272,6 +273,7 @@ #define MSR_K8_ENABLE_C1E 0xc0010055 #define MSR_K8_VM_CR 0xc0010114 #define MSR_K8_VM_HSAVE_PA 0xc0010117 +#define MSR_VIRT_SPEC_CTRL 0xc001011f /* Layout matches MSR_SPEC_CTRL */ #define MSR_F15H_CU_POWER 0xc001007a #define MSR_F15H_CU_MAX_POWER 0xc001007b diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index a1d1619643..6084e0569d 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -248,6 +248,16 @@ XEN_CPUFEATURE(CLZERO, 8*32+ 0) /*A CLZERO instruction */ XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A (F)X{SAVE,RSTOR} always saves/restores FPU Error pointers */ XEN_CPUFEATURE(WBNOINVD, 8*32+ 9) /* WBNOINVD instruction */ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by AMD) */ +XEN_CPUFEATURE(IBRS, 8*32+14) /* MSR_SPEC_CTRL.IBRS */ +XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /* MSR_SPEC_CTRL.STIBP */ +XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /* IBRS preferred always on */ +XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /* STIBP preferred always on */ +XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /* IBRS preferred over software options */ +XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection */ +XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ +XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ +XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ +XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:51:01 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:51:01 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365932.596397 (Exim 4.92) (envelope-from ) id 1oBJ6D-0001GT-RU; Tue, 12 Jul 2022 16:51:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365932.596397; Tue, 12 Jul 2022 16:51:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6D-0001GM-OB; Tue, 12 Jul 2022 16:51:01 +0000 Received: by outflank-mailman (input) for mailman id 365932; Tue, 12 Jul 2022 16:51:00 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6C-0001GF-Gi for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:00 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6C-0003GH-Fr for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:00 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ6C-0003e5-FH for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:00 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6dRev0RRVN8jzAkFoz/t1eWDaY6z51s6qKEwiv67JNE=; b=ofVzIcmiIwGM8MA4RX48XkcZ6X hp76m9Q39npsbK+sXQ5EC+3qg1JaqUBxRdPsPOthtua+1+iodSDKxgTxXlCtkK4B6DWyZHPoCobch QtIFNQ5lTXOn0iGpBsXAJDh/G8+PYmO8hyV1ox+acb684NzsNpTBobI2FbbFMYhden8k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/amd: Use newer SSBD mechanisms if they exist Message-Id: Date: Tue, 12 Jul 2022 16:51:00 +0000 commit d43b47eb6a268aab69dbd87e1219aad4d3775f3d Author: Andrew Cooper AuthorDate: Fri Oct 15 11:15:14 2021 +0200 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/amd: Use newer SSBD mechanisms if they exist The opencoded legacy Memory Disambiguation logic in init_amd() neglected Fam19h for the Zen3 microarchitecture. Further more, all Zen2 based system have the architectural MSR_SPEC_CTRL and the SSBD bit within it, so shouldn't be using MSR_AMD64_LS_CFG. Implement the algorithm given in AMD's SSBD whitepaper, and leave a printk_once() behind in the case that no controls can be found. This now means that a user explicitly choosing `spec-ctrl=ssbd` will properly turn off Memory Disambiguation on Fam19h/Zen3 systems. This still remains a single system-wide setting (for now), and is not context switched between vCPUs. As such, it doesn't interact with Intel's use of MSR_SPEC_CTRL and default_xen_spec_ctrl (yet). Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 2a4e6c4e4bea2e0bb720418c331ee28ff9c7632e) --- xen/arch/x86/cpu/amd.c | 69 +++++++++++++++++++++++++++++++++++------------- xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 9 +------ xen/arch/x86/spec_ctrl.c | 5 +++- 4 files changed, 57 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index aa1b9d0dda..de0389810b 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -540,6 +540,56 @@ void early_init_amd(struct cpuinfo_x86 *c) ctxt_switch_levelling(NULL); } +/* + * Refer to the AMD Speculative Store Bypass whitepaper: + * https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf + */ +void amd_init_ssbd(const struct cpuinfo_x86 *c) +{ + int bit = -1; + + if (cpu_has_ssb_no) + return; + + if (cpu_has_amd_ssbd) { + wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + return; + } + + if (cpu_has_virt_ssbd) { + wrmsrl(MSR_VIRT_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + return; + } + + switch (c->x86) { + case 0x15: bit = 54; break; + case 0x16: bit = 33; break; + case 0x17: + case 0x18: bit = 10; break; + } + + if (bit >= 0) { + uint64_t val, mask = 1ull << bit; + + if (rdmsr_safe(MSR_AMD64_LS_CFG, val) || + ({ + val &= ~mask; + if (opt_ssbd) + val |= mask; + false; + }) || + wrmsr_safe(MSR_AMD64_LS_CFG, val) || + ({ + rdmsrl(MSR_AMD64_LS_CFG, val); + (val & mask) != (opt_ssbd * mask); + })) + bit = -1; + } + + if (bit < 0) + printk_once(XENLOG_ERR "No SSBD controls available\n"); +} + static void init_amd(struct cpuinfo_x86 *c) { u32 l, h; @@ -616,24 +666,7 @@ static void init_amd(struct cpuinfo_x86 *c) c->x86_capability); } - /* - * If the user has explicitly chosen to disable Memory Disambiguation - * to mitigiate Speculative Store Bypass, poke the appropriate MSR. - */ - if (opt_ssbd) { - int bit = -1; - - switch (c->x86) { - case 0x15: bit = 54; break; - case 0x16: bit = 33; break; - case 0x17: bit = 10; break; - } - - if (bit >= 0 && !rdmsr_safe(MSR_AMD64_LS_CFG, value)) { - value |= 1ull << bit; - wrmsr_safe(MSR_AMD64_LS_CFG, value); - } - } + amd_init_ssbd(c); /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index c2f4d9a06a..23ccd66115 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -19,3 +19,4 @@ extern void detect_ht(struct cpuinfo_x86 *c); extern bool detect_extended_topology(struct cpuinfo_x86 *c); void early_init_amd(struct cpuinfo_x86 *c); +void amd_init_ssbd(const struct cpuinfo_x86 *c); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 9ab7aa8622..b769e8ad90 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -59,14 +59,7 @@ static void init_hygon(struct cpuinfo_x86 *c) __set_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability); - /* - * If the user has explicitly chosen to disable Memory Disambiguation - * to mitigiate Speculative Store Bypass, poke the appropriate MSR. - */ - if (opt_ssbd && !rdmsr_safe(MSR_AMD64_LS_CFG, value)) { - value |= 1ull << 10; - wrmsr_safe(MSR_AMD64_LS_CFG, value); - } + amd_init_ssbd(c); /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index fec145a7b9..be3528c28e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -331,6 +331,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", (caps & ARCH_CAPS_SKIP_L1DFL) ? " SKIP_L1DFL" : "", + (e8b & cpufeat_mask(X86_FEATURE_SSB_NO)) || (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : "", @@ -339,15 +340,17 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (caps & ARCH_CAPS_PSDP_NO) ? " PSDP_NO" : ""); /* Hardware features which need driving to mitigate issues. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s\n", (e8b & cpufeat_mask(X86_FEATURE_IBPB)) || (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBPB" : "", (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS" : "", (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", + (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", + (e8b & cpufeat_mask(X86_FEATURE_VIRT_SSBD)) ? " VIRT_SSBD" : "", (caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL" : "", (caps & ARCH_CAPS_FB_CLEAR) ? " FB_CLEAR" : "", (caps & ARCH_CAPS_FB_CLEAR_CTRL) ? " FB_CLEAR_CTRL" : ""); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:51:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:51:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365933.596401 (Exim 4.92) (envelope-from ) id 1oBJ6N-0001Jr-Vf; Tue, 12 Jul 2022 16:51:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365933.596401; Tue, 12 Jul 2022 16:51:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6N-0001Jk-TA; Tue, 12 Jul 2022 16:51:11 +0000 Received: by outflank-mailman (input) for mailman id 365933; Tue, 12 Jul 2022 16:51:10 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6M-0001JZ-JR for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:10 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6M-0003Ge-If for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:10 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ6M-0003en-I3 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:10 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6AaIYzErIfGTzRunzRW8sGNnhQXIMW53oX8uP5OhvM0=; b=iTRIBm3NMUISo1Awc/mrAHPuPT obKri3gmxKb4D6cUzf0Ud62Zy8ODsMTbcRScXy4B7T5uwSpvd0zO1UgnEpkZ/v1yWojUVHL/jPQSb WOuG43qnKOG6wPy2FywAh6RsfVwBpqQs5efESgQVigbDdZktM/RwO3Qt6TTqqrrLwWtU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Print all AMD speculative hints/features Message-Id: Date: Tue, 12 Jul 2022 16:51:10 +0000 commit 55e4c720b269f5731b60a358aa3d8e56dd1866fe Author: Andrew Cooper AuthorDate: Fri Oct 15 11:15:39 2021 +0200 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Print all AMD speculative hints/features We already print Intel features that aren't yet implemented/used, so be consistent on AMD too. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 3d189f16a11d5a209fb47fa3635847608d43745c) [Forward port over XSA-398] --- xen/arch/x86/spec_ctrl.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index be3528c28e..0cc9b3fed5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -326,7 +326,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * Hardware read-only information, stating immunity to certain issues, or * suggestions of which mitigation to use. */ - printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", @@ -337,16 +337,23 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : "", (caps & ARCH_CAPS_SBDR_SSDP_NO) ? " SBDR_SSDP_NO" : "", (caps & ARCH_CAPS_FBSDP_NO) ? " FBSDP_NO" : "", - (caps & ARCH_CAPS_PSDP_NO) ? " PSDP_NO" : ""); + (caps & ARCH_CAPS_PSDP_NO) ? " PSDP_NO" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS_ALWAYS)) ? " IBRS_ALWAYS" : "", + (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : ""); /* Hardware features which need driving to mitigate issues. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", (e8b & cpufeat_mask(X86_FEATURE_IBPB)) || (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBPB" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS)) || (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS" : "", + (e8b & cpufeat_mask(X86_FEATURE_AMD_STIBP)) || (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (e8b & cpufeat_mask(X86_FEATURE_PSFD)) ? " PSFD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", @@ -367,14 +374,19 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", - !boot_cpu_has(X86_FEATURE_IBRSB) ? "No" : + (!boot_cpu_has(X86_FEATURE_IBRSB) && + !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", - !boot_cpu_has(X86_FEATURE_SSBD) ? "" : + (!boot_cpu_has(X86_FEATURE_STIBP) && + !boot_cpu_has(X86_FEATURE_AMD_STIBP)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_STIBP) ? " STIBP+" : " STIBP-", + (!boot_cpu_has(X86_FEATURE_SSBD) && + !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:51:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:51:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365934.596407 (Exim 4.92) (envelope-from ) id 1oBJ6Y-0001M4-2N; Tue, 12 Jul 2022 16:51:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365934.596407; Tue, 12 Jul 2022 16:51:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6X-0001Lw-Ue; Tue, 12 Jul 2022 16:51:21 +0000 Received: by outflank-mailman (input) for mailman id 365934; Tue, 12 Jul 2022 16:51:20 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6W-0001Lp-MG for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:20 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6W-0003Gi-LJ for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:20 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ6W-0003xO-Kp for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:20 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DZIcmym+iWwwtWm97AC//miUQJEGWb3oM9Y7wYKZlXI=; b=SbfC92ShMGXniR6hkzpRxTzGWl L73Pg/og9XrI2S7tjLjcZ9hlY61NUlYVVYNJt2cJoDZS0vJ8ZQgzPns9dKb3WkBJCBkr7OBSO+cPP M0rLV7awNBKnxmBV62OHrtzkshFTBKHaYvLZ6JIcv1wXucEkIkKZTdlxlbktrDsBXnLQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Drop use_spec_ctrl boolean Message-Id: Date: Tue, 12 Jul 2022 16:51:20 +0000 commit 8974821f13adb141726bff3524154cf601561269 Author: Andrew Cooper AuthorDate: Tue Jan 25 16:09:59 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Drop use_spec_ctrl boolean Several bugfixes have reduced the utility of this variable from it's original purpose, and now all it does is aid in the setup of SCF_ist_wrmsr. Simplify the logic by drop the variable, and doubling up the setting of SCF_ist_wrmsr for the PV and HVM blocks, which will make the AMD SPEC_CTRL support easier to follow. Leave a comment explaining why SCF_ist_wrmsr is still necessary for the VMExit case. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit ec083bf552c35e10347449e21809f4780f8155d2) --- xen/arch/x86/spec_ctrl.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0cc9b3fed5..a072ec9877 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -923,7 +923,7 @@ void spec_ctrl_init_domain(struct domain *d) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; + bool ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -998,19 +998,21 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - use_spec_ctrl = true; + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } if ( opt_msr_sc_hvm ) { - use_spec_ctrl = true; + /* + * While the guest MSR_SPEC_CTRL value is loaded/saved atomically, + * Xen's value is not restored atomically. An early NMI hitting + * the VMExit path needs to restore Xen's value for safety. + */ + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - if ( use_spec_ctrl ) - default_spec_ctrl_flags |= SCF_ist_wrmsr; - if ( ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:51:32 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:51:32 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365935.596411 (Exim 4.92) (envelope-from ) id 1oBJ6i-0001PL-3a; Tue, 12 Jul 2022 16:51:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365935.596411; Tue, 12 Jul 2022 16:51:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6i-0001PA-02; Tue, 12 Jul 2022 16:51:32 +0000 Received: by outflank-mailman (input) for mailman id 365935; Tue, 12 Jul 2022 16:51:30 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6g-0001Oh-Ox for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:30 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6g-0003Gp-O8 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:30 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ6g-0004Ys-Nb for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:30 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0OIEX+9UYatMZX8KQo/plbjNL1zo4rExwctYCUa0Ook=; b=qI5EuzqOQA0TdMGBj/az/O+J3P 2PSzoDHPL6UWugbasuR5G2GlzTfNc6e+pwJxOvJ/VwSwU5mld+uP+P2EGj0F+8p7XlG/8EFE+xsRR gpBvdzUVCuSBUVwN9TbqsNDMK7utVokVdfhpRIJgmLeAoLWZ6L2Y/KoN3N1ujvmGhsFc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Introduce new has_spec_ctrl boolean Message-Id: Date: Tue, 12 Jul 2022 16:51:30 +0000 commit bf5f5e89f04057dc2207953c9d7611f1c5bc8506 Author: Andrew Cooper AuthorDate: Tue Jan 25 17:14:48 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Introduce new has_spec_ctrl boolean Most MSR_SPEC_CTRL setup will be common between Intel and AMD. Instead of opencoding an OR of two features everywhere, introduce has_spec_ctrl instead. Reword the comment above the Intel specific alternatives block to highlight that it is Intel specific, and pull the setting of default_xen_spec_ctrl.IBRS out because it will want to be common. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5d9eff3a312763d889cfbf3c8468b6dfb3ab490c) --- xen/arch/x86/spec_ctrl.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index a072ec9877..422714f3a2 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -923,7 +923,7 @@ void spec_ctrl_init_domain(struct domain *d) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool ibrs = false, hw_smt_enabled; + bool has_spec_ctrl, ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -932,6 +932,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); + has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + /* * Has the user specified any custom BTI mitigations? If so, follow their * instructions exactly and disable all heuristics. @@ -955,11 +957,11 @@ void __init init_speculation_mitigations(void) */ if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } /* Without compiler thunk support, use IBRS if available. */ - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } @@ -990,10 +992,7 @@ void __init init_speculation_mitigations(void) else if ( thunk == THUNK_JMP ) setup_force_cpu_cap(X86_FEATURE_IND_THUNK_JMP); - /* - * If we are on hardware supporting MSR_SPEC_CTRL, see about setting up - * the alternatives blocks so we can virtualise support for guests. - */ + /* Intel hardware: MSR_SPEC_CTRL alternatives setup. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) { if ( opt_msr_sc_pv ) @@ -1012,11 +1011,12 @@ void __init init_speculation_mitigations(void) default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - - if ( ibrs ) - default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } + /* If we have IBRS available, see whether we should use it. */ + if ( has_spec_ctrl && ibrs ) + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + /* If we have SSBD available, see whether we should use it. */ if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; @@ -1250,7 +1250,7 @@ void __init init_speculation_mitigations(void) * boot won't have any other code running in a position to mount an * attack. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( has_spec_ctrl ) { bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:51:42 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:51:42 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365936.596414 (Exim 4.92) (envelope-from ) id 1oBJ6s-0001S7-4L; Tue, 12 Jul 2022 16:51:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365936.596414; Tue, 12 Jul 2022 16:51:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6s-0001Rz-1e; Tue, 12 Jul 2022 16:51:42 +0000 Received: by outflank-mailman (input) for mailman id 365936; Tue, 12 Jul 2022 16:51:40 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6q-0001Rs-Rw for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:40 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ6q-0003HG-R6 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:40 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ6q-0004eW-QO for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:40 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6NON5IVt3ej/WCmkWAQp4KL1eEIfO+9Gl5yDyr8fQRE=; b=QBCaAphB0B+uApKp4R/BbknAWI eeeDqvS4MQNXDu0DJEhJY2DCyEamkCK1dUJWIC0M7cR1BVIDmoA2ydtIEITGdDDfHUCmFKRtSpehl n6or/xIuOiDYRJFNOPS2cixvz9kiK5Jy2FGATVwaMvADKjRegrLyawq4fKDLkoepcaYw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 Message-Id: Date: Tue, 12 Jul 2022 16:51:40 +0000 commit 074e388fe0df27620fa09be562a7a6af716e2252 Author: Andrew Cooper AuthorDate: Fri Jan 28 12:03:42 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 'idle' here refers to hlt/mwait. The S3 path isn't an idle path - it is a platform reset. We need to load default_xen_spec_ctrl unilaterally on the way back up. Currently it happens as a side effect of X86_FEATURE_SC_MSR_IDLE or the next return-to-guest, but that's fragile behaviour. Conversely, there is no need to clear IBRS and flush the store buffers on the way down; we're microseconds away from cutting power. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 71fac402e05ade7b0af2c34f77517449f6f7e2c1) --- xen/arch/x86/acpi/power.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 19b04aed22..6424a90212 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -245,7 +245,6 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - spec_ctrl_enter_idle(ci); /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; @@ -295,7 +294,9 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - spec_ctrl_exit_idle(ci); + + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:51:52 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:51:52 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365937.596418 (Exim 4.92) (envelope-from ) id 1oBJ72-0001VN-62; Tue, 12 Jul 2022 16:51:52 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365937.596418; Tue, 12 Jul 2022 16:51:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ72-0001VD-39; Tue, 12 Jul 2022 16:51:52 +0000 Received: by outflank-mailman (input) for mailman id 365937; Tue, 12 Jul 2022 16:51:51 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ70-0001V0-V4 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:50 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ70-0003HQ-UE for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:50 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ70-0004f3-TX for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:51:50 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/bgG/OQxgD9QeZ+oj/l1CzLr3tOd4jStH9KaJcipwck=; b=lWuJHP9fPYYyPdhLLwE5QMuY3g GM6ErkwJVmwFpqeQusDnddEkKz4tpRokmiCN3mG0v7E9E3BbVpQu1H9ZZKrHLoV+oVk2jkGqb+POm 7TGPOU9iHcHJhu/n1RpdfDPkvPPIqALitX4iS3oo26gW5K+JeS9HKIR4nmCnDXrdj/9Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Message-Id: Date: Tue, 12 Jul 2022 16:51:50 +0000 commit b8d573a31beb19e06336f204b29317ae4806e318 Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Currently, amd_init_ssbd() works by being the only write to MSR_SPEC_CTRL in the system. This ceases to be true when using the common logic. Include AMD MSR_SPEC_CTRL in has_spec_ctrl to activate the common paths, and introduce an AMD specific block to control alternatives. Also update the boot/resume paths to configure default_xen_spec_ctrl. svm.h needs an adjustment to remove a dependency on include order. For now, only active alternatives for HVM - PV will require more work. No functional change, as no alternatives are defined yet for HVM yet. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 378f2e6df31442396f0afda19794c5c6091d96f9) --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/smpboot.c | 2 +- xen/arch/x86/spec_ctrl.c | 26 ++++++++++++++++++++++++-- xen/include/asm-x86/hvm/svm/svm.h | 3 +++ 5 files changed, 30 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 6424a90212..df77b2ca5c 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -295,7 +295,7 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index de0389810b..d5dece37cd 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -552,7 +552,7 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) return; if (cpu_has_amd_ssbd) { - wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + /* Handled by common MSR_SPEC_CTRL logic */ return; } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 2d525c8b2c..91e2ae6263 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -365,7 +365,7 @@ void start_secondary(void *unused) * settings. Note: These MSRs may only become available after loading * microcode. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 422714f3a2..a768c57b45 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -21,6 +21,7 @@ #include #include +#include #include #include #include @@ -932,7 +933,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); - has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + has_spec_ctrl = (boot_cpu_has(X86_FEATURE_IBRSB) || + boot_cpu_has(X86_FEATURE_IBRS)); /* * Has the user specified any custom BTI mitigations? If so, follow their @@ -1013,12 +1015,32 @@ void __init init_speculation_mitigations(void) } } + /* AMD hardware: MSR_SPEC_CTRL alternatives setup. */ + if ( boot_cpu_has(X86_FEATURE_IBRS) ) + { + /* + * Virtualising MSR_SPEC_CTRL for guests depends on SVM support, which + * on real hardware matches the availability of MSR_SPEC_CTRL in the + * first place. + * + * No need for SCF_ist_wrmsr because Xen's value is restored + * atomically WRT NMIs in the VMExit path. + * + * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. + */ + if ( opt_msr_sc_hvm && + (boot_cpu_data.extended_cpuid_level >= 0x8000000a) && + (cpuid_edx(0x8000000a) & (1u << SVM_FEATURE_SPEC_CTRL)) ) + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } + /* If we have IBRS available, see whether we should use it. */ if ( has_spec_ctrl && ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; /* If we have SSBD available, see whether we should use it. */ - if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) + if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || + boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; /* diff --git a/xen/include/asm-x86/hvm/svm/svm.h b/xen/include/asm-x86/hvm/svm/svm.h index 2b522ee79b..f28b40996c 100644 --- a/xen/include/asm-x86/hvm/svm/svm.h +++ b/xen/include/asm-x86/hvm/svm/svm.h @@ -45,6 +45,9 @@ static inline void svm_invlpga(unsigned long linear, uint32_t asid) "a" (linear), "c" (asid)); } +struct cpu_user_regs; +struct vcpu; + unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr); void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len); void svm_update_guest_cr(struct vcpu *, unsigned int cr, unsigned int flags); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:52:02 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:52:02 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365938.596423 (Exim 4.92) (envelope-from ) id 1oBJ7C-0001Xu-8w; Tue, 12 Jul 2022 16:52:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365938.596423; Tue, 12 Jul 2022 16:52:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7C-0001Xk-4n; Tue, 12 Jul 2022 16:52:02 +0000 Received: by outflank-mailman (input) for mailman id 365938; Tue, 12 Jul 2022 16:52:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7B-0001Xc-23 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7B-0003Ha-18 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ7B-0004jv-0H for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=A46p6GA39dMGmn/QuPsb86ADz4+5wwGcVE2RctuKNKc=; b=YO/w7X8LyjH4qeOhkS1oJbH9pu 6zYHwebFSzf9hlFYt88iLnvoHmJD2gxcFrgR7uKbKkubqxUkVchmEpE0/Pqh5I6Ior/pRZ0xmsexe HiYKgu5fgz03qkCGAL79axj5DXMQp4AqGVeh21ZB/QwjbWnGIsOOGxwWiC/rlea3hhXo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Message-Id: Date: Tue, 12 Jul 2022 16:52:01 +0000 commit 159e2235d75bd83bc9924d50e52b9b575b042709 Author: Andrew Cooper AuthorDate: Mon Jun 27 11:54:27 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Back at the time of the original Spectre-v2 fixes, it was recommended to clear MSR_SPEC_CTRL when going idle. This is because of the side effects on the sibling thread caused by the microcode IBRS and STIBP implementations which were retrofitted to existing CPUs. However, there are no relevant cross-thread impacts for the hardware IBRS/STIBP implementations, so this logic should not be used on Intel CPUs supporting eIBRS, or any AMD CPUs; doing so only adds unnecessary latency to the idle path. Furthermore, there's no point playing with MSR_SPEC_CTRL in the idle paths if SMT is disabled for other reasons. Fixes: 8d03080d2a33 ("x86/spec-ctrl: Cease using thunk=lfence on AMD") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné (cherry picked from commit ffc7694e0c99eea158c32aa164b7d1e1bb1dc46b) --- xen/arch/x86/spec_ctrl.c | 10 ++++++++-- xen/include/asm-x86/cpufeatures.h | 2 +- xen/include/asm-x86/spec_ctrl.h | 5 +++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index a768c57b45..e037e9b52e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1080,8 +1080,14 @@ void __init init_speculation_mitigations(void) /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ init_shadow_spec_ctrl_state(); - /* If Xen is using any MSR_SPEC_CTRL settings, adjust the idle path. */ - if ( default_xen_spec_ctrl ) + /* + * For microcoded IBRS only (i.e. Intel, pre eIBRS), it is recommended to + * clear MSR_SPEC_CTRL before going idle, to avoid impacting sibling + * threads. Activate this if SMT is enabled, and Xen is using a non-zero + * MSR_SPEC_CTRL setting. + */ + if ( boot_cpu_has(X86_FEATURE_IBRSB) && !(caps & ARCH_CAPS_IBRS_ALL) && + hw_smt_enabled && default_xen_spec_ctrl ) setup_force_cpu_cap(X86_FEATURE_SC_MSR_IDLE); xpti_init_default(caps); diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index bcba926bda..fc54c24a34 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -33,7 +33,7 @@ XEN_CPUFEATURE(SC_MSR_HVM, X86_SYNTH(17)) /* MSR_SPEC_CTRL used by Xen fo XEN_CPUFEATURE(SC_RSB_PV, X86_SYNTH(18)) /* RSB overwrite needed for PV */ XEN_CPUFEATURE(SC_RSB_HVM, X86_SYNTH(19)) /* RSB overwrite needed for HVM */ XEN_CPUFEATURE(XEN_SELFSNOOP, X86_SYNTH(20)) /* SELFSNOOP gets used by Xen itself */ -XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* (SC_MSR_PV || SC_MSR_HVM) && default_xen_spec_ctrl */ +XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on idle */ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ /* Bits 23,24 unused. */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 157a2c67d8..ffc054975e 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -80,7 +80,8 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) uint32_t val = 0; /* - * Branch Target Injection: + * It is recommended in some cases to clear MSR_SPEC_CTRL when going idle, + * to avoid impacting sibling threads. * * Latch the new shadow value, then enable shadowing, then update the MSR. * There are no SMP issues here; only local processor ordering concerns. @@ -116,7 +117,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) uint32_t val = info->xen_spec_ctrl; /* - * Branch Target Injection: + * Restore MSR_SPEC_CTRL on exit from idle. * * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:52:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:52:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365939.596425 (Exim 4.92) (envelope-from ) id 1oBJ7M-0001bL-CV; Tue, 12 Jul 2022 16:52:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365939.596425; Tue, 12 Jul 2022 16:52:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7M-0001bD-9m; Tue, 12 Jul 2022 16:52:12 +0000 Received: by outflank-mailman (input) for mailman id 365939; Tue, 12 Jul 2022 16:52:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7L-0001b4-5A for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7L-0003Hx-4H for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ7L-00050C-3c for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1fhivOF69dpy+t6iYsIIrH5ZerxjbRiLY9NkLpguv4A=; b=sYtYbaeiv5FRhrD1tvoJ4Gk81G K1gl/bO64+nTkBidHqgEcrm21Tcmx3ov+ycMSuNS7wturKX+WF+HLFKMhhLW2oHdoZo6x8up/wXNP 9jQqy1sKeTCLx77f2FYWZUpCoHy750vzwCg1HX1tsiEAXmZi5Sl8SFmuA4S6qB1P38Rk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint Message-Id: Date: Tue, 12 Jul 2022 16:52:11 +0000 commit a7e72872e99bed2dde6b90f0bd1e65ce3bae2173 Author: Andrew Cooper AuthorDate: Wed Mar 16 13:07:40 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint STIBP and PSFD are slightly weird bits, because they're both implied by other bits in MSR_SPEC_CTRL. Add fine grain controls for them, and take the implications into account when setting IBRS/SSBD. Rearrange the IBPB text/variables/logic to keep all the MSR_SPEC_CTRL bits together, for consistency. However, AMD have a hardware hint CPUID bit recommending that STIBP be set unilaterally. This is advertised on Zen3, so follow the recommendation. Furthermore, in such cases, set STIBP behind the guest's back for now. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit fef244b179c06fcdfa581f7d57fa6e578c49ff50) [Adjust for absence of INTEL_PSFD] --- docs/misc/xen-command-line.pandoc | 21 ++++++++++---- xen/arch/x86/spec_ctrl.c | 60 +++++++++++++++++++++++++++++++++++---- 2 files changed, 70 insertions(+), 11 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 022cb01da7..a998418585 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2034,8 +2034,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, -> l1d-flush,branch-harden,srb-lock,unpriv-mmio}= ]` +> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> eager-fpu,l1d-flush,branch-harden,srb-lock, +> unpriv-mmio}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2085,9 +2086,10 @@ On hardware supporting IBRS (Indirect Branch Restricted Speculation), the If Xen is not using IBRS itself, functionality is still set up so IBRS can be virtualised for guests. -On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` -option can be used to force (the default) or prevent Xen from issuing branch -prediction barriers on vcpu context switches. +On hardware supporting STIBP (Single Thread Indirect Branch Predictors), the +`stibp=` option can be used to force or prevent Xen using the feature itself. +By default, Xen will use STIBP when IBRS is in use (IBRS implies STIBP), and +when hardware hints recommend using it as a blanket setting. On hardware supporting SSBD (Speculative Store Bypass Disable), the `ssbd=` option can be used to force or prevent Xen using the feature itself. On AMD @@ -2095,6 +2097,15 @@ hardware, this is a global option applied at boot, and not virtualised for guest use. On Intel hardware, the feature is virtualised for guests, independently of Xen's choice of setting. +On hardware supporting PSFD (Predictive Store Forwarding Disable), the `psfd=` +option can be used to force or prevent Xen using the feature itself. By +default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by +default. + +On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` +option can be used to force (the default) or prevent Xen from issuing branch +prediction barriers on vcpu context switches. + On all hardware, the `eager-fpu=` option can be used to force or prevent Xen from using fully eager FPU context switches. This is currently implemented as a global control. By default, Xen will choose to use fully eager context diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index e037e9b52e..a4121e25cc 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -48,9 +48,13 @@ static enum ind_thunk { THUNK_LFENCE, THUNK_JMP, } opt_thunk __initdata = THUNK_DEFAULT; + static int8_t __initdata opt_ibrs = -1; +int8_t __initdata opt_stibp = -1; +bool __read_mostly opt_ssbd; +int8_t __initdata opt_psfd = -1; + bool __read_mostly opt_ibpb = true; -bool __read_mostly opt_ssbd = false; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -174,12 +178,20 @@ static int __init parse_spec_ctrl(const char *s) else rc = -EINVAL; } + + /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) opt_ibrs = val; - else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + else if ( (val = parse_boolean("stibp", s, ss)) >= 0 ) + opt_stibp = val; else if ( (val = parse_boolean("ssbd", s, ss)) >= 0 ) opt_ssbd = val; + else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) + opt_psfd = val; + + /* Misc settings. */ + else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) + opt_ibpb = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -375,7 +387,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -389,6 +401,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (!boot_cpu_has(X86_FEATURE_SSBD) && !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", + !boot_cpu_has(X86_FEATURE_PSFD) && + (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : @@ -1034,14 +1048,48 @@ void __init init_speculation_mitigations(void) setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - /* If we have IBRS available, see whether we should use it. */ + /* Figure out default_xen_spec_ctrl. */ if ( has_spec_ctrl && ibrs ) + { + /* IBRS implies STIBP. */ + if ( opt_stibp == -1 ) + opt_stibp = 1; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + } + + /* + * Use STIBP by default if the hardware hint is set. Otherwise, leave it + * off as it a severe performance pentalty on pre-eIBRS Intel hardware + * where it was retrofitted in microcode. + */ + if ( opt_stibp == -1 ) + opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + + if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || + boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) + default_xen_spec_ctrl |= SPEC_CTRL_STIBP; - /* If we have SSBD available, see whether we should use it. */ if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) + { + /* SSBD implies PSFD */ + if ( opt_psfd == -1 ) + opt_psfd = 1; + default_xen_spec_ctrl |= SPEC_CTRL_SSBD; + } + + /* + * Don't use PSFD by default. AMD designed the predictor to + * auto-clear on privilege change. PSFD is implied by SSBD, which is + * off by default. + */ + if ( opt_psfd == -1 ) + opt_psfd = 0; + + if ( opt_psfd && boot_cpu_has(X86_FEATURE_PSFD) ) + default_xen_spec_ctrl |= SPEC_CTRL_PSFD; /* * PV guests can poison the RSB to any virtual address from which -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:52:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:52:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365940.596429 (Exim 4.92) (envelope-from ) id 1oBJ7W-0001dy-EJ; Tue, 12 Jul 2022 16:52:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365940.596429; Tue, 12 Jul 2022 16:52:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7W-0001dr-Bb; Tue, 12 Jul 2022 16:52:22 +0000 Received: by outflank-mailman (input) for mailman id 365940; Tue, 12 Jul 2022 16:52:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7V-0001dj-7x for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7V-0003I7-7B for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ7V-00050j-6U for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RAHBIpCgXqFFVw+EkvRyRQQwRL/fJ1mLtH+j/zseFYg=; b=igyAjQxRiAOnFpgmAUoeQesjt3 P/YLudxZwIHaxVc8FI3XdcSbXRzD5TQ4TexGTI9lohcnP/6Dz5/fVab/kOe3TmcvdCmHxddjqj6SH znNG/lfVlq7kNcsjY4grMOqG2a5j4FZ7vJcl/sEfCrBpiXvPScc9eX6/vSFeAYkuV5g4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] xen/cmdline: Extend parse_boolean() to signal a name match Message-Id: Date: Tue, 12 Jul 2022 16:52:21 +0000 commit 4b42462701f0304e78925ca05517e52a79bf900b Author: Andrew Cooper AuthorDate: Tue Jul 5 19:19:01 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 xen/cmdline: Extend parse_boolean() to signal a name match This will help parsing a sub-option which has boolean and non-boolean options available. First, rework 'int val' into 'bool has_neg_prefix'. This inverts it's value, but the resulting logic is far easier to follow. Second, reject anything of the form 'no-$FOO=' which excludes ambiguous constructs such as 'no-$foo=yes' which have never been valid. This just leaves the case where everything is otherwise fine, but parse_bool() can't interpret the provided string. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross Reviewed-by: Jan Beulich (cherry picked from commit 382326cac528dd1eb0d04efd5c05363c453e29f4) --- xen/common/kernel.c | 20 ++++++++++++++++---- xen/include/xen/lib.h | 3 ++- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index de2fd1e334..7ba07eaaa6 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -275,9 +275,9 @@ int parse_bool(const char *s, const char *e) int parse_boolean(const char *name, const char *s, const char *e) { size_t slen, nlen; - int val = !!strncmp(s, "no-", 3); + bool has_neg_prefix = !strncmp(s, "no-", 3); - if ( !val ) + if ( has_neg_prefix ) s += 3; slen = e ? ({ ASSERT(e >= s); e - s; }) : strlen(s); @@ -289,11 +289,23 @@ int parse_boolean(const char *name, const char *s, const char *e) /* Exact, unadorned name? Result depends on the 'no-' prefix. */ if ( slen == nlen ) - return val; + return !has_neg_prefix; + + /* Inexact match with a 'no-' prefix? Not valid. */ + if ( has_neg_prefix ) + return -1; /* =$SOMETHING? Defer to the regular boolean parsing. */ if ( s[nlen] == '=' ) - return parse_bool(&s[nlen + 1], e); + { + int b = parse_bool(&s[nlen + 1], e); + + if ( b >= 0 ) + return b; + + /* Not a boolean, but the name matched. Signal specially. */ + return -2; + } /* Unrecognised. Give up. */ return -1; diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index 3c27ba902d..e0a234300a 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -79,7 +79,8 @@ int parse_bool(const char *s, const char *e); /** * Given a specific name, parses a string of the form: * [no-]$NAME[=...] - * returning 0 or 1 for a recognised boolean, or -1 for an error. + * returning 0 or 1 for a recognised boolean. Returns -1 for general errors, + * and -2 for "not a boolean, but $NAME= matches". */ int parse_boolean(const char *name, const char *s, const char *e); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:52:32 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:52:32 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365941.596434 (Exim 4.92) (envelope-from ) id 1oBJ7g-0001gq-G4; Tue, 12 Jul 2022 16:52:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365941.596434; Tue, 12 Jul 2022 16:52:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7g-0001gg-DD; Tue, 12 Jul 2022 16:52:32 +0000 Received: by outflank-mailman (input) for mailman id 365941; Tue, 12 Jul 2022 16:52:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7f-0001gT-Ay for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7f-0003IB-A9 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ7f-000518-9Z for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rl3u+mTnOjNYFDcpGgyu7lVWZsSAMxYOx/dfiYUOfMs=; b=wooSnK4icwE+s9Z7qILppwJka1 C45MZoSX8yrHG0kzIv8ks/BR/LKEnXcpazj/TrW8qdAvmAN5TSSw8Cd+hW4WCmAwR0zuxUdYkDdgT +8GDhVlB0pkJ4xorFEceWse4aqAyB94FSX3Blv/e6dk96pOE5XnasD967WHl3jD/lAAA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Message-Id: Date: Tue, 12 Jul 2022 16:52:31 +0000 commit 10d8c56e93a008892a30675f572a0c1d82005847 Author: Andrew Cooper AuthorDate: Fri Jul 8 16:44:43 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Support controling the PV/HVM suboption of msr-sc/rsb/md-clear, which previously wasn't possible. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 27357c394ba6e1571a89105b840ce1c6f026485c) --- docs/misc/xen-command-line.pandoc | 12 +++++-- xen/arch/x86/spec_ctrl.c | 66 +++++++++++++++++++++++++++++++++------ 2 files changed, 66 insertions(+), 12 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index a998418585..359859b518 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2033,7 +2033,8 @@ not be able to control the state of the mitigation. By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) -> `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, +> `= List of [ , xen=, {pv,hvm}=, +> {msr-sc,rsb,md-clear}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2058,12 +2059,17 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The booleans `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` offer fine +The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and Xen's ability to virtualise support for guests to use. +protect itself, and/or Xen's ability to virtualise support for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. +* Each other option can be used either as a plain boolean + (e.g. `spec-ctrl=rsb` to control both the PV and HVM sub-options), or with + `pv=` or `hvm=` subsuboptions (e.g. `spec-ctrl=rsb=no-hvm` to disable HVM + RSB only). + * `msr-sc=` offers control over Xen's support for manipulating `MSR_SPEC_CTRL` on entry and exit. These blocks are necessary to virtualise support for guests and if disabled, guests will be unable to use IBRS/STIBP/SSBD/etc. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index a4121e25cc..58af8a2838 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -148,20 +148,68 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_md_clear_hvm = val; } - else if ( (val = parse_boolean("msr-sc", s, ss)) >= 0 ) + else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { - opt_msr_sc_pv = val; - opt_msr_sc_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_msr_sc_pv = opt_msr_sc_hvm = val; + break; + + case -2: + s += strlen("msr-sc="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_msr_sc_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_msr_sc_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("rsb", s, ss)) >= 0 ) + else if ( (val = parse_boolean("rsb", s, ss)) != -1 ) { - opt_rsb_pv = val; - opt_rsb_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_rsb_pv = opt_rsb_hvm = val; + break; + + case -2: + s += strlen("rsb="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_rsb_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_rsb_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("md-clear", s, ss)) >= 0 ) + else if ( (val = parse_boolean("md-clear", s, ss)) != -1 ) { - opt_md_clear_pv = val; - opt_md_clear_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_md_clear_pv = opt_md_clear_hvm = val; + break; + + case -2: + s += strlen("md-clear="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_md_clear_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_md_clear_hvm = val; + else + default: + rc = -EINVAL; + break; + } } /* Xen's speculative sidechannel mitigation settings. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:52:42 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:52:42 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365944.596448 (Exim 4.92) (envelope-from ) id 1oBJ7q-0001z9-Qe; Tue, 12 Jul 2022 16:52:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365944.596448; Tue, 12 Jul 2022 16:52:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7q-0001z2-NU; Tue, 12 Jul 2022 16:52:42 +0000 Received: by outflank-mailman (input) for mailman id 365944; Tue, 12 Jul 2022 16:52:41 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7p-0001x3-Du for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:41 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7p-0003Ij-D7 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ7p-0005In-Cd for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XhKaBQ6EXZWpcuTqdriLvhK8lSqD6n/u7ZpE1MtzKC4=; b=d65ZfZh9SmpaGw9HDIrbxFZz95 rnLr0BjxfKGcKgNOi+Nu9Acnlez7DQWnlwwMyi1VDdBMZm/CcMzgG9rP5RlfHzYWlDNMS5Fzy+Lji +mcDl3oz40RqeS9ZyUTVu4HVBL2poMFuOVuEDDB1w6qHl4UGoGRW103YO44SZHuOgZ6o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Rework spec_ctrl_flags context switching Message-Id: Date: Tue, 12 Jul 2022 16:52:41 +0000 commit 196b4f4d34d4eb3857b301fba5cef6130252d554 Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Rework spec_ctrl_flags context switching We are shortly going to need to context switch new bits in both the vcpu and S3 paths. Introduce SCF_IST_MASK and SCF_DOM_MASK, and rework d->arch.verw into d->arch.spec_ctrl_flags to accommodate. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5796912f7279d9348a3166655588d30eae9f72cc) --- xen/arch/x86/acpi/power.c | 8 ++++---- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/spec_ctrl.c | 9 ++++++--- xen/include/asm-x86/domain.h | 3 +-- xen/include/asm-x86/spec_ctrl.h | 30 +++++++++++++++++++++++++++++- xen/include/asm-x86/spec_ctrl_asm.h | 3 --- 6 files changed, 44 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index df77b2ca5c..f1dbbf7fc9 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -245,8 +245,8 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; + /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ + ci->spec_ctrl_flags &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -292,8 +292,8 @@ static int enter_state(u32 state) if ( !recheck_cpu_features(0) ) panic("Missing previously available feature(s)\n"); - /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); + /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ + ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index fe95b25a03..0f94270254 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1820,10 +1820,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the VERW disposition. */ - info->spec_ctrl_flags &= ~SCF_verw; - if ( nextd->arch.verw ) - info->spec_ctrl_flags |= SCF_verw; + /* Update the top-of-stack block with the new spec_ctrl settings. */ + info->spec_ctrl_flags = + (info->spec_ctrl_flags & ~SCF_DOM_MASK) | + (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 58af8a2838..3030400a72 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -978,9 +978,12 @@ void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); - d->arch.verw = - (pv ? opt_md_clear_pv : opt_md_clear_hvm) || - (opt_fb_clear_mmio && is_iommu_enabled(d)); + bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || + (opt_fb_clear_mmio && is_iommu_enabled(d))); + + d->arch.spec_ctrl_flags = + (verw ? SCF_verw : 0) | + 0; } void __init init_speculation_mitigations(void) diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index 71d1ca243b..0527626a26 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -295,8 +295,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - /* Use VERW on return-to-guest for its flushing side effect. */ - bool verw; + uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index ffc054975e..a7b1b8f590 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -20,12 +20,40 @@ #ifndef __X86_SPEC_CTRL_H__ #define __X86_SPEC_CTRL_H__ -/* Encoding of cpuinfo.spec_ctrl_flags */ +/* + * Encoding of: + * cpuinfo.spec_ctrl_flags + * default_spec_ctrl_flags + * domain.spec_ctrl_flags + * + * Live settings are in the top-of-stack block, because they need to be + * accessable when XPTI is active. Some settings are fixed from boot, some + * context switched per domain, and some inhibited in the S3 path. + */ #define SCF_use_shadow (1 << 0) #define SCF_ist_wrmsr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +/* + * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some + * functionality requires updated microcode to work. + * + * On boot, this is easy; we load microcode before figuring out which + * speculative protections to apply. However, on the S3 resume path, we must + * be able to disable the configured mitigations until microcode is reloaded. + * + * These are the controls to inhibit on the S3 resume path until microcode has + * been reloaded. + */ +#define SCF_IST_MASK (SCF_ist_wrmsr) + +/* + * Some speculative protections are per-domain. These settings are merged + * into the top-of-stack block in the context switch path. + */ +#define SCF_DOM_MASK (SCF_verw) + #ifndef __ASSEMBLY__ #include diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index fe90c80ac3..12b3111ebd 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -255,9 +255,6 @@ /* * Use in IST interrupt/exception context. May interrupt Xen or PV context. - * Fine grain control of SCF_ist_wrmsr is needed for safety in the S3 resume - * path to avoid using MSR_SPEC_CTRL before the microcode introducing it has - * been reloaded. */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:52:52 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:52:52 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365947.596453 (Exim 4.92) (envelope-from ) id 1oBJ80-00026k-TZ; Tue, 12 Jul 2022 16:52:52 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365947.596453; Tue, 12 Jul 2022 16:52:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ80-00026a-Qx; Tue, 12 Jul 2022 16:52:52 +0000 Received: by outflank-mailman (input) for mailman id 365947; Tue, 12 Jul 2022 16:52:51 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7z-000260-Gq for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:51 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ7z-0003Iq-G6 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:51 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ7z-0005LT-FT for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:52:51 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=T0WCT7lMytLtu6oOm8ZG1x94+1rfPPAKQn5oPD6YIhg=; b=RJNLzkyZqDvAA14vXEx0uKySs5 1hrLuYTEMavz09Tndx9EdRsF8LrIuPjxuy32HJKPC4MOMgD+/mvmTWx5aF/f3xG8nnfb/R1TwO+ru zGSatEdkpuD51/eQ7kCvIaLfQ5a9fR7r9LPb9cwahobUr7Jv4I7dpTuwkEKtowdbMPI4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr Message-Id: Date: Tue, 12 Jul 2022 16:52:51 +0000 commit ba3367292342e709b67e2efc0b1958ee34642b3f Author: Andrew Cooper AuthorDate: Tue Jun 28 14:36:56 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr We are about to introduce SCF_ist_ibpb, at which point SCF_ist_wrmsr becomes ambiguous. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76d6a36f645dfdbad8830559d4d52caf36efc75e) --- xen/arch/x86/spec_ctrl.c | 6 +++--- xen/include/asm-x86/spec_ctrl.h | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 3030400a72..deab5d990c 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1064,7 +1064,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1075,7 +1075,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1088,7 +1088,7 @@ void __init init_speculation_mitigations(void) * on real hardware matches the availability of MSR_SPEC_CTRL in the * first place. * - * No need for SCF_ist_wrmsr because Xen's value is restored + * No need for SCF_ist_sc_msr because Xen's value is restored * atomically WRT NMIs in the VMExit path. * * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index a7b1b8f590..3b2cd42413 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -31,7 +31,7 @@ * context switched per domain, and some inhibited in the S3 path. */ #define SCF_use_shadow (1 << 0) -#define SCF_ist_wrmsr (1 << 1) +#define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) @@ -46,7 +46,7 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_wrmsr) +#define SCF_IST_MASK (SCF_ist_sc_msr) /* * Some speculative protections are per-domain. These settings are merged diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 12b3111ebd..3e9d6bd114 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -273,8 +273,8 @@ .L\@_skip_rsb: - test $SCF_ist_wrmsr, %al - jz .L\@_skip_wrmsr + test $SCF_ist_sc_msr, %al + jz .L\@_skip_msr_spec_ctrl xor %edx, %edx testb $3, UREGS_cs(%rsp) @@ -297,7 +297,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * to speculate around the WRMSR. As a result, we need a dispatch * serialising instruction in the else clause. */ -.L\@_skip_wrmsr: +.L\@_skip_msr_spec_ctrl: lfence UNLIKELY_END(\@_serialise) .endm @@ -308,7 +308,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %rbx=stack_end * Clobbers %rax, %rcx, %rdx */ - testb $SCF_ist_wrmsr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) + testb $SCF_ist_sc_msr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) jz .L\@_skip DO_SPEC_CTRL_EXIT_TO_XEN -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:53:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:53:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365950.596456 (Exim 4.92) (envelope-from ) id 1oBJ8A-0002FD-Vr; Tue, 12 Jul 2022 16:53:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365950.596456; Tue, 12 Jul 2022 16:53:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8A-0002Ef-SW; Tue, 12 Jul 2022 16:53:02 +0000 Received: by outflank-mailman (input) for mailman id 365950; Tue, 12 Jul 2022 16:53:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ89-0002EE-K4 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ89-0003Iu-JI for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ89-0005MF-Ih for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=40bzJJ6VPcfghUgwXxJTCcBSW+micgHSQlxK1LoiEL4=; b=S4BMw8SFJt0U1OfOa7HKXs0a7Q tlI7Xe0vLCD7GX+D2curs7Ivb4sS3qDjzNJ2IlBuEfmlAi6rz5ThKTMG1/WOCvL+XILcAxNmojAAU 2PEaa35aq6FMbanwhgTkdbuvAGJ0j314119dDwUgqYd4DXoz7vSemjX8FmzU4MVF1edA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch Message-Id: Date: Tue, 12 Jul 2022 16:53:01 +0000 commit fbf19baaaf5cf3d72f8a4d820bd6a407b6581347 Author: Andrew Cooper AuthorDate: Mon Jul 4 21:32:17 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch We are about to introduce the use of IBPB at different points in Xen, making opt_ibpb ambiguous. Rename it to opt_ibpb_ctxt_switch. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit a8e5ef079d6f5c88c472e3e620db5a8d1402a50d) --- xen/arch/x86/domain.c | 2 +- xen/arch/x86/spec_ctrl.c | 10 +++++----- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 0f94270254..6199f36514 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1792,7 +1792,7 @@ void context_switch(struct vcpu *prev, struct vcpu *next) ctxt_switch_levelling(next); - if ( opt_ibpb && !is_idle_domain(nextd) ) + if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) ) { static DEFINE_PER_CPU(unsigned int, last); unsigned int *last_id = &this_cpu(last); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index deab5d990c..4517339ea6 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -54,7 +54,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb = true; +bool __read_mostly opt_ibpb_ctxt_switch = true; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -118,7 +118,7 @@ static int __init parse_spec_ctrl(const char *s) opt_thunk = THUNK_JMP; opt_ibrs = 0; - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; opt_ssbd = false; opt_l1d_flush = 0; opt_branch_harden = false; @@ -239,7 +239,7 @@ static int __init parse_spec_ctrl(const char *s) /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + opt_ibpb_ctxt_switch = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -455,7 +455,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (opt_tsx & 1) ? " TSX+" : " TSX-", !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", - opt_ibpb ? " IBPB" : "", + opt_ibpb_ctxt_switch ? " IBPB-ctxt" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm || opt_fb_clear_mmio ? " VERW" : "", @@ -1170,7 +1170,7 @@ void __init init_speculation_mitigations(void) /* Check we have hardware IBPB support before using it... */ if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 3b2cd42413..495260d6b6 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -63,7 +63,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb; +extern bool opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:53:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:53:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365953.596461 (Exim 4.92) (envelope-from ) id 1oBJ8L-0002Ni-1g; Tue, 12 Jul 2022 16:53:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365953.596461; Tue, 12 Jul 2022 16:53:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8K-0002Nb-UC; Tue, 12 Jul 2022 16:53:12 +0000 Received: by outflank-mailman (input) for mailman id 365953; Tue, 12 Jul 2022 16:53:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8J-0002NL-Mu for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8J-0003JH-M5 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ8J-0005cD-La for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wyrg7p2MhRBQFxLShpeUmMivqpnxanRHXByfha3bruw=; b=a0pUrO28uNJSuGEkSIboEHN28D fHDxoHMPHdk8uGjcnXLBTTjdelgpgNKv1IZ/xLFzZhxqqUQppM32oYcbLQ59leP3ergQdmBDgH3L2 DSYxEaLFEFpQc2jxV/5EXJifZhSd2lPYnmrhme03DbqH5HQ1A1Nw+Z5GnRqeeyG1ZGu8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST Message-Id: Date: Tue, 12 Jul 2022 16:53:11 +0000 commit 5994b739453fa36d8724f3b06dc10884ca69427f Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST We are shortly going to add a conditional IBPB in this path. Therefore, we cannot hold spec_ctrl_flags in %eax, and rely on only clobbering it after we're done with its contents. %rbx is available for use, and the more normal register to hold preserved information in. With %rax freed up, use it instead of %rdx for the RSB tmp register, and for the adjustment to spec_ctrl_flags. This leaves no use of %rdx, except as 0 for the upper half of WRMSR. In practice, %rdx is 0 from SAVE_ALL on all paths and isn't likely to change in the foreseeable future, so update the macro entry requirements to state this dependency. This marginal optimisation can be revisited if circumstances change. No practical change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e9b8d31981f184c6539f91ec54bd9cae29cdae36) --- xen/arch/x86/x86_64/entry.S | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 21 ++++++++++----------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 6a5f8aaec3..481110fb93 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -805,7 +805,7 @@ ENTRY(double_fault) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rbx @@ -838,7 +838,7 @@ handle_ist_exception: GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 3e9d6bd114..3ec680b587 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -258,34 +258,33 @@ */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* - * Requires %rsp=regs, %r14=stack_end - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY * maybexen=1, but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %eax + movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx - test $SCF_ist_rsb, %al + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb - DO_OVERWRITE_RSB tmp=rdx /* Clobbers %rcx/%rdx */ + DO_OVERWRITE_RSB /* Clobbers %rax/%rcx */ .L\@_skip_rsb: - test $SCF_ist_sc_msr, %al + test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl - xor %edx, %edx + xor %eax, %eax testb $3, UREGS_cs(%rsp) - setnz %dl - not %edx - and %dl, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + setnz %al + not %eax + and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax - xor %edx, %edx wrmsr /* Opencoded UNLIKELY_START() with no condition. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:53:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:53:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365954.596464 (Exim 4.92) (envelope-from ) id 1oBJ8V-0002Qt-2I; Tue, 12 Jul 2022 16:53:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365954.596464; Tue, 12 Jul 2022 16:53:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8U-0002Ql-Vn; Tue, 12 Jul 2022 16:53:22 +0000 Received: by outflank-mailman (input) for mailman id 365954; Tue, 12 Jul 2022 16:53:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8T-0002Qd-QO for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8T-0003JN-PR for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ8T-0005fU-OR for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CC6Yv4ecwkF1h51lH363zx42jpgJ2vpSfTrpZYruibQ=; b=r5k9oX4xNCQSdxkhgBGuq8zfEv UfTHDwff2oOU46+h8VszuhswTyxRYTB71XFuLu69Udy4J8hJ1tsgxpLeZAjMQgHl09AHqWCDPnTTc X7dse1xSqYxabhEKI4J6MDFtFh1suZaDH2C0GHrrEdP1DUBcWTkZTtVfq8sre61KuWnQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Support IBPB-on-entry Message-Id: Date: Tue, 12 Jul 2022 16:53:21 +0000 commit ebe3f5d9092466d2648c47c5aa6e9c9319db7bb5 Author: Andrew Cooper AuthorDate: Thu Feb 24 13:44:33 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Support IBPB-on-entry We are going to need this to mitigate Branch Type Confusion on AMD/Hygon CPUs, but as we've talked about using it in other cases too, arrange to support it generally. However, this is also very expensive in some cases, so we're going to want per-domain controls. Introduce SCF_ist_ibpb and SCF_entry_ibpb controls, adding them to the IST and DOM masks as appropriate. Also introduce X86_FEATURE_IBPB_ENTRY_{PV,HVM} to to patch the code blocks. For SVM, the STGI is serialising enough to protect against Spectre-v1 attacks, so no "else lfence" is necessary. VT-x will use use the MSR host load list, so doesn't need any code in the VMExit path. For the IST path, we can't safely check CPL==0 to skip a flush, as we might have hit an entry path before it's IBPB. As IST hitting Xen is rare, flush irrespective of CPL. A later path, SCF_ist_sc_msr, provides Spectre-v1 safety. For the PV paths, we know we're interrupting CPL>0, while for the INTR paths, we can safely check CPL==0. Only flush when interrupting guest context. An "else lfence" is needed for safety, but we want to be able to skip it on unaffected CPUs, so the block wants to be an alternative, which means the lfence has to be inline rather than UNLIKELY() (the replacement block doesn't have displacements fixed up for anything other than the first instruction). As with SPEC_CTRL_ENTRY_FROM_INTR_IST, %rdx is 0 on entry so rely on this to shrink the logic marginally. Update the comments to specify this new dependency. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 53a570b285694947776d5190f591a0d5b9b18de7) --- xen/arch/x86/hvm/svm/entry.S | 18 +++++++++++++- xen/arch/x86/hvm/vmx/vmcs.c | 4 +++ xen/arch/x86/x86_64/compat/entry.S | 4 +-- xen/arch/x86/x86_64/entry.S | 10 ++++---- xen/include/asm-x86/cpufeatures.h | 2 ++ xen/include/asm-x86/spec_ctrl.h | 6 +++-- xen/include/asm-x86/spec_ctrl_asm.h | 49 +++++++++++++++++++++++++++++++++++-- 7 files changed, 81 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 0684d29050..d7c85fdfc6 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -90,10 +90,26 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: ac */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: ac */ + + .macro svm_vmexit_cond_ibpb + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + jz .L_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr +.L_skip_ibpb: + .endm + ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ + /* + * STGI is executed unconditionally, and is sufficiently serialising + * to safely resolve any Spectre-v1 concerns in the above logic. + */ STGI GLOBAL(svm_stgi_label) mov %rsp,%rdi diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index f3bd7f9bee..447f583e07 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1312,6 +1312,10 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); + if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, + VMX_MSR_HOST); + out: vmx_vmcs_exit(v); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 9059c2ef6e..6d2e042677 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -17,7 +17,7 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, 4(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ CR4_PV32_RESTORE @@ -208,7 +208,7 @@ ENTRY(cstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 481110fb93..9fd4cef30f 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -235,7 +235,7 @@ ENTRY(lstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -270,7 +270,7 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -321,7 +321,7 @@ ENTRY(int80_direct_trap) movl $0x80, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -581,7 +581,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -613,7 +613,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index fc54c24a34..c6136ca4a0 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -37,6 +37,8 @@ XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on idle XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ /* Bits 23,24 unused. */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ +XEN_CPUFEATURE(IBPB_ENTRY_PV, X86_SYNTH(26)) /* MSR_PRED_CMD used by Xen for PV */ +XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(27)) /* MSR_PRED_CMD used by Xen for HVM */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 495260d6b6..8b69a81917 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -34,6 +34,8 @@ #define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +#define SCF_ist_ibpb (1 << 4) +#define SCF_entry_ibpb (1 << 5) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -46,13 +48,13 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_sc_msr) +#define SCF_IST_MASK (SCF_ist_sc_msr | SCF_ist_ibpb) /* * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 3ec680b587..5756f3f1a8 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -80,6 +80,35 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ +.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +/* + * Requires %rsp=regs (also cpuinfo if !maybexen) + * Requires %r14=stack_end (if maybexen), %rdx=0 + * Clobbers %rax, %rcx, %rdx + * + * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen + * case, we can safely look at UREGS_cs to skip taking the hit when + * interrupting Xen. + */ + .if \maybexen + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + jz .L\@_skip + testb $3, UREGS_cs(%rsp) + .else + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + .endif + jz .L\@_skip + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + jmp .L\@_done + +.L\@_skip: + lfence +.L\@_done: +.endm + .macro DO_OVERWRITE_RSB tmp=rax /* * Requires nothing @@ -232,12 +261,16 @@ /* Use after an entry from PV context (syscall/sysenter/int80/int82/etc). */ #define SPEC_CTRL_ENTRY_FROM_PV \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV /* Use in interrupt/exception context. May interrupt Xen or PV context. */ #define SPEC_CTRL_ENTRY_FROM_INTR \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV @@ -261,11 +294,23 @@ * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rbx, %rcx, %rdx * - * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY - * maybexen=1, but with conditionals rather than alternatives. + * This is logical merge of: + * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_OVERWRITE_RSB + * DO_SPEC_CTRL_ENTRY maybexen=1 + * but with conditionals rather than alternatives. */ movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + test $SCF_ist_ibpb, %bl + jz .L\@_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + +.L\@_skip_ibpb: + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:53:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:53:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365955.596468 (Exim 4.92) (envelope-from ) id 1oBJ8f-0002Vr-5Q; Tue, 12 Jul 2022 16:53:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365955.596468; Tue, 12 Jul 2022 16:53:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8f-0002Vj-2Z; Tue, 12 Jul 2022 16:53:33 +0000 Received: by outflank-mailman (input) for mailman id 365955; Tue, 12 Jul 2022 16:53:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8d-0002VW-TM for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8d-0003Ji-Sb for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ8d-0005j4-Rx for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8wwr5DwLMkQo24TAbW63T7cTmxtn4wyZEF9H17asPfw=; b=lFJWcmYS/HBxALiIpWtB+M4A/S uELVWKZ3/mOUvwt+cjP/ryBPbk9s6uS3V8Xulr+aC6VuqPZlLXzr3WS29KExZKDTuRCBYhqiMvvzd 8BS0kw6aH2AUEvgGHZxajbhWVUAwDgfYpmdszWcIcEifkdU2/5ECLHJaXFsOLf+ZGhHo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/cpuid: Enumeration for BTC_NO Message-Id: Date: Tue, 12 Jul 2022 16:53:31 +0000 commit 3c71016e68f2aa324c42f66cbedd9571fe89c221 Author: Andrew Cooper AuthorDate: Mon May 16 15:48:24 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/cpuid: Enumeration for BTC_NO BTC_NO indicates that hardware is not succeptable to Branch Type Confusion. Zen3 CPUs don't suffer BTC. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76cb04ad64f3ab9ae785988c40655a71dde9c319) --- tools/libxl/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/cpu/amd.c | 10 ++++++++++ xen/arch/x86/spec_ctrl.c | 5 +++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c index 977a4377bf..11b43807e9 100644 --- a/tools/libxl/libxl_cpuid.c +++ b/tools/libxl/libxl_cpuid.c @@ -274,6 +274,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1}, {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, + {"btc-no", 0x80000008, NA, CPUID_REG_EBX, 29, 1}, {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index ff167779df..52f5059d8f 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -156,7 +156,7 @@ static const char *const str_e8b[32] = [24] = "amd-ssbd", [25] = "virt-ssbd", [26] = "ssb-no", - [28] = "psfd", + [28] = "psfd", [29] = "btc-no", }; static const char *const str_7d0[32] = diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index d5dece37cd..a2041e5138 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -707,6 +707,16 @@ static void init_amd(struct cpuinfo_x86 *c) warning_add(text); } break; + + case 0x19: + /* + * Zen3 (Fam19h model < 0x10) parts are not susceptible to + * Branch Type Confusion, but predate the allocation of the + * BTC_NO bit. Fill it back in if we're not virtualised. + */ + if (!cpu_has_hypervisor && !cpu_has(c, X86_FEATURE_BTC_NO)) + __set_bit(X86_FEATURE_BTC_NO, c->x86_capability); + break; } display_cacheinfo(c); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 4517339ea6..4fdc6e93ad 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -387,7 +387,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * Hardware read-only information, stating immunity to certain issues, or * suggestions of which mitigation to use. */ - printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", @@ -402,7 +402,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (e8b & cpufeat_mask(X86_FEATURE_IBRS_ALWAYS)) ? " IBRS_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", - (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : ""); + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : "", + (e8b & cpufeat_mask(X86_FEATURE_BTC_NO)) ? " BTC_NO" : ""); /* Hardware features which need driving to mitigate issues. */ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 6084e0569d..44b3ba331f 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -258,6 +258,7 @@ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(BTC_NO, 8*32+29) /*A Hardware not vulnerable to Branch Type Confusion */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:53:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:53:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365956.596473 (Exim 4.92) (envelope-from ) id 1oBJ8p-0002Z3-73; Tue, 12 Jul 2022 16:53:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365956.596473; Tue, 12 Jul 2022 16:53:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8p-0002Yt-49; Tue, 12 Jul 2022 16:53:43 +0000 Received: by outflank-mailman (input) for mailman id 365956; Tue, 12 Jul 2022 16:53:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8o-0002Yg-06 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8n-0003Jo-Vb for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ8n-0005z6-Uu for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dYuWaUl9124fgUH+xZf6t6FdfxVs08wgGKfApErQ4+I=; b=hW3IYUD5DBsgEQ/M1iO/Y93fKv Z6kOlO+fMnwPj2CyNZtCeVtt5p2VK9RSStchBxQ0t+qor1FUxaIaTdGqzWb2uwUnxJ6CFHyegCsox 5SpqaCrjE25GYovS8pF4FOwAdyIOGFn8pfvRtOEd3n9II1zW/5AAOFvAinz3DPgNRgpI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Enable Zen2 chickenbit Message-Id: Date: Tue, 12 Jul 2022 16:53:41 +0000 commit 3feba68e15d3045db99ab417ad1fcfde2966e22d Author: Andrew Cooper AuthorDate: Tue Mar 15 18:30:25 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Enable Zen2 chickenbit ... as instructed in the Branch Type Confusion whitepaper. This is part of XSA-407. Signed-off-by: Andrew Cooper (cherry picked from commit 9deaf2d932f08c16c6b96a1c426e4b1142c0cdbe) --- xen/arch/x86/cpu/amd.c | 28 ++++++++++++++++++++++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 6 ++++++ xen/include/asm-x86/msr-index.h | 1 + 4 files changed, 36 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index a2041e5138..e9530d581b 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -590,6 +590,31 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) printk_once(XENLOG_ERR "No SSBD controls available\n"); } +/* + * On Zen2 we offer this chicken (bit) on the altar of Speculation. + * + * Refer to the AMD Branch Type Confusion whitepaper: + * https://XXX + * + * Setting this unnamed bit supposedly causes prediction information on + * non-branch instructions to be ignored. It is to be set unilaterally in + * newer microcode. + * + * This chickenbit is something unrelated on Zen1, and Zen1 vs Zen2 isn't a + * simple model number comparison, so use STIBP as a heuristic to separate the + * two uarches in Fam17h(AMD)/18h(Hygon). + */ +void amd_init_spectral_chicken(void) +{ + uint64_t val, chickenbit = 1 << 1; + + if (cpu_has_hypervisor || !boot_cpu_has(X86_FEATURE_AMD_STIBP)) + return; + + if (rdmsr_safe(MSR_AMD64_DE_CFG2, val) == 0 && !(val & chickenbit)) + wrmsr_safe(MSR_AMD64_DE_CFG2, val | chickenbit); +} + static void init_amd(struct cpuinfo_x86 *c) { u32 l, h; @@ -668,6 +693,9 @@ static void init_amd(struct cpuinfo_x86 *c) amd_init_ssbd(c); + if (c->x86 == 0x17) + amd_init_spectral_chicken(); + /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 23ccd66115..680b515b3c 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -20,3 +20,4 @@ extern bool detect_extended_topology(struct cpuinfo_x86 *c); void early_init_amd(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); +void amd_init_spectral_chicken(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index b769e8ad90..c500485dde 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -61,6 +61,12 @@ static void init_hygon(struct cpuinfo_x86 *c) amd_init_ssbd(c); + /* + * TODO: Check heuristic safety with Hygon first + if (c->x86 == 0x18) + amd_init_spectral_chicken(); + */ + /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 20653bd660..7b8a9c2951 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -311,6 +311,7 @@ #define MSR_AMD64_DC_CFG 0xc0011022 #define MSR_AMD64_DE_CFG 0xc0011029 #define AMD64_DE_CFG_LFENCE_SERIALISE (_AC(1, ULL) << 1) +#define MSR_AMD64_DE_CFG2 0xc00110e3 #define MSR_AMD64_DR0_ADDRESS_MASK 0xc0011027 #define MSR_AMD64_DR1_ADDRESS_MASK 0xc0011019 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 16:53:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 16:53:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.365957.596477 (Exim 4.92) (envelope-from ) id 1oBJ8z-0002cn-8m; Tue, 12 Jul 2022 16:53:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 365957.596477; Tue, 12 Jul 2022 16:53:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8z-0002cf-5g; Tue, 12 Jul 2022 16:53:53 +0000 Received: by outflank-mailman (input) for mailman id 365957; Tue, 12 Jul 2022 16:53:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8y-0002cQ-39 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBJ8y-0003Jw-2H for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBJ8y-0005zi-1k for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 16:53:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rnAqW419uOZg1GTlAKZmiSesmluatTIWltaOA8zskRc=; b=4+pj7wEcPF6vzO2QRpdtXwy/55 xsTqTpsDbyZ2ZKNonDUwHNV4bjYg/M5YSdUlehuyDtGb4zO2PO5hSKPPQy92fjY+4YCjoRhznJTTc CfpPIkI6NA44aoWZz+AcgwlBU3P+v/o2LXDo/+cvydzxhiVteUpm01PcSMCLkYNBldvQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Mitigate Branch Type Confusion when possible Message-Id: Date: Tue, 12 Jul 2022 16:53:52 +0000 commit f8614c7153f95dcd1a1320156787dbc5325fd946 Author: Andrew Cooper AuthorDate: Mon Jun 27 19:29:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Mitigate Branch Type Confusion when possible Branch Type Confusion affects AMD/Hygon CPUs on Zen2 and earlier. To mitigate, we require SMT safety (STIBP on Zen2, no-SMT on Zen1), and to issue an IBPB on each entry to Xen, to flush the BTB. Due to performance concerns, dom0 (which is trusted in most configurations) is excluded from protections by default. Therefore: * Use STIBP by default on Zen2 too, which now means we want it on by default on all hardware supporting STIBP. * Break the current IBPB logic out into a new function, extending it with IBPB-at-entry logic. * Change the existing IBPB-at-ctxt-switch boolean to be tristate, and disable it by default when IBPB-at-entry is providing sufficient safety. If all PV guests on the system are trusted, then it is recommended to boot with `spec-ctrl=ibpb-entry=no-pv`, as this will provide an additional marginal perf improvement. This is part of XSA-407 / CVE-2022-23825. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit d8cb7e0f069e0f106d24941355b59b45a731eabe) --- docs/misc/xen-command-line.pandoc | 14 +++-- xen/arch/x86/spec_ctrl.c | 113 ++++++++++++++++++++++++++++++++++---- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 112 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 359859b518..956ecd5a35 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2034,7 +2034,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,md-clear}=|{pv,hvm}=, +> {msr-sc,rsb,md-clear,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2059,9 +2059,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine -grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and/or Xen's ability to virtualise support for guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `md-clear=` and `ibpb-entry=` options +offer fine grained control over the primitives by Xen. These impact Xen's +ability to protect itself, and/or Xen's ability to virtualise support for +guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2080,6 +2081,11 @@ protect itself, and/or Xen's ability to virtualise support for guests to use. compatibility with development versions of this fix, `mds=` is also accepted on Xen 4.12 and earlier as an alias. Consult vendor documentation in preference to here.* +* `ibpb-entry=` offers control over whether IBPB (Indirect Branch Prediction + Barrier) is used on entry to Xen. This is used by default on hardware + vulnerable to Branch Type Confusion, but for performance reasons, dom0 is + unprotected by default. If it necessary to protect dom0 too, boot with + `spec-ctrl=ibpb-entry`. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 4fdc6e93ad..bfa5d27e00 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -39,6 +39,10 @@ static bool __initdata opt_rsb_hvm = true; static int8_t __read_mostly opt_md_clear_pv = -1; static int8_t __read_mostly opt_md_clear_hvm = -1; +static int8_t __read_mostly opt_ibpb_entry_pv = -1; +static int8_t __read_mostly opt_ibpb_entry_hvm = -1; +static bool __read_mostly opt_ibpb_entry_dom0; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -54,7 +58,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb_ctxt_switch = true; +int8_t __read_mostly opt_ibpb_ctxt_switch = -1; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -115,6 +119,9 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = false; opt_md_clear_pv = 0; opt_md_clear_hvm = 0; + opt_ibpb_entry_pv = 0; + opt_ibpb_entry_hvm = 0; + opt_ibpb_entry_dom0 = false; opt_thunk = THUNK_JMP; opt_ibrs = 0; @@ -141,12 +148,14 @@ static int __init parse_spec_ctrl(const char *s) opt_msr_sc_pv = val; opt_rsb_pv = val; opt_md_clear_pv = val; + opt_ibpb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { opt_msr_sc_hvm = val; opt_rsb_hvm = val; opt_md_clear_hvm = val; + opt_ibpb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -211,6 +220,28 @@ static int __init parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("ibpb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_ibpb_entry_pv = opt_ibpb_entry_hvm = + opt_ibpb_entry_dom0 = val; + break; + + case -2: + s += strlen("ibpb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_ibpb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_ibpb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -474,27 +505,31 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -727,6 +762,55 @@ static bool __init should_use_eager_fpu(void) } } +static void __init ibpb_calculations(void) +{ + /* Check we have hardware IBPB support before using it... */ + if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) + { + opt_ibpb_entry_hvm = opt_ibpb_entry_pv = opt_ibpb_ctxt_switch = 0; + opt_ibpb_entry_dom0 = false; + return; + } + + /* + * IBPB-on-entry mitigations for Branch Type Confusion. + * + * IBPB && !BTC_NO selects all AMD/Hygon hardware, not known to be safe, + * that we can provide some form of mitigation on. + */ + if ( opt_ibpb_entry_pv == -1 ) + opt_ibpb_entry_pv = (IS_ENABLED(CONFIG_PV) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + if ( opt_ibpb_entry_hvm == -1 ) + opt_ibpb_entry_hvm = (IS_ENABLED(CONFIG_HVM) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + + if ( opt_ibpb_entry_pv ) + { + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_PV); + + /* + * We only need to flush in IST context if we're protecting against PV + * guests. HVM IBPB-on-entry protections are both atomic with + * NMI/#MC, so can't interrupt Xen ahead of having already flushed the + * BTB. + */ + default_spec_ctrl_flags |= SCF_ist_ibpb; + } + if ( opt_ibpb_entry_hvm ) + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); + + /* + * If we're using IBPB-on-entry to protect against PV and HVM guests + * (ignoring dom0 if trusted), then there's no need to also issue IBPB on + * context switch too. + */ + if ( opt_ibpb_ctxt_switch == -1 ) + opt_ibpb_ctxt_switch = !(opt_ibpb_entry_hvm && opt_ibpb_entry_pv); +} + /* Calculate whether this CPU is vulnerable to L1TF. */ static __init void l1tf_calculations(uint64_t caps) { @@ -982,8 +1066,12 @@ void spec_ctrl_init_domain(struct domain *d) bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || (opt_fb_clear_mmio && is_iommu_enabled(d))); + bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && + (d->domain_id != 0 || opt_ibpb_entry_dom0)); + d->arch.spec_ctrl_flags = (verw ? SCF_verw : 0) | + (ibpb ? SCF_entry_ibpb : 0) | 0; } @@ -1111,12 +1199,15 @@ void __init init_speculation_mitigations(void) } /* - * Use STIBP by default if the hardware hint is set. Otherwise, leave it - * off as it a severe performance pentalty on pre-eIBRS Intel hardware - * where it was retrofitted in microcode. + * Use STIBP by default on all AMD systems. Zen3 and later enumerate + * STIBP_ALWAYS, but STIBP is needed on Zen2 as part of the mitigations + * for Branch Type Confusion. + * + * Leave STIBP off by default on Intel. Pre-eIBRS systems suffer a + * substantial perf hit when it was implemented in microcode. */ if ( opt_stibp == -1 ) - opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + opt_stibp = !!boot_cpu_has(X86_FEATURE_AMD_STIBP); if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) @@ -1169,9 +1260,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_hvm ) setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM); - /* Check we have hardware IBPB support before using it... */ - if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb_ctxt_switch = false; + ibpb_calculations(); /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 8b69a81917..2f15ae9814 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -65,7 +65,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb_ctxt_switch; +extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 22:55:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 22:55:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366093.596671 (Exim 4.92) (envelope-from ) id 1oBOmW-0007sk-4F; Tue, 12 Jul 2022 22:55:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366093.596671; Tue, 12 Jul 2022 22:55:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOmW-0007sc-0s; Tue, 12 Jul 2022 22:55:04 +0000 Received: by outflank-mailman (input) for mailman id 366093; Tue, 12 Jul 2022 22:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOmU-0007sW-Da for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOmU-00038D-Az for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBOmU-0000HX-A4 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=06g0cvi/NJRZe+6CsXpr3iRJIVpctmVrn+dEid8ndB8=; b=LthdXseUzl8wwnZ2tORr17djBm KBdZ2VpWfw+Tc2dTr6Ee3eaKeSIkt/BsD6Dbt6H7JTY31TKNMSnSV9FPmA5uUe+I1Uq/BcTAmUVoC ITMbCcueUUKMaOYeDq2DqNbV/Rz542iknBBYaau5gQi64J/J97QK3OfQEyYd1XFzkOw8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] IOMMU/x86: work around bogus gcc12 warning in hvm_gsi_eoi() Message-Id: Date: Tue, 12 Jul 2022 22:55:02 +0000 commit 460b08d6c6c16b3f32aa138e772b759ae02a4479 Author: Jan Beulich AuthorDate: Tue Jul 12 11:10:34 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:10:34 2022 +0200 IOMMU/x86: work around bogus gcc12 warning in hvm_gsi_eoi() As per [1] the expansion of the pirq_dpci() macro causes a -Waddress controlled warning (enabled implicitly in our builds, if not by default) tying the middle part of the involved conditional expression to the surrounding boolean context. Work around this by introducing a local inline function in the affected source file. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102967 master commit: 80ad8db8a4d9bb24952f0aea788ce6f47566fa76 master date: 2022-06-15 10:19:32 +0200 --- xen/drivers/passthrough/x86/hvm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c index 0b37cd145b..ba0f6c53d7 100644 --- a/xen/drivers/passthrough/x86/hvm.c +++ b/xen/drivers/passthrough/x86/hvm.c @@ -25,6 +25,18 @@ #include #include +/* + * Gcc12 takes issue with pirq_dpci() being used in boolean context (see gcc + * bug 102967). While we can't replace the macro definition in the header by an + * inline function, we can do so here. + */ +static inline struct hvm_pirq_dpci *_pirq_dpci(struct pirq *pirq) +{ + return pirq_dpci(pirq); +} +#undef pirq_dpci +#define pirq_dpci(pirq) _pirq_dpci(pirq) + static DEFINE_PER_CPU(struct list_head, dpci_list); /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 22:55:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 22:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366094.596675 (Exim 4.92) (envelope-from ) id 1oBOmf-0007uo-6V; Tue, 12 Jul 2022 22:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366094.596675; Tue, 12 Jul 2022 22:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOmf-0007uh-41; Tue, 12 Jul 2022 22:55:13 +0000 Received: by outflank-mailman (input) for mailman id 366094; Tue, 12 Jul 2022 22:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOme-0007ub-FM for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOme-00038H-ES for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBOme-0000I8-DH for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TxgG1blxAhsgwdX8XqqSN3Kl97sES4v2ddxEZHwdQ4Q=; b=MLso1nZ4xFAq7FfmKBQzHSBagS wEq7Mqn+X5BHgz5iX8j+Gxm1Y8ILcTeKZe3Q3/HwWVpFqJ4jX5IZh/CenpmNn7ycYH9N4RSOcd+qQ kuee+k+/MXxQJL189UARRusuWxtiTQYKPV6AriylrCCX6IQMy1KJfYQxEoI6OlFgq6v4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] ehci-dbgp: fix selecting n-th ehci controller Message-Id: Date: Tue, 12 Jul 2022 22:55:12 +0000 commit 5cb8142076ce1ce53eafd7e00acb4d0eac4e7784 Author: Marek Marczykowski-Górecki AuthorDate: Tue Jul 12 11:11:35 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:11:35 2022 +0200 ehci-dbgp: fix selecting n-th ehci controller The ehci number was parsed but ignored. Fixes: 322ecbe4ac85 ("console: add EHCI debug port based serial console") Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich master commit: d6d0cb659fda64430d4649f8680c5cead32da8fd master date: 2022-06-16 14:23:37 +0100 --- xen/drivers/char/ehci-dbgp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/char/ehci-dbgp.c b/xen/drivers/char/ehci-dbgp.c index c893d246de..66b4811af2 100644 --- a/xen/drivers/char/ehci-dbgp.c +++ b/xen/drivers/char/ehci-dbgp.c @@ -1478,7 +1478,7 @@ void __init ehci_dbgp_init(void) unsigned int num = 0; if ( opt_dbgp[4] ) - simple_strtoul(opt_dbgp + 4, &e, 10); + num = simple_strtoul(opt_dbgp + 4, &e, 10); dbgp->cap = find_dbgp(dbgp, num); if ( !dbgp->cap ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 22:55:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 22:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366095.596679 (Exim 4.92) (envelope-from ) id 1oBOmp-0007xk-8B; Tue, 12 Jul 2022 22:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366095.596679; Tue, 12 Jul 2022 22:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOmp-0007xd-5d; Tue, 12 Jul 2022 22:55:23 +0000 Received: by outflank-mailman (input) for mailman id 366095; Tue, 12 Jul 2022 22:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOmo-0007xR-IL for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOmo-00038f-HR for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBOmo-0000Ij-Gm for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O4lgYn/P5oHi0oaDc/ewVeTHAqB+gjCEq5Z4NC9Yj0A=; b=4GtXTe/hUnXPmehvdYMwl8w79f jr/WcdJhtkFwwjYuScbcwNjWqgr78PJJQbB+LazRcOwJRFgOx0UiguxIYaFpe37H0Bz/JLWbzW84Q sicQLpH5n6G2z0ftqxfw5qVZV6o4wV4zhR2+DGFt96eg3w8hPJt71qgJMIAKUD5KYZMI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] tools/xenstored: Harden corrupt() Message-Id: Date: Tue, 12 Jul 2022 22:55:22 +0000 commit 81ee3d08351be1ef2a14d371993604098d6a4673 Author: Julien Grall AuthorDate: Tue Jul 12 11:12:13 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:12:13 2022 +0200 tools/xenstored: Harden corrupt() At the moment, corrupt() is neither checking for allocation failure nor freeing the allocated memory. Harden the code by printing ENOMEM if the allocation failed and free 'str' after the last use. This is not considered to be a security issue because corrupt() should only be called when Xenstored thinks the database is corrupted. Note that the trigger (i.e. a guest reliably provoking the call) would be a security issue. Fixes: 06d17943f0cd ("Added a basic integrity checker, and some basic ability to recover from store") Signed-off-by: Julien Grall Reviewed-by: Juergen Gross master commit: db3382dd4f468c763512d6bf91c96773395058fb master date: 2022-06-23 13:44:10 +0100 --- tools/xenstore/xenstored_core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c index 91d093a12e..0c8ee276f8 100644 --- a/tools/xenstore/xenstored_core.c +++ b/tools/xenstore/xenstored_core.c @@ -2087,7 +2087,10 @@ void corrupt(struct connection *conn, const char *fmt, ...) va_end(arglist); log("corruption detected by connection %i: err %s: %s", - conn ? (int)conn->id : -1, strerror(saved_errno), str); + conn ? (int)conn->id : -1, strerror(saved_errno), + str ?: "ENOMEM"); + + talloc_free(str); check_store(); } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 22:55:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 22:55:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366096.596682 (Exim 4.92) (envelope-from ) id 1oBOmz-00080N-9g; Tue, 12 Jul 2022 22:55:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366096.596682; Tue, 12 Jul 2022 22:55:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOmz-00080G-76; Tue, 12 Jul 2022 22:55:33 +0000 Received: by outflank-mailman (input) for mailman id 366096; Tue, 12 Jul 2022 22:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOmy-000808-LL for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOmy-0003AP-KV for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBOmy-0000JB-Jk for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KUW9qrIJFxVWqN4op9hWDpn9qawm49rKRvtkTrJ5IoU=; b=uVYOCKjL/L4mYWw1CSuxn5AizH mA4+6mXAP43LboLG7xqcLDrlzM7cfluz0MEqeRvN52ae2NYXekPqWNFg3zui/hVsjiOpkeF9rsSzd n2hENNu/OBMDsmB8Ms6ChIk/Nak4D9S7Ohr6xrDD5ssW9u5Kw+D8aq6Tc7rUxV7AA/2U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Message-Id: Date: Tue, 12 Jul 2022 22:55:32 +0000 commit 09d533f4c80b7eaf9fb4e36ebba8259580857a9d Author: Andrew Cooper AuthorDate: Tue Jul 12 11:12:46 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:12:46 2022 +0200 x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Back at the time of the original Spectre-v2 fixes, it was recommended to clear MSR_SPEC_CTRL when going idle. This is because of the side effects on the sibling thread caused by the microcode IBRS and STIBP implementations which were retrofitted to existing CPUs. However, there are no relevant cross-thread impacts for the hardware IBRS/STIBP implementations, so this logic should not be used on Intel CPUs supporting eIBRS, or any AMD CPUs; doing so only adds unnecessary latency to the idle path. Furthermore, there's no point playing with MSR_SPEC_CTRL in the idle paths if SMT is disabled for other reasons. Fixes: 8d03080d2a33 ("x86/spec-ctrl: Cease using thunk=lfence on AMD") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné master commit: ffc7694e0c99eea158c32aa164b7d1e1bb1dc46b master date: 2022-06-30 18:07:13 +0100 --- xen/arch/x86/spec_ctrl.c | 10 ++++++++-- xen/include/asm-x86/cpufeatures.h | 2 +- xen/include/asm-x86/spec_ctrl.h | 5 +++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 099113ba41..1ed5ceda8b 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1150,8 +1150,14 @@ void __init init_speculation_mitigations(void) /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ init_shadow_spec_ctrl_state(); - /* If Xen is using any MSR_SPEC_CTRL settings, adjust the idle path. */ - if ( default_xen_spec_ctrl ) + /* + * For microcoded IBRS only (i.e. Intel, pre eIBRS), it is recommended to + * clear MSR_SPEC_CTRL before going idle, to avoid impacting sibling + * threads. Activate this if SMT is enabled, and Xen is using a non-zero + * MSR_SPEC_CTRL setting. + */ + if ( boot_cpu_has(X86_FEATURE_IBRSB) && !(caps & ARCH_CAPS_IBRS_ALL) && + hw_smt_enabled && default_xen_spec_ctrl ) setup_force_cpu_cap(X86_FEATURE_SC_MSR_IDLE); xpti_init_default(caps); diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index bd45a144ee..493d338a08 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -33,7 +33,7 @@ XEN_CPUFEATURE(SC_MSR_HVM, X86_SYNTH(17)) /* MSR_SPEC_CTRL used by Xen fo XEN_CPUFEATURE(SC_RSB_PV, X86_SYNTH(18)) /* RSB overwrite needed for PV */ XEN_CPUFEATURE(SC_RSB_HVM, X86_SYNTH(19)) /* RSB overwrite needed for HVM */ XEN_CPUFEATURE(XEN_SELFSNOOP, X86_SYNTH(20)) /* SELFSNOOP gets used by Xen itself */ -XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* (SC_MSR_PV || SC_MSR_HVM) && default_xen_spec_ctrl */ +XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on idle */ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ /* Bits 23,24 unused. */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 751355f471..7e83e0179f 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -78,7 +78,8 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) uint32_t val = 0; /* - * Branch Target Injection: + * It is recommended in some cases to clear MSR_SPEC_CTRL when going idle, + * to avoid impacting sibling threads. * * Latch the new shadow value, then enable shadowing, then update the MSR. * There are no SMP issues here; only local processor ordering concerns. @@ -114,7 +115,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) uint32_t val = info->xen_spec_ctrl; /* - * Branch Target Injection: + * Restore MSR_SPEC_CTRL on exit from idle. * * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 22:55:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 22:55:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366097.596687 (Exim 4.92) (envelope-from ) id 1oBOn9-00083l-CF; Tue, 12 Jul 2022 22:55:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366097.596687; Tue, 12 Jul 2022 22:55:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOn9-00083e-8l; Tue, 12 Jul 2022 22:55:43 +0000 Received: by outflank-mailman (input) for mailman id 366097; Tue, 12 Jul 2022 22:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOn8-00082n-OW for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOn8-0003Aq-Nb for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBOn8-0000Jc-Mu for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PTrlWoZAj9b32wMbB6cy1VMNAW4+/NK/rnRV9lmPBiI=; b=b7YzHE3wVbFMTl0fQuYZYFWDBJ tbgpOVmU6UG3PlyQGHJka5cf74hc2FN28YSPKdXF/m16t6mXosgsFNzPqahpVE8Sc1SzPu6exyjZQ Y98jtGB6WQb/cxRWVbL6qTwug75m7mAP4Mv1q5ycn3aXAKKJxUc3AmlCDlTjKVL1dc4M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint Message-Id: Date: Tue, 12 Jul 2022 22:55:42 +0000 commit db6ca8176ccc4ff7dfe3c06969af9ebfab0d7b04 Author: Andrew Cooper AuthorDate: Tue Jul 12 11:13:33 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:13:33 2022 +0200 x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint STIBP and PSFD are slightly weird bits, because they're both implied by other bits in MSR_SPEC_CTRL. Add fine grain controls for them, and take the implications into account when setting IBRS/SSBD. Rearrange the IBPB text/variables/logic to keep all the MSR_SPEC_CTRL bits together, for consistency. However, AMD have a hardware hint CPUID bit recommending that STIBP be set unilaterally. This is advertised on Zen3, so follow the recommendation. Furthermore, in such cases, set STIBP behind the guest's back for now. This has negligible overhead for the guest, but saves a WRMSR on vmentry. This is the only default change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Roger Pau Monné master commit: fef244b179c06fcdfa581f7d57fa6e578c49ff50 master date: 2022-06-30 18:07:13 +0100 --- docs/misc/xen-command-line.pandoc | 21 ++++++++++--- xen/arch/x86/hvm/svm/vmcb.c | 9 ++++++ xen/arch/x86/spec_ctrl.c | 65 +++++++++++++++++++++++++++++++++------ 3 files changed, 81 insertions(+), 14 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index a642e43476..46e9c58d35 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2234,8 +2234,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, -> l1d-flush,branch-harden,srb-lock,unpriv-mmio}= ]` +> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> eager-fpu,l1d-flush,branch-harden,srb-lock, +> unpriv-mmio}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2285,9 +2286,10 @@ On hardware supporting IBRS (Indirect Branch Restricted Speculation), the If Xen is not using IBRS itself, functionality is still set up so IBRS can be virtualised for guests. -On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` -option can be used to force (the default) or prevent Xen from issuing branch -prediction barriers on vcpu context switches. +On hardware supporting STIBP (Single Thread Indirect Branch Predictors), the +`stibp=` option can be used to force or prevent Xen using the feature itself. +By default, Xen will use STIBP when IBRS is in use (IBRS implies STIBP), and +when hardware hints recommend using it as a blanket setting. On hardware supporting SSBD (Speculative Store Bypass Disable), the `ssbd=` option can be used to force or prevent Xen using the feature itself. On AMD @@ -2295,6 +2297,15 @@ hardware, this is a global option applied at boot, and not virtualised for guest use. On Intel hardware, the feature is virtualised for guests, independently of Xen's choice of setting. +On hardware supporting PSFD (Predictive Store Forwarding Disable), the `psfd=` +option can be used to force or prevent Xen using the feature itself. By +default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by +default. + +On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` +option can be used to force (the default) or prevent Xen from issuing branch +prediction barriers on vcpu context switches. + On all hardware, the `eager-fpu=` option can be used to force or prevent Xen from using fully eager FPU context switches. This is currently implemented as a global control. By default, Xen will choose to use fully eager context diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 565e997155..ef7224eb5d 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -29,6 +29,7 @@ #include #include #include +#include struct vmcb_struct *alloc_vmcb(void) { @@ -176,6 +177,14 @@ static int construct_vmcb(struct vcpu *v) vmcb->_pause_filter_thresh = SVM_PAUSETHRESH_INIT; } + /* + * When default_xen_spec_ctrl simply SPEC_CTRL_STIBP, default this behind + * the back of the VM too. Our SMT topology isn't accurate, the overhead + * is neglegable, and doing this saves a WRMSR on the vmentry path. + */ + if ( default_xen_spec_ctrl == SPEC_CTRL_STIBP ) + v->arch.msrs->spec_ctrl.raw = SPEC_CTRL_STIBP; + return 0; } diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 1ed5ceda8b..dfdd45c358 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -48,9 +48,13 @@ static enum ind_thunk { THUNK_LFENCE, THUNK_JMP, } opt_thunk __initdata = THUNK_DEFAULT; + static int8_t __initdata opt_ibrs = -1; +int8_t __initdata opt_stibp = -1; +bool __read_mostly opt_ssbd; +int8_t __initdata opt_psfd = -1; + bool __read_mostly opt_ibpb = true; -bool __read_mostly opt_ssbd = false; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; static bool __initdata opt_branch_harden = true; @@ -172,12 +176,20 @@ static int __init parse_spec_ctrl(const char *s) else rc = -EINVAL; } + + /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) opt_ibrs = val; - else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + else if ( (val = parse_boolean("stibp", s, ss)) >= 0 ) + opt_stibp = val; else if ( (val = parse_boolean("ssbd", s, ss)) >= 0 ) opt_ssbd = val; + else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) + opt_psfd = val; + + /* Misc settings. */ + else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) + opt_ibpb = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -376,7 +388,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -390,6 +402,9 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (!boot_cpu_has(X86_FEATURE_SSBD) && !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", + (!boot_cpu_has(X86_FEATURE_PSFD) && + !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -979,10 +994,7 @@ void __init init_speculation_mitigations(void) if ( !has_spec_ctrl ) printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); else if ( opt_ibrs == -1 ) - { opt_ibrs = ibrs = true; - default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; - } if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) thunk = THUNK_JMP; @@ -1086,14 +1098,49 @@ void __init init_speculation_mitigations(void) setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - /* If we have IBRS available, see whether we should use it. */ + /* Figure out default_xen_spec_ctrl. */ if ( has_spec_ctrl && ibrs ) + { + /* IBRS implies STIBP. */ + if ( opt_stibp == -1 ) + opt_stibp = 1; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + } + + /* + * Use STIBP by default if the hardware hint is set. Otherwise, leave it + * off as it a severe performance pentalty on pre-eIBRS Intel hardware + * where it was retrofitted in microcode. + */ + if ( opt_stibp == -1 ) + opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + + if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || + boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) + default_xen_spec_ctrl |= SPEC_CTRL_STIBP; - /* If we have SSBD available, see whether we should use it. */ if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) + { + /* SSBD implies PSFD */ + if ( opt_psfd == -1 ) + opt_psfd = 1; + default_xen_spec_ctrl |= SPEC_CTRL_SSBD; + } + + /* + * Don't use PSFD by default. AMD designed the predictor to + * auto-clear on privilege change. PSFD is implied by SSBD, which is + * off by default. + */ + if ( opt_psfd == -1 ) + opt_psfd = 0; + + if ( opt_psfd && (boot_cpu_has(X86_FEATURE_PSFD) || + boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ) + default_xen_spec_ctrl |= SPEC_CTRL_PSFD; /* * PV guests can create RSB entries for any linear address they control, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 22:55:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 22:55:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366098.596691 (Exim 4.92) (envelope-from ) id 1oBOnJ-00087O-DF; Tue, 12 Jul 2022 22:55:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366098.596691; Tue, 12 Jul 2022 22:55:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOnJ-00087G-AW; Tue, 12 Jul 2022 22:55:53 +0000 Received: by outflank-mailman (input) for mailman id 366098; Tue, 12 Jul 2022 22:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOnI-000879-RQ for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOnI-0003B0-Qd for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBOnI-0000K1-Pv for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1yM6CGIqcQ3XmJltctLxm9JskilUDRFuNIFDm561O0E=; b=6XIKWoxbEPWiY6HyfFNiJAzZBx 876RdwDUzfdUGXDvpQA4DcvQKj4XRP/VJE3ByNhrmTQGaOfFJxtN0FtVWidLNxdA7l1flbj6St1GY 0ph7A6nPuzZwWJtIhInwQzzjn8oh7USlVm2Z/v5V5vCmomHv5/A8U39Yl2eBAryRVSeY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] libxc: fix compilation error with gcc13 Message-Id: Date: Tue, 12 Jul 2022 22:55:52 +0000 commit cd3d6b4cd46cd05590805b4a6c0b6654af60106e Author: Charles Arnold AuthorDate: Tue Jul 12 11:14:07 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:14:07 2022 +0200 libxc: fix compilation error with gcc13 xc_psr.c:161:5: error: conflicting types for 'xc_psr_cmt_get_data' due to enum/integer mismatch; Signed-off-by: Charles Arnold Reviewed-by: Jan Beulich Acked-by: Anthony PERARD master commit: 8eeae8c2b4efefda8e946461e86cf2ae9c18e5a9 master date: 2022-07-06 13:06:40 +0200 --- tools/include/xenctrl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index 07b96e6671..893ae39e4a 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -2516,7 +2516,7 @@ int xc_psr_cmt_get_l3_event_mask(xc_interface *xch, uint32_t *event_mask); int xc_psr_cmt_get_l3_cache_size(xc_interface *xch, uint32_t cpu, uint32_t *l3_cache_size); int xc_psr_cmt_get_data(xc_interface *xch, uint32_t rmid, uint32_t cpu, - uint32_t psr_cmt_type, uint64_t *monitor_data, + xc_psr_cmt_type type, uint64_t *monitor_data, uint64_t *tsc); int xc_psr_cmt_enabled(xc_interface *xch); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 22:56:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 22:56:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366099.596695 (Exim 4.92) (envelope-from ) id 1oBOnT-0008Ar-F5; Tue, 12 Jul 2022 22:56:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366099.596695; Tue, 12 Jul 2022 22:56:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOnT-0008Aj-C9; Tue, 12 Jul 2022 22:56:03 +0000 Received: by outflank-mailman (input) for mailman id 366099; Tue, 12 Jul 2022 22:56:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOnS-0008Ab-UU for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOnS-0003BQ-Te for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBOnS-0000Kj-St for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PCcQs4qXa9PMqM+KseU+S4TctXIcV37fJ114bK5dW9U=; b=TkK7OaD1F6h5OfL6cayKoPLY7K N6iLxn6vllI5lNWvTTpnwT7VpszPKakYjObZ0myTwuVNDa6+oFOWeC3DlB+nYyqfF/D4k2CJf9fA7 1r/wPDFc1IaHrH0nb0jIQllA74WJdezJa4KsnpOc/D4d1t48H0KVWI5QuOXH5xP/oRmA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option Message-Id: Date: Tue, 12 Jul 2022 22:56:02 +0000 commit 61b9c2ceeb94b0cdaff01023cc5523b1f13e66e2 Author: Andrew Cooper AuthorDate: Tue Jul 12 11:14:34 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:14:34 2022 +0200 x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option This was an oversight from when unpriv-mmio was introduced. Fixes: 8c24b70fedcb ("x86/spec-ctrl: Add spec-ctrl=unpriv-mmio") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 4cdb519d797c19ebb8fadc5938cdb47479d5a21b master date: 2022-07-11 15:21:35 +0100 --- xen/arch/x86/spec_ctrl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index dfdd45c358..ae74943c10 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -122,6 +122,7 @@ static int __init parse_spec_ctrl(const char *s) opt_l1d_flush = 0; opt_branch_harden = false; opt_srb_lock = 0; + opt_unpriv_mmio = false; } else if ( val > 0 ) rc = -EINVAL; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 22:56:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 22:56:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366100.596700 (Exim 4.92) (envelope-from ) id 1oBOnd-0008EM-I4; Tue, 12 Jul 2022 22:56:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366100.596700; Tue, 12 Jul 2022 22:56:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOnd-0008EE-FF; Tue, 12 Jul 2022 22:56:13 +0000 Received: by outflank-mailman (input) for mailman id 366100; Tue, 12 Jul 2022 22:56:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOnd-0008E3-1L for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOnd-0003BU-0P for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBOnc-0000L8-Vt for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7oh3D+qKsDf6G4A71beLIlSL0EeybcmiHKwHJlCBI28=; b=u6KtAIRHoZv1FNwCK7TvVb4yCC 36lqjsXUrDFfDFKCExE0Yc/rBcxPSyR3ovZOV3oHL7NOdxtBnc1j++bXRl/Ms2qwkBMYbAHB+vLWc P0BZxUu/FZcfIw+p7BS9Iumuy8Hvo+iG9djXdLx2sr2WdrwdUa51FhqYzc+lU6QIQMaU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xen/cmdline: Extend parse_boolean() to signal a name match Message-Id: Date: Tue, 12 Jul 2022 22:56:12 +0000 commit eec5b02403a9df2523527caad24f17af5060fbe7 Author: Andrew Cooper AuthorDate: Tue Jul 12 11:15:03 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:15:03 2022 +0200 xen/cmdline: Extend parse_boolean() to signal a name match This will help parsing a sub-option which has boolean and non-boolean options available. First, rework 'int val' into 'bool has_neg_prefix'. This inverts it's value, but the resulting logic is far easier to follow. Second, reject anything of the form 'no-$FOO=' which excludes ambiguous constructs such as 'no-$foo=yes' which have never been valid. This just leaves the case where everything is otherwise fine, but parse_bool() can't interpret the provided string. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross Reviewed-by: Jan Beulich master commit: 382326cac528dd1eb0d04efd5c05363c453e29f4 master date: 2022-07-11 15:21:35 +0100 --- xen/common/kernel.c | 20 ++++++++++++++++---- xen/include/xen/lib.h | 3 ++- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index e119e5401f..7ed96521f9 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -272,9 +272,9 @@ int parse_bool(const char *s, const char *e) int parse_boolean(const char *name, const char *s, const char *e) { size_t slen, nlen; - int val = !!strncmp(s, "no-", 3); + bool has_neg_prefix = !strncmp(s, "no-", 3); - if ( !val ) + if ( has_neg_prefix ) s += 3; slen = e ? ({ ASSERT(e >= s); e - s; }) : strlen(s); @@ -286,11 +286,23 @@ int parse_boolean(const char *name, const char *s, const char *e) /* Exact, unadorned name? Result depends on the 'no-' prefix. */ if ( slen == nlen ) - return val; + return !has_neg_prefix; + + /* Inexact match with a 'no-' prefix? Not valid. */ + if ( has_neg_prefix ) + return -1; /* =$SOMETHING? Defer to the regular boolean parsing. */ if ( s[nlen] == '=' ) - return parse_bool(&s[nlen + 1], e); + { + int b = parse_bool(&s[nlen + 1], e); + + if ( b >= 0 ) + return b; + + /* Not a boolean, but the name matched. Signal specially. */ + return -2; + } /* Unrecognised. Give up. */ return -1; diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index c6987973bf..2296044caf 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -80,7 +80,8 @@ int parse_bool(const char *s, const char *e); /** * Given a specific name, parses a string of the form: * [no-]$NAME[=...] - * returning 0 or 1 for a recognised boolean, or -1 for an error. + * returning 0 or 1 for a recognised boolean. Returns -1 for general errors, + * and -2 for "not a boolean, but $NAME= matches". */ int parse_boolean(const char *name, const char *s, const char *e); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 22:56:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 22:56:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366101.596703 (Exim 4.92) (envelope-from ) id 1oBOno-0008Gx-JS; Tue, 12 Jul 2022 22:56:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366101.596703; Tue, 12 Jul 2022 22:56:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOno-0008Gp-Gj; Tue, 12 Jul 2022 22:56:24 +0000 Received: by outflank-mailman (input) for mailman id 366101; Tue, 12 Jul 2022 22:56:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOnn-0008Gf-4R for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOnn-0003Bf-3Z for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBOnn-0000Lh-2p for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GXeHkjASKF38Dqk2ErXmdndm6UqQQibs854lJ3J/Am0=; b=f9ONA0NQd8LLwhPFYGln+Cut2X kE0erGo++IwZWlycvKwxGk8fYmKg3uk0KRNmeO39lABQG2qjHBGn25ec+aWmGF17CC+77prj6WpPr PyNBRy7NU7nz52dlfp3ULytFL5nYqRTwUyhIoOWAjOfeVB49wlWjERyjDTqdIvbW68hw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Message-Id: Date: Tue, 12 Jul 2022 22:56:23 +0000 commit f066c8bb3e5686141cef6fa1dc86ea9f37c5388a Author: Andrew Cooper AuthorDate: Tue Jul 12 11:15:37 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:15:37 2022 +0200 x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Support controling the PV/HVM suboption of msr-sc/rsb/md-clear, which previously wasn't possible. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 27357c394ba6e1571a89105b840ce1c6f026485c master date: 2022-07-11 15:21:35 +0100 --- docs/misc/xen-command-line.pandoc | 12 +++++-- xen/arch/x86/spec_ctrl.c | 66 +++++++++++++++++++++++++++++++++------ 2 files changed, 66 insertions(+), 12 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 46e9c58d35..1bbdb55129 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2233,7 +2233,8 @@ not be able to control the state of the mitigation. By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) -> `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, +> `= List of [ , xen=, {pv,hvm}=, +> {msr-sc,rsb,md-clear}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2258,12 +2259,17 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The booleans `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` offer fine +The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and Xen's ability to virtualise support for guests to use. +protect itself, and/or Xen's ability to virtualise support for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. +* Each other option can be used either as a plain boolean + (e.g. `spec-ctrl=rsb` to control both the PV and HVM sub-options), or with + `pv=` or `hvm=` subsuboptions (e.g. `spec-ctrl=rsb=no-hvm` to disable HVM + RSB only). + * `msr-sc=` offers control over Xen's support for manipulating `MSR_SPEC_CTRL` on entry and exit. These blocks are necessary to virtualise support for guests and if disabled, guests will be unable to use IBRS/STIBP/SSBD/etc. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ae74943c10..9507e5da60 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -147,20 +147,68 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_md_clear_hvm = val; } - else if ( (val = parse_boolean("msr-sc", s, ss)) >= 0 ) + else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { - opt_msr_sc_pv = val; - opt_msr_sc_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_msr_sc_pv = opt_msr_sc_hvm = val; + break; + + case -2: + s += strlen("msr-sc="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_msr_sc_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_msr_sc_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("rsb", s, ss)) >= 0 ) + else if ( (val = parse_boolean("rsb", s, ss)) != -1 ) { - opt_rsb_pv = val; - opt_rsb_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_rsb_pv = opt_rsb_hvm = val; + break; + + case -2: + s += strlen("rsb="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_rsb_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_rsb_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("md-clear", s, ss)) >= 0 ) + else if ( (val = parse_boolean("md-clear", s, ss)) != -1 ) { - opt_md_clear_pv = val; - opt_md_clear_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_md_clear_pv = opt_md_clear_hvm = val; + break; + + case -2: + s += strlen("md-clear="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_md_clear_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_md_clear_hvm = val; + else + default: + rc = -EINVAL; + break; + } } /* Xen's speculative sidechannel mitigation settings. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 22:56:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 22:56:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366102.596707 (Exim 4.92) (envelope-from ) id 1oBOny-0008So-Ks; Tue, 12 Jul 2022 22:56:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366102.596707; Tue, 12 Jul 2022 22:56:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOny-0008Sg-IB; Tue, 12 Jul 2022 22:56:34 +0000 Received: by outflank-mailman (input) for mailman id 366102; Tue, 12 Jul 2022 22:56:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOnx-0008SV-76 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOnx-0003Bs-6H for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBOnx-0000M8-5f for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yz9w75Tduvw5+IZMMfvtjupFfNAI9S10oMlwgXK+jHY=; b=3HmNhukta8pqRYOvbWTuDkJ9lG gshgLUwsK0+ys6HsWSjiuDTkW5ut1zSjZgLfLJNVwvK43KguCAGbpWG669EL9idxLpRd3atspQIlX BtdiqPTpKj8aWnWkAmXyl8pq+C21LJmr3kT5qW5h9c5kySBvrWlE35Xdn73IZ7OHJ5i0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] tools/helpers: fix build of xen-init-dom0 with -Werror Message-Id: Date: Tue, 12 Jul 2022 22:56:33 +0000 commit 14fd97e3de939a63a6e467f240efb49fe226a5dc Author: Anthony PERARD AuthorDate: Tue Jul 12 11:16:10 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:16:10 2022 +0200 tools/helpers: fix build of xen-init-dom0 with -Werror Missing prototype of asprintf() without _GNU_SOURCE. Signed-off-by: Anthony PERARD Reviewed-by: Henry Wang master commit: d693b22733044d68e9974766b5c9e6259c9b1708 master date: 2022-07-12 08:38:35 +0200 --- tools/helpers/xen-init-dom0.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/helpers/xen-init-dom0.c b/tools/helpers/xen-init-dom0.c index c99224a4b6..b4861c9e80 100644 --- a/tools/helpers/xen-init-dom0.c +++ b/tools/helpers/xen-init-dom0.c @@ -1,3 +1,5 @@ +#define _GNU_SOURCE + #include #include #include -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 12 22:56:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Jul 2022 22:56:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366103.596711 (Exim 4.92) (envelope-from ) id 1oBOo8-0008VY-Mb; Tue, 12 Jul 2022 22:56:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366103.596711; Tue, 12 Jul 2022 22:56:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOo8-0008VR-Je; Tue, 12 Jul 2022 22:56:44 +0000 Received: by outflank-mailman (input) for mailman id 366103; Tue, 12 Jul 2022 22:56:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOo7-0008VI-A4 for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBOo7-0003CL-9E for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBOo7-0000MZ-8U for xen-changelog@lists.xenproject.org; Tue, 12 Jul 2022 22:56:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NA2MbD+ptZnAYg/n+MnEb9TAmXwQnOr5ibzEcIPDbck=; b=AV4FNN7WEM7e+SBFlFBGMA154C HhGupjz/4ZD1YUoaO3E46DC7eRVV9lPXHDllTQmTfCbLS4l1ORVWnRWV6fX3e9QZQdWCdTotyuDIG M7PY49wEx8zvJxTlVJUCS5mgRQp5Uopke1Mtox92VnnZJnt7Eor7iISDi7CBhJzwDxns=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] libxl: check return value of libxl__xs_directory in name2bdf Message-Id: Date: Tue, 12 Jul 2022 22:56:43 +0000 commit 744accad1b73223b3261e3e678e16e030d83b179 Author: Anthony PERARD AuthorDate: Tue Jul 12 11:16:30 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:16:30 2022 +0200 libxl: check return value of libxl__xs_directory in name2bdf libxl__xs_directory() can potentially return NULL without setting `n`. As `n` isn't initialised, we need to check libxl__xs_directory() return value before checking `n`. Otherwise, `n` might be non-zero with `bdfs` NULL which would lead to a segv. Fixes: 57bff091f4 ("libxl: add 'name' field to 'libxl_device_pci' in the IDL...") Reported-by: "G.R." Signed-off-by: Anthony PERARD Reviewed-by: Juergen Gross Tested-by: "G.R." master commit: d778089ac70e5b8e3bdea0c85fc8c0b9ed0eaf2f master date: 2022-07-12 08:38:51 +0200 --- tools/libs/light/libxl_pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_pci.c b/tools/libs/light/libxl_pci.c index 4bbbfe9f16..ce3bf7c0ae 100644 --- a/tools/libs/light/libxl_pci.c +++ b/tools/libs/light/libxl_pci.c @@ -859,7 +859,7 @@ static int name2bdf(libxl__gc *gc, libxl_device_pci *pci) int rc = ERROR_NOTFOUND; bdfs = libxl__xs_directory(gc, XBT_NULL, PCI_INFO_PATH, &n); - if (!n) + if (!bdfs || !n) goto out; for (i = 0; i < n; i++) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 00:00:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 00:00:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366113.596726 (Exim 4.92) (envelope-from ) id 1oBPnP-0007dQ-Fr; Wed, 13 Jul 2022 00:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366113.596726; Wed, 13 Jul 2022 00:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPnP-0007dI-AV; Wed, 13 Jul 2022 00:00:03 +0000 Received: by outflank-mailman (input) for mailman id 366113; Wed, 13 Jul 2022 00:00:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPnN-000786-S1 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPnN-0004Uz-JE for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBPnN-0003ZR-Hs for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=i8AE8wBm/HcSoi1hAh6QsbUCjk9zsjTSo5n9i106C3M=; b=ZwnM/0eHq/16MZ4hq++HyWxiUb aeKSh6C6CxCi07W/PrIEfecvRyLd6wl2q7jOhh6vxxjgh+IzgYQuuyXU7r2NaaZT8H9krlq55FT4l 0v9AbN8NfsrRFMordzrxgVKlUINdx4HZIHPsS2MlAsoYrjEx+CVPUY/r1MgtKS1eIaD0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] build: fix exported variable name CFLAGS_stack_boundary Message-Id: Date: Wed, 13 Jul 2022 00:00:01 +0000 commit f6e26ce7d9317abc41130ead6dc2443a7e2dde00 Author: Anthony PERARD AuthorDate: Tue Jul 12 11:20:46 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:20:46 2022 +0200 build: fix exported variable name CFLAGS_stack_boundary Exporting a variable with a dash doesn't work reliably, they may be striped from the environment when calling a sub-make or sub-shell. CFLAGS-stack-boundary start to be removed from env in patch "build: set ALL_OBJS in main Makefile; move prelink.o to main Makefile" when running `make "ALL_OBJS=.."` due to the addition of the quote. At least in my empirical tests. Fixes: 2740d96efd ("xen/build: have the root Makefile generates the CFLAGS") Signed-off-by: Anthony PERARD Acked-by: Jan Beulich master commit: aa390d513a67a6ec0a069eea7478e5ecd54a7ea6 master date: 2022-01-28 11:44:33 +0100 --- xen/arch/x86/Rules.mk | 4 ++-- xen/arch/x86/arch.mk | 4 ++-- xen/arch/x86/efi/Makefile | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/Rules.mk b/xen/arch/x86/Rules.mk index 56fe22c979..7aef93f5f3 100644 --- a/xen/arch/x86/Rules.mk +++ b/xen/arch/x86/Rules.mk @@ -6,5 +6,5 @@ object_label_flags = '-D__OBJECT_LABEL__=$(subst $(BASEDIR)/,,$(CURDIR))/$@' else object_label_flags = '-D__OBJECT_LABEL__=$(subst /,$$,$(subst -,_,$(subst $(BASEDIR)/,,$(CURDIR))/$@))' endif -c_flags += $(object_label_flags) $(CFLAGS-stack-boundary) -a_flags += $(object_label_flags) $(CFLAGS-stack-boundary) +c_flags += $(object_label_flags) $(CFLAGS_stack_boundary) +a_flags += $(object_label_flags) $(CFLAGS_stack_boundary) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 033048ab6b..456e5d5c1a 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -57,8 +57,8 @@ endif # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. -$(call cc-option-add,CFLAGS-stack-boundary,CC,-mpreferred-stack-boundary=3) -export CFLAGS-stack-boundary +$(call cc-option-add,CFLAGS_stack_boundary,CC,-mpreferred-stack-boundary=3) +export CFLAGS_stack_boundary ifeq ($(CONFIG_UBSAN),y) # Don't enable alignment sanitisation. x86 has efficient unaligned accesses, diff --git a/xen/arch/x86/efi/Makefile b/xen/arch/x86/efi/Makefile index e857c0f2cc..a5b2041f9b 100644 --- a/xen/arch/x86/efi/Makefile +++ b/xen/arch/x86/efi/Makefile @@ -11,7 +11,7 @@ boot.init.o: buildid.o EFIOBJ := boot.init.o pe.init.o ebmalloc.o compat.o runtime.o $(call cc-option-add,cflags-stack-boundary,CC,-mpreferred-stack-boundary=4) -$(EFIOBJ): CFLAGS-stack-boundary := $(cflags-stack-boundary) +$(EFIOBJ): CFLAGS_stack_boundary := $(cflags-stack-boundary) obj-y := stub.o obj-$(XEN_BUILD_EFI) := $(filter-out %.init.o,$(EFIOBJ)) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 00:00:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 00:00:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366114.596730 (Exim 4.92) (envelope-from ) id 1oBPna-0008MN-Gl; Wed, 13 Jul 2022 00:00:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366114.596730; Wed, 13 Jul 2022 00:00:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPna-0008MG-E3; Wed, 13 Jul 2022 00:00:14 +0000 Received: by outflank-mailman (input) for mailman id 366114; Wed, 13 Jul 2022 00:00:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPnZ-0008M8-00 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPnX-00056i-MN for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBPnX-0003cT-LU for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O5aFbhr+O+nOgAL1blZ87e9E4nIFaFJsBcrSYXE+FIA=; b=a7FJzUuMSqZTibAiIasKIG1N15 hU3eYNVzIHqURGs7LYgpRgzlosoWXChn+IkiaZTcx+j6DIaImZxLSO1oaxN7kxmJkj3BoKma8kpTh B85yLJ97liywbuHhoizNb7ntzgesOACjvpAmMfYJmtH8iPB08KhqdpoE+rMvj760J/3c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] IOMMU/x86: work around bogus gcc12 warning in hvm_gsi_eoi() Message-Id: Date: Wed, 13 Jul 2022 00:00:11 +0000 commit b89b932cfe86556c5de4ad56702aed83142e22a3 Author: Jan Beulich AuthorDate: Tue Jul 12 11:21:14 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:21:14 2022 +0200 IOMMU/x86: work around bogus gcc12 warning in hvm_gsi_eoi() As per [1] the expansion of the pirq_dpci() macro causes a -Waddress controlled warning (enabled implicitly in our builds, if not by default) tying the middle part of the involved conditional expression to the surrounding boolean context. Work around this by introducing a local inline function in the affected source file. Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102967 master commit: 80ad8db8a4d9bb24952f0aea788ce6f47566fa76 master date: 2022-06-15 10:19:32 +0200 --- xen/drivers/passthrough/x86/hvm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c index 9544f3234e..50865eec2c 100644 --- a/xen/drivers/passthrough/x86/hvm.c +++ b/xen/drivers/passthrough/x86/hvm.c @@ -25,6 +25,18 @@ #include #include +/* + * Gcc12 takes issue with pirq_dpci() being used in boolean context (see gcc + * bug 102967). While we can't replace the macro definition in the header by an + * inline function, we can do so here. + */ +static inline struct hvm_pirq_dpci *_pirq_dpci(struct pirq *pirq) +{ + return pirq_dpci(pirq); +} +#undef pirq_dpci +#define pirq_dpci(pirq) _pirq_dpci(pirq) + static DEFINE_PER_CPU(struct list_head, dpci_list); /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 00:00:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 00:00:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366115.596733 (Exim 4.92) (envelope-from ) id 1oBPni-0008Os-I6; Wed, 13 Jul 2022 00:00:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366115.596733; Wed, 13 Jul 2022 00:00:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPni-0008Ol-FZ; Wed, 13 Jul 2022 00:00:22 +0000 Received: by outflank-mailman (input) for mailman id 366115; Wed, 13 Jul 2022 00:00:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPnh-0008Od-R6 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPnh-00057C-QB for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBPnh-0003dA-OX for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=D4W6v9j550KzRSi5XGqw5luvWItGSZD4TQcqq4vgglA=; b=CrYboZMyvHlyYsWUNJeBuSHz3o W6N7aDWnvXXGAXck625PkhnTnakrE2e7fhWPENczVu3TJ8r19cxK+K4wATCSoCK/gBDuItLY75Gw2 b5+LUykX3U4OxFevreh9BuyL0/2lLy4cbWO39iM+v8ThabyXglGUTLp6SAHhjoy/siso=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] ehci-dbgp: fix selecting n-th ehci controller Message-Id: Date: Wed, 13 Jul 2022 00:00:21 +0000 commit b53df5b4341fa97614ad064a7c8e781c88b6ed71 Author: Marek Marczykowski-Górecki AuthorDate: Tue Jul 12 11:22:09 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:22:09 2022 +0200 ehci-dbgp: fix selecting n-th ehci controller The ehci number was parsed but ignored. Fixes: 322ecbe4ac85 ("console: add EHCI debug port based serial console") Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich master commit: d6d0cb659fda64430d4649f8680c5cead32da8fd master date: 2022-06-16 14:23:37 +0100 --- xen/drivers/char/ehci-dbgp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/char/ehci-dbgp.c b/xen/drivers/char/ehci-dbgp.c index c893d246de..66b4811af2 100644 --- a/xen/drivers/char/ehci-dbgp.c +++ b/xen/drivers/char/ehci-dbgp.c @@ -1478,7 +1478,7 @@ void __init ehci_dbgp_init(void) unsigned int num = 0; if ( opt_dbgp[4] ) - simple_strtoul(opt_dbgp + 4, &e, 10); + num = simple_strtoul(opt_dbgp + 4, &e, 10); dbgp->cap = find_dbgp(dbgp, num); if ( !dbgp->cap ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 00:00:32 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 00:00:32 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366116.596738 (Exim 4.92) (envelope-from ) id 1oBPns-0008SH-LF; Wed, 13 Jul 2022 00:00:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366116.596738; Wed, 13 Jul 2022 00:00:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPns-0008S9-Ie; Wed, 13 Jul 2022 00:00:32 +0000 Received: by outflank-mailman (input) for mailman id 366116; Wed, 13 Jul 2022 00:00:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPnr-0008S3-UD for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPnr-00058w-TM for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBPnr-0003dc-SV for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=B9irhgXh0njfnxHMF1GAsbb4XmPdFYTDI1vxi60VSpw=; b=TNGniNzgN3Fl4S3GJXSFmC25zE WJYyks1pC4yvOfU5QZere5pVneabXT6ZvuVqeW+ZJ5nWICuuHdXrug5FGHrQ8XY84lzzmoENRNNhA e+fNp4TF2sgc/cpjsSpIFoi0OWFBv9ijM8aKPIGY7j/p+YNTGyYlTgDGYH0aUdHmYVtU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] tools/xenstored: Harden corrupt() Message-Id: Date: Wed, 13 Jul 2022 00:00:31 +0000 commit 7fe638c28fa693d8bb8f9419de1220d4359a1b2d Author: Julien Grall AuthorDate: Tue Jul 12 11:23:01 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:23:01 2022 +0200 tools/xenstored: Harden corrupt() At the moment, corrupt() is neither checking for allocation failure nor freeing the allocated memory. Harden the code by printing ENOMEM if the allocation failed and free 'str' after the last use. This is not considered to be a security issue because corrupt() should only be called when Xenstored thinks the database is corrupted. Note that the trigger (i.e. a guest reliably provoking the call) would be a security issue. Fixes: 06d17943f0cd ("Added a basic integrity checker, and some basic ability to recover from store") Signed-off-by: Julien Grall Reviewed-by: Juergen Gross master commit: db3382dd4f468c763512d6bf91c96773395058fb master date: 2022-06-23 13:44:10 +0100 --- tools/xenstore/xenstored_core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c index 8033c1e0eb..9172dd7671 100644 --- a/tools/xenstore/xenstored_core.c +++ b/tools/xenstore/xenstored_core.c @@ -1988,7 +1988,10 @@ void corrupt(struct connection *conn, const char *fmt, ...) va_end(arglist); log("corruption detected by connection %i: err %s: %s", - conn ? (int)conn->id : -1, strerror(saved_errno), str); + conn ? (int)conn->id : -1, strerror(saved_errno), + str ?: "ENOMEM"); + + talloc_free(str); check_store(); } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 00:00:42 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 00:00:42 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366117.596743 (Exim 4.92) (envelope-from ) id 1oBPo2-0008Ul-N9; Wed, 13 Jul 2022 00:00:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366117.596743; Wed, 13 Jul 2022 00:00:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPo2-0008Ud-KD; Wed, 13 Jul 2022 00:00:42 +0000 Received: by outflank-mailman (input) for mailman id 366117; Wed, 13 Jul 2022 00:00:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPo2-0008UW-0w for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPo2-00059P-01 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBPo1-0003e3-Ve for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=t5NCB1Qiyp92NcpyunByTR8/dJsoGZhnzXdSTR8QozQ=; b=ZNFhIBCDWyahzIHTKCXZzz/30f 8TWEiahjbxkAuhvjEivoKcA4+vRLvpcvYie0kcwcIV7uRd211OEsSMakl9Yvk4Y3Tivp+vvvE1GCC I58hmKP0/3zzgAamwVXKwgGL3yLgq7/sP6rXl5X8pVZSedProj0War3qX4WNYyeAINqc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Message-Id: Date: Wed, 13 Jul 2022 00:00:41 +0000 commit 799a8d49237a62ea0d33c3756a6a7f665b8389b2 Author: Andrew Cooper AuthorDate: Tue Jul 12 11:23:32 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:23:32 2022 +0200 x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Back at the time of the original Spectre-v2 fixes, it was recommended to clear MSR_SPEC_CTRL when going idle. This is because of the side effects on the sibling thread caused by the microcode IBRS and STIBP implementations which were retrofitted to existing CPUs. However, there are no relevant cross-thread impacts for the hardware IBRS/STIBP implementations, so this logic should not be used on Intel CPUs supporting eIBRS, or any AMD CPUs; doing so only adds unnecessary latency to the idle path. Furthermore, there's no point playing with MSR_SPEC_CTRL in the idle paths if SMT is disabled for other reasons. Fixes: 8d03080d2a33 ("x86/spec-ctrl: Cease using thunk=lfence on AMD") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné master commit: ffc7694e0c99eea158c32aa164b7d1e1bb1dc46b master date: 2022-06-30 18:07:13 +0100 --- xen/arch/x86/spec_ctrl.c | 10 ++++++++-- xen/include/asm-x86/cpufeatures.h | 2 +- xen/include/asm-x86/spec_ctrl.h | 5 +++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 83b856fa91..eb7fb70e86 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1103,8 +1103,14 @@ void __init init_speculation_mitigations(void) /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ init_shadow_spec_ctrl_state(); - /* If Xen is using any MSR_SPEC_CTRL settings, adjust the idle path. */ - if ( default_xen_spec_ctrl ) + /* + * For microcoded IBRS only (i.e. Intel, pre eIBRS), it is recommended to + * clear MSR_SPEC_CTRL before going idle, to avoid impacting sibling + * threads. Activate this if SMT is enabled, and Xen is using a non-zero + * MSR_SPEC_CTRL setting. + */ + if ( boot_cpu_has(X86_FEATURE_IBRSB) && !(caps & ARCH_CAPS_IBRS_ALL) && + hw_smt_enabled && default_xen_spec_ctrl ) setup_force_cpu_cap(X86_FEATURE_SC_MSR_IDLE); xpti_init_default(caps); diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 9eaab7a2a1..f7488d3ccb 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -33,7 +33,7 @@ XEN_CPUFEATURE(SC_MSR_HVM, X86_SYNTH(17)) /* MSR_SPEC_CTRL used by Xen fo XEN_CPUFEATURE(SC_RSB_PV, X86_SYNTH(18)) /* RSB overwrite needed for PV */ XEN_CPUFEATURE(SC_RSB_HVM, X86_SYNTH(19)) /* RSB overwrite needed for HVM */ XEN_CPUFEATURE(XEN_SELFSNOOP, X86_SYNTH(20)) /* SELFSNOOP gets used by Xen itself */ -XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* (SC_MSR_PV || SC_MSR_HVM) && default_xen_spec_ctrl */ +XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on idle */ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ /* Bits 23,24 unused. */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 68f6c46c47..12283573cd 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -78,7 +78,8 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) uint32_t val = 0; /* - * Branch Target Injection: + * It is recommended in some cases to clear MSR_SPEC_CTRL when going idle, + * to avoid impacting sibling threads. * * Latch the new shadow value, then enable shadowing, then update the MSR. * There are no SMP issues here; only local processor ordering concerns. @@ -114,7 +115,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) uint32_t val = info->xen_spec_ctrl; /* - * Branch Target Injection: + * Restore MSR_SPEC_CTRL on exit from idle. * * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 00:00:52 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 00:00:52 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366118.596746 (Exim 4.92) (envelope-from ) id 1oBPoC-00007F-OX; Wed, 13 Jul 2022 00:00:52 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366118.596746; Wed, 13 Jul 2022 00:00:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPoC-000077-Lr; Wed, 13 Jul 2022 00:00:52 +0000 Received: by outflank-mailman (input) for mailman id 366118; Wed, 13 Jul 2022 00:00:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPoC-00006x-4G for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPoC-00059b-3H for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBPoC-0003eS-2Q for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:00:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EEoeY+m6O4FNXqBl+SX7wEizz0Atg35FPjbzi1DEINU=; b=4MLz8rHuh1RCNqPt4gmA0UCAjb xFkXkFW0iQC5Jr6kzprG2Aah/4Z3eROufN7u5IlnoYx0M9w360/ibaYdQR56K0xp3Ga/92yahUs0J TJ1SrhRfNIy/V2wcLM7+wqE5N5MyAln6KkZgMrj4CsSe89YO3IB4N/8b/+V+Q0BB1jaE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint Message-Id: Date: Wed, 13 Jul 2022 00:00:52 +0000 commit cd5081e8c31651e623d86532306b4c56bbcb6e6d Author: Andrew Cooper AuthorDate: Tue Jul 12 11:24:11 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:24:11 2022 +0200 x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint STIBP and PSFD are slightly weird bits, because they're both implied by other bits in MSR_SPEC_CTRL. Add fine grain controls for them, and take the implications into account when setting IBRS/SSBD. Rearrange the IBPB text/variables/logic to keep all the MSR_SPEC_CTRL bits together, for consistency. However, AMD have a hardware hint CPUID bit recommending that STIBP be set unilaterally. This is advertised on Zen3, so follow the recommendation. Furthermore, in such cases, set STIBP behind the guest's back for now. This has negligible overhead for the guest, but saves a WRMSR on vmentry. This is the only default change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Roger Pau Monné master commit: fef244b179c06fcdfa581f7d57fa6e578c49ff50 master date: 2022-06-30 18:07:13 +0100 --- docs/misc/xen-command-line.pandoc | 21 ++++++++++--- xen/arch/x86/hvm/svm/vmcb.c | 9 ++++++ xen/arch/x86/spec_ctrl.c | 65 +++++++++++++++++++++++++++++++++------ 3 files changed, 81 insertions(+), 14 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index e17a835ed2..1db3da9ef7 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2170,8 +2170,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, -> l1d-flush,branch-harden,srb-lock,unpriv-mmio}= ]` +> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> eager-fpu,l1d-flush,branch-harden,srb-lock, +> unpriv-mmio}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2221,9 +2222,10 @@ On hardware supporting IBRS (Indirect Branch Restricted Speculation), the If Xen is not using IBRS itself, functionality is still set up so IBRS can be virtualised for guests. -On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` -option can be used to force (the default) or prevent Xen from issuing branch -prediction barriers on vcpu context switches. +On hardware supporting STIBP (Single Thread Indirect Branch Predictors), the +`stibp=` option can be used to force or prevent Xen using the feature itself. +By default, Xen will use STIBP when IBRS is in use (IBRS implies STIBP), and +when hardware hints recommend using it as a blanket setting. On hardware supporting SSBD (Speculative Store Bypass Disable), the `ssbd=` option can be used to force or prevent Xen using the feature itself. On AMD @@ -2231,6 +2233,15 @@ hardware, this is a global option applied at boot, and not virtualised for guest use. On Intel hardware, the feature is virtualised for guests, independently of Xen's choice of setting. +On hardware supporting PSFD (Predictive Store Forwarding Disable), the `psfd=` +option can be used to force or prevent Xen using the feature itself. By +default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by +default. + +On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` +option can be used to force (the default) or prevent Xen from issuing branch +prediction barriers on vcpu context switches. + On all hardware, the `eager-fpu=` option can be used to force or prevent Xen from using fully eager FPU context switches. This is currently implemented as a global control. By default, Xen will choose to use fully eager context diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 55da9302e5..a0bf9f4e05 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -29,6 +29,7 @@ #include #include #include +#include struct vmcb_struct *alloc_vmcb(void) { @@ -175,6 +176,14 @@ static int construct_vmcb(struct vcpu *v) vmcb->_pause_filter_thresh = SVM_PAUSETHRESH_INIT; } + /* + * When default_xen_spec_ctrl simply SPEC_CTRL_STIBP, default this behind + * the back of the VM too. Our SMT topology isn't accurate, the overhead + * is neglegable, and doing this saves a WRMSR on the vmentry path. + */ + if ( default_xen_spec_ctrl == SPEC_CTRL_STIBP ) + v->arch.msrs->spec_ctrl.raw = SPEC_CTRL_STIBP; + return 0; } diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index eb7fb70e86..8212227ee0 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -48,9 +48,13 @@ static enum ind_thunk { THUNK_LFENCE, THUNK_JMP, } opt_thunk __initdata = THUNK_DEFAULT; + static int8_t __initdata opt_ibrs = -1; +int8_t __initdata opt_stibp = -1; +bool __read_mostly opt_ssbd; +int8_t __initdata opt_psfd = -1; + bool __read_mostly opt_ibpb = true; -bool __read_mostly opt_ssbd = false; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -172,12 +176,20 @@ static int __init parse_spec_ctrl(const char *s) else rc = -EINVAL; } + + /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) opt_ibrs = val; - else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + else if ( (val = parse_boolean("stibp", s, ss)) >= 0 ) + opt_stibp = val; else if ( (val = parse_boolean("ssbd", s, ss)) >= 0 ) opt_ssbd = val; + else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) + opt_psfd = val; + + /* Misc settings. */ + else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) + opt_ibpb = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -376,7 +388,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -390,6 +402,9 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (!boot_cpu_has(X86_FEATURE_SSBD) && !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", + (!boot_cpu_has(X86_FEATURE_PSFD) && + !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -950,10 +965,7 @@ void __init init_speculation_mitigations(void) if ( !has_spec_ctrl ) printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); else if ( opt_ibrs == -1 ) - { opt_ibrs = ibrs = true; - default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; - } if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) thunk = THUNK_JMP; @@ -1057,14 +1069,49 @@ void __init init_speculation_mitigations(void) setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - /* If we have IBRS available, see whether we should use it. */ + /* Figure out default_xen_spec_ctrl. */ if ( has_spec_ctrl && ibrs ) + { + /* IBRS implies STIBP. */ + if ( opt_stibp == -1 ) + opt_stibp = 1; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + } + + /* + * Use STIBP by default if the hardware hint is set. Otherwise, leave it + * off as it a severe performance pentalty on pre-eIBRS Intel hardware + * where it was retrofitted in microcode. + */ + if ( opt_stibp == -1 ) + opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + + if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || + boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) + default_xen_spec_ctrl |= SPEC_CTRL_STIBP; - /* If we have SSBD available, see whether we should use it. */ if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) + { + /* SSBD implies PSFD */ + if ( opt_psfd == -1 ) + opt_psfd = 1; + default_xen_spec_ctrl |= SPEC_CTRL_SSBD; + } + + /* + * Don't use PSFD by default. AMD designed the predictor to + * auto-clear on privilege change. PSFD is implied by SSBD, which is + * off by default. + */ + if ( opt_psfd == -1 ) + opt_psfd = 0; + + if ( opt_psfd && (boot_cpu_has(X86_FEATURE_PSFD) || + boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ) + default_xen_spec_ctrl |= SPEC_CTRL_PSFD; /* * PV guests can poison the RSB to any virtual address from which -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 00:01:02 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 00:01:02 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366119.596751 (Exim 4.92) (envelope-from ) id 1oBPoM-0000AH-Rg; Wed, 13 Jul 2022 00:01:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366119.596751; Wed, 13 Jul 2022 00:01:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPoM-0000A8-NT; Wed, 13 Jul 2022 00:01:02 +0000 Received: by outflank-mailman (input) for mailman id 366119; Wed, 13 Jul 2022 00:01:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPoM-00009v-7Q for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPoM-00059z-6X for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBPoM-0003fD-5k for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1Bb5HtTkhz06Z5KTriGZc9vececb1mYbMnRJJHrotZE=; b=dsLkEOMA/NvToUuJDXyRzT6+qs 4guc/TWEahylZozA/U1qtJv0Xufzk3fK/rwHwZAE0kj8MLvv3C9glksEsDoGrZ8Uo8CTGIQILQj4s zQumJHw+Wt118Zzd2TQZwh+vSfy7O97dbxx9lBqRZ3XQK3jqxRngki+kBcBNRWE2gg2k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxc: fix compilation error with gcc13 Message-Id: Date: Wed, 13 Jul 2022 00:01:02 +0000 commit 77deab4233b5d9ec5cf214fdc1652424fd4fc9d6 Author: Charles Arnold AuthorDate: Tue Jul 12 11:24:39 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:24:39 2022 +0200 libxc: fix compilation error with gcc13 xc_psr.c:161:5: error: conflicting types for 'xc_psr_cmt_get_data' due to enum/integer mismatch; Signed-off-by: Charles Arnold Reviewed-by: Jan Beulich Acked-by: Anthony PERARD master commit: 8eeae8c2b4efefda8e946461e86cf2ae9c18e5a9 master date: 2022-07-06 13:06:40 +0200 --- tools/include/xenctrl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index 318920166c..2013200b9e 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -2577,7 +2577,7 @@ int xc_psr_cmt_get_l3_event_mask(xc_interface *xch, uint32_t *event_mask); int xc_psr_cmt_get_l3_cache_size(xc_interface *xch, uint32_t cpu, uint32_t *l3_cache_size); int xc_psr_cmt_get_data(xc_interface *xch, uint32_t rmid, uint32_t cpu, - uint32_t psr_cmt_type, uint64_t *monitor_data, + xc_psr_cmt_type type, uint64_t *monitor_data, uint64_t *tsc); int xc_psr_cmt_enabled(xc_interface *xch); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 00:01:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 00:01:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366120.596753 (Exim 4.92) (envelope-from ) id 1oBPoW-0000E5-S9; Wed, 13 Jul 2022 00:01:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366120.596753; Wed, 13 Jul 2022 00:01:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPoW-0000Dx-PA; Wed, 13 Jul 2022 00:01:12 +0000 Received: by outflank-mailman (input) for mailman id 366120; Wed, 13 Jul 2022 00:01:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPoW-0000Df-AW for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPoW-0005A6-9h for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBPoW-0003fc-8u for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DubG7SsFCHa5W7h5r7eUnDx/7x1BpLaAbdXPkum0/3o=; b=2dlLmmCbmea31RhFDM7gSkefXf +gSwnKLlb7aDeVkJdaBL0alDNjDWXYNzh30WVquil/9IiROyHS+zBL4VwxZe0B8kP6O2TeBwcdZG0 Hha0WVKR/LyX2MoIu7viAp41LDfyF390O4mVkgsnaQ/BKZorQlIpMXVZ09hm2JgsmJ0g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option Message-Id: Date: Wed, 13 Jul 2022 00:01:12 +0000 commit 5be1f46f435f8b05608b1eae029cb17d8bd3a560 Author: Andrew Cooper AuthorDate: Tue Jul 12 11:25:05 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:25:05 2022 +0200 x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option This was an oversight from when unpriv-mmio was introduced. Fixes: 8c24b70fedcb ("x86/spec-ctrl: Add spec-ctrl=unpriv-mmio") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 4cdb519d797c19ebb8fadc5938cdb47479d5a21b master date: 2022-07-11 15:21:35 +0100 --- xen/arch/x86/spec_ctrl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 8212227ee0..06790897e4 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -122,6 +122,7 @@ static int __init parse_spec_ctrl(const char *s) opt_l1d_flush = 0; opt_branch_harden = false; opt_srb_lock = 0; + opt_unpriv_mmio = false; } else if ( val > 0 ) rc = -EINVAL; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 00:01:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 00:01:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366121.596758 (Exim 4.92) (envelope-from ) id 1oBPog-0000Hb-TV; Wed, 13 Jul 2022 00:01:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366121.596758; Wed, 13 Jul 2022 00:01:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPog-0000HT-Qn; Wed, 13 Jul 2022 00:01:22 +0000 Received: by outflank-mailman (input) for mailman id 366121; Wed, 13 Jul 2022 00:01:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPog-0000HL-Dd for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPog-0005AH-Cr for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBPog-0003gD-C6 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PZWiqIckFWVSz0aIKqvIs3isNypKTXChMjU10Hb8Cl8=; b=DVOQ22/XKlaaQQ3s9evNwiJFav uyYls1rDTE6zqQaLBnAtpctytnQ7yQAf7dkjrRNGjRA8NtYlhwlwb0IkjvGGnC6TCkPkoMosX//TR fv+twN39ltevYsla2q7kEnfsQ5Sd9NFLUTE29gh/N2FFZYO8w2UaaOSRiTKiLdEY7wrE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xen/cmdline: Extend parse_boolean() to signal a name match Message-Id: Date: Wed, 13 Jul 2022 00:01:22 +0000 commit ae417706870333bb52ebcf33c527809cdd2d7265 Author: Andrew Cooper AuthorDate: Tue Jul 12 11:25:40 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:25:40 2022 +0200 xen/cmdline: Extend parse_boolean() to signal a name match This will help parsing a sub-option which has boolean and non-boolean options available. First, rework 'int val' into 'bool has_neg_prefix'. This inverts it's value, but the resulting logic is far easier to follow. Second, reject anything of the form 'no-$FOO=' which excludes ambiguous constructs such as 'no-$foo=yes' which have never been valid. This just leaves the case where everything is otherwise fine, but parse_bool() can't interpret the provided string. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross Reviewed-by: Jan Beulich master commit: 382326cac528dd1eb0d04efd5c05363c453e29f4 master date: 2022-07-11 15:21:35 +0100 --- xen/common/kernel.c | 20 ++++++++++++++++---- xen/include/xen/lib.h | 3 ++- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index 7a345ae45e..daf9652665 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -272,9 +272,9 @@ int parse_bool(const char *s, const char *e) int parse_boolean(const char *name, const char *s, const char *e) { size_t slen, nlen; - int val = !!strncmp(s, "no-", 3); + bool has_neg_prefix = !strncmp(s, "no-", 3); - if ( !val ) + if ( has_neg_prefix ) s += 3; slen = e ? ({ ASSERT(e >= s); e - s; }) : strlen(s); @@ -286,11 +286,23 @@ int parse_boolean(const char *name, const char *s, const char *e) /* Exact, unadorned name? Result depends on the 'no-' prefix. */ if ( slen == nlen ) - return val; + return !has_neg_prefix; + + /* Inexact match with a 'no-' prefix? Not valid. */ + if ( has_neg_prefix ) + return -1; /* =$SOMETHING? Defer to the regular boolean parsing. */ if ( s[nlen] == '=' ) - return parse_bool(&s[nlen + 1], e); + { + int b = parse_bool(&s[nlen + 1], e); + + if ( b >= 0 ) + return b; + + /* Not a boolean, but the name matched. Signal specially. */ + return -2; + } /* Unrecognised. Give up. */ return -1; diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index 1198c7c0b2..be74981351 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -80,7 +80,8 @@ int parse_bool(const char *s, const char *e); /** * Given a specific name, parses a string of the form: * [no-]$NAME[=...] - * returning 0 or 1 for a recognised boolean, or -1 for an error. + * returning 0 or 1 for a recognised boolean. Returns -1 for general errors, + * and -2 for "not a boolean, but $NAME= matches". */ int parse_boolean(const char *name, const char *s, const char *e); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 00:01:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 00:01:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366123.596773 (Exim 4.92) (envelope-from ) id 1oBPos-0000bw-DB; Wed, 13 Jul 2022 00:01:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366123.596773; Wed, 13 Jul 2022 00:01:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPos-0000bm-9z; Wed, 13 Jul 2022 00:01:34 +0000 Received: by outflank-mailman (input) for mailman id 366123; Wed, 13 Jul 2022 00:01:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPoq-0000b5-II for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPoq-0005AV-HP for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBPoq-0003gz-FL for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ul7ZwO5PpF7XRo0uiSZ7mJHRQNzfMkyogo+f2rcnK8U=; b=2gDXGudVHTm38Etnea60Y7/Qbh hUpThNtrjWdsXz1uUx/XVVrIPAcQOSBMsvRfS3DNWm0rEQ2d0h7BzVbnAuD4bHkBN+vEmTzlPWJnI v3p+Ek6dBe5//0rZz1TwEdVAN80G3WC/24XVDLI/8LKgXlbqwrPwRUmLt+iQqikuPZyQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Message-Id: Date: Wed, 13 Jul 2022 00:01:32 +0000 commit 08bfd4d01185e94fda1be9dd79a981d890a9085e Author: Andrew Cooper AuthorDate: Tue Jul 12 11:26:14 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:26:14 2022 +0200 x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Support controling the PV/HVM suboption of msr-sc/rsb/md-clear, which previously wasn't possible. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 27357c394ba6e1571a89105b840ce1c6f026485c master date: 2022-07-11 15:21:35 +0100 --- docs/misc/xen-command-line.pandoc | 12 +++++-- xen/arch/x86/spec_ctrl.c | 66 +++++++++++++++++++++++++++++++++------ 2 files changed, 66 insertions(+), 12 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 1db3da9ef7..b06db5f654 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2169,7 +2169,8 @@ not be able to control the state of the mitigation. By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) -> `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, +> `= List of [ , xen=, {pv,hvm}=, +> {msr-sc,rsb,md-clear}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2194,12 +2195,17 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The booleans `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` offer fine +The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and Xen's ability to virtualise support for guests to use. +protect itself, and/or Xen's ability to virtualise support for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. +* Each other option can be used either as a plain boolean + (e.g. `spec-ctrl=rsb` to control both the PV and HVM sub-options), or with + `pv=` or `hvm=` subsuboptions (e.g. `spec-ctrl=rsb=no-hvm` to disable HVM + RSB only). + * `msr-sc=` offers control over Xen's support for manipulating `MSR_SPEC_CTRL` on entry and exit. These blocks are necessary to virtualise support for guests and if disabled, guests will be unable to use IBRS/STIBP/SSBD/etc. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 06790897e4..225fe08259 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -147,20 +147,68 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_md_clear_hvm = val; } - else if ( (val = parse_boolean("msr-sc", s, ss)) >= 0 ) + else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { - opt_msr_sc_pv = val; - opt_msr_sc_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_msr_sc_pv = opt_msr_sc_hvm = val; + break; + + case -2: + s += strlen("msr-sc="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_msr_sc_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_msr_sc_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("rsb", s, ss)) >= 0 ) + else if ( (val = parse_boolean("rsb", s, ss)) != -1 ) { - opt_rsb_pv = val; - opt_rsb_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_rsb_pv = opt_rsb_hvm = val; + break; + + case -2: + s += strlen("rsb="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_rsb_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_rsb_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("md-clear", s, ss)) >= 0 ) + else if ( (val = parse_boolean("md-clear", s, ss)) != -1 ) { - opt_md_clear_pv = val; - opt_md_clear_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_md_clear_pv = opt_md_clear_hvm = val; + break; + + case -2: + s += strlen("md-clear="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_md_clear_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_md_clear_hvm = val; + else + default: + rc = -EINVAL; + break; + } } /* Xen's speculative sidechannel mitigation settings. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 00:01:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 00:01:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366124.596777 (Exim 4.92) (envelope-from ) id 1oBPp2-0000hJ-ER; Wed, 13 Jul 2022 00:01:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366124.596777; Wed, 13 Jul 2022 00:01:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPp2-0000h5-BV; Wed, 13 Jul 2022 00:01:44 +0000 Received: by outflank-mailman (input) for mailman id 366124; Wed, 13 Jul 2022 00:01:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPp0-0000gC-L6 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPp0-0005As-KF for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBPp0-0003hR-Ja for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/Vi9mvYPz2nh17wUjb7ibqA45L7M5pw81ZgsoHwYj2c=; b=G2OyGgsXebY6ogVWk4qf6gYd4o sUNR+a5H+cpRIkvhsC/MS38mT/Ox6rBWp8YGitQQB+pD1xvYzQInR2wJJunXZwdd2baWo5NzIGOpz dvN2X6WQfMo1yPVkUR4D/XS0lSah8zzhO+EUBeRLaI4SboMbocBRvnOexLie7hKHKidg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] tools/helpers: fix build of xen-init-dom0 with -Werror Message-Id: Date: Wed, 13 Jul 2022 00:01:42 +0000 commit f241cc48dabeef6cb0b381db62f2562b0a3970eb Author: Anthony PERARD AuthorDate: Tue Jul 12 11:26:47 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:26:47 2022 +0200 tools/helpers: fix build of xen-init-dom0 with -Werror Missing prototype of asprintf() without _GNU_SOURCE. Signed-off-by: Anthony PERARD Reviewed-by: Henry Wang master commit: d693b22733044d68e9974766b5c9e6259c9b1708 master date: 2022-07-12 08:38:35 +0200 --- tools/helpers/xen-init-dom0.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/helpers/xen-init-dom0.c b/tools/helpers/xen-init-dom0.c index c99224a4b6..b4861c9e80 100644 --- a/tools/helpers/xen-init-dom0.c +++ b/tools/helpers/xen-init-dom0.c @@ -1,3 +1,5 @@ +#define _GNU_SOURCE + #include #include #include -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 00:01:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 00:01:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366127.596781 (Exim 4.92) (envelope-from ) id 1oBPpC-0000nH-Ft; Wed, 13 Jul 2022 00:01:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366127.596781; Wed, 13 Jul 2022 00:01:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPpC-0000n7-D9; Wed, 13 Jul 2022 00:01:54 +0000 Received: by outflank-mailman (input) for mailman id 366127; Wed, 13 Jul 2022 00:01:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPpA-0000mU-Nu for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPpA-0005Ay-N5 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBPpA-0003hr-MV for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:01:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=54AuWu7gl0HpdXxhTJej3Pe9OXrgnbNJZ2yUMC0RUf4=; b=XvTN2t8g+R/2WuDZ8JuoU7hY4F HsDskwqhvE9J6BUOdUSsGURrl6GTgLRkABFwNxfur+6B/Xz9HZQmEQejiUqBsu4B15Ir98u/bIHd7 fMSei2jl74X42ww7UOUhUXiz1MiSQMzVg64bm0mUdTy3VYK5tAdpF80iIpWNL8zKUbLA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl: check return value of libxl__xs_directory in name2bdf Message-Id: Date: Wed, 13 Jul 2022 00:01:52 +0000 commit d470a54087e0fbd813dae4d773ad0b830eeec4a1 Author: Anthony PERARD AuthorDate: Tue Jul 12 11:26:58 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:26:58 2022 +0200 libxl: check return value of libxl__xs_directory in name2bdf libxl__xs_directory() can potentially return NULL without setting `n`. As `n` isn't initialised, we need to check libxl__xs_directory() return value before checking `n`. Otherwise, `n` might be non-zero with `bdfs` NULL which would lead to a segv. Fixes: 57bff091f4 ("libxl: add 'name' field to 'libxl_device_pci' in the IDL...") Reported-by: "G.R." Signed-off-by: Anthony PERARD Reviewed-by: Juergen Gross Tested-by: "G.R." master commit: d778089ac70e5b8e3bdea0c85fc8c0b9ed0eaf2f master date: 2022-07-12 08:38:51 +0200 --- tools/libs/light/libxl_pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_pci.c b/tools/libs/light/libxl_pci.c index 92bf86b2be..a5f5cdf62b 100644 --- a/tools/libs/light/libxl_pci.c +++ b/tools/libs/light/libxl_pci.c @@ -859,7 +859,7 @@ static int name2bdf(libxl__gc *gc, libxl_device_pci *pci) int rc = ERROR_NOTFOUND; bdfs = libxl__xs_directory(gc, XBT_NULL, PCI_INFO_PATH, &n); - if (!n) + if (!bdfs || !n) goto out; for (i = 0; i < n; i++) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 00:02:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 00:02:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366128.596784 (Exim 4.92) (envelope-from ) id 1oBPpM-0000sD-HN; Wed, 13 Jul 2022 00:02:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366128.596784; Wed, 13 Jul 2022 00:02:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPpM-0000s3-Ek; Wed, 13 Jul 2022 00:02:04 +0000 Received: by outflank-mailman (input) for mailman id 366128; Wed, 13 Jul 2022 00:02:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPpK-0000rZ-Rs for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:02:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBPpK-0005BL-R5 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:02:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBPpK-0003iP-PC for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 00:02:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZB/H+utAoCLk3FD+bPnxyDsBJ3ISHy/9aXC1aDKmjjA=; b=1sPtUOOoNSQB8OrFV+MIN1TwKt pA6bh90n1OXJWQ7fRc62hby1flPP8aHMxS57SvGm0NNyPZmf6Qn4sH36Nri7poqTKwajm7iiENz3M lXayUOtlzx95EqgKhL9Sk8cLyx8A1JhV2tsCNWleRqLB3ZFGgNGABSB6whl2uPL5eRWo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] update Xen version to 4.15.4-pre Message-Id: Date: Wed, 13 Jul 2022 00:02:02 +0000 commit 505771bb1dffdf6f763fad18ee49a913b98abfea Author: Jan Beulich AuthorDate: Tue Jul 12 11:28:33 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 11:28:33 2022 +0200 update Xen version to 4.15.4-pre --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index e9a88325c4..cd66bb3b1c 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 15 -export XEN_EXTRAVERSION ?= .3$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .4-pre$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:44:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366506.597315 (Exim 4.92) (envelope-from ) id 1oBami-0002NJ-JU; Wed, 13 Jul 2022 11:44:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366506.597315; Wed, 13 Jul 2022 11:44:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBami-0002NB-GP; Wed, 13 Jul 2022 11:44:04 +0000 Received: by outflank-mailman (input) for mailman id 366506; Wed, 13 Jul 2022 11:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBamg-0002N5-NF for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBamg-0002J9-Jw for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBamg-0006uT-Ii for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wpbch/S5CSuid6TcB8KhJobV5d23pWf800bGLJqmiVc=; b=zWlZoUW5jwCUukkQJqFMi6q2SH AheaQZKD20iIwX2hfMOzDHMjgNy8eOiorRPJ3y5PQi54gq+nbbBEmcOIHVp+ooA+21ozWiU3NbJdN BJOycwxqFyUToG09mQXRXHqsphxt9CtltGNOUWZfwccz1DS5l1uv7kRC/sTIsviuoKTY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option Message-Id: Date: Wed, 13 Jul 2022 11:44:02 +0000 commit 14c5e0c134228438e56ab956254742aef775b3dd Author: Andrew Cooper AuthorDate: Fri Jul 8 16:11:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option This was an oversight from when unpriv-mmio was introduced. Fixes: 8c24b70fedcb ("x86/spec-ctrl: Add spec-ctrl=unpriv-mmio") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4cdb519d797c19ebb8fadc5938cdb47479d5a21b) --- xen/arch/x86/spec_ctrl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index d4ba941206..3b34ca705c 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -118,6 +118,7 @@ static int __init parse_spec_ctrl(const char *s) opt_l1d_flush = 0; opt_branch_harden = false; opt_srb_lock = 0; + opt_unpriv_mmio = false; } else if ( val > 0 ) rc = -EINVAL; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:44:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366507.597320 (Exim 4.92) (envelope-from ) id 1oBamr-0002PC-Kl; Wed, 13 Jul 2022 11:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366507.597320; Wed, 13 Jul 2022 11:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBamr-0002P5-I8; Wed, 13 Jul 2022 11:44:13 +0000 Received: by outflank-mailman (input) for mailman id 366507; Wed, 13 Jul 2022 11:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBamq-0002Ov-Nz for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBamq-0002JG-N2 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBamq-0006uw-MH for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ne1h+qbnu532vSjwXQUJygX1MoAZE1SHdkS03mp4v9o=; b=EmSS0xZXscsSV+hcxruiwk+tyl u8N2vSKmaYK7qM8ASkErNVMVl98GxXTtqToKVqyammXZ8Yx0hS6Jx5a/pH9DN73PiTKSGpmHnNgN3 0oc/bq2dB54kxHawOUnQ9I+MrheqMKhf0O6yEp7vuyGWfO2mbg5G22mdAG7vFaPcvzsI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Drop SPEC_CTRL_{ENTRY_FROM,EXIT_TO}_HVM Message-Id: Date: Wed, 13 Jul 2022 11:44:12 +0000 commit 8a2cc1ed1aee291de3c06fae90763bd79248b043 Author: Andrew Cooper AuthorDate: Tue Jan 25 13:52:56 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Drop SPEC_CTRL_{ENTRY_FROM,EXIT_TO}_HVM These were written before Spectre/Meltdown went public, and there was large uncertainty in how the protections would evolve. As it turns out, they're very specific to Intel hardware, and not very suitable for AMD. Drop the macros, opencoding the relevant subset of functionality, and leaving grep-fodder to locate the logic. No change at all for VT-x. For AMD, the only relevant piece of functionality is DO_OVERWRITE_RSB, although we will soon be adding (different) logic to handle MSR_SPEC_CTRL. This has a marginal improvement of removing an unconditional pile of long-nops from the vmentry/exit path. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné (cherry picked from commit 95b13fa43e0753b7514bef13abe28253e8614f62) [Forward port over XSA-404] --- xen/arch/x86/hvm/svm/entry.S | 5 +++-- xen/arch/x86/hvm/vmx/entry.S | 7 +++++-- xen/include/asm-x86/spec_ctrl_asm.h | 17 ++++------------- 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index e954d8e021..0684d29050 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -63,7 +63,7 @@ __UNLIKELY_END(nsvm_hap) mov VCPUMSR_spec_ctrl_raw(%rax), %eax /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - SPEC_CTRL_EXIT_TO_HVM /* Req: a=spec_ctrl %rsp=regs/cpuinfo, Clob: cd */ + /* SPEC_CTRL_EXIT_TO_SVM (nothing currently) */ pop %r15 pop %r14 @@ -90,7 +90,8 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - SPEC_CTRL_ENTRY_FROM_HVM /* Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: ac */ + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ STGI diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 62ed0d854d..db3af571c9 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -33,7 +33,9 @@ ENTRY(vmx_asm_vmexit_handler) movb $1,VCPU_vmx_launched(%rbx) mov %rax,VCPU_hvm_guest_cr2(%rbx) - SPEC_CTRL_ENTRY_FROM_HVM /* Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + /* SPEC_CTRL_ENTRY_FROM_VMX Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + ALTERNATIVE "", DO_SPEC_CTRL_ENTRY_FROM_HVM, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* Hardware clears MSR_DEBUGCTL on VMExit. Reinstate it if debugging Xen. */ @@ -80,7 +82,8 @@ UNLIKELY_END(realmode) mov VCPUMSR_spec_ctrl_raw(%rax), %eax /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - SPEC_CTRL_EXIT_TO_HVM /* Req: a=spec_ctrl %rsp=regs/cpuinfo, Clob: cd */ + /* SPEC_CTRL_EXIT_TO_VMX Req: a=spec_ctrl %rsp=regs/cpuinfo, Clob: cd */ + ALTERNATIVE "", DO_SPEC_CTRL_EXIT_TO_GUEST, X86_FEATURE_SC_MSR_HVM DO_SPEC_CTRL_COND_VERW mov VCPU_hvm_guest_cr2(%rbx),%rax diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 4a3777cc52..fe90c80ac3 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -68,14 +68,16 @@ * * The following ASM fragments implement this algorithm. See their local * comments for further details. - * - SPEC_CTRL_ENTRY_FROM_HVM * - SPEC_CTRL_ENTRY_FROM_PV * - SPEC_CTRL_ENTRY_FROM_INTR * - SPEC_CTRL_ENTRY_FROM_INTR_IST * - SPEC_CTRL_EXIT_TO_XEN_IST * - SPEC_CTRL_EXIT_TO_XEN * - SPEC_CTRL_EXIT_TO_PV - * - SPEC_CTRL_EXIT_TO_HVM + * + * Additionally, the following grep-fodder exists to find the HVM logic. + * - SPEC_CTRL_ENTRY_FROM_{SVM,VMX} + * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ .macro DO_OVERWRITE_RSB tmp=rax @@ -228,12 +230,6 @@ wrmsr .endm -/* Use after a VMEXIT from an HVM guest. */ -#define SPEC_CTRL_ENTRY_FROM_HVM \ - ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM; \ - ALTERNATIVE "", DO_SPEC_CTRL_ENTRY_FROM_HVM, \ - X86_FEATURE_SC_MSR_HVM - /* Use after an entry from PV context (syscall/sysenter/int80/int82/etc). */ #define SPEC_CTRL_ENTRY_FROM_PV \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ @@ -257,11 +253,6 @@ DO_SPEC_CTRL_EXIT_TO_GUEST, X86_FEATURE_SC_MSR_PV; \ DO_SPEC_CTRL_COND_VERW -/* Use when exiting to HVM guest context. */ -#define SPEC_CTRL_EXIT_TO_HVM \ - ALTERNATIVE "", \ - DO_SPEC_CTRL_EXIT_TO_GUEST, X86_FEATURE_SC_MSR_HVM; \ - /* * Use in IST interrupt/exception context. May interrupt Xen or PV context. * Fine grain control of SCF_ist_wrmsr is needed for safety in the S3 resume -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:44:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:44:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366508.597326 (Exim 4.92) (envelope-from ) id 1oBan1-0002SC-NG; Wed, 13 Jul 2022 11:44:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366508.597326; Wed, 13 Jul 2022 11:44:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBan1-0002S5-Jd; Wed, 13 Jul 2022 11:44:23 +0000 Received: by outflank-mailman (input) for mailman id 366508; Wed, 13 Jul 2022 11:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBan0-0002Ru-Qx for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBan0-0002JU-Q1 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBan0-0006vP-PF for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BklfPZbMlBh1cDGWJYfeZnhsEMQRJMaHuobRRGOSoxA=; b=Kt3EKV3EHINRr/JboNdZpe1its t4XJTXh75BuAJeEq6M90ZdDfRrymvkOnFkv7V0zD3l9kM+o9J+8KnthL6hIk6X1whuKI5cIXIWXPT Nbf7QSHC+e/vtmeMQnvAK2Gf9pQvLfn3suD+1JB/jOtiJ3eMlLDOfObiTVz3xCL85luE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Split the "Hardware features" diagnostic line Message-Id: Date: Wed, 13 Jul 2022 11:44:22 +0000 commit f614e3c51ae0477f71fcdf31ae48757daccb2ccc Author: Andrew Cooper AuthorDate: Fri Oct 15 11:14:16 2021 +0200 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Split the "Hardware features" diagnostic line Separate the read-only hints from the features requiring active actions on Xen's behalf. Also take the opportunity split the IBRS/IBPB and IBPB mess. More features with overlapping enumeration are on the way, and and it is not useful to split them like this. No practical change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 565ebcda976c05b0c6191510d5e32b621a2b1867) [Forward ported over XSA-404] --- xen/arch/x86/spec_ctrl.c | 51 +++++++++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 3b34ca705c..fec145a7b9 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -322,28 +322,35 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk("Speculative mitigation facilities:\n"); - /* Hardware features which pertain to speculative mitigations. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", - (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS/IBPB" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", - (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", - (e8b & cpufeat_mask(X86_FEATURE_IBPB)) ? " IBPB" : "", - (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", - (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", - (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", - (caps & ARCH_CAPS_SKIP_L1DFL) ? " SKIP_L1DFL": "", - (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", - (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", - (caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL" : "", - (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : "", - (caps & ARCH_CAPS_SBDR_SSDP_NO) ? " SBDR_SSDP_NO" : "", - (caps & ARCH_CAPS_FBSDP_NO) ? " FBSDP_NO" : "", - (caps & ARCH_CAPS_PSDP_NO) ? " PSDP_NO" : "", - (caps & ARCH_CAPS_FB_CLEAR) ? " FB_CLEAR" : "", - (caps & ARCH_CAPS_FB_CLEAR_CTRL) ? " FB_CLEAR_CTRL" : ""); + /* + * Hardware read-only information, stating immunity to certain issues, or + * suggestions of which mitigation to use. + */ + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s\n", + (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", + (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", + (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", + (caps & ARCH_CAPS_SKIP_L1DFL) ? " SKIP_L1DFL" : "", + (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", + (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", + (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : "", + (caps & ARCH_CAPS_SBDR_SSDP_NO) ? " SBDR_SSDP_NO" : "", + (caps & ARCH_CAPS_FBSDP_NO) ? " FBSDP_NO" : "", + (caps & ARCH_CAPS_PSDP_NO) ? " PSDP_NO" : ""); + + /* Hardware features which need driving to mitigate issues. */ + printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s\n", + (e8b & cpufeat_mask(X86_FEATURE_IBPB)) || + (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBPB" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", + (caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL" : "", + (caps & ARCH_CAPS_FB_CLEAR) ? " FB_CLEAR" : "", + (caps & ARCH_CAPS_FB_CLEAR_CTRL) ? " FB_CLEAR_CTRL" : ""); /* Compiled-in support which pertains to mitigations. */ if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) || IS_ENABLED(CONFIG_SHADOW_PAGING) ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:44:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:44:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366509.597327 (Exim 4.92) (envelope-from ) id 1oBanB-0002VF-PQ; Wed, 13 Jul 2022 11:44:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366509.597327; Wed, 13 Jul 2022 11:44:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanB-0002V8-MS; Wed, 13 Jul 2022 11:44:33 +0000 Received: by outflank-mailman (input) for mailman id 366509; Wed, 13 Jul 2022 11:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanA-0002Uz-UG for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanA-0002Jf-TG for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBanA-0006vs-Sd for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vaDvHwLA4Uf8bdR/XScNOawOoHlgBKT8cEYmDe4rWMw=; b=I+dfO+jDwJbWcqGvGBTsiECxzH obktJwkVWsUBLlwALuHgmGavoJYhXVAsRqwJEaQpl0EFF4YGEiNVck2Zd4um8qzLwyA8kfOmwcvc9 8ys5AyiFdx/8O3oshJQTDtMZIFvwU00/o8FuAwPKp2rC90qgK3ov/wmQ7m8Ut6U6qTEA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/amd: Enumeration for speculative features/hints Message-Id: Date: Wed, 13 Jul 2022 11:44:32 +0000 commit 4eddf132b5e0246b5e51e6b9edfe9aaa35349ab1 Author: Andrew Cooper AuthorDate: Fri Oct 15 11:14:46 2021 +0200 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/amd: Enumeration for speculative features/hints There is a step change in speculation protections between the Zen1 and Zen2 microarchitectures. Zen1 and older have no special support. Control bits in non-architectural MSRs are used to make lfence be dispatch-serialising (Spectre v1), and to disable Memory Disambiguation (Speculative Store Bypass). IBPB was retrofitted in a microcode update, and software methods are required for Spectre v2 protections. Because the bit controlling Memory Disambiguation is model specific, hypervisors are expected to expose a MSR_VIRT_SPEC_CTRL interface which abstracts the model specific details. Zen2 and later implement the MSR_SPEC_CTRL interface in hardware, and virtualise the interface for HVM guests to use. A number of hint bits are specified too to help guide OS software to the most efficient mitigation strategy. Zen3 introduced a new feature, Predictive Store Forwarding, along with a control to disable it in sensitive code. Add CPUID and VMCB details for all the new functionality. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 747424c664bb164a04e7a9f2ffbf02d4a1630d7d) --- tools/libxl/libxl_cpuid.c | 10 ++++++++++ tools/misc/xen-cpuid.c | 9 ++++++++- xen/arch/x86/hvm/svm/svm.c | 1 + xen/include/asm-x86/cpufeature.h | 5 +++++ xen/include/asm-x86/hvm/svm/svm.h | 2 ++ xen/include/asm-x86/hvm/svm/vmcb.h | 4 +++- xen/include/asm-x86/msr-index.h | 2 ++ xen/include/public/arch-x86/cpufeatureset.h | 10 ++++++++++ 8 files changed, 41 insertions(+), 2 deletions(-) diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c index 083869dcf4..977a4377bf 100644 --- a/tools/libxl/libxl_cpuid.c +++ b/tools/libxl/libxl_cpuid.c @@ -264,6 +264,16 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"rstr-fp-err-ptrs", 0x80000008, NA, CPUID_REG_EBX, 2, 1}, {"wbnoinvd", 0x80000008, NA, CPUID_REG_EBX, 9, 1}, {"ibpb", 0x80000008, NA, CPUID_REG_EBX, 12, 1}, + {"ibrs", 0x80000008, NA, CPUID_REG_EBX, 14, 1}, + {"amd-stibp", 0x80000008, NA, CPUID_REG_EBX, 15, 1}, + {"ibrs-always", 0x80000008, NA, CPUID_REG_EBX, 16, 1}, + {"stibp-always", 0x80000008, NA, CPUID_REG_EBX, 17, 1}, + {"ibrs-fast", 0x80000008, NA, CPUID_REG_EBX, 18, 1}, + {"ibrs-same-mode", 0x80000008, NA, CPUID_REG_EBX, 19, 1}, + {"amd-ssbd", 0x80000008, NA, CPUID_REG_EBX, 24, 1}, + {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1}, + {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, + {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index a09440813b..ff167779df 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -147,9 +147,16 @@ static const char *const str_e8b[32] = [ 0] = "clzero", [ 2] = "rstr-fp-err-ptrs", - /* [ 8] */ [ 9] = "wbnoinvd", + /* [ 8] */ [ 9] = "wbnoinvd", [12] = "ibpb", + [14] = "ibrs", [15] = "amd-stibp", + [16] = "ibrs-always", [17] = "stibp-always", + [18] = "ibrs-fast", [19] = "ibrs-same-mode", + + [24] = "amd-ssbd", [25] = "virt-ssbd", + [26] = "ssb-no", + [28] = "psfd", }; static const char *const str_7d0[32] = diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index a6de9ccb8f..c973411019 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1657,6 +1657,7 @@ const struct hvm_function_table * __init start_svm(void) P(cpu_has_pause_filter, "Pause-Intercept Filter"); P(cpu_has_pause_thresh, "Pause-Intercept Filter Threshold"); P(cpu_has_tsc_ratio, "TSC Rate MSR"); + P(cpu_has_svm_spec_ctrl, "MSR_SPEC_CTRL virtualisation"); #undef P if ( !printed ) diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 00d22caac7..6419b4d2c5 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -124,6 +124,11 @@ /* CPUID level 0x80000007.edx */ #define cpu_has_itsc boot_cpu_has(X86_FEATURE_ITSC) +/* CPUID level 0x80000008.ebx */ +#define cpu_has_amd_ssbd boot_cpu_has(X86_FEATURE_AMD_SSBD) +#define cpu_has_virt_ssbd boot_cpu_has(X86_FEATURE_VIRT_SSBD) +#define cpu_has_ssb_no boot_cpu_has(X86_FEATURE_SSB_NO) + /* CPUID level 0x00000007:0.edx */ #define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW) #define cpu_has_avx512_4fmaps boot_cpu_has(X86_FEATURE_AVX512_4FMAPS) diff --git a/xen/include/asm-x86/hvm/svm/svm.h b/xen/include/asm-x86/hvm/svm/svm.h index 52752fe5ab..2b522ee79b 100644 --- a/xen/include/asm-x86/hvm/svm/svm.h +++ b/xen/include/asm-x86/hvm/svm/svm.h @@ -74,6 +74,7 @@ extern u32 svm_feature_flags; #define SVM_FEATURE_PAUSETHRESH 12 /* Pause intercept filter support */ #define SVM_FEATURE_VLOADSAVE 15 /* virtual vmload/vmsave */ #define SVM_FEATURE_VGIF 16 /* Virtual GIF */ +#define SVM_FEATURE_SPEC_CTRL 20 /* MSR_SPEC_CTRL virtualisation */ #define cpu_has_svm_feature(f) (svm_feature_flags & (1u << (f))) #define cpu_has_svm_npt cpu_has_svm_feature(SVM_FEATURE_NPT) @@ -87,6 +88,7 @@ extern u32 svm_feature_flags; #define cpu_has_pause_thresh cpu_has_svm_feature(SVM_FEATURE_PAUSETHRESH) #define cpu_has_tsc_ratio cpu_has_svm_feature(SVM_FEATURE_TSCRATEMSR) #define cpu_has_svm_vloadsave cpu_has_svm_feature(SVM_FEATURE_VLOADSAVE) +#define cpu_has_svm_spec_ctrl cpu_has_svm_feature(SVM_FEATURE_SPEC_CTRL) #define SVM_PAUSEFILTER_INIT 4000 #define SVM_PAUSETHRESH_INIT 1000 diff --git a/xen/include/asm-x86/hvm/svm/vmcb.h b/xen/include/asm-x86/hvm/svm/vmcb.h index 10b51c64bb..560dbb2873 100644 --- a/xen/include/asm-x86/hvm/svm/vmcb.h +++ b/xen/include/asm-x86/hvm/svm/vmcb.h @@ -494,7 +494,9 @@ struct vmcb_struct { u64 _lastbranchtoip; /* cleanbit 10 */ u64 _lastintfromip; /* cleanbit 10 */ u64 _lastinttoip; /* cleanbit 10 */ - u64 res17[301]; + u64 res17[9]; + u64 spec_ctrl; + u64 res18[291]; }; struct svm_domain { diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 2a80660d84..20653bd660 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -41,6 +41,7 @@ #define SPEC_CTRL_IBRS (_AC(1, ULL) << 0) #define SPEC_CTRL_STIBP (_AC(1, ULL) << 1) #define SPEC_CTRL_SSBD (_AC(1, ULL) << 2) +#define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) #define MSR_PRED_CMD 0x00000049 #define PRED_CMD_IBPB (_AC(1, ULL) << 0) @@ -272,6 +273,7 @@ #define MSR_K8_ENABLE_C1E 0xc0010055 #define MSR_K8_VM_CR 0xc0010114 #define MSR_K8_VM_HSAVE_PA 0xc0010117 +#define MSR_VIRT_SPEC_CTRL 0xc001011f /* Layout matches MSR_SPEC_CTRL */ #define MSR_F15H_CU_POWER 0xc001007a #define MSR_F15H_CU_MAX_POWER 0xc001007b diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index a1d1619643..6084e0569d 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -248,6 +248,16 @@ XEN_CPUFEATURE(CLZERO, 8*32+ 0) /*A CLZERO instruction */ XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A (F)X{SAVE,RSTOR} always saves/restores FPU Error pointers */ XEN_CPUFEATURE(WBNOINVD, 8*32+ 9) /* WBNOINVD instruction */ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by AMD) */ +XEN_CPUFEATURE(IBRS, 8*32+14) /* MSR_SPEC_CTRL.IBRS */ +XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /* MSR_SPEC_CTRL.STIBP */ +XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /* IBRS preferred always on */ +XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /* STIBP preferred always on */ +XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /* IBRS preferred over software options */ +XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection */ +XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ +XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ +XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ +XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:44:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:44:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366510.597331 (Exim 4.92) (envelope-from ) id 1oBanL-0002Xt-Ql; Wed, 13 Jul 2022 11:44:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366510.597331; Wed, 13 Jul 2022 11:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanL-0002Xm-O6; Wed, 13 Jul 2022 11:44:43 +0000 Received: by outflank-mailman (input) for mailman id 366510; Wed, 13 Jul 2022 11:44:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanL-0002Xg-1G for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanL-0002Jt-0G for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBanK-0006wW-Vn for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kRWOQayY8JCcseeGnZ3aj3dFN1NGiavojiiNSK9abaw=; b=f7hP1v3jhjsTGukJrPSrH6OF2J tlYhellYYW3TlROpUYN4prabFtU+dLpKy3ZSdG/gg9/S68TiY2IC+UNFzTMRZfPdpi+BDTZ+kZZmd cn6TVI+FSVOQkOppKypXxd7Ov5q/g/So5aIojuYKXanWrsVU4e3Pj/WPQrQM3I9vtwbQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/amd: Use newer SSBD mechanisms if they exist Message-Id: Date: Wed, 13 Jul 2022 11:44:42 +0000 commit d43b47eb6a268aab69dbd87e1219aad4d3775f3d Author: Andrew Cooper AuthorDate: Fri Oct 15 11:15:14 2021 +0200 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/amd: Use newer SSBD mechanisms if they exist The opencoded legacy Memory Disambiguation logic in init_amd() neglected Fam19h for the Zen3 microarchitecture. Further more, all Zen2 based system have the architectural MSR_SPEC_CTRL and the SSBD bit within it, so shouldn't be using MSR_AMD64_LS_CFG. Implement the algorithm given in AMD's SSBD whitepaper, and leave a printk_once() behind in the case that no controls can be found. This now means that a user explicitly choosing `spec-ctrl=ssbd` will properly turn off Memory Disambiguation on Fam19h/Zen3 systems. This still remains a single system-wide setting (for now), and is not context switched between vCPUs. As such, it doesn't interact with Intel's use of MSR_SPEC_CTRL and default_xen_spec_ctrl (yet). Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 2a4e6c4e4bea2e0bb720418c331ee28ff9c7632e) --- xen/arch/x86/cpu/amd.c | 69 +++++++++++++++++++++++++++++++++++------------- xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 9 +------ xen/arch/x86/spec_ctrl.c | 5 +++- 4 files changed, 57 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index aa1b9d0dda..de0389810b 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -540,6 +540,56 @@ void early_init_amd(struct cpuinfo_x86 *c) ctxt_switch_levelling(NULL); } +/* + * Refer to the AMD Speculative Store Bypass whitepaper: + * https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf + */ +void amd_init_ssbd(const struct cpuinfo_x86 *c) +{ + int bit = -1; + + if (cpu_has_ssb_no) + return; + + if (cpu_has_amd_ssbd) { + wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + return; + } + + if (cpu_has_virt_ssbd) { + wrmsrl(MSR_VIRT_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + return; + } + + switch (c->x86) { + case 0x15: bit = 54; break; + case 0x16: bit = 33; break; + case 0x17: + case 0x18: bit = 10; break; + } + + if (bit >= 0) { + uint64_t val, mask = 1ull << bit; + + if (rdmsr_safe(MSR_AMD64_LS_CFG, val) || + ({ + val &= ~mask; + if (opt_ssbd) + val |= mask; + false; + }) || + wrmsr_safe(MSR_AMD64_LS_CFG, val) || + ({ + rdmsrl(MSR_AMD64_LS_CFG, val); + (val & mask) != (opt_ssbd * mask); + })) + bit = -1; + } + + if (bit < 0) + printk_once(XENLOG_ERR "No SSBD controls available\n"); +} + static void init_amd(struct cpuinfo_x86 *c) { u32 l, h; @@ -616,24 +666,7 @@ static void init_amd(struct cpuinfo_x86 *c) c->x86_capability); } - /* - * If the user has explicitly chosen to disable Memory Disambiguation - * to mitigiate Speculative Store Bypass, poke the appropriate MSR. - */ - if (opt_ssbd) { - int bit = -1; - - switch (c->x86) { - case 0x15: bit = 54; break; - case 0x16: bit = 33; break; - case 0x17: bit = 10; break; - } - - if (bit >= 0 && !rdmsr_safe(MSR_AMD64_LS_CFG, value)) { - value |= 1ull << bit; - wrmsr_safe(MSR_AMD64_LS_CFG, value); - } - } + amd_init_ssbd(c); /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index c2f4d9a06a..23ccd66115 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -19,3 +19,4 @@ extern void detect_ht(struct cpuinfo_x86 *c); extern bool detect_extended_topology(struct cpuinfo_x86 *c); void early_init_amd(struct cpuinfo_x86 *c); +void amd_init_ssbd(const struct cpuinfo_x86 *c); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 9ab7aa8622..b769e8ad90 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -59,14 +59,7 @@ static void init_hygon(struct cpuinfo_x86 *c) __set_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability); - /* - * If the user has explicitly chosen to disable Memory Disambiguation - * to mitigiate Speculative Store Bypass, poke the appropriate MSR. - */ - if (opt_ssbd && !rdmsr_safe(MSR_AMD64_LS_CFG, value)) { - value |= 1ull << 10; - wrmsr_safe(MSR_AMD64_LS_CFG, value); - } + amd_init_ssbd(c); /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index fec145a7b9..be3528c28e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -331,6 +331,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", (caps & ARCH_CAPS_SKIP_L1DFL) ? " SKIP_L1DFL" : "", + (e8b & cpufeat_mask(X86_FEATURE_SSB_NO)) || (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : "", @@ -339,15 +340,17 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (caps & ARCH_CAPS_PSDP_NO) ? " PSDP_NO" : ""); /* Hardware features which need driving to mitigate issues. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s\n", (e8b & cpufeat_mask(X86_FEATURE_IBPB)) || (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBPB" : "", (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS" : "", (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", + (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", + (e8b & cpufeat_mask(X86_FEATURE_VIRT_SSBD)) ? " VIRT_SSBD" : "", (caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL" : "", (caps & ARCH_CAPS_FB_CLEAR) ? " FB_CLEAR" : "", (caps & ARCH_CAPS_FB_CLEAR_CTRL) ? " FB_CLEAR_CTRL" : ""); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:44:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:44:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366511.597335 (Exim 4.92) (envelope-from ) id 1oBanV-0002ab-S8; Wed, 13 Jul 2022 11:44:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366511.597335; Wed, 13 Jul 2022 11:44:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanV-0002aU-Pl; Wed, 13 Jul 2022 11:44:53 +0000 Received: by outflank-mailman (input) for mailman id 366511; Wed, 13 Jul 2022 11:44:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanV-0002aK-4E for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanV-0002KR-3M for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBanV-0006wv-2T for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:44:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GoBElhShUt945PS33QL6Hqb7BJOnj21+OtU7Ia6hlPw=; b=AstueD9LPjSIUxlJbaxYhBuhbg zmI8j8o6Ay31ZgPR1hK54MgegBEPL2/Iq7RQrl/jZ4CED0iDs9qEt0eJ6REJDWZK8eNHp8ZaNLGu4 G3jNnNiMQg+P0mvLtDQ+KroxRvGenyuMeqsRl0EnfJ/ijUSldWZaqF3lmE62vxjnKpbg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Print all AMD speculative hints/features Message-Id: Date: Wed, 13 Jul 2022 11:44:53 +0000 commit 55e4c720b269f5731b60a358aa3d8e56dd1866fe Author: Andrew Cooper AuthorDate: Fri Oct 15 11:15:39 2021 +0200 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Print all AMD speculative hints/features We already print Intel features that aren't yet implemented/used, so be consistent on AMD too. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 3d189f16a11d5a209fb47fa3635847608d43745c) [Forward port over XSA-398] --- xen/arch/x86/spec_ctrl.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index be3528c28e..0cc9b3fed5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -326,7 +326,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * Hardware read-only information, stating immunity to certain issues, or * suggestions of which mitigation to use. */ - printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", @@ -337,16 +337,23 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : "", (caps & ARCH_CAPS_SBDR_SSDP_NO) ? " SBDR_SSDP_NO" : "", (caps & ARCH_CAPS_FBSDP_NO) ? " FBSDP_NO" : "", - (caps & ARCH_CAPS_PSDP_NO) ? " PSDP_NO" : ""); + (caps & ARCH_CAPS_PSDP_NO) ? " PSDP_NO" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS_ALWAYS)) ? " IBRS_ALWAYS" : "", + (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : ""); /* Hardware features which need driving to mitigate issues. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", (e8b & cpufeat_mask(X86_FEATURE_IBPB)) || (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBPB" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS)) || (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS" : "", + (e8b & cpufeat_mask(X86_FEATURE_AMD_STIBP)) || (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (e8b & cpufeat_mask(X86_FEATURE_PSFD)) ? " PSFD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", @@ -367,14 +374,19 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", - !boot_cpu_has(X86_FEATURE_IBRSB) ? "No" : + (!boot_cpu_has(X86_FEATURE_IBRSB) && + !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", - !boot_cpu_has(X86_FEATURE_SSBD) ? "" : + (!boot_cpu_has(X86_FEATURE_STIBP) && + !boot_cpu_has(X86_FEATURE_AMD_STIBP)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_STIBP) ? " STIBP+" : " STIBP-", + (!boot_cpu_has(X86_FEATURE_SSBD) && + !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:45:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:45:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366512.597340 (Exim 4.92) (envelope-from ) id 1oBanf-0002dg-Uc; Wed, 13 Jul 2022 11:45:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366512.597340; Wed, 13 Jul 2022 11:45:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanf-0002dY-RI; Wed, 13 Jul 2022 11:45:03 +0000 Received: by outflank-mailman (input) for mailman id 366512; Wed, 13 Jul 2022 11:45:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanf-0002dQ-7D for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanf-0002L6-6M for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBanf-0006xf-5f for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dcmZ6JHqHJsiam/yUgtJaQYQh3jwkwvFiqVZxZDGXVo=; b=In9t0iEaornHexNQOwXkkcYftY uxzmIcKHGX2U3RIlTxouCiEHPSkY9NTwNg0Vanhz59KicZpHEAVODITvWqPKYOxfMBeH7w20WHzuu uvavm4ZcSffrtCKOLxw6pW0RPaH9e7ji+5gZGDW99cF2FiWtDC+4qWXPGHtzkNdHyxXI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Drop use_spec_ctrl boolean Message-Id: Date: Wed, 13 Jul 2022 11:45:03 +0000 commit 8974821f13adb141726bff3524154cf601561269 Author: Andrew Cooper AuthorDate: Tue Jan 25 16:09:59 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Drop use_spec_ctrl boolean Several bugfixes have reduced the utility of this variable from it's original purpose, and now all it does is aid in the setup of SCF_ist_wrmsr. Simplify the logic by drop the variable, and doubling up the setting of SCF_ist_wrmsr for the PV and HVM blocks, which will make the AMD SPEC_CTRL support easier to follow. Leave a comment explaining why SCF_ist_wrmsr is still necessary for the VMExit case. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit ec083bf552c35e10347449e21809f4780f8155d2) --- xen/arch/x86/spec_ctrl.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0cc9b3fed5..a072ec9877 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -923,7 +923,7 @@ void spec_ctrl_init_domain(struct domain *d) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; + bool ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -998,19 +998,21 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - use_spec_ctrl = true; + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } if ( opt_msr_sc_hvm ) { - use_spec_ctrl = true; + /* + * While the guest MSR_SPEC_CTRL value is loaded/saved atomically, + * Xen's value is not restored atomically. An early NMI hitting + * the VMExit path needs to restore Xen's value for safety. + */ + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - if ( use_spec_ctrl ) - default_spec_ctrl_flags |= SCF_ist_wrmsr; - if ( ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:45:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:45:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366513.597345 (Exim 4.92) (envelope-from ) id 1oBanq-0002gg-1i; Wed, 13 Jul 2022 11:45:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366513.597345; Wed, 13 Jul 2022 11:45:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanp-0002gY-Uy; Wed, 13 Jul 2022 11:45:13 +0000 Received: by outflank-mailman (input) for mailman id 366513; Wed, 13 Jul 2022 11:45:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanp-0002gS-AF for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanp-0002LG-9L for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBanp-0006yD-8a for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xHlOOu57gan9kAlxpvtO7WJMfnar9BnlFQI+TRbLYsI=; b=irI5b8PHMk6Zn1h3IJOtThAKXx MuN1pHwqa7Qpr3XKUn56dUsT7Kngi/WV1yYHOMPX84KuIac94Xfj8pDpBlAkX/be1nJniK/bSVVWQ /XeJJ/zn5RwAhn8MGLBeC9oT0Tf6yUk3p00wNS+A1vS31Sm5Df1eV5woAK7T/leWGy9Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Introduce new has_spec_ctrl boolean Message-Id: Date: Wed, 13 Jul 2022 11:45:13 +0000 commit bf5f5e89f04057dc2207953c9d7611f1c5bc8506 Author: Andrew Cooper AuthorDate: Tue Jan 25 17:14:48 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Introduce new has_spec_ctrl boolean Most MSR_SPEC_CTRL setup will be common between Intel and AMD. Instead of opencoding an OR of two features everywhere, introduce has_spec_ctrl instead. Reword the comment above the Intel specific alternatives block to highlight that it is Intel specific, and pull the setting of default_xen_spec_ctrl.IBRS out because it will want to be common. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5d9eff3a312763d889cfbf3c8468b6dfb3ab490c) --- xen/arch/x86/spec_ctrl.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index a072ec9877..422714f3a2 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -923,7 +923,7 @@ void spec_ctrl_init_domain(struct domain *d) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool ibrs = false, hw_smt_enabled; + bool has_spec_ctrl, ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -932,6 +932,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); + has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + /* * Has the user specified any custom BTI mitigations? If so, follow their * instructions exactly and disable all heuristics. @@ -955,11 +957,11 @@ void __init init_speculation_mitigations(void) */ if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } /* Without compiler thunk support, use IBRS if available. */ - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } @@ -990,10 +992,7 @@ void __init init_speculation_mitigations(void) else if ( thunk == THUNK_JMP ) setup_force_cpu_cap(X86_FEATURE_IND_THUNK_JMP); - /* - * If we are on hardware supporting MSR_SPEC_CTRL, see about setting up - * the alternatives blocks so we can virtualise support for guests. - */ + /* Intel hardware: MSR_SPEC_CTRL alternatives setup. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) { if ( opt_msr_sc_pv ) @@ -1012,11 +1011,12 @@ void __init init_speculation_mitigations(void) default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - - if ( ibrs ) - default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } + /* If we have IBRS available, see whether we should use it. */ + if ( has_spec_ctrl && ibrs ) + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + /* If we have SSBD available, see whether we should use it. */ if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; @@ -1250,7 +1250,7 @@ void __init init_speculation_mitigations(void) * boot won't have any other code running in a position to mount an * attack. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( has_spec_ctrl ) { bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:45:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:45:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366514.597348 (Exim 4.92) (envelope-from ) id 1oBao0-0002jN-2z; Wed, 13 Jul 2022 11:45:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366514.597348; Wed, 13 Jul 2022 11:45:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBao0-0002jF-0R; Wed, 13 Jul 2022 11:45:24 +0000 Received: by outflank-mailman (input) for mailman id 366514; Wed, 13 Jul 2022 11:45:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanz-0002j8-ED for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBanz-0002ME-DS for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBanz-0006yi-BU for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CVfDa7VRBFyz5Q9JqvztZTVNzU5bxyphMsAPagnhfgc=; b=WQSaN5CtOnVekN07+YbaedQyP5 gZB2Wg2BmwSgazRKOV+BMDnRzm0pFm/djDVxJcQ3iAh5G6xVpxludnChbxPHB/SP9Szs7yvU24X5v mVv4ImTB9fZxDmSln9zt1sBRdzUR34fWyWe1iPshhxhdW3shT+agzg2HKdQL83nXaJ0I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 Message-Id: Date: Wed, 13 Jul 2022 11:45:23 +0000 commit 074e388fe0df27620fa09be562a7a6af716e2252 Author: Andrew Cooper AuthorDate: Fri Jan 28 12:03:42 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 'idle' here refers to hlt/mwait. The S3 path isn't an idle path - it is a platform reset. We need to load default_xen_spec_ctrl unilaterally on the way back up. Currently it happens as a side effect of X86_FEATURE_SC_MSR_IDLE or the next return-to-guest, but that's fragile behaviour. Conversely, there is no need to clear IBRS and flush the store buffers on the way down; we're microseconds away from cutting power. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 71fac402e05ade7b0af2c34f77517449f6f7e2c1) --- xen/arch/x86/acpi/power.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 19b04aed22..6424a90212 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -245,7 +245,6 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - spec_ctrl_enter_idle(ci); /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; @@ -295,7 +294,9 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - spec_ctrl_exit_idle(ci); + + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:45:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:45:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366515.597353 (Exim 4.92) (envelope-from ) id 1oBaoA-0002ls-5D; Wed, 13 Jul 2022 11:45:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366515.597353; Wed, 13 Jul 2022 11:45:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaoA-0002lg-1w; Wed, 13 Jul 2022 11:45:34 +0000 Received: by outflank-mailman (input) for mailman id 366515; Wed, 13 Jul 2022 11:45:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBao9-0002la-HO for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBao9-0002ND-GT for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBao9-0006zC-Fr for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=93338J2kI1yMhUu5OaWi78qGD1pVC3YNQO059lZZdmk=; b=QoHgMZx1Jg5YCAp4F6JeJfi3Sc jozUYNwUMfxmzGV8Oo9GeL7PA0qNGekdpFJpzfmoavfrxsahocZPbmgwK5r3ZRiUB1cutXGqGAJWZ 3JiTgD7uccIcm/AbjjbzG/nxvx4tBIEzt9Ouz8ezbvBVZk/IfpnT2ijy0hOVIJEndlrc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Message-Id: Date: Wed, 13 Jul 2022 11:45:33 +0000 commit b8d573a31beb19e06336f204b29317ae4806e318 Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Currently, amd_init_ssbd() works by being the only write to MSR_SPEC_CTRL in the system. This ceases to be true when using the common logic. Include AMD MSR_SPEC_CTRL in has_spec_ctrl to activate the common paths, and introduce an AMD specific block to control alternatives. Also update the boot/resume paths to configure default_xen_spec_ctrl. svm.h needs an adjustment to remove a dependency on include order. For now, only active alternatives for HVM - PV will require more work. No functional change, as no alternatives are defined yet for HVM yet. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 378f2e6df31442396f0afda19794c5c6091d96f9) --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/smpboot.c | 2 +- xen/arch/x86/spec_ctrl.c | 26 ++++++++++++++++++++++++-- xen/include/asm-x86/hvm/svm/svm.h | 3 +++ 5 files changed, 30 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 6424a90212..df77b2ca5c 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -295,7 +295,7 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index de0389810b..d5dece37cd 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -552,7 +552,7 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) return; if (cpu_has_amd_ssbd) { - wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + /* Handled by common MSR_SPEC_CTRL logic */ return; } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 2d525c8b2c..91e2ae6263 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -365,7 +365,7 @@ void start_secondary(void *unused) * settings. Note: These MSRs may only become available after loading * microcode. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 422714f3a2..a768c57b45 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -21,6 +21,7 @@ #include #include +#include #include #include #include @@ -932,7 +933,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); - has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + has_spec_ctrl = (boot_cpu_has(X86_FEATURE_IBRSB) || + boot_cpu_has(X86_FEATURE_IBRS)); /* * Has the user specified any custom BTI mitigations? If so, follow their @@ -1013,12 +1015,32 @@ void __init init_speculation_mitigations(void) } } + /* AMD hardware: MSR_SPEC_CTRL alternatives setup. */ + if ( boot_cpu_has(X86_FEATURE_IBRS) ) + { + /* + * Virtualising MSR_SPEC_CTRL for guests depends on SVM support, which + * on real hardware matches the availability of MSR_SPEC_CTRL in the + * first place. + * + * No need for SCF_ist_wrmsr because Xen's value is restored + * atomically WRT NMIs in the VMExit path. + * + * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. + */ + if ( opt_msr_sc_hvm && + (boot_cpu_data.extended_cpuid_level >= 0x8000000a) && + (cpuid_edx(0x8000000a) & (1u << SVM_FEATURE_SPEC_CTRL)) ) + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } + /* If we have IBRS available, see whether we should use it. */ if ( has_spec_ctrl && ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; /* If we have SSBD available, see whether we should use it. */ - if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) + if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || + boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; /* diff --git a/xen/include/asm-x86/hvm/svm/svm.h b/xen/include/asm-x86/hvm/svm/svm.h index 2b522ee79b..f28b40996c 100644 --- a/xen/include/asm-x86/hvm/svm/svm.h +++ b/xen/include/asm-x86/hvm/svm/svm.h @@ -45,6 +45,9 @@ static inline void svm_invlpga(unsigned long linear, uint32_t asid) "a" (linear), "c" (asid)); } +struct cpu_user_regs; +struct vcpu; + unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr); void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len); void svm_update_guest_cr(struct vcpu *, unsigned int cr, unsigned int flags); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:45:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:45:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366516.597356 (Exim 4.92) (envelope-from ) id 1oBaoL-0002q7-6A; Wed, 13 Jul 2022 11:45:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366516.597356; Wed, 13 Jul 2022 11:45:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaoL-0002pz-3X; Wed, 13 Jul 2022 11:45:45 +0000 Received: by outflank-mailman (input) for mailman id 366516; Wed, 13 Jul 2022 11:45:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaoJ-0002p1-KD for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaoJ-0002NY-JO for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBaoJ-0006zb-Ik for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+34gxiRRdzV8xBuA3MHBOL28YWy3s5be55UgpGxAt7Y=; b=YE2QYkAtDFRsGjS0bVWBDSBx3n mxB+Y1vLSNspkTPUmyZpO9j4ANUOXewHyjfOGzWCUi+oLC8v0u/c201atLoLfRRWw9026binE3+Sp VNKrW4J+SoYMkP+kaHCtnGwhqolSS9/kcDK5CJm9JVELXtHOPhEVK+22/VlMNA3l7zw4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Message-Id: Date: Wed, 13 Jul 2022 11:45:43 +0000 commit 159e2235d75bd83bc9924d50e52b9b575b042709 Author: Andrew Cooper AuthorDate: Mon Jun 27 11:54:27 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Back at the time of the original Spectre-v2 fixes, it was recommended to clear MSR_SPEC_CTRL when going idle. This is because of the side effects on the sibling thread caused by the microcode IBRS and STIBP implementations which were retrofitted to existing CPUs. However, there are no relevant cross-thread impacts for the hardware IBRS/STIBP implementations, so this logic should not be used on Intel CPUs supporting eIBRS, or any AMD CPUs; doing so only adds unnecessary latency to the idle path. Furthermore, there's no point playing with MSR_SPEC_CTRL in the idle paths if SMT is disabled for other reasons. Fixes: 8d03080d2a33 ("x86/spec-ctrl: Cease using thunk=lfence on AMD") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné (cherry picked from commit ffc7694e0c99eea158c32aa164b7d1e1bb1dc46b) --- xen/arch/x86/spec_ctrl.c | 10 ++++++++-- xen/include/asm-x86/cpufeatures.h | 2 +- xen/include/asm-x86/spec_ctrl.h | 5 +++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index a768c57b45..e037e9b52e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1080,8 +1080,14 @@ void __init init_speculation_mitigations(void) /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ init_shadow_spec_ctrl_state(); - /* If Xen is using any MSR_SPEC_CTRL settings, adjust the idle path. */ - if ( default_xen_spec_ctrl ) + /* + * For microcoded IBRS only (i.e. Intel, pre eIBRS), it is recommended to + * clear MSR_SPEC_CTRL before going idle, to avoid impacting sibling + * threads. Activate this if SMT is enabled, and Xen is using a non-zero + * MSR_SPEC_CTRL setting. + */ + if ( boot_cpu_has(X86_FEATURE_IBRSB) && !(caps & ARCH_CAPS_IBRS_ALL) && + hw_smt_enabled && default_xen_spec_ctrl ) setup_force_cpu_cap(X86_FEATURE_SC_MSR_IDLE); xpti_init_default(caps); diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index bcba926bda..fc54c24a34 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -33,7 +33,7 @@ XEN_CPUFEATURE(SC_MSR_HVM, X86_SYNTH(17)) /* MSR_SPEC_CTRL used by Xen fo XEN_CPUFEATURE(SC_RSB_PV, X86_SYNTH(18)) /* RSB overwrite needed for PV */ XEN_CPUFEATURE(SC_RSB_HVM, X86_SYNTH(19)) /* RSB overwrite needed for HVM */ XEN_CPUFEATURE(XEN_SELFSNOOP, X86_SYNTH(20)) /* SELFSNOOP gets used by Xen itself */ -XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* (SC_MSR_PV || SC_MSR_HVM) && default_xen_spec_ctrl */ +XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on idle */ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ /* Bits 23,24 unused. */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 157a2c67d8..ffc054975e 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -80,7 +80,8 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) uint32_t val = 0; /* - * Branch Target Injection: + * It is recommended in some cases to clear MSR_SPEC_CTRL when going idle, + * to avoid impacting sibling threads. * * Latch the new shadow value, then enable shadowing, then update the MSR. * There are no SMP issues here; only local processor ordering concerns. @@ -116,7 +117,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) uint32_t val = info->xen_spec_ctrl; /* - * Branch Target Injection: + * Restore MSR_SPEC_CTRL on exit from idle. * * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:45:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:45:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366517.597360 (Exim 4.92) (envelope-from ) id 1oBaoV-0002sT-8J; Wed, 13 Jul 2022 11:45:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366517.597360; Wed, 13 Jul 2022 11:45:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaoV-0002sJ-4z; Wed, 13 Jul 2022 11:45:55 +0000 Received: by outflank-mailman (input) for mailman id 366517; Wed, 13 Jul 2022 11:45:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaoT-0002sD-N4 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaoT-0002Nj-MH for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBaoT-000700-Li for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:45:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r1knoXIfUs9EY2/wp3EOF6H/hf6lobquyw2fIZX17BM=; b=0qprWft7uy77JMu6GSWAGVllLm YEKhZqYzEu989ilZZ0Pb64fR8BHlFuyUd2tJd3YNx8StNDoGUXeNdxfDbpEJXtqCdx3omSzo1G8jO tGjAcd9IzJxx1yFu2/p5tJ5pp/Az8psKs9Jv29GMZP9Edhbb6ekW84ZVKdSUE0R0cBfQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint Message-Id: Date: Wed, 13 Jul 2022 11:45:53 +0000 commit a7e72872e99bed2dde6b90f0bd1e65ce3bae2173 Author: Andrew Cooper AuthorDate: Wed Mar 16 13:07:40 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint STIBP and PSFD are slightly weird bits, because they're both implied by other bits in MSR_SPEC_CTRL. Add fine grain controls for them, and take the implications into account when setting IBRS/SSBD. Rearrange the IBPB text/variables/logic to keep all the MSR_SPEC_CTRL bits together, for consistency. However, AMD have a hardware hint CPUID bit recommending that STIBP be set unilaterally. This is advertised on Zen3, so follow the recommendation. Furthermore, in such cases, set STIBP behind the guest's back for now. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit fef244b179c06fcdfa581f7d57fa6e578c49ff50) [Adjust for absence of INTEL_PSFD] --- docs/misc/xen-command-line.pandoc | 21 ++++++++++---- xen/arch/x86/spec_ctrl.c | 60 +++++++++++++++++++++++++++++++++++---- 2 files changed, 70 insertions(+), 11 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 022cb01da7..a998418585 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2034,8 +2034,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, -> l1d-flush,branch-harden,srb-lock,unpriv-mmio}= ]` +> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> eager-fpu,l1d-flush,branch-harden,srb-lock, +> unpriv-mmio}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2085,9 +2086,10 @@ On hardware supporting IBRS (Indirect Branch Restricted Speculation), the If Xen is not using IBRS itself, functionality is still set up so IBRS can be virtualised for guests. -On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` -option can be used to force (the default) or prevent Xen from issuing branch -prediction barriers on vcpu context switches. +On hardware supporting STIBP (Single Thread Indirect Branch Predictors), the +`stibp=` option can be used to force or prevent Xen using the feature itself. +By default, Xen will use STIBP when IBRS is in use (IBRS implies STIBP), and +when hardware hints recommend using it as a blanket setting. On hardware supporting SSBD (Speculative Store Bypass Disable), the `ssbd=` option can be used to force or prevent Xen using the feature itself. On AMD @@ -2095,6 +2097,15 @@ hardware, this is a global option applied at boot, and not virtualised for guest use. On Intel hardware, the feature is virtualised for guests, independently of Xen's choice of setting. +On hardware supporting PSFD (Predictive Store Forwarding Disable), the `psfd=` +option can be used to force or prevent Xen using the feature itself. By +default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by +default. + +On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` +option can be used to force (the default) or prevent Xen from issuing branch +prediction barriers on vcpu context switches. + On all hardware, the `eager-fpu=` option can be used to force or prevent Xen from using fully eager FPU context switches. This is currently implemented as a global control. By default, Xen will choose to use fully eager context diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index e037e9b52e..a4121e25cc 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -48,9 +48,13 @@ static enum ind_thunk { THUNK_LFENCE, THUNK_JMP, } opt_thunk __initdata = THUNK_DEFAULT; + static int8_t __initdata opt_ibrs = -1; +int8_t __initdata opt_stibp = -1; +bool __read_mostly opt_ssbd; +int8_t __initdata opt_psfd = -1; + bool __read_mostly opt_ibpb = true; -bool __read_mostly opt_ssbd = false; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -174,12 +178,20 @@ static int __init parse_spec_ctrl(const char *s) else rc = -EINVAL; } + + /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) opt_ibrs = val; - else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + else if ( (val = parse_boolean("stibp", s, ss)) >= 0 ) + opt_stibp = val; else if ( (val = parse_boolean("ssbd", s, ss)) >= 0 ) opt_ssbd = val; + else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) + opt_psfd = val; + + /* Misc settings. */ + else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) + opt_ibpb = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -375,7 +387,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -389,6 +401,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (!boot_cpu_has(X86_FEATURE_SSBD) && !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", + !boot_cpu_has(X86_FEATURE_PSFD) && + (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : @@ -1034,14 +1048,48 @@ void __init init_speculation_mitigations(void) setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - /* If we have IBRS available, see whether we should use it. */ + /* Figure out default_xen_spec_ctrl. */ if ( has_spec_ctrl && ibrs ) + { + /* IBRS implies STIBP. */ + if ( opt_stibp == -1 ) + opt_stibp = 1; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + } + + /* + * Use STIBP by default if the hardware hint is set. Otherwise, leave it + * off as it a severe performance pentalty on pre-eIBRS Intel hardware + * where it was retrofitted in microcode. + */ + if ( opt_stibp == -1 ) + opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + + if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || + boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) + default_xen_spec_ctrl |= SPEC_CTRL_STIBP; - /* If we have SSBD available, see whether we should use it. */ if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) + { + /* SSBD implies PSFD */ + if ( opt_psfd == -1 ) + opt_psfd = 1; + default_xen_spec_ctrl |= SPEC_CTRL_SSBD; + } + + /* + * Don't use PSFD by default. AMD designed the predictor to + * auto-clear on privilege change. PSFD is implied by SSBD, which is + * off by default. + */ + if ( opt_psfd == -1 ) + opt_psfd = 0; + + if ( opt_psfd && boot_cpu_has(X86_FEATURE_PSFD) ) + default_xen_spec_ctrl |= SPEC_CTRL_PSFD; /* * PV guests can poison the RSB to any virtual address from which -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:46:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:46:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366518.597364 (Exim 4.92) (envelope-from ) id 1oBaof-0002wK-BV; Wed, 13 Jul 2022 11:46:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366518.597364; Wed, 13 Jul 2022 11:46:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaof-0002wC-8g; Wed, 13 Jul 2022 11:46:05 +0000 Received: by outflank-mailman (input) for mailman id 366518; Wed, 13 Jul 2022 11:46:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaod-0002w0-Q8 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaod-0002O6-P9 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBaod-00070h-Oc for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rGoh6PcnZsb3gyqcRWg/0OQ6yeU+OagJxAGZYJ0hgHU=; b=MXDgeGzBELDfCNruAKgyb+/bql 7oCdqlxLGr8qvvgcRUp80vegeRoX++WSqco2/BLtsUMfu60Om1z/vOWXFXBmqhvYt9mQ0DG1oUTmF lP1TW1i2leCFP9+7eIfln/eEpJoMxHz89QzNeJp5mYIiXuNXPVnXjfc4lWN601mI/WCg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] xen/cmdline: Extend parse_boolean() to signal a name match Message-Id: Date: Wed, 13 Jul 2022 11:46:03 +0000 commit 4b42462701f0304e78925ca05517e52a79bf900b Author: Andrew Cooper AuthorDate: Tue Jul 5 19:19:01 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 xen/cmdline: Extend parse_boolean() to signal a name match This will help parsing a sub-option which has boolean and non-boolean options available. First, rework 'int val' into 'bool has_neg_prefix'. This inverts it's value, but the resulting logic is far easier to follow. Second, reject anything of the form 'no-$FOO=' which excludes ambiguous constructs such as 'no-$foo=yes' which have never been valid. This just leaves the case where everything is otherwise fine, but parse_bool() can't interpret the provided string. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross Reviewed-by: Jan Beulich (cherry picked from commit 382326cac528dd1eb0d04efd5c05363c453e29f4) --- xen/common/kernel.c | 20 ++++++++++++++++---- xen/include/xen/lib.h | 3 ++- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index de2fd1e334..7ba07eaaa6 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -275,9 +275,9 @@ int parse_bool(const char *s, const char *e) int parse_boolean(const char *name, const char *s, const char *e) { size_t slen, nlen; - int val = !!strncmp(s, "no-", 3); + bool has_neg_prefix = !strncmp(s, "no-", 3); - if ( !val ) + if ( has_neg_prefix ) s += 3; slen = e ? ({ ASSERT(e >= s); e - s; }) : strlen(s); @@ -289,11 +289,23 @@ int parse_boolean(const char *name, const char *s, const char *e) /* Exact, unadorned name? Result depends on the 'no-' prefix. */ if ( slen == nlen ) - return val; + return !has_neg_prefix; + + /* Inexact match with a 'no-' prefix? Not valid. */ + if ( has_neg_prefix ) + return -1; /* =$SOMETHING? Defer to the regular boolean parsing. */ if ( s[nlen] == '=' ) - return parse_bool(&s[nlen + 1], e); + { + int b = parse_bool(&s[nlen + 1], e); + + if ( b >= 0 ) + return b; + + /* Not a boolean, but the name matched. Signal specially. */ + return -2; + } /* Unrecognised. Give up. */ return -1; diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index 3c27ba902d..e0a234300a 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -79,7 +79,8 @@ int parse_bool(const char *s, const char *e); /** * Given a specific name, parses a string of the form: * [no-]$NAME[=...] - * returning 0 or 1 for a recognised boolean, or -1 for an error. + * returning 0 or 1 for a recognised boolean. Returns -1 for general errors, + * and -2 for "not a boolean, but $NAME= matches". */ int parse_boolean(const char *name, const char *s, const char *e); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:46:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:46:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366519.597367 (Exim 4.92) (envelope-from ) id 1oBaop-0002yo-Cr; Wed, 13 Jul 2022 11:46:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366519.597367; Wed, 13 Jul 2022 11:46:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaop-0002yg-AC; Wed, 13 Jul 2022 11:46:15 +0000 Received: by outflank-mailman (input) for mailman id 366519; Wed, 13 Jul 2022 11:46:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaon-0002yY-St for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaon-0002OG-S8 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBaon-000718-Ra for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wsi7gy6sV3hH2F2XIxW5ocLp1sUhES1/Q8kGMUm8qJE=; b=0Y62on+i/wwYH1Gv2I3VqjPFMu Y/oNHQU+d02atX8RskdhFNsz98TEY4yUo/Wr5S55NPzhqf+Vc3ulzg6i0Gsg8zrbKLHvWsK36duIx YgaEmitYjxozemU6RvVtt2AiSdNcjuFhcTNEOM0zViIyLdbuk8lKHPZSQwS3gJeDsJ9Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Message-Id: Date: Wed, 13 Jul 2022 11:46:13 +0000 commit 10d8c56e93a008892a30675f572a0c1d82005847 Author: Andrew Cooper AuthorDate: Fri Jul 8 16:44:43 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Support controling the PV/HVM suboption of msr-sc/rsb/md-clear, which previously wasn't possible. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 27357c394ba6e1571a89105b840ce1c6f026485c) --- docs/misc/xen-command-line.pandoc | 12 +++++-- xen/arch/x86/spec_ctrl.c | 66 +++++++++++++++++++++++++++++++++------ 2 files changed, 66 insertions(+), 12 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index a998418585..359859b518 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2033,7 +2033,8 @@ not be able to control the state of the mitigation. By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) -> `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, +> `= List of [ , xen=, {pv,hvm}=, +> {msr-sc,rsb,md-clear}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2058,12 +2059,17 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The booleans `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` offer fine +The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and Xen's ability to virtualise support for guests to use. +protect itself, and/or Xen's ability to virtualise support for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. +* Each other option can be used either as a plain boolean + (e.g. `spec-ctrl=rsb` to control both the PV and HVM sub-options), or with + `pv=` or `hvm=` subsuboptions (e.g. `spec-ctrl=rsb=no-hvm` to disable HVM + RSB only). + * `msr-sc=` offers control over Xen's support for manipulating `MSR_SPEC_CTRL` on entry and exit. These blocks are necessary to virtualise support for guests and if disabled, guests will be unable to use IBRS/STIBP/SSBD/etc. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index a4121e25cc..58af8a2838 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -148,20 +148,68 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_md_clear_hvm = val; } - else if ( (val = parse_boolean("msr-sc", s, ss)) >= 0 ) + else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { - opt_msr_sc_pv = val; - opt_msr_sc_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_msr_sc_pv = opt_msr_sc_hvm = val; + break; + + case -2: + s += strlen("msr-sc="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_msr_sc_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_msr_sc_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("rsb", s, ss)) >= 0 ) + else if ( (val = parse_boolean("rsb", s, ss)) != -1 ) { - opt_rsb_pv = val; - opt_rsb_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_rsb_pv = opt_rsb_hvm = val; + break; + + case -2: + s += strlen("rsb="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_rsb_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_rsb_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("md-clear", s, ss)) >= 0 ) + else if ( (val = parse_boolean("md-clear", s, ss)) != -1 ) { - opt_md_clear_pv = val; - opt_md_clear_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_md_clear_pv = opt_md_clear_hvm = val; + break; + + case -2: + s += strlen("md-clear="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_md_clear_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_md_clear_hvm = val; + else + default: + rc = -EINVAL; + break; + } } /* Xen's speculative sidechannel mitigation settings. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:46:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:46:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366520.597372 (Exim 4.92) (envelope-from ) id 1oBaoz-00031f-Ej; Wed, 13 Jul 2022 11:46:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366520.597372; Wed, 13 Jul 2022 11:46:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaoz-00031W-Be; Wed, 13 Jul 2022 11:46:25 +0000 Received: by outflank-mailman (input) for mailman id 366520; Wed, 13 Jul 2022 11:46:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaox-00031B-W2 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaox-0002OQ-VC for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBaox-00071h-Ud for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8rkwZ2Hnp+sgJQcyaVNLSCTGqLmKZ1mNuqyD+lCCwr0=; b=HdtXDhrDBugUbnc8JXecoHKi7H hWTdDRIcSIwfg3SIcJCqsuBLvpv/IOdkBP/52Ea8R6kLX67YhiGDtEiEtHl5+Bb1PFufVxsS0cjkf q0pywx4Lrm4cpkxPgNKCejgvDOEiOtTPvutMIf46nOEVWtpsuHr43OhKsifVmul1s2qI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Rework spec_ctrl_flags context switching Message-Id: Date: Wed, 13 Jul 2022 11:46:23 +0000 commit 196b4f4d34d4eb3857b301fba5cef6130252d554 Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Rework spec_ctrl_flags context switching We are shortly going to need to context switch new bits in both the vcpu and S3 paths. Introduce SCF_IST_MASK and SCF_DOM_MASK, and rework d->arch.verw into d->arch.spec_ctrl_flags to accommodate. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5796912f7279d9348a3166655588d30eae9f72cc) --- xen/arch/x86/acpi/power.c | 8 ++++---- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/spec_ctrl.c | 9 ++++++--- xen/include/asm-x86/domain.h | 3 +-- xen/include/asm-x86/spec_ctrl.h | 30 +++++++++++++++++++++++++++++- xen/include/asm-x86/spec_ctrl_asm.h | 3 --- 6 files changed, 44 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index df77b2ca5c..f1dbbf7fc9 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -245,8 +245,8 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; + /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ + ci->spec_ctrl_flags &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -292,8 +292,8 @@ static int enter_state(u32 state) if ( !recheck_cpu_features(0) ) panic("Missing previously available feature(s)\n"); - /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); + /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ + ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index fe95b25a03..0f94270254 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1820,10 +1820,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the VERW disposition. */ - info->spec_ctrl_flags &= ~SCF_verw; - if ( nextd->arch.verw ) - info->spec_ctrl_flags |= SCF_verw; + /* Update the top-of-stack block with the new spec_ctrl settings. */ + info->spec_ctrl_flags = + (info->spec_ctrl_flags & ~SCF_DOM_MASK) | + (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 58af8a2838..3030400a72 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -978,9 +978,12 @@ void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); - d->arch.verw = - (pv ? opt_md_clear_pv : opt_md_clear_hvm) || - (opt_fb_clear_mmio && is_iommu_enabled(d)); + bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || + (opt_fb_clear_mmio && is_iommu_enabled(d))); + + d->arch.spec_ctrl_flags = + (verw ? SCF_verw : 0) | + 0; } void __init init_speculation_mitigations(void) diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index 71d1ca243b..0527626a26 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -295,8 +295,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - /* Use VERW on return-to-guest for its flushing side effect. */ - bool verw; + uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index ffc054975e..a7b1b8f590 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -20,12 +20,40 @@ #ifndef __X86_SPEC_CTRL_H__ #define __X86_SPEC_CTRL_H__ -/* Encoding of cpuinfo.spec_ctrl_flags */ +/* + * Encoding of: + * cpuinfo.spec_ctrl_flags + * default_spec_ctrl_flags + * domain.spec_ctrl_flags + * + * Live settings are in the top-of-stack block, because they need to be + * accessable when XPTI is active. Some settings are fixed from boot, some + * context switched per domain, and some inhibited in the S3 path. + */ #define SCF_use_shadow (1 << 0) #define SCF_ist_wrmsr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +/* + * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some + * functionality requires updated microcode to work. + * + * On boot, this is easy; we load microcode before figuring out which + * speculative protections to apply. However, on the S3 resume path, we must + * be able to disable the configured mitigations until microcode is reloaded. + * + * These are the controls to inhibit on the S3 resume path until microcode has + * been reloaded. + */ +#define SCF_IST_MASK (SCF_ist_wrmsr) + +/* + * Some speculative protections are per-domain. These settings are merged + * into the top-of-stack block in the context switch path. + */ +#define SCF_DOM_MASK (SCF_verw) + #ifndef __ASSEMBLY__ #include diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index fe90c80ac3..12b3111ebd 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -255,9 +255,6 @@ /* * Use in IST interrupt/exception context. May interrupt Xen or PV context. - * Fine grain control of SCF_ist_wrmsr is needed for safety in the S3 resume - * path to avoid using MSR_SPEC_CTRL before the microcode introducing it has - * been reloaded. */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:46:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:46:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366521.597376 (Exim 4.92) (envelope-from ) id 1oBap9-00038i-Fr; Wed, 13 Jul 2022 11:46:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366521.597376; Wed, 13 Jul 2022 11:46:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBap9-00038b-DH; Wed, 13 Jul 2022 11:46:35 +0000 Received: by outflank-mailman (input) for mailman id 366521; Wed, 13 Jul 2022 11:46:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBap8-00036r-2c for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBap8-0002Oe-1q for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBap8-000728-1M for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ef/LGazQh2+kzcdyQ7j5TTzmajeIztX+RT6Ji88w1qU=; b=PmOfuc1Lcpnlxy4gjiSBCk2ko8 s2PAn860gM41VgcG7/5lYjZoUSn2u6RcZ7wqkqcB9O5dOxX6+YrQwoUOuIBfV3cELruGsBI5pKv0j xWypZc8DQpet3rkCAvfPnlZiNb3SJnwAcInSeZnVvvgHyL3Kc0KSw8buIwtMS60CFQ/0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr Message-Id: Date: Wed, 13 Jul 2022 11:46:34 +0000 commit ba3367292342e709b67e2efc0b1958ee34642b3f Author: Andrew Cooper AuthorDate: Tue Jun 28 14:36:56 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr We are about to introduce SCF_ist_ibpb, at which point SCF_ist_wrmsr becomes ambiguous. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76d6a36f645dfdbad8830559d4d52caf36efc75e) --- xen/arch/x86/spec_ctrl.c | 6 +++--- xen/include/asm-x86/spec_ctrl.h | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 3030400a72..deab5d990c 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1064,7 +1064,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1075,7 +1075,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1088,7 +1088,7 @@ void __init init_speculation_mitigations(void) * on real hardware matches the availability of MSR_SPEC_CTRL in the * first place. * - * No need for SCF_ist_wrmsr because Xen's value is restored + * No need for SCF_ist_sc_msr because Xen's value is restored * atomically WRT NMIs in the VMExit path. * * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index a7b1b8f590..3b2cd42413 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -31,7 +31,7 @@ * context switched per domain, and some inhibited in the S3 path. */ #define SCF_use_shadow (1 << 0) -#define SCF_ist_wrmsr (1 << 1) +#define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) @@ -46,7 +46,7 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_wrmsr) +#define SCF_IST_MASK (SCF_ist_sc_msr) /* * Some speculative protections are per-domain. These settings are merged diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 12b3111ebd..3e9d6bd114 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -273,8 +273,8 @@ .L\@_skip_rsb: - test $SCF_ist_wrmsr, %al - jz .L\@_skip_wrmsr + test $SCF_ist_sc_msr, %al + jz .L\@_skip_msr_spec_ctrl xor %edx, %edx testb $3, UREGS_cs(%rsp) @@ -297,7 +297,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * to speculate around the WRMSR. As a result, we need a dispatch * serialising instruction in the else clause. */ -.L\@_skip_wrmsr: +.L\@_skip_msr_spec_ctrl: lfence UNLIKELY_END(\@_serialise) .endm @@ -308,7 +308,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %rbx=stack_end * Clobbers %rax, %rcx, %rdx */ - testb $SCF_ist_wrmsr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) + testb $SCF_ist_sc_msr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) jz .L\@_skip DO_SPEC_CTRL_EXIT_TO_XEN -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:46:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:46:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366522.597380 (Exim 4.92) (envelope-from ) id 1oBapJ-0003Ec-Hn; Wed, 13 Jul 2022 11:46:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366522.597380; Wed, 13 Jul 2022 11:46:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapJ-0003EU-F0; Wed, 13 Jul 2022 11:46:45 +0000 Received: by outflank-mailman (input) for mailman id 366522; Wed, 13 Jul 2022 11:46:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapI-0003EG-5s for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapI-0002P7-4x for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBapI-00072Y-4F for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Sg5jbL8FOdPv0/wJa/N5lttFW6sKwnRc5Imkei3eG/g=; b=EKdaZfyn+jxXmQUN/2wgerj+xf cNu3xVYP4XOaFrY1zM0jZGvElgZe8izJWeYxREWgYcGYfCzkhmzEaiFCzW/Y2UXSaLrFbhr6BfeR8 y5pOvmz3o4gulBUsC8RX5E36GwbjBs14TEYsOAepGMyuXbg8aCH30xby97cZFVfupQTY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch Message-Id: Date: Wed, 13 Jul 2022 11:46:44 +0000 commit fbf19baaaf5cf3d72f8a4d820bd6a407b6581347 Author: Andrew Cooper AuthorDate: Mon Jul 4 21:32:17 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch We are about to introduce the use of IBPB at different points in Xen, making opt_ibpb ambiguous. Rename it to opt_ibpb_ctxt_switch. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit a8e5ef079d6f5c88c472e3e620db5a8d1402a50d) --- xen/arch/x86/domain.c | 2 +- xen/arch/x86/spec_ctrl.c | 10 +++++----- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 0f94270254..6199f36514 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1792,7 +1792,7 @@ void context_switch(struct vcpu *prev, struct vcpu *next) ctxt_switch_levelling(next); - if ( opt_ibpb && !is_idle_domain(nextd) ) + if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) ) { static DEFINE_PER_CPU(unsigned int, last); unsigned int *last_id = &this_cpu(last); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index deab5d990c..4517339ea6 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -54,7 +54,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb = true; +bool __read_mostly opt_ibpb_ctxt_switch = true; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -118,7 +118,7 @@ static int __init parse_spec_ctrl(const char *s) opt_thunk = THUNK_JMP; opt_ibrs = 0; - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; opt_ssbd = false; opt_l1d_flush = 0; opt_branch_harden = false; @@ -239,7 +239,7 @@ static int __init parse_spec_ctrl(const char *s) /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + opt_ibpb_ctxt_switch = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -455,7 +455,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (opt_tsx & 1) ? " TSX+" : " TSX-", !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", - opt_ibpb ? " IBPB" : "", + opt_ibpb_ctxt_switch ? " IBPB-ctxt" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm || opt_fb_clear_mmio ? " VERW" : "", @@ -1170,7 +1170,7 @@ void __init init_speculation_mitigations(void) /* Check we have hardware IBPB support before using it... */ if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 3b2cd42413..495260d6b6 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -63,7 +63,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb; +extern bool opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:46:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:46:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366523.597385 (Exim 4.92) (envelope-from ) id 1oBapT-0003M4-L6; Wed, 13 Jul 2022 11:46:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366523.597385; Wed, 13 Jul 2022 11:46:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapT-0003Lx-I0; Wed, 13 Jul 2022 11:46:55 +0000 Received: by outflank-mailman (input) for mailman id 366523; Wed, 13 Jul 2022 11:46:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapS-0003Lb-8f for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapS-0002PD-7u for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBapS-00073G-7G for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:46:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1zh2on2CByB/00VzerxVTKJug8rd8mD/ROvG+qhPC5U=; b=aozYX3DsUeOC8TApyQQgVVA6vX Ndov5fyovh27knap0nIkajP0CeO5zNgw1XScs4DIhiiJBysOgn8RMRZPWfJwkyrUTjMiGeBIDHgV+ P26AWCmVLm3Ra2qtoYO5VwqKgiog8tY6kRV8SXDtUAcw3DhZ43WCx/tsNF8AzDepM6SI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST Message-Id: Date: Wed, 13 Jul 2022 11:46:54 +0000 commit 5994b739453fa36d8724f3b06dc10884ca69427f Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST We are shortly going to add a conditional IBPB in this path. Therefore, we cannot hold spec_ctrl_flags in %eax, and rely on only clobbering it after we're done with its contents. %rbx is available for use, and the more normal register to hold preserved information in. With %rax freed up, use it instead of %rdx for the RSB tmp register, and for the adjustment to spec_ctrl_flags. This leaves no use of %rdx, except as 0 for the upper half of WRMSR. In practice, %rdx is 0 from SAVE_ALL on all paths and isn't likely to change in the foreseeable future, so update the macro entry requirements to state this dependency. This marginal optimisation can be revisited if circumstances change. No practical change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e9b8d31981f184c6539f91ec54bd9cae29cdae36) --- xen/arch/x86/x86_64/entry.S | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 21 ++++++++++----------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 6a5f8aaec3..481110fb93 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -805,7 +805,7 @@ ENTRY(double_fault) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rbx @@ -838,7 +838,7 @@ handle_ist_exception: GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 3e9d6bd114..3ec680b587 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -258,34 +258,33 @@ */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* - * Requires %rsp=regs, %r14=stack_end - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY * maybexen=1, but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %eax + movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx - test $SCF_ist_rsb, %al + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb - DO_OVERWRITE_RSB tmp=rdx /* Clobbers %rcx/%rdx */ + DO_OVERWRITE_RSB /* Clobbers %rax/%rcx */ .L\@_skip_rsb: - test $SCF_ist_sc_msr, %al + test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl - xor %edx, %edx + xor %eax, %eax testb $3, UREGS_cs(%rsp) - setnz %dl - not %edx - and %dl, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + setnz %al + not %eax + and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax - xor %edx, %edx wrmsr /* Opencoded UNLIKELY_START() with no condition. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:47:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:47:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366525.597387 (Exim 4.92) (envelope-from ) id 1oBapd-0003Re-Mk; Wed, 13 Jul 2022 11:47:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366525.597387; Wed, 13 Jul 2022 11:47:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapd-0003RV-Ji; Wed, 13 Jul 2022 11:47:05 +0000 Received: by outflank-mailman (input) for mailman id 366525; Wed, 13 Jul 2022 11:47:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapc-0003Qy-Bk for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:47:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapc-0002Pa-Au for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:47:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBapc-00073q-AK for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:47:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gpfxku6A6rdwOa8wMQ4qEdmrSZ6PogCudOmFVJHTRhE=; b=3n1k4bZt88jPbv0RSZN9/XJ2xm f+ED04iPQbEK2ctc9x6xMr95lq1TJB/wSrYsX4CSbhqCNA5CDue5tzX+aUu/eJI0RbDCrJDmIAkNG NwkxbHK6vyrFLCQhayClZwBtdBfe8UY3sVEJS6SW7qbKFJU40DUHwU8pdVtEUOoGD4K4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Support IBPB-on-entry Message-Id: Date: Wed, 13 Jul 2022 11:47:04 +0000 commit ebe3f5d9092466d2648c47c5aa6e9c9319db7bb5 Author: Andrew Cooper AuthorDate: Thu Feb 24 13:44:33 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Support IBPB-on-entry We are going to need this to mitigate Branch Type Confusion on AMD/Hygon CPUs, but as we've talked about using it in other cases too, arrange to support it generally. However, this is also very expensive in some cases, so we're going to want per-domain controls. Introduce SCF_ist_ibpb and SCF_entry_ibpb controls, adding them to the IST and DOM masks as appropriate. Also introduce X86_FEATURE_IBPB_ENTRY_{PV,HVM} to to patch the code blocks. For SVM, the STGI is serialising enough to protect against Spectre-v1 attacks, so no "else lfence" is necessary. VT-x will use use the MSR host load list, so doesn't need any code in the VMExit path. For the IST path, we can't safely check CPL==0 to skip a flush, as we might have hit an entry path before it's IBPB. As IST hitting Xen is rare, flush irrespective of CPL. A later path, SCF_ist_sc_msr, provides Spectre-v1 safety. For the PV paths, we know we're interrupting CPL>0, while for the INTR paths, we can safely check CPL==0. Only flush when interrupting guest context. An "else lfence" is needed for safety, but we want to be able to skip it on unaffected CPUs, so the block wants to be an alternative, which means the lfence has to be inline rather than UNLIKELY() (the replacement block doesn't have displacements fixed up for anything other than the first instruction). As with SPEC_CTRL_ENTRY_FROM_INTR_IST, %rdx is 0 on entry so rely on this to shrink the logic marginally. Update the comments to specify this new dependency. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 53a570b285694947776d5190f591a0d5b9b18de7) --- xen/arch/x86/hvm/svm/entry.S | 18 +++++++++++++- xen/arch/x86/hvm/vmx/vmcs.c | 4 +++ xen/arch/x86/x86_64/compat/entry.S | 4 +-- xen/arch/x86/x86_64/entry.S | 10 ++++---- xen/include/asm-x86/cpufeatures.h | 2 ++ xen/include/asm-x86/spec_ctrl.h | 6 +++-- xen/include/asm-x86/spec_ctrl_asm.h | 49 +++++++++++++++++++++++++++++++++++-- 7 files changed, 81 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 0684d29050..d7c85fdfc6 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -90,10 +90,26 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: ac */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: ac */ + + .macro svm_vmexit_cond_ibpb + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + jz .L_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr +.L_skip_ibpb: + .endm + ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ + /* + * STGI is executed unconditionally, and is sufficiently serialising + * to safely resolve any Spectre-v1 concerns in the above logic. + */ STGI GLOBAL(svm_stgi_label) mov %rsp,%rdi diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index f3bd7f9bee..447f583e07 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1312,6 +1312,10 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); + if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, + VMX_MSR_HOST); + out: vmx_vmcs_exit(v); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 9059c2ef6e..6d2e042677 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -17,7 +17,7 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, 4(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ CR4_PV32_RESTORE @@ -208,7 +208,7 @@ ENTRY(cstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 481110fb93..9fd4cef30f 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -235,7 +235,7 @@ ENTRY(lstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -270,7 +270,7 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -321,7 +321,7 @@ ENTRY(int80_direct_trap) movl $0x80, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -581,7 +581,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -613,7 +613,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index fc54c24a34..c6136ca4a0 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -37,6 +37,8 @@ XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on idle XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ /* Bits 23,24 unused. */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ +XEN_CPUFEATURE(IBPB_ENTRY_PV, X86_SYNTH(26)) /* MSR_PRED_CMD used by Xen for PV */ +XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(27)) /* MSR_PRED_CMD used by Xen for HVM */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 495260d6b6..8b69a81917 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -34,6 +34,8 @@ #define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +#define SCF_ist_ibpb (1 << 4) +#define SCF_entry_ibpb (1 << 5) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -46,13 +48,13 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_sc_msr) +#define SCF_IST_MASK (SCF_ist_sc_msr | SCF_ist_ibpb) /* * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 3ec680b587..5756f3f1a8 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -80,6 +80,35 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ +.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +/* + * Requires %rsp=regs (also cpuinfo if !maybexen) + * Requires %r14=stack_end (if maybexen), %rdx=0 + * Clobbers %rax, %rcx, %rdx + * + * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen + * case, we can safely look at UREGS_cs to skip taking the hit when + * interrupting Xen. + */ + .if \maybexen + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + jz .L\@_skip + testb $3, UREGS_cs(%rsp) + .else + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + .endif + jz .L\@_skip + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + jmp .L\@_done + +.L\@_skip: + lfence +.L\@_done: +.endm + .macro DO_OVERWRITE_RSB tmp=rax /* * Requires nothing @@ -232,12 +261,16 @@ /* Use after an entry from PV context (syscall/sysenter/int80/int82/etc). */ #define SPEC_CTRL_ENTRY_FROM_PV \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV /* Use in interrupt/exception context. May interrupt Xen or PV context. */ #define SPEC_CTRL_ENTRY_FROM_INTR \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV @@ -261,11 +294,23 @@ * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rbx, %rcx, %rdx * - * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY - * maybexen=1, but with conditionals rather than alternatives. + * This is logical merge of: + * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_OVERWRITE_RSB + * DO_SPEC_CTRL_ENTRY maybexen=1 + * but with conditionals rather than alternatives. */ movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + test $SCF_ist_ibpb, %bl + jz .L\@_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + +.L\@_skip_ibpb: + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:47:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:47:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366526.597393 (Exim 4.92) (envelope-from ) id 1oBapn-0003Wa-Og; Wed, 13 Jul 2022 11:47:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366526.597393; Wed, 13 Jul 2022 11:47:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapn-0003WS-Li; Wed, 13 Jul 2022 11:47:15 +0000 Received: by outflank-mailman (input) for mailman id 366526; Wed, 13 Jul 2022 11:47:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapm-0003WM-Em for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:47:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapm-0002Pe-Dx for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:47:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBapm-00074Q-DO for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:47:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1MsfVgs4lwC7zjh+v2ScS/UW6FfnWqawWpkqxolmMDM=; b=GJeyo78Jm8E1sLGOBV8m6qGGb8 Vs6IywGU1fPG4sOztaWo91Vb5O+X4AEMh/jaLxlEaQ9UDU5Rqlmt7k/0DDoWWVvlVE25Xz5xYTBP0 3EPpuvpMTndGvZx72Ku4attt1DLgaPSEYAcsqGhstNAhnOLLwHBGxj+erhrmx4VBfYMA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/cpuid: Enumeration for BTC_NO Message-Id: Date: Wed, 13 Jul 2022 11:47:14 +0000 commit 3c71016e68f2aa324c42f66cbedd9571fe89c221 Author: Andrew Cooper AuthorDate: Mon May 16 15:48:24 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/cpuid: Enumeration for BTC_NO BTC_NO indicates that hardware is not succeptable to Branch Type Confusion. Zen3 CPUs don't suffer BTC. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76cb04ad64f3ab9ae785988c40655a71dde9c319) --- tools/libxl/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/cpu/amd.c | 10 ++++++++++ xen/arch/x86/spec_ctrl.c | 5 +++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c index 977a4377bf..11b43807e9 100644 --- a/tools/libxl/libxl_cpuid.c +++ b/tools/libxl/libxl_cpuid.c @@ -274,6 +274,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1}, {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, + {"btc-no", 0x80000008, NA, CPUID_REG_EBX, 29, 1}, {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index ff167779df..52f5059d8f 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -156,7 +156,7 @@ static const char *const str_e8b[32] = [24] = "amd-ssbd", [25] = "virt-ssbd", [26] = "ssb-no", - [28] = "psfd", + [28] = "psfd", [29] = "btc-no", }; static const char *const str_7d0[32] = diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index d5dece37cd..a2041e5138 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -707,6 +707,16 @@ static void init_amd(struct cpuinfo_x86 *c) warning_add(text); } break; + + case 0x19: + /* + * Zen3 (Fam19h model < 0x10) parts are not susceptible to + * Branch Type Confusion, but predate the allocation of the + * BTC_NO bit. Fill it back in if we're not virtualised. + */ + if (!cpu_has_hypervisor && !cpu_has(c, X86_FEATURE_BTC_NO)) + __set_bit(X86_FEATURE_BTC_NO, c->x86_capability); + break; } display_cacheinfo(c); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 4517339ea6..4fdc6e93ad 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -387,7 +387,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * Hardware read-only information, stating immunity to certain issues, or * suggestions of which mitigation to use. */ - printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", @@ -402,7 +402,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (e8b & cpufeat_mask(X86_FEATURE_IBRS_ALWAYS)) ? " IBRS_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", - (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : ""); + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : "", + (e8b & cpufeat_mask(X86_FEATURE_BTC_NO)) ? " BTC_NO" : ""); /* Hardware features which need driving to mitigate issues. */ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 6084e0569d..44b3ba331f 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -258,6 +258,7 @@ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(BTC_NO, 8*32+29) /*A Hardware not vulnerable to Branch Type Confusion */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:47:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:47:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366527.597396 (Exim 4.92) (envelope-from ) id 1oBapx-0003ZZ-Q3; Wed, 13 Jul 2022 11:47:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366527.597396; Wed, 13 Jul 2022 11:47:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapx-0003ZS-NH; Wed, 13 Jul 2022 11:47:25 +0000 Received: by outflank-mailman (input) for mailman id 366527; Wed, 13 Jul 2022 11:47:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapw-0003ZK-HZ for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:47:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBapw-0002Pi-Gk for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:47:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBapw-00074t-GH for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:47:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sUuxj1JjORnK2d8Jqc3bWA/Y3XOyH2CBq3Y6OHMVjZ4=; b=uz2bV0a4t9PhzEy0rowZ8pdJOj aQ2Yp2KaCua5yIi+WjqfFN5/sknf723eOrhlogEgZilZGUMREQS8Hil+8GiSvsgFc/OmEFCEpgwXy ihBHp+0wK0z9ffXSlPdTU6HUmmipoSymBeJ7wv+aoygdSPFyjJ1jISqrm2ZxQp6TOiIM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Enable Zen2 chickenbit Message-Id: Date: Wed, 13 Jul 2022 11:47:24 +0000 commit 3feba68e15d3045db99ab417ad1fcfde2966e22d Author: Andrew Cooper AuthorDate: Tue Mar 15 18:30:25 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Enable Zen2 chickenbit ... as instructed in the Branch Type Confusion whitepaper. This is part of XSA-407. Signed-off-by: Andrew Cooper (cherry picked from commit 9deaf2d932f08c16c6b96a1c426e4b1142c0cdbe) --- xen/arch/x86/cpu/amd.c | 28 ++++++++++++++++++++++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 6 ++++++ xen/include/asm-x86/msr-index.h | 1 + 4 files changed, 36 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index a2041e5138..e9530d581b 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -590,6 +590,31 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) printk_once(XENLOG_ERR "No SSBD controls available\n"); } +/* + * On Zen2 we offer this chicken (bit) on the altar of Speculation. + * + * Refer to the AMD Branch Type Confusion whitepaper: + * https://XXX + * + * Setting this unnamed bit supposedly causes prediction information on + * non-branch instructions to be ignored. It is to be set unilaterally in + * newer microcode. + * + * This chickenbit is something unrelated on Zen1, and Zen1 vs Zen2 isn't a + * simple model number comparison, so use STIBP as a heuristic to separate the + * two uarches in Fam17h(AMD)/18h(Hygon). + */ +void amd_init_spectral_chicken(void) +{ + uint64_t val, chickenbit = 1 << 1; + + if (cpu_has_hypervisor || !boot_cpu_has(X86_FEATURE_AMD_STIBP)) + return; + + if (rdmsr_safe(MSR_AMD64_DE_CFG2, val) == 0 && !(val & chickenbit)) + wrmsr_safe(MSR_AMD64_DE_CFG2, val | chickenbit); +} + static void init_amd(struct cpuinfo_x86 *c) { u32 l, h; @@ -668,6 +693,9 @@ static void init_amd(struct cpuinfo_x86 *c) amd_init_ssbd(c); + if (c->x86 == 0x17) + amd_init_spectral_chicken(); + /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 23ccd66115..680b515b3c 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -20,3 +20,4 @@ extern bool detect_extended_topology(struct cpuinfo_x86 *c); void early_init_amd(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); +void amd_init_spectral_chicken(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index b769e8ad90..c500485dde 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -61,6 +61,12 @@ static void init_hygon(struct cpuinfo_x86 *c) amd_init_ssbd(c); + /* + * TODO: Check heuristic safety with Hygon first + if (c->x86 == 0x18) + amd_init_spectral_chicken(); + */ + /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 20653bd660..7b8a9c2951 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -311,6 +311,7 @@ #define MSR_AMD64_DC_CFG 0xc0011022 #define MSR_AMD64_DE_CFG 0xc0011029 #define AMD64_DE_CFG_LFENCE_SERIALISE (_AC(1, ULL) << 1) +#define MSR_AMD64_DE_CFG2 0xc00110e3 #define MSR_AMD64_DR0_ADDRESS_MASK 0xc0011027 #define MSR_AMD64_DR1_ADDRESS_MASK 0xc0011019 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 11:47:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 11:47:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366528.597400 (Exim 4.92) (envelope-from ) id 1oBaq7-0003cj-TC; Wed, 13 Jul 2022 11:47:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366528.597400; Wed, 13 Jul 2022 11:47:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaq7-0003cb-QP; Wed, 13 Jul 2022 11:47:35 +0000 Received: by outflank-mailman (input) for mailman id 366528; Wed, 13 Jul 2022 11:47:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaq6-0003cF-L2 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:47:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBaq6-0002Pm-Jl for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:47:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBaq6-00075J-JA for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 11:47:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PY8ZzoHMiSraEpSwFaZs6DMqCL8/x+I8ItgfDdLXgQM=; b=WVaDDXCIZESNO3kV6JDuV8/bNm 5L3iVAxQHvJ4S3xoIXI6zi+vp2Cq2WPspaUnUDOAPSA63CTgz8fUZY7J1kTSziOb8o6aBQWaPVAKk 7BOTp2ce9/HS+LCVUwB5bptSv1gXRweKrjIxw+bNLO70d+r//Xd3k/1zijmdv1zlbRro=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Mitigate Branch Type Confusion when possible Message-Id: Date: Wed, 13 Jul 2022 11:47:34 +0000 commit f8614c7153f95dcd1a1320156787dbc5325fd946 Author: Andrew Cooper AuthorDate: Mon Jun 27 19:29:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:33:19 2022 +0100 x86/spec-ctrl: Mitigate Branch Type Confusion when possible Branch Type Confusion affects AMD/Hygon CPUs on Zen2 and earlier. To mitigate, we require SMT safety (STIBP on Zen2, no-SMT on Zen1), and to issue an IBPB on each entry to Xen, to flush the BTB. Due to performance concerns, dom0 (which is trusted in most configurations) is excluded from protections by default. Therefore: * Use STIBP by default on Zen2 too, which now means we want it on by default on all hardware supporting STIBP. * Break the current IBPB logic out into a new function, extending it with IBPB-at-entry logic. * Change the existing IBPB-at-ctxt-switch boolean to be tristate, and disable it by default when IBPB-at-entry is providing sufficient safety. If all PV guests on the system are trusted, then it is recommended to boot with `spec-ctrl=ibpb-entry=no-pv`, as this will provide an additional marginal perf improvement. This is part of XSA-407 / CVE-2022-23825. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit d8cb7e0f069e0f106d24941355b59b45a731eabe) --- docs/misc/xen-command-line.pandoc | 14 +++-- xen/arch/x86/spec_ctrl.c | 113 ++++++++++++++++++++++++++++++++++---- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 112 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 359859b518..956ecd5a35 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2034,7 +2034,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,md-clear}=|{pv,hvm}=, +> {msr-sc,rsb,md-clear,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2059,9 +2059,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine -grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and/or Xen's ability to virtualise support for guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `md-clear=` and `ibpb-entry=` options +offer fine grained control over the primitives by Xen. These impact Xen's +ability to protect itself, and/or Xen's ability to virtualise support for +guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2080,6 +2081,11 @@ protect itself, and/or Xen's ability to virtualise support for guests to use. compatibility with development versions of this fix, `mds=` is also accepted on Xen 4.12 and earlier as an alias. Consult vendor documentation in preference to here.* +* `ibpb-entry=` offers control over whether IBPB (Indirect Branch Prediction + Barrier) is used on entry to Xen. This is used by default on hardware + vulnerable to Branch Type Confusion, but for performance reasons, dom0 is + unprotected by default. If it necessary to protect dom0 too, boot with + `spec-ctrl=ibpb-entry`. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 4fdc6e93ad..bfa5d27e00 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -39,6 +39,10 @@ static bool __initdata opt_rsb_hvm = true; static int8_t __read_mostly opt_md_clear_pv = -1; static int8_t __read_mostly opt_md_clear_hvm = -1; +static int8_t __read_mostly opt_ibpb_entry_pv = -1; +static int8_t __read_mostly opt_ibpb_entry_hvm = -1; +static bool __read_mostly opt_ibpb_entry_dom0; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -54,7 +58,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb_ctxt_switch = true; +int8_t __read_mostly opt_ibpb_ctxt_switch = -1; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -115,6 +119,9 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = false; opt_md_clear_pv = 0; opt_md_clear_hvm = 0; + opt_ibpb_entry_pv = 0; + opt_ibpb_entry_hvm = 0; + opt_ibpb_entry_dom0 = false; opt_thunk = THUNK_JMP; opt_ibrs = 0; @@ -141,12 +148,14 @@ static int __init parse_spec_ctrl(const char *s) opt_msr_sc_pv = val; opt_rsb_pv = val; opt_md_clear_pv = val; + opt_ibpb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { opt_msr_sc_hvm = val; opt_rsb_hvm = val; opt_md_clear_hvm = val; + opt_ibpb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -211,6 +220,28 @@ static int __init parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("ibpb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_ibpb_entry_pv = opt_ibpb_entry_hvm = + opt_ibpb_entry_dom0 = val; + break; + + case -2: + s += strlen("ibpb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_ibpb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_ibpb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -474,27 +505,31 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -727,6 +762,55 @@ static bool __init should_use_eager_fpu(void) } } +static void __init ibpb_calculations(void) +{ + /* Check we have hardware IBPB support before using it... */ + if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) + { + opt_ibpb_entry_hvm = opt_ibpb_entry_pv = opt_ibpb_ctxt_switch = 0; + opt_ibpb_entry_dom0 = false; + return; + } + + /* + * IBPB-on-entry mitigations for Branch Type Confusion. + * + * IBPB && !BTC_NO selects all AMD/Hygon hardware, not known to be safe, + * that we can provide some form of mitigation on. + */ + if ( opt_ibpb_entry_pv == -1 ) + opt_ibpb_entry_pv = (IS_ENABLED(CONFIG_PV) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + if ( opt_ibpb_entry_hvm == -1 ) + opt_ibpb_entry_hvm = (IS_ENABLED(CONFIG_HVM) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + + if ( opt_ibpb_entry_pv ) + { + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_PV); + + /* + * We only need to flush in IST context if we're protecting against PV + * guests. HVM IBPB-on-entry protections are both atomic with + * NMI/#MC, so can't interrupt Xen ahead of having already flushed the + * BTB. + */ + default_spec_ctrl_flags |= SCF_ist_ibpb; + } + if ( opt_ibpb_entry_hvm ) + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); + + /* + * If we're using IBPB-on-entry to protect against PV and HVM guests + * (ignoring dom0 if trusted), then there's no need to also issue IBPB on + * context switch too. + */ + if ( opt_ibpb_ctxt_switch == -1 ) + opt_ibpb_ctxt_switch = !(opt_ibpb_entry_hvm && opt_ibpb_entry_pv); +} + /* Calculate whether this CPU is vulnerable to L1TF. */ static __init void l1tf_calculations(uint64_t caps) { @@ -982,8 +1066,12 @@ void spec_ctrl_init_domain(struct domain *d) bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || (opt_fb_clear_mmio && is_iommu_enabled(d))); + bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && + (d->domain_id != 0 || opt_ibpb_entry_dom0)); + d->arch.spec_ctrl_flags = (verw ? SCF_verw : 0) | + (ibpb ? SCF_entry_ibpb : 0) | 0; } @@ -1111,12 +1199,15 @@ void __init init_speculation_mitigations(void) } /* - * Use STIBP by default if the hardware hint is set. Otherwise, leave it - * off as it a severe performance pentalty on pre-eIBRS Intel hardware - * where it was retrofitted in microcode. + * Use STIBP by default on all AMD systems. Zen3 and later enumerate + * STIBP_ALWAYS, but STIBP is needed on Zen2 as part of the mitigations + * for Branch Type Confusion. + * + * Leave STIBP off by default on Intel. Pre-eIBRS systems suffer a + * substantial perf hit when it was implemented in microcode. */ if ( opt_stibp == -1 ) - opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + opt_stibp = !!boot_cpu_has(X86_FEATURE_AMD_STIBP); if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) @@ -1169,9 +1260,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_hvm ) setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM); - /* Check we have hardware IBPB support before using it... */ - if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb_ctxt_switch = false; + ibpb_calculations(); /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 8b69a81917..2f15ae9814 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -65,7 +65,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb_ctxt_switch; +extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 12:22:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 12:22:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366560.597437 (Exim 4.92) (envelope-from ) id 1oBbNT-0001SZ-ES; Wed, 13 Jul 2022 12:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366560.597437; Wed, 13 Jul 2022 12:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbNT-0001SS-BZ; Wed, 13 Jul 2022 12:22:03 +0000 Received: by outflank-mailman (input) for mailman id 366560; Wed, 13 Jul 2022 12:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbNS-0001S6-3b for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbNS-00032C-2M for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBbNS-0000Nh-1Q for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/IIcsopzZAndiBStLfRCEu2siJq4UHcH54OMg9N632k=; b=nJttQvaeLIfW7FH3N2mG+pgDeo If/LpiRIMRTxBo5WHm8YQ4gJTm11+HAJfbZNMK3hs/v15H8FDZIUriR3nu3yubtbSyDKvxbqnEOE6 UJCCRHLQE12/aWRXtuOVMrQS+ikvryTcCq07WPD/Pm4f6rHnxV8lS7KbRCYPxaTIAmmc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option Message-Id: Date: Wed, 13 Jul 2022 12:22:02 +0000 commit 104dd4618ed0aeba098d8cf5e70978969f9e2d5c Author: Andrew Cooper AuthorDate: Fri Jul 8 16:11:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option This was an oversight from when unpriv-mmio was introduced. Fixes: 8c24b70fedcb ("x86/spec-ctrl: Add spec-ctrl=unpriv-mmio") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4cdb519d797c19ebb8fadc5938cdb47479d5a21b) --- xen/arch/x86/spec_ctrl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 83b856fa91..58a2797dfe 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -118,6 +118,7 @@ static int __init parse_spec_ctrl(const char *s) opt_l1d_flush = 0; opt_branch_harden = false; opt_srb_lock = 0; + opt_unpriv_mmio = false; } else if ( val > 0 ) rc = -EINVAL; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 12:22:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 12:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366561.597441 (Exim 4.92) (envelope-from ) id 1oBbNd-0001Ue-Fp; Wed, 13 Jul 2022 12:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366561.597441; Wed, 13 Jul 2022 12:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbNd-0001UW-D9; Wed, 13 Jul 2022 12:22:13 +0000 Received: by outflank-mailman (input) for mailman id 366561; Wed, 13 Jul 2022 12:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbNc-0001UM-6X for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbNc-00032M-5f for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBbNc-0000O6-4e for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UkXZ91SKW7NltudLwW62sDn8OOHfCF3kG7PW15ULCbQ=; b=HgDp/hYKKKAZNlmvUqytEMIK1W lM7b6BL04Cdp6FOiGeMvbPGBzX+ZjBTu4OoAEiUThSW2+Z0efo7e1oFpRuZdIdoR5kjkObVNnnoXA ofvTv4+iJCcSRfuMLvk7ZFNYjwWe4O3Km+Xv4NfFgQXFR/ULzwyvite6rnHQjr62KOnM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Message-Id: Date: Wed, 13 Jul 2022 12:22:12 +0000 commit a556377de55116b8d4151315ff85f6615e83d52d Author: Andrew Cooper AuthorDate: Mon Jun 27 11:54:27 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS Back at the time of the original Spectre-v2 fixes, it was recommended to clear MSR_SPEC_CTRL when going idle. This is because of the side effects on the sibling thread caused by the microcode IBRS and STIBP implementations which were retrofitted to existing CPUs. However, there are no relevant cross-thread impacts for the hardware IBRS/STIBP implementations, so this logic should not be used on Intel CPUs supporting eIBRS, or any AMD CPUs; doing so only adds unnecessary latency to the idle path. Furthermore, there's no point playing with MSR_SPEC_CTRL in the idle paths if SMT is disabled for other reasons. Fixes: 8d03080d2a33 ("x86/spec-ctrl: Cease using thunk=lfence on AMD") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné (cherry picked from commit ffc7694e0c99eea158c32aa164b7d1e1bb1dc46b) --- xen/arch/x86/spec_ctrl.c | 10 ++++++++-- xen/include/asm-x86/cpufeatures.h | 2 +- xen/include/asm-x86/spec_ctrl.h | 5 +++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 58a2797dfe..d7f767b073 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1104,8 +1104,14 @@ void __init init_speculation_mitigations(void) /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ init_shadow_spec_ctrl_state(); - /* If Xen is using any MSR_SPEC_CTRL settings, adjust the idle path. */ - if ( default_xen_spec_ctrl ) + /* + * For microcoded IBRS only (i.e. Intel, pre eIBRS), it is recommended to + * clear MSR_SPEC_CTRL before going idle, to avoid impacting sibling + * threads. Activate this if SMT is enabled, and Xen is using a non-zero + * MSR_SPEC_CTRL setting. + */ + if ( boot_cpu_has(X86_FEATURE_IBRSB) && !(caps & ARCH_CAPS_IBRS_ALL) && + hw_smt_enabled && default_xen_spec_ctrl ) setup_force_cpu_cap(X86_FEATURE_SC_MSR_IDLE); xpti_init_default(caps); diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 9eaab7a2a1..f7488d3ccb 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -33,7 +33,7 @@ XEN_CPUFEATURE(SC_MSR_HVM, X86_SYNTH(17)) /* MSR_SPEC_CTRL used by Xen fo XEN_CPUFEATURE(SC_RSB_PV, X86_SYNTH(18)) /* RSB overwrite needed for PV */ XEN_CPUFEATURE(SC_RSB_HVM, X86_SYNTH(19)) /* RSB overwrite needed for HVM */ XEN_CPUFEATURE(XEN_SELFSNOOP, X86_SYNTH(20)) /* SELFSNOOP gets used by Xen itself */ -XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* (SC_MSR_PV || SC_MSR_HVM) && default_xen_spec_ctrl */ +XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on idle */ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ /* Bits 23,24 unused. */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 68f6c46c47..12283573cd 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -78,7 +78,8 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) uint32_t val = 0; /* - * Branch Target Injection: + * It is recommended in some cases to clear MSR_SPEC_CTRL when going idle, + * to avoid impacting sibling threads. * * Latch the new shadow value, then enable shadowing, then update the MSR. * There are no SMP issues here; only local processor ordering concerns. @@ -114,7 +115,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) uint32_t val = info->xen_spec_ctrl; /* - * Branch Target Injection: + * Restore MSR_SPEC_CTRL on exit from idle. * * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 12:22:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 12:22:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366562.597444 (Exim 4.92) (envelope-from ) id 1oBbNn-0001Xb-HK; Wed, 13 Jul 2022 12:22:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366562.597444; Wed, 13 Jul 2022 12:22:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbNn-0001XT-Ee; Wed, 13 Jul 2022 12:22:23 +0000 Received: by outflank-mailman (input) for mailman id 366562; Wed, 13 Jul 2022 12:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbNm-0001XA-9n for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbNm-00032W-8o for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBbNm-0000OX-7z for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/VoS8CCW6qTP8a9lPzPpl1oSFc13L4QuLJaJqYruhec=; b=vZEdfx6PoOVgFm1phvseAH0VD0 yQ+KgN4oXWEF4J/LtBpX0Fl/LO8fnbBwjBbiz7N+4zZAwQjuKpv7TIn33r5bvaGNxMwUIbJ8FPbDr THN/rShp3MZqwhIZG4y8IBDmOczM0WFyHVUe5afhyAs+HWPyno6Ua17vfNeZ0MzyvJk4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint Message-Id: Date: Wed, 13 Jul 2022 12:22:22 +0000 commit f1786895f194cdd0c7fec4ff192cef8e4aa3ff9d Author: Andrew Cooper AuthorDate: Wed Mar 16 13:07:40 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint STIBP and PSFD are slightly weird bits, because they're both implied by other bits in MSR_SPEC_CTRL. Add fine grain controls for them, and take the implications into account when setting IBRS/SSBD. Rearrange the IBPB text/variables/logic to keep all the MSR_SPEC_CTRL bits together, for consistency. However, AMD have a hardware hint CPUID bit recommending that STIBP be set unilaterally. This is advertised on Zen3, so follow the recommendation. Furthermore, in such cases, set STIBP behind the guest's back for now. This has negligible overhead for the guest, but saves a WRMSR on vmentry. This is the only default change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit fef244b179c06fcdfa581f7d57fa6e578c49ff50) --- docs/misc/xen-command-line.pandoc | 21 ++++++++++--- xen/arch/x86/hvm/svm/vmcb.c | 9 ++++++ xen/arch/x86/spec_ctrl.c | 65 +++++++++++++++++++++++++++++++++------ 3 files changed, 81 insertions(+), 14 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index d1d5852cdd..2302cec91f 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2105,8 +2105,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, -> l1d-flush,branch-harden,srb-lock,unpriv-mmio}= ]` +> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> eager-fpu,l1d-flush,branch-harden,srb-lock, +> unpriv-mmio}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2156,9 +2157,10 @@ On hardware supporting IBRS (Indirect Branch Restricted Speculation), the If Xen is not using IBRS itself, functionality is still set up so IBRS can be virtualised for guests. -On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` -option can be used to force (the default) or prevent Xen from issuing branch -prediction barriers on vcpu context switches. +On hardware supporting STIBP (Single Thread Indirect Branch Predictors), the +`stibp=` option can be used to force or prevent Xen using the feature itself. +By default, Xen will use STIBP when IBRS is in use (IBRS implies STIBP), and +when hardware hints recommend using it as a blanket setting. On hardware supporting SSBD (Speculative Store Bypass Disable), the `ssbd=` option can be used to force or prevent Xen using the feature itself. On AMD @@ -2166,6 +2168,15 @@ hardware, this is a global option applied at boot, and not virtualised for guest use. On Intel hardware, the feature is virtualised for guests, independently of Xen's choice of setting. +On hardware supporting PSFD (Predictive Store Forwarding Disable), the `psfd=` +option can be used to force or prevent Xen using the feature itself. By +default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by +default. + +On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` +option can be used to force (the default) or prevent Xen from issuing branch +prediction barriers on vcpu context switches. + On all hardware, the `eager-fpu=` option can be used to force or prevent Xen from using fully eager FPU context switches. This is currently implemented as a global control. By default, Xen will choose to use fully eager context diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 55da9302e5..a0bf9f4e05 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -29,6 +29,7 @@ #include #include #include +#include struct vmcb_struct *alloc_vmcb(void) { @@ -175,6 +176,14 @@ static int construct_vmcb(struct vcpu *v) vmcb->_pause_filter_thresh = SVM_PAUSETHRESH_INIT; } + /* + * When default_xen_spec_ctrl simply SPEC_CTRL_STIBP, default this behind + * the back of the VM too. Our SMT topology isn't accurate, the overhead + * is neglegable, and doing this saves a WRMSR on the vmentry path. + */ + if ( default_xen_spec_ctrl == SPEC_CTRL_STIBP ) + v->arch.msrs->spec_ctrl.raw = SPEC_CTRL_STIBP; + return 0; } diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index d7f767b073..06790897e4 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -48,9 +48,13 @@ static enum ind_thunk { THUNK_LFENCE, THUNK_JMP, } opt_thunk __initdata = THUNK_DEFAULT; + static int8_t __initdata opt_ibrs = -1; +int8_t __initdata opt_stibp = -1; +bool __read_mostly opt_ssbd; +int8_t __initdata opt_psfd = -1; + bool __read_mostly opt_ibpb = true; -bool __read_mostly opt_ssbd = false; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -173,12 +177,20 @@ static int __init parse_spec_ctrl(const char *s) else rc = -EINVAL; } + + /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) opt_ibrs = val; - else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + else if ( (val = parse_boolean("stibp", s, ss)) >= 0 ) + opt_stibp = val; else if ( (val = parse_boolean("ssbd", s, ss)) >= 0 ) opt_ssbd = val; + else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) + opt_psfd = val; + + /* Misc settings. */ + else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) + opt_ibpb = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -377,7 +389,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -391,6 +403,9 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (!boot_cpu_has(X86_FEATURE_SSBD) && !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", + (!boot_cpu_has(X86_FEATURE_PSFD) && + !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -951,10 +966,7 @@ void __init init_speculation_mitigations(void) if ( !has_spec_ctrl ) printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); else if ( opt_ibrs == -1 ) - { opt_ibrs = ibrs = true; - default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; - } if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) thunk = THUNK_JMP; @@ -1058,14 +1070,49 @@ void __init init_speculation_mitigations(void) setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - /* If we have IBRS available, see whether we should use it. */ + /* Figure out default_xen_spec_ctrl. */ if ( has_spec_ctrl && ibrs ) + { + /* IBRS implies STIBP. */ + if ( opt_stibp == -1 ) + opt_stibp = 1; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + } + + /* + * Use STIBP by default if the hardware hint is set. Otherwise, leave it + * off as it a severe performance pentalty on pre-eIBRS Intel hardware + * where it was retrofitted in microcode. + */ + if ( opt_stibp == -1 ) + opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + + if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || + boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) + default_xen_spec_ctrl |= SPEC_CTRL_STIBP; - /* If we have SSBD available, see whether we should use it. */ if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) + { + /* SSBD implies PSFD */ + if ( opt_psfd == -1 ) + opt_psfd = 1; + default_xen_spec_ctrl |= SPEC_CTRL_SSBD; + } + + /* + * Don't use PSFD by default. AMD designed the predictor to + * auto-clear on privilege change. PSFD is implied by SSBD, which is + * off by default. + */ + if ( opt_psfd == -1 ) + opt_psfd = 0; + + if ( opt_psfd && (boot_cpu_has(X86_FEATURE_PSFD) || + boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ) + default_xen_spec_ctrl |= SPEC_CTRL_PSFD; /* * PV guests can poison the RSB to any virtual address from which -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 12:22:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 12:22:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366563.597448 (Exim 4.92) (envelope-from ) id 1oBbNx-0001aD-Il; Wed, 13 Jul 2022 12:22:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366563.597448; Wed, 13 Jul 2022 12:22:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbNx-0001a5-GB; Wed, 13 Jul 2022 12:22:33 +0000 Received: by outflank-mailman (input) for mailman id 366563; Wed, 13 Jul 2022 12:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbNw-0001Zv-E6 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbNw-00032h-DE for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBbNw-0000Oy-B1 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n4rhhd8cAGHlum9xFcWoKKtc31p7znjuvQcKx8anmQ8=; b=BxBlaEtsdsu1bEspZQiSlVNkm6 qgJiRcQpnLSt9v8P/j3shWio40Z333fgVgTXMaWqLEXl9QULqtoZ827p/2bIYly8sHaWagt33jdA6 3B/WruMUiPe+E63Ch4mi11WvEqLtzi83d9wibZ1yWMVuZGacf4x2u3HhdTWIvLhVEQBg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] xen/cmdline: Extend parse_boolean() to signal a name match Message-Id: Date: Wed, 13 Jul 2022 12:22:32 +0000 commit 2d316660e542fb843f8ac394cc0f961787d19301 Author: Andrew Cooper AuthorDate: Tue Jul 5 19:19:01 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 xen/cmdline: Extend parse_boolean() to signal a name match This will help parsing a sub-option which has boolean and non-boolean options available. First, rework 'int val' into 'bool has_neg_prefix'. This inverts it's value, but the resulting logic is far easier to follow. Second, reject anything of the form 'no-$FOO=' which excludes ambiguous constructs such as 'no-$foo=yes' which have never been valid. This just leaves the case where everything is otherwise fine, but parse_bool() can't interpret the provided string. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross Reviewed-by: Jan Beulich (cherry picked from commit 382326cac528dd1eb0d04efd5c05363c453e29f4) --- xen/common/kernel.c | 20 ++++++++++++++++---- xen/include/xen/lib.h | 3 ++- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index c3a943f077..f07ff41d88 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -272,9 +272,9 @@ int parse_bool(const char *s, const char *e) int parse_boolean(const char *name, const char *s, const char *e) { size_t slen, nlen; - int val = !!strncmp(s, "no-", 3); + bool has_neg_prefix = !strncmp(s, "no-", 3); - if ( !val ) + if ( has_neg_prefix ) s += 3; slen = e ? ({ ASSERT(e >= s); e - s; }) : strlen(s); @@ -286,11 +286,23 @@ int parse_boolean(const char *name, const char *s, const char *e) /* Exact, unadorned name? Result depends on the 'no-' prefix. */ if ( slen == nlen ) - return val; + return !has_neg_prefix; + + /* Inexact match with a 'no-' prefix? Not valid. */ + if ( has_neg_prefix ) + return -1; /* =$SOMETHING? Defer to the regular boolean parsing. */ if ( s[nlen] == '=' ) - return parse_bool(&s[nlen + 1], e); + { + int b = parse_bool(&s[nlen + 1], e); + + if ( b >= 0 ) + return b; + + /* Not a boolean, but the name matched. Signal specially. */ + return -2; + } /* Unrecognised. Give up. */ return -1; diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index 076bcfb67d..900c0ce3e4 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -82,7 +82,8 @@ int parse_bool(const char *s, const char *e); /** * Given a specific name, parses a string of the form: * [no-]$NAME[=...] - * returning 0 or 1 for a recognised boolean, or -1 for an error. + * returning 0 or 1 for a recognised boolean. Returns -1 for general errors, + * and -2 for "not a boolean, but $NAME= matches". */ int parse_boolean(const char *name, const char *s, const char *e); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 12:22:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 12:22:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366564.597453 (Exim 4.92) (envelope-from ) id 1oBbO7-0001dC-KO; Wed, 13 Jul 2022 12:22:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366564.597453; Wed, 13 Jul 2022 12:22:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbO7-0001d4-Hi; Wed, 13 Jul 2022 12:22:43 +0000 Received: by outflank-mailman (input) for mailman id 366564; Wed, 13 Jul 2022 12:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbO6-0001cm-HK for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbO6-00032o-GU for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBbO6-0000PP-Fi for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DTjwEWxUP0PUh2mdk2/8dtsgnjycJ0LYc2VOSCKPVgY=; b=jibmAExRehsWFofQcnlheKZ4Xv fESTGwf4KmuB8y7Ei1khiReM0jPqml/b0Cinw7/JlwsE/4dQJC92hyvCGJGWx/HMKiZw0SITkbYI5 i4vfJ+0kV5z7X5deUGZ9H4ld/qLCcCPP5qZOYh6kk4bEWwgpgZW1Nr6lZWN85dHs3lIo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Message-Id: Date: Wed, 13 Jul 2022 12:22:42 +0000 commit e5fd5081e078ec4ac6e0f3b60fe6c1475a3f2e18 Author: Andrew Cooper AuthorDate: Fri Jul 8 16:44:43 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives Support controling the PV/HVM suboption of msr-sc/rsb/md-clear, which previously wasn't possible. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 27357c394ba6e1571a89105b840ce1c6f026485c) --- docs/misc/xen-command-line.pandoc | 12 +++++-- xen/arch/x86/spec_ctrl.c | 66 +++++++++++++++++++++++++++++++++------ 2 files changed, 66 insertions(+), 12 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 2302cec91f..a84f5c1921 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2104,7 +2104,8 @@ not be able to control the state of the mitigation. By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) -> `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, +> `= List of [ , xen=, {pv,hvm}=, +> {msr-sc,rsb,md-clear}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2129,12 +2130,17 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The booleans `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` offer fine +The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and Xen's ability to virtualise support for guests to use. +protect itself, and/or Xen's ability to virtualise support for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. +* Each other option can be used either as a plain boolean + (e.g. `spec-ctrl=rsb` to control both the PV and HVM sub-options), or with + `pv=` or `hvm=` subsuboptions (e.g. `spec-ctrl=rsb=no-hvm` to disable HVM + RSB only). + * `msr-sc=` offers control over Xen's support for manipulating `MSR_SPEC_CTRL` on entry and exit. These blocks are necessary to virtualise support for guests and if disabled, guests will be unable to use IBRS/STIBP/SSBD/etc. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 06790897e4..225fe08259 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -147,20 +147,68 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_md_clear_hvm = val; } - else if ( (val = parse_boolean("msr-sc", s, ss)) >= 0 ) + else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { - opt_msr_sc_pv = val; - opt_msr_sc_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_msr_sc_pv = opt_msr_sc_hvm = val; + break; + + case -2: + s += strlen("msr-sc="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_msr_sc_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_msr_sc_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("rsb", s, ss)) >= 0 ) + else if ( (val = parse_boolean("rsb", s, ss)) != -1 ) { - opt_rsb_pv = val; - opt_rsb_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_rsb_pv = opt_rsb_hvm = val; + break; + + case -2: + s += strlen("rsb="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_rsb_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_rsb_hvm = val; + else + default: + rc = -EINVAL; + break; + } } - else if ( (val = parse_boolean("md-clear", s, ss)) >= 0 ) + else if ( (val = parse_boolean("md-clear", s, ss)) != -1 ) { - opt_md_clear_pv = val; - opt_md_clear_hvm = val; + switch ( val ) + { + case 0: + case 1: + opt_md_clear_pv = opt_md_clear_hvm = val; + break; + + case -2: + s += strlen("md-clear="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_md_clear_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_md_clear_hvm = val; + else + default: + rc = -EINVAL; + break; + } } /* Xen's speculative sidechannel mitigation settings. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 12:22:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 12:22:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366565.597457 (Exim 4.92) (envelope-from ) id 1oBbOH-0001gu-Nc; Wed, 13 Jul 2022 12:22:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366565.597457; Wed, 13 Jul 2022 12:22:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOH-0001gl-Ko; Wed, 13 Jul 2022 12:22:53 +0000 Received: by outflank-mailman (input) for mailman id 366565; Wed, 13 Jul 2022 12:22:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOG-0001gW-Ke for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOG-00033K-Jk for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBbOG-0000Pq-Ix for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:22:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XVxQl+V1IrO3SFJ7HGOf4Fk6epkgILTLjJpdoC7D1r4=; b=0q9EfsJMX86MXZwn08p2+liAMT LHoE5FiBHogDFANQ75sfYtQXQprbi//qwCYE0yWzmkqecpWeDoKlxhPdVU5BANQ67kjPUBQK3evWu DCSm02+q2c/O7Ucd4jS4+OXrUw9lydNtZ9iHqemjGiukpCzf/XnAz5SMuAYdwDm1TrYA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Rework spec_ctrl_flags context switching Message-Id: Date: Wed, 13 Jul 2022 12:22:52 +0000 commit b60c995d67e764cc634fc1b705b8a9502de0a4e1 Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Rework spec_ctrl_flags context switching We are shortly going to need to context switch new bits in both the vcpu and S3 paths. Introduce SCF_IST_MASK and SCF_DOM_MASK, and rework d->arch.verw into d->arch.spec_ctrl_flags to accommodate. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5796912f7279d9348a3166655588d30eae9f72cc) --- xen/arch/x86/acpi/power.c | 8 ++++---- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/spec_ctrl.c | 9 ++++++--- xen/include/asm-x86/domain.h | 3 +-- xen/include/asm-x86/spec_ctrl.h | 30 +++++++++++++++++++++++++++++- xen/include/asm-x86/spec_ctrl_asm.h | 3 --- 6 files changed, 44 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 774e0fcd35..06f3e0e9f3 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -246,8 +246,8 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; + /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ + ci->spec_ctrl_flags &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -290,8 +290,8 @@ static int enter_state(u32 state) if ( !recheck_cpu_features(0) ) panic("Missing previously available feature(s)\n"); - /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); + /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ + ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 5ea5ef6ba0..305a63b67e 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1838,10 +1838,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the VERW disposition. */ - info->spec_ctrl_flags &= ~SCF_verw; - if ( nextd->arch.verw ) - info->spec_ctrl_flags |= SCF_verw; + /* Update the top-of-stack block with the new spec_ctrl settings. */ + info->spec_ctrl_flags = + (info->spec_ctrl_flags & ~SCF_DOM_MASK) | + (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 225fe08259..0fabfbe2a9 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -981,9 +981,12 @@ void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); - d->arch.verw = - (pv ? opt_md_clear_pv : opt_md_clear_hvm) || - (opt_fb_clear_mmio && is_iommu_enabled(d)); + bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || + (opt_fb_clear_mmio && is_iommu_enabled(d))); + + d->arch.spec_ctrl_flags = + (verw ? SCF_verw : 0) | + 0; } void __init init_speculation_mitigations(void) diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index 4ee76bba45..53d5a43ec0 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -308,8 +308,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - /* Use VERW on return-to-guest for its flushing side effect. */ - bool verw; + uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 12283573cd..60d6d2dc94 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -20,12 +20,40 @@ #ifndef __X86_SPEC_CTRL_H__ #define __X86_SPEC_CTRL_H__ -/* Encoding of cpuinfo.spec_ctrl_flags */ +/* + * Encoding of: + * cpuinfo.spec_ctrl_flags + * default_spec_ctrl_flags + * domain.spec_ctrl_flags + * + * Live settings are in the top-of-stack block, because they need to be + * accessable when XPTI is active. Some settings are fixed from boot, some + * context switched per domain, and some inhibited in the S3 path. + */ #define SCF_use_shadow (1 << 0) #define SCF_ist_wrmsr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +/* + * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some + * functionality requires updated microcode to work. + * + * On boot, this is easy; we load microcode before figuring out which + * speculative protections to apply. However, on the S3 resume path, we must + * be able to disable the configured mitigations until microcode is reloaded. + * + * These are the controls to inhibit on the S3 resume path until microcode has + * been reloaded. + */ +#define SCF_IST_MASK (SCF_ist_wrmsr) + +/* + * Some speculative protections are per-domain. These settings are merged + * into the top-of-stack block in the context switch path. + */ +#define SCF_DOM_MASK (SCF_verw) + #ifndef __ASSEMBLY__ #include diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 5a590bac44..66b00d511f 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -248,9 +248,6 @@ /* * Use in IST interrupt/exception context. May interrupt Xen or PV context. - * Fine grain control of SCF_ist_wrmsr is needed for safety in the S3 resume - * path to avoid using MSR_SPEC_CTRL before the microcode introducing it has - * been reloaded. */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 12:23:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 12:23:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366566.597460 (Exim 4.92) (envelope-from ) id 1oBbOS-0001jq-Ox; Wed, 13 Jul 2022 12:23:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366566.597460; Wed, 13 Jul 2022 12:23:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOS-0001jg-MK; Wed, 13 Jul 2022 12:23:04 +0000 Received: by outflank-mailman (input) for mailman id 366566; Wed, 13 Jul 2022 12:23:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOQ-0001jY-Nc for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOQ-00033e-Ml for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBbOQ-0000QT-M6 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=K+GO0k+tbGrcnOcAA7eq3RxWTQjq94Srea8Gudp4Sac=; b=Rt/pzEoS/V3mJ0vlUZllSxy8g5 f99cUT9e1xPYR+jaQVwKHwi1Uu96y5L6WNFQRk8/XdCupZ02TK09TnZ9AtBmCaZuZ44gZ+JaD4YOn 1TGrnWavXWI2hVg4YAY94JP755Q/qr4QCo8RoKWU4sxySJDcR4NNRm7YeuEZTqBZn+qI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr Message-Id: Date: Wed, 13 Jul 2022 12:23:02 +0000 commit 73465a7fa1c4a18b9c0c589f5dd861eb57635741 Author: Andrew Cooper AuthorDate: Tue Jun 28 14:36:56 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr We are about to introduce SCF_ist_ibpb, at which point SCF_ist_wrmsr becomes ambiguous. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76d6a36f645dfdbad8830559d4d52caf36efc75e) --- xen/arch/x86/spec_ctrl.c | 6 +++--- xen/include/asm-x86/spec_ctrl.h | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0fabfbe2a9..a6def47061 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1086,7 +1086,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1097,7 +1097,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1110,7 +1110,7 @@ void __init init_speculation_mitigations(void) * on real hardware matches the availability of MSR_SPEC_CTRL in the * first place. * - * No need for SCF_ist_wrmsr because Xen's value is restored + * No need for SCF_ist_sc_msr because Xen's value is restored * atomically WRT NMIs in the VMExit path. * * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 60d6d2dc94..6f8b0e0934 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -31,7 +31,7 @@ * context switched per domain, and some inhibited in the S3 path. */ #define SCF_use_shadow (1 << 0) -#define SCF_ist_wrmsr (1 << 1) +#define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) @@ -46,7 +46,7 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_wrmsr) +#define SCF_IST_MASK (SCF_ist_sc_msr) /* * Some speculative protections are per-domain. These settings are merged diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 66b00d511f..0ff1b118f8 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -266,8 +266,8 @@ .L\@_skip_rsb: - test $SCF_ist_wrmsr, %al - jz .L\@_skip_wrmsr + test $SCF_ist_sc_msr, %al + jz .L\@_skip_msr_spec_ctrl xor %edx, %edx testb $3, UREGS_cs(%rsp) @@ -290,7 +290,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * to speculate around the WRMSR. As a result, we need a dispatch * serialising instruction in the else clause. */ -.L\@_skip_wrmsr: +.L\@_skip_msr_spec_ctrl: lfence UNLIKELY_END(\@_serialise) .endm @@ -301,7 +301,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %rbx=stack_end * Clobbers %rax, %rcx, %rdx */ - testb $SCF_ist_wrmsr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) + testb $SCF_ist_sc_msr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) jz .L\@_skip DO_SPEC_CTRL_EXIT_TO_XEN -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 12:23:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 12:23:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366567.597465 (Exim 4.92) (envelope-from ) id 1oBbOc-0001n8-QF; Wed, 13 Jul 2022 12:23:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366567.597465; Wed, 13 Jul 2022 12:23:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOc-0001n1-No; Wed, 13 Jul 2022 12:23:14 +0000 Received: by outflank-mailman (input) for mailman id 366567; Wed, 13 Jul 2022 12:23:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOa-0001mp-Qk for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOa-00033r-Py for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBbOa-0000Qy-P5 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9ZRgKFw5SkJKmTUz2dSZNs01hznlC6yFCq7Z4P4EpAU=; b=uJJ6ScZAsW3DbgtZgu88HOSVYz AKfrEWZupPVPmepeLhCWBL5yGUwERQJI8Klb1VlLHap/b/D3XiJ9wgcSGwgR3o1hPZbTaVvshCeBm FEc3BCaUYsVXslhoKT/UYuFAMiO3AdTqF6znguV1dp3M2kVCKNQf5hRRJH5WUdH7TVMg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch Message-Id: Date: Wed, 13 Jul 2022 12:23:12 +0000 commit 51e812af8bd68fbe419b55019aae320679a76f1d Author: Andrew Cooper AuthorDate: Mon Jul 4 21:32:17 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch We are about to introduce the use of IBPB at different points in Xen, making opt_ibpb ambiguous. Rename it to opt_ibpb_ctxt_switch. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit a8e5ef079d6f5c88c472e3e620db5a8d1402a50d) --- xen/arch/x86/domain.c | 2 +- xen/arch/x86/spec_ctrl.c | 10 +++++----- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 305a63b67e..3658e50d56 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1810,7 +1810,7 @@ void context_switch(struct vcpu *prev, struct vcpu *next) ctxt_switch_levelling(next); - if ( opt_ibpb && !is_idle_domain(nextd) ) + if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) ) { static DEFINE_PER_CPU(unsigned int, last); unsigned int *last_id = &this_cpu(last); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index a6def47061..ced0f8c2ae 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -54,7 +54,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb = true; +bool __read_mostly opt_ibpb_ctxt_switch = true; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -117,7 +117,7 @@ static int __init parse_spec_ctrl(const char *s) opt_thunk = THUNK_JMP; opt_ibrs = 0; - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; opt_ssbd = false; opt_l1d_flush = 0; opt_branch_harden = false; @@ -238,7 +238,7 @@ static int __init parse_spec_ctrl(const char *s) /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + opt_ibpb_ctxt_switch = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -458,7 +458,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", - opt_ibpb ? " IBPB" : "", + opt_ibpb_ctxt_switch ? " IBPB-ctxt" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm || opt_fb_clear_mmio ? " VERW" : "", @@ -1193,7 +1193,7 @@ void __init init_speculation_mitigations(void) /* Check we have hardware IBPB support before using it... */ if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 6f8b0e0934..fd8162ca9a 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -63,7 +63,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb; +extern bool opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 12:23:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 12:23:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366568.597470 (Exim 4.92) (envelope-from ) id 1oBbOm-0001pm-T7; Wed, 13 Jul 2022 12:23:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366568.597470; Wed, 13 Jul 2022 12:23:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOm-0001pe-PI; Wed, 13 Jul 2022 12:23:24 +0000 Received: by outflank-mailman (input) for mailman id 366568; Wed, 13 Jul 2022 12:23:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOk-0001pP-WB for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOk-00033x-Tc for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBbOk-0000RS-SD for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+sJ5KFsbzVsdgX+fOUnsnmrhXmpAJ/mzoLpOqR5mSmE=; b=MgbNCimPpWsF/qX2lT5aOvMCys uMToTdN80bFTK4pfej3iCH5at5oyUxRvdSw+SFSE4NxcLv9hTv50KyXvc/YibS/VSD0giopjfWRRX QC1Vdp9kLTE9/5fPUHdDtUuFUjH/2cpccwYhMXC3/P8H9tkcx6fHf+nUdTpHhJwfCjRQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST Message-Id: Date: Wed, 13 Jul 2022 12:23:22 +0000 commit d2f0cf78278f48719e12065d3c6a624420b66926 Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST We are shortly going to add a conditional IBPB in this path. Therefore, we cannot hold spec_ctrl_flags in %eax, and rely on only clobbering it after we're done with its contents. %rbx is available for use, and the more normal register to hold preserved information in. With %rax freed up, use it instead of %rdx for the RSB tmp register, and for the adjustment to spec_ctrl_flags. This leaves no use of %rdx, except as 0 for the upper half of WRMSR. In practice, %rdx is 0 from SAVE_ALL on all paths and isn't likely to change in the foreseeable future, so update the macro entry requirements to state this dependency. This marginal optimisation can be revisited if circumstances change. No practical change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e9b8d31981f184c6539f91ec54bd9cae29cdae36) --- xen/arch/x86/x86_64/entry.S | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 21 ++++++++++----------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index cbf332e752..87bf9cb694 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -854,7 +854,7 @@ ENTRY(double_fault) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rbx @@ -889,7 +889,7 @@ handle_ist_exception: GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 0ff1b118f8..15e24cde00 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -251,34 +251,33 @@ */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* - * Requires %rsp=regs, %r14=stack_end - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY * maybexen=1, but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %eax + movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx - test $SCF_ist_rsb, %al + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb - DO_OVERWRITE_RSB tmp=rdx /* Clobbers %rcx/%rdx */ + DO_OVERWRITE_RSB /* Clobbers %rax/%rcx */ .L\@_skip_rsb: - test $SCF_ist_sc_msr, %al + test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl - xor %edx, %edx + xor %eax, %eax testb $3, UREGS_cs(%rsp) - setnz %dl - not %edx - and %dl, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + setnz %al + not %eax + and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax - xor %edx, %edx wrmsr /* Opencoded UNLIKELY_START() with no condition. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 12:23:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 12:23:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366569.597475 (Exim 4.92) (envelope-from ) id 1oBbOw-0001sT-VG; Wed, 13 Jul 2022 12:23:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366569.597475; Wed, 13 Jul 2022 12:23:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOw-0001sM-Qw; Wed, 13 Jul 2022 12:23:34 +0000 Received: by outflank-mailman (input) for mailman id 366569; Wed, 13 Jul 2022 12:23:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOv-0001sD-1H for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbOv-000342-0L for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBbOu-0000Rt-W1 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5lDGfRqjOiZOA2hQDe/2Dsxfp9Zc/gWqYGiqLNWY1DI=; b=1cx/OUEiM+6gMWlPtF4gKLUSXv jNWXXGGucNwl7CTGzue+2zz3an0012PPuz+f0DTZYp3he5egjU/hnD1sDJohidXT6W0gkyGDpufjj EsrsSffoAcQ2PjFRuklnvJjZsRQ2nydPreazyHcKTDLO9MCcshwEN29oaPCgVc6ajefg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Support IBPB-on-entry Message-Id: Date: Wed, 13 Jul 2022 12:23:32 +0000 commit 0a6561b20fd8b15e143307f81f30afbd58024a8d Author: Andrew Cooper AuthorDate: Thu Feb 24 13:44:33 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Support IBPB-on-entry We are going to need this to mitigate Branch Type Confusion on AMD/Hygon CPUs, but as we've talked about using it in other cases too, arrange to support it generally. However, this is also very expensive in some cases, so we're going to want per-domain controls. Introduce SCF_ist_ibpb and SCF_entry_ibpb controls, adding them to the IST and DOM masks as appropriate. Also introduce X86_FEATURE_IBPB_ENTRY_{PV,HVM} to to patch the code blocks. For SVM, the STGI is serialising enough to protect against Spectre-v1 attacks, so no "else lfence" is necessary. VT-x will use use the MSR host load list, so doesn't need any code in the VMExit path. For the IST path, we can't safely check CPL==0 to skip a flush, as we might have hit an entry path before it's IBPB. As IST hitting Xen is rare, flush irrespective of CPL. A later path, SCF_ist_sc_msr, provides Spectre-v1 safety. For the PV paths, we know we're interrupting CPL>0, while for the INTR paths, we can safely check CPL==0. Only flush when interrupting guest context. An "else lfence" is needed for safety, but we want to be able to skip it on unaffected CPUs, so the block wants to be an alternative, which means the lfence has to be inline rather than UNLIKELY() (the replacement block doesn't have displacements fixed up for anything other than the first instruction). As with SPEC_CTRL_ENTRY_FROM_INTR_IST, %rdx is 0 on entry so rely on this to shrink the logic marginally. Update the comments to specify this new dependency. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 53a570b285694947776d5190f591a0d5b9b18de7) --- xen/arch/x86/hvm/svm/entry.S | 18 +++++++++++++- xen/arch/x86/hvm/vmx/vmcs.c | 4 +++ xen/arch/x86/x86_64/compat/entry.S | 4 +-- xen/arch/x86/x86_64/entry.S | 10 ++++---- xen/include/asm-x86/cpufeatures.h | 2 ++ xen/include/asm-x86/spec_ctrl.h | 6 +++-- xen/include/asm-x86/spec_ctrl_asm.h | 49 +++++++++++++++++++++++++++++++++++-- 7 files changed, 81 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 055e6f4564..7aab67899b 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,19 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + + .macro svm_vmexit_cond_ibpb + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + jz .L_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr +.L_skip_ibpb: + .endm + ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM .macro svm_vmexit_spec_ctrl @@ -118,6 +130,10 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ + /* + * STGI is executed unconditionally, and is sufficiently serialising + * to safely resolve any Spectre-v1 concerns in the above logic. + */ STGI GLOBAL(svm_stgi_label) mov %rsp,%rdi diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 1466064d0c..3d271178e8 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1332,6 +1332,10 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); + if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, + VMX_MSR_HOST); + out: vmx_vmcs_exit(v); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index b67468f7c9..302530e65e 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -18,7 +18,7 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, 4(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ CR4_PV32_RESTORE @@ -212,7 +212,7 @@ ENTRY(cstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 87bf9cb694..153e89e246 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -248,7 +248,7 @@ ENTRY(lstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -287,7 +287,7 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -339,7 +339,7 @@ ENTRY(int80_direct_trap) movl $0x80, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -600,7 +600,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -633,7 +633,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index f7488d3ccb..b233e5835f 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -39,6 +39,8 @@ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ +XEN_CPUFEATURE(IBPB_ENTRY_PV, X86_SYNTH(28)) /* MSR_PRED_CMD used by Xen for PV */ +XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for HVM */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index fd8162ca9a..10cd0cd251 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -34,6 +34,8 @@ #define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +#define SCF_ist_ibpb (1 << 4) +#define SCF_entry_ibpb (1 << 5) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -46,13 +48,13 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_sc_msr) +#define SCF_IST_MASK (SCF_ist_sc_msr | SCF_ist_ibpb) /* * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 15e24cde00..9eb4ad9ab7 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -88,6 +88,35 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ +.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +/* + * Requires %rsp=regs (also cpuinfo if !maybexen) + * Requires %r14=stack_end (if maybexen), %rdx=0 + * Clobbers %rax, %rcx, %rdx + * + * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen + * case, we can safely look at UREGS_cs to skip taking the hit when + * interrupting Xen. + */ + .if \maybexen + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + jz .L\@_skip + testb $3, UREGS_cs(%rsp) + .else + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + .endif + jz .L\@_skip + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + jmp .L\@_done + +.L\@_skip: + lfence +.L\@_done: +.endm + .macro DO_OVERWRITE_RSB tmp=rax /* * Requires nothing @@ -225,12 +254,16 @@ /* Use after an entry from PV context (syscall/sysenter/int80/int82/etc). */ #define SPEC_CTRL_ENTRY_FROM_PV \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV /* Use in interrupt/exception context. May interrupt Xen or PV context. */ #define SPEC_CTRL_ENTRY_FROM_INTR \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV @@ -254,11 +287,23 @@ * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rbx, %rcx, %rdx * - * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY - * maybexen=1, but with conditionals rather than alternatives. + * This is logical merge of: + * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_OVERWRITE_RSB + * DO_SPEC_CTRL_ENTRY maybexen=1 + * but with conditionals rather than alternatives. */ movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + test $SCF_ist_ibpb, %bl + jz .L\@_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + +.L\@_skip_ibpb: + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 12:23:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 12:23:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366571.597477 (Exim 4.92) (envelope-from ) id 1oBbP6-0001vY-20; Wed, 13 Jul 2022 12:23:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366571.597477; Wed, 13 Jul 2022 12:23:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbP5-0001vR-Vh; Wed, 13 Jul 2022 12:23:43 +0000 Received: by outflank-mailman (input) for mailman id 366571; Wed, 13 Jul 2022 12:23:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbP5-0001vI-4P for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbP5-00034E-3c for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBbP5-0000Tp-2l for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mgq0YmPG3W7Hf26VGC81q73ZxlQZBrXAkb8yOv+Qkw4=; b=bOtpYudmFmqWUFKKbpCTQ+mG+m rIesOjg4cCSVIBRMN0s9BVkXTn4XBfPHzwDzmVRRtfkR16IHk1CWFMCFrdQXUuS/iAbYWI1xG2mC2 wXHOkU5WPaocSOwYnaZLUkgAQKt75boalLgo6lnt4SRC2xArrj9OXR2AfPg0qSobniPA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/cpuid: Enumeration for BTC_NO Message-Id: Date: Wed, 13 Jul 2022 12:23:43 +0000 commit 318d7bc36aff01930f9e2f3d3ec5b774fb4b869b Author: Andrew Cooper AuthorDate: Mon May 16 15:48:24 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/cpuid: Enumeration for BTC_NO BTC_NO indicates that hardware is not succeptable to Branch Type Confusion. Zen3 CPUs don't suffer BTC. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76cb04ad64f3ab9ae785988c40655a71dde9c319) --- tools/libxl/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/cpu/amd.c | 10 ++++++++++ xen/arch/x86/spec_ctrl.c | 5 +++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c index 86c8d21555..25576b4d99 100644 --- a/tools/libxl/libxl_cpuid.c +++ b/tools/libxl/libxl_cpuid.c @@ -280,6 +280,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1}, {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, + {"btc-no", 0x80000008, NA, CPUID_REG_EBX, 29, 1}, {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 7ebf520a71..e5208cfa45 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -157,7 +157,7 @@ static const char *const str_e8b[32] = /* [22] */ [23] = "ppin", [24] = "amd-ssbd", [25] = "virt-ssbd", [26] = "ssb-no", - [28] = "psfd", + [28] = "psfd", [29] = "btc-no", }; static const char *const str_7d0[32] = diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 142f34af5f..7409af98f6 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -822,6 +822,16 @@ static void init_amd(struct cpuinfo_x86 *c) warning_add(text); } break; + + case 0x19: + /* + * Zen3 (Fam19h model < 0x10) parts are not susceptible to + * Branch Type Confusion, but predate the allocation of the + * BTC_NO bit. Fill it back in if we're not virtualised. + */ + if (!cpu_has_hypervisor && !cpu_has(c, X86_FEATURE_BTC_NO)) + __set_bit(X86_FEATURE_BTC_NO, c->x86_capability); + break; } display_cacheinfo(c); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ced0f8c2ae..9f66c71551 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -388,7 +388,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * Hardware read-only information, stating immunity to certain issues, or * suggestions of which mitigation to use. */ - printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", @@ -403,7 +403,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (e8b & cpufeat_mask(X86_FEATURE_IBRS_ALWAYS)) ? " IBRS_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", - (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : ""); + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : "", + (e8b & cpufeat_mask(X86_FEATURE_BTC_NO)) ? " BTC_NO" : ""); /* Hardware features which need driving to mitigate issues. */ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index c5af6f03cf..746a75200a 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -264,6 +264,7 @@ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(BTC_NO, 8*32+29) /*A Hardware not vulnerable to Branch Type Confusion */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 12:23:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 12:23:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366572.597481 (Exim 4.92) (envelope-from ) id 1oBbPG-0001yh-3q; Wed, 13 Jul 2022 12:23:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366572.597481; Wed, 13 Jul 2022 12:23:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbPG-0001yZ-0v; Wed, 13 Jul 2022 12:23:54 +0000 Received: by outflank-mailman (input) for mailman id 366572; Wed, 13 Jul 2022 12:23:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbPF-0001yO-7A for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbPF-00034e-6K for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBbPF-0000UR-5r for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:23:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uFJYtBXbaeT7caBvflgxUUC3Lk4bjH3jJilEeP+rKrQ=; b=ECAp3C23YJGnWHnOJo/PnEG2e0 5yCmEm3yAauMqSY75o7pSBrRs5M79tQkBsq/eniYjcFdNVOmCnjOrc9z0OgfSDYPcTCwAAHHdbyJW aNCGgjFVah7J6q2FF8Q90fW2ev6Ku7Ko5ACuBi78QQmpx2xGbAgcQ5NRQa2LjirkJBjI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Enable Zen2 chickenbit Message-Id: Date: Wed, 13 Jul 2022 12:23:53 +0000 commit 5bccfbb68d7ac8709deb6671e5c87bb96e200c58 Author: Andrew Cooper AuthorDate: Tue Mar 15 18:30:25 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Enable Zen2 chickenbit ... as instructed in the Branch Type Confusion whitepaper. This is part of XSA-407. Signed-off-by: Andrew Cooper (cherry picked from commit 9deaf2d932f08c16c6b96a1c426e4b1142c0cdbe) --- xen/arch/x86/cpu/amd.c | 28 ++++++++++++++++++++++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 6 ++++++ xen/include/asm-x86/msr-index.h | 1 + 4 files changed, 36 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 7409af98f6..f50f91f81e 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -731,6 +731,31 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) printk_once(XENLOG_ERR "No SSBD controls available\n"); } +/* + * On Zen2 we offer this chicken (bit) on the altar of Speculation. + * + * Refer to the AMD Branch Type Confusion whitepaper: + * https://XXX + * + * Setting this unnamed bit supposedly causes prediction information on + * non-branch instructions to be ignored. It is to be set unilaterally in + * newer microcode. + * + * This chickenbit is something unrelated on Zen1, and Zen1 vs Zen2 isn't a + * simple model number comparison, so use STIBP as a heuristic to separate the + * two uarches in Fam17h(AMD)/18h(Hygon). + */ +void amd_init_spectral_chicken(void) +{ + uint64_t val, chickenbit = 1 << 1; + + if (cpu_has_hypervisor || !boot_cpu_has(X86_FEATURE_AMD_STIBP)) + return; + + if (rdmsr_safe(MSR_AMD64_DE_CFG2, val) == 0 && !(val & chickenbit)) + wrmsr_safe(MSR_AMD64_DE_CFG2, val | chickenbit); +} + static void init_amd(struct cpuinfo_x86 *c) { u32 l, h; @@ -783,6 +808,9 @@ static void init_amd(struct cpuinfo_x86 *c) amd_init_ssbd(c); + if (c->x86 == 0x17) + amd_init_spectral_chicken(); + /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 1a5b3918b3..e76ab5ce1a 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -22,3 +22,4 @@ void early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); +void amd_init_spectral_chicken(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 3845e0cf0e..0cb0e7d55e 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -36,6 +36,12 @@ static void init_hygon(struct cpuinfo_x86 *c) amd_init_ssbd(c); + /* + * TODO: Check heuristic safety with Hygon first + if (c->x86 == 0x18) + amd_init_spectral_chicken(); + */ + /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index c8670eab8e..4c1cba589d 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -359,6 +359,7 @@ #define MSR_AMD64_DC_CFG 0xc0011022 #define MSR_AMD64_DE_CFG 0xc0011029 #define AMD64_DE_CFG_LFENCE_SERIALISE (_AC(1, ULL) << 1) +#define MSR_AMD64_DE_CFG2 0xc00110e3 #define MSR_AMD64_DR0_ADDRESS_MASK 0xc0011027 #define MSR_AMD64_DR1_ADDRESS_MASK 0xc0011019 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 12:24:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 12:24:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366573.597485 (Exim 4.92) (envelope-from ) id 1oBbPQ-00021h-5t; Wed, 13 Jul 2022 12:24:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366573.597485; Wed, 13 Jul 2022 12:24:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbPQ-00021a-2a; Wed, 13 Jul 2022 12:24:04 +0000 Received: by outflank-mailman (input) for mailman id 366573; Wed, 13 Jul 2022 12:24:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbPP-00021T-A7 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:24:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBbPP-00034v-9H for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:24:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBbPP-0000Uz-8i for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 12:24:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=k+fyWfxavGw5zTqwgP/W+YlyeuPgXVAd4urkGOau2Mc=; b=l2wqrm9GqyWwMdbgtnY6lHCa4S h1ZiCWcifk4rVlIcPQSvbjmdtRjFhVPH26GXjMrcN5OfeKiXITUhuWr8TRG3pW45BokP3FMtDC7Y2 8AFLGjuqhkDU2X+8Qw7VPIcMJnDXl3jNpgu2WUJJklMe4woY2WzqBWmlOzwl0R4QHgWY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Mitigate Branch Type Confusion when possible Message-Id: Date: Wed, 13 Jul 2022 12:24:03 +0000 commit 87d90d511c87477609cc4b8c88866bfbe997da46 Author: Andrew Cooper AuthorDate: Mon Jun 27 19:29:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:31:49 2022 +0100 x86/spec-ctrl: Mitigate Branch Type Confusion when possible Branch Type Confusion affects AMD/Hygon CPUs on Zen2 and earlier. To mitigate, we require SMT safety (STIBP on Zen2, no-SMT on Zen1), and to issue an IBPB on each entry to Xen, to flush the BTB. Due to performance concerns, dom0 (which is trusted in most configurations) is excluded from protections by default. Therefore: * Use STIBP by default on Zen2 too, which now means we want it on by default on all hardware supporting STIBP. * Break the current IBPB logic out into a new function, extending it with IBPB-at-entry logic. * Change the existing IBPB-at-ctxt-switch boolean to be tristate, and disable it by default when IBPB-at-entry is providing sufficient safety. If all PV guests on the system are trusted, then it is recommended to boot with `spec-ctrl=ibpb-entry=no-pv`, as this will provide an additional marginal perf improvement. This is part of XSA-407 / CVE-2022-23825. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit d8cb7e0f069e0f106d24941355b59b45a731eabe) --- docs/misc/xen-command-line.pandoc | 14 +++-- xen/arch/x86/spec_ctrl.c | 113 ++++++++++++++++++++++++++++++++++---- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 112 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index a84f5c1921..f13304ef4e 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2105,7 +2105,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,md-clear}=|{pv,hvm}=, +> {msr-sc,rsb,md-clear,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2130,9 +2130,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine -grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and/or Xen's ability to virtualise support for guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `md-clear=` and `ibpb-entry=` options +offer fine grained control over the primitives by Xen. These impact Xen's +ability to protect itself, and/or Xen's ability to virtualise support for +guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2151,6 +2152,11 @@ protect itself, and/or Xen's ability to virtualise support for guests to use. compatibility with development versions of this fix, `mds=` is also accepted on Xen 4.12 and earlier as an alias. Consult vendor documentation in preference to here.* +* `ibpb-entry=` offers control over whether IBPB (Indirect Branch Prediction + Barrier) is used on entry to Xen. This is used by default on hardware + vulnerable to Branch Type Confusion, but for performance reasons, dom0 is + unprotected by default. If it necessary to protect dom0 too, boot with + `spec-ctrl=ibpb-entry`. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 9f66c71551..563519ce0e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -39,6 +39,10 @@ static bool __initdata opt_rsb_hvm = true; static int8_t __read_mostly opt_md_clear_pv = -1; static int8_t __read_mostly opt_md_clear_hvm = -1; +static int8_t __read_mostly opt_ibpb_entry_pv = -1; +static int8_t __read_mostly opt_ibpb_entry_hvm = -1; +static bool __read_mostly opt_ibpb_entry_dom0; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -54,7 +58,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb_ctxt_switch = true; +int8_t __read_mostly opt_ibpb_ctxt_switch = -1; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -114,6 +118,9 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = false; opt_md_clear_pv = 0; opt_md_clear_hvm = 0; + opt_ibpb_entry_pv = 0; + opt_ibpb_entry_hvm = 0; + opt_ibpb_entry_dom0 = false; opt_thunk = THUNK_JMP; opt_ibrs = 0; @@ -140,12 +147,14 @@ static int __init parse_spec_ctrl(const char *s) opt_msr_sc_pv = val; opt_rsb_pv = val; opt_md_clear_pv = val; + opt_ibpb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { opt_msr_sc_hvm = val; opt_rsb_hvm = val; opt_md_clear_hvm = val; + opt_ibpb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -210,6 +219,28 @@ static int __init parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("ibpb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_ibpb_entry_pv = opt_ibpb_entry_hvm = + opt_ibpb_entry_dom0 = val; + break; + + case -2: + s += strlen("ibpb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_ibpb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_ibpb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -477,27 +508,31 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -730,6 +765,55 @@ static bool __init should_use_eager_fpu(void) } } +static void __init ibpb_calculations(void) +{ + /* Check we have hardware IBPB support before using it... */ + if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) + { + opt_ibpb_entry_hvm = opt_ibpb_entry_pv = opt_ibpb_ctxt_switch = 0; + opt_ibpb_entry_dom0 = false; + return; + } + + /* + * IBPB-on-entry mitigations for Branch Type Confusion. + * + * IBPB && !BTC_NO selects all AMD/Hygon hardware, not known to be safe, + * that we can provide some form of mitigation on. + */ + if ( opt_ibpb_entry_pv == -1 ) + opt_ibpb_entry_pv = (IS_ENABLED(CONFIG_PV) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + if ( opt_ibpb_entry_hvm == -1 ) + opt_ibpb_entry_hvm = (IS_ENABLED(CONFIG_HVM) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + + if ( opt_ibpb_entry_pv ) + { + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_PV); + + /* + * We only need to flush in IST context if we're protecting against PV + * guests. HVM IBPB-on-entry protections are both atomic with + * NMI/#MC, so can't interrupt Xen ahead of having already flushed the + * BTB. + */ + default_spec_ctrl_flags |= SCF_ist_ibpb; + } + if ( opt_ibpb_entry_hvm ) + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); + + /* + * If we're using IBPB-on-entry to protect against PV and HVM guests + * (ignoring dom0 if trusted), then there's no need to also issue IBPB on + * context switch too. + */ + if ( opt_ibpb_ctxt_switch == -1 ) + opt_ibpb_ctxt_switch = !(opt_ibpb_entry_hvm && opt_ibpb_entry_pv); +} + /* Calculate whether this CPU is vulnerable to L1TF. */ static __init void l1tf_calculations(uint64_t caps) { @@ -985,8 +1069,12 @@ void spec_ctrl_init_domain(struct domain *d) bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || (opt_fb_clear_mmio && is_iommu_enabled(d))); + bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && + (d->domain_id != 0 || opt_ibpb_entry_dom0)); + d->arch.spec_ctrl_flags = (verw ? SCF_verw : 0) | + (ibpb ? SCF_entry_ibpb : 0) | 0; } @@ -1133,12 +1221,15 @@ void __init init_speculation_mitigations(void) } /* - * Use STIBP by default if the hardware hint is set. Otherwise, leave it - * off as it a severe performance pentalty on pre-eIBRS Intel hardware - * where it was retrofitted in microcode. + * Use STIBP by default on all AMD systems. Zen3 and later enumerate + * STIBP_ALWAYS, but STIBP is needed on Zen2 as part of the mitigations + * for Branch Type Confusion. + * + * Leave STIBP off by default on Intel. Pre-eIBRS systems suffer a + * substantial perf hit when it was implemented in microcode. */ if ( opt_stibp == -1 ) - opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + opt_stibp = !!boot_cpu_has(X86_FEATURE_AMD_STIBP); if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) @@ -1192,9 +1283,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_hvm ) setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM); - /* Check we have hardware IBPB support before using it... */ - if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb_ctxt_switch = false; + ibpb_calculations(); /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 10cd0cd251..33e845991b 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -65,7 +65,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb_ctxt_switch; +extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 16:44:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 16:44:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366908.597843 (Exim 4.92) (envelope-from ) id 1oBfT1-00078J-4y; Wed, 13 Jul 2022 16:44:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366908.597843; Wed, 13 Jul 2022 16:44:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfT1-00078C-1T; Wed, 13 Jul 2022 16:44:03 +0000 Received: by outflank-mailman (input) for mailman id 366908; Wed, 13 Jul 2022 16:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfT0-000786-0q for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfSz-0008AM-WB for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBfSz-0004gL-VC for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3gyt5KFs3IOAbTuVOzdwKZ/QAR3967gEwbZ/6UdwdjE=; b=xs4YIpqFDdm1eL7Sz22TlMRviE QAfZuWgaj749Oploeq3tbYSsG+8oSJiXJmFdCuggAVrOAVJLsUQ1sC40I1GWuMR8ucFL+sTfd6gZL kc5tcsytHzW+Ekx9JkT4Ga9+OxSjHoOUF1VIggeQpyPdHDnaSrnfAZzZwj7+Q44ISD5M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/fuzz/libelf: rework makefile Message-Id: Date: Wed, 13 Jul 2022 16:44:01 +0000 commit ee3810899181170d21ab2c4e1aeba8dcdcd6f2b6 Author: Anthony PERARD AuthorDate: Tue Jul 12 08:35:48 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 08:36:37 2022 +0200 tools/fuzz/libelf: rework makefile Rename ELF_LIB_OBJS to LIBELF_OBJS as to have the same name as in libs/guest/. Replace "-I" by "-iquote". Remove the use of "vpath". It will not works when we will convert this makefile to subdirmk. Instead, we create symlinks to the source files. Since we are creating a new .gitignore for the links, also move the existing entry to it. Signed-off-by: Anthony PERARD Reviewed-by: Luca Fancellu --- .gitignore | 1 - tools/fuzz/libelf/.gitignore | 2 ++ tools/fuzz/libelf/Makefile | 21 ++++++++++----------- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index 4729911c51..ed7bd8bdc7 100644 --- a/.gitignore +++ b/.gitignore @@ -195,7 +195,6 @@ tools/flask/utils/flask-loadpolicy tools/flask/utils/flask-setenforce tools/flask/utils/flask-set-bool tools/flask/utils/flask-label-pci -tools/fuzz/libelf/afl-libelf-fuzzer tools/fuzz/x86_instruction_emulator/asm tools/fuzz/x86_instruction_emulator/afl-harness tools/fuzz/x86_instruction_emulator/afl-harness-cov diff --git a/tools/fuzz/libelf/.gitignore b/tools/fuzz/libelf/.gitignore new file mode 100644 index 0000000000..ed634214c9 --- /dev/null +++ b/tools/fuzz/libelf/.gitignore @@ -0,0 +1,2 @@ +/afl-libelf-fuzzer +/libelf-*.c diff --git a/tools/fuzz/libelf/Makefile b/tools/fuzz/libelf/Makefile index 9eb30ee40c..9211f75951 100644 --- a/tools/fuzz/libelf/Makefile +++ b/tools/fuzz/libelf/Makefile @@ -1,25 +1,24 @@ XEN_ROOT = $(CURDIR)/../../.. include $(XEN_ROOT)/tools/Rules.mk -# libelf fuzz target -vpath %.c ../../../xen/common/libelf -CFLAGS += -I../../../xen/common/libelf -ELF_SRCS-y += libelf-tools.c libelf-loader.c libelf-dominfo.c -ELF_LIB_OBJS := $(patsubst %.c,%.o,$(ELF_SRCS-y)) +LIBELF_OBJS := libelf-tools.o libelf-loader.o libelf-dominfo.o -$(patsubst %.c,%.o,$(ELF_SRCS-y)): CFLAGS += -Wno-pointer-sign - -$(ELF_LIB_OBJS): CFLAGS += -DFUZZ_NO_LIBXC $(CFLAGS_xeninclude) +CFLAGS += -iquote ../../../xen/common/libelf +$(LIBELF_OBJS): CFLAGS += -Wno-pointer-sign +$(LIBELF_OBJS): CFLAGS += -DFUZZ_NO_LIBXC $(CFLAGS_xeninclude) libelf-fuzzer.o: CFLAGS += $(CFLAGS_xeninclude) -libelf.a: libelf-fuzzer.o $(ELF_LIB_OBJS) +$(LIBELF_OBJS:.o=.c): libelf-%.c: ../../../xen/common/libelf/libelf-%.c FORCE + ln -nsf $< $@ + +libelf.a: libelf-fuzzer.o $(LIBELF_OBJS) $(AR) rc $@ $^ .PHONY: libelf-fuzzer-all libelf-fuzzer-all: libelf.a libelf-fuzzer.o -afl-libelf-fuzzer: afl-libelf-fuzzer.o libelf-fuzzer.o $(ELF_LIB_OBJS) +afl-libelf-fuzzer: afl-libelf-fuzzer.o libelf-fuzzer.o $(LIBELF_OBJS) $(CC) $(CFLAGS) $^ -o $@ # Common targets @@ -31,7 +30,7 @@ distclean: clean .PHONY: clean clean: - rm -f *.o .*.d *.a *-libelf-fuzzer + rm -f *.o .*.d *.a *-libelf-fuzzer $(LIBELF_OBJS:.o=.c) .PHONY: install install: all -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 16:44:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 16:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366909.597847 (Exim 4.92) (envelope-from ) id 1oBfTB-0007BA-7E; Wed, 13 Jul 2022 16:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366909.597847; Wed, 13 Jul 2022 16:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTB-0007B2-4f; Wed, 13 Jul 2022 16:44:13 +0000 Received: by outflank-mailman (input) for mailman id 366909; Wed, 13 Jul 2022 16:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTA-0007As-4Z for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTA-0008AX-3c for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBfTA-0004go-2A for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=M5ZTZ0xUY9p/f8P6NWl/Ll93P7AVhLtOArwZHp+v7M4=; b=aKe/YTEtjhbuUAYfru+E9/jmkn Pnfukwf4W5xgicuKP/L+xiOh5Oz42wiWj5Q8xo7qpzsw8PUEzBF43f2ktn5HuXhslTycEgFivnHMW DXMMkbLw+GlTpOU/xT+/d7mNrvZT8jc0atN9Te2EiZcNK+NGRlQC3IcovpDe0bkhpZiQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/helpers: fix build of xen-init-dom0 with -Werror Message-Id: Date: Wed, 13 Jul 2022 16:44:12 +0000 commit d693b22733044d68e9974766b5c9e6259c9b1708 Author: Anthony PERARD AuthorDate: Tue Jul 12 08:38:35 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 08:38:35 2022 +0200 tools/helpers: fix build of xen-init-dom0 with -Werror Missing prototype of asprintf() without _GNU_SOURCE. Signed-off-by: Anthony PERARD Reviewed-by: Henry Wang --- tools/helpers/xen-init-dom0.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/helpers/xen-init-dom0.c b/tools/helpers/xen-init-dom0.c index 37eff8868f..764f837887 100644 --- a/tools/helpers/xen-init-dom0.c +++ b/tools/helpers/xen-init-dom0.c @@ -1,3 +1,5 @@ +#define _GNU_SOURCE + #include #include #include -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 16:44:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 16:44:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366910.597850 (Exim 4.92) (envelope-from ) id 1oBfTL-0007E6-8k; Wed, 13 Jul 2022 16:44:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366910.597850; Wed, 13 Jul 2022 16:44:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTL-0007Dz-67; Wed, 13 Jul 2022 16:44:23 +0000 Received: by outflank-mailman (input) for mailman id 366910; Wed, 13 Jul 2022 16:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTK-0007Do-86 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTK-0008Ai-7J for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBfTK-0004hL-5q for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2tfW+iwaNMHihy76zXPj52R6BL63SxHmQv9RFAJb910=; b=j+dhlw2s+lmpqmIW2S/B7qxAh/ 7yaw1eiiTBnflpai1/kmuvgcE+oU+E1qUYXgRCJNQbJ7ZhJZ2T34iWQvNev6sKMDPznlXNF9HEVgc wf6aX9SokobaXYQkZsKKTdYIKbs2uFS87wOrUDSi2bLgygWzIglRoWgFv4mq7S5u3qtw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libxl: check return value of libxl__xs_directory in name2bdf Message-Id: Date: Wed, 13 Jul 2022 16:44:22 +0000 commit d778089ac70e5b8e3bdea0c85fc8c0b9ed0eaf2f Author: Anthony PERARD AuthorDate: Tue Jul 12 08:38:51 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 08:38:51 2022 +0200 libxl: check return value of libxl__xs_directory in name2bdf libxl__xs_directory() can potentially return NULL without setting `n`. As `n` isn't initialised, we need to check libxl__xs_directory() return value before checking `n`. Otherwise, `n` might be non-zero with `bdfs` NULL which would lead to a segv. Fixes: 57bff091f4 ("libxl: add 'name' field to 'libxl_device_pci' in the IDL...") Reported-by: "G.R." Signed-off-by: Anthony PERARD Reviewed-by: Juergen Gross Tested-by: "G.R." --- tools/libs/light/libxl_pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_pci.c b/tools/libs/light/libxl_pci.c index 96f88795b6..f4c4f17545 100644 --- a/tools/libs/light/libxl_pci.c +++ b/tools/libs/light/libxl_pci.c @@ -859,7 +859,7 @@ static int name2bdf(libxl__gc *gc, libxl_device_pci *pci) int rc = ERROR_NOTFOUND; bdfs = libxl__xs_directory(gc, XBT_NULL, PCI_INFO_PATH, &n); - if (!n) + if (!bdfs || !n) goto out; for (i = 0; i < n; i++) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 16:44:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 16:44:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366911.597856 (Exim 4.92) (envelope-from ) id 1oBfTV-0007Gp-Af; Wed, 13 Jul 2022 16:44:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366911.597856; Wed, 13 Jul 2022 16:44:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTV-0007Gf-7d; Wed, 13 Jul 2022 16:44:33 +0000 Received: by outflank-mailman (input) for mailman id 366911; Wed, 13 Jul 2022 16:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTU-0007GQ-BJ for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTU-0008At-AS for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBfTU-0004hq-9b for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wBNlC+fNAy/H6rgo8ROveO1j3zADokciIoZzSnBR2rw=; b=hnVj5US/6UQIGhP9fMggeqadB6 MNyQfOpiNN9IbFT1obXBx4Ty0lgvEyPW/Szl5S+DYNDHAyPvEyx9yXx51tyWV1Se8Vz/FrdfsxS5L kVBxN1WujNLdH1EemPTXf/9KXwEObb7WRbWPMBxr07NO6sFYwO4gpjCHG3RFG1ZFSd7I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] EFI: preserve the System Resource Table for dom0 Message-Id: Date: Wed, 13 Jul 2022 16:44:32 +0000 commit dc7da0874ba4e8fab4c5783055755938ef19fc37 Author: Demi Marie Obenour AuthorDate: Tue Jul 12 08:39:19 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 08:39:19 2022 +0200 EFI: preserve the System Resource Table for dom0 The EFI System Resource Table (ESRT) is necessary for fwupd to identify firmware updates to install. According to the UEFI specification §23.4, the ESRT shall be stored in memory of type EfiBootServicesData. However, memory of type EfiBootServicesData is considered general-purpose memory by Xen, so the ESRT needs to be moved somewhere where Xen will not overwrite it. Copy the ESRT to memory of type EfiRuntimeServicesData, which Xen will not reuse. dom0 can use the ESRT if (and only if) it is in memory of type EfiRuntimeServicesData. Earlier versions of this patch reserved the memory in which the ESRT was located. This created awkward alignment problems, and required either splitting the E820 table or wasting memory. It also would have required a new platform op for dom0 to use to indicate if the ESRT is reserved. By copying the ESRT into EfiRuntimeServicesData memory, the E820 table does not need to be modified, and dom0 can just check the type of the memory region containing the ESRT. The copy is only done if the ESRT is not already in EfiRuntimeServicesData memory, avoiding memory leaks on repeated kexec. See https://lore.kernel.org/xen-devel/20200818184018.GN1679@mail-itl/T/ for details. Signed-off-by: Demi Marie Obenour Tested-by: Luca Fancellu Reviewed-by: Jan Beulich --- xen/common/efi/boot.c | 135 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index a25e1d29f1..a5b2d6ddb8 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -39,6 +39,26 @@ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } #define APPLE_PROPERTIES_PROTOCOL_GUID \ { 0x91bd12fe, 0xf6c3, 0x44fb, { 0xa5, 0xb7, 0x51, 0x22, 0xab, 0x30, 0x3a, 0xe0} } +#define EFI_SYSTEM_RESOURCE_TABLE_GUID \ + { 0xb122a263, 0x3661, 0x4f68, {0x99, 0x29, 0x78, 0xf8, 0xb0, 0xd6, 0x21, 0x80} } +#define EFI_SYSTEM_RESOURCE_TABLE_FIRMWARE_RESOURCE_VERSION 1 + +typedef struct { + EFI_GUID FwClass; + UINT32 FwType; + UINT32 FwVersion; + UINT32 LowestSupportedFwVersion; + UINT32 CapsuleFlags; + UINT32 LastAttemptVersion; + UINT32 LastAttemptStatus; +} EFI_SYSTEM_RESOURCE_ENTRY; + +typedef struct { + UINT32 FwResourceCount; + UINT32 FwResourceCountMax; + UINT64 FwResourceVersion; + EFI_SYSTEM_RESOURCE_ENTRY Entries[]; +} EFI_SYSTEM_RESOURCE_TABLE; typedef EFI_STATUS (/* _not_ EFIAPI */ *EFI_SHIM_LOCK_VERIFY) ( @@ -567,6 +587,41 @@ static int __init efi_check_dt_boot(const EFI_LOADED_IMAGE *loaded_image) } #endif +static UINTN __initdata esrt = EFI_INVALID_TABLE_ADDR; + +static size_t __init get_esrt_size(const EFI_MEMORY_DESCRIPTOR *desc) +{ + size_t available_len, len; + const UINTN physical_start = desc->PhysicalStart; + const EFI_SYSTEM_RESOURCE_TABLE *esrt_ptr; + + len = desc->NumberOfPages << EFI_PAGE_SHIFT; + if ( esrt == EFI_INVALID_TABLE_ADDR ) + return 0; + if ( physical_start > esrt || esrt - physical_start >= len ) + return 0; + /* + * The specification requires EfiBootServicesData, but accept + * EfiRuntimeServicesData, which is a more logical choice. + */ + if ( (desc->Type != EfiRuntimeServicesData) && + (desc->Type != EfiBootServicesData) ) + return 0; + available_len = len - (esrt - physical_start); + if ( available_len <= offsetof(EFI_SYSTEM_RESOURCE_TABLE, Entries) ) + return 0; + available_len -= offsetof(EFI_SYSTEM_RESOURCE_TABLE, Entries); + esrt_ptr = (const EFI_SYSTEM_RESOURCE_TABLE *)esrt; + if ( (esrt_ptr->FwResourceVersion != + EFI_SYSTEM_RESOURCE_TABLE_FIRMWARE_RESOURCE_VERSION) || + !esrt_ptr->FwResourceCount ) + return 0; + if ( esrt_ptr->FwResourceCount > available_len / sizeof(esrt_ptr->Entries[0]) ) + return 0; + + return esrt_ptr->FwResourceCount * sizeof(esrt_ptr->Entries[0]); +} + /* * Include architecture specific implementation here, which references the * static globals defined above. @@ -845,6 +900,8 @@ static UINTN __init efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, return gop_mode; } +static EFI_GUID __initdata esrt_guid = EFI_SYSTEM_RESOURCE_TABLE_GUID; + static void __init efi_tables(void) { unsigned int i; @@ -868,6 +925,8 @@ static void __init efi_tables(void) efi.smbios = (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&smbios3_guid, &efi_ct[i].VendorGuid) ) efi.smbios3 = (unsigned long)efi_ct[i].VendorTable; + if ( match_guid(&esrt_guid, &efi_ct[i].VendorGuid) ) + esrt = (UINTN)efi_ct[i].VendorTable; } #ifndef CONFIG_ARM /* TODO - disabled until implemented on ARM */ @@ -1051,6 +1110,71 @@ static void __init efi_set_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, UINTN gop #define INVALID_VIRTUAL_ADDRESS (0xBAAADUL << \ (EFI_PAGE_SHIFT + BITS_PER_LONG - 32)) +static void __init efi_relocate_esrt(EFI_SYSTEM_TABLE *SystemTable) +{ + EFI_STATUS status; + UINTN info_size = 0, map_key, mdesc_size; + void *memory_map = NULL; + UINT32 ver; + unsigned int i; + + for ( ; ; ) + { + status = efi_bs->GetMemoryMap(&info_size, memory_map, &map_key, + &mdesc_size, &ver); + if ( status == EFI_SUCCESS && memory_map != NULL ) + break; + if ( status == EFI_BUFFER_TOO_SMALL || memory_map == NULL ) + { + info_size += 8 * mdesc_size; + if ( memory_map != NULL ) + efi_bs->FreePool(memory_map); + memory_map = NULL; + status = efi_bs->AllocatePool(EfiLoaderData, info_size, &memory_map); + if ( status == EFI_SUCCESS ) + continue; + PrintErr(L"Cannot allocate memory to relocate ESRT\r\n"); + } + else + PrintErr(L"Cannot obtain memory map to relocate ESRT\r\n"); + return; + } + + /* Try to obtain the ESRT. Errors are not fatal. */ + for ( i = 0; i < info_size; i += mdesc_size ) + { + /* + * ESRT needs to be moved to memory of type EfiRuntimeServicesData + * so that the memory it is in will not be used for other purposes. + */ + void *new_esrt = NULL; + size_t esrt_size = get_esrt_size(memory_map + i); + + if ( !esrt_size ) + continue; + if ( ((EFI_MEMORY_DESCRIPTOR *)(memory_map + i))->Type == + EfiRuntimeServicesData ) + break; /* ESRT already safe from reuse */ + status = efi_bs->AllocatePool(EfiRuntimeServicesData, esrt_size, + &new_esrt); + if ( status == EFI_SUCCESS && new_esrt ) + { + memcpy(new_esrt, (void *)esrt, esrt_size); + status = efi_bs->InstallConfigurationTable(&esrt_guid, new_esrt); + if ( status != EFI_SUCCESS ) + { + PrintErr(L"Cannot install new ESRT\r\n"); + efi_bs->FreePool(new_esrt); + } + } + else + PrintErr(L"Cannot allocate memory for ESRT\r\n"); + break; + } + + efi_bs->FreePool(memory_map); +} + static void __init efi_exit_boot(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) { EFI_STATUS status; @@ -1413,6 +1537,8 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) if ( gop ) efi_set_gop_mode(gop, gop_mode); + efi_relocate_esrt(SystemTable); + efi_exit_boot(ImageHandle, SystemTable); efi_arch_post_exit_boot(); /* Doesn't return. */ @@ -1753,3 +1879,12 @@ void __init efi_init_memory(void) unmap_domain_page(efi_l4t); } #endif + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 16:44:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 16:44:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366912.597859 (Exim 4.92) (envelope-from ) id 1oBfTf-0007Ju-Bn; Wed, 13 Jul 2022 16:44:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366912.597859; Wed, 13 Jul 2022 16:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTf-0007Jn-95; Wed, 13 Jul 2022 16:44:43 +0000 Received: by outflank-mailman (input) for mailman id 366912; Wed, 13 Jul 2022 16:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTe-0007Jb-E3 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTe-0008B5-DI for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBfTe-0004iW-Ci for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aBdBjn61Io/4sPywpm7Ds+PuJiwMK9LIa/4ZOj8mfXU=; b=Ovw2PyO5If4zd63pBpu45BUhl+ LAzadr9BARSrYZl7X7dRt2F5i5gOEzMYgOWQd3my3HiaxcYApuMgzjkMuzbE8HFzLhwG9yNffLdAw TVWoNWAkWdvM2eNfmxnG2MeoLCGklISg7qZzc3M44nMoM3VI/bQwabchllvOqVXYtAWM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] MAINTAINERS: Make Daniel P. Smith sole XSM maintainer Message-Id: Date: Wed, 13 Jul 2022 16:44:42 +0000 commit a7f006bb31da0a0e7a976c502ee328f402c044a7 Author: George Dunlap AuthorDate: Tue Jul 12 15:24:30 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 15:24:30 2022 +0200 MAINTAINERS: Make Daniel P. Smith sole XSM maintainer While mail hasn't been bouncing, Daniel De Graaf has not been responding to patch submissions or otherwise interacting with the community for several years. Daniel Smith has at least been working with the code, and is a regular member of our community; and he has agreed to step up into the role. Signed-off-by: George Dunlap Acked-by: Stefano Stabellini --- MAINTAINERS | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 8a99526784..e12c499a28 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -649,8 +649,7 @@ F: xen/common/trace.c F: xen/include/xen/trace.h XSM/FLASK -M: Daniel De Graaf -R: Daniel P. Smith +M: Daniel P. Smith S: Supported F: tools/flask/ F: xen/include/xsm/ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 16:44:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 16:44:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366913.597863 (Exim 4.92) (envelope-from ) id 1oBfTp-0007Me-DD; Wed, 13 Jul 2022 16:44:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366913.597863; Wed, 13 Jul 2022 16:44:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTp-0007MW-Aa; Wed, 13 Jul 2022 16:44:53 +0000 Received: by outflank-mailman (input) for mailman id 366913; Wed, 13 Jul 2022 16:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTo-0007MJ-H8 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTo-0008Bf-GC for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBfTo-0004iv-FU for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:44:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PTtDUL+9W2Jqpf80jVR20IuuRYLU6tsZY9496aHOjgo=; b=3eeEVZSXe3BHopbOYdmlLr2g5k 8Y5R2gYeVqucrc5jbDVn9Mpmt5XUvyXYaQ/KK9ylxd5oxXqfuWlEJR8BYJaO/lfFMTsXgs5rst5f9 eaTqHpfVeD716VtA4HA3dhxSbnnxdLkDQ2Lo/F8oDHWijvEng6TCRQYozEJOdiMlOM/Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xl: relax freemem()'s retry calculation Message-Id: Date: Wed, 13 Jul 2022 16:44:52 +0000 commit e58370df76eacf1f7ca0340e9b96430c77b41a79 Author: Jan Beulich AuthorDate: Tue Jul 12 15:25:00 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 15:25:00 2022 +0200 xl: relax freemem()'s retry calculation While in principle possible also under other conditions as long as other parallel operations potentially consuming memory aren't "locked out", in particular with IOMMU large page mappings used in Dom0 (for PV when in strict mode; for PVH when not sharing page tables with HAP) ballooning out of individual pages can actually lead to less free memory available afterwards. This is because to split a large page, one or more page table pages are necessary (one per level that is split). When rebooting a guest I've observed freemem() to fail: A single page was required to be ballooned out (presumably because of heap fragmentation in the hypervisor). This ballooning out of a single page of course went fast, but freemem() then found that it would require to balloon out another page. This repeating just another time leads to the function to signal failure to the caller - without having come anywhere near the designated 30s that the whole process is allowed to not make any progress at all. Convert from a simple retry count to actually calculating elapsed time, subtracting from an initial credit of 30s. Don't go as far as limiting the "wait_secs" value passed to libxl_wait_for_memory_target(), though. While this leads to the overall process now possibly taking longer (if the previous iteration ended very close to the intended 30s), this compensates to some degree for the value passed really meaning "allowed to run for this long without making progress". Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD --- tools/xl/xl_vmcontrol.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/xl/xl_vmcontrol.c b/tools/xl/xl_vmcontrol.c index d081c6c290..cd338a5422 100644 --- a/tools/xl/xl_vmcontrol.c +++ b/tools/xl/xl_vmcontrol.c @@ -321,7 +321,8 @@ static int domain_wait_event(uint32_t domid, libxl_event **event_r) */ static bool freemem(uint32_t domid, libxl_domain_config *d_config) { - int rc, retries = 3; + int rc; + double credit = 30; uint64_t need_memkb, free_memkb; if (!autoballoon) @@ -332,6 +333,8 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) return false; do { + time_t start; + rc = libxl_get_free_memory(ctx, &free_memkb); if (rc < 0) return false; @@ -345,12 +348,13 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) /* wait until dom0 reaches its target, as long as we are making * progress */ + start = time(NULL); rc = libxl_wait_for_memory_target(ctx, 0, 10); if (rc < 0) return false; - retries--; - } while (retries > 0); + credit -= difftime(time(NULL), start); + } while (credit > 0); return false; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 16:45:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 16:45:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366914.597867 (Exim 4.92) (envelope-from ) id 1oBfTz-0007Pb-FL; Wed, 13 Jul 2022 16:45:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366914.597867; Wed, 13 Jul 2022 16:45:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTz-0007PT-CB; Wed, 13 Jul 2022 16:45:03 +0000 Received: by outflank-mailman (input) for mailman id 366914; Wed, 13 Jul 2022 16:45:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTy-0007PK-Jx for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:45:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfTy-0008CH-J3 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:45:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBfTy-0004kO-IL for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:45:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=D3X+ONmbz88MyfJAMt4UxvQEN2ybJbQAVs07SAljF+c=; b=4Mf8NZzSb8BLaLbf3L22UQjMc2 /QFyX6NW4olJGoMwPzM41pFKYQtPDWTbUwqP0yxdt/y+DNlzTgMNbNdKNWnEt6Uq6dVljhssPk8ka ley+3bCI197dMxSW4FC1B2dnbLi7JtDDAh+g75hmzInX/5lm40HLkviQFWomry+EPm+o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/init-xenstore-domain: fix memory map for PVH stubdom Message-Id: Date: Wed, 13 Jul 2022 16:45:02 +0000 commit 134d53f577076d4f26091e25762f27cc3c73bf58 Author: Juergen Gross AuthorDate: Tue Jul 12 15:25:20 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 15:25:20 2022 +0200 tools/init-xenstore-domain: fix memory map for PVH stubdom In case of maxmem != memsize the E820 map of the PVH stubdom is wrong, as it is missing the RAM above memsize. Additionally the memory map should only specify the Xen special pages as reserved. Signed-off-by: Juergen Gross Reviewed-by: Anthony PERARD --- tools/helpers/init-xenstore-domain.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tools/helpers/init-xenstore-domain.c b/tools/helpers/init-xenstore-domain.c index b4f3c65a8a..2d9ab6f1c5 100644 --- a/tools/helpers/init-xenstore-domain.c +++ b/tools/helpers/init-xenstore-domain.c @@ -71,8 +71,9 @@ static int build(xc_interface *xch) char cmdline[512]; int rv, xs_fd; struct xc_dom_image *dom = NULL; - int limit_kb = (maxmem ? : (memory + 1)) * 1024; + int limit_kb = (maxmem ? : memory) * 1024 + X86_HVM_NR_SPECIAL_PAGES * 4; uint64_t mem_size = MB(memory); + uint64_t max_size = MB(maxmem ? : memory); struct e820entry e820[3]; struct xen_domctl_createdomain config = { .ssidref = SECINITSID_DOMU, @@ -165,13 +166,16 @@ static int build(xc_interface *xch) dom->mmio_start = LAPIC_BASE_ADDRESS; dom->max_vcpus = 1; e820[0].addr = 0; - e820[0].size = dom->lowmem_end; + e820[0].size = (max_size > LAPIC_BASE_ADDRESS) ? + LAPIC_BASE_ADDRESS : max_size; e820[0].type = E820_RAM; - e820[1].addr = LAPIC_BASE_ADDRESS; - e820[1].size = dom->mmio_size; + e820[1].addr = (X86_HVM_END_SPECIAL_REGION - + X86_HVM_NR_SPECIAL_PAGES) << XC_PAGE_SHIFT; + e820[1].size = X86_HVM_NR_SPECIAL_PAGES << XC_PAGE_SHIFT; e820[1].type = E820_RESERVED; e820[2].addr = GB(4); - e820[2].size = dom->highmem_end - GB(4); + e820[2].size = (max_size > LAPIC_BASE_ADDRESS) ? + max_size - LAPIC_BASE_ADDRESS : 0; e820[2].type = E820_RAM; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 16:45:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 16:45:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366915.597872 (Exim 4.92) (envelope-from ) id 1oBfU9-0007SO-HL; Wed, 13 Jul 2022 16:45:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366915.597872; Wed, 13 Jul 2022 16:45:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfU9-0007SG-Dv; Wed, 13 Jul 2022 16:45:13 +0000 Received: by outflank-mailman (input) for mailman id 366915; Wed, 13 Jul 2022 16:45:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfU8-0007SA-NJ for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:45:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBfU8-0008CR-MW for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:45:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBfU8-0004lK-LB for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 16:45:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+hHDbzpCVHwFVvdEdFynuPraa24EVS14zFjQ5upgqzY=; b=QUt9nmcjYH38OIYgkrh164H8bR 1sonTDofU2fA3yRacnow3dRR1/2iG87X++E2Mkpt3mYh1GmEWDQ4aMLaUyn+cne6TuzLaKQh0OPvX /095GNjtC9WYP3NcRLi+VInKDCRI3bs2vNkBI8QU+YCXhMpKz8ZXaFC6AdTN5o/1QabI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/build: remove unneeded enumeration in clean-files of xen/include/Makefile Message-Id: Date: Wed, 13 Jul 2022 16:45:12 +0000 commit 033ae6f88be198b8f56043f94b7076b79b5e447e Author: Juergen Gross AuthorDate: Tue Jul 12 15:25:35 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 12 15:25:35 2022 +0200 xen/build: remove unneeded enumeration in clean-files of xen/include/Makefile Enumerating a file from $(targets) in $(clean-files) isn't needed. Remove hypercall-defs.h and headers*.chk from $(clean-files) in xen/include/Makefile. Reported-by: Jan Beulich Fixes: eca1f00d0227 ("xen: generate hypercall interface related code") Signed-off-by: Juergen Gross Reviewed-by: Anthony PERARD Acked-by: Jan Beulich --- xen/include/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/include/Makefile b/xen/include/Makefile index 39d9f5556c..65d61fc7f4 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -224,5 +224,5 @@ lib-x86-all: all: lib-x86-all endif -clean-files := compat config generated headers*.chk xen/lib/x86/cpuid-autogen.h -clean-files += xen/hypercall-defs.h hypercall-defs.i +clean-files := compat config generated xen/lib/x86/cpuid-autogen.h +clean-files += hypercall-defs.i -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 21:44:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 21:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366979.597966 (Exim 4.92) (envelope-from ) id 1oBk9M-00023c-0p; Wed, 13 Jul 2022 21:44:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366979.597966; Wed, 13 Jul 2022 21:44:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9L-00023V-U7; Wed, 13 Jul 2022 21:44:03 +0000 Received: by outflank-mailman (input) for mailman id 366979; Wed, 13 Jul 2022 21:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9K-00023P-EV for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9K-0004uz-B1 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBk9K-0006sw-9l for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yFCF7mbXZP0rYVzXDnurg13WhM35XR2CTyHV6BEsbPM=; b=al6QP132h/NzBOFXsglKIru2Aa dIHWFVftMv+B66F8Mb+5E0L3GW2njWDxlYVbWg/HYORs5VPlKLjTv/30P6+gnrai9gSj14F0b1Iam 8kryIsjzPhiQ6Jpfn1qgGlgQzyebE4PL3EDK06Ne6JMjjXm0dhcZtvdblW9H5/3FkPEU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Rework spec_ctrl_flags context switching Message-Id: Date: Wed, 13 Jul 2022 21:44:02 +0000 commit 156ab775769d39b2dfb048ccd34dee7e86ba83a2 Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/spec-ctrl: Rework spec_ctrl_flags context switching We are shortly going to need to context switch new bits in both the vcpu and S3 paths. Introduce SCF_IST_MASK and SCF_DOM_MASK, and rework d->arch.verw into d->arch.spec_ctrl_flags to accommodate. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5796912f7279d9348a3166655588d30eae9f72cc) --- xen/arch/x86/acpi/power.c | 8 ++++---- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/spec_ctrl.c | 9 ++++++--- xen/include/asm-x86/domain.h | 3 +-- xen/include/asm-x86/spec_ctrl.h | 30 +++++++++++++++++++++++++++++- xen/include/asm-x86/spec_ctrl_asm.h | 3 --- 6 files changed, 44 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 5eaa77f66a..dd397f7130 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -248,8 +248,8 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; + /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ + ci->spec_ctrl_flags &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -292,8 +292,8 @@ static int enter_state(u32 state) if ( !recheck_cpu_features(0) ) panic("Missing previously available feature(s)\n"); - /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); + /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ + ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 4a61e951fa..79f2c6ab19 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2069,10 +2069,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the VERW disposition. */ - info->spec_ctrl_flags &= ~SCF_verw; - if ( nextd->arch.verw ) - info->spec_ctrl_flags |= SCF_verw; + /* Update the top-of-stack block with the new spec_ctrl settings. */ + info->spec_ctrl_flags = + (info->spec_ctrl_flags & ~SCF_DOM_MASK) | + (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 225fe08259..0fabfbe2a9 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -981,9 +981,12 @@ void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); - d->arch.verw = - (pv ? opt_md_clear_pv : opt_md_clear_hvm) || - (opt_fb_clear_mmio && is_iommu_enabled(d)); + bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || + (opt_fb_clear_mmio && is_iommu_enabled(d))); + + d->arch.spec_ctrl_flags = + (verw ? SCF_verw : 0) | + 0; } void __init init_speculation_mitigations(void) diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index d0df7f83aa..7d6483f21b 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -319,8 +319,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - /* Use VERW on return-to-guest for its flushing side effect. */ - bool verw; + uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 12283573cd..60d6d2dc94 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -20,12 +20,40 @@ #ifndef __X86_SPEC_CTRL_H__ #define __X86_SPEC_CTRL_H__ -/* Encoding of cpuinfo.spec_ctrl_flags */ +/* + * Encoding of: + * cpuinfo.spec_ctrl_flags + * default_spec_ctrl_flags + * domain.spec_ctrl_flags + * + * Live settings are in the top-of-stack block, because they need to be + * accessable when XPTI is active. Some settings are fixed from boot, some + * context switched per domain, and some inhibited in the S3 path. + */ #define SCF_use_shadow (1 << 0) #define SCF_ist_wrmsr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +/* + * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some + * functionality requires updated microcode to work. + * + * On boot, this is easy; we load microcode before figuring out which + * speculative protections to apply. However, on the S3 resume path, we must + * be able to disable the configured mitigations until microcode is reloaded. + * + * These are the controls to inhibit on the S3 resume path until microcode has + * been reloaded. + */ +#define SCF_IST_MASK (SCF_ist_wrmsr) + +/* + * Some speculative protections are per-domain. These settings are merged + * into the top-of-stack block in the context switch path. + */ +#define SCF_DOM_MASK (SCF_verw) + #ifndef __ASSEMBLY__ #include diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 5a590bac44..66b00d511f 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -248,9 +248,6 @@ /* * Use in IST interrupt/exception context. May interrupt Xen or PV context. - * Fine grain control of SCF_ist_wrmsr is needed for safety in the S3 resume - * path to avoid using MSR_SPEC_CTRL before the microcode introducing it has - * been reloaded. */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 21:44:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 21:44:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366980.597970 (Exim 4.92) (envelope-from ) id 1oBk9W-00025p-2g; Wed, 13 Jul 2022 21:44:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366980.597970; Wed, 13 Jul 2022 21:44:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9V-00025f-Vs; Wed, 13 Jul 2022 21:44:13 +0000 Received: by outflank-mailman (input) for mailman id 366980; Wed, 13 Jul 2022 21:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9U-00025O-FP for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9U-0004v3-EY for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBk9U-0006u6-DK for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VoFHuwewO5Wd6NRwkXRSnLCjPH0/1sUTkZnQXXrhHBI=; b=yZVawY3LIP4QFyz7Gg6EAuaOwk FuMMzWD6BJKG2phChny2eEDPDzETKYYnroHsNWQ/Fj1GCGpt73ZDbX/xkGP9pzLKXXgkJ48XCj7VP 27IxSrIh6XJKybohNQYlAvy8Gip2imRZPj/6zMLs1YLns88jbcUoBzj5K0Ys9OE4VuoM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr Message-Id: Date: Wed, 13 Jul 2022 21:44:12 +0000 commit 2cfbca32b9dc3a8d6520549ff468a7f550daf1b1 Author: Andrew Cooper AuthorDate: Tue Jun 28 14:36:56 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr We are about to introduce SCF_ist_ibpb, at which point SCF_ist_wrmsr becomes ambiguous. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76d6a36f645dfdbad8830559d4d52caf36efc75e) --- xen/arch/x86/spec_ctrl.c | 6 +++--- xen/include/asm-x86/spec_ctrl.h | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0fabfbe2a9..a6def47061 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1086,7 +1086,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1097,7 +1097,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1110,7 +1110,7 @@ void __init init_speculation_mitigations(void) * on real hardware matches the availability of MSR_SPEC_CTRL in the * first place. * - * No need for SCF_ist_wrmsr because Xen's value is restored + * No need for SCF_ist_sc_msr because Xen's value is restored * atomically WRT NMIs in the VMExit path. * * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 60d6d2dc94..6f8b0e0934 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -31,7 +31,7 @@ * context switched per domain, and some inhibited in the S3 path. */ #define SCF_use_shadow (1 << 0) -#define SCF_ist_wrmsr (1 << 1) +#define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) @@ -46,7 +46,7 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_wrmsr) +#define SCF_IST_MASK (SCF_ist_sc_msr) /* * Some speculative protections are per-domain. These settings are merged diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 66b00d511f..0ff1b118f8 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -266,8 +266,8 @@ .L\@_skip_rsb: - test $SCF_ist_wrmsr, %al - jz .L\@_skip_wrmsr + test $SCF_ist_sc_msr, %al + jz .L\@_skip_msr_spec_ctrl xor %edx, %edx testb $3, UREGS_cs(%rsp) @@ -290,7 +290,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * to speculate around the WRMSR. As a result, we need a dispatch * serialising instruction in the else clause. */ -.L\@_skip_wrmsr: +.L\@_skip_msr_spec_ctrl: lfence UNLIKELY_END(\@_serialise) .endm @@ -301,7 +301,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %rbx=stack_end * Clobbers %rax, %rcx, %rdx */ - testb $SCF_ist_wrmsr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) + testb $SCF_ist_sc_msr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) jz .L\@_skip DO_SPEC_CTRL_EXIT_TO_XEN -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 21:44:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 21:44:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366981.597974 (Exim 4.92) (envelope-from ) id 1oBk9g-00028k-4P; Wed, 13 Jul 2022 21:44:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366981.597974; Wed, 13 Jul 2022 21:44:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9g-00028c-1M; Wed, 13 Jul 2022 21:44:24 +0000 Received: by outflank-mailman (input) for mailman id 366981; Wed, 13 Jul 2022 21:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9e-000289-Jn for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9e-0004vM-Is for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBk9e-0006vX-Go for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lGejBTxYnZeVEdO6QYglLg16j8+aqotWzHAdZsqCfxI=; b=4lCDHvaT1iUAKL9nzHtjsGKsDd w7xUBpzEiLp6JLvtnKAScl6uA/Vn8G9RuDBOhJglRyvK/P6o0tagiWfqssHSOm/gXCEnyKtziZZGR LA3OU4k85YYDGXX6AGsRs4CN16J3Dl+gADQyVMrQZ6iVPdezdQzh/OU+QEBW67hm76Bc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch Message-Id: Date: Wed, 13 Jul 2022 21:44:22 +0000 commit c707015bf118df2c43e3a48b3774916322fca50a Author: Andrew Cooper AuthorDate: Mon Jul 4 21:32:17 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch We are about to introduce the use of IBPB at different points in Xen, making opt_ibpb ambiguous. Rename it to opt_ibpb_ctxt_switch. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit a8e5ef079d6f5c88c472e3e620db5a8d1402a50d) --- xen/arch/x86/domain.c | 2 +- xen/arch/x86/spec_ctrl.c | 10 +++++----- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 79f2c6ab19..2838f976d7 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2041,7 +2041,7 @@ void context_switch(struct vcpu *prev, struct vcpu *next) ctxt_switch_levelling(next); - if ( opt_ibpb && !is_idle_domain(nextd) ) + if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) ) { static DEFINE_PER_CPU(unsigned int, last); unsigned int *last_id = &this_cpu(last); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index a6def47061..ced0f8c2ae 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -54,7 +54,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb = true; +bool __read_mostly opt_ibpb_ctxt_switch = true; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -117,7 +117,7 @@ static int __init parse_spec_ctrl(const char *s) opt_thunk = THUNK_JMP; opt_ibrs = 0; - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; opt_ssbd = false; opt_l1d_flush = 0; opt_branch_harden = false; @@ -238,7 +238,7 @@ static int __init parse_spec_ctrl(const char *s) /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + opt_ibpb_ctxt_switch = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -458,7 +458,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", - opt_ibpb ? " IBPB" : "", + opt_ibpb_ctxt_switch ? " IBPB-ctxt" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm || opt_fb_clear_mmio ? " VERW" : "", @@ -1193,7 +1193,7 @@ void __init init_speculation_mitigations(void) /* Check we have hardware IBPB support before using it... */ if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 6f8b0e0934..fd8162ca9a 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -63,7 +63,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb; +extern bool opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 21:44:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 21:44:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366982.597980 (Exim 4.92) (envelope-from ) id 1oBk9p-0002BB-7n; Wed, 13 Jul 2022 21:44:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366982.597980; Wed, 13 Jul 2022 21:44:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9p-0002Az-2y; Wed, 13 Jul 2022 21:44:33 +0000 Received: by outflank-mailman (input) for mailman id 366982; Wed, 13 Jul 2022 21:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9o-0002Am-Mv for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9o-0004vY-M1 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBk9o-0006wQ-L2 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bJEyFSgj3IaKTYLCrJpnSnlxC6mfyKDuw+7Uj39+Rsc=; b=RmxRFXHpkUINKZcfnOg+aPc/5B Z68Z/htdzZc+MV+qYDTcvjARbbY0kwCpfrWxLQRUdQ97D05RufQqnzUZSgKocw8s5MUULPqWRvsqB snfv3O/UBnAZDwN47qvanJgZS+X86XCi9imlyH9iM2Cn7LO+HE0PtTbg0zs0LPO29rQc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST Message-Id: Date: Wed, 13 Jul 2022 21:44:32 +0000 commit d7f5fb1e2abd0d56cada9bfcf96ab530d214d9aa Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST We are shortly going to add a conditional IBPB in this path. Therefore, we cannot hold spec_ctrl_flags in %eax, and rely on only clobbering it after we're done with its contents. %rbx is available for use, and the more normal register to hold preserved information in. With %rax freed up, use it instead of %rdx for the RSB tmp register, and for the adjustment to spec_ctrl_flags. This leaves no use of %rdx, except as 0 for the upper half of WRMSR. In practice, %rdx is 0 from SAVE_ALL on all paths and isn't likely to change in the foreseeable future, so update the macro entry requirements to state this dependency. This marginal optimisation can be revisited if circumstances change. No practical change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e9b8d31981f184c6539f91ec54bd9cae29cdae36) --- xen/arch/x86/x86_64/entry.S | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 21 ++++++++++----------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 2f3f48ff27..9bfc5964a9 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -874,7 +874,7 @@ ENTRY(double_fault) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rbx @@ -910,7 +910,7 @@ handle_ist_exception: GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 0ff1b118f8..15e24cde00 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -251,34 +251,33 @@ */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* - * Requires %rsp=regs, %r14=stack_end - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY * maybexen=1, but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %eax + movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx - test $SCF_ist_rsb, %al + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb - DO_OVERWRITE_RSB tmp=rdx /* Clobbers %rcx/%rdx */ + DO_OVERWRITE_RSB /* Clobbers %rax/%rcx */ .L\@_skip_rsb: - test $SCF_ist_sc_msr, %al + test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl - xor %edx, %edx + xor %eax, %eax testb $3, UREGS_cs(%rsp) - setnz %dl - not %edx - and %dl, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + setnz %al + not %eax + and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax - xor %edx, %edx wrmsr /* Opencoded UNLIKELY_START() with no condition. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 21:44:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 21:44:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366983.597981 (Exim 4.92) (envelope-from ) id 1oBk9z-0002E7-7B; Wed, 13 Jul 2022 21:44:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366983.597981; Wed, 13 Jul 2022 21:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9z-0002E0-4i; Wed, 13 Jul 2022 21:44:43 +0000 Received: by outflank-mailman (input) for mailman id 366983; Wed, 13 Jul 2022 21:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9y-0002Dt-Q5 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBk9y-0004vi-PC for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBk9y-0006xT-OT for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YMtGoSxXcQjMVSWBRpwkprEgm7vy4uQef1VVrkEZJIA=; b=yp/hIpEQxWEDCRUqWoriIrPNUu g4Txq5L+lpWy0kW80ZjefWwZLBjfzrRg7NPzCQem5HgFSRQGiO58Qyk6rxXpJ+a1uFQmK1RhSIhof nVrd+FOIC3pVwAvO1evItc9AUnVuDuqioq6DpzJC5ChmlmiZ3WWwAsS+52Fuc10V5M7c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Support IBPB-on-entry Message-Id: Date: Wed, 13 Jul 2022 21:44:42 +0000 commit f0d78e0c11d3984c74f34a7325f862dee93a5835 Author: Andrew Cooper AuthorDate: Thu Feb 24 13:44:33 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/spec-ctrl: Support IBPB-on-entry We are going to need this to mitigate Branch Type Confusion on AMD/Hygon CPUs, but as we've talked about using it in other cases too, arrange to support it generally. However, this is also very expensive in some cases, so we're going to want per-domain controls. Introduce SCF_ist_ibpb and SCF_entry_ibpb controls, adding them to the IST and DOM masks as appropriate. Also introduce X86_FEATURE_IBPB_ENTRY_{PV,HVM} to to patch the code blocks. For SVM, the STGI is serialising enough to protect against Spectre-v1 attacks, so no "else lfence" is necessary. VT-x will use use the MSR host load list, so doesn't need any code in the VMExit path. For the IST path, we can't safely check CPL==0 to skip a flush, as we might have hit an entry path before it's IBPB. As IST hitting Xen is rare, flush irrespective of CPL. A later path, SCF_ist_sc_msr, provides Spectre-v1 safety. For the PV paths, we know we're interrupting CPL>0, while for the INTR paths, we can safely check CPL==0. Only flush when interrupting guest context. An "else lfence" is needed for safety, but we want to be able to skip it on unaffected CPUs, so the block wants to be an alternative, which means the lfence has to be inline rather than UNLIKELY() (the replacement block doesn't have displacements fixed up for anything other than the first instruction). As with SPEC_CTRL_ENTRY_FROM_INTR_IST, %rdx is 0 on entry so rely on this to shrink the logic marginally. Update the comments to specify this new dependency. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 53a570b285694947776d5190f591a0d5b9b18de7) --- xen/arch/x86/hvm/svm/entry.S | 18 +++++++++++++- xen/arch/x86/hvm/vmx/vmcs.c | 4 +++ xen/arch/x86/x86_64/compat/entry.S | 4 +-- xen/arch/x86/x86_64/entry.S | 10 ++++---- xen/include/asm-x86/cpufeatures.h | 2 ++ xen/include/asm-x86/spec_ctrl.h | 6 +++-- xen/include/asm-x86/spec_ctrl_asm.h | 49 +++++++++++++++++++++++++++++++++++-- 7 files changed, 81 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 4ae55a2ef6..0ff4008060 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -97,7 +97,19 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + + .macro svm_vmexit_cond_ibpb + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + jz .L_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr +.L_skip_ibpb: + .endm + ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM .macro svm_vmexit_spec_ctrl @@ -114,6 +126,10 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ + /* + * STGI is executed unconditionally, and is sufficiently serialising + * to safely resolve any Spectre-v1 concerns in the above logic. + */ stgi GLOBAL(svm_stgi_label) mov %rsp,%rdi diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index f9f9bc18cd..dd817cee4e 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1345,6 +1345,10 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); + if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, + VMX_MSR_HOST); + out: vmx_vmcs_exit(v); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 0cfe953142..5c999271e6 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -20,7 +20,7 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, 4(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ CR4_PV32_RESTORE @@ -216,7 +216,7 @@ ENTRY(cstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 9bfc5964a9..3c85933256 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -260,7 +260,7 @@ ENTRY(lstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -299,7 +299,7 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -351,7 +351,7 @@ ENTRY(int80_direct_trap) movl $0x80, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -618,7 +618,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -652,7 +652,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index f7488d3ccb..b233e5835f 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -39,6 +39,8 @@ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ +XEN_CPUFEATURE(IBPB_ENTRY_PV, X86_SYNTH(28)) /* MSR_PRED_CMD used by Xen for PV */ +XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for HVM */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index fd8162ca9a..10cd0cd251 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -34,6 +34,8 @@ #define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +#define SCF_ist_ibpb (1 << 4) +#define SCF_entry_ibpb (1 << 5) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -46,13 +48,13 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_sc_msr) +#define SCF_IST_MASK (SCF_ist_sc_msr | SCF_ist_ibpb) /* * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 15e24cde00..9eb4ad9ab7 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -88,6 +88,35 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ +.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +/* + * Requires %rsp=regs (also cpuinfo if !maybexen) + * Requires %r14=stack_end (if maybexen), %rdx=0 + * Clobbers %rax, %rcx, %rdx + * + * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen + * case, we can safely look at UREGS_cs to skip taking the hit when + * interrupting Xen. + */ + .if \maybexen + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + jz .L\@_skip + testb $3, UREGS_cs(%rsp) + .else + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + .endif + jz .L\@_skip + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + jmp .L\@_done + +.L\@_skip: + lfence +.L\@_done: +.endm + .macro DO_OVERWRITE_RSB tmp=rax /* * Requires nothing @@ -225,12 +254,16 @@ /* Use after an entry from PV context (syscall/sysenter/int80/int82/etc). */ #define SPEC_CTRL_ENTRY_FROM_PV \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV /* Use in interrupt/exception context. May interrupt Xen or PV context. */ #define SPEC_CTRL_ENTRY_FROM_INTR \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV @@ -254,11 +287,23 @@ * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rbx, %rcx, %rdx * - * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY - * maybexen=1, but with conditionals rather than alternatives. + * This is logical merge of: + * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_OVERWRITE_RSB + * DO_SPEC_CTRL_ENTRY maybexen=1 + * but with conditionals rather than alternatives. */ movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + test $SCF_ist_ibpb, %bl + jz .L\@_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + +.L\@_skip_ibpb: + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 21:44:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 21:44:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366984.597986 (Exim 4.92) (envelope-from ) id 1oBkA9-0002HU-AT; Wed, 13 Jul 2022 21:44:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366984.597986; Wed, 13 Jul 2022 21:44:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBkA9-0002HN-7i; Wed, 13 Jul 2022 21:44:53 +0000 Received: by outflank-mailman (input) for mailman id 366984; Wed, 13 Jul 2022 21:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBkA8-0002HF-T7 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBkA8-0004wF-SF for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBkA8-0006yI-Rc for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:44:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2uZZUEAPrcShVlAmLZdt21ZbLxWEhpfadQOozLFcWMs=; b=dLbeaPeIt4cO3rsXRme09G48t8 k4g4JEa7rssU8FCNhNtHvBGDAKZqoncpKr5yEd9/m88/Ca08LG5KVBZNa0zbdEcUBYK+sTGHFef8I 2i80igrsIkiDBcq3Px1OJsJt6oiiL+uzn8m7n/nHO3hnEp9OsDh2jgBaxWW/cMdD2daA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/cpuid: Enumeration for BTC_NO Message-Id: Date: Wed, 13 Jul 2022 21:44:52 +0000 commit 2b29ac476fa0c91655906fac3512202e514ecbed Author: Andrew Cooper AuthorDate: Mon May 16 15:48:24 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/cpuid: Enumeration for BTC_NO BTC_NO indicates that hardware is not succeptable to Branch Type Confusion. Zen3 CPUs don't suffer BTC. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76cb04ad64f3ab9ae785988c40655a71dde9c319) --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/cpu/amd.c | 10 ++++++++++ xen/arch/x86/spec_ctrl.c | 5 +++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index 9a4eb8015a..2632efc6ad 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -283,6 +283,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1}, {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, + {"btc-no", 0x80000008, NA, CPUID_REG_EBX, 29, 1}, {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 12111fe12d..e83bc4793d 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -157,7 +157,7 @@ static const char *const str_e8b[32] = /* [22] */ [23] = "ppin", [24] = "amd-ssbd", [25] = "virt-ssbd", [26] = "ssb-no", - [28] = "psfd", + [28] = "psfd", [29] = "btc-no", }; static const char *const str_7d0[32] = diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 986672a072..675b877f19 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -822,6 +822,16 @@ static void init_amd(struct cpuinfo_x86 *c) warning_add(text); } break; + + case 0x19: + /* + * Zen3 (Fam19h model < 0x10) parts are not susceptible to + * Branch Type Confusion, but predate the allocation of the + * BTC_NO bit. Fill it back in if we're not virtualised. + */ + if (!cpu_has_hypervisor && !cpu_has(c, X86_FEATURE_BTC_NO)) + __set_bit(X86_FEATURE_BTC_NO, c->x86_capability); + break; } display_cacheinfo(c); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ced0f8c2ae..9f66c71551 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -388,7 +388,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * Hardware read-only information, stating immunity to certain issues, or * suggestions of which mitigation to use. */ - printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", @@ -403,7 +403,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (e8b & cpufeat_mask(X86_FEATURE_IBRS_ALWAYS)) ? " IBRS_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", - (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : ""); + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : "", + (e8b & cpufeat_mask(X86_FEATURE_BTC_NO)) ? " BTC_NO" : ""); /* Hardware features which need driving to mitigate issues. */ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 9686c82ed7..1bbc7da4b5 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -265,6 +265,7 @@ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(BTC_NO, 8*32+29) /*A Hardware not vulnerable to Branch Type Confusion */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 21:45:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 21:45:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366985.597990 (Exim 4.92) (envelope-from ) id 1oBkAK-0002KY-CW; Wed, 13 Jul 2022 21:45:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366985.597990; Wed, 13 Jul 2022 21:45:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBkAK-0002KQ-9P; Wed, 13 Jul 2022 21:45:04 +0000 Received: by outflank-mailman (input) for mailman id 366985; Wed, 13 Jul 2022 21:45:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBkAJ-0002KH-08 for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:45:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBkAI-0004wu-VV for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:45:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBkAI-0006zj-Ud for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:45:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IdMNnN90KB9j6prXdiWLHrZQXhPxJAkLR69ZZ/Tr6nU=; b=Y3GQKZ9s1XE/nJx7RQKgp3z8Gk AxkTckzdwa9/nJZGzaSywv4h6N58KgWV0LJRSeO7H5B1o9aBvY23Uk1cEEAm0a/tb4gRwB4xUHHP2 paC49lfkvJIquEXwyBYcJygHJcwM7NmNHtV4XAuKtwlZowdu9POOccgakmQzA97zF0bQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Enable Zen2 chickenbit Message-Id: Date: Wed, 13 Jul 2022 21:45:02 +0000 commit 409976bed91f61fb7b053d536d2fc87cf3ad7018 Author: Andrew Cooper AuthorDate: Tue Mar 15 18:30:25 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/spec-ctrl: Enable Zen2 chickenbit ... as instructed in the Branch Type Confusion whitepaper. This is part of XSA-407. Signed-off-by: Andrew Cooper (cherry picked from commit 9deaf2d932f08c16c6b96a1c426e4b1142c0cdbe) --- xen/arch/x86/cpu/amd.c | 28 ++++++++++++++++++++++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 6 ++++++ xen/include/asm-x86/msr-index.h | 1 + 4 files changed, 36 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 675b877f19..60dbe61a61 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -731,6 +731,31 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) printk_once(XENLOG_ERR "No SSBD controls available\n"); } +/* + * On Zen2 we offer this chicken (bit) on the altar of Speculation. + * + * Refer to the AMD Branch Type Confusion whitepaper: + * https://XXX + * + * Setting this unnamed bit supposedly causes prediction information on + * non-branch instructions to be ignored. It is to be set unilaterally in + * newer microcode. + * + * This chickenbit is something unrelated on Zen1, and Zen1 vs Zen2 isn't a + * simple model number comparison, so use STIBP as a heuristic to separate the + * two uarches in Fam17h(AMD)/18h(Hygon). + */ +void amd_init_spectral_chicken(void) +{ + uint64_t val, chickenbit = 1 << 1; + + if (cpu_has_hypervisor || !boot_cpu_has(X86_FEATURE_AMD_STIBP)) + return; + + if (rdmsr_safe(MSR_AMD64_DE_CFG2, val) == 0 && !(val & chickenbit)) + wrmsr_safe(MSR_AMD64_DE_CFG2, val | chickenbit); +} + static void init_amd(struct cpuinfo_x86 *c) { u32 l, h; @@ -783,6 +808,9 @@ static void init_amd(struct cpuinfo_x86 *c) amd_init_ssbd(c); + if (c->x86 == 0x17) + amd_init_spectral_chicken(); + /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 1a5b3918b3..e76ab5ce1a 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -22,3 +22,4 @@ void early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); +void amd_init_spectral_chicken(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 3845e0cf0e..0cb0e7d55e 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -36,6 +36,12 @@ static void init_hygon(struct cpuinfo_x86 *c) amd_init_ssbd(c); + /* + * TODO: Check heuristic safety with Hygon first + if (c->x86 == 0x18) + amd_init_spectral_chicken(); + */ + /* MFENCE stops RDTSC speculation */ if (!cpu_has_lfence_dispatch) __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability); diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 1e743461e9..b4a360723b 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -359,6 +359,7 @@ #define MSR_AMD64_DE_CFG 0xc0011029 #define AMD64_DE_CFG_LFENCE_SERIALISE (_AC(1, ULL) << 1) #define MSR_AMD64_EX_CFG 0xc001102c +#define MSR_AMD64_DE_CFG2 0xc00110e3 #define MSR_AMD64_DR0_ADDRESS_MASK 0xc0011027 #define MSR_AMD64_DR1_ADDRESS_MASK 0xc0011019 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 13 21:45:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Jul 2022 21:45:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.366986.597994 (Exim 4.92) (envelope-from ) id 1oBkAU-0002NQ-Ds; Wed, 13 Jul 2022 21:45:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 366986.597994; Wed, 13 Jul 2022 21:45:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBkAU-0002NI-BD; Wed, 13 Jul 2022 21:45:14 +0000 Received: by outflank-mailman (input) for mailman id 366986; Wed, 13 Jul 2022 21:45:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBkAT-0002N8-3I for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:45:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBkAT-0004x7-2S for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:45:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBkAT-00070L-1g for xen-changelog@lists.xenproject.org; Wed, 13 Jul 2022 21:45:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=inzRiSdSkzJUCXfr2fjnnUcYbULkn6ljOdgwfB7jj/0=; b=BUERohU2NWkcHRvJNptD4DO/ND ALul5dtY56ImQ1b0PHws9lShtS9PsR0eqGT18K1SgHE5C9E7PJ7B4an6GKcKDZ9jh3wYu5XhLp2c6 FwIAiH9O/RcLi18rYALo8iI+ltpPbqtDNMlxQ8ND1RoNT66uorTfjJUr+ayjU9XHLOpY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Mitigate Branch Type Confusion when possible Message-Id: Date: Wed, 13 Jul 2022 21:45:13 +0000 commit 35bf91d30f1a480dcf5bfd99b79384b2b283da7f Author: Andrew Cooper AuthorDate: Mon Jun 27 19:29:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:28:26 2022 +0100 x86/spec-ctrl: Mitigate Branch Type Confusion when possible Branch Type Confusion affects AMD/Hygon CPUs on Zen2 and earlier. To mitigate, we require SMT safety (STIBP on Zen2, no-SMT on Zen1), and to issue an IBPB on each entry to Xen, to flush the BTB. Due to performance concerns, dom0 (which is trusted in most configurations) is excluded from protections by default. Therefore: * Use STIBP by default on Zen2 too, which now means we want it on by default on all hardware supporting STIBP. * Break the current IBPB logic out into a new function, extending it with IBPB-at-entry logic. * Change the existing IBPB-at-ctxt-switch boolean to be tristate, and disable it by default when IBPB-at-entry is providing sufficient safety. If all PV guests on the system are trusted, then it is recommended to boot with `spec-ctrl=ibpb-entry=no-pv`, as this will provide an additional marginal perf improvement. This is part of XSA-407 / CVE-2022-23825. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit d8cb7e0f069e0f106d24941355b59b45a731eabe) --- docs/misc/xen-command-line.pandoc | 14 +++-- xen/arch/x86/spec_ctrl.c | 113 ++++++++++++++++++++++++++++++++++---- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 112 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index b06db5f654..b73c4a6050 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2170,7 +2170,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,md-clear}=|{pv,hvm}=, +> {msr-sc,rsb,md-clear,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2195,9 +2195,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine -grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and/or Xen's ability to virtualise support for guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `md-clear=` and `ibpb-entry=` options +offer fine grained control over the primitives by Xen. These impact Xen's +ability to protect itself, and/or Xen's ability to virtualise support for +guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2216,6 +2217,11 @@ protect itself, and/or Xen's ability to virtualise support for guests to use. compatibility with development versions of this fix, `mds=` is also accepted on Xen 4.12 and earlier as an alias. Consult vendor documentation in preference to here.* +* `ibpb-entry=` offers control over whether IBPB (Indirect Branch Prediction + Barrier) is used on entry to Xen. This is used by default on hardware + vulnerable to Branch Type Confusion, but for performance reasons, dom0 is + unprotected by default. If it necessary to protect dom0 too, boot with + `spec-ctrl=ibpb-entry`. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 9f66c71551..563519ce0e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -39,6 +39,10 @@ static bool __initdata opt_rsb_hvm = true; static int8_t __read_mostly opt_md_clear_pv = -1; static int8_t __read_mostly opt_md_clear_hvm = -1; +static int8_t __read_mostly opt_ibpb_entry_pv = -1; +static int8_t __read_mostly opt_ibpb_entry_hvm = -1; +static bool __read_mostly opt_ibpb_entry_dom0; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -54,7 +58,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb_ctxt_switch = true; +int8_t __read_mostly opt_ibpb_ctxt_switch = -1; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; bool __read_mostly opt_branch_harden = true; @@ -114,6 +118,9 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = false; opt_md_clear_pv = 0; opt_md_clear_hvm = 0; + opt_ibpb_entry_pv = 0; + opt_ibpb_entry_hvm = 0; + opt_ibpb_entry_dom0 = false; opt_thunk = THUNK_JMP; opt_ibrs = 0; @@ -140,12 +147,14 @@ static int __init parse_spec_ctrl(const char *s) opt_msr_sc_pv = val; opt_rsb_pv = val; opt_md_clear_pv = val; + opt_ibpb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { opt_msr_sc_hvm = val; opt_rsb_hvm = val; opt_md_clear_hvm = val; + opt_ibpb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -210,6 +219,28 @@ static int __init parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("ibpb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_ibpb_entry_pv = opt_ibpb_entry_hvm = + opt_ibpb_entry_dom0 = val; + break; + + case -2: + s += strlen("ibpb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_ibpb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_ibpb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -477,27 +508,31 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -730,6 +765,55 @@ static bool __init should_use_eager_fpu(void) } } +static void __init ibpb_calculations(void) +{ + /* Check we have hardware IBPB support before using it... */ + if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) + { + opt_ibpb_entry_hvm = opt_ibpb_entry_pv = opt_ibpb_ctxt_switch = 0; + opt_ibpb_entry_dom0 = false; + return; + } + + /* + * IBPB-on-entry mitigations for Branch Type Confusion. + * + * IBPB && !BTC_NO selects all AMD/Hygon hardware, not known to be safe, + * that we can provide some form of mitigation on. + */ + if ( opt_ibpb_entry_pv == -1 ) + opt_ibpb_entry_pv = (IS_ENABLED(CONFIG_PV) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + if ( opt_ibpb_entry_hvm == -1 ) + opt_ibpb_entry_hvm = (IS_ENABLED(CONFIG_HVM) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + + if ( opt_ibpb_entry_pv ) + { + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_PV); + + /* + * We only need to flush in IST context if we're protecting against PV + * guests. HVM IBPB-on-entry protections are both atomic with + * NMI/#MC, so can't interrupt Xen ahead of having already flushed the + * BTB. + */ + default_spec_ctrl_flags |= SCF_ist_ibpb; + } + if ( opt_ibpb_entry_hvm ) + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); + + /* + * If we're using IBPB-on-entry to protect against PV and HVM guests + * (ignoring dom0 if trusted), then there's no need to also issue IBPB on + * context switch too. + */ + if ( opt_ibpb_ctxt_switch == -1 ) + opt_ibpb_ctxt_switch = !(opt_ibpb_entry_hvm && opt_ibpb_entry_pv); +} + /* Calculate whether this CPU is vulnerable to L1TF. */ static __init void l1tf_calculations(uint64_t caps) { @@ -985,8 +1069,12 @@ void spec_ctrl_init_domain(struct domain *d) bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || (opt_fb_clear_mmio && is_iommu_enabled(d))); + bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && + (d->domain_id != 0 || opt_ibpb_entry_dom0)); + d->arch.spec_ctrl_flags = (verw ? SCF_verw : 0) | + (ibpb ? SCF_entry_ibpb : 0) | 0; } @@ -1133,12 +1221,15 @@ void __init init_speculation_mitigations(void) } /* - * Use STIBP by default if the hardware hint is set. Otherwise, leave it - * off as it a severe performance pentalty on pre-eIBRS Intel hardware - * where it was retrofitted in microcode. + * Use STIBP by default on all AMD systems. Zen3 and later enumerate + * STIBP_ALWAYS, but STIBP is needed on Zen2 as part of the mitigations + * for Branch Type Confusion. + * + * Leave STIBP off by default on Intel. Pre-eIBRS systems suffer a + * substantial perf hit when it was implemented in microcode. */ if ( opt_stibp == -1 ) - opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + opt_stibp = !!boot_cpu_has(X86_FEATURE_AMD_STIBP); if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) @@ -1192,9 +1283,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_hvm ) setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM); - /* Check we have hardware IBPB support before using it... */ - if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb_ctxt_switch = false; + ibpb_calculations(); /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 10cd0cd251..33e845991b 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -65,7 +65,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb_ctxt_switch; +extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Jul 14 10:22:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 14 Jul 2022 10:22:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.367282.598363 (Exim 4.92) (envelope-from ) id 1oBvys-0002qf-Sl; Thu, 14 Jul 2022 10:22:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 367282.598363; Thu, 14 Jul 2022 10:22:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvys-0002qT-Pe; Thu, 14 Jul 2022 10:22:02 +0000 Received: by outflank-mailman (input) for mailman id 367282; Thu, 14 Jul 2022 10:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvyr-0002qF-Vv for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvyr-0001K8-V2 for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBvyr-0004VL-TK for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CxHRLPYRK/+h+HyYT+eeu9Xm28Ktq+RPC6qwtHyKMRU=; b=ARKP0ScXrh3HFgnWvmrSKvEhbT Ni9pr3l8yde45yfgzgVW4aVlDs6X5qckLV7ntNy7WD3Xt4dBPYSzRMrPGYybv09MuCnw4E6ZJi0qy kYslvqVtjkaREJge4Z/zgzyRfjNHOokIdIXGlTqXqomS0/SrA/+0JoiPoh+S7cpJsijQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Rework spec_ctrl_flags context switching Message-Id: Date: Thu, 14 Jul 2022 10:22:01 +0000 commit 5796912f7279d9348a3166655588d30eae9f72cc Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/spec-ctrl: Rework spec_ctrl_flags context switching We are shortly going to need to context switch new bits in both the vcpu and S3 paths. Introduce SCF_IST_MASK and SCF_DOM_MASK, and rework d->arch.verw into d->arch.spec_ctrl_flags to accommodate. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 8 ++++---- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/include/asm/domain.h | 3 +-- xen/arch/x86/include/asm/spec_ctrl.h | 30 +++++++++++++++++++++++++++++- xen/arch/x86/include/asm/spec_ctrl_asm.h | 3 --- xen/arch/x86/spec_ctrl.c | 9 ++++++--- 6 files changed, 44 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index c4e7e86989..1bb4d78392 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -248,8 +248,8 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; + /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ + ci->spec_ctrl_flags &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -292,8 +292,8 @@ static int enter_state(u32 state) if ( !recheck_cpu_features(0) ) panic("Missing previously available feature(s)\n"); - /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); + /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ + ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 408ee284ed..21dbf7b822 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2123,10 +2123,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the VERW disposition. */ - info->spec_ctrl_flags &= ~SCF_verw; - if ( nextd->arch.verw ) - info->spec_ctrl_flags |= SCF_verw; + /* Update the top-of-stack block with the new spec_ctrl settings. */ + info->spec_ctrl_flags = + (info->spec_ctrl_flags & ~SCF_DOM_MASK) | + (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/domain.h index ad01ee68e1..4e59ca8c4e 100644 --- a/xen/arch/x86/include/asm/domain.h +++ b/xen/arch/x86/include/asm/domain.h @@ -324,8 +324,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - /* Use VERW on return-to-guest for its flushing side effect. */ - bool verw; + uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 7e83e0179f..3cd72e4030 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -20,12 +20,40 @@ #ifndef __X86_SPEC_CTRL_H__ #define __X86_SPEC_CTRL_H__ -/* Encoding of cpuinfo.spec_ctrl_flags */ +/* + * Encoding of: + * cpuinfo.spec_ctrl_flags + * default_spec_ctrl_flags + * domain.spec_ctrl_flags + * + * Live settings are in the top-of-stack block, because they need to be + * accessable when XPTI is active. Some settings are fixed from boot, some + * context switched per domain, and some inhibited in the S3 path. + */ #define SCF_use_shadow (1 << 0) #define SCF_ist_wrmsr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +/* + * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some + * functionality requires updated microcode to work. + * + * On boot, this is easy; we load microcode before figuring out which + * speculative protections to apply. However, on the S3 resume path, we must + * be able to disable the configured mitigations until microcode is reloaded. + * + * These are the controls to inhibit on the S3 resume path until microcode has + * been reloaded. + */ +#define SCF_IST_MASK (SCF_ist_wrmsr) + +/* + * Some speculative protections are per-domain. These settings are merged + * into the top-of-stack block in the context switch path. + */ +#define SCF_DOM_MASK (SCF_verw) + #ifndef __ASSEMBLY__ #include diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 5a590bac44..66b00d511f 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -248,9 +248,6 @@ /* * Use in IST interrupt/exception context. May interrupt Xen or PV context. - * Fine grain control of SCF_ist_wrmsr is needed for safety in the S3 resume - * path to avoid using MSR_SPEC_CTRL before the microcode introducing it has - * been reloaded. */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 328862bdf5..97b0272ecc 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1011,9 +1011,12 @@ void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); - d->arch.verw = - (pv ? opt_md_clear_pv : opt_md_clear_hvm) || - (opt_fb_clear_mmio && is_iommu_enabled(d)); + bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || + (opt_fb_clear_mmio && is_iommu_enabled(d))); + + d->arch.spec_ctrl_flags = + (verw ? SCF_verw : 0) | + 0; } void __init init_speculation_mitigations(void) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 14 10:22:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 14 Jul 2022 10:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.367286.598369 (Exim 4.92) (envelope-from ) id 1oBvz3-00030Q-0u; Thu, 14 Jul 2022 10:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 367286.598369; Thu, 14 Jul 2022 10:22:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvz2-00030F-TC; Thu, 14 Jul 2022 10:22:12 +0000 Received: by outflank-mailman (input) for mailman id 367286; Thu, 14 Jul 2022 10:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvz2-0002zw-2p for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvz2-0001KJ-24 for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBvz2-0004W4-1J for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5v0kZReuI/p7sh7ZpwGZpvSW4FMIGkXH1WxWqc9gnLA=; b=tyEjUPHD7MZNlQ8ugWMewAji+4 8U6TlkuSH4mvVRuG7IV0OnJbS3d7vDD/m8t+Z8d3Ul7u9zvulNn00dN3+W3Dhs3iRkTJ5fiCaBw82 inMlaNF5XmVtW763EvP0rsqOeKz4GspH7T/e3+uEQodmyBCGmOGL9WaSS/NaP9Zp+yM8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr Message-Id: Date: Thu, 14 Jul 2022 10:22:12 +0000 commit 76d6a36f645dfdbad8830559d4d52caf36efc75e Author: Andrew Cooper AuthorDate: Tue Jun 28 14:36:56 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr We are about to introduce SCF_ist_ibpb, at which point SCF_ist_wrmsr becomes ambiguous. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/spec_ctrl.h | 4 ++-- xen/arch/x86/include/asm/spec_ctrl_asm.h | 8 ++++---- xen/arch/x86/spec_ctrl.c | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 3cd72e4030..f8f0ac47e7 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -31,7 +31,7 @@ * context switched per domain, and some inhibited in the S3 path. */ #define SCF_use_shadow (1 << 0) -#define SCF_ist_wrmsr (1 << 1) +#define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) @@ -46,7 +46,7 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_wrmsr) +#define SCF_IST_MASK (SCF_ist_sc_msr) /* * Some speculative protections are per-domain. These settings are merged diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 66b00d511f..0ff1b118f8 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -266,8 +266,8 @@ .L\@_skip_rsb: - test $SCF_ist_wrmsr, %al - jz .L\@_skip_wrmsr + test $SCF_ist_sc_msr, %al + jz .L\@_skip_msr_spec_ctrl xor %edx, %edx testb $3, UREGS_cs(%rsp) @@ -290,7 +290,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * to speculate around the WRMSR. As a result, we need a dispatch * serialising instruction in the else clause. */ -.L\@_skip_wrmsr: +.L\@_skip_msr_spec_ctrl: lfence UNLIKELY_END(\@_serialise) .endm @@ -301,7 +301,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %rbx=stack_end * Clobbers %rax, %rcx, %rdx */ - testb $SCF_ist_wrmsr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) + testb $SCF_ist_sc_msr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) jz .L\@_skip DO_SPEC_CTRL_EXIT_TO_XEN diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 97b0272ecc..0ef46ee175 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1116,7 +1116,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1127,7 +1127,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1140,7 +1140,7 @@ void __init init_speculation_mitigations(void) * on real hardware matches the availability of MSR_SPEC_CTRL in the * first place. * - * No need for SCF_ist_wrmsr because Xen's value is restored + * No need for SCF_ist_sc_msr because Xen's value is restored * atomically WRT NMIs in the VMExit path. * * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 14 10:22:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 14 Jul 2022 10:22:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.367288.598371 (Exim 4.92) (envelope-from ) id 1oBvzD-00039P-1D; Thu, 14 Jul 2022 10:22:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 367288.598371; Thu, 14 Jul 2022 10:22:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzC-00039G-Uh; Thu, 14 Jul 2022 10:22:22 +0000 Received: by outflank-mailman (input) for mailman id 367288; Thu, 14 Jul 2022 10:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzC-000397-63 for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzC-0001KX-5E for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBvzC-0004WU-4S for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TeBqBdjdEiR5mhzZMOa6sO9kGJZ/mWHSIrytYYGc+lk=; b=xTq7Rd93u9T7tEBVQpzaShHwX3 y8/FYXPPZDw9hqDUEsOA5pkZCY3b/cHtPu5Kg30YBh8iUxmT6ciXe5cGffdQ6QnKkxXR6AR1Jspbq XgoQW2Eacm6qZ7PESwIkOUhFpRU82Kf7MxFhF0LT0zA4cxi2Fy7i7Ess9P1vmhjkPWY0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch Message-Id: Date: Thu, 14 Jul 2022 10:22:22 +0000 commit a8e5ef079d6f5c88c472e3e620db5a8d1402a50d Author: Andrew Cooper AuthorDate: Mon Jul 4 21:32:17 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch We are about to introduce the use of IBPB at different points in Xen, making opt_ibpb ambiguous. Rename it to opt_ibpb_ctxt_switch. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/domain.c | 2 +- xen/arch/x86/include/asm/spec_ctrl.h | 2 +- xen/arch/x86/spec_ctrl.c | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 21dbf7b822..532b87e8af 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2095,7 +2095,7 @@ void context_switch(struct vcpu *prev, struct vcpu *next) ctxt_switch_levelling(next); - if ( opt_ibpb && !is_idle_domain(nextd) ) + if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) ) { static DEFINE_PER_CPU(unsigned int, last); unsigned int *last_id = &this_cpu(last); diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index f8f0ac47e7..fb43655756 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -63,7 +63,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb; +extern bool opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0ef46ee175..ede0a27c0f 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -54,7 +54,7 @@ int8_t __initdata opt_stibp = -1; bool __ro_after_init opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb = true; +bool __read_mostly opt_ibpb_ctxt_switch = true; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; static bool __initdata opt_branch_harden = true; @@ -117,7 +117,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_thunk = THUNK_JMP; opt_ibrs = 0; - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; opt_ssbd = false; opt_l1d_flush = 0; opt_branch_harden = false; @@ -238,7 +238,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + opt_ibpb_ctxt_switch = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -458,7 +458,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", - opt_ibpb ? " IBPB" : "", + opt_ibpb_ctxt_switch ? " IBPB-ctxt" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm || opt_fb_clear_mmio ? " VERW" : "", @@ -1241,7 +1241,7 @@ void __init init_speculation_mitigations(void) /* Check we have hardware IBPB support before using it... */ if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 14 10:22:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 14 Jul 2022 10:22:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.367291.598374 (Exim 4.92) (envelope-from ) id 1oBvzN-0003GV-2o; Thu, 14 Jul 2022 10:22:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 367291.598374; Thu, 14 Jul 2022 10:22:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzN-0003GN-0F; Thu, 14 Jul 2022 10:22:33 +0000 Received: by outflank-mailman (input) for mailman id 367291; Thu, 14 Jul 2022 10:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzM-0003GB-97 for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzM-0001Kl-8A for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBvzM-0004gI-7T for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+/buMkjFx5gXBRRELlE5pN98AdOk3EW0YjfvqWycgLQ=; b=sl/h5DAQCMPDxgacgkAvdPHaTe 0goaalRbsBEYcBTB26tKv20KACofDvQwGqV/EZQPb3dPk5Nlit9DnAviLVnKubqbJufv3iqVQ64lP cfkDM2Cpih0kq9dVlHwwIIaYq++KQcMctAWvxk5bqroOYDEFQ/x0TcBP8ZjUpf7GHBjA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST Message-Id: Date: Thu, 14 Jul 2022 10:22:32 +0000 commit e9b8d31981f184c6539f91ec54bd9cae29cdae36 Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST We are shortly going to add a conditional IBPB in this path. Therefore, we cannot hold spec_ctrl_flags in %eax, and rely on only clobbering it after we're done with its contents. %rbx is available for use, and the more normal register to hold preserved information in. With %rax freed up, use it instead of %rdx for the RSB tmp register, and for the adjustment to spec_ctrl_flags. This leaves no use of %rdx, except as 0 for the upper half of WRMSR. In practice, %rdx is 0 from SAVE_ALL on all paths and isn't likely to change in the foreseeable future, so update the macro entry requirements to state this dependency. This marginal optimisation can be revisited if circumstances change. No practical change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 21 ++++++++++----------- xen/arch/x86/x86_64/entry.S | 4 ++-- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 0ff1b118f8..15e24cde00 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -251,34 +251,33 @@ */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* - * Requires %rsp=regs, %r14=stack_end - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY * maybexen=1, but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %eax + movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx - test $SCF_ist_rsb, %al + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb - DO_OVERWRITE_RSB tmp=rdx /* Clobbers %rcx/%rdx */ + DO_OVERWRITE_RSB /* Clobbers %rax/%rcx */ .L\@_skip_rsb: - test $SCF_ist_sc_msr, %al + test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl - xor %edx, %edx + xor %eax, %eax testb $3, UREGS_cs(%rsp) - setnz %dl - not %edx - and %dl, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + setnz %al + not %eax + and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax - xor %edx, %edx wrmsr /* Opencoded UNLIKELY_START() with no condition. */ diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index ea6f0afbc2..5ad5c36128 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -966,7 +966,7 @@ ENTRY(double_fault) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rbx @@ -1002,7 +1002,7 @@ handle_ist_exception: GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 14 10:22:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 14 Jul 2022 10:22:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.367294.598389 (Exim 4.92) (envelope-from ) id 1oBvzY-0003bM-CW; Thu, 14 Jul 2022 10:22:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 367294.598389; Thu, 14 Jul 2022 10:22:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzY-0003bF-9G; Thu, 14 Jul 2022 10:22:44 +0000 Received: by outflank-mailman (input) for mailman id 367294; Thu, 14 Jul 2022 10:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzW-0003a0-DA for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzW-0001Ky-BT for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBvzW-0004q8-Ak for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SfRe+i/EBxfZV/NwRn3wwTix4LOifFnMSaGCkAgnNX0=; b=MqefiPHNMw1aQN+gESkd8QQAAV TRtyH4wx9Hew2pzsCUON1LTjFULuTW+xCyTPn3IPPxWqbdICFF/9xpRNV6kQDPFHbp5sgM229WMBk +HML2junvj0FHtd9DEv4uV6UDLr//HEEwrMxuhrQ+Px+CO4QtUTGTQIkQP89bGvvPfds=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Support IBPB-on-entry Message-Id: Date: Thu, 14 Jul 2022 10:22:42 +0000 commit 53a570b285694947776d5190f591a0d5b9b18de7 Author: Andrew Cooper AuthorDate: Thu Feb 24 13:44:33 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/spec-ctrl: Support IBPB-on-entry We are going to need this to mitigate Branch Type Confusion on AMD/Hygon CPUs, but as we've talked about using it in other cases too, arrange to support it generally. However, this is also very expensive in some cases, so we're going to want per-domain controls. Introduce SCF_ist_ibpb and SCF_entry_ibpb controls, adding them to the IST and DOM masks as appropriate. Also introduce X86_FEATURE_IBPB_ENTRY_{PV,HVM} to to patch the code blocks. For SVM, the STGI is serialising enough to protect against Spectre-v1 attacks, so no "else lfence" is necessary. VT-x will use use the MSR host load list, so doesn't need any code in the VMExit path. For the IST path, we can't safely check CPL==0 to skip a flush, as we might have hit an entry path before it's IBPB. As IST hitting Xen is rare, flush irrespective of CPL. A later path, SCF_ist_sc_msr, provides Spectre-v1 safety. For the PV paths, we know we're interrupting CPL>0, while for the INTR paths, we can safely check CPL==0. Only flush when interrupting guest context. An "else lfence" is needed for safety, but we want to be able to skip it on unaffected CPUs, so the block wants to be an alternative, which means the lfence has to be inline rather than UNLIKELY() (the replacement block doesn't have displacements fixed up for anything other than the first instruction). As with SPEC_CTRL_ENTRY_FROM_INTR_IST, %rdx is 0 on entry so rely on this to shrink the logic marginally. Update the comments to specify this new dependency. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 18 +++++++++++- xen/arch/x86/hvm/vmx/vmcs.c | 4 +++ xen/arch/x86/include/asm/cpufeatures.h | 2 ++ xen/arch/x86/include/asm/spec_ctrl.h | 6 ++-- xen/arch/x86/include/asm/spec_ctrl_asm.h | 49 ++++++++++++++++++++++++++++++-- xen/arch/x86/x86_64/compat/entry.S | 2 +- xen/arch/x86/x86_64/entry.S | 12 ++++---- 7 files changed, 81 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 4ae55a2ef6..0ff4008060 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -97,7 +97,19 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + + .macro svm_vmexit_cond_ibpb + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + jz .L_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr +.L_skip_ibpb: + .endm + ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM .macro svm_vmexit_spec_ctrl @@ -114,6 +126,10 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ + /* + * STGI is executed unconditionally, and is sufficiently serialising + * to safely resolve any Spectre-v1 concerns in the above logic. + */ stgi GLOBAL(svm_stgi_label) mov %rsp,%rdi diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 683c650d77..4f12fa06ac 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1335,6 +1335,10 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); + if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, + VMX_MSR_HOST); + out: vmx_vmcs_exit(v); diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 493d338a08..672c9ee22b 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -39,6 +39,8 @@ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ +XEN_CPUFEATURE(IBPB_ENTRY_PV, X86_SYNTH(28)) /* MSR_PRED_CMD used by Xen for PV */ +XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for HVM */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index fb43655756..3fc599a817 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -34,6 +34,8 @@ #define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +#define SCF_ist_ibpb (1 << 4) +#define SCF_entry_ibpb (1 << 5) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -46,13 +48,13 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_sc_msr) +#define SCF_IST_MASK (SCF_ist_sc_msr | SCF_ist_ibpb) /* * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) #ifndef __ASSEMBLY__ diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 15e24cde00..9eb4ad9ab7 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -88,6 +88,35 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ +.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +/* + * Requires %rsp=regs (also cpuinfo if !maybexen) + * Requires %r14=stack_end (if maybexen), %rdx=0 + * Clobbers %rax, %rcx, %rdx + * + * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen + * case, we can safely look at UREGS_cs to skip taking the hit when + * interrupting Xen. + */ + .if \maybexen + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + jz .L\@_skip + testb $3, UREGS_cs(%rsp) + .else + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + .endif + jz .L\@_skip + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + jmp .L\@_done + +.L\@_skip: + lfence +.L\@_done: +.endm + .macro DO_OVERWRITE_RSB tmp=rax /* * Requires nothing @@ -225,12 +254,16 @@ /* Use after an entry from PV context (syscall/sysenter/int80/int82/etc). */ #define SPEC_CTRL_ENTRY_FROM_PV \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV /* Use in interrupt/exception context. May interrupt Xen or PV context. */ #define SPEC_CTRL_ENTRY_FROM_INTR \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV @@ -254,11 +287,23 @@ * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rbx, %rcx, %rdx * - * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY - * maybexen=1, but with conditionals rather than alternatives. + * This is logical merge of: + * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_OVERWRITE_RSB + * DO_SPEC_CTRL_ENTRY maybexen=1 + * but with conditionals rather than alternatives. */ movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + test $SCF_ist_ibpb, %bl + jz .L\@_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + +.L\@_skip_ibpb: + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 5fd6dbbd45..b86d38d1c5 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -18,7 +18,7 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, 4(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ CR4_PV32_RESTORE diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 5ad5c36128..26bf2f1941 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -260,7 +260,7 @@ ENTRY(lstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -298,7 +298,7 @@ ENTRY(cstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -338,7 +338,7 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -392,7 +392,7 @@ ENTRY(int80_direct_trap) movl $0x80, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -674,7 +674,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -708,7 +708,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 14 10:22:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 14 Jul 2022 10:22:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.367296.598395 (Exim 4.92) (envelope-from ) id 1oBvzi-0003lm-Fg; Thu, 14 Jul 2022 10:22:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 367296.598395; Thu, 14 Jul 2022 10:22:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzi-0003la-Cj; Thu, 14 Jul 2022 10:22:54 +0000 Received: by outflank-mailman (input) for mailman id 367296; Thu, 14 Jul 2022 10:22:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzg-0003iK-FX for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzg-0001LE-Ee for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBvzg-0004qY-Dy for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:22:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/MJbxIt6HTkKfm04PXP3PTZiyAMClV2UjBT8C3mGco8=; b=RUe7omBLwpn/N9GXBLmtE3120w QzCyNi9ijN9QmaWgszhFW9IKSFRsIxLxj3nmyofVMDh7bhZWBPsmCQLTHZsYPMPsfgpnaI4ZZp4x8 48UeJ/d+Qpb5XlnBAhp0txfsoJd0bnUkROhad6DljdBoVR052+gcLTGtv4wEsORfDWfo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cpuid: Enumeration for BTC_NO Message-Id: Date: Thu, 14 Jul 2022 10:22:52 +0000 commit 76cb04ad64f3ab9ae785988c40655a71dde9c319 Author: Andrew Cooper AuthorDate: Mon May 16 15:48:24 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/cpuid: Enumeration for BTC_NO BTC_NO indicates that hardware is not succeptable to Branch Type Confusion. Zen3 CPUs don't suffer BTC. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/cpu/amd.c | 10 ++++++++++ xen/arch/x86/spec_ctrl.c | 5 +++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index 67ba72dd84..f4735b1c13 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -289,6 +289,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1}, {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, + {"btc-no", 0x80000008, NA, CPUID_REG_EBX, 29, 1}, {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index a9e0fb5d17..1e6b077ba4 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -160,7 +160,7 @@ static const char *const str_e8b[32] = /* [22] */ [23] = "ppin", [24] = "amd-ssbd", [25] = "virt-ssbd", [26] = "ssb-no", - [28] = "psfd", + [28] = "psfd", [29] = "btc-no", }; static const char *const str_7d0[32] = diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index f1d11a1cb7..618c7d5b2a 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -847,6 +847,16 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) warning_add(text); } break; + + case 0x19: + /* + * Zen3 (Fam19h model < 0x10) parts are not susceptible to + * Branch Type Confusion, but predate the allocation of the + * BTC_NO bit. Fill it back in if we're not virtualised. + */ + if (!cpu_has_hypervisor && !cpu_has(c, X86_FEATURE_BTC_NO)) + __set_bit(X86_FEATURE_BTC_NO, c->x86_capability); + break; } display_cacheinfo(c); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ede0a27c0f..e5ea2c5c6c 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -388,7 +388,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * Hardware read-only information, stating immunity to certain issues, or * suggestions of which mitigation to use. */ - printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", @@ -403,7 +403,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (e8b & cpufeat_mask(X86_FEATURE_IBRS_ALWAYS)) ? " IBRS_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", - (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : ""); + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : "", + (e8b & cpufeat_mask(X86_FEATURE_BTC_NO)) ? " BTC_NO" : ""); /* Hardware features which need driving to mitigate issues. */ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 1016989410..c9c4683557 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -268,6 +268,7 @@ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(BTC_NO, 8*32+29) /*A Hardware not vulnerable to Branch Type Confusion */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 14 10:23:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 14 Jul 2022 10:23:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.367299.598397 (Exim 4.92) (envelope-from ) id 1oBvzs-0003vE-H0; Thu, 14 Jul 2022 10:23:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 367299.598397; Thu, 14 Jul 2022 10:23:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzs-0003v7-EH; Thu, 14 Jul 2022 10:23:04 +0000 Received: by outflank-mailman (input) for mailman id 367299; Thu, 14 Jul 2022 10:23:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzq-0003uh-Ih for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:23:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBvzq-0001M0-Hm for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:23:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBvzq-0004rB-H2 for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:23:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GXvRgJd83mXSmazaBmRWn/EHfBYJaz/uSqYpbd5etdc=; b=4L7mfD80v7JGhIAuWts+OiaThj ksF7yQoECNipl652rpcQlCStKS/gz8MJ2jCLaWZzMFpiPtbXUSv64fkKGkAiLCAX3naHqCiWLh5JM dU1babmFb+NIcEshqQIrKVPNnyT7N264j/0ur8vzlwwddTqpi5fpLadIH3cYIPNYNnq4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Enable Zen2 chickenbit Message-Id: Date: Thu, 14 Jul 2022 10:23:02 +0000 commit 9deaf2d932f08c16c6b96a1c426e4b1142c0cdbe Author: Andrew Cooper AuthorDate: Tue Mar 15 18:30:25 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/spec-ctrl: Enable Zen2 chickenbit ... as instructed in the Branch Type Confusion whitepaper. This is part of XSA-407. Signed-off-by: Andrew Cooper --- xen/arch/x86/cpu/amd.c | 28 ++++++++++++++++++++++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 6 ++++++ xen/arch/x86/include/asm/msr-index.h | 1 + 4 files changed, 36 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 618c7d5b2a..29c59bcba4 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -731,6 +731,31 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) printk_once(XENLOG_ERR "No SSBD controls available\n"); } +/* + * On Zen2 we offer this chicken (bit) on the altar of Speculation. + * + * Refer to the AMD Branch Type Confusion whitepaper: + * https://XXX + * + * Setting this unnamed bit supposedly causes prediction information on + * non-branch instructions to be ignored. It is to be set unilaterally in + * newer microcode. + * + * This chickenbit is something unrelated on Zen1, and Zen1 vs Zen2 isn't a + * simple model number comparison, so use STIBP as a heuristic to separate the + * two uarches in Fam17h(AMD)/18h(Hygon). + */ +void amd_init_spectral_chicken(void) +{ + uint64_t val, chickenbit = 1 << 1; + + if (cpu_has_hypervisor || !boot_cpu_has(X86_FEATURE_AMD_STIBP)) + return; + + if (rdmsr_safe(MSR_AMD64_DE_CFG2, val) == 0 && !(val & chickenbit)) + wrmsr_safe(MSR_AMD64_DE_CFG2, val | chickenbit); +} + void __init detect_zen2_null_seg_behaviour(void) { uint64_t base; @@ -796,6 +821,9 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) amd_init_ssbd(c); + if (c->x86 == 0x17) + amd_init_spectral_chicken(); + /* Probe for NSCB on Zen2 CPUs when not virtualised */ if (!cpu_has_hypervisor && !cpu_has_nscb && c == &boot_cpu_data && c->x86 == 0x17) diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index a228087f91..85a67771f7 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -22,4 +22,5 @@ void cf_check early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); +void amd_init_spectral_chicken(void); void detect_zen2_null_seg_behaviour(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 3c8516e014..361eb6fd41 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -40,6 +40,12 @@ static void cf_check init_hygon(struct cpuinfo_x86 *c) c->x86 == 0x18) detect_zen2_null_seg_behaviour(); + /* + * TODO: Check heuristic safety with Hygon first + if (c->x86 == 0x18) + amd_init_spectral_chicken(); + */ + /* * Hygon CPUs before Zen2 don't clear segment bases/limits when * loading a NULL selector. diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index bcb424a320..8cab8736d8 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -377,6 +377,7 @@ #define MSR_AMD64_DE_CFG 0xc0011029 #define AMD64_DE_CFG_LFENCE_SERIALISE (_AC(1, ULL) << 1) #define MSR_AMD64_EX_CFG 0xc001102c +#define MSR_AMD64_DE_CFG2 0xc00110e3 #define MSR_AMD64_DR0_ADDRESS_MASK 0xc0011027 #define MSR_AMD64_DR1_ADDRESS_MASK 0xc0011019 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 14 10:23:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 14 Jul 2022 10:23:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.367302.598402 (Exim 4.92) (envelope-from ) id 1oBw02-00040n-Ix; Thu, 14 Jul 2022 10:23:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 367302.598402; Thu, 14 Jul 2022 10:23:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBw02-00040g-G0; Thu, 14 Jul 2022 10:23:14 +0000 Received: by outflank-mailman (input) for mailman id 367302; Thu, 14 Jul 2022 10:23:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBw00-000401-MP for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:23:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBw00-0001MA-LW for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:23:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBw00-0004rf-KP for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 10:23:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TsDtFBb04lHddGFHEfvYKFi1LRwzziWzNGzJ0ZVEswU=; b=03dNuXVJWNiR0atYjXRxIh6WhY yrOkNHPD9BFIwGwYO4awh7xhKfe3IuBhzE4svBFWmp6wcWgLc8Q3GSdV+4nV16LM+ziOk4LdvKS+t t5qObyfQJFFb70Bf5NVeNuYWfh5/rJ8Fy6sulUYWCv/nqr2MYG/5jkWdHbwYi146zWY4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Mitigate Branch Type Confusion when possible Message-Id: Date: Thu, 14 Jul 2022 10:23:12 +0000 commit d8cb7e0f069e0f106d24941355b59b45a731eabe Author: Andrew Cooper AuthorDate: Mon Jun 27 19:29:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:23:00 2022 +0100 x86/spec-ctrl: Mitigate Branch Type Confusion when possible Branch Type Confusion affects AMD/Hygon CPUs on Zen2 and earlier. To mitigate, we require SMT safety (STIBP on Zen2, no-SMT on Zen1), and to issue an IBPB on each entry to Xen, to flush the BTB. Due to performance concerns, dom0 (which is trusted in most configurations) is excluded from protections by default. Therefore: * Use STIBP by default on Zen2 too, which now means we want it on by default on all hardware supporting STIBP. * Break the current IBPB logic out into a new function, extending it with IBPB-at-entry logic. * Change the existing IBPB-at-ctxt-switch boolean to be tristate, and disable it by default when IBPB-at-entry is providing sufficient safety. If all PV guests on the system are trusted, then it is recommended to boot with `spec-ctrl=ibpb-entry=no-pv`, as this will provide an additional marginal perf improvement. This is part of XSA-407 / CVE-2022-23825. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- docs/misc/xen-command-line.pandoc | 14 +++-- xen/arch/x86/include/asm/spec_ctrl.h | 2 +- xen/arch/x86/spec_ctrl.c | 113 +++++++++++++++++++++++++++++++---- 3 files changed, 112 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index de33ccc005..971f47a77e 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2258,7 +2258,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,md-clear}=|{pv,hvm}=, +> {msr-sc,rsb,md-clear,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2283,9 +2283,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine -grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and/or Xen's ability to virtualise support for guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `md-clear=` and `ibpb-entry=` options +offer fine grained control over the primitives by Xen. These impact Xen's +ability to protect itself, and/or Xen's ability to virtualise support for +guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2304,6 +2305,11 @@ protect itself, and/or Xen's ability to virtualise support for guests to use. compatibility with development versions of this fix, `mds=` is also accepted on Xen 4.12 and earlier as an alias. Consult vendor documentation in preference to here.* +* `ibpb-entry=` offers control over whether IBPB (Indirect Branch Prediction + Barrier) is used on entry to Xen. This is used by default on hardware + vulnerable to Branch Type Confusion, but for performance reasons, dom0 is + unprotected by default. If it necessary to protect dom0 too, boot with + `spec-ctrl=ibpb-entry`. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 3fc599a817..9403b81dc7 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -65,7 +65,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb_ctxt_switch; +extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index e5ea2c5c6c..9dd4d846f5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -39,6 +39,10 @@ static bool __initdata opt_rsb_hvm = true; static int8_t __ro_after_init opt_md_clear_pv = -1; static int8_t __ro_after_init opt_md_clear_hvm = -1; +static int8_t __ro_after_init opt_ibpb_entry_pv = -1; +static int8_t __ro_after_init opt_ibpb_entry_hvm = -1; +static bool __ro_after_init opt_ibpb_entry_dom0; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -54,7 +58,7 @@ int8_t __initdata opt_stibp = -1; bool __ro_after_init opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb_ctxt_switch = true; +int8_t __ro_after_init opt_ibpb_ctxt_switch = -1; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; static bool __initdata opt_branch_harden = true; @@ -114,6 +118,9 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_hvm = false; opt_md_clear_pv = 0; opt_md_clear_hvm = 0; + opt_ibpb_entry_pv = 0; + opt_ibpb_entry_hvm = 0; + opt_ibpb_entry_dom0 = false; opt_thunk = THUNK_JMP; opt_ibrs = 0; @@ -140,12 +147,14 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_msr_sc_pv = val; opt_rsb_pv = val; opt_md_clear_pv = val; + opt_ibpb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { opt_msr_sc_hvm = val; opt_rsb_hvm = val; opt_md_clear_hvm = val; + opt_ibpb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -210,6 +219,28 @@ static int __init cf_check parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("ibpb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_ibpb_entry_pv = opt_ibpb_entry_hvm = + opt_ibpb_entry_dom0 = val; + break; + + case -2: + s += strlen("ibpb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_ibpb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_ibpb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -477,27 +508,31 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -760,6 +795,55 @@ static bool __init should_use_eager_fpu(void) } } +static void __init ibpb_calculations(void) +{ + /* Check we have hardware IBPB support before using it... */ + if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) + { + opt_ibpb_entry_hvm = opt_ibpb_entry_pv = opt_ibpb_ctxt_switch = 0; + opt_ibpb_entry_dom0 = false; + return; + } + + /* + * IBPB-on-entry mitigations for Branch Type Confusion. + * + * IBPB && !BTC_NO selects all AMD/Hygon hardware, not known to be safe, + * that we can provide some form of mitigation on. + */ + if ( opt_ibpb_entry_pv == -1 ) + opt_ibpb_entry_pv = (IS_ENABLED(CONFIG_PV) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + if ( opt_ibpb_entry_hvm == -1 ) + opt_ibpb_entry_hvm = (IS_ENABLED(CONFIG_HVM) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + + if ( opt_ibpb_entry_pv ) + { + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_PV); + + /* + * We only need to flush in IST context if we're protecting against PV + * guests. HVM IBPB-on-entry protections are both atomic with + * NMI/#MC, so can't interrupt Xen ahead of having already flushed the + * BTB. + */ + default_spec_ctrl_flags |= SCF_ist_ibpb; + } + if ( opt_ibpb_entry_hvm ) + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); + + /* + * If we're using IBPB-on-entry to protect against PV and HVM guests + * (ignoring dom0 if trusted), then there's no need to also issue IBPB on + * context switch too. + */ + if ( opt_ibpb_ctxt_switch == -1 ) + opt_ibpb_ctxt_switch = !(opt_ibpb_entry_hvm && opt_ibpb_entry_pv); +} + /* Calculate whether this CPU is vulnerable to L1TF. */ static __init void l1tf_calculations(uint64_t caps) { @@ -1015,8 +1099,12 @@ void spec_ctrl_init_domain(struct domain *d) bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || (opt_fb_clear_mmio && is_iommu_enabled(d))); + bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && + (d->domain_id != 0 || opt_ibpb_entry_dom0)); + d->arch.spec_ctrl_flags = (verw ? SCF_verw : 0) | + (ibpb ? SCF_entry_ibpb : 0) | 0; } @@ -1163,12 +1251,15 @@ void __init init_speculation_mitigations(void) } /* - * Use STIBP by default if the hardware hint is set. Otherwise, leave it - * off as it a severe performance pentalty on pre-eIBRS Intel hardware - * where it was retrofitted in microcode. + * Use STIBP by default on all AMD systems. Zen3 and later enumerate + * STIBP_ALWAYS, but STIBP is needed on Zen2 as part of the mitigations + * for Branch Type Confusion. + * + * Leave STIBP off by default on Intel. Pre-eIBRS systems suffer a + * substantial perf hit when it was implemented in microcode. */ if ( opt_stibp == -1 ) - opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + opt_stibp = !!boot_cpu_has(X86_FEATURE_AMD_STIBP); if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) @@ -1240,9 +1331,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_hvm ) setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM); - /* Check we have hardware IBPB support before using it... */ - if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb_ctxt_switch = false; + ibpb_calculations(); /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 14 11:11:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 14 Jul 2022 11:11:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.367605.598667 (Exim 4.92) (envelope-from ) id 1oBwkL-0007ir-FN; Thu, 14 Jul 2022 11:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 367605.598667; Thu, 14 Jul 2022 11:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBwkL-0007ik-CV; Thu, 14 Jul 2022 11:11:05 +0000 Received: by outflank-mailman (input) for mailman id 367605; Thu, 14 Jul 2022 11:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBwkK-0007iZ-3V for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 11:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBwkK-0002G5-1C for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 11:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBwkK-0007dH-0R for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 11:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Gzaq1A8p9M+Xf3YOpr5U0WazRedJqjhxN4pmA5roRmE=; b=XiDOAfwWgfVetNkFo/FXNh6Drx 0Q+J045xKolW9hZqqyxBZPivQPWNxCwZDFW7q0NZex4HCAyRGLYoC5ZC5sHf4ZmLJkxfvAbE6IfZ2 3HOPKDJabuJPeaYnNN62DbtROrBUJDLih81HT25gIYY/CJLtWQSKxHKW0XSMnBldgz1c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: avoid overflow when setting vtimer in context switch Message-Id: Date: Thu, 14 Jul 2022 11:11:04 +0000 commit 6655eb81092a94e065fdcd0b47a1b1d69dc4e54c Author: Jiamei Xie AuthorDate: Wed Jul 6 16:25:58 2022 +0800 Commit: Julien Grall CommitDate: Thu Jul 14 12:03:59 2022 +0100 xen/arm: avoid overflow when setting vtimer in context switch virt_vtimer_save() will calculate the next deadline when the vCPU is scheduled out. At the moment, Xen will use the following equation: virt_timer.cval + virt_time_base.offset - boot_count The three values are 64-bit and one (cval) is controlled by domain. In theory, it would be possible that the domain has started a long time after the system boot. So virt_time_base.offset - boot_count may be a large numbers. This means a domain may inadvertently set a cval so the result would overflow. Consequently, the deadline would be set very far in the future. This could result to loss of timer interrupts or the vCPU getting block "forever". One way to solve the problem, would be to separately 1) compute when the domain was created in ns 2) convert cval to ns 3) Add 1 and 2 together The first part of the equation never change (the value is set/known at domain creation). So take the opportunity to store it in domain structure. Signed-off-by: Jiamei Xie Reviewed-by: Julien Grall Reviewed-by: Bertrand Marquis --- xen/arch/arm/include/asm/domain.h | 1 + xen/arch/arm/vtimer.c | 9 ++++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h index ed63c2b6f9..cd9ce19b4b 100644 --- a/xen/arch/arm/include/asm/domain.h +++ b/xen/arch/arm/include/asm/domain.h @@ -71,6 +71,7 @@ struct arch_domain struct { uint64_t offset; + s_time_t nanoseconds; } virt_timer_base; struct vgic_dist vgic; diff --git a/xen/arch/arm/vtimer.c b/xen/arch/arm/vtimer.c index 6b78fea77d..aeaea78e4c 100644 --- a/xen/arch/arm/vtimer.c +++ b/xen/arch/arm/vtimer.c @@ -63,7 +63,9 @@ static void virt_timer_expired(void *data) int domain_vtimer_init(struct domain *d, struct xen_arch_domainconfig *config) { d->arch.virt_timer_base.offset = get_cycles(); - d->time_offset.seconds = ticks_to_ns(d->arch.virt_timer_base.offset - boot_count); + d->arch.virt_timer_base.nanoseconds = + ticks_to_ns(d->arch.virt_timer_base.offset - boot_count); + d->time_offset.seconds = d->arch.virt_timer_base.nanoseconds; do_div(d->time_offset.seconds, 1000000000); config->clock_frequency = timer_dt_clock_frequency; @@ -144,8 +146,9 @@ void virt_timer_save(struct vcpu *v) if ( (v->arch.virt_timer.ctl & CNTx_CTL_ENABLE) && !(v->arch.virt_timer.ctl & CNTx_CTL_MASK)) { - set_timer(&v->arch.virt_timer.timer, ticks_to_ns(v->arch.virt_timer.cval + - v->domain->arch.virt_timer_base.offset - boot_count)); + set_timer(&v->arch.virt_timer.timer, + v->domain->arch.virt_timer_base.nanoseconds + + ticks_to_ns(v->arch.virt_timer.cval)); } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Jul 14 11:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 14 Jul 2022 11:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.367606.598672 (Exim 4.92) (envelope-from ) id 1oBwkV-0007mH-JM; Thu, 14 Jul 2022 11:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 367606.598672; Thu, 14 Jul 2022 11:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBwkV-0007m7-Gb; Thu, 14 Jul 2022 11:11:15 +0000 Received: by outflank-mailman (input) for mailman id 367606; Thu, 14 Jul 2022 11:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBwkU-0007lt-51 for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 11:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oBwkU-0002GG-4E for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 11:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oBwkU-0007ds-3L for xen-changelog@lists.xenproject.org; Thu, 14 Jul 2022 11:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Y1+MUTOjo3q35oGvMnnR8/y9zdbYzQ5YuWBUYNtwCRU=; b=nGDyepPu5a2WdYM2PBfrYkeAFU iOP2jhU36ulzv0hDioOHaN/B+4K8iODKSYQiMQ1xZz0rSNRe9KpaZ9D/iJT2b/BLFKxVfu1wFZqkQ ypBqh0ZgU/ljzEpdJy6n8p62vDI+1WNWLBwrSV3vm8n4rSL0X6zXIcPDUV2hdm1/r1VE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: traps: Fix MISRA C 2012 Rule 8.4 violation Message-Id: Date: Thu, 14 Jul 2022 11:11:14 +0000 commit 355caa9ef29fd4bcdf48bc263e6ca3b24392490b Author: Xenia Ragiadakou AuthorDate: Wed Jul 6 15:11:56 2022 +0300 Commit: Julien Grall CommitDate: Thu Jul 14 12:07:36 2022 +0100 xen/arm: traps: Fix MISRA C 2012 Rule 8.4 violation Add the function prototype of show_stack() in header file so that it is visible before its definition in traps.c. Although show_stack() is referenced only in traps.c, it is declared with external linkage because, during development, it is often called also by other files for debugging purposes. Declaring it static would increase development effort. Add appropriate comment Signed-off-by: Xenia Ragiadakou Acked-by: Stefano Stabellini --- xen/arch/arm/include/asm/processor.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/arch/arm/include/asm/processor.h b/xen/arch/arm/include/asm/processor.h index 4188ec6bfb..55f56b33bc 100644 --- a/xen/arch/arm/include/asm/processor.h +++ b/xen/arch/arm/include/asm/processor.h @@ -558,7 +558,10 @@ extern register_t __cpu_logical_map[]; void panic_PAR(uint64_t par); void show_execution_state(const struct cpu_user_regs *regs); +/* Debugging functions are declared with external linkage to aid development. */ void show_registers(const struct cpu_user_regs *regs); +void show_stack(const struct cpu_user_regs *regs); + //#define dump_execution_state() run_in_exception_handler(show_execution_state) #define dump_execution_state() WARN() -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 15 12:00:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 15 Jul 2022 12:00:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.368178.599362 (Exim 4.92) (envelope-from ) id 1oCJzJ-0003ts-HN; Fri, 15 Jul 2022 12:00:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 368178.599362; Fri, 15 Jul 2022 12:00:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCJzJ-0003tP-DC; Fri, 15 Jul 2022 12:00:05 +0000 Received: by outflank-mailman (input) for mailman id 368178; Fri, 15 Jul 2022 12:00:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCJzI-0003jQ-Dk for xen-changelog@lists.xenproject.org; Fri, 15 Jul 2022 12:00:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCJzI-0003kp-BG for xen-changelog@lists.xenproject.org; Fri, 15 Jul 2022 12:00:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oCJzI-0003Ap-A0 for xen-changelog@lists.xenproject.org; Fri, 15 Jul 2022 12:00:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/PECBMpVLumh4ft6J8Jbn1axA1CCoceWAWcRkPpQeW8=; b=e3sheyb8rmY2XEQewg/MDDL4d+ s8stdKGwHR03wULRcuk1FbT1lpr+PHcKpsMOFvYsrHAqogGQDM5HdiH1zFjLo/+8M/WeAfMLeVMq9 IZyhGuwTMt0LEe4MFwwYUS/XrgbWkKEisgRWZgvmWvN3J2b8u5018FlmTgYhoZ0A2DDw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: Introduce $AWK in check-endbr.sh Message-Id: Date: Fri, 15 Jul 2022 12:00:04 +0000 commit f717590f571fa9b87010f63d078871e389f2b9f9 Author: Anthony PERARD AuthorDate: Thu Jul 14 15:39:07 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Jul 15 12:55:16 2022 +0100 xen: Introduce $AWK in check-endbr.sh Signed-off-by: Anthony PERARD Acked-by: Andrew Cooper --- xen/tools/check-endbr.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/tools/check-endbr.sh b/xen/tools/check-endbr.sh index 552f233912..f633846b0f 100755 --- a/xen/tools/check-endbr.sh +++ b/xen/tools/check-endbr.sh @@ -10,6 +10,7 @@ MSG_PFX="${0##*/} ${1##*/}" OBJCOPY="${OBJCOPY:-objcopy}" OBJDUMP="${OBJDUMP:-objdump}" ADDR2LINE="${ADDR2LINE:-addr2line}" +AWK="${AWK:-awk}" D=$(mktemp -d) trap "rm -rf $D" EXIT @@ -64,7 +65,7 @@ ${OBJDUMP} -j .text $1 -d -w | grep ' endbr64 *$' | cut -f 1 -d ':' > $VALID & # numbers, which don't lose precision. # eval $(${OBJDUMP} -j .text $1 -h | - awk '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}') + $AWK '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}') ${OBJCOPY} -j .text $1 -O binary $TEXT_BIN @@ -78,7 +79,7 @@ then else grep -aob -e "$(printf '\363\17\36\372')" -e "$(printf '\363\17\36\373')" \ -e "$(printf '\146\17\37\1')" $TEXT_BIN -fi | awk -F':' '{printf "%s%x\n", "'$vma_hi'", int(0x'$vma_lo') + $1}' > $ALL +fi | $AWK -F':' '{printf "%s%x\n", "'$vma_hi'", int(0x'$vma_lo') + $1}' > $ALL # Wait for $VALID to become complete wait -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 15 12:00:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 15 Jul 2022 12:00:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.368179.599364 (Exim 4.92) (envelope-from ) id 1oCJzT-0004AE-HT; Fri, 15 Jul 2022 12:00:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 368179.599364; Fri, 15 Jul 2022 12:00:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCJzT-0004A6-Em; Fri, 15 Jul 2022 12:00:15 +0000 Received: by outflank-mailman (input) for mailman id 368179; Fri, 15 Jul 2022 12:00:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCJzS-00049n-FJ for xen-changelog@lists.xenproject.org; Fri, 15 Jul 2022 12:00:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCJzS-0003lD-EN for xen-changelog@lists.xenproject.org; Fri, 15 Jul 2022 12:00:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oCJzS-0003CD-Dh for xen-changelog@lists.xenproject.org; Fri, 15 Jul 2022 12:00:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IV8zyRHW2JKDpMcAmXukR2g5W1T0Mv83ePrSW29XAFM=; b=AQZuQ9b+BVxFruamjb+H9dJ8A4 XSMZlfXmIUWn2Ua8h5Wv9JnBgit2ZK8nhcZiCfJOa9ZDRE/xrr8uu2jYnne3uxMRp8UISU81ZaJ0Z 9+W5xnhjSRWppntLN/fJ4n8o7bc28fyFvxdhFToPOCIxnVTEKHi2dAVmXWnR2d2Emcx8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] README: State POSIX compatibility as a requirement for AWK Message-Id: Date: Fri, 15 Jul 2022 12:00:14 +0000 commit ab2977b027acbbd33a7eecda854d1911a7702f8b Author: Andrew Cooper AuthorDate: Thu Jul 14 19:45:36 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Jul 15 12:55:16 2022 +0100 README: State POSIX compatibility as a requirement for AWK In particular, we support FreeBSD and NetBSD build environments, and some Linux build environments use MAWK over GAWK anyway. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- README | 1 + 1 file changed, 1 insertion(+) diff --git a/README b/README index 5e55047ffd..89a1d0b43c 100644 --- a/README +++ b/README @@ -48,6 +48,7 @@ provided by your OS distributor: - For ARM 64-bit: - GCC 5.1 or later - GNU Binutils 2.24 or later + * POSIX compatible awk * Development install of zlib (e.g., zlib-dev) * Development install of Python 2.6 or later (e.g., python-dev) * Development install of curses (e.g., libncurses-dev) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 15 14:11:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 15 Jul 2022 14:11:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.368251.599445 (Exim 4.92) (envelope-from ) id 1oCM22-0007c3-Nu; Fri, 15 Jul 2022 14:11:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 368251.599445; Fri, 15 Jul 2022 14:11:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCM22-0007bv-L5; Fri, 15 Jul 2022 14:11:02 +0000 Received: by outflank-mailman (input) for mailman id 368251; Fri, 15 Jul 2022 14:11:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCM21-0007bp-Hk for xen-changelog@lists.xenproject.org; Fri, 15 Jul 2022 14:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCM21-000669-Fz for xen-changelog@lists.xenproject.org; Fri, 15 Jul 2022 14:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oCM21-0001fQ-F3 for xen-changelog@lists.xenproject.org; Fri, 15 Jul 2022 14:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=idxgQMsuAp8QeB9yjYDcOm8s0Lul0enUxJ+EexgrfaQ=; b=TgcV/RAb0Cpm1UuHTT9K0d/id6 Q5gSGzjcBEpw9VvH5Tdfq09EcxrIMsdwOfEWk8/MmfloLPrN19GMgeI4ajfHL1gPYkY2NPMDfWgsb 9q8VBA4esdXZy6OZFTrFfVUsGH7AIoBrTx83UAsRCDNDKhY3S40LfMUQFUvpuEG1bv0s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: avoid overflow when setting vtimer in context switch Message-Id: Date: Fri, 15 Jul 2022 14:11:01 +0000 commit 6655eb81092a94e065fdcd0b47a1b1d69dc4e54c Author: Jiamei Xie AuthorDate: Wed Jul 6 16:25:58 2022 +0800 Commit: Julien Grall CommitDate: Thu Jul 14 12:03:59 2022 +0100 xen/arm: avoid overflow when setting vtimer in context switch virt_vtimer_save() will calculate the next deadline when the vCPU is scheduled out. At the moment, Xen will use the following equation: virt_timer.cval + virt_time_base.offset - boot_count The three values are 64-bit and one (cval) is controlled by domain. In theory, it would be possible that the domain has started a long time after the system boot. So virt_time_base.offset - boot_count may be a large numbers. This means a domain may inadvertently set a cval so the result would overflow. Consequently, the deadline would be set very far in the future. This could result to loss of timer interrupts or the vCPU getting block "forever". One way to solve the problem, would be to separately 1) compute when the domain was created in ns 2) convert cval to ns 3) Add 1 and 2 together The first part of the equation never change (the value is set/known at domain creation). So take the opportunity to store it in domain structure. Signed-off-by: Jiamei Xie Reviewed-by: Julien Grall Reviewed-by: Bertrand Marquis --- xen/arch/arm/include/asm/domain.h | 1 + xen/arch/arm/vtimer.c | 9 ++++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h index ed63c2b6f9..cd9ce19b4b 100644 --- a/xen/arch/arm/include/asm/domain.h +++ b/xen/arch/arm/include/asm/domain.h @@ -71,6 +71,7 @@ struct arch_domain struct { uint64_t offset; + s_time_t nanoseconds; } virt_timer_base; struct vgic_dist vgic; diff --git a/xen/arch/arm/vtimer.c b/xen/arch/arm/vtimer.c index 6b78fea77d..aeaea78e4c 100644 --- a/xen/arch/arm/vtimer.c +++ b/xen/arch/arm/vtimer.c @@ -63,7 +63,9 @@ static void virt_timer_expired(void *data) int domain_vtimer_init(struct domain *d, struct xen_arch_domainconfig *config) { d->arch.virt_timer_base.offset = get_cycles(); - d->time_offset.seconds = ticks_to_ns(d->arch.virt_timer_base.offset - boot_count); + d->arch.virt_timer_base.nanoseconds = + ticks_to_ns(d->arch.virt_timer_base.offset - boot_count); + d->time_offset.seconds = d->arch.virt_timer_base.nanoseconds; do_div(d->time_offset.seconds, 1000000000); config->clock_frequency = timer_dt_clock_frequency; @@ -144,8 +146,9 @@ void virt_timer_save(struct vcpu *v) if ( (v->arch.virt_timer.ctl & CNTx_CTL_ENABLE) && !(v->arch.virt_timer.ctl & CNTx_CTL_MASK)) { - set_timer(&v->arch.virt_timer.timer, ticks_to_ns(v->arch.virt_timer.cval + - v->domain->arch.virt_timer_base.offset - boot_count)); + set_timer(&v->arch.virt_timer.timer, + v->domain->arch.virt_timer_base.nanoseconds + + ticks_to_ns(v->arch.virt_timer.cval)); } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Jul 15 14:11:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 15 Jul 2022 14:11:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.368252.599449 (Exim 4.92) (envelope-from ) id 1oCM2C-0007dl-PC; Fri, 15 Jul 2022 14:11:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 368252.599449; Fri, 15 Jul 2022 14:11:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCM2C-0007dd-Me; Fri, 15 Jul 2022 14:11:12 +0000 Received: by outflank-mailman (input) for mailman id 368252; Fri, 15 Jul 2022 14:11:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCM2B-0007dV-Kp for xen-changelog@lists.xenproject.org; Fri, 15 Jul 2022 14:11:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCM2B-00066G-Jw for xen-changelog@lists.xenproject.org; Fri, 15 Jul 2022 14:11:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oCM2B-0001fx-IE for xen-changelog@lists.xenproject.org; Fri, 15 Jul 2022 14:11:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3D+3upgB2wz0WPJROgFZ5mC2AGgVdyYwuFRD+3n3pe0=; b=ZiXNfEtRjyf56PdpSw8X3ZKR3L 2YqQ2ptnufDaCTr0F6H1pxkaTYPtAHtgi8k3QG9us6o6Zm6pMtdqVoWfXDNaViWfC4qALwrDXONW9 GLML7n2xTfYoCrcGsfMBXyCOkhOpA3NHexsUtEoZ7NpHutiFfteqblr0msLOIkHZDfSE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: traps: Fix MISRA C 2012 Rule 8.4 violation Message-Id: Date: Fri, 15 Jul 2022 14:11:11 +0000 commit 355caa9ef29fd4bcdf48bc263e6ca3b24392490b Author: Xenia Ragiadakou AuthorDate: Wed Jul 6 15:11:56 2022 +0300 Commit: Julien Grall CommitDate: Thu Jul 14 12:07:36 2022 +0100 xen/arm: traps: Fix MISRA C 2012 Rule 8.4 violation Add the function prototype of show_stack() in header file so that it is visible before its definition in traps.c. Although show_stack() is referenced only in traps.c, it is declared with external linkage because, during development, it is often called also by other files for debugging purposes. Declaring it static would increase development effort. Add appropriate comment Signed-off-by: Xenia Ragiadakou Acked-by: Stefano Stabellini --- xen/arch/arm/include/asm/processor.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/arch/arm/include/asm/processor.h b/xen/arch/arm/include/asm/processor.h index 4188ec6bfb..55f56b33bc 100644 --- a/xen/arch/arm/include/asm/processor.h +++ b/xen/arch/arm/include/asm/processor.h @@ -558,7 +558,10 @@ extern register_t __cpu_logical_map[]; void panic_PAR(uint64_t par); void show_execution_state(const struct cpu_user_regs *regs); +/* Debugging functions are declared with external linkage to aid development. */ void show_registers(const struct cpu_user_regs *regs); +void show_stack(const struct cpu_user_regs *regs); + //#define dump_execution_state() run_in_exception_handler(show_execution_state) #define dump_execution_state() WARN() -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Jul 16 00:55:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 16 Jul 2022 00:55:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.368609.599981 (Exim 4.92) (envelope-from ) id 1oCW5G-0007IW-JJ; Sat, 16 Jul 2022 00:55:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 368609.599981; Sat, 16 Jul 2022 00:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5G-0007IN-GI; Sat, 16 Jul 2022 00:55:02 +0000 Received: by outflank-mailman (input) for mailman id 368609; Sat, 16 Jul 2022 00:55:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5F-0007IF-N9 for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5F-0001ey-ME for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oCW5F-0006PV-Km for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rkcTFlD0LDM1YSOnNVCeejPsvxp8TQUtbX2REsxKbbA=; b=nBpGH3rYPda9m4rSt/RM07p3o2 OBM5HOOgEHjDrrGiw78LlNnCbjqACCY66dj9RoBYqCv0DnYjaSUTqCrjbDmAD1NEdD2vciMW6CLo8 QCuFtMkGnMr39bFTIArPwVCzo7rIngVpYElhPXKLYo6TmB7pDQMVf3k3ZopBDZdERpg0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Rework spec_ctrl_flags context switching Message-Id: Date: Sat, 16 Jul 2022 00:55:01 +0000 commit 3a280cbae7022b83af91c27a8e2211ba3b1234f5 Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/spec-ctrl: Rework spec_ctrl_flags context switching We are shortly going to need to context switch new bits in both the vcpu and S3 paths. Introduce SCF_IST_MASK and SCF_DOM_MASK, and rework d->arch.verw into d->arch.spec_ctrl_flags to accommodate. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5796912f7279d9348a3166655588d30eae9f72cc) --- xen/arch/x86/acpi/power.c | 8 ++++---- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/spec_ctrl.c | 9 ++++++--- xen/include/asm-x86/domain.h | 3 +-- xen/include/asm-x86/spec_ctrl.h | 30 +++++++++++++++++++++++++++++- xen/include/asm-x86/spec_ctrl_asm.h | 3 --- 6 files changed, 44 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 5eaa77f66a..dd397f7130 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -248,8 +248,8 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; + /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ + ci->spec_ctrl_flags &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -292,8 +292,8 @@ static int enter_state(u32 state) if ( !recheck_cpu_features(0) ) panic("Missing previously available feature(s)\n"); - /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); + /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ + ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 1fe6644a71..82a0b73cf6 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2092,10 +2092,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the VERW disposition. */ - info->spec_ctrl_flags &= ~SCF_verw; - if ( nextd->arch.verw ) - info->spec_ctrl_flags |= SCF_verw; + /* Update the top-of-stack block with the new spec_ctrl settings. */ + info->spec_ctrl_flags = + (info->spec_ctrl_flags & ~SCF_DOM_MASK) | + (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 9507e5da60..7e646680f1 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1010,9 +1010,12 @@ void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); - d->arch.verw = - (pv ? opt_md_clear_pv : opt_md_clear_hvm) || - (opt_fb_clear_mmio && is_iommu_enabled(d)); + bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || + (opt_fb_clear_mmio && is_iommu_enabled(d))); + + d->arch.spec_ctrl_flags = + (verw ? SCF_verw : 0) | + 0; } void __init init_speculation_mitigations(void) diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index 2398a1d99d..e4c099262c 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -319,8 +319,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - /* Use VERW on return-to-guest for its flushing side effect. */ - bool verw; + uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 7e83e0179f..3cd72e4030 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -20,12 +20,40 @@ #ifndef __X86_SPEC_CTRL_H__ #define __X86_SPEC_CTRL_H__ -/* Encoding of cpuinfo.spec_ctrl_flags */ +/* + * Encoding of: + * cpuinfo.spec_ctrl_flags + * default_spec_ctrl_flags + * domain.spec_ctrl_flags + * + * Live settings are in the top-of-stack block, because they need to be + * accessable when XPTI is active. Some settings are fixed from boot, some + * context switched per domain, and some inhibited in the S3 path. + */ #define SCF_use_shadow (1 << 0) #define SCF_ist_wrmsr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +/* + * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some + * functionality requires updated microcode to work. + * + * On boot, this is easy; we load microcode before figuring out which + * speculative protections to apply. However, on the S3 resume path, we must + * be able to disable the configured mitigations until microcode is reloaded. + * + * These are the controls to inhibit on the S3 resume path until microcode has + * been reloaded. + */ +#define SCF_IST_MASK (SCF_ist_wrmsr) + +/* + * Some speculative protections are per-domain. These settings are merged + * into the top-of-stack block in the context switch path. + */ +#define SCF_DOM_MASK (SCF_verw) + #ifndef __ASSEMBLY__ #include diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 5a590bac44..66b00d511f 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -248,9 +248,6 @@ /* * Use in IST interrupt/exception context. May interrupt Xen or PV context. - * Fine grain control of SCF_ist_wrmsr is needed for safety in the S3 resume - * path to avoid using MSR_SPEC_CTRL before the microcode introducing it has - * been reloaded. */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Jul 16 00:55:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 16 Jul 2022 00:55:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.368610.599985 (Exim 4.92) (envelope-from ) id 1oCW5Q-0007Kx-Kh; Sat, 16 Jul 2022 00:55:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 368610.599985; Sat, 16 Jul 2022 00:55:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5Q-0007Kl-Hn; Sat, 16 Jul 2022 00:55:12 +0000 Received: by outflank-mailman (input) for mailman id 368610; Sat, 16 Jul 2022 00:55:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5P-0007Kd-R6 for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5P-0001fG-QG for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oCW5P-0006Q1-Ok for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=N7vKNK9YKWo7+hQWmc5ly8MPwHwZAwAnIQc8jA2YtFw=; b=KHpP4R9L6ajSqYH4MegSr44/xP WDx4uYyLgzg5w88WJwYP2scuJbrhkISMUmHT8AioIHbQZ6FtODhFlc+Ka0dOw8MHRooUEpcYaJwqX ytk6ASJWAHqA+1TswJJnkAuy4YKgli7qSf2VpdhNs6BY6QsiVZCGwC0JmLmI6CA+OkPM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr Message-Id: Date: Sat, 16 Jul 2022 00:55:11 +0000 commit 31aa2a20bfefc3a8a200da54a56471bf99f9630e Author: Andrew Cooper AuthorDate: Tue Jun 28 14:36:56 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr We are about to introduce SCF_ist_ibpb, at which point SCF_ist_wrmsr becomes ambiguous. No functional change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76d6a36f645dfdbad8830559d4d52caf36efc75e) --- xen/arch/x86/spec_ctrl.c | 6 +++--- xen/include/asm-x86/spec_ctrl.h | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 7e646680f1..89f95c083e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1115,7 +1115,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1126,7 +1126,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_wrmsr; + default_spec_ctrl_flags |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1139,7 +1139,7 @@ void __init init_speculation_mitigations(void) * on real hardware matches the availability of MSR_SPEC_CTRL in the * first place. * - * No need for SCF_ist_wrmsr because Xen's value is restored + * No need for SCF_ist_sc_msr because Xen's value is restored * atomically WRT NMIs in the VMExit path. * * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 3cd72e4030..f8f0ac47e7 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -31,7 +31,7 @@ * context switched per domain, and some inhibited in the S3 path. */ #define SCF_use_shadow (1 << 0) -#define SCF_ist_wrmsr (1 << 1) +#define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) @@ -46,7 +46,7 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_wrmsr) +#define SCF_IST_MASK (SCF_ist_sc_msr) /* * Some speculative protections are per-domain. These settings are merged diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 66b00d511f..0ff1b118f8 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -266,8 +266,8 @@ .L\@_skip_rsb: - test $SCF_ist_wrmsr, %al - jz .L\@_skip_wrmsr + test $SCF_ist_sc_msr, %al + jz .L\@_skip_msr_spec_ctrl xor %edx, %edx testb $3, UREGS_cs(%rsp) @@ -290,7 +290,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * to speculate around the WRMSR. As a result, we need a dispatch * serialising instruction in the else clause. */ -.L\@_skip_wrmsr: +.L\@_skip_msr_spec_ctrl: lfence UNLIKELY_END(\@_serialise) .endm @@ -301,7 +301,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %rbx=stack_end * Clobbers %rax, %rcx, %rdx */ - testb $SCF_ist_wrmsr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) + testb $SCF_ist_sc_msr, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%rbx) jz .L\@_skip DO_SPEC_CTRL_EXIT_TO_XEN -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Jul 16 00:55:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 16 Jul 2022 00:55:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.368611.599988 (Exim 4.92) (envelope-from ) id 1oCW5a-0007OD-NA; Sat, 16 Jul 2022 00:55:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 368611.599988; Sat, 16 Jul 2022 00:55:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5a-0007O6-Kh; Sat, 16 Jul 2022 00:55:22 +0000 Received: by outflank-mailman (input) for mailman id 368611; Sat, 16 Jul 2022 00:55:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5Z-0007Ny-UN for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5Z-0001ft-TV for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oCW5Z-0006QS-Sk for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QeV8vL6jYhZ+tJM96QLaOq/s2xYmJ7JGpRhtBcY/DiU=; b=N7GTbB6fgsbMvbAxkltDNXfoXV sSCKHnHGdOtUyEhj5s9eIqWTc3DM+2hrNsoKdm9It7oPpSKl47Lzx+JJs9deAUluWboMpYOqkUoC8 EhpLtUKSHoqrol4i5J3pLdrV3AQqZuBNXzkUfWtanPBieVMbnqET66oLHpiLYklEB3Kw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch Message-Id: Date: Sat, 16 Jul 2022 00:55:21 +0000 commit e7671561c84322860875745e57b228a7a310f2bf Author: Andrew Cooper AuthorDate: Mon Jul 4 21:32:17 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch We are about to introduce the use of IBPB at different points in Xen, making opt_ibpb ambiguous. Rename it to opt_ibpb_ctxt_switch. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit a8e5ef079d6f5c88c472e3e620db5a8d1402a50d) --- xen/arch/x86/domain.c | 2 +- xen/arch/x86/spec_ctrl.c | 10 +++++----- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 82a0b73cf6..0d39981550 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2064,7 +2064,7 @@ void context_switch(struct vcpu *prev, struct vcpu *next) ctxt_switch_levelling(next); - if ( opt_ibpb && !is_idle_domain(nextd) ) + if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) ) { static DEFINE_PER_CPU(unsigned int, last); unsigned int *last_id = &this_cpu(last); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 89f95c083e..f4ae36eae2 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -54,7 +54,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb = true; +bool __read_mostly opt_ibpb_ctxt_switch = true; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; static bool __initdata opt_branch_harden = true; @@ -117,7 +117,7 @@ static int __init parse_spec_ctrl(const char *s) opt_thunk = THUNK_JMP; opt_ibrs = 0; - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; opt_ssbd = false; opt_l1d_flush = 0; opt_branch_harden = false; @@ -238,7 +238,7 @@ static int __init parse_spec_ctrl(const char *s) /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) - opt_ibpb = val; + opt_ibpb_ctxt_switch = val; else if ( (val = parse_boolean("eager-fpu", s, ss)) >= 0 ) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) @@ -458,7 +458,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", - opt_ibpb ? " IBPB" : "", + opt_ibpb_ctxt_switch ? " IBPB-ctxt" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm || opt_fb_clear_mmio ? " VERW" : "", @@ -1240,7 +1240,7 @@ void __init init_speculation_mitigations(void) /* Check we have hardware IBPB support before using it... */ if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb = false; + opt_ibpb_ctxt_switch = false; /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index f8f0ac47e7..fb43655756 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -63,7 +63,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb; +extern bool opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Jul 16 00:55:32 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 16 Jul 2022 00:55:32 +0000 Received: from list by lists.xenproject.org with outflank-mailman.368613.599993 (Exim 4.92) (envelope-from ) id 1oCW5k-0007Qy-Oo; Sat, 16 Jul 2022 00:55:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 368613.599993; Sat, 16 Jul 2022 00:55:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5k-0007Qq-MC; Sat, 16 Jul 2022 00:55:32 +0000 Received: by outflank-mailman (input) for mailman id 368613; Sat, 16 Jul 2022 00:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5k-0007Qj-1F for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5k-0001he-0I for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oCW5j-0006Qy-Vp for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Zd2kCQ8NJ9zmktKBe7u6iOXwAAS5ztSdmzQzgPyU1Vw=; b=4zk4ykY7MRGlfiIzxSvIp9CtP5 K/62idjM+QYLAuRq1REKNcalgIsjLn/jW3VO2VBLf8llMDIXhEJYDDoiHag7lAVVRRcwEJX5vcSBr dH2AM6WY6MRdd8/JxPD6CJWZ3KhTr0gIluJwtvEoEBFWBpISybC2Na4PoJIVYnq/2cQ0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST Message-Id: Date: Sat, 16 Jul 2022 00:55:31 +0000 commit 2a9e690a0ad5d54dca4166e089089a07bbe7fc85 Author: Andrew Cooper AuthorDate: Fri Jul 1 15:59:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST We are shortly going to add a conditional IBPB in this path. Therefore, we cannot hold spec_ctrl_flags in %eax, and rely on only clobbering it after we're done with its contents. %rbx is available for use, and the more normal register to hold preserved information in. With %rax freed up, use it instead of %rdx for the RSB tmp register, and for the adjustment to spec_ctrl_flags. This leaves no use of %rdx, except as 0 for the upper half of WRMSR. In practice, %rdx is 0 from SAVE_ALL on all paths and isn't likely to change in the foreseeable future, so update the macro entry requirements to state this dependency. This marginal optimisation can be revisited if circumstances change. No practical change. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e9b8d31981f184c6539f91ec54bd9cae29cdae36) --- xen/arch/x86/x86_64/entry.S | 4 ++-- xen/include/asm-x86/spec_ctrl_asm.h | 21 ++++++++++----------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 2a86938f1f..a1810bf4d3 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -932,7 +932,7 @@ ENTRY(double_fault) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rbx @@ -968,7 +968,7 @@ handle_ist_exception: GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR_IST /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 0ff1b118f8..15e24cde00 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -251,34 +251,33 @@ */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST /* - * Requires %rsp=regs, %r14=stack_end - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY * maybexen=1, but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %eax + movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx - test $SCF_ist_rsb, %al + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb - DO_OVERWRITE_RSB tmp=rdx /* Clobbers %rcx/%rdx */ + DO_OVERWRITE_RSB /* Clobbers %rax/%rcx */ .L\@_skip_rsb: - test $SCF_ist_sc_msr, %al + test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl - xor %edx, %edx + xor %eax, %eax testb $3, UREGS_cs(%rsp) - setnz %dl - not %edx - and %dl, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + setnz %al + not %eax + and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax - xor %edx, %edx wrmsr /* Opencoded UNLIKELY_START() with no condition. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Jul 16 00:55:42 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 16 Jul 2022 00:55:42 +0000 Received: from list by lists.xenproject.org with outflank-mailman.368615.599997 (Exim 4.92) (envelope-from ) id 1oCW5u-0007UI-QF; Sat, 16 Jul 2022 00:55:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 368615.599997; Sat, 16 Jul 2022 00:55:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5u-0007UB-Nj; Sat, 16 Jul 2022 00:55:42 +0000 Received: by outflank-mailman (input) for mailman id 368615; Sat, 16 Jul 2022 00:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5u-0007U2-4c for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW5u-0001ho-3n for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oCW5u-0006RP-31 for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nKtbf1RwTLN+YLukMmoMly86O0yOgvVApb5S1PzdAeg=; b=uVwqmvYvAMv/lWAaIuC43koRW0 k1jjagYCpf5nvaEP+8MEsLw1VRIyBZCKlp3skH//Eet5pjTDQTkkxSUaAi/7DpgecFK9iy9vKk+DG crdtChjVhb8jnrJDO3fqGx5HiOMviqlhjLpTNBxEXl750HE87g1I711kUSl9uW15/6e4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Support IBPB-on-entry Message-Id: Date: Sat, 16 Jul 2022 00:55:42 +0000 commit 76c5fcee9027fb8823dd501086f0ff3ee3c4231c Author: Andrew Cooper AuthorDate: Thu Feb 24 13:44:33 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/spec-ctrl: Support IBPB-on-entry We are going to need this to mitigate Branch Type Confusion on AMD/Hygon CPUs, but as we've talked about using it in other cases too, arrange to support it generally. However, this is also very expensive in some cases, so we're going to want per-domain controls. Introduce SCF_ist_ibpb and SCF_entry_ibpb controls, adding them to the IST and DOM masks as appropriate. Also introduce X86_FEATURE_IBPB_ENTRY_{PV,HVM} to to patch the code blocks. For SVM, the STGI is serialising enough to protect against Spectre-v1 attacks, so no "else lfence" is necessary. VT-x will use use the MSR host load list, so doesn't need any code in the VMExit path. For the IST path, we can't safely check CPL==0 to skip a flush, as we might have hit an entry path before it's IBPB. As IST hitting Xen is rare, flush irrespective of CPL. A later path, SCF_ist_sc_msr, provides Spectre-v1 safety. For the PV paths, we know we're interrupting CPL>0, while for the INTR paths, we can safely check CPL==0. Only flush when interrupting guest context. An "else lfence" is needed for safety, but we want to be able to skip it on unaffected CPUs, so the block wants to be an alternative, which means the lfence has to be inline rather than UNLIKELY() (the replacement block doesn't have displacements fixed up for anything other than the first instruction). As with SPEC_CTRL_ENTRY_FROM_INTR_IST, %rdx is 0 on entry so rely on this to shrink the logic marginally. Update the comments to specify this new dependency. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 53a570b285694947776d5190f591a0d5b9b18de7) --- xen/arch/x86/hvm/svm/entry.S | 18 +++++++++++++- xen/arch/x86/hvm/vmx/vmcs.c | 4 +++ xen/arch/x86/x86_64/compat/entry.S | 2 +- xen/arch/x86/x86_64/entry.S | 12 ++++----- xen/include/asm-x86/cpufeatures.h | 2 ++ xen/include/asm-x86/spec_ctrl.h | 6 +++-- xen/include/asm-x86/spec_ctrl_asm.h | 49 +++++++++++++++++++++++++++++++++++-- 7 files changed, 81 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 4ae55a2ef6..0ff4008060 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -97,7 +97,19 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + + .macro svm_vmexit_cond_ibpb + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + jz .L_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr +.L_skip_ibpb: + .endm + ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM .macro svm_vmexit_spec_ctrl @@ -114,6 +126,10 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ + /* + * STGI is executed unconditionally, and is sufficiently serialising + * to safely resolve any Spectre-v1 concerns in the above logic. + */ stgi GLOBAL(svm_stgi_label) mov %rsp,%rdi diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index f9f9bc18cd..dd817cee4e 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1345,6 +1345,10 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); + if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, + VMX_MSR_HOST); + out: vmx_vmcs_exit(v); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 5fd6dbbd45..b86d38d1c5 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -18,7 +18,7 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, 4(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ CR4_PV32_RESTORE diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index a1810bf4d3..fba8ae498f 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -260,7 +260,7 @@ ENTRY(lstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -298,7 +298,7 @@ ENTRY(cstar_enter) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -338,7 +338,7 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -392,7 +392,7 @@ ENTRY(int80_direct_trap) movl $0x80, 4(%rsp) SAVE_ALL - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ GET_STACK_END(bx) @@ -674,7 +674,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -708,7 +708,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 493d338a08..672c9ee22b 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -39,6 +39,8 @@ XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ +XEN_CPUFEATURE(IBPB_ENTRY_PV, X86_SYNTH(28)) /* MSR_PRED_CMD used by Xen for PV */ +XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for HVM */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index fb43655756..3fc599a817 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -34,6 +34,8 @@ #define SCF_ist_sc_msr (1 << 1) #define SCF_ist_rsb (1 << 2) #define SCF_verw (1 << 3) +#define SCF_ist_ibpb (1 << 4) +#define SCF_entry_ibpb (1 << 5) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -46,13 +48,13 @@ * These are the controls to inhibit on the S3 resume path until microcode has * been reloaded. */ -#define SCF_IST_MASK (SCF_ist_sc_msr) +#define SCF_IST_MASK (SCF_ist_sc_msr | SCF_ist_ibpb) /* * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 15e24cde00..9eb4ad9ab7 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -88,6 +88,35 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ +.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +/* + * Requires %rsp=regs (also cpuinfo if !maybexen) + * Requires %r14=stack_end (if maybexen), %rdx=0 + * Clobbers %rax, %rcx, %rdx + * + * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen + * case, we can safely look at UREGS_cs to skip taking the hit when + * interrupting Xen. + */ + .if \maybexen + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + jz .L\@_skip + testb $3, UREGS_cs(%rsp) + .else + testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + .endif + jz .L\@_skip + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + jmp .L\@_done + +.L\@_skip: + lfence +.L\@_done: +.endm + .macro DO_OVERWRITE_RSB tmp=rax /* * Requires nothing @@ -225,12 +254,16 @@ /* Use after an entry from PV context (syscall/sysenter/int80/int82/etc). */ #define SPEC_CTRL_ENTRY_FROM_PV \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV /* Use in interrupt/exception context. May interrupt Xen or PV context. */ #define SPEC_CTRL_ENTRY_FROM_INTR \ + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ + X86_FEATURE_IBPB_ENTRY_PV; \ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV; \ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV @@ -254,11 +287,23 @@ * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rbx, %rcx, %rdx * - * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY - * maybexen=1, but with conditionals rather than alternatives. + * This is logical merge of: + * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_OVERWRITE_RSB + * DO_SPEC_CTRL_ENTRY maybexen=1 + * but with conditionals rather than alternatives. */ movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + test $SCF_ist_ibpb, %bl + jz .L\@_skip_ibpb + + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + wrmsr + +.L\@_skip_ibpb: + test $SCF_ist_rsb, %bl jz .L\@_skip_rsb -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Jul 16 00:55:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 16 Jul 2022 00:55:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.368616.600001 (Exim 4.92) (envelope-from ) id 1oCW64-0007Yg-Ry; Sat, 16 Jul 2022 00:55:52 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 368616.600001; Sat, 16 Jul 2022 00:55:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW64-0007YY-PK; Sat, 16 Jul 2022 00:55:52 +0000 Received: by outflank-mailman (input) for mailman id 368616; Sat, 16 Jul 2022 00:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW64-0007YP-7s for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW64-0001i3-75 for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oCW64-0006Rq-6M for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=J/edmEkqjZA9n3MA2A2S0TajU7Qwtz1xluNcAWBwHTA=; b=5nclLU6JeD0IJrzyKN04rMhfva lCM5bRATsgANzgC+ktWa8ZdoHbdpW45369c7ONQQw3zDbMbvzWHrav5Jxu+jmmm9P0ObI3eBBl01x hsv/mjd6FJyZQIGtI3kbCvNjNXw6lR5FrIY9aLFYUZEdnctHz43dnHV0SpD6HFbeBRSM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/cpuid: Enumeration for BTC_NO Message-Id: Date: Sat, 16 Jul 2022 00:55:52 +0000 commit 0826c7596d35c887b3b7858137c7ac374d9ef17a Author: Andrew Cooper AuthorDate: Mon May 16 15:48:24 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/cpuid: Enumeration for BTC_NO BTC_NO indicates that hardware is not succeptable to Branch Type Confusion. Zen3 CPUs don't suffer BTC. This is part of XSA-407. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 76cb04ad64f3ab9ae785988c40655a71dde9c319) --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/cpu/amd.c | 10 ++++++++++ xen/arch/x86/spec_ctrl.c | 5 +++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index d462f9e421..bf6fdee360 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -288,6 +288,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1}, {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, + {"btc-no", 0x80000008, NA, CPUID_REG_EBX, 29, 1}, {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index bc7dcf5575..fe22f5f5b6 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -158,7 +158,7 @@ static const char *const str_e8b[32] = /* [22] */ [23] = "ppin", [24] = "amd-ssbd", [25] = "virt-ssbd", [26] = "ssb-no", - [28] = "psfd", + [28] = "psfd", [29] = "btc-no", }; static const char *const str_7d0[32] = diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index b3b9a0df5f..b158e3acb5 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -847,6 +847,16 @@ static void init_amd(struct cpuinfo_x86 *c) warning_add(text); } break; + + case 0x19: + /* + * Zen3 (Fam19h model < 0x10) parts are not susceptible to + * Branch Type Confusion, but predate the allocation of the + * BTC_NO bit. Fill it back in if we're not virtualised. + */ + if (!cpu_has_hypervisor && !cpu_has(c, X86_FEATURE_BTC_NO)) + __set_bit(X86_FEATURE_BTC_NO, c->x86_capability); + break; } display_cacheinfo(c); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index f4ae36eae2..0f101c057f 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -388,7 +388,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * Hardware read-only information, stating immunity to certain issues, or * suggestions of which mitigation to use. */ - printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", @@ -403,7 +403,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (e8b & cpufeat_mask(X86_FEATURE_IBRS_ALWAYS)) ? " IBRS_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", - (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : ""); + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : "", + (e8b & cpufeat_mask(X86_FEATURE_BTC_NO)) ? " BTC_NO" : ""); /* Hardware features which need driving to mitigate issues. */ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 743b857dcd..e7b8167800 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -266,6 +266,7 @@ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(BTC_NO, 8*32+29) /*A Hardware not vulnerable to Branch Type Confusion */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Jul 16 00:56:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 16 Jul 2022 00:56:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.368617.600005 (Exim 4.92) (envelope-from ) id 1oCW6F-0007bm-VA; Sat, 16 Jul 2022 00:56:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 368617.600005; Sat, 16 Jul 2022 00:56:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW6F-0007be-SJ; Sat, 16 Jul 2022 00:56:03 +0000 Received: by outflank-mailman (input) for mailman id 368617; Sat, 16 Jul 2022 00:56:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW6E-0007bP-Dl for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:56:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW6E-0001iQ-A5 for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:56:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oCW6E-0006SU-9S for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=T3wGhkuv4qlH6hZcVoQNT7Hg2pnclc6PsPAN/65FnUI=; b=w9ovhVLTtLy0b9D3hs28TS12RP L8YA1e3mlPMHPIwnDNglB1Tq8c7WB4fW+BqDHduJKTF5b/ccpAnjDL1Q5MV7aBuVpMN9C+BbfkGSN GTkvc4v5QmZ6a0DTukFvjJrGmzm010o+WQ8dWC5+Dsas/+a2ymDN4k4219+CDmch/BxI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Enable Zen2 chickenbit Message-Id: Date: Sat, 16 Jul 2022 00:56:02 +0000 commit 5457a6870eb1369b868f7b8e833966ed43a773ad Author: Andrew Cooper AuthorDate: Tue Mar 15 18:30:25 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/spec-ctrl: Enable Zen2 chickenbit ... as instructed in the Branch Type Confusion whitepaper. This is part of XSA-407. Signed-off-by: Andrew Cooper (cherry picked from commit 9deaf2d932f08c16c6b96a1c426e4b1142c0cdbe) --- xen/arch/x86/cpu/amd.c | 28 ++++++++++++++++++++++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 6 ++++++ xen/include/asm-x86/msr-index.h | 1 + 4 files changed, 36 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index b158e3acb5..37ac84ddd7 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -731,6 +731,31 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) printk_once(XENLOG_ERR "No SSBD controls available\n"); } +/* + * On Zen2 we offer this chicken (bit) on the altar of Speculation. + * + * Refer to the AMD Branch Type Confusion whitepaper: + * https://XXX + * + * Setting this unnamed bit supposedly causes prediction information on + * non-branch instructions to be ignored. It is to be set unilaterally in + * newer microcode. + * + * This chickenbit is something unrelated on Zen1, and Zen1 vs Zen2 isn't a + * simple model number comparison, so use STIBP as a heuristic to separate the + * two uarches in Fam17h(AMD)/18h(Hygon). + */ +void amd_init_spectral_chicken(void) +{ + uint64_t val, chickenbit = 1 << 1; + + if (cpu_has_hypervisor || !boot_cpu_has(X86_FEATURE_AMD_STIBP)) + return; + + if (rdmsr_safe(MSR_AMD64_DE_CFG2, val) == 0 && !(val & chickenbit)) + wrmsr_safe(MSR_AMD64_DE_CFG2, val | chickenbit); +} + void __init detect_zen2_null_seg_behaviour(void) { uint64_t base; @@ -796,6 +821,9 @@ static void init_amd(struct cpuinfo_x86 *c) amd_init_ssbd(c); + if (c->x86 == 0x17) + amd_init_spectral_chicken(); + /* Probe for NSCB on Zen2 CPUs when not virtualised */ if (!cpu_has_hypervisor && !cpu_has_nscb && c == &boot_cpu_data && c->x86 == 0x17) diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index b593bd85f0..145bc5156a 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -22,4 +22,5 @@ void early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); +void amd_init_spectral_chicken(void); void detect_zen2_null_seg_behaviour(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index cdc94130dd..6f8d491297 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -40,6 +40,12 @@ static void init_hygon(struct cpuinfo_x86 *c) c->x86 == 0x18) detect_zen2_null_seg_behaviour(); + /* + * TODO: Check heuristic safety with Hygon first + if (c->x86 == 0x18) + amd_init_spectral_chicken(); + */ + /* * Hygon CPUs before Zen2 don't clear segment bases/limits when * loading a NULL selector. diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 72bc32ba04..d3735e499e 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -361,6 +361,7 @@ #define MSR_AMD64_DE_CFG 0xc0011029 #define AMD64_DE_CFG_LFENCE_SERIALISE (_AC(1, ULL) << 1) #define MSR_AMD64_EX_CFG 0xc001102c +#define MSR_AMD64_DE_CFG2 0xc00110e3 #define MSR_AMD64_DR0_ADDRESS_MASK 0xc0011027 #define MSR_AMD64_DR1_ADDRESS_MASK 0xc0011019 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Jul 16 00:56:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 16 Jul 2022 00:56:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.368618.600010 (Exim 4.92) (envelope-from ) id 1oCW6Q-0007eL-0d; Sat, 16 Jul 2022 00:56:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 368618.600010; Sat, 16 Jul 2022 00:56:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW6P-0007eB-Tq; Sat, 16 Jul 2022 00:56:13 +0000 Received: by outflank-mailman (input) for mailman id 368618; Sat, 16 Jul 2022 00:56:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW6O-0007dz-Dz for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:56:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCW6O-0001ia-D2 for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:56:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oCW6O-0006T1-CX for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 00:56:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ff1MzM+Z9Bv9I/ei5/DciTKPME933oIZG9xpctu+czA=; b=YK8vUSAVMeXwyVyPEEIkggLwXO /buXW3Nl5R75zzIugSQ6xqnKg6Eu24Qns20PlUBdG7C305GVIwxcspoVGAXR4j0cc/uYBo5S0O6w1 JGvSeTCSB38U04MQ8tvusIlzghkWOfAbkx2zYyuh/ZDZu62L2vHk1+lMKYMc+uuqskeI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Mitigate Branch Type Confusion when possible Message-Id: Date: Sat, 16 Jul 2022 00:56:12 +0000 commit 0a5387a01165b46c8c85e7f7e2ddbe60a7f5db44 Author: Andrew Cooper AuthorDate: Mon Jun 27 19:29:40 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 12 16:25:33 2022 +0100 x86/spec-ctrl: Mitigate Branch Type Confusion when possible Branch Type Confusion affects AMD/Hygon CPUs on Zen2 and earlier. To mitigate, we require SMT safety (STIBP on Zen2, no-SMT on Zen1), and to issue an IBPB on each entry to Xen, to flush the BTB. Due to performance concerns, dom0 (which is trusted in most configurations) is excluded from protections by default. Therefore: * Use STIBP by default on Zen2 too, which now means we want it on by default on all hardware supporting STIBP. * Break the current IBPB logic out into a new function, extending it with IBPB-at-entry logic. * Change the existing IBPB-at-ctxt-switch boolean to be tristate, and disable it by default when IBPB-at-entry is providing sufficient safety. If all PV guests on the system are trusted, then it is recommended to boot with `spec-ctrl=ibpb-entry=no-pv`, as this will provide an additional marginal perf improvement. This is part of XSA-407 / CVE-2022-23825. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit d8cb7e0f069e0f106d24941355b59b45a731eabe) --- docs/misc/xen-command-line.pandoc | 14 +++-- xen/arch/x86/spec_ctrl.c | 113 ++++++++++++++++++++++++++++++++++---- xen/include/asm-x86/spec_ctrl.h | 2 +- 3 files changed, 112 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 1bbdb55129..bd6826d0ae 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2234,7 +2234,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,md-clear}=|{pv,hvm}=, +> {msr-sc,rsb,md-clear,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}= ]` @@ -2259,9 +2259,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=` and `md-clear=` options offer fine -grained control over the primitives by Xen. These impact Xen's ability to -protect itself, and/or Xen's ability to virtualise support for guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `md-clear=` and `ibpb-entry=` options +offer fine grained control over the primitives by Xen. These impact Xen's +ability to protect itself, and/or Xen's ability to virtualise support for +guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2280,6 +2281,11 @@ protect itself, and/or Xen's ability to virtualise support for guests to use. compatibility with development versions of this fix, `mds=` is also accepted on Xen 4.12 and earlier as an alias. Consult vendor documentation in preference to here.* +* `ibpb-entry=` offers control over whether IBPB (Indirect Branch Prediction + Barrier) is used on entry to Xen. This is used by default on hardware + vulnerable to Branch Type Confusion, but for performance reasons, dom0 is + unprotected by default. If it necessary to protect dom0 too, boot with + `spec-ctrl=ibpb-entry`. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0f101c057f..1d9796c34d 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -39,6 +39,10 @@ static bool __initdata opt_rsb_hvm = true; static int8_t __read_mostly opt_md_clear_pv = -1; static int8_t __read_mostly opt_md_clear_hvm = -1; +static int8_t __read_mostly opt_ibpb_entry_pv = -1; +static int8_t __read_mostly opt_ibpb_entry_hvm = -1; +static bool __read_mostly opt_ibpb_entry_dom0; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -54,7 +58,7 @@ int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; -bool __read_mostly opt_ibpb_ctxt_switch = true; +int8_t __read_mostly opt_ibpb_ctxt_switch = -1; int8_t __read_mostly opt_eager_fpu = -1; int8_t __read_mostly opt_l1d_flush = -1; static bool __initdata opt_branch_harden = true; @@ -114,6 +118,9 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = false; opt_md_clear_pv = 0; opt_md_clear_hvm = 0; + opt_ibpb_entry_pv = 0; + opt_ibpb_entry_hvm = 0; + opt_ibpb_entry_dom0 = false; opt_thunk = THUNK_JMP; opt_ibrs = 0; @@ -140,12 +147,14 @@ static int __init parse_spec_ctrl(const char *s) opt_msr_sc_pv = val; opt_rsb_pv = val; opt_md_clear_pv = val; + opt_ibpb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { opt_msr_sc_hvm = val; opt_rsb_hvm = val; opt_md_clear_hvm = val; + opt_ibpb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -210,6 +219,28 @@ static int __init parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("ibpb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_ibpb_entry_pv = opt_ibpb_entry_hvm = + opt_ibpb_entry_dom0 = val; + break; + + case -2: + s += strlen("ibpb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_ibpb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_ibpb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -477,27 +508,31 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -759,6 +794,55 @@ static bool __init should_use_eager_fpu(void) } } +static void __init ibpb_calculations(void) +{ + /* Check we have hardware IBPB support before using it... */ + if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) + { + opt_ibpb_entry_hvm = opt_ibpb_entry_pv = opt_ibpb_ctxt_switch = 0; + opt_ibpb_entry_dom0 = false; + return; + } + + /* + * IBPB-on-entry mitigations for Branch Type Confusion. + * + * IBPB && !BTC_NO selects all AMD/Hygon hardware, not known to be safe, + * that we can provide some form of mitigation on. + */ + if ( opt_ibpb_entry_pv == -1 ) + opt_ibpb_entry_pv = (IS_ENABLED(CONFIG_PV) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + if ( opt_ibpb_entry_hvm == -1 ) + opt_ibpb_entry_hvm = (IS_ENABLED(CONFIG_HVM) && + boot_cpu_has(X86_FEATURE_IBPB) && + !boot_cpu_has(X86_FEATURE_BTC_NO)); + + if ( opt_ibpb_entry_pv ) + { + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_PV); + + /* + * We only need to flush in IST context if we're protecting against PV + * guests. HVM IBPB-on-entry protections are both atomic with + * NMI/#MC, so can't interrupt Xen ahead of having already flushed the + * BTB. + */ + default_spec_ctrl_flags |= SCF_ist_ibpb; + } + if ( opt_ibpb_entry_hvm ) + setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); + + /* + * If we're using IBPB-on-entry to protect against PV and HVM guests + * (ignoring dom0 if trusted), then there's no need to also issue IBPB on + * context switch too. + */ + if ( opt_ibpb_ctxt_switch == -1 ) + opt_ibpb_ctxt_switch = !(opt_ibpb_entry_hvm && opt_ibpb_entry_pv); +} + /* Calculate whether this CPU is vulnerable to L1TF. */ static __init void l1tf_calculations(uint64_t caps) { @@ -1014,8 +1098,12 @@ void spec_ctrl_init_domain(struct domain *d) bool verw = ((pv ? opt_md_clear_pv : opt_md_clear_hvm) || (opt_fb_clear_mmio && is_iommu_enabled(d))); + bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && + (d->domain_id != 0 || opt_ibpb_entry_dom0)); + d->arch.spec_ctrl_flags = (verw ? SCF_verw : 0) | + (ibpb ? SCF_entry_ibpb : 0) | 0; } @@ -1162,12 +1250,15 @@ void __init init_speculation_mitigations(void) } /* - * Use STIBP by default if the hardware hint is set. Otherwise, leave it - * off as it a severe performance pentalty on pre-eIBRS Intel hardware - * where it was retrofitted in microcode. + * Use STIBP by default on all AMD systems. Zen3 and later enumerate + * STIBP_ALWAYS, but STIBP is needed on Zen2 as part of the mitigations + * for Branch Type Confusion. + * + * Leave STIBP off by default on Intel. Pre-eIBRS systems suffer a + * substantial perf hit when it was implemented in microcode. */ if ( opt_stibp == -1 ) - opt_stibp = !!boot_cpu_has(X86_FEATURE_STIBP_ALWAYS); + opt_stibp = !!boot_cpu_has(X86_FEATURE_AMD_STIBP); if ( opt_stibp && (boot_cpu_has(X86_FEATURE_STIBP) || boot_cpu_has(X86_FEATURE_AMD_STIBP)) ) @@ -1239,9 +1330,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_hvm ) setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM); - /* Check we have hardware IBPB support before using it... */ - if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) - opt_ibpb_ctxt_switch = false; + ibpb_calculations(); /* Check whether Eager FPU should be enabled by default. */ if ( opt_eager_fpu == -1 ) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 3fc599a817..9403b81dc7 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -65,7 +65,7 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -extern bool opt_ibpb_ctxt_switch; +extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Jul 16 16:55:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 16 Jul 2022 16:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.368853.600277 (Exim 4.92) (envelope-from ) id 1oCl4J-0007g4-1u; Sat, 16 Jul 2022 16:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 368853.600277; Sat, 16 Jul 2022 16:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCl4I-0007fw-Uv; Sat, 16 Jul 2022 16:55:02 +0000 Received: by outflank-mailman (input) for mailman id 368853; Sat, 16 Jul 2022 16:55:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCl4H-0007eM-Sf for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 16:55:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCl4H-0001Wa-Ri for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 16:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oCl4H-0000ym-Qa for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 16:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3rehPcvXroD6Gx6D3eUkgTDCHQdY7aDBKKNnyzfZNY4=; b=Rg5v4hzLDMWmn8WvbxElUAyEwQ fDC6Xmq7OFUTw3P99iIsXmaoQYbABbAv8lQmkAu/nDzgFhd3f4FypXo3ZMLiPh0Pfvv3bMnGWVJ8e B/18879sFLlYcZp1EjtkbgK3nHBX6W0PPENL8q/MRny63rqjr9ELJ6fCG+Oe8/E5h6lk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: Introduce $AWK in check-endbr.sh Message-Id: Date: Sat, 16 Jul 2022 16:55:01 +0000 commit f717590f571fa9b87010f63d078871e389f2b9f9 Author: Anthony PERARD AuthorDate: Thu Jul 14 15:39:07 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Jul 15 12:55:16 2022 +0100 xen: Introduce $AWK in check-endbr.sh Signed-off-by: Anthony PERARD Acked-by: Andrew Cooper --- xen/tools/check-endbr.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/tools/check-endbr.sh b/xen/tools/check-endbr.sh index 552f233912..f633846b0f 100755 --- a/xen/tools/check-endbr.sh +++ b/xen/tools/check-endbr.sh @@ -10,6 +10,7 @@ MSG_PFX="${0##*/} ${1##*/}" OBJCOPY="${OBJCOPY:-objcopy}" OBJDUMP="${OBJDUMP:-objdump}" ADDR2LINE="${ADDR2LINE:-addr2line}" +AWK="${AWK:-awk}" D=$(mktemp -d) trap "rm -rf $D" EXIT @@ -64,7 +65,7 @@ ${OBJDUMP} -j .text $1 -d -w | grep ' endbr64 *$' | cut -f 1 -d ':' > $VALID & # numbers, which don't lose precision. # eval $(${OBJDUMP} -j .text $1 -h | - awk '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}') + $AWK '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}') ${OBJCOPY} -j .text $1 -O binary $TEXT_BIN @@ -78,7 +79,7 @@ then else grep -aob -e "$(printf '\363\17\36\372')" -e "$(printf '\363\17\36\373')" \ -e "$(printf '\146\17\37\1')" $TEXT_BIN -fi | awk -F':' '{printf "%s%x\n", "'$vma_hi'", int(0x'$vma_lo') + $1}' > $ALL +fi | $AWK -F':' '{printf "%s%x\n", "'$vma_hi'", int(0x'$vma_lo') + $1}' > $ALL # Wait for $VALID to become complete wait -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Jul 16 16:55:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 16 Jul 2022 16:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.368856.600282 (Exim 4.92) (envelope-from ) id 1oCl4T-0007pl-3Q; Sat, 16 Jul 2022 16:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 368856.600282; Sat, 16 Jul 2022 16:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCl4T-0007pb-0U; Sat, 16 Jul 2022 16:55:13 +0000 Received: by outflank-mailman (input) for mailman id 368856; Sat, 16 Jul 2022 16:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCl4R-0007o8-Vb for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 16:55:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oCl4R-0001We-Uj for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 16:55:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oCl4R-0001Ww-U0 for xen-changelog@lists.xenproject.org; Sat, 16 Jul 2022 16:55:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dpRnoLH/K1DZB/7L9lEwMaL7/5gvHkX76qMQGxJ9H/E=; b=Hv9J/wHkBU6nG3wbwpUKfz1yAn DIvRtjBS2rB/sWzPBxGDAuGOd/4omU2xLn1GsQVzBNHvloSCGik6dPG1bj+jE8JM7ghuZJEkn6V0M 7r9Mishb5xYD0+68VPnterroX8H1KYYTH8TOm35nFLdGG9ihPCOPzDeXHgfXNKHB/5e0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] README: State POSIX compatibility as a requirement for AWK Message-Id: Date: Sat, 16 Jul 2022 16:55:11 +0000 commit ab2977b027acbbd33a7eecda854d1911a7702f8b Author: Andrew Cooper AuthorDate: Thu Jul 14 19:45:36 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Jul 15 12:55:16 2022 +0100 README: State POSIX compatibility as a requirement for AWK In particular, we support FreeBSD and NetBSD build environments, and some Linux build environments use MAWK over GAWK anyway. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- README | 1 + 1 file changed, 1 insertion(+) diff --git a/README b/README index 5e55047ffd..89a1d0b43c 100644 --- a/README +++ b/README @@ -48,6 +48,7 @@ provided by your OS distributor: - For ARM 64-bit: - GCC 5.1 or later - GNU Binutils 2.24 or later + * POSIX compatible awk * Development install of zlib (e.g., zlib-dev) * Development install of Python 2.6 or later (e.g., python-dev) * Development install of curses (e.g., libncurses-dev) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sun Jul 17 13:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 17 Jul 2022 13:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369072.600439 (Exim 4.92) (envelope-from ) id 1oD437-00016Q-Oc; Sun, 17 Jul 2022 13:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369072.600439; Sun, 17 Jul 2022 13:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oD437-00016I-Lz; Sun, 17 Jul 2022 13:11:05 +0000 Received: by outflank-mailman (input) for mailman id 369072; Sun, 17 Jul 2022 13:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oD436-00015w-Mo for xen-changelog@lists.xenproject.org; Sun, 17 Jul 2022 13:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oD436-0005uK-Ls for xen-changelog@lists.xenproject.org; Sun, 17 Jul 2022 13:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oD436-0000cd-L3 for xen-changelog@lists.xenproject.org; Sun, 17 Jul 2022 13:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sFkNYr/D6st3wbc8tG5tJ8LObIp9KZAOosAC7CsKX9c=; b=jY6XW9Z2cElzQD9lt63fRvPixk DitItKZkykU7WBHThAN53bO172gZm6Lk3XZSGkiY4v2jaIfcBSPnb93I8JgiXUSyILNHdVN/CEFkz t5Uy+wK5SNlNc9vb//gFEvsJvTGxw620oetxqVYcm7R33XSVHKwARrggsQFL/UQiAuVU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm32: head.S: Introduce a macro to load the physical address of a symbol Message-Id: Date: Sun, 17 Jul 2022 13:11:04 +0000 commit d07358f2dccd7efb3f113314c9dda17db194a996 Author: Julien Grall AuthorDate: Sat Jul 16 15:33:47 2022 +0100 Commit: Julien Grall CommitDate: Sun Jul 17 14:10:08 2022 +0100 xen/arm32: head.S: Introduce a macro to load the physical address of a symbol A lot of places in the ARM32 assembly requires to load the physical address of a symbol. Rather than open-coding the translation, introduce a new macro that will load the phyiscal address of a symbol. Lastly, use the new macro to replace all the current open-coded version. Note that most of the comments associated to the code changed have been removed because the code is now self-explanatory. Signed-off-by: Julien Grall Reviewed-by: Michal Orzel Reviewed-by: Bertrand Marquis --- xen/arch/arm/arm32/head.S | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/arm32/head.S b/xen/arch/arm/arm32/head.S index c837d3054c..77f0a619ca 100644 --- a/xen/arch/arm/arm32/head.S +++ b/xen/arch/arm/arm32/head.S @@ -65,6 +65,11 @@ .endif .endm +.macro load_paddr rb, sym + ldr \rb, =\sym + add \rb, \rb, r10 +.endm + /* * Common register usage in this file: * r0 - @@ -157,8 +162,7 @@ past_zImage: /* Using the DTB in the .dtb section? */ .ifnes CONFIG_DTB_FILE,"" - ldr r8, =_sdtb - add r8, r10 /* r8 := paddr(DTB) */ + load_paddr r8, _stdb .endif /* Initialize the UART if earlyprintk has been enabled. */ @@ -208,8 +212,7 @@ GLOBAL(init_secondary) mrc CP32(r1, MPIDR) bic r7, r1, #(~MPIDR_HWID_MASK) /* Mask out flags to get CPU ID */ - ldr r0, =smp_up_cpu - add r0, r0, r10 /* Apply physical offset */ + load_paddr r0, smp_up_cpu dsb 2: ldr r1, [r0] cmp r1, r7 @@ -376,8 +379,7 @@ ENDPROC(cpu_init) and r1, r1, r2 /* r1 := slot in \tlb */ lsl r1, r1, #3 /* r1 := slot offset in \tlb */ - ldr r4, =\tbl - add r4, r4, r10 /* r4 := paddr(\tlb) */ + load_paddr r4, \tbl movw r2, #PT_PT /* r2:r3 := right for linear PT */ orr r2, r2, r4 /* + \tlb paddr */ @@ -536,8 +538,7 @@ enable_mmu: dsb nsh /* Write Xen's PT's paddr into the HTTBR */ - ldr r0, =boot_pgtable - add r0, r0, r10 /* r0 := paddr (boot_pagetable) */ + load_paddr r0, boot_pgtable mov r1, #0 /* r0:r1 is paddr (boot_pagetable) */ mcrr CP64(r0, r1, HTTBR) isb @@ -782,10 +783,8 @@ ENTRY(lookup_processor_type) */ __lookup_processor_type: mrc CP32(r0, MIDR) /* r0 := our cpu id */ - ldr r1, = __proc_info_start - add r1, r1, r10 /* r1 := paddr of table (start) */ - ldr r2, = __proc_info_end - add r2, r2, r10 /* r2 := paddr of table (end) */ + load_paddr r1, __proc_info_start + load_paddr r2, __proc_info_end 1: ldr r3, [r1, #PROCINFO_cpu_mask] and r4, r0, r3 /* r4 := our cpu id with mask */ ldr r3, [r1, #PROCINFO_cpu_val] /* r3 := cpu val in current proc info */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sun Jul 17 13:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 17 Jul 2022 13:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369074.600443 (Exim 4.92) (envelope-from ) id 1oD43H-00018k-Q8; Sun, 17 Jul 2022 13:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369074.600443; Sun, 17 Jul 2022 13:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oD43H-00018a-Na; Sun, 17 Jul 2022 13:11:15 +0000 Received: by outflank-mailman (input) for mailman id 369074; Sun, 17 Jul 2022 13:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oD43G-00018Q-Pk for xen-changelog@lists.xenproject.org; Sun, 17 Jul 2022 13:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oD43G-0005uS-Ow for xen-changelog@lists.xenproject.org; Sun, 17 Jul 2022 13:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oD43G-0000dD-O5 for xen-changelog@lists.xenproject.org; Sun, 17 Jul 2022 13:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ytcXNZPcXEBclpdg2z3bPOXwL01s/0mRNxDgvI4Opwo=; b=Q4yv7R+gs03hi4AHmUcvZKqi/L /F1ujLVYMwJmbM4/8XjSDmyo470rnkhAp8MyqhbMFjGTHoI82kZbesJOb5YThM6bBDF2+42iGbiNT u2rO9gJTfWQQkjLGWpMd/xPs44F0o4cb9D1V4NGuhltEUCivZrA/qGS3bRWJvpfFT1e4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: head: Add missing isb after writing to SCTLR_EL2/HSCTLR Message-Id: Date: Sun, 17 Jul 2022 13:11:14 +0000 commit 25424d1a6b7b7e875230aba77c2f044a4883e49a Author: Julien Grall AuthorDate: Sat Jul 16 15:34:07 2022 +0100 Commit: Julien Grall CommitDate: Sun Jul 17 14:10:08 2022 +0100 xen/arm: head: Add missing isb after writing to SCTLR_EL2/HSCTLR Write to SCTLR_EL2/HSCTLR may not be visible until the next context synchronization. When initializing the CPU, we want the update to take effect right now. So add an isb afterwards. Spec references: - AArch64: D13.1.2 ARM DDI 0406C.d - AArch32 v8: G8.1.2 ARM DDI 0406C.d - AArch32 v7: B5.6.3 ARM DDI 0406C.d Signed-off-by: Julien Grall Reviewed-by: Michal Orzel Reviewed-by: Bertrand Marquis --- xen/arch/arm/arm32/head.S | 1 + xen/arch/arm/arm64/head.S | 1 + 2 files changed, 2 insertions(+) diff --git a/xen/arch/arm/arm32/head.S b/xen/arch/arm/arm32/head.S index 77f0a619ca..98ccf18b51 100644 --- a/xen/arch/arm/arm32/head.S +++ b/xen/arch/arm/arm32/head.S @@ -353,6 +353,7 @@ cpu_init_done: ldr r0, =HSCTLR_SET mcr CP32(r0, HSCTLR) + isb mov pc, r5 /* Return address is in r5 */ ENDPROC(cpu_init) diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S index 109ae7de0c..1babcc65d7 100644 --- a/xen/arch/arm/arm64/head.S +++ b/xen/arch/arm/arm64/head.S @@ -486,6 +486,7 @@ cpu_init: ldr x0, =SCTLR_EL2_SET msr SCTLR_EL2, x0 + isb /* * Ensure that any exceptions encountered at EL2 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sun Jul 17 13:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 17 Jul 2022 13:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369075.600447 (Exim 4.92) (envelope-from ) id 1oD43R-0001BS-Rk; Sun, 17 Jul 2022 13:11:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369075.600447; Sun, 17 Jul 2022 13:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oD43R-0001BI-P3; Sun, 17 Jul 2022 13:11:25 +0000 Received: by outflank-mailman (input) for mailman id 369075; Sun, 17 Jul 2022 13:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oD43Q-0001B9-Sq for xen-changelog@lists.xenproject.org; Sun, 17 Jul 2022 13:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oD43Q-0005ug-Rx for xen-changelog@lists.xenproject.org; Sun, 17 Jul 2022 13:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oD43Q-0000e5-RA for xen-changelog@lists.xenproject.org; Sun, 17 Jul 2022 13:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=afrHiftuD/eUlAsRi/4+IYr2bZmI4w5+Y5wO8dNCgY8=; b=XgFnczq2ZnigpgEDp701i+tQDh /ireWy+RFWw6N+S7A2uC6Gfe5eQZjkkNxV/M+HNbJ2NaAXKwhaqpbTYeldWEc/oHdhSPPzj+eoFr7 MhblaKVHA6NprM/BF5y4t70Dvs/R0t3Tzg8GkEEpi/vp6Vt5jlNt9fu4N3omj2ccCEX0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: mm: Add more ASSERT() in {destroy, modify}_xen_mappings() Message-Id: Date: Sun, 17 Jul 2022 13:11:24 +0000 commit 9b962e618313109882b6ca78cf1e09f43c9d6e62 Author: Julien Grall AuthorDate: Sat Jul 16 15:37:57 2022 +0100 Commit: Julien Grall CommitDate: Sun Jul 17 14:10:08 2022 +0100 xen/arm: mm: Add more ASSERT() in {destroy, modify}_xen_mappings() Both destroy_xen_mappings() and modify_xen_mappings() will take in parameter a range [start, end[. Both end should be page aligned. Add extra ASSERT() to ensure start and end are page aligned. Take the opportunity to rename 'v' to 's' to be consistent with the other helper. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis ---- Changes in v2: - Also modify prototype. Note that on x86, the first parameter was not matching in the declaration and prototype. - Add Bertrand's reviewed-by --- xen/arch/arm/mm.c | 10 +++++++--- xen/include/xen/mm.h | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 009b8cd9ef..9a2a29abe2 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1368,14 +1368,18 @@ int populate_pt_range(unsigned long virt, unsigned long nr_mfns) return xen_pt_update(virt, INVALID_MFN, nr_mfns, _PAGE_POPULATE); } -int destroy_xen_mappings(unsigned long v, unsigned long e) +int destroy_xen_mappings(unsigned long s, unsigned long e) { - ASSERT(v <= e); - return xen_pt_update(v, INVALID_MFN, (e - v) >> PAGE_SHIFT, 0); + ASSERT(IS_ALIGNED(s, PAGE_SIZE)); + ASSERT(IS_ALIGNED(e, PAGE_SIZE)); + ASSERT(s <= e); + return xen_pt_update(s, INVALID_MFN, (e - s) >> PAGE_SHIFT, 0); } int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int flags) { + ASSERT(IS_ALIGNED(s, PAGE_SIZE)); + ASSERT(IS_ALIGNED(e, PAGE_SIZE)); ASSERT(s <= e); return xen_pt_update(s, INVALID_MFN, (e - s) >> PAGE_SHIFT, flags); } diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 3be754da92..6dee421bb8 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -101,7 +101,7 @@ int map_pages_to_xen( unsigned int flags); /* Alter the permissions of a range of Xen virtual address space. */ int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int flags); -int destroy_xen_mappings(unsigned long v, unsigned long e); +int destroy_xen_mappings(unsigned long s, unsigned long e); /* Retrieve the MFN mapped by VA in Xen virtual address space. */ mfn_t xen_map_to_mfn(unsigned long va); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sun Jul 17 13:22:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 17 Jul 2022 13:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369076.600450 (Exim 4.92) (envelope-from ) id 1oD4Dl-0002J0-Kl; Sun, 17 Jul 2022 13:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369076.600450; Sun, 17 Jul 2022 13:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oD4Dl-0002It-IH; Sun, 17 Jul 2022 13:22:05 +0000 Received: by outflank-mailman (input) for mailman id 369076; Sun, 17 Jul 2022 13:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oD4Dk-0002IU-73 for xen-changelog@lists.xenproject.org; Sun, 17 Jul 2022 13:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oD4Dk-000655-48 for xen-changelog@lists.xenproject.org; Sun, 17 Jul 2022 13:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oD4Dk-00013T-3F for xen-changelog@lists.xenproject.org; Sun, 17 Jul 2022 13:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CVfqXpqpFv7GTyPDoysxgxm+EuZrf0Bjpn4srit5dgY=; b=r2QtKk472bzA2A4GD1gbJdyQ+Q IjspmtVkyX1qCZKk5Vg9nk1Ggd3FZiX9nK4yUW9ha3zBmabNYSldM6z/wKq/Cb3/5cZWeEQungpEO JRFIGx9NG7CrAkxvwrbLV+lB+T3z4pSQwNLIuC5SWEjj1FqjBNIhmriMYxhSNT+lpeqI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Revert "xen/arm: mm: Add more ASSERT() in {destroy, modify}_xen_mappings()" Message-Id: Date: Sun, 17 Jul 2022 13:22:04 +0000 commit a5fb66f4513c2c2d222dcc3753163b15690bd003 Author: Julien Grall AuthorDate: Sun Jul 17 14:11:27 2022 +0100 Commit: Julien Grall CommitDate: Sun Jul 17 14:11:27 2022 +0100 Revert "xen/arm: mm: Add more ASSERT() in {destroy, modify}_xen_mappings()" This reverts commit 9b962e618313109882b6ca78cf1e09f43c9d6e62. This was committed by mistake (lack an x86 ack). --- xen/arch/arm/mm.c | 10 +++------- xen/include/xen/mm.h | 2 +- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 9a2a29abe2..009b8cd9ef 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1368,18 +1368,14 @@ int populate_pt_range(unsigned long virt, unsigned long nr_mfns) return xen_pt_update(virt, INVALID_MFN, nr_mfns, _PAGE_POPULATE); } -int destroy_xen_mappings(unsigned long s, unsigned long e) +int destroy_xen_mappings(unsigned long v, unsigned long e) { - ASSERT(IS_ALIGNED(s, PAGE_SIZE)); - ASSERT(IS_ALIGNED(e, PAGE_SIZE)); - ASSERT(s <= e); - return xen_pt_update(s, INVALID_MFN, (e - s) >> PAGE_SHIFT, 0); + ASSERT(v <= e); + return xen_pt_update(v, INVALID_MFN, (e - v) >> PAGE_SHIFT, 0); } int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int flags) { - ASSERT(IS_ALIGNED(s, PAGE_SIZE)); - ASSERT(IS_ALIGNED(e, PAGE_SIZE)); ASSERT(s <= e); return xen_pt_update(s, INVALID_MFN, (e - s) >> PAGE_SHIFT, flags); } diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 6dee421bb8..3be754da92 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -101,7 +101,7 @@ int map_pages_to_xen( unsigned int flags); /* Alter the permissions of a range of Xen virtual address space. */ int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int flags); -int destroy_xen_mappings(unsigned long s, unsigned long e); +int destroy_xen_mappings(unsigned long v, unsigned long e); /* Retrieve the MFN mapped by VA in Xen virtual address space. */ mfn_t xen_map_to_mfn(unsigned long va); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 02:00:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 02:00:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369204.600502 (Exim 4.92) (envelope-from ) id 1oDG3I-0008Hq-16; Mon, 18 Jul 2022 02:00:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369204.600502; Mon, 18 Jul 2022 02:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDG3H-0008HU-SS; Mon, 18 Jul 2022 02:00:03 +0000 Received: by outflank-mailman (input) for mailman id 369204; Mon, 18 Jul 2022 02:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDG3G-00085V-JU for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 02:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDG3G-0001ki-CR for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 02:00:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDG3G-0008J3-B9 for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 02:00:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AnUEPUO2rykT9KquLA7j1vkp3QTbp49fTAkecCG1PR0=; b=upNpr0rBgTkHV7waQh2E328EXM 7g4AaasqVwPZ1AB++XRnQCVYGj1T8XEOVIZLrDhRaIXHHmsQS7lMKgCuYkVIr7adqoWvlcGIgvYJ9 0BVkRyAb4hvsE0Q0dvLcU53pvqJJZM3LLAMgCilE+Wsuauk9QxQPJahxzh+RKWEZBuwg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm32: head.S: Introduce a macro to load the physical address of a symbol Message-Id: Date: Mon, 18 Jul 2022 02:00:02 +0000 commit d07358f2dccd7efb3f113314c9dda17db194a996 Author: Julien Grall AuthorDate: Sat Jul 16 15:33:47 2022 +0100 Commit: Julien Grall CommitDate: Sun Jul 17 14:10:08 2022 +0100 xen/arm32: head.S: Introduce a macro to load the physical address of a symbol A lot of places in the ARM32 assembly requires to load the physical address of a symbol. Rather than open-coding the translation, introduce a new macro that will load the phyiscal address of a symbol. Lastly, use the new macro to replace all the current open-coded version. Note that most of the comments associated to the code changed have been removed because the code is now self-explanatory. Signed-off-by: Julien Grall Reviewed-by: Michal Orzel Reviewed-by: Bertrand Marquis --- xen/arch/arm/arm32/head.S | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/arm32/head.S b/xen/arch/arm/arm32/head.S index c837d3054c..77f0a619ca 100644 --- a/xen/arch/arm/arm32/head.S +++ b/xen/arch/arm/arm32/head.S @@ -65,6 +65,11 @@ .endif .endm +.macro load_paddr rb, sym + ldr \rb, =\sym + add \rb, \rb, r10 +.endm + /* * Common register usage in this file: * r0 - @@ -157,8 +162,7 @@ past_zImage: /* Using the DTB in the .dtb section? */ .ifnes CONFIG_DTB_FILE,"" - ldr r8, =_sdtb - add r8, r10 /* r8 := paddr(DTB) */ + load_paddr r8, _stdb .endif /* Initialize the UART if earlyprintk has been enabled. */ @@ -208,8 +212,7 @@ GLOBAL(init_secondary) mrc CP32(r1, MPIDR) bic r7, r1, #(~MPIDR_HWID_MASK) /* Mask out flags to get CPU ID */ - ldr r0, =smp_up_cpu - add r0, r0, r10 /* Apply physical offset */ + load_paddr r0, smp_up_cpu dsb 2: ldr r1, [r0] cmp r1, r7 @@ -376,8 +379,7 @@ ENDPROC(cpu_init) and r1, r1, r2 /* r1 := slot in \tlb */ lsl r1, r1, #3 /* r1 := slot offset in \tlb */ - ldr r4, =\tbl - add r4, r4, r10 /* r4 := paddr(\tlb) */ + load_paddr r4, \tbl movw r2, #PT_PT /* r2:r3 := right for linear PT */ orr r2, r2, r4 /* + \tlb paddr */ @@ -536,8 +538,7 @@ enable_mmu: dsb nsh /* Write Xen's PT's paddr into the HTTBR */ - ldr r0, =boot_pgtable - add r0, r0, r10 /* r0 := paddr (boot_pagetable) */ + load_paddr r0, boot_pgtable mov r1, #0 /* r0:r1 is paddr (boot_pagetable) */ mcrr CP64(r0, r1, HTTBR) isb @@ -782,10 +783,8 @@ ENTRY(lookup_processor_type) */ __lookup_processor_type: mrc CP32(r0, MIDR) /* r0 := our cpu id */ - ldr r1, = __proc_info_start - add r1, r1, r10 /* r1 := paddr of table (start) */ - ldr r2, = __proc_info_end - add r2, r2, r10 /* r2 := paddr of table (end) */ + load_paddr r1, __proc_info_start + load_paddr r2, __proc_info_end 1: ldr r3, [r1, #PROCINFO_cpu_mask] and r4, r0, r3 /* r4 := our cpu id with mask */ ldr r3, [r1, #PROCINFO_cpu_val] /* r3 := cpu val in current proc info */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 02:00:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 02:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369205.600508 (Exim 4.92) (envelope-from ) id 1oDG3R-0000gE-20; Mon, 18 Jul 2022 02:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369205.600508; Mon, 18 Jul 2022 02:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDG3Q-0000g6-Ug; Mon, 18 Jul 2022 02:00:12 +0000 Received: by outflank-mailman (input) for mailman id 369205; Mon, 18 Jul 2022 02:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDG3Q-0000fy-Gg for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 02:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDG3Q-0001wN-Fj for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 02:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDG3Q-0008KA-Ev for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 02:00:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ddqLQ7penIOrr8zOT15SyH8x2KSWAsoq69/3EBl/Ed4=; b=cF2FRABm3XlMfaUpqRvm0KvRM7 wZ7JbRx75J+h3fSktSLe2hbGczZKVPOzFh8rh7qNeaFOCn21PbW75lN1FkjLMb1yV6/0rJlxKDunN 2rxkBnSWlMvaNoXVH/xgxo+IsFTnsFcuzURCsv2MJ26Llnkun/Dn7lwHfOzSfIbQ/Ygo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: head: Add missing isb after writing to SCTLR_EL2/HSCTLR Message-Id: Date: Mon, 18 Jul 2022 02:00:12 +0000 commit 25424d1a6b7b7e875230aba77c2f044a4883e49a Author: Julien Grall AuthorDate: Sat Jul 16 15:34:07 2022 +0100 Commit: Julien Grall CommitDate: Sun Jul 17 14:10:08 2022 +0100 xen/arm: head: Add missing isb after writing to SCTLR_EL2/HSCTLR Write to SCTLR_EL2/HSCTLR may not be visible until the next context synchronization. When initializing the CPU, we want the update to take effect right now. So add an isb afterwards. Spec references: - AArch64: D13.1.2 ARM DDI 0406C.d - AArch32 v8: G8.1.2 ARM DDI 0406C.d - AArch32 v7: B5.6.3 ARM DDI 0406C.d Signed-off-by: Julien Grall Reviewed-by: Michal Orzel Reviewed-by: Bertrand Marquis --- xen/arch/arm/arm32/head.S | 1 + xen/arch/arm/arm64/head.S | 1 + 2 files changed, 2 insertions(+) diff --git a/xen/arch/arm/arm32/head.S b/xen/arch/arm/arm32/head.S index 77f0a619ca..98ccf18b51 100644 --- a/xen/arch/arm/arm32/head.S +++ b/xen/arch/arm/arm32/head.S @@ -353,6 +353,7 @@ cpu_init_done: ldr r0, =HSCTLR_SET mcr CP32(r0, HSCTLR) + isb mov pc, r5 /* Return address is in r5 */ ENDPROC(cpu_init) diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S index 109ae7de0c..1babcc65d7 100644 --- a/xen/arch/arm/arm64/head.S +++ b/xen/arch/arm/arm64/head.S @@ -486,6 +486,7 @@ cpu_init: ldr x0, =SCTLR_EL2_SET msr SCTLR_EL2, x0 + isb /* * Ensure that any exceptions encountered at EL2 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 02:00:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 02:00:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369206.600510 (Exim 4.92) (envelope-from ) id 1oDG3b-0000iw-2c; Mon, 18 Jul 2022 02:00:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369206.600510; Mon, 18 Jul 2022 02:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDG3a-0000iq-W9; Mon, 18 Jul 2022 02:00:22 +0000 Received: by outflank-mailman (input) for mailman id 369206; Mon, 18 Jul 2022 02:00:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDG3a-0000ih-K5 for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 02:00:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDG3a-0001wj-J8 for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 02:00:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDG3a-0008Kd-IH for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 02:00:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uiwU2UCMbQbh6BB05X2yY0oqrwMzGQDJZv/MQFNRpz8=; b=1kf01o9Hfk2ovYekMA2UwkveQI tpWYEZwOP3aYyTeQHCX/X8ojJ1CSnk+4EaFxBWmDp7ZTVLk3+NCain1PBENiIqMPxTLj5dX1kfC4r x6lywb6Wt6LVEPYxhUr1yNEkSMc4q8fAtaUEXB+SftMGchdARisWyAkpRmMOLurF6CzA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: mm: Add more ASSERT() in {destroy, modify}_xen_mappings() Message-Id: Date: Mon, 18 Jul 2022 02:00:22 +0000 commit 9b962e618313109882b6ca78cf1e09f43c9d6e62 Author: Julien Grall AuthorDate: Sat Jul 16 15:37:57 2022 +0100 Commit: Julien Grall CommitDate: Sun Jul 17 14:10:08 2022 +0100 xen/arm: mm: Add more ASSERT() in {destroy, modify}_xen_mappings() Both destroy_xen_mappings() and modify_xen_mappings() will take in parameter a range [start, end[. Both end should be page aligned. Add extra ASSERT() to ensure start and end are page aligned. Take the opportunity to rename 'v' to 's' to be consistent with the other helper. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis ---- Changes in v2: - Also modify prototype. Note that on x86, the first parameter was not matching in the declaration and prototype. - Add Bertrand's reviewed-by --- xen/arch/arm/mm.c | 10 +++++++--- xen/include/xen/mm.h | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 009b8cd9ef..9a2a29abe2 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1368,14 +1368,18 @@ int populate_pt_range(unsigned long virt, unsigned long nr_mfns) return xen_pt_update(virt, INVALID_MFN, nr_mfns, _PAGE_POPULATE); } -int destroy_xen_mappings(unsigned long v, unsigned long e) +int destroy_xen_mappings(unsigned long s, unsigned long e) { - ASSERT(v <= e); - return xen_pt_update(v, INVALID_MFN, (e - v) >> PAGE_SHIFT, 0); + ASSERT(IS_ALIGNED(s, PAGE_SIZE)); + ASSERT(IS_ALIGNED(e, PAGE_SIZE)); + ASSERT(s <= e); + return xen_pt_update(s, INVALID_MFN, (e - s) >> PAGE_SHIFT, 0); } int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int flags) { + ASSERT(IS_ALIGNED(s, PAGE_SIZE)); + ASSERT(IS_ALIGNED(e, PAGE_SIZE)); ASSERT(s <= e); return xen_pt_update(s, INVALID_MFN, (e - s) >> PAGE_SHIFT, flags); } diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 3be754da92..6dee421bb8 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -101,7 +101,7 @@ int map_pages_to_xen( unsigned int flags); /* Alter the permissions of a range of Xen virtual address space. */ int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int flags); -int destroy_xen_mappings(unsigned long v, unsigned long e); +int destroy_xen_mappings(unsigned long s, unsigned long e); /* Retrieve the MFN mapped by VA in Xen virtual address space. */ mfn_t xen_map_to_mfn(unsigned long va); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 02:00:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 02:00:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369207.600514 (Exim 4.92) (envelope-from ) id 1oDG3l-0000mb-5a; Mon, 18 Jul 2022 02:00:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369207.600514; Mon, 18 Jul 2022 02:00:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDG3l-0000mT-2q; Mon, 18 Jul 2022 02:00:33 +0000 Received: by outflank-mailman (input) for mailman id 369207; Mon, 18 Jul 2022 02:00:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDG3k-0000mN-N0 for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 02:00:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDG3k-0001yQ-M5 for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 02:00:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDG3k-0008L5-LP for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 02:00:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=k7yHgtkM+dXWSTRoLnENVEvvfR8OmEIYhuHlh/82CtM=; b=5Jdwl/H+d6OOGcsJQABfcJGuaY /dyVf3H8JbzI0ZsQ0iZ+cl/AQ7n+9rE53CAfO5dG6mBGrnLWxk3Cxt2BUxTblfAdj4NMD21ZzarTz rGdGfn7NIoJvgNCL2ajI61yVxCFMjEA/1Tg0JODl03tVeQ4UghugTeHSQhEESbF37FkA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] Revert "xen/arm: mm: Add more ASSERT() in {destroy, modify}_xen_mappings()" Message-Id: Date: Mon, 18 Jul 2022 02:00:32 +0000 commit a5fb66f4513c2c2d222dcc3753163b15690bd003 Author: Julien Grall AuthorDate: Sun Jul 17 14:11:27 2022 +0100 Commit: Julien Grall CommitDate: Sun Jul 17 14:11:27 2022 +0100 Revert "xen/arm: mm: Add more ASSERT() in {destroy, modify}_xen_mappings()" This reverts commit 9b962e618313109882b6ca78cf1e09f43c9d6e62. This was committed by mistake (lack an x86 ack). --- xen/arch/arm/mm.c | 10 +++------- xen/include/xen/mm.h | 2 +- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 9a2a29abe2..009b8cd9ef 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1368,18 +1368,14 @@ int populate_pt_range(unsigned long virt, unsigned long nr_mfns) return xen_pt_update(virt, INVALID_MFN, nr_mfns, _PAGE_POPULATE); } -int destroy_xen_mappings(unsigned long s, unsigned long e) +int destroy_xen_mappings(unsigned long v, unsigned long e) { - ASSERT(IS_ALIGNED(s, PAGE_SIZE)); - ASSERT(IS_ALIGNED(e, PAGE_SIZE)); - ASSERT(s <= e); - return xen_pt_update(s, INVALID_MFN, (e - s) >> PAGE_SHIFT, 0); + ASSERT(v <= e); + return xen_pt_update(v, INVALID_MFN, (e - v) >> PAGE_SHIFT, 0); } int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int flags) { - ASSERT(IS_ALIGNED(s, PAGE_SIZE)); - ASSERT(IS_ALIGNED(e, PAGE_SIZE)); ASSERT(s <= e); return xen_pt_update(s, INVALID_MFN, (e - s) >> PAGE_SHIFT, flags); } diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 6dee421bb8..3be754da92 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -101,7 +101,7 @@ int map_pages_to_xen( unsigned int flags); /* Alter the permissions of a range of Xen virtual address space. */ int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int flags); -int destroy_xen_mappings(unsigned long s, unsigned long e); +int destroy_xen_mappings(unsigned long v, unsigned long e); /* Retrieve the MFN mapped by VA in Xen virtual address space. */ mfn_t xen_map_to_mfn(unsigned long va); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 14:44:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 14:44:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369877.601446 (Exim 4.92) (envelope-from ) id 1oDRyg-0005p8-Lj; Mon, 18 Jul 2022 14:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369877.601446; Mon, 18 Jul 2022 14:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDRyg-0005p0-IQ; Mon, 18 Jul 2022 14:44:06 +0000 Received: by outflank-mailman (input) for mailman id 369877; Mon, 18 Jul 2022 14:44:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDRyf-0005ou-Bw for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 14:44:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDRyf-0000QX-8R for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 14:44:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDRyf-0005pR-7Y for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 14:44:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QhYBCXjjcud5TuT3jjMRyVlwUq6+j9ECsNU2ubNI3bk=; b=eJdJpxTF8OuJkC0QDwSjEykexQ EvS1RJlioZdXOScmjXu8aL+hTyEvZsWR7QrbYqFXcfgmCcMyRIamkDvNfPTvOzBz5uH42Aw3KR2Ba U+MoCUqqsOXYTlfr28/5TBPbZP7u74flvPlPgw93JV44BjzN8vivhw5zWnhXQhZmHy3I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: Fix check-endbr.sh with mawk Message-Id: Date: Mon, 18 Jul 2022 14:44:05 +0000 commit b2ebe879a44428957e147be52e8bf5227e36e723 Author: Anthony PERARD AuthorDate: Thu Jul 14 15:39:06 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 18 15:31:18 2022 +0100 xen: Fix check-endbr.sh with mawk check-endbr.sh works with gawk, but fails with mawk. The produced $ALL file is smaller as it is missing 0x$vma_lo on every line. With mawk, int(0x2A) just produces 0, instead of the expected value. The use of hexadecimal-constant in awk is an optional part of the posix spec, and mawk doesn't seems to implemented. There is a way to convert an hexadecimal to a number be putting it in a string, and awk as I understand is supposed to use strtod() to convert the string to a number when needed. The expression 'int("0x15") + 21' would produce the expected value in `mawk` but now `gawk` won't convert the string to a number unless we use the option "--non-decimal-data". So let's convert the hexadecimal number before using it in the awk script. The shell as no issue with dealing with hexadecimal-constant so we'll simply use the expression "$(( 0x15 ))" to convert the value before using it in awk. Note: This does introduce a latent portability bug, which fixed in a separate change to avoid mixing complexity/explanations. Fixes: 4d037425dc ("x86: Build check for embedded endbr64 instructions") Resolves: xen-project/xen#26 Reported-by: Luca Fancellu Reported-by: Mathieu Tarral Signed-off-by: Anthony PERARD Reviewed-by: Bertrand Marquis Reviewed-by: Andrew Cooper --- xen/tools/check-endbr.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/xen/tools/check-endbr.sh b/xen/tools/check-endbr.sh index f633846b0f..b3febd6a4c 100755 --- a/xen/tools/check-endbr.sh +++ b/xen/tools/check-endbr.sh @@ -64,6 +64,11 @@ ${OBJDUMP} -j .text $1 -d -w | grep ' endbr64 *$' | cut -f 1 -d ':' > $VALID & # split the VMA in half so AWK's numeric addition is only working on 32 bit # numbers, which don't lose precision. # +# 4) MAWK doesn't support plain hex constants (an optional part of the POSIX +# spec), and GAWK and MAWK can't agree on how to work with hex constants in +# a string. Use the shell to convert $vma_lo to decimal before passing to +# AWK. +# eval $(${OBJDUMP} -j .text $1 -h | $AWK '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}') @@ -79,7 +84,7 @@ then else grep -aob -e "$(printf '\363\17\36\372')" -e "$(printf '\363\17\36\373')" \ -e "$(printf '\146\17\37\1')" $TEXT_BIN -fi | $AWK -F':' '{printf "%s%x\n", "'$vma_hi'", int(0x'$vma_lo') + $1}' > $ALL +fi | $AWK -F':' '{printf "%s%x\n", "'$vma_hi'", int('$((0x$vma_lo))') + $1}' > $ALL # Wait for $VALID to become complete wait -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 14:44:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 14:44:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369878.601449 (Exim 4.92) (envelope-from ) id 1oDRyq-0005r1-Ml; Mon, 18 Jul 2022 14:44:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369878.601449; Mon, 18 Jul 2022 14:44:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDRyq-0005qt-K2; Mon, 18 Jul 2022 14:44:16 +0000 Received: by outflank-mailman (input) for mailman id 369878; Mon, 18 Jul 2022 14:44:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDRyp-0005qn-CX for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 14:44:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDRyp-0000Qe-Bk for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 14:44:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDRyp-0005pv-Ak for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 14:44:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Bw0XeV+r6agL3V4gQu6zZ4imIXPFyCg3Hda5GuGvQfc=; b=luVCK3JxRlqYhYyL8zASt3OO9N 1oSYsEGjTGFBPrw/canbUP5Tlm6rHMDCJbicjszpnuOl0fLgZHhkWJSk6Fm5laIK6wO3/c/shjc+H sLI18ALEq+wYZAVhUQeluLdApx7URHKf0uYL7hkdD/hqkM6w39gHHO7Q0fmnQ2cmCWk8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: Fix latent check-endbr.sh bug with 32bit build environments Message-Id: Date: Mon, 18 Jul 2022 14:44:15 +0000 commit 0af91dc0326cba12795e0b8fa8f665776e2a9e13 Author: Andrew Cooper AuthorDate: Fri Jul 15 12:53:09 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 18 15:32:27 2022 +0100 xen: Fix latent check-endbr.sh bug with 32bit build environments While Xen's current VMA means it works, the mawk fix (i.e. using $((0xN)) in the shell) isn't portable in 32bit shells. See the code comment for the fix. The fix found a second latent bug. Recombining $vma_hi/lo should have used printf "%s%08x" and only worked previously because $vma_lo had bits set in it's top nibble. Combining with the main fix, %08x becomes %07x. Fixes: b2ebe879a444 ("xen: Fix check-endbr.sh with mawk") Reported-by: Jan Beulich Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/tools/check-endbr.sh | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/xen/tools/check-endbr.sh b/xen/tools/check-endbr.sh index b3febd6a4c..b97684ac25 100755 --- a/xen/tools/check-endbr.sh +++ b/xen/tools/check-endbr.sh @@ -61,19 +61,36 @@ ${OBJDUMP} -j .text $1 -d -w | grep ' endbr64 *$' | cut -f 1 -d ':' > $VALID & # the lower bits, rounding integers to the nearest 4k. # # Instead, use the fact that Xen's .text is within a 1G aligned region, and -# split the VMA in half so AWK's numeric addition is only working on 32 bit -# numbers, which don't lose precision. +# split the VMA so AWK's numeric addition is only working on <32 bit +# numbers, which don't lose precision. (See point 5) # # 4) MAWK doesn't support plain hex constants (an optional part of the POSIX # spec), and GAWK and MAWK can't agree on how to work with hex constants in # a string. Use the shell to convert $vma_lo to decimal before passing to # AWK. # +# 5) Point 4 isn't fully portable. POSIX only requires that $((0xN)) be +# evaluated as long, which in 32bit shells turns negative if bit 31 of the +# VMA is set. AWK then interprets this negative number as a double before +# adding the offsets from the binary grep. +# +# Instead of doing an 8/8 split with vma_hi/lo, do a 9/7 split. +# +# The consequence of this is that for all offsets, $vma_lo + offset needs +# to be less that 256M (i.e. 7 nibbles) so as to be successfully recombined +# with the 9 nibbles of $vma_hi. This is fine; .text is at the start of a +# 1G aligned region, and Xen is far far smaller than 256M, but leave safety +# check nevertheless. +# eval $(${OBJDUMP} -j .text $1 -h | - $AWK '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}') + $AWK '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 9), substr($4, 10, 16)}') ${OBJCOPY} -j .text $1 -O binary $TEXT_BIN +bin_sz=$(stat -c '%s' $TEXT_BIN) +[ "$bin_sz" -ge $(((1 << 28) - $vma_lo)) ] && + { echo "$MSG_PFX Error: .text offsets must not exceed 256M" >&2; exit 1; } + # instruction: hex: oct: # endbr64 f3 0f 1e fa 363 017 036 372 # endbr32 f3 0f 1e fb 363 017 036 373 @@ -84,7 +101,7 @@ then else grep -aob -e "$(printf '\363\17\36\372')" -e "$(printf '\363\17\36\373')" \ -e "$(printf '\146\17\37\1')" $TEXT_BIN -fi | $AWK -F':' '{printf "%s%x\n", "'$vma_hi'", int('$((0x$vma_lo))') + $1}' > $ALL +fi | $AWK -F':' '{printf "%s%07x\n", "'$vma_hi'", int('$((0x$vma_lo))') + $1}' > $ALL # Wait for $VALID to become complete wait -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 15:22:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 15:22:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369901.601475 (Exim 4.92) (envelope-from ) id 1oDSZR-0002li-S8; Mon, 18 Jul 2022 15:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369901.601475; Mon, 18 Jul 2022 15:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDSZR-0002la-PK; Mon, 18 Jul 2022 15:22:05 +0000 Received: by outflank-mailman (input) for mailman id 369901; Mon, 18 Jul 2022 15:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDSZQ-0002lU-2U for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDSZP-00017M-W1 for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:22:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDSZP-0007kX-V7 for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:22:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+xYFz6Zw965uJJ2ycOd848xVr04DJqHcrb8aig40QOs=; b=ho2gvn65U6CKOMnidUx9ReZ8E5 bRM4BmsTKg1TglTPkKXYnR8AnwJyzE+0A9dhTq1JItAaAThsyU60Lmv/Ta9TYLa/bo3rpNB6BIH0G 1GC+xCCBM3ctd4vsAGB6wVHS86bq6B9Es4THa/2HsTUhytVYlHtFlXkyHpNZ2xTjhiv4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/wait: Drop vestigial remnants of TRAP_regs_partial Message-Id: Date: Mon, 18 Jul 2022 15:22:03 +0000 commit 7a105f7c76db2f8f457bb790271e01f75641bf05 Author: Andrew Cooper AuthorDate: Fri Jul 15 13:39:29 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 18 15:55:53 2022 +0100 xen/wait: Drop vestigial remnants of TRAP_regs_partial The preservation of entry_vector was introduced with ecf9846a6a20 ("x86: save/restore only partial register state where possible") where TRAP_regs_partial was introduced, but missed from f9eb74789af7 ("x86/entry: Remove support for partial cpu_user_regs frames") where TRAP_regs_partial was removed. Fixes: f9eb74789af7 ("x86/entry: Remove support for partial cpu_user_regs frames") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/common/wait.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen/common/wait.c b/xen/common/wait.c index 9276d76464..3ebb884fe7 100644 --- a/xen/common/wait.c +++ b/xen/common/wait.c @@ -124,7 +124,6 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) struct cpu_info *cpu_info = get_cpu_info(); struct vcpu *curr = current; unsigned long dummy; - u32 entry_vector = cpu_info->guest_cpu_user_regs.entry_vector; ASSERT(wqv->esp == 0); @@ -169,8 +168,6 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) for ( ; ; ) do_softirq(); } - - cpu_info->guest_cpu_user_regs.entry_vector = entry_vector; } static void __finish_wait(struct waitqueue_vcpu *wqv) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 15:22:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 15:22:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369902.601478 (Exim 4.92) (envelope-from ) id 1oDSZb-0002nT-TZ; Mon, 18 Jul 2022 15:22:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369902.601478; Mon, 18 Jul 2022 15:22:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDSZb-0002nM-R1; Mon, 18 Jul 2022 15:22:15 +0000 Received: by outflank-mailman (input) for mailman id 369902; Mon, 18 Jul 2022 15:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDSZa-0002nC-4L for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDSZa-00017X-3P for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDSZa-0007l0-1s for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AAOhomASKU3aYAWdD/RbLy6nExb8WK4n+SpoBy0E0H4=; b=Lssz7ysIgwZZAWH0X85Asy5RYk VNvcnZ9i9C1e4d5f2DDVe51pZFEb2UhP5XsuurBiL/KLkB/cG1SXVrvILuMuHnxv1YlbVkDXke2Yi od3M7TME9pUUNh3RMYc9kKCU0EAYuyDnBwZX5Ssz9NufIgFlqtQ1WjzZS3fuMb2bWvJU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/wait: Extend the description of how this logic actually works Message-Id: Date: Mon, 18 Jul 2022 15:22:14 +0000 commit d93a8c481c596ab4f86a3e56983b136cd1a5d58d Author: Andrew Cooper AuthorDate: Fri Jul 15 14:16:12 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 18 15:55:53 2022 +0100 xen/wait: Extend the description of how this logic actually works Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/common/wait.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/xen/common/wait.c b/xen/common/wait.c index 3ebb884fe7..1f0285ac30 100644 --- a/xen/common/wait.c +++ b/xen/common/wait.c @@ -137,7 +137,19 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) do_softirq(); } - /* Hand-rolled setjmp(). */ + /* + * Hand-rolled setjmp(). + * + * __prepare_to_wait() is the leaf of a deep calltree. Preserve the GPRs, + * bounds check what we want to stash in wqv->stack, copy the active stack + * (up to cpu_info) into wqv->stack, then return normally. Our caller + * will shortly schedule() and discard the current context. + * + * The copy out is performed with a rep movsb. When + * check_wakeup_from_wait() longjmp()'s back into us, %rsp is pre-adjusted + * to be suitable and %rsi/%rdi are swapped, so the rep movsb instead + * copies in from wqv->stack over the active stack. + */ asm volatile ( "push %%rax; push %%rbx; push %%rdx; push %%rbp;" "push %%r8; push %%r9; push %%r10; push %%r11;" @@ -199,9 +211,17 @@ void check_wakeup_from_wait(void) } /* - * Hand-rolled longjmp(). Returns to __prepare_to_wait(), and lands on a - * `rep movs` instruction. All other GPRs are restored from the stack, so - * are available for use here. + * Hand-rolled longjmp(). + * + * check_wakeup_from_wait() is always called with a shallow stack, + * immediately after the vCPU has been rescheduled. + * + * Adjust %rsp to be the correct depth for the (deeper) stack we want to + * restore, then prepare %rsi, %rdi and %rcx such that when we rejoin the + * rep movs in __prepare_to_wait(), it copies from wqv->stack over the + * active stack. + * + * All other GPRs are available for use; they're restored from the stack. */ asm volatile ( "mov %1,%%"__OP"sp; jmp .L_wq_resume;" -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 15:22:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 15:22:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369903.601483 (Exim 4.92) (envelope-from ) id 1oDSZl-0002qJ-Vb; Mon, 18 Jul 2022 15:22:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369903.601483; Mon, 18 Jul 2022 15:22:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDSZl-0002qB-SV; Mon, 18 Jul 2022 15:22:25 +0000 Received: by outflank-mailman (input) for mailman id 369903; Mon, 18 Jul 2022 15:22:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDSZk-0002pz-7D for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:22:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDSZk-00017h-6H for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:22:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDSZk-0007lk-5X for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:22:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=D/6nv+drugFIU9fB6F6mC9c3hHsMceQqbtLHrukOpBI=; b=h76xZ8YkFy0fNo2g2+tT6PbUdW Y4iVNZ1wGbjNm5WRe3OEgyAfdi0k26fPC8TdViofa5IFJ4+cXKKs8S3/9sqtDjc7LueM72FBG5U0y IMuC+r5V96h9kqzb2dRglnokROhelMWq/Rr9Z8N3fDqv7c65ygJTB8khUpA/netGLZxg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/wait: Minor asm improvements Message-Id: Date: Mon, 18 Jul 2022 15:22:24 +0000 commit 660d69cd5a3714777252d7b804f82e8b7a8a8313 Author: Andrew Cooper AuthorDate: Fri Jul 15 12:27:08 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 18 15:55:53 2022 +0100 xen/wait: Minor asm improvements There is no point preserving all registers. Instead, preserve an arbitrary 6 registers, and list the rest as clobbered. This does not alter the register scheduling at all, but does reduce the amount of state needing saving. Use a named parameter for page size, instead of needing to parse which is parameter 3. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/common/wait.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/xen/common/wait.c b/xen/common/wait.c index 1f0285ac30..e45345ede7 100644 --- a/xen/common/wait.c +++ b/xen/common/wait.c @@ -151,13 +151,12 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) * copies in from wqv->stack over the active stack. */ asm volatile ( - "push %%rax; push %%rbx; push %%rdx; push %%rbp;" - "push %%r8; push %%r9; push %%r10; push %%r11;" - "push %%r12; push %%r13; push %%r14; push %%r15;" + "push %%rbx; push %%rbp; push %%r12;" + "push %%r13; push %%r14; push %%r15;" "sub %%esp,%%ecx;" - "cmp %3,%%ecx;" - "ja .L_skip;" + "cmp %[sz], %%ecx;" + "ja .L_skip;" /* Bail if >4k */ "mov %%rsp,%%rsi;" /* check_wakeup_from_wait() longjmp()'s to this point. */ @@ -165,12 +164,12 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) "mov %%rsp,%%rsi;" ".L_skip:" - "pop %%r15; pop %%r14; pop %%r13; pop %%r12;" - "pop %%r11; pop %%r10; pop %%r9; pop %%r8;" - "pop %%rbp; pop %%rdx; pop %%rbx; pop %%rax" + "pop %%r15; pop %%r14; pop %%r13;" + "pop %%r12; pop %%rbp; pop %%rbx" : "=&S" (wqv->esp), "=&c" (dummy), "=&D" (dummy) - : "i" (PAGE_SIZE), "0" (0), "1" (cpu_info), "2" (wqv->stack) - : "memory" ); + : "0" (0), "1" (cpu_info), "2" (wqv->stack), + [sz] "i" (PAGE_SIZE) + : "memory", "rax", "rdx", "r8", "r9", "r10", "r11" ); if ( unlikely(wqv->esp == 0) ) { @@ -221,13 +220,15 @@ void check_wakeup_from_wait(void) * rep movs in __prepare_to_wait(), it copies from wqv->stack over the * active stack. * - * All other GPRs are available for use; they're restored from the stack. + * All other GPRs are available for use; They're restored from the stack, + * or explicitly clobbered. */ - asm volatile ( - "mov %1,%%"__OP"sp; jmp .L_wq_resume;" - : : "S" (wqv->stack), "D" (wqv->esp), - "c" ((char *)get_cpu_info() - (char *)wqv->esp) - : "memory" ); + asm volatile ( "mov %%rdi, %%rsp;" + "jmp .L_wq_resume" + : + : "S" (wqv->stack), "D" (wqv->esp), + "c" ((char *)get_cpu_info() - (char *)wqv->esp) + : "memory" ); unreachable(); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 15:55:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 15:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369904.601487 (Exim 4.92) (envelope-from ) id 1oDT5O-00060z-7g; Mon, 18 Jul 2022 15:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369904.601487; Mon, 18 Jul 2022 15:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT5O-00060r-4t; Mon, 18 Jul 2022 15:55:06 +0000 Received: by outflank-mailman (input) for mailman id 369904; Mon, 18 Jul 2022 15:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT5M-00060l-Ad for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT5M-0001eB-6u for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDT5M-0000yQ-4W for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QxLE7eM2AFlC76Wr07WQgV3ffd8Yw6dXKK/aNhKkZWo=; b=t8pbhU5s0sKGlO/+9qxLrDGrly 6zco67+ljoUluOVW+8XP+0DE4AdP0u/pZ3Nb/O2sSrllHBK4T51GSfg4CvDMjpSZ8CYp305pGSqV2 Gx9RyFxgyZ2d8k8Ct/UDm1PTK22QdU6xvucHurOB3uFVbbyx1kvo66c/YICAEfnWt/7A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/xenstore: add documentation for new set/get-feature commands Message-Id: Date: Mon, 18 Jul 2022 15:55:04 +0000 commit 1a564e4b3b4fcb9a49fa09ade689ba38c0a890e8 Author: Juergen Gross AuthorDate: Mon Jul 18 17:46:47 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 18 17:46:47 2022 +0200 tools/xenstore: add documentation for new set/get-feature commands Add documentation for two new Xenstore wire commands SET_FEATURE and GET_FEATURE used to set or query the Xenstore features visible in the ring page of a given domain. Signed-off-by: Juergen Gross Reviewed-by: Luca Fancellu --- docs/misc/xenstore-ring.txt | 1 + docs/misc/xenstore.txt | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/docs/misc/xenstore-ring.txt b/docs/misc/xenstore-ring.txt index 2792d13530..fe06af32fe 100644 --- a/docs/misc/xenstore-ring.txt +++ b/docs/misc/xenstore-ring.txt @@ -69,6 +69,7 @@ Bit Description ----------------------------------------------------------------- 0 Ring reconnection (see the ring reconnection feature below) 1 Connection error indicator (see connection error feature below) +2 GET_FEATURE and SET_FEATURE Xenstore wire commands are available The "Connection state" field is used to request a ring close and reconnect. The "Connection state" field only contains valid data if the server has diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt index 334dc8b6fd..5f4c5c6a55 100644 --- a/docs/misc/xenstore.txt +++ b/docs/misc/xenstore.txt @@ -320,6 +320,18 @@ SET_TARGET || xenstored prevents the use of SET_TARGET other than by dom0. +GET_FEATURE | | +SET_FEATURE || + Returns or sets the contents of the "feature" field located at + offset 2064 of the Xenstore ring page of the domain specified by + . is a decimal number being a logical or of the + feature bits as defined in docs/misc/xenstore-ring.txt. Trying + to set a bit for a feature not being supported by the running + Xenstore will be denied. + + xenstored prevents the use of GET_FEATURE and SET_FEATURE other + than by dom0. + ---------- Miscellaneous ---------- CONTROL |[|] -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 15:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 15:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369905.601490 (Exim 4.92) (envelope-from ) id 1oDT5Y-00062t-94; Mon, 18 Jul 2022 15:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369905.601490; Mon, 18 Jul 2022 15:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT5Y-00062l-6K; Mon, 18 Jul 2022 15:55:16 +0000 Received: by outflank-mailman (input) for mailman id 369905; Mon, 18 Jul 2022 15:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT5W-00062V-Be for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT5W-0001eF-Al for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDT5W-0000z9-9B for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WJEeJ3TCprr8MJ/xFpuDMW3UwshgEfXPYJg2YTCMzas=; b=st6fY/ERF1nwbTX4vT7ZGbvbrZ mRayncjxCAx99X0FACuf3U15UNRCFsurvTFo5HnpNaDz0pZfN2jso1nkDelJSacs51U0cMfhCcEw6 Wn9EGHY5SPw+8MOpYDhU0Xg6NKQH/fUViOQnX72Zo8DqKEuJY2BgQBs5t75upK+te5ew=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/xenstore: add documentation for new set/get-quota commands Message-Id: Date: Mon, 18 Jul 2022 15:55:14 +0000 commit 6574f387791f18c85c64399ed83b4391adcb4881 Author: Juergen Gross AuthorDate: Mon Jul 18 17:47:04 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 18 17:47:04 2022 +0200 tools/xenstore: add documentation for new set/get-quota commands Add documentation for two new Xenstore wire commands SET_QUOTA and GET_QUOTA used to set or query the Xenstore quota of a given domain. Signed-off-by: Juergen Gross Reviewed-by: Luca Fancellu --- docs/misc/xenstore-ring.txt | 1 + docs/misc/xenstore.txt | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/docs/misc/xenstore-ring.txt b/docs/misc/xenstore-ring.txt index fe06af32fe..aa71c56e4c 100644 --- a/docs/misc/xenstore-ring.txt +++ b/docs/misc/xenstore-ring.txt @@ -70,6 +70,7 @@ Bit Description 0 Ring reconnection (see the ring reconnection feature below) 1 Connection error indicator (see connection error feature below) 2 GET_FEATURE and SET_FEATURE Xenstore wire commands are available +3 GET_QUOTA and SET_QUOTA Xenstore wire commands are available The "Connection state" field is used to request a ring close and reconnect. The "Connection state" field only contains valid data if the server has diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt index 5f4c5c6a55..629f962bb5 100644 --- a/docs/misc/xenstore.txt +++ b/docs/misc/xenstore.txt @@ -332,6 +332,18 @@ SET_FEATURE || xenstored prevents the use of GET_FEATURE and SET_FEATURE other than by dom0. +GET_QUOTA || | +SET_QUOTA ||| + Returns or sets a quota value for the domain being specified by + . is one of "nodes", "watches", "transactions", + "node-size" or "permissions". is a decimal number + specifying the quota value, with "0" having the special meaning + of quota checks being disabled. The initial quota settings for + a domain are the global ones of Xenstore. + + xenstored prevents the use of GET_QUOTA and SET_QUOTA other + than by dom0. + ---------- Miscellaneous ---------- CONTROL |[|] -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 15:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 15:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369906.601494 (Exim 4.92) (envelope-from ) id 1oDT5i-00066T-CP; Mon, 18 Jul 2022 15:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369906.601494; Mon, 18 Jul 2022 15:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT5i-00066L-9o; Mon, 18 Jul 2022 15:55:26 +0000 Received: by outflank-mailman (input) for mailman id 369906; Mon, 18 Jul 2022 15:55:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT5g-00065x-Gh for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT5g-0001g7-Fn for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDT5g-0000zY-Cv for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+X4iSsoPMSpYeebDKPTRqZh1/f1SKzQFxWkZlaM/7i0=; b=fth1ITq/cgTrqcTcDrE9DW3Uav H6RPpayZ0EjYFKq/GKX5lXznj/En/ON6T5P2gP0Db+SxmaUpajQ9/GiRttYJkqCg5aiaBLcv7prnB Tcy76IQ1DvFR032sAc/IsIJgc/8PIVkudHLh0YDS0viU3x64BrzsJe2DHmE9ypFl379k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/xenstore: add documentation for extended watch command Message-Id: Date: Mon, 18 Jul 2022 15:55:24 +0000 commit 3db29e8fac3f874aba0198f398e8eeaad9a091b8 Author: Juergen Gross AuthorDate: Mon Jul 18 17:47:23 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 18 17:47:23 2022 +0200 tools/xenstore: add documentation for extended watch command Add documentation for an extension of the WATCH command used to limit the scope of watched paths. Additionally it enables to receive more information in the events related to special watches (@introduceDomain or @releaseDomain). Signed-off-by: Juergen Gross Reviewed-by: Luca Fancellu --- docs/misc/xenstore-ring.txt | 1 + docs/misc/xenstore.txt | 16 +++++++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/docs/misc/xenstore-ring.txt b/docs/misc/xenstore-ring.txt index aa71c56e4c..a1e6c7bb3a 100644 --- a/docs/misc/xenstore-ring.txt +++ b/docs/misc/xenstore-ring.txt @@ -71,6 +71,7 @@ Bit Description 1 Connection error indicator (see connection error feature below) 2 GET_FEATURE and SET_FEATURE Xenstore wire commands are available 3 GET_QUOTA and SET_QUOTA Xenstore wire commands are available +4 WATCH can take a third parameter limiting its scope The "Connection state" field is used to request a ring close and reconnect. The "Connection state" field only contains valid data if the server has diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt index 629f962bb5..ee0b51394f 100644 --- a/docs/misc/xenstore.txt +++ b/docs/misc/xenstore.txt @@ -176,7 +176,7 @@ SET_PERMS ||+? ---------- Watches ---------- -WATCH ||? +WATCH ||[|]? Adds a watch. When a is modified (including path creation, removal, @@ -187,7 +187,11 @@ WATCH ||? matching watch results in a WATCH_EVENT message (see below). The event's path matches the watch's if it is an child - of . + of . This match can be limited by specifying (a + decimal value of 0 or larger): it denotes the directory levels + below to consider for a match ("0" would not match for + a child of , "1" would match only for a direct child, + etc.). can be a to watch or @. In the latter case may have any syntax but it matches @@ -198,7 +202,13 @@ WATCH ||? shutdown, and also on RELEASE and domain destruction events are sent to privileged callers or explicitly - via SET_PERMS enabled domains only. + via SET_PERMS enabled domains only. The semantics for a + specification of differ for generating + events: specifying "1" will report the related domid by using + @/ for the reported path. Other + values are not supported. + For @releaseDomain it is possible to watch only for a specific + domain by specifying @releaseDomain/ for the path. When a watch is first set up it is triggered once straight away, with equal to . Watches may be triggered -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 15:55:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 15:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369907.601498 (Exim 4.92) (envelope-from ) id 1oDT5s-000697-Dm; Mon, 18 Jul 2022 15:55:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369907.601498; Mon, 18 Jul 2022 15:55:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT5s-00068z-BF; Mon, 18 Jul 2022 15:55:36 +0000 Received: by outflank-mailman (input) for mailman id 369907; Mon, 18 Jul 2022 15:55:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT5q-00068s-JO for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT5q-0001gN-Ia for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDT5q-00010S-Hu for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yFAEOQcAg8c7ctokVHIAXCKpH7sepeUlpmISIhU8UT0=; b=SQnzqIrGfGLHfTXQ9ejklPTHYt 6AhJt26mKXwinvPVwcgk6Eu5cKL/4aHjdSrbQnRb0dGuH5sRGxeemae/F7W6d9ZgTcFzMjFK+Z8CC vKQoHUNtqmrWaDNdqBBq8eD4ob8zT9YeByOsAsZcvaYzHmUGhRihpa/AQ5hzgBimfROM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xl: move freemem()'s "credit expired" loop exit Message-Id: Date: Mon, 18 Jul 2022 15:55:34 +0000 commit d8f8cb8bdd02fad3b6986ae93511f750fa7f7e6a Author: Jan Beulich AuthorDate: Mon Jul 18 17:48:18 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 18 17:48:18 2022 +0200 xl: move freemem()'s "credit expired" loop exit Move the "credit expired" loop exit to the middle of the loop, immediately after "return true". This way having reached the goal on the last iteration would be reported as success to the caller, rather than as "timed out". Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD --- tools/xl/xl_vmcontrol.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tools/xl/xl_vmcontrol.c b/tools/xl/xl_vmcontrol.c index cd338a5422..8c29923f62 100644 --- a/tools/xl/xl_vmcontrol.c +++ b/tools/xl/xl_vmcontrol.c @@ -332,7 +332,7 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) if (rc < 0) return false; - do { + for (;;) { time_t start; rc = libxl_get_free_memory(ctx, &free_memkb); @@ -342,6 +342,9 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) if (free_memkb >= need_memkb) return true; + if (credit <= 0) + return false; + rc = libxl_set_memory_target(ctx, 0, free_memkb - need_memkb, 1, 0); if (rc < 0) return false; @@ -354,9 +357,7 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) return false; credit -= difftime(time(NULL), start); - } while (credit > 0); - - return false; + } } static void reload_domain_config(uint32_t domid, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 15:55:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 15:55:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369909.601513 (Exim 4.92) (envelope-from ) id 1oDT61-0006Sm-N4; Mon, 18 Jul 2022 15:55:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369909.601513; Mon, 18 Jul 2022 15:55:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT61-0006Se-KC; Mon, 18 Jul 2022 15:55:45 +0000 Received: by outflank-mailman (input) for mailman id 369909; Mon, 18 Jul 2022 15:55:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT60-0006Gc-Mb for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDT60-0001gc-La for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDT60-000110-Kn for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 15:55:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6xgBPJPKE76CZ5VAonZp33TbzmpIja9cUR/zEeNmNf4=; b=ZfPmlx3QD5ZlaBIYxUkqXWjunA H4gTEQ69pk4lyhIHc7jbj9WnebEaD3OzUjQwPPP3qb/VBu4LfSx0c2pzP23gjN55G31IkzaRTRpCj 7u1gj2R1X6poheHVCEmvkUazUYWS065bAVsNLTWpGl74SpbJ7N1IZciYRHcPFo4amS0U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] EFI: strip xen.efi when putting it on the EFI partition Message-Id: Date: Mon, 18 Jul 2022 15:55:44 +0000 commit c3cad613dd7ce095098437d9107e791a48db83a9 Author: Jan Beulich AuthorDate: Mon Jul 18 17:48:40 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 18 17:48:40 2022 +0200 EFI: strip xen.efi when putting it on the EFI partition With debug info retained, xen.efi can be quite large. Unlike for xen.gz there's no intermediate step (mkelf32 there) involved which would strip debug info kind of as a side effect. While the installing of xen.efi on the EFI partition is an optional step (intended to be a courtesy to the developer), adjust it also for the purpose of documenting what distros would be expected to do during boot loader configuration (which is what would normally put xen.efi into the EFI partition). Model the control over stripping after Linux'es module installation, except that the stripped executable is constructed in the build area instead of in the destination location. This is to conserve on space used there - EFI partitions tend to be only a few hundred Mb in size. Signed-off-by: Jan Beulich Tested-by: Henry Wang Tested-by: Wei Chen # arm Reviewed-by: Anthony PERARD --- docs/misc/efi.pandoc | 10 +++++++--- xen/Makefile | 22 +++++++++++++++++++++- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc index 71fdc316b6..11c1ac3346 100644 --- a/docs/misc/efi.pandoc +++ b/docs/misc/efi.pandoc @@ -20,9 +20,13 @@ Xen to load the configuration file even if multiboot modules are found. Once built, `make install-xen` will place the resulting binary directly into the EFI boot partition, provided `EFI_VENDOR` is set in the environment (and `EFI_MOUNTPOINT` is overridden as needed, should the default of `/boot/efi` not -match your system). The xen.efi binary will also be installed in -`/usr/lib64/efi/`, unless `EFI_DIR` is set in the environment to override this -default. +match your system). When built with debug info, the binary can be quite large. +Setting `INSTALL_EFI_STRIP=1` in the environment will cause it to be stripped +of debug info in the process of installing. `INSTALL_EFI_STRIP` can also be set +to any combination of options suitable to pass to `strip`, in case the default +ones don't do. The xen.efi binary will also be installed in `/usr/lib64/efi/`, +unless `EFI_DIR` is set in the environment to override this default. This +binary will not be stripped in the process. The binary itself will require a configuration file (names with the `.efi` extension of the binary's name replaced by `.cfg`, and - until an existing diff --git a/xen/Makefile b/xen/Makefile index 4d770fef84..3d926e1015 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -464,6 +464,22 @@ endif .PHONY: _build _build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) +# Strip +# +# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it +# is installed. If INSTALL_EFI_STRIP is '1', then the default option(s) below +# will be used. Otherwise, INSTALL_EFI_STRIP value will be used as the +# option(s) to the strip command. +ifdef INSTALL_EFI_STRIP + +ifeq ($(INSTALL_EFI_STRIP),1) +efi-strip-opt := --strip-debug --keep-file-symbols +else +efi-strip-opt := $(INSTALL_EFI_STRIP) +endif + +endif + .PHONY: _install _install: D=$(DESTDIR) _install: T=$(notdir $(TARGET)) @@ -488,6 +504,9 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \ ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \ if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ + $(if $(efi-strip-opt), \ + $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \ + $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \ $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \ echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \ @@ -544,7 +563,8 @@ _clean: -o -name ".*.o.tmp" -o -name "*~" -o -name "core" \ -o -name '*.lex.c' -o -name '*.tab.[ch]' -o -name '*.c.cppcheck' \ -o -name "*.gcno" -o -name ".*.cmd" -o -name "lib.a" \) -exec rm -f {} \; - rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET).efi $(TARGET).efi.map $(TARGET)-syms $(TARGET)-syms.map + rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET)-syms $(TARGET)-syms.map + rm -f $(TARGET).efi $(TARGET).efi.map $(TARGET).efi.stripped rm -f asm-offsets.s arch/*/include/asm/asm-offsets.h rm -f .banner .allconfig.tmp include/xen/compile.h rm -f cppcheck-misra.* xen-cppcheck.xml -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 16:00:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 16:00:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369914.601517 (Exim 4.92) (envelope-from ) id 1oDTAE-00087n-1W; Mon, 18 Jul 2022 16:00:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369914.601517; Mon, 18 Jul 2022 16:00:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDTAD-00087g-UH; Mon, 18 Jul 2022 16:00:05 +0000 Received: by outflank-mailman (input) for mailman id 369914; Mon, 18 Jul 2022 16:00:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDTAD-00082V-5Q for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 16:00:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDTAD-0002Dm-36 for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 16:00:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDTAD-0001Um-2I for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 16:00:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8bcGJTUUpmf+5BVCvPsPrOBsvskECvNL1FbNYNNlnrY=; b=XtLK0kwKMhIlMTkHtsBeNMWVwD eawesQ1tjruraIUaDlBKl9eEuWei8wM0jRjxMIExIyhhfd8msQj1/Rvsncp48IZmygXE8Y9QPEGRJ NrrINtQXVRk4Rv/MDC2iXfXRUkC4wSIZwAVozYLAimhl/7Jcgu3EqBa4KsY4IuKYpJRA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] vm_event: fix MISRA C 2012 Rule 8.7 violation Message-Id: Date: Mon, 18 Jul 2022 16:00:05 +0000 commit 4f67f1cbb66e96769557863e1734fa465b73b6db Author: Xenia Ragiadakou AuthorDate: Mon Jul 18 17:55:42 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 18 17:55:42 2022 +0200 vm_event: fix MISRA C 2012 Rule 8.7 violation The function vm_event_wake() is referenced only in vm_event.c. Change the linkage of the function from external to internal by adding the storage-class specifier static to the function definition. Also, this patch aims to resolve indirectly a MISRA C 2012 Rule 8.4 violation warning. Signed-off-by: Xenia Ragiadakou Reviewed-by: Jan Beulich Reviewed-by: Stefano Stabellini --- xen/common/vm_event.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c index 0b99a6ea72..ecf49c38a9 100644 --- a/xen/common/vm_event.c +++ b/xen/common/vm_event.c @@ -173,7 +173,7 @@ static void vm_event_wake_queued(struct domain *d, struct vm_event_domain *ved) * call vm_event_wake() again, ensuring that any blocked vCPUs will get * unpaused once all the queued vCPUs have made it through. */ -void vm_event_wake(struct domain *d, struct vm_event_domain *ved) +static void vm_event_wake(struct domain *d, struct vm_event_domain *ved) { if ( !list_empty(&ved->wq.list) ) vm_event_wake_queued(d, ved); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 18 16:00:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 18 Jul 2022 16:00:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.369915.601521 (Exim 4.92) (envelope-from ) id 1oDTAO-0008Ea-2P; Mon, 18 Jul 2022 16:00:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 369915.601521; Mon, 18 Jul 2022 16:00:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDTAN-0008ES-Vz; Mon, 18 Jul 2022 16:00:15 +0000 Received: by outflank-mailman (input) for mailman id 369915; Mon, 18 Jul 2022 16:00:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDTAN-0008EI-78 for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 16:00:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDTAN-0002Is-6G for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 16:00:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDTAN-0001VY-5b for xen-changelog@lists.xenproject.org; Mon, 18 Jul 2022 16:00:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=e6j8PCbiBNQiTee4wXNKFnVQtzJgyEmIxX3S8A3k3kY=; b=vIzzUUnq10zYg63f2kkzfh9ODm AAz4H8ECWRxwBNfjJ8Jd5/xWe+SJhkxXHkizRBL2qqs7EnDzVbRO0I1OUicjjVf2nEIYoRdbte+Lx H1B6G39TAVlKHuu6cDlEAUXELd5EOkvUFl3LPh/BqcBp1A+Qaz815Z+F1QMjhkucYS8U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] sched/credit: fix MISRA C 2012 Rule 8.7 violation Message-Id: Date: Mon, 18 Jul 2022 16:00:15 +0000 commit 0e60f1d9d1970cae49ee9d03f5759f44afc1fdee Author: Xenia Ragiadakou AuthorDate: Mon Jul 18 17:56:41 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 18 17:56:41 2022 +0200 sched/credit: fix MISRA C 2012 Rule 8.7 violation The per-cpu variable last_tickle_cpu is referenced only in credit.c. Change its linkage from external to internal by adding the storage-class specifier static to its definitions. Also, this patch aims to resolve indirectly a MISRA C 2012 Rule 8.4 violation warning. Signed-off-by: Xenia Ragiadakou Reviewed-by: Jan Beulich Reviewed-by: Stefano Stabellini --- xen/common/sched/credit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/sched/credit.c b/xen/common/sched/credit.c index 4d3bd8cba6..47945c2834 100644 --- a/xen/common/sched/credit.c +++ b/xen/common/sched/credit.c @@ -348,7 +348,7 @@ static void burn_credits(struct csched_unit *svc, s_time_t now) static bool __read_mostly opt_tickle_one_idle = true; boolean_param("tickle_one_idle_cpu", opt_tickle_one_idle); -DEFINE_PER_CPU(unsigned int, last_tickle_cpu); +static DEFINE_PER_CPU(unsigned int, last_tickle_cpu); static inline void __runq_tickle(const struct csched_unit *new) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 03:11:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 03:11:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370289.601950 (Exim 4.92) (envelope-from ) id 1oDddW-0000O0-Ki; Tue, 19 Jul 2022 03:11:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370289.601950; Tue, 19 Jul 2022 03:11:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDddW-0000Ns-Hp; Tue, 19 Jul 2022 03:11:02 +0000 Received: by outflank-mailman (input) for mailman id 370289; Tue, 19 Jul 2022 03:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDddW-0000Nk-2L for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 03:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDddW-00050Z-1R for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 03:11:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDddW-0005bc-0L for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 03:11:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=P/C5yjlRFULIByUY2VC5ZpUkD+JpFonqigSXUgnnVCI=; b=k0uepi17uASfVP8+S3a6tr+S8n NytBa8iGcN7w0EwA/SEkpPnFOq51UqBYQ9LbJ6EkdAOT1wzHP9dyLgYzFmfViPL1kCdiFnHnn3mtg pXZsDE60RnqKCMH8YnlaDqHPmM0wuR6amEmEGaerF3n683v/7ilvca5kpi8p3Bio6oVg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: Fix check-endbr.sh with mawk Message-Id: Date: Tue, 19 Jul 2022 03:11:02 +0000 commit b2ebe879a44428957e147be52e8bf5227e36e723 Author: Anthony PERARD AuthorDate: Thu Jul 14 15:39:06 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 18 15:31:18 2022 +0100 xen: Fix check-endbr.sh with mawk check-endbr.sh works with gawk, but fails with mawk. The produced $ALL file is smaller as it is missing 0x$vma_lo on every line. With mawk, int(0x2A) just produces 0, instead of the expected value. The use of hexadecimal-constant in awk is an optional part of the posix spec, and mawk doesn't seems to implemented. There is a way to convert an hexadecimal to a number be putting it in a string, and awk as I understand is supposed to use strtod() to convert the string to a number when needed. The expression 'int("0x15") + 21' would produce the expected value in `mawk` but now `gawk` won't convert the string to a number unless we use the option "--non-decimal-data". So let's convert the hexadecimal number before using it in the awk script. The shell as no issue with dealing with hexadecimal-constant so we'll simply use the expression "$(( 0x15 ))" to convert the value before using it in awk. Note: This does introduce a latent portability bug, which fixed in a separate change to avoid mixing complexity/explanations. Fixes: 4d037425dc ("x86: Build check for embedded endbr64 instructions") Resolves: xen-project/xen#26 Reported-by: Luca Fancellu Reported-by: Mathieu Tarral Signed-off-by: Anthony PERARD Reviewed-by: Bertrand Marquis Reviewed-by: Andrew Cooper --- xen/tools/check-endbr.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/xen/tools/check-endbr.sh b/xen/tools/check-endbr.sh index f633846b0f..b3febd6a4c 100755 --- a/xen/tools/check-endbr.sh +++ b/xen/tools/check-endbr.sh @@ -64,6 +64,11 @@ ${OBJDUMP} -j .text $1 -d -w | grep ' endbr64 *$' | cut -f 1 -d ':' > $VALID & # split the VMA in half so AWK's numeric addition is only working on 32 bit # numbers, which don't lose precision. # +# 4) MAWK doesn't support plain hex constants (an optional part of the POSIX +# spec), and GAWK and MAWK can't agree on how to work with hex constants in +# a string. Use the shell to convert $vma_lo to decimal before passing to +# AWK. +# eval $(${OBJDUMP} -j .text $1 -h | $AWK '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}') @@ -79,7 +84,7 @@ then else grep -aob -e "$(printf '\363\17\36\372')" -e "$(printf '\363\17\36\373')" \ -e "$(printf '\146\17\37\1')" $TEXT_BIN -fi | $AWK -F':' '{printf "%s%x\n", "'$vma_hi'", int(0x'$vma_lo') + $1}' > $ALL +fi | $AWK -F':' '{printf "%s%x\n", "'$vma_hi'", int('$((0x$vma_lo))') + $1}' > $ALL # Wait for $VALID to become complete wait -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 03:11:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 03:11:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370291.601954 (Exim 4.92) (envelope-from ) id 1oDddg-0000QD-MI; Tue, 19 Jul 2022 03:11:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370291.601954; Tue, 19 Jul 2022 03:11:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDddg-0000Q5-JS; Tue, 19 Jul 2022 03:11:12 +0000 Received: by outflank-mailman (input) for mailman id 370291; Tue, 19 Jul 2022 03:11:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDddg-0000Pz-5G for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 03:11:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDddg-00050z-4M for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 03:11:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDddg-0005c4-3e for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 03:11:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=d3fi2RgyWf/tPCvmlG6OrKXVTFSVES/lPV8m9CrWosI=; b=3Uxnw/xLhIY7/GwcAoWQcneFNq QfCZoKB0mYbnwMEzZef0YWxBgOjNTtLx3lQCvi3PY+yanblWuSUL7W3VUjyfpF8TwecaFPCf9Zk87 F1ExlvPJPaNv9JnevUgVUCXEuOcQ4NE7gui8kPzvPcTq8hBXKMo7UP/+LREHqLr50ga0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: Fix latent check-endbr.sh bug with 32bit build environments Message-Id: Date: Tue, 19 Jul 2022 03:11:12 +0000 commit 0af91dc0326cba12795e0b8fa8f665776e2a9e13 Author: Andrew Cooper AuthorDate: Fri Jul 15 12:53:09 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 18 15:32:27 2022 +0100 xen: Fix latent check-endbr.sh bug with 32bit build environments While Xen's current VMA means it works, the mawk fix (i.e. using $((0xN)) in the shell) isn't portable in 32bit shells. See the code comment for the fix. The fix found a second latent bug. Recombining $vma_hi/lo should have used printf "%s%08x" and only worked previously because $vma_lo had bits set in it's top nibble. Combining with the main fix, %08x becomes %07x. Fixes: b2ebe879a444 ("xen: Fix check-endbr.sh with mawk") Reported-by: Jan Beulich Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/tools/check-endbr.sh | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/xen/tools/check-endbr.sh b/xen/tools/check-endbr.sh index b3febd6a4c..b97684ac25 100755 --- a/xen/tools/check-endbr.sh +++ b/xen/tools/check-endbr.sh @@ -61,19 +61,36 @@ ${OBJDUMP} -j .text $1 -d -w | grep ' endbr64 *$' | cut -f 1 -d ':' > $VALID & # the lower bits, rounding integers to the nearest 4k. # # Instead, use the fact that Xen's .text is within a 1G aligned region, and -# split the VMA in half so AWK's numeric addition is only working on 32 bit -# numbers, which don't lose precision. +# split the VMA so AWK's numeric addition is only working on <32 bit +# numbers, which don't lose precision. (See point 5) # # 4) MAWK doesn't support plain hex constants (an optional part of the POSIX # spec), and GAWK and MAWK can't agree on how to work with hex constants in # a string. Use the shell to convert $vma_lo to decimal before passing to # AWK. # +# 5) Point 4 isn't fully portable. POSIX only requires that $((0xN)) be +# evaluated as long, which in 32bit shells turns negative if bit 31 of the +# VMA is set. AWK then interprets this negative number as a double before +# adding the offsets from the binary grep. +# +# Instead of doing an 8/8 split with vma_hi/lo, do a 9/7 split. +# +# The consequence of this is that for all offsets, $vma_lo + offset needs +# to be less that 256M (i.e. 7 nibbles) so as to be successfully recombined +# with the 9 nibbles of $vma_hi. This is fine; .text is at the start of a +# 1G aligned region, and Xen is far far smaller than 256M, but leave safety +# check nevertheless. +# eval $(${OBJDUMP} -j .text $1 -h | - $AWK '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}') + $AWK '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 9), substr($4, 10, 16)}') ${OBJCOPY} -j .text $1 -O binary $TEXT_BIN +bin_sz=$(stat -c '%s' $TEXT_BIN) +[ "$bin_sz" -ge $(((1 << 28) - $vma_lo)) ] && + { echo "$MSG_PFX Error: .text offsets must not exceed 256M" >&2; exit 1; } + # instruction: hex: oct: # endbr64 f3 0f 1e fa 363 017 036 372 # endbr32 f3 0f 1e fb 363 017 036 373 @@ -84,7 +101,7 @@ then else grep -aob -e "$(printf '\363\17\36\372')" -e "$(printf '\363\17\36\373')" \ -e "$(printf '\146\17\37\1')" $TEXT_BIN -fi | $AWK -F':' '{printf "%s%x\n", "'$vma_hi'", int('$((0x$vma_lo))') + $1}' > $ALL +fi | $AWK -F':' '{printf "%s%07x\n", "'$vma_hi'", int('$((0x$vma_lo))') + $1}' > $ALL # Wait for $VALID to become complete wait -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 06:44:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 06:44:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370369.602079 (Exim 4.92) (envelope-from ) id 1oDgxi-0004bk-EU; Tue, 19 Jul 2022 06:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370369.602079; Tue, 19 Jul 2022 06:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDgxi-0004bc-Bs; Tue, 19 Jul 2022 06:44:06 +0000 Received: by outflank-mailman (input) for mailman id 370369; Tue, 19 Jul 2022 06:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDgxg-0004bU-KR for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 06:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDgxg-0000sL-FG for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 06:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDgxg-00084g-ES for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 06:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=axjLctMiYkTtazVGotqU5lD5H/ErfaagSvMlPJCLqmU=; b=dzVXxQYnaj2R+kG+cGEKTyWpsq pTGqAKB9ZRabrI9HC7aTf0FgTLyioa7DfMze+Qh/H0SwIr9yU8//qrXz791nfMJYvXQLGBugP/4O4 PRbDqOAfgf/ZxJvOUe8FYsoXfaSOuxX+ro4vlPcTECmFWQ1wrcdNsZ9qPo7cpysm8DuQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: log non-responding CPUs in fatal_trap() Message-Id: Date: Tue, 19 Jul 2022 06:44:04 +0000 commit 59ec934d538c24265e29667aac5a6d69e31eef0a Author: Jan Beulich AuthorDate: Tue Jul 19 08:36:10 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 19 08:36:10 2022 +0200 x86: log non-responding CPUs in fatal_trap() This eases recognizing that something odd is going on. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/traps.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index cabebf4f5b..b713ef7e77 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -845,6 +845,9 @@ void fatal_trap(const struct cpu_user_regs *regs, bool show_remote) msecs = 10; } } + if ( pending ) + printk("Non-responding CPUs: {%*pbl}\n", + CPUMASK_PR(&show_state_mask)); } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 06:44:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 06:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370370.602083 (Exim 4.92) (envelope-from ) id 1oDgxr-0004db-Fz; Tue, 19 Jul 2022 06:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370370.602083; Tue, 19 Jul 2022 06:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDgxr-0004dT-DN; Tue, 19 Jul 2022 06:44:15 +0000 Received: by outflank-mailman (input) for mailman id 370370; Tue, 19 Jul 2022 06:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDgxq-0004dL-Ky for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 06:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDgxq-0000si-K4 for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 06:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDgxq-00085B-Hb for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 06:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=i1Z/55fY8KWPH7s7y4oyAt9g4r3wNOlAOW9kiiJa4Ko=; b=NTh1ciDPKxIytgySMzT8iTYDUH 1cC9l3I0+e0UtC2Ir2Uo/8cHMGkEltYFz22wuuc+DNFolqz04r6zE7U6Y2DmABwfce1tL0XxFJCYP Fu/ZOmiJBG2L3clUb3wt3Lewf8gLWUj8lI7rKcdt4R4TSZZEP/Ck14Mudgbt6Ii0Yl6E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR Message-Id: Date: Tue, 19 Jul 2022 06:44:14 +0000 commit fdbf8bdfebc2ed323c521848f642cc4f6b8cb662 Author: Jan Beulich AuthorDate: Tue Jul 19 08:36:53 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 19 08:36:53 2022 +0200 x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR There are command line controls for this and the default also isn't "always enable when hardware supports it", which logging should take into account. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/spec_ctrl.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 9dd4d846f5..44e86f3d67 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -511,13 +511,12 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || - boot_cpu_has(X86_FEATURE_MD_CLEAR) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - opt_eager_fpu) ? "" : " None", + opt_eager_fpu || opt_md_clear_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + opt_md_clear_hvm ? " MD_CLEAR" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif @@ -525,13 +524,12 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || - boot_cpu_has(X86_FEATURE_MD_CLEAR) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - opt_eager_fpu) ? "" : " None", + opt_eager_fpu || opt_md_clear_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + opt_md_clear_pv ? " MD_CLEAR" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 06:44:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 06:44:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370371.602086 (Exim 4.92) (envelope-from ) id 1oDgy1-0004gV-HQ; Tue, 19 Jul 2022 06:44:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370371.602086; Tue, 19 Jul 2022 06:44:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDgy1-0004gO-Et; Tue, 19 Jul 2022 06:44:25 +0000 Received: by outflank-mailman (input) for mailman id 370371; Tue, 19 Jul 2022 06:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDgy0-0004gH-OO for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 06:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDgy0-0000t1-NN for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 06:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDgy0-00085l-MN for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 06:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nzH+YxZaGQ88ttgh3P16sUd8bD5WGYD1qY0R5YBYdG4=; b=a2CJyjWihK9azyThApEALkUcmg QfcFCyYYU0X77QpMUJr0DxF4ix30I5iHjsAGsk11QRIQESAjaYXNZbvMwiPmjXj3A6p5RkL9qPoIz oupn+mxiiyDwspJwpnvE/ApZvNmRZbS8EqZWAJ3qHRwviMWgBAgFUAhOEI+I4PyLdcMM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: deal with gcc12 release build issues Message-Id: Date: Tue, 19 Jul 2022 06:44:24 +0000 commit 9723507daf2120131410c91980d4e4d9b0d0aa90 Author: Jan Beulich AuthorDate: Tue Jul 19 08:37:29 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 19 08:37:29 2022 +0200 x86: deal with gcc12 release build issues While a number of issues we previously had with pre-release gcc12 were fixed in the final release, we continue to have one issue (with multiple instances) when doing release builds (i.e. at higher optimization levels): The compiler takes issue with subtracting (always 1 in our case) from artifical labels (expressed as array) marking the end of certain regions. This isn't an unreasonable position to take. Simply hide the "array-ness" by casting to an integer type. To keep things looking consistently, apply the same cast also on the respective expressions dealing with the starting addresses. (Note how efi_arch_memory_setup()'s l2_table_offset() invocations avoid a similar issue by already having the necessary casts.) In is_xen_fixed_mfn() further switch from __pa() to virt_to_maddr() to better match the left sides of the <= operators. Reported-by: Charles Arnold Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/efi/efi-boot.h | 6 +++--- xen/arch/x86/include/asm/mm.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index 6e65b569b0..836e8c2ba1 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -677,10 +677,10 @@ static void __init efi_arch_memory_setup(void) * appropriate l2 slots to map. */ #define l2_4G_offset(a) \ - (((UINTN)(a) >> L2_PAGETABLE_SHIFT) & (4 * L2_PAGETABLE_ENTRIES - 1)) + (((a) >> L2_PAGETABLE_SHIFT) & (4 * L2_PAGETABLE_ENTRIES - 1)) - for ( i = l2_4G_offset(_start); - i <= l2_4G_offset(_end - 1); ++i ) + for ( i = l2_4G_offset((UINTN)_start); + i <= l2_4G_offset((UINTN)_end - 1); ++i ) { l2_pgentry_t pte = l2e_from_paddr(i << L2_PAGETABLE_SHIFT, __PAGE_HYPERVISOR | _PAGE_PSE); diff --git a/xen/arch/x86/include/asm/mm.h b/xen/arch/x86/include/asm/mm.h index 07b59c982b..0fc826de46 100644 --- a/xen/arch/x86/include/asm/mm.h +++ b/xen/arch/x86/include/asm/mm.h @@ -309,8 +309,8 @@ struct page_info #define is_xen_heap_mfn(mfn) \ (mfn_valid(mfn) && is_xen_heap_page(mfn_to_page(mfn))) #define is_xen_fixed_mfn(mfn) \ - (((mfn_to_maddr(mfn)) >= __pa(_stext)) && \ - ((mfn_to_maddr(mfn)) <= __pa(__2M_rwdata_end - 1))) + (((mfn_to_maddr(mfn)) >= virt_to_maddr((unsigned long)_stext)) && \ + ((mfn_to_maddr(mfn)) <= virt_to_maddr((unsigned long)__2M_rwdata_end - 1))) #define PRtype_info "016lx"/* should only be used for printk's */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 09:22:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 09:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370497.602267 (Exim 4.92) (envelope-from ) id 1oDjQb-0006uK-CQ; Tue, 19 Jul 2022 09:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370497.602267; Tue, 19 Jul 2022 09:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDjQb-0006uA-9S; Tue, 19 Jul 2022 09:22:05 +0000 Received: by outflank-mailman (input) for mailman id 370497; Tue, 19 Jul 2022 09:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDjQa-0006u4-KE for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 09:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDjQa-0004F3-GT for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 09:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDjQa-0000KK-FZ for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 09:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=S9Lu43vvMCnpYtWKp21ZY/PyRny232J+HLSrk7tui/U=; b=unOqGpd6I7aTVjq00YD5C1VKSY dgNXbhH1iv9MeGjfzz/xu3VQ78OJ6J1Fdh8EPe5MUe0K45oMJd8MDk8Nt2lQivOqvkczYAufm5SyS pGnj2TfPoB8aHw8W/NF2zvYXYShVk1JFMEVLuoiY7YbRCesZERJuKrCzJJm5hbxdnGDc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Revert "tools/xenstore: add documentation for ..." Message-Id: Date: Tue, 19 Jul 2022 09:22:04 +0000 commit 0a8546395451f01032058a2a97857ed99a12b004 Author: Jan Beulich AuthorDate: Tue Jul 19 11:16:02 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 19 11:16:02 2022 +0200 Revert "tools/xenstore: add documentation for ..." This reverts commits 3db29e8fac3f874aba0198f398e8eeaad9a091b8, 6574f387791f18c85c64399ed83b4391adcb4881, and 1a564e4b3b4fcb9a49fa09ade689ba38c0a890e8. They were committed by mistake (newer version pending). --- docs/misc/xenstore-ring.txt | 3 --- docs/misc/xenstore.txt | 40 +++------------------------------------- 2 files changed, 3 insertions(+), 40 deletions(-) diff --git a/docs/misc/xenstore-ring.txt b/docs/misc/xenstore-ring.txt index a1e6c7bb3a..2792d13530 100644 --- a/docs/misc/xenstore-ring.txt +++ b/docs/misc/xenstore-ring.txt @@ -69,9 +69,6 @@ Bit Description ----------------------------------------------------------------- 0 Ring reconnection (see the ring reconnection feature below) 1 Connection error indicator (see connection error feature below) -2 GET_FEATURE and SET_FEATURE Xenstore wire commands are available -3 GET_QUOTA and SET_QUOTA Xenstore wire commands are available -4 WATCH can take a third parameter limiting its scope The "Connection state" field is used to request a ring close and reconnect. The "Connection state" field only contains valid data if the server has diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt index ee0b51394f..334dc8b6fd 100644 --- a/docs/misc/xenstore.txt +++ b/docs/misc/xenstore.txt @@ -176,7 +176,7 @@ SET_PERMS ||+? ---------- Watches ---------- -WATCH ||[|]? +WATCH ||? Adds a watch. When a is modified (including path creation, removal, @@ -187,11 +187,7 @@ WATCH ||[|]? matching watch results in a WATCH_EVENT message (see below). The event's path matches the watch's if it is an child - of . This match can be limited by specifying (a - decimal value of 0 or larger): it denotes the directory levels - below to consider for a match ("0" would not match for - a child of , "1" would match only for a direct child, - etc.). + of . can be a to watch or @. In the latter case may have any syntax but it matches @@ -202,13 +198,7 @@ WATCH ||[|]? shutdown, and also on RELEASE and domain destruction events are sent to privileged callers or explicitly - via SET_PERMS enabled domains only. The semantics for a - specification of differ for generating - events: specifying "1" will report the related domid by using - @/ for the reported path. Other - values are not supported. - For @releaseDomain it is possible to watch only for a specific - domain by specifying @releaseDomain/ for the path. + via SET_PERMS enabled domains only. When a watch is first set up it is triggered once straight away, with equal to . Watches may be triggered @@ -330,30 +320,6 @@ SET_TARGET || xenstored prevents the use of SET_TARGET other than by dom0. -GET_FEATURE | | -SET_FEATURE || - Returns or sets the contents of the "feature" field located at - offset 2064 of the Xenstore ring page of the domain specified by - . is a decimal number being a logical or of the - feature bits as defined in docs/misc/xenstore-ring.txt. Trying - to set a bit for a feature not being supported by the running - Xenstore will be denied. - - xenstored prevents the use of GET_FEATURE and SET_FEATURE other - than by dom0. - -GET_QUOTA || | -SET_QUOTA ||| - Returns or sets a quota value for the domain being specified by - . is one of "nodes", "watches", "transactions", - "node-size" or "permissions". is a decimal number - specifying the quota value, with "0" having the special meaning - of quota checks being disabled. The initial quota settings for - a domain are the global ones of Xenstore. - - xenstored prevents the use of GET_QUOTA and SET_QUOTA other - than by dom0. - ---------- Miscellaneous ---------- CONTROL |[|] -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 09:22:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 09:22:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370498.602271 (Exim 4.92) (envelope-from ) id 1oDjQl-0006vv-Dw; Tue, 19 Jul 2022 09:22:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370498.602271; Tue, 19 Jul 2022 09:22:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDjQl-0006vn-B2; Tue, 19 Jul 2022 09:22:15 +0000 Received: by outflank-mailman (input) for mailman id 370498; Tue, 19 Jul 2022 09:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDjQk-0006vd-Kc for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 09:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDjQk-0004FQ-Jg for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 09:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDjQk-0000Kn-Ii for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 09:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5SSo6prHphy/VW/bAfGxuYBaDPP5gMTHb6sSDPQz/Q0=; b=R09i+kiLxzVvpXX79ZoeNa/Mj7 tUT1mRhkmXd0CwoZnC80Y7SabOx+WzYJdGhREjixQlxlneV+nzJ9ycznvAifynotr3DEZ5eMyCllj n8j0Wq0VYw/QWYZJCDzi52+lmB26Di29UudQiqRkQAxsysukZQHu6q5aLjJY9LK6RR/Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/xl: use sparse init for dom_info, remove duplicate vars Message-Id: Date: Tue, 19 Jul 2022 09:22:14 +0000 commit e500b6b8d07f87593a9d0e3a391456ef4ac5ee34 Author: Elliott Mitchell AuthorDate: Tue Jul 19 11:18:55 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 19 11:18:55 2022 +0200 tools/xl: use sparse init for dom_info, remove duplicate vars Rather than having shadow variables for every element of dom_info, it is better to properly initialize dom_info at the start. This also removes the misleading memset() in the middle of main_create(). Remove the dryrun element of domain_create as that has been displaced by the global "dryrun_only" variable. Signed-off-by: Elliott Mitchell Reviewed-by: Anthony PERARD --- tools/xl/xl.h | 1 - tools/xl/xl_vmcontrol.c | 76 ++++++++++++++++++++++++------------------------- 2 files changed, 37 insertions(+), 40 deletions(-) diff --git a/tools/xl/xl.h b/tools/xl/xl.h index 528deb3feb..7c9aff6ad7 100644 --- a/tools/xl/xl.h +++ b/tools/xl/xl.h @@ -34,7 +34,6 @@ struct domain_create { int daemonize; int monitor; /* handle guest reboots etc */ int paused; - int dryrun; int quiet; int vnc; int vncautopass; diff --git a/tools/xl/xl_vmcontrol.c b/tools/xl/xl_vmcontrol.c index 8c29923f62..5518c78dc6 100644 --- a/tools/xl/xl_vmcontrol.c +++ b/tools/xl/xl_vmcontrol.c @@ -859,8 +859,8 @@ int create_domain(struct domain_create *dom_info) } } - if (debug || dom_info->dryrun) { - FILE *cfg_print_fh = (debug && !dom_info->dryrun) ? stderr : stdout; + if (debug || dryrun_only) { + FILE *cfg_print_fh = (debug && !dryrun_only) ? stderr : stdout; if (default_output_format == OUTPUT_FORMAT_SXP) { printf_info_sexp(-1, &d_config, cfg_print_fh); } else { @@ -878,7 +878,7 @@ int create_domain(struct domain_create *dom_info) ret = 0; - if (dom_info->dryrun) + if (dryrun_only) goto out; start: @@ -1169,10 +1169,26 @@ out: int main_create(int argc, char **argv) { - const char *filename = NULL; - struct domain_create dom_info; - int paused = 0, debug = 0, daemonize = 1, console_autoconnect = 0, - quiet = 0, monitor = 1, vnc = 0, vncautopass = 0, ignore_masks = 0; + struct domain_create dom_info = { + /* Command-line options */ + .config_file = NULL, + .console_autoconnect = 0, + .debug = 0, + .daemonize = 1, + .ignore_global_affinity_masks = 0, + .monitor = 1, + .paused = 0, + .quiet = 0, + .vnc = 0, + .vncautopass = 0, + + /* Extra configuration file settings */ + .extra_config = NULL, + + /* FDs, initialize to invalid */ + .migrate_fd = -1, + .send_back_fd = -1, + }; int opt, rc; static const struct option opts[] = { {"defconfig", 1, 0, 'f'}, @@ -1184,58 +1200,54 @@ int main_create(int argc, char **argv) COMMON_LONG_OPTS }; - dom_info.extra_config = NULL; - if (argv[1] && argv[1][0] != '-' && !strchr(argv[1], '=')) { - filename = argv[1]; + dom_info.config_file = argv[1]; argc--; argv++; } SWITCH_FOREACH_OPT(opt, "AFVcdef:inpq", opts, "create", 0) { case 'A': - vnc = vncautopass = 1; + dom_info.vnc = dom_info.vncautopass = 1; break; case 'F': - daemonize = 0; + dom_info.daemonize = 0; break; case 'V': - vnc = 1; + dom_info.vnc = 1; break; case 'c': - console_autoconnect = 1; + dom_info.console_autoconnect = 1; break; case 'd': - debug = 1; + dom_info.debug = 1; break; case 'e': - daemonize = 0; - monitor = 0; + dom_info.daemonize = 0; + dom_info.monitor = 0; break; case 'f': - filename = optarg; + dom_info.config_file = optarg; break; case 'i': - ignore_masks = 1; + dom_info.ignore_global_affinity_masks = 1; break; case 'n': dryrun_only = 1; break; case 'p': - paused = 1; + dom_info.paused = 1; break; case 'q': - quiet = 1; + dom_info.quiet = 1; break; } - memset(&dom_info, 0, sizeof(dom_info)); - for (; optind < argc; optind++) { if (strchr(argv[optind], '=') != NULL) { string_realloc_append(&dom_info.extra_config, argv[optind]); string_realloc_append(&dom_info.extra_config, "\n"); - } else if (!filename) { - filename = argv[optind]; + } else if (!dom_info.config_file) { + dom_info.config_file = argv[optind]; } else { help("create"); free(dom_info.extra_config); @@ -1243,20 +1255,6 @@ int main_create(int argc, char **argv) } } - dom_info.debug = debug; - dom_info.daemonize = daemonize; - dom_info.monitor = monitor; - dom_info.paused = paused; - dom_info.dryrun = dryrun_only; - dom_info.quiet = quiet; - dom_info.config_file = filename; - dom_info.migrate_fd = -1; - dom_info.send_back_fd = -1; - dom_info.vnc = vnc; - dom_info.vncautopass = vncautopass; - dom_info.console_autoconnect = console_autoconnect; - dom_info.ignore_global_affinity_masks = ignore_masks; - rc = create_domain(&dom_info); if (rc < 0) { free(dom_info.extra_config); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 10:55:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 10:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370567.602374 (Exim 4.92) (envelope-from ) id 1oDksZ-0005Lt-LA; Tue, 19 Jul 2022 10:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370567.602374; Tue, 19 Jul 2022 10:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDksZ-0005Ll-H8; Tue, 19 Jul 2022 10:55:03 +0000 Received: by outflank-mailman (input) for mailman id 370567; Tue, 19 Jul 2022 10:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDksY-0005Lf-4k for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDksY-0005uV-3k for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDksY-0004rp-28 for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/F+ufFxsXeXESAKtYy3xGIEGYegoVP689RbjThQrwss=; b=wZvB5vOaPgPi3xLHVWTXzFgf9d VlOEoiyy9lsCTio2rmzlpVAlKzGAGbqzkReER9HDkAHH31G3gzWCA63qelwnu2y7zuuoLXgD0NNO9 qxARekY5uDymtbi8Ex4t853xnTIvK4HQ5112VhY3fOiXpMR6ncwm7XVxRDuKno2vgvSw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/wait: Drop vestigial remnants of TRAP_regs_partial Message-Id: Date: Tue, 19 Jul 2022 10:55:02 +0000 commit 7a105f7c76db2f8f457bb790271e01f75641bf05 Author: Andrew Cooper AuthorDate: Fri Jul 15 13:39:29 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 18 15:55:53 2022 +0100 xen/wait: Drop vestigial remnants of TRAP_regs_partial The preservation of entry_vector was introduced with ecf9846a6a20 ("x86: save/restore only partial register state where possible") where TRAP_regs_partial was introduced, but missed from f9eb74789af7 ("x86/entry: Remove support for partial cpu_user_regs frames") where TRAP_regs_partial was removed. Fixes: f9eb74789af7 ("x86/entry: Remove support for partial cpu_user_regs frames") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/common/wait.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen/common/wait.c b/xen/common/wait.c index 9276d76464..3ebb884fe7 100644 --- a/xen/common/wait.c +++ b/xen/common/wait.c @@ -124,7 +124,6 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) struct cpu_info *cpu_info = get_cpu_info(); struct vcpu *curr = current; unsigned long dummy; - u32 entry_vector = cpu_info->guest_cpu_user_regs.entry_vector; ASSERT(wqv->esp == 0); @@ -169,8 +168,6 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) for ( ; ; ) do_softirq(); } - - cpu_info->guest_cpu_user_regs.entry_vector = entry_vector; } static void __finish_wait(struct waitqueue_vcpu *wqv) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 10:55:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 10:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370568.602378 (Exim 4.92) (envelope-from ) id 1oDksj-0005Oj-OQ; Tue, 19 Jul 2022 10:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370568.602378; Tue, 19 Jul 2022 10:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDksj-0005Ob-Lk; Tue, 19 Jul 2022 10:55:13 +0000 Received: by outflank-mailman (input) for mailman id 370568; Tue, 19 Jul 2022 10:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDksi-0005OP-7n for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDksi-0005uh-6w for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDksi-0004sN-61 for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2jtaqyqo/3JGrjarAIDkW/efsYYZD8/uJs45u3RsKo8=; b=Ax3Cilu6YMlhkQQTmWtwd1/ZB9 TqXmq9xts04BGqJJcWskk3y2MleEnjlLOAP/V04HUXLqgst10DF8YH0zIZJy38dUs4jugUtj6EVUk tlfPOWCbj388sn2YpVQr1CGi8ubCjtBA5f4TFCYQttPmqzasM7rA8nPLK4EUmI+tQFmw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/wait: Extend the description of how this logic actually works Message-Id: Date: Tue, 19 Jul 2022 10:55:12 +0000 commit d93a8c481c596ab4f86a3e56983b136cd1a5d58d Author: Andrew Cooper AuthorDate: Fri Jul 15 14:16:12 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 18 15:55:53 2022 +0100 xen/wait: Extend the description of how this logic actually works Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/common/wait.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/xen/common/wait.c b/xen/common/wait.c index 3ebb884fe7..1f0285ac30 100644 --- a/xen/common/wait.c +++ b/xen/common/wait.c @@ -137,7 +137,19 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) do_softirq(); } - /* Hand-rolled setjmp(). */ + /* + * Hand-rolled setjmp(). + * + * __prepare_to_wait() is the leaf of a deep calltree. Preserve the GPRs, + * bounds check what we want to stash in wqv->stack, copy the active stack + * (up to cpu_info) into wqv->stack, then return normally. Our caller + * will shortly schedule() and discard the current context. + * + * The copy out is performed with a rep movsb. When + * check_wakeup_from_wait() longjmp()'s back into us, %rsp is pre-adjusted + * to be suitable and %rsi/%rdi are swapped, so the rep movsb instead + * copies in from wqv->stack over the active stack. + */ asm volatile ( "push %%rax; push %%rbx; push %%rdx; push %%rbp;" "push %%r8; push %%r9; push %%r10; push %%r11;" @@ -199,9 +211,17 @@ void check_wakeup_from_wait(void) } /* - * Hand-rolled longjmp(). Returns to __prepare_to_wait(), and lands on a - * `rep movs` instruction. All other GPRs are restored from the stack, so - * are available for use here. + * Hand-rolled longjmp(). + * + * check_wakeup_from_wait() is always called with a shallow stack, + * immediately after the vCPU has been rescheduled. + * + * Adjust %rsp to be the correct depth for the (deeper) stack we want to + * restore, then prepare %rsi, %rdi and %rcx such that when we rejoin the + * rep movs in __prepare_to_wait(), it copies from wqv->stack over the + * active stack. + * + * All other GPRs are available for use; they're restored from the stack. */ asm volatile ( "mov %1,%%"__OP"sp; jmp .L_wq_resume;" -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 10:55:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 10:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370569.602382 (Exim 4.92) (envelope-from ) id 1oDkst-0005RY-Pz; Tue, 19 Jul 2022 10:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370569.602382; Tue, 19 Jul 2022 10:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDkst-0005RR-NG; Tue, 19 Jul 2022 10:55:23 +0000 Received: by outflank-mailman (input) for mailman id 370569; Tue, 19 Jul 2022 10:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDkss-0005RB-B4 for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDkss-0005vB-9j for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDkss-0004ss-96 for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8+XEM7OUkiqRtFwbQLIkGOW39uGXV6BjgCAvQ9+QbK0=; b=GUjgknLzLMFZsmJJh4S2rNPRK4 e0bO6f/4L5DUWaQqsvPrsOqei6vA+SjgWl/6/zxe19UpD8ZWu99KAPHP4tmFxPXFqG887psMaTD8L NMvkgVDYKMJc8TcoaaYdRNeP4sEQfoFA2ea9x9PxcaxZR+6ppQ/Sils8ihnX3UewIOpw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/wait: Minor asm improvements Message-Id: Date: Tue, 19 Jul 2022 10:55:22 +0000 commit 660d69cd5a3714777252d7b804f82e8b7a8a8313 Author: Andrew Cooper AuthorDate: Fri Jul 15 12:27:08 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Jul 18 15:55:53 2022 +0100 xen/wait: Minor asm improvements There is no point preserving all registers. Instead, preserve an arbitrary 6 registers, and list the rest as clobbered. This does not alter the register scheduling at all, but does reduce the amount of state needing saving. Use a named parameter for page size, instead of needing to parse which is parameter 3. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/common/wait.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/xen/common/wait.c b/xen/common/wait.c index 1f0285ac30..e45345ede7 100644 --- a/xen/common/wait.c +++ b/xen/common/wait.c @@ -151,13 +151,12 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) * copies in from wqv->stack over the active stack. */ asm volatile ( - "push %%rax; push %%rbx; push %%rdx; push %%rbp;" - "push %%r8; push %%r9; push %%r10; push %%r11;" - "push %%r12; push %%r13; push %%r14; push %%r15;" + "push %%rbx; push %%rbp; push %%r12;" + "push %%r13; push %%r14; push %%r15;" "sub %%esp,%%ecx;" - "cmp %3,%%ecx;" - "ja .L_skip;" + "cmp %[sz], %%ecx;" + "ja .L_skip;" /* Bail if >4k */ "mov %%rsp,%%rsi;" /* check_wakeup_from_wait() longjmp()'s to this point. */ @@ -165,12 +164,12 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) "mov %%rsp,%%rsi;" ".L_skip:" - "pop %%r15; pop %%r14; pop %%r13; pop %%r12;" - "pop %%r11; pop %%r10; pop %%r9; pop %%r8;" - "pop %%rbp; pop %%rdx; pop %%rbx; pop %%rax" + "pop %%r15; pop %%r14; pop %%r13;" + "pop %%r12; pop %%rbp; pop %%rbx" : "=&S" (wqv->esp), "=&c" (dummy), "=&D" (dummy) - : "i" (PAGE_SIZE), "0" (0), "1" (cpu_info), "2" (wqv->stack) - : "memory" ); + : "0" (0), "1" (cpu_info), "2" (wqv->stack), + [sz] "i" (PAGE_SIZE) + : "memory", "rax", "rdx", "r8", "r9", "r10", "r11" ); if ( unlikely(wqv->esp == 0) ) { @@ -221,13 +220,15 @@ void check_wakeup_from_wait(void) * rep movs in __prepare_to_wait(), it copies from wqv->stack over the * active stack. * - * All other GPRs are available for use; they're restored from the stack. + * All other GPRs are available for use; They're restored from the stack, + * or explicitly clobbered. */ - asm volatile ( - "mov %1,%%"__OP"sp; jmp .L_wq_resume;" - : : "S" (wqv->stack), "D" (wqv->esp), - "c" ((char *)get_cpu_info() - (char *)wqv->esp) - : "memory" ); + asm volatile ( "mov %%rdi, %%rsp;" + "jmp .L_wq_resume" + : + : "S" (wqv->stack), "D" (wqv->esp), + "c" ((char *)get_cpu_info() - (char *)wqv->esp) + : "memory" ); unreachable(); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 10:55:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 10:55:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370571.602386 (Exim 4.92) (envelope-from ) id 1oDkt3-0005UY-Ra; Tue, 19 Jul 2022 10:55:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370571.602386; Tue, 19 Jul 2022 10:55:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDkt3-0005UR-Oy; Tue, 19 Jul 2022 10:55:33 +0000 Received: by outflank-mailman (input) for mailman id 370571; Tue, 19 Jul 2022 10:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDkt2-0005UH-De for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDkt2-0005ws-Cp for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDkt2-0004tM-C4 for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=US9NYIfcY/bvDgF3UOmWKLB1z7Z2FvrUn6FpivF2+F4=; b=w69oaRpdIPJ0gpWSZ2vxPdxt2/ fQaiN7CHXa5a2YwcCZnDHCso1pHSuCqYIiwSRhgAMD1hA986QNRxi90LB0GL2fSzV/21ZmW/5GtRx LmCO7+pUya+rsjukBNy6egLlTGlgFDC4M0yzDyQAa/wzeNzgcOQmNI4H0+9soWD1s94w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/xenstore: add documentation for new set/get-feature commands Message-Id: Date: Tue, 19 Jul 2022 10:55:32 +0000 commit 1a564e4b3b4fcb9a49fa09ade689ba38c0a890e8 Author: Juergen Gross AuthorDate: Mon Jul 18 17:46:47 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 18 17:46:47 2022 +0200 tools/xenstore: add documentation for new set/get-feature commands Add documentation for two new Xenstore wire commands SET_FEATURE and GET_FEATURE used to set or query the Xenstore features visible in the ring page of a given domain. Signed-off-by: Juergen Gross Reviewed-by: Luca Fancellu --- docs/misc/xenstore-ring.txt | 1 + docs/misc/xenstore.txt | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/docs/misc/xenstore-ring.txt b/docs/misc/xenstore-ring.txt index 2792d13530..fe06af32fe 100644 --- a/docs/misc/xenstore-ring.txt +++ b/docs/misc/xenstore-ring.txt @@ -69,6 +69,7 @@ Bit Description ----------------------------------------------------------------- 0 Ring reconnection (see the ring reconnection feature below) 1 Connection error indicator (see connection error feature below) +2 GET_FEATURE and SET_FEATURE Xenstore wire commands are available The "Connection state" field is used to request a ring close and reconnect. The "Connection state" field only contains valid data if the server has diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt index 334dc8b6fd..5f4c5c6a55 100644 --- a/docs/misc/xenstore.txt +++ b/docs/misc/xenstore.txt @@ -320,6 +320,18 @@ SET_TARGET || xenstored prevents the use of SET_TARGET other than by dom0. +GET_FEATURE | | +SET_FEATURE || + Returns or sets the contents of the "feature" field located at + offset 2064 of the Xenstore ring page of the domain specified by + . is a decimal number being a logical or of the + feature bits as defined in docs/misc/xenstore-ring.txt. Trying + to set a bit for a feature not being supported by the running + Xenstore will be denied. + + xenstored prevents the use of GET_FEATURE and SET_FEATURE other + than by dom0. + ---------- Miscellaneous ---------- CONTROL |[|] -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 10:55:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 10:55:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370572.602390 (Exim 4.92) (envelope-from ) id 1oDktD-0005Yw-TW; Tue, 19 Jul 2022 10:55:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370572.602390; Tue, 19 Jul 2022 10:55:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDktD-0005YZ-QT; Tue, 19 Jul 2022 10:55:43 +0000 Received: by outflank-mailman (input) for mailman id 370572; Tue, 19 Jul 2022 10:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDktC-0005XO-Gw for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDktC-0005x4-G4 for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDktC-0004tp-FF for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7Q2Drhm6PKm420ahunjqBsbu//J5XtvWgOCpYG1Yxms=; b=3ekRbd2zeu7FkprHptgn3zZhUU wEpNeNhNRXh6s1wQYQMP4TKjJv0P8tZ2BkHkzB6EnojT43CnlTrfQJVP4/CpV7ZCOyjYTtI6cOr5W rrzsrKG5/INZLkG6UgBz7SxCEpr1zPS0vEqYVCOoXjXQ+TBhH8AbrH6M6a3qmxhbh3Rw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/xenstore: add documentation for new set/get-quota commands Message-Id: Date: Tue, 19 Jul 2022 10:55:42 +0000 commit 6574f387791f18c85c64399ed83b4391adcb4881 Author: Juergen Gross AuthorDate: Mon Jul 18 17:47:04 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 18 17:47:04 2022 +0200 tools/xenstore: add documentation for new set/get-quota commands Add documentation for two new Xenstore wire commands SET_QUOTA and GET_QUOTA used to set or query the Xenstore quota of a given domain. Signed-off-by: Juergen Gross Reviewed-by: Luca Fancellu --- docs/misc/xenstore-ring.txt | 1 + docs/misc/xenstore.txt | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/docs/misc/xenstore-ring.txt b/docs/misc/xenstore-ring.txt index fe06af32fe..aa71c56e4c 100644 --- a/docs/misc/xenstore-ring.txt +++ b/docs/misc/xenstore-ring.txt @@ -70,6 +70,7 @@ Bit Description 0 Ring reconnection (see the ring reconnection feature below) 1 Connection error indicator (see connection error feature below) 2 GET_FEATURE and SET_FEATURE Xenstore wire commands are available +3 GET_QUOTA and SET_QUOTA Xenstore wire commands are available The "Connection state" field is used to request a ring close and reconnect. The "Connection state" field only contains valid data if the server has diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt index 5f4c5c6a55..629f962bb5 100644 --- a/docs/misc/xenstore.txt +++ b/docs/misc/xenstore.txt @@ -332,6 +332,18 @@ SET_FEATURE || xenstored prevents the use of GET_FEATURE and SET_FEATURE other than by dom0. +GET_QUOTA || | +SET_QUOTA ||| + Returns or sets a quota value for the domain being specified by + . is one of "nodes", "watches", "transactions", + "node-size" or "permissions". is a decimal number + specifying the quota value, with "0" having the special meaning + of quota checks being disabled. The initial quota settings for + a domain are the global ones of Xenstore. + + xenstored prevents the use of GET_QUOTA and SET_QUOTA other + than by dom0. + ---------- Miscellaneous ---------- CONTROL |[|] -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 10:55:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 10:55:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370573.602393 (Exim 4.92) (envelope-from ) id 1oDktN-0005bp-Ub; Tue, 19 Jul 2022 10:55:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370573.602393; Tue, 19 Jul 2022 10:55:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDktN-0005bh-Ry; Tue, 19 Jul 2022 10:55:53 +0000 Received: by outflank-mailman (input) for mailman id 370573; Tue, 19 Jul 2022 10:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDktM-0005bX-Kx for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDktM-0005xG-K9 for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDktM-0004uE-IQ for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xYGX924ARye4xZy7wQMT3jpeRX4lvWFuAIksBsxa0J0=; b=NaXeu+2Ftnn+moYr7dxY9vPPrE vm68umtJRnQfW2zunk76M787XpLvkTGCmbS8qkOU5z/denGpge3HhjTo4UShUDRhtsjv8LH11u3dM o/0gV9UWApFcL1iwmY/RH7LVamGhr0lOXc9TiKnep8l5P8GQUsu+BMov+pUSl1LrV1V8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/xenstore: add documentation for extended watch command Message-Id: Date: Tue, 19 Jul 2022 10:55:52 +0000 commit 3db29e8fac3f874aba0198f398e8eeaad9a091b8 Author: Juergen Gross AuthorDate: Mon Jul 18 17:47:23 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 18 17:47:23 2022 +0200 tools/xenstore: add documentation for extended watch command Add documentation for an extension of the WATCH command used to limit the scope of watched paths. Additionally it enables to receive more information in the events related to special watches (@introduceDomain or @releaseDomain). Signed-off-by: Juergen Gross Reviewed-by: Luca Fancellu --- docs/misc/xenstore-ring.txt | 1 + docs/misc/xenstore.txt | 16 +++++++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/docs/misc/xenstore-ring.txt b/docs/misc/xenstore-ring.txt index aa71c56e4c..a1e6c7bb3a 100644 --- a/docs/misc/xenstore-ring.txt +++ b/docs/misc/xenstore-ring.txt @@ -71,6 +71,7 @@ Bit Description 1 Connection error indicator (see connection error feature below) 2 GET_FEATURE and SET_FEATURE Xenstore wire commands are available 3 GET_QUOTA and SET_QUOTA Xenstore wire commands are available +4 WATCH can take a third parameter limiting its scope The "Connection state" field is used to request a ring close and reconnect. The "Connection state" field only contains valid data if the server has diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt index 629f962bb5..ee0b51394f 100644 --- a/docs/misc/xenstore.txt +++ b/docs/misc/xenstore.txt @@ -176,7 +176,7 @@ SET_PERMS ||+? ---------- Watches ---------- -WATCH ||? +WATCH ||[|]? Adds a watch. When a is modified (including path creation, removal, @@ -187,7 +187,11 @@ WATCH ||? matching watch results in a WATCH_EVENT message (see below). The event's path matches the watch's if it is an child - of . + of . This match can be limited by specifying (a + decimal value of 0 or larger): it denotes the directory levels + below to consider for a match ("0" would not match for + a child of , "1" would match only for a direct child, + etc.). can be a to watch or @. In the latter case may have any syntax but it matches @@ -198,7 +202,13 @@ WATCH ||? shutdown, and also on RELEASE and domain destruction events are sent to privileged callers or explicitly - via SET_PERMS enabled domains only. + via SET_PERMS enabled domains only. The semantics for a + specification of differ for generating + events: specifying "1" will report the related domid by using + @/ for the reported path. Other + values are not supported. + For @releaseDomain it is possible to watch only for a specific + domain by specifying @releaseDomain/ for the path. When a watch is first set up it is triggered once straight away, with equal to . Watches may be triggered -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 10:56:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 10:56:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370574.602398 (Exim 4.92) (envelope-from ) id 1oDktY-0005et-0a; Tue, 19 Jul 2022 10:56:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370574.602398; Tue, 19 Jul 2022 10:56:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDktX-0005el-Td; Tue, 19 Jul 2022 10:56:03 +0000 Received: by outflank-mailman (input) for mailman id 370574; Tue, 19 Jul 2022 10:56:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDktW-0005eS-Or for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:56:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDktW-0005xf-Ny for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:56:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDktW-0004us-MW for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DdwxGNnIB3f5QCl2PKBCfpkrkAmOlsJakWElA9TpnAI=; b=XgIavHGa0vLsjPV03nNd2tumcJ MRkXMn5Ff7cR9u9rxKj/eKIxYdnZVpFepJLp96Yv9rwaymSlpZf6a4niANuddGXmRmwDhazxYkv4B 4tDwXhPRNVJgHTnZsiIBQW23AJzsIdzBof8vqPZccTUbq8MqHH18qUat50zTktYwSpL8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xl: move freemem()'s "credit expired" loop exit Message-Id: Date: Tue, 19 Jul 2022 10:56:02 +0000 commit d8f8cb8bdd02fad3b6986ae93511f750fa7f7e6a Author: Jan Beulich AuthorDate: Mon Jul 18 17:48:18 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 18 17:48:18 2022 +0200 xl: move freemem()'s "credit expired" loop exit Move the "credit expired" loop exit to the middle of the loop, immediately after "return true". This way having reached the goal on the last iteration would be reported as success to the caller, rather than as "timed out". Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD --- tools/xl/xl_vmcontrol.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tools/xl/xl_vmcontrol.c b/tools/xl/xl_vmcontrol.c index cd338a5422..8c29923f62 100644 --- a/tools/xl/xl_vmcontrol.c +++ b/tools/xl/xl_vmcontrol.c @@ -332,7 +332,7 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) if (rc < 0) return false; - do { + for (;;) { time_t start; rc = libxl_get_free_memory(ctx, &free_memkb); @@ -342,6 +342,9 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) if (free_memkb >= need_memkb) return true; + if (credit <= 0) + return false; + rc = libxl_set_memory_target(ctx, 0, free_memkb - need_memkb, 1, 0); if (rc < 0) return false; @@ -354,9 +357,7 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) return false; credit -= difftime(time(NULL), start); - } while (credit > 0); - - return false; + } } static void reload_domain_config(uint32_t domid, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 10:56:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 10:56:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370575.602403 (Exim 4.92) (envelope-from ) id 1oDktj-0005hV-1y; Tue, 19 Jul 2022 10:56:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370575.602403; Tue, 19 Jul 2022 10:56:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDkti-0005hN-VK; Tue, 19 Jul 2022 10:56:14 +0000 Received: by outflank-mailman (input) for mailman id 370575; Tue, 19 Jul 2022 10:56:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDktg-0005hA-T0 for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:56:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDktg-0005y8-R9 for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:56:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDktg-0004vH-QL for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:56:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CaGTtKDoJTO5I/XzoaFNHlyYpuhzNDa8teVY9Ys5hv4=; b=YtDqC702Ryq6TZXQ4zKJtSEuFp XjJ9RM71xA8ns73Jy5rme+/fzUHqqBiyBsi8+xj/QcR6j6pAfvj9dQ+cf2LW7lfoxTyhu99n8Rcel fhumFslW2pf1wu2nIV2bFq0HKFAB0vXLo9Bbw4rTSBHre7wbVY7rOeFU66xxi4PPR/xA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] EFI: strip xen.efi when putting it on the EFI partition Message-Id: Date: Tue, 19 Jul 2022 10:56:12 +0000 commit c3cad613dd7ce095098437d9107e791a48db83a9 Author: Jan Beulich AuthorDate: Mon Jul 18 17:48:40 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 18 17:48:40 2022 +0200 EFI: strip xen.efi when putting it on the EFI partition With debug info retained, xen.efi can be quite large. Unlike for xen.gz there's no intermediate step (mkelf32 there) involved which would strip debug info kind of as a side effect. While the installing of xen.efi on the EFI partition is an optional step (intended to be a courtesy to the developer), adjust it also for the purpose of documenting what distros would be expected to do during boot loader configuration (which is what would normally put xen.efi into the EFI partition). Model the control over stripping after Linux'es module installation, except that the stripped executable is constructed in the build area instead of in the destination location. This is to conserve on space used there - EFI partitions tend to be only a few hundred Mb in size. Signed-off-by: Jan Beulich Tested-by: Henry Wang Tested-by: Wei Chen # arm Reviewed-by: Anthony PERARD --- docs/misc/efi.pandoc | 10 +++++++--- xen/Makefile | 22 +++++++++++++++++++++- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc index 71fdc316b6..11c1ac3346 100644 --- a/docs/misc/efi.pandoc +++ b/docs/misc/efi.pandoc @@ -20,9 +20,13 @@ Xen to load the configuration file even if multiboot modules are found. Once built, `make install-xen` will place the resulting binary directly into the EFI boot partition, provided `EFI_VENDOR` is set in the environment (and `EFI_MOUNTPOINT` is overridden as needed, should the default of `/boot/efi` not -match your system). The xen.efi binary will also be installed in -`/usr/lib64/efi/`, unless `EFI_DIR` is set in the environment to override this -default. +match your system). When built with debug info, the binary can be quite large. +Setting `INSTALL_EFI_STRIP=1` in the environment will cause it to be stripped +of debug info in the process of installing. `INSTALL_EFI_STRIP` can also be set +to any combination of options suitable to pass to `strip`, in case the default +ones don't do. The xen.efi binary will also be installed in `/usr/lib64/efi/`, +unless `EFI_DIR` is set in the environment to override this default. This +binary will not be stripped in the process. The binary itself will require a configuration file (names with the `.efi` extension of the binary's name replaced by `.cfg`, and - until an existing diff --git a/xen/Makefile b/xen/Makefile index 4d770fef84..3d926e1015 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -464,6 +464,22 @@ endif .PHONY: _build _build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) +# Strip +# +# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it +# is installed. If INSTALL_EFI_STRIP is '1', then the default option(s) below +# will be used. Otherwise, INSTALL_EFI_STRIP value will be used as the +# option(s) to the strip command. +ifdef INSTALL_EFI_STRIP + +ifeq ($(INSTALL_EFI_STRIP),1) +efi-strip-opt := --strip-debug --keep-file-symbols +else +efi-strip-opt := $(INSTALL_EFI_STRIP) +endif + +endif + .PHONY: _install _install: D=$(DESTDIR) _install: T=$(notdir $(TARGET)) @@ -488,6 +504,9 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \ ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \ if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ + $(if $(efi-strip-opt), \ + $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \ + $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \ $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \ echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \ @@ -544,7 +563,8 @@ _clean: -o -name ".*.o.tmp" -o -name "*~" -o -name "core" \ -o -name '*.lex.c' -o -name '*.tab.[ch]' -o -name '*.c.cppcheck' \ -o -name "*.gcno" -o -name ".*.cmd" -o -name "lib.a" \) -exec rm -f {} \; - rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET).efi $(TARGET).efi.map $(TARGET)-syms $(TARGET)-syms.map + rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET)-syms $(TARGET)-syms.map + rm -f $(TARGET).efi $(TARGET).efi.map $(TARGET).efi.stripped rm -f asm-offsets.s arch/*/include/asm/asm-offsets.h rm -f .banner .allconfig.tmp include/xen/compile.h rm -f cppcheck-misra.* xen-cppcheck.xml -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 10:56:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 10:56:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370576.602406 (Exim 4.92) (envelope-from ) id 1oDkts-0005kd-5U; Tue, 19 Jul 2022 10:56:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370576.602406; Tue, 19 Jul 2022 10:56:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDkts-0005kV-2o; Tue, 19 Jul 2022 10:56:24 +0000 Received: by outflank-mailman (input) for mailman id 370576; Tue, 19 Jul 2022 10:56:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDktq-0005kD-Vo for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:56:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDktq-0005yK-UE for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:56:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDktq-0004w0-TQ for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:56:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Z7+IhlfvPFRhbZ1mK2lH3ugeFL3x65PYlzO6iRPWXuY=; b=KwcMrLndjHaHjTAGN5C3DXEZwI epE4iV+nLcnUcW3uXu85pBD11DO9uji4CoDWmvcrUoOIio0WOOK/ejCD4135h0KK1JrTNNtCQ7NDx MyOcEOxYEOicxAn4sbtGhJ+uu4Q3Gh82h0nqVIftwMrJTMHZK6TNep5KbLLSJ5IE6qZE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] vm_event: fix MISRA C 2012 Rule 8.7 violation Message-Id: Date: Tue, 19 Jul 2022 10:56:22 +0000 commit 4f67f1cbb66e96769557863e1734fa465b73b6db Author: Xenia Ragiadakou AuthorDate: Mon Jul 18 17:55:42 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 18 17:55:42 2022 +0200 vm_event: fix MISRA C 2012 Rule 8.7 violation The function vm_event_wake() is referenced only in vm_event.c. Change the linkage of the function from external to internal by adding the storage-class specifier static to the function definition. Also, this patch aims to resolve indirectly a MISRA C 2012 Rule 8.4 violation warning. Signed-off-by: Xenia Ragiadakou Reviewed-by: Jan Beulich Reviewed-by: Stefano Stabellini --- xen/common/vm_event.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c index 0b99a6ea72..ecf49c38a9 100644 --- a/xen/common/vm_event.c +++ b/xen/common/vm_event.c @@ -173,7 +173,7 @@ static void vm_event_wake_queued(struct domain *d, struct vm_event_domain *ved) * call vm_event_wake() again, ensuring that any blocked vCPUs will get * unpaused once all the queued vCPUs have made it through. */ -void vm_event_wake(struct domain *d, struct vm_event_domain *ved) +static void vm_event_wake(struct domain *d, struct vm_event_domain *ved) { if ( !list_empty(&ved->wq.list) ) vm_event_wake_queued(d, ved); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 10:56:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 10:56:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370577.602410 (Exim 4.92) (envelope-from ) id 1oDku2-0005x5-6u; Tue, 19 Jul 2022 10:56:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370577.602410; Tue, 19 Jul 2022 10:56:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDku2-0005x0-4G; Tue, 19 Jul 2022 10:56:34 +0000 Received: by outflank-mailman (input) for mailman id 370577; Tue, 19 Jul 2022 10:56:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDku1-0005pM-1o for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:56:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDku1-0005yX-0z for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:56:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDku1-0004wT-0D for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 10:56:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r4Fdobk+pTfZjAoTUzIF3KECE9ed73CXdngTpezfVBk=; b=DVzjRdWcISKSYJoX6qBgUsKKH5 qF8RM7h0gffum24R7oYpDAdOEDKN00a7yNbhbUp7vmIzwJVIuALcrT8UeimT9WXHP843WuS51JDS+ taMha6zRUE7KJniXCWJgIf0zjKkrBf/KZ3QE5c+4cX8teN4f1edXK9vjWf/r2uXM+D+A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] sched/credit: fix MISRA C 2012 Rule 8.7 violation Message-Id: Date: Tue, 19 Jul 2022 10:56:33 +0000 commit 0e60f1d9d1970cae49ee9d03f5759f44afc1fdee Author: Xenia Ragiadakou AuthorDate: Mon Jul 18 17:56:41 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 18 17:56:41 2022 +0200 sched/credit: fix MISRA C 2012 Rule 8.7 violation The per-cpu variable last_tickle_cpu is referenced only in credit.c. Change its linkage from external to internal by adding the storage-class specifier static to its definitions. Also, this patch aims to resolve indirectly a MISRA C 2012 Rule 8.4 violation warning. Signed-off-by: Xenia Ragiadakou Reviewed-by: Jan Beulich Reviewed-by: Stefano Stabellini --- xen/common/sched/credit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/sched/credit.c b/xen/common/sched/credit.c index 4d3bd8cba6..47945c2834 100644 --- a/xen/common/sched/credit.c +++ b/xen/common/sched/credit.c @@ -348,7 +348,7 @@ static void burn_credits(struct csched_unit *svc, s_time_t now) static bool __read_mostly opt_tickle_one_idle = true; boolean_param("tickle_one_idle_cpu", opt_tickle_one_idle); -DEFINE_PER_CPU(unsigned int, last_tickle_cpu); +static DEFINE_PER_CPU(unsigned int, last_tickle_cpu); static inline void __runq_tickle(const struct csched_unit *new) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 13:33:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 13:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370667.602534 (Exim 4.92) (envelope-from ) id 1oDnLV-0004mY-HO; Tue, 19 Jul 2022 13:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370667.602534; Tue, 19 Jul 2022 13:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDnLV-0004mR-Er; Tue, 19 Jul 2022 13:33:05 +0000 Received: by outflank-mailman (input) for mailman id 370667; Tue, 19 Jul 2022 13:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDnLU-0004mL-4X for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 13:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDnLU-0000GN-2T for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 13:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDnLU-0004y9-1a for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 13:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=M2NKlTCh0gJ3m9K1e6L4vCmoJAHmkj8NxEqCdW4z76I=; b=hIxWugifOhJgWnxf1tMfPTTWrC z3J4pY3vanBj6y66ShPGqe1bU4X9hVYIJTHKrhTYigs+UctBy3dp/Y8nmmDAHeoTXm0ldb2csLrCE PcXp8fzNDCO8o/1faP808CB1LeEh0Ipz2SdYRQ5vYkNouI0rHTqh/0EncLthIVQT0u+4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Consistently halt speculation using int3 Message-Id: Date: Tue, 19 Jul 2022 13:33:04 +0000 commit addb336f4afb244fd57eb141a9c6ac365ed36563 Author: Andrew Cooper AuthorDate: Thu Jun 30 22:15:25 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 19 14:28:18 2022 +0100 x86/spec-ctrl: Consistently halt speculation using int3 The RSB stuffing loop and retpoline thunks date from the very beginning, when halting speculation was a brand new field. These days, we've largely settled on int3 for halting speculation in non-architectural paths. It's a single byte, and is fully serialising - a requirement for delivering #BP if it were to execute. Update the thunks. Mostly for consistency across the codebase, but it does shrink every entrypath in Xen by 6 bytes which is a marginal win. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 11 +++-------- xen/arch/x86/indirect-thunk.S | 6 ++---- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 9eb4ad9ab7..fab27ff553 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -126,9 +126,8 @@ * change. Based on Google's performance numbers, the loop is unrolled to 16 * iterations and two calls per iteration. * - * The call filling the RSB needs a nonzero displacement. A nop would do, but - * we use "1: pause; lfence; jmp 1b" to safely contains any ret-based - * speculation, even if the loop is speculatively executed prematurely. + * The call filling the RSB needs a nonzero displacement, and int3 halts + * speculation. * * %rsp is preserved by using an extra GPR because a) we've got plenty spare, * b) the two movs are shorter to encode than `add $32*8, %rsp`, and c) can be @@ -141,11 +140,7 @@ .irp n, 1, 2 /* Unrolled twice. */ call .L\@_insert_rsb_entry_\n /* Create an RSB entry. */ - -.L\@_capture_speculation_\n: - pause - lfence - jmp .L\@_capture_speculation_\n /* Capture rogue speculation. */ + int3 /* Halt rogue speculation. */ .L\@_insert_rsb_entry_\n: .endr diff --git a/xen/arch/x86/indirect-thunk.S b/xen/arch/x86/indirect-thunk.S index 7cc22da0ef..de6aef6068 100644 --- a/xen/arch/x86/indirect-thunk.S +++ b/xen/arch/x86/indirect-thunk.S @@ -12,11 +12,9 @@ #include .macro IND_THUNK_RETPOLINE reg:req - call 2f + call 1f + int3 1: - lfence - jmp 1b -2: mov %\reg, (%rsp) ret .endm -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 19 13:33:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 19 Jul 2022 13:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.370668.602540 (Exim 4.92) (envelope-from ) id 1oDnLf-0004oh-JI; Tue, 19 Jul 2022 13:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370668.602540; Tue, 19 Jul 2022 13:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDnLf-0004oV-GI; Tue, 19 Jul 2022 13:33:15 +0000 Received: by outflank-mailman (input) for mailman id 370668; Tue, 19 Jul 2022 13:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDnLe-0004oL-6M for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 13:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDnLe-0000GU-5X for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 13:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oDnLe-0004zK-4c for xen-changelog@lists.xenproject.org; Tue, 19 Jul 2022 13:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wLGdA7hdtJRRANjalH9HTseV7n9UpNa4/D6Qr1dIdh8=; b=lOFW43fIzNRLYfT6ZiKX2E1sbv SrO3/dehmb1IX5lumPrLBhleVaVgxzrJiJw7q+egSPdl49UowbLNpVTouQ+KVfOj6lZjTAt+YbJpP fuBcUwwXEMzmthv7Pz4tVASEd+uw65LX0v0CJDY4xtxjfY+Pc87L+CSHdEoxY2w8mUCY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Make svm_vmexit_spec_ctrl conditional Message-Id: Date: Tue, 19 Jul 2022 13:33:14 +0000 commit c16a9eda77b2089206d5bc39ab6488c3793e11bf Author: Andrew Cooper AuthorDate: Mon Jul 18 14:15:08 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 19 14:28:18 2022 +0100 x86/spec-ctrl: Make svm_vmexit_spec_ctrl conditional The logic was written this way out of an abundance of caution, but the reality is that AMD parts don't currently have the RAS-flushing side effect, nor do they intend to gain it. This removes one WRMSR from the VMExit path by default on Zen2 systems. Fixes: 614cec7d79d7 ("x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 0ff4008060..a60d759f71 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -113,15 +113,15 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM .macro svm_vmexit_spec_ctrl - /* - * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] - * flushing side effect. - */ - mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 06:11:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 06:11:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.371402.603288 (Exim 4.92) (envelope-from ) id 1oE2vG-0007MV-Tu; Wed, 20 Jul 2022 06:11:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 371402.603288; Wed, 20 Jul 2022 06:11:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2vG-0007MN-R0; Wed, 20 Jul 2022 06:11:02 +0000 Received: by outflank-mailman (input) for mailman id 371402; Wed, 20 Jul 2022 06:11:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2vF-0007MH-QM for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2vF-0001EJ-PT for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oE2vF-0000qL-OZ for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=c/OasXbQ3J3GlVF+5LwMxAcLEweIuHguXtasDTn05t0=; b=LFAUFSEd5OsEd7yBsPM04ePMoE fCl+/HXRnPzXPdNDxtGuZzoz7cTtAGjjVckXTEYk5NEpio0qeQxv3xx2c62rhHCJimr1X/h18QXvp BjqFNdqYB+o6lxVcQoJ1wemv+GK8ESqbsneT/v2tAi8L1Sw2SLgC3Hydqx/fPqVixdfc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: log non-responding CPUs in fatal_trap() Message-Id: Date: Wed, 20 Jul 2022 06:11:01 +0000 commit 59ec934d538c24265e29667aac5a6d69e31eef0a Author: Jan Beulich AuthorDate: Tue Jul 19 08:36:10 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 19 08:36:10 2022 +0200 x86: log non-responding CPUs in fatal_trap() This eases recognizing that something odd is going on. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/traps.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index cabebf4f5b..b713ef7e77 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -845,6 +845,9 @@ void fatal_trap(const struct cpu_user_regs *regs, bool show_remote) msecs = 10; } } + if ( pending ) + printk("Non-responding CPUs: {%*pbl}\n", + CPUMASK_PR(&show_state_mask)); } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 06:11:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 06:11:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.371403.603293 (Exim 4.92) (envelope-from ) id 1oE2vQ-0007Ob-VP; Wed, 20 Jul 2022 06:11:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 371403.603293; Wed, 20 Jul 2022 06:11:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2vQ-0007OU-Sh; Wed, 20 Jul 2022 06:11:12 +0000 Received: by outflank-mailman (input) for mailman id 371403; Wed, 20 Jul 2022 06:11:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2vP-0007OL-TM for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2vP-0001EQ-Sb for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oE2vP-0000qq-Rh for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1nkBe0vaR83xes3YMn7lwNwf45oQ0BN3ARluoHyJWgE=; b=rym1sWL3iUf300N+NyozqLKPSP hgeGDU0V6p6VY/4JhBnmLYSycd6mRDmJGn4LQz7EYtmEmUrEiJ+/+/PK27vX8mNvLWvqLj+0d+n5+ esNLHZtmT1of9e6vMgI70JIiIjDzHZ/ejD3A7Y0+pirYiz4EUDGVjtGoN+Zky+Ya4nJ0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR Message-Id: Date: Wed, 20 Jul 2022 06:11:11 +0000 commit fdbf8bdfebc2ed323c521848f642cc4f6b8cb662 Author: Jan Beulich AuthorDate: Tue Jul 19 08:36:53 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 19 08:36:53 2022 +0200 x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR There are command line controls for this and the default also isn't "always enable when hardware supports it", which logging should take into account. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/spec_ctrl.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 9dd4d846f5..44e86f3d67 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -511,13 +511,12 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || - boot_cpu_has(X86_FEATURE_MD_CLEAR) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - opt_eager_fpu) ? "" : " None", + opt_eager_fpu || opt_md_clear_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + opt_md_clear_hvm ? " MD_CLEAR" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif @@ -525,13 +524,12 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || - boot_cpu_has(X86_FEATURE_MD_CLEAR) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - opt_eager_fpu) ? "" : " None", + opt_eager_fpu || opt_md_clear_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + opt_md_clear_pv ? " MD_CLEAR" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 06:11:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 06:11:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.371404.603297 (Exim 4.92) (envelope-from ) id 1oE2vb-0007Ro-1C; Wed, 20 Jul 2022 06:11:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 371404.603297; Wed, 20 Jul 2022 06:11:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2va-0007Re-UK; Wed, 20 Jul 2022 06:11:22 +0000 Received: by outflank-mailman (input) for mailman id 371404; Wed, 20 Jul 2022 06:11:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2va-0007RJ-0J for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2vZ-0001Eg-Vl for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oE2vZ-0000rP-Uo for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vT3oRhf0QdYTLGaGsFE5/sHg+oanMriscqiszLoTkGc=; b=Yz3d/RkBR5zp9FtXphZc6g9zJ6 B8Cy0BYgsK1tGfPAD+ta885s9rKCA8zxWM001zTmqJ/j27Pp9Yko3Mqn9oQd2ai7hPqOeOf5ct9Lb xuDbv4o3zkWnoK8KiSDK3fqxyqHm+NW+Df27MX55oaxhDIkzu85YxBMZmJduNLCYbsTE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: deal with gcc12 release build issues Message-Id: Date: Wed, 20 Jul 2022 06:11:21 +0000 commit 9723507daf2120131410c91980d4e4d9b0d0aa90 Author: Jan Beulich AuthorDate: Tue Jul 19 08:37:29 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 19 08:37:29 2022 +0200 x86: deal with gcc12 release build issues While a number of issues we previously had with pre-release gcc12 were fixed in the final release, we continue to have one issue (with multiple instances) when doing release builds (i.e. at higher optimization levels): The compiler takes issue with subtracting (always 1 in our case) from artifical labels (expressed as array) marking the end of certain regions. This isn't an unreasonable position to take. Simply hide the "array-ness" by casting to an integer type. To keep things looking consistently, apply the same cast also on the respective expressions dealing with the starting addresses. (Note how efi_arch_memory_setup()'s l2_table_offset() invocations avoid a similar issue by already having the necessary casts.) In is_xen_fixed_mfn() further switch from __pa() to virt_to_maddr() to better match the left sides of the <= operators. Reported-by: Charles Arnold Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/efi/efi-boot.h | 6 +++--- xen/arch/x86/include/asm/mm.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index 6e65b569b0..836e8c2ba1 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -677,10 +677,10 @@ static void __init efi_arch_memory_setup(void) * appropriate l2 slots to map. */ #define l2_4G_offset(a) \ - (((UINTN)(a) >> L2_PAGETABLE_SHIFT) & (4 * L2_PAGETABLE_ENTRIES - 1)) + (((a) >> L2_PAGETABLE_SHIFT) & (4 * L2_PAGETABLE_ENTRIES - 1)) - for ( i = l2_4G_offset(_start); - i <= l2_4G_offset(_end - 1); ++i ) + for ( i = l2_4G_offset((UINTN)_start); + i <= l2_4G_offset((UINTN)_end - 1); ++i ) { l2_pgentry_t pte = l2e_from_paddr(i << L2_PAGETABLE_SHIFT, __PAGE_HYPERVISOR | _PAGE_PSE); diff --git a/xen/arch/x86/include/asm/mm.h b/xen/arch/x86/include/asm/mm.h index 07b59c982b..0fc826de46 100644 --- a/xen/arch/x86/include/asm/mm.h +++ b/xen/arch/x86/include/asm/mm.h @@ -309,8 +309,8 @@ struct page_info #define is_xen_heap_mfn(mfn) \ (mfn_valid(mfn) && is_xen_heap_page(mfn_to_page(mfn))) #define is_xen_fixed_mfn(mfn) \ - (((mfn_to_maddr(mfn)) >= __pa(_stext)) && \ - ((mfn_to_maddr(mfn)) <= __pa(__2M_rwdata_end - 1))) + (((mfn_to_maddr(mfn)) >= virt_to_maddr((unsigned long)_stext)) && \ + ((mfn_to_maddr(mfn)) <= virt_to_maddr((unsigned long)__2M_rwdata_end - 1))) #define PRtype_info "016lx"/* should only be used for printk's */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 06:11:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 06:11:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.371405.603300 (Exim 4.92) (envelope-from ) id 1oE2vl-0007Ub-23; Wed, 20 Jul 2022 06:11:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 371405.603300; Wed, 20 Jul 2022 06:11:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2vk-0007UU-Vo; Wed, 20 Jul 2022 06:11:32 +0000 Received: by outflank-mailman (input) for mailman id 371405; Wed, 20 Jul 2022 06:11:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2vk-0007UK-46 for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2vk-0001FN-3M for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oE2vk-0000sA-1e for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4wk7IhyE0nBIRnO42rM0KoE7pdZs4ztS+GFZV5q0W0Q=; b=cXlsnkN06E9SiDnVkeU15HPC1x tyRRb2+MyRwLVwjvimkkgIxGnCcSveOemo8Fuy2CBJkFUGN2iDYCDPDOgXGZYEY781yFMBfjMimPh cbS63QQPWY/vX+5Lqxk8nS2n6FmpenEv2C8mfHEPbryEN0eep7FCWxxxuXh0fEosSSSQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] Revert "tools/xenstore: add documentation for ..." Message-Id: Date: Wed, 20 Jul 2022 06:11:32 +0000 commit 0a8546395451f01032058a2a97857ed99a12b004 Author: Jan Beulich AuthorDate: Tue Jul 19 11:16:02 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 19 11:16:02 2022 +0200 Revert "tools/xenstore: add documentation for ..." This reverts commits 3db29e8fac3f874aba0198f398e8eeaad9a091b8, 6574f387791f18c85c64399ed83b4391adcb4881, and 1a564e4b3b4fcb9a49fa09ade689ba38c0a890e8. They were committed by mistake (newer version pending). --- docs/misc/xenstore-ring.txt | 3 --- docs/misc/xenstore.txt | 40 +++------------------------------------- 2 files changed, 3 insertions(+), 40 deletions(-) diff --git a/docs/misc/xenstore-ring.txt b/docs/misc/xenstore-ring.txt index a1e6c7bb3a..2792d13530 100644 --- a/docs/misc/xenstore-ring.txt +++ b/docs/misc/xenstore-ring.txt @@ -69,9 +69,6 @@ Bit Description ----------------------------------------------------------------- 0 Ring reconnection (see the ring reconnection feature below) 1 Connection error indicator (see connection error feature below) -2 GET_FEATURE and SET_FEATURE Xenstore wire commands are available -3 GET_QUOTA and SET_QUOTA Xenstore wire commands are available -4 WATCH can take a third parameter limiting its scope The "Connection state" field is used to request a ring close and reconnect. The "Connection state" field only contains valid data if the server has diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt index ee0b51394f..334dc8b6fd 100644 --- a/docs/misc/xenstore.txt +++ b/docs/misc/xenstore.txt @@ -176,7 +176,7 @@ SET_PERMS ||+? ---------- Watches ---------- -WATCH ||[|]? +WATCH ||? Adds a watch. When a is modified (including path creation, removal, @@ -187,11 +187,7 @@ WATCH ||[|]? matching watch results in a WATCH_EVENT message (see below). The event's path matches the watch's if it is an child - of . This match can be limited by specifying (a - decimal value of 0 or larger): it denotes the directory levels - below to consider for a match ("0" would not match for - a child of , "1" would match only for a direct child, - etc.). + of . can be a to watch or @. In the latter case may have any syntax but it matches @@ -202,13 +198,7 @@ WATCH ||[|]? shutdown, and also on RELEASE and domain destruction events are sent to privileged callers or explicitly - via SET_PERMS enabled domains only. The semantics for a - specification of differ for generating - events: specifying "1" will report the related domid by using - @/ for the reported path. Other - values are not supported. - For @releaseDomain it is possible to watch only for a specific - domain by specifying @releaseDomain/ for the path. + via SET_PERMS enabled domains only. When a watch is first set up it is triggered once straight away, with equal to . Watches may be triggered @@ -330,30 +320,6 @@ SET_TARGET || xenstored prevents the use of SET_TARGET other than by dom0. -GET_FEATURE | | -SET_FEATURE || - Returns or sets the contents of the "feature" field located at - offset 2064 of the Xenstore ring page of the domain specified by - . is a decimal number being a logical or of the - feature bits as defined in docs/misc/xenstore-ring.txt. Trying - to set a bit for a feature not being supported by the running - Xenstore will be denied. - - xenstored prevents the use of GET_FEATURE and SET_FEATURE other - than by dom0. - -GET_QUOTA || | -SET_QUOTA ||| - Returns or sets a quota value for the domain being specified by - . is one of "nodes", "watches", "transactions", - "node-size" or "permissions". is a decimal number - specifying the quota value, with "0" having the special meaning - of quota checks being disabled. The initial quota settings for - a domain are the global ones of Xenstore. - - xenstored prevents the use of GET_QUOTA and SET_QUOTA other - than by dom0. - ---------- Miscellaneous ---------- CONTROL |[|] -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 06:11:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 06:11:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.371407.603306 (Exim 4.92) (envelope-from ) id 1oE2vv-0007YX-4Q; Wed, 20 Jul 2022 06:11:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 371407.603306; Wed, 20 Jul 2022 06:11:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2vv-0007YQ-18; Wed, 20 Jul 2022 06:11:43 +0000 Received: by outflank-mailman (input) for mailman id 371407; Wed, 20 Jul 2022 06:11:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2vu-0007YE-7D for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2vu-0001GJ-6R for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oE2vu-0000sl-5Z for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dEV6ezBGBM+wPqgLNXlwSxk0+dRe3i8tvj9clRKrD9k=; b=M77S3IdOcH0xQQi9itzkxidI6e tP2l0+467aD/xkltn0Uke0LOiJeecaM3fYeMZRKHmMpfx+5GCj1yyUk/cKR8+d45rjFQ+7Jhcz7pC LPetJsgYingI3rL5NqMo8Rd9UafhnlR/6UDFeqSGzL7fWkjCiKhbOca4WIVRnxk2VrCk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/xl: use sparse init for dom_info, remove duplicate vars Message-Id: Date: Wed, 20 Jul 2022 06:11:42 +0000 commit e500b6b8d07f87593a9d0e3a391456ef4ac5ee34 Author: Elliott Mitchell AuthorDate: Tue Jul 19 11:18:55 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 19 11:18:55 2022 +0200 tools/xl: use sparse init for dom_info, remove duplicate vars Rather than having shadow variables for every element of dom_info, it is better to properly initialize dom_info at the start. This also removes the misleading memset() in the middle of main_create(). Remove the dryrun element of domain_create as that has been displaced by the global "dryrun_only" variable. Signed-off-by: Elliott Mitchell Reviewed-by: Anthony PERARD --- tools/xl/xl.h | 1 - tools/xl/xl_vmcontrol.c | 76 ++++++++++++++++++++++++------------------------- 2 files changed, 37 insertions(+), 40 deletions(-) diff --git a/tools/xl/xl.h b/tools/xl/xl.h index 528deb3feb..7c9aff6ad7 100644 --- a/tools/xl/xl.h +++ b/tools/xl/xl.h @@ -34,7 +34,6 @@ struct domain_create { int daemonize; int monitor; /* handle guest reboots etc */ int paused; - int dryrun; int quiet; int vnc; int vncautopass; diff --git a/tools/xl/xl_vmcontrol.c b/tools/xl/xl_vmcontrol.c index 8c29923f62..5518c78dc6 100644 --- a/tools/xl/xl_vmcontrol.c +++ b/tools/xl/xl_vmcontrol.c @@ -859,8 +859,8 @@ int create_domain(struct domain_create *dom_info) } } - if (debug || dom_info->dryrun) { - FILE *cfg_print_fh = (debug && !dom_info->dryrun) ? stderr : stdout; + if (debug || dryrun_only) { + FILE *cfg_print_fh = (debug && !dryrun_only) ? stderr : stdout; if (default_output_format == OUTPUT_FORMAT_SXP) { printf_info_sexp(-1, &d_config, cfg_print_fh); } else { @@ -878,7 +878,7 @@ int create_domain(struct domain_create *dom_info) ret = 0; - if (dom_info->dryrun) + if (dryrun_only) goto out; start: @@ -1169,10 +1169,26 @@ out: int main_create(int argc, char **argv) { - const char *filename = NULL; - struct domain_create dom_info; - int paused = 0, debug = 0, daemonize = 1, console_autoconnect = 0, - quiet = 0, monitor = 1, vnc = 0, vncautopass = 0, ignore_masks = 0; + struct domain_create dom_info = { + /* Command-line options */ + .config_file = NULL, + .console_autoconnect = 0, + .debug = 0, + .daemonize = 1, + .ignore_global_affinity_masks = 0, + .monitor = 1, + .paused = 0, + .quiet = 0, + .vnc = 0, + .vncautopass = 0, + + /* Extra configuration file settings */ + .extra_config = NULL, + + /* FDs, initialize to invalid */ + .migrate_fd = -1, + .send_back_fd = -1, + }; int opt, rc; static const struct option opts[] = { {"defconfig", 1, 0, 'f'}, @@ -1184,58 +1200,54 @@ int main_create(int argc, char **argv) COMMON_LONG_OPTS }; - dom_info.extra_config = NULL; - if (argv[1] && argv[1][0] != '-' && !strchr(argv[1], '=')) { - filename = argv[1]; + dom_info.config_file = argv[1]; argc--; argv++; } SWITCH_FOREACH_OPT(opt, "AFVcdef:inpq", opts, "create", 0) { case 'A': - vnc = vncautopass = 1; + dom_info.vnc = dom_info.vncautopass = 1; break; case 'F': - daemonize = 0; + dom_info.daemonize = 0; break; case 'V': - vnc = 1; + dom_info.vnc = 1; break; case 'c': - console_autoconnect = 1; + dom_info.console_autoconnect = 1; break; case 'd': - debug = 1; + dom_info.debug = 1; break; case 'e': - daemonize = 0; - monitor = 0; + dom_info.daemonize = 0; + dom_info.monitor = 0; break; case 'f': - filename = optarg; + dom_info.config_file = optarg; break; case 'i': - ignore_masks = 1; + dom_info.ignore_global_affinity_masks = 1; break; case 'n': dryrun_only = 1; break; case 'p': - paused = 1; + dom_info.paused = 1; break; case 'q': - quiet = 1; + dom_info.quiet = 1; break; } - memset(&dom_info, 0, sizeof(dom_info)); - for (; optind < argc; optind++) { if (strchr(argv[optind], '=') != NULL) { string_realloc_append(&dom_info.extra_config, argv[optind]); string_realloc_append(&dom_info.extra_config, "\n"); - } else if (!filename) { - filename = argv[optind]; + } else if (!dom_info.config_file) { + dom_info.config_file = argv[optind]; } else { help("create"); free(dom_info.extra_config); @@ -1243,20 +1255,6 @@ int main_create(int argc, char **argv) } } - dom_info.debug = debug; - dom_info.daemonize = daemonize; - dom_info.monitor = monitor; - dom_info.paused = paused; - dom_info.dryrun = dryrun_only; - dom_info.quiet = quiet; - dom_info.config_file = filename; - dom_info.migrate_fd = -1; - dom_info.send_back_fd = -1; - dom_info.vnc = vnc; - dom_info.vncautopass = vncautopass; - dom_info.console_autoconnect = console_autoconnect; - dom_info.ignore_global_affinity_masks = ignore_masks; - rc = create_domain(&dom_info); if (rc < 0) { free(dom_info.extra_config); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 06:11:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 06:11:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.371408.603309 (Exim 4.92) (envelope-from ) id 1oE2w5-0007cP-6j; Wed, 20 Jul 2022 06:11:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 371408.603309; Wed, 20 Jul 2022 06:11:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2w5-0007cH-46; Wed, 20 Jul 2022 06:11:53 +0000 Received: by outflank-mailman (input) for mailman id 371408; Wed, 20 Jul 2022 06:11:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2w4-0007c6-AI for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2w4-0001Go-9b for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oE2w4-0000tC-8b for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:11:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ihdSJRqvKkG/9wuKkvzqvLanj0e9pLeoEv6DkPGvz7c=; b=vi5CqXWmH+kNBHMjiaVoj+FLUl T592ZBCpmZDc8XKDHXKpLWdX7p6/c/2SaYhCgjkVeSyII7k/QdS6WY+oYwa1EBh1ra/1VytMJZrEk /vrhKBahYPSXPxO3rU9bHaQ0ZhP2mX64bHR0og0mFa3lFUGyGuB21oN91yVcchzP76aY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Consistently halt speculation using int3 Message-Id: Date: Wed, 20 Jul 2022 06:11:52 +0000 commit addb336f4afb244fd57eb141a9c6ac365ed36563 Author: Andrew Cooper AuthorDate: Thu Jun 30 22:15:25 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 19 14:28:18 2022 +0100 x86/spec-ctrl: Consistently halt speculation using int3 The RSB stuffing loop and retpoline thunks date from the very beginning, when halting speculation was a brand new field. These days, we've largely settled on int3 for halting speculation in non-architectural paths. It's a single byte, and is fully serialising - a requirement for delivering #BP if it were to execute. Update the thunks. Mostly for consistency across the codebase, but it does shrink every entrypath in Xen by 6 bytes which is a marginal win. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 11 +++-------- xen/arch/x86/indirect-thunk.S | 6 ++---- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 9eb4ad9ab7..fab27ff553 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -126,9 +126,8 @@ * change. Based on Google's performance numbers, the loop is unrolled to 16 * iterations and two calls per iteration. * - * The call filling the RSB needs a nonzero displacement. A nop would do, but - * we use "1: pause; lfence; jmp 1b" to safely contains any ret-based - * speculation, even if the loop is speculatively executed prematurely. + * The call filling the RSB needs a nonzero displacement, and int3 halts + * speculation. * * %rsp is preserved by using an extra GPR because a) we've got plenty spare, * b) the two movs are shorter to encode than `add $32*8, %rsp`, and c) can be @@ -141,11 +140,7 @@ .irp n, 1, 2 /* Unrolled twice. */ call .L\@_insert_rsb_entry_\n /* Create an RSB entry. */ - -.L\@_capture_speculation_\n: - pause - lfence - jmp .L\@_capture_speculation_\n /* Capture rogue speculation. */ + int3 /* Halt rogue speculation. */ .L\@_insert_rsb_entry_\n: .endr diff --git a/xen/arch/x86/indirect-thunk.S b/xen/arch/x86/indirect-thunk.S index 7cc22da0ef..de6aef6068 100644 --- a/xen/arch/x86/indirect-thunk.S +++ b/xen/arch/x86/indirect-thunk.S @@ -12,11 +12,9 @@ #include .macro IND_THUNK_RETPOLINE reg:req - call 2f + call 1f + int3 1: - lfence - jmp 1b -2: mov %\reg, (%rsp) ret .endm -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 06:12:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 06:12:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.371409.603313 (Exim 4.92) (envelope-from ) id 1oE2wF-0007g4-8U; Wed, 20 Jul 2022 06:12:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 371409.603313; Wed, 20 Jul 2022 06:12:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2wF-0007fx-5b; Wed, 20 Jul 2022 06:12:03 +0000 Received: by outflank-mailman (input) for mailman id 371409; Wed, 20 Jul 2022 06:12:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2wE-0007fE-DK for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:12:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oE2wE-0001HI-CJ for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:12:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oE2wE-0000tr-Be for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 06:12:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hV/3g+OxVZjeDvBCTvJ9pz+49yst3GS1BWVC02CHjbM=; b=Pt00a1RCxR28jlDVO1dquiTLF1 HY3NGO5bwyR7Iv/awpMRrgx365dqzKWngaOJjkj+YFo76b7jAvWLfW0ZB486Huv/KkfIaHyGe3D+F HEdFYwiSrGMLC9dYvAcjdzgAwHGLkLH4KOLiLmHaGPd2s1Hz8QBup6GDhROoSqSIgTVE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Make svm_vmexit_spec_ctrl conditional Message-Id: Date: Wed, 20 Jul 2022 06:12:02 +0000 commit c16a9eda77b2089206d5bc39ab6488c3793e11bf Author: Andrew Cooper AuthorDate: Mon Jul 18 14:15:08 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 19 14:28:18 2022 +0100 x86/spec-ctrl: Make svm_vmexit_spec_ctrl conditional The logic was written this way out of an abundance of caution, but the reality is that AMD parts don't currently have the RAS-flushing side effect, nor do they intend to gain it. This removes one WRMSR from the VMExit path by default on Zen2 systems. Fixes: 614cec7d79d7 ("x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 0ff4008060..a60d759f71 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -113,15 +113,15 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM .macro svm_vmexit_spec_ctrl - /* - * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] - * flushing side effect. - */ - mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 13:55:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 13:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.371879.603728 (Exim 4.92) (envelope-from ) id 1oEAAL-0006m1-PQ; Wed, 20 Jul 2022 13:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 371879.603728; Wed, 20 Jul 2022 13:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEAAL-0006lt-MN; Wed, 20 Jul 2022 13:55:05 +0000 Received: by outflank-mailman (input) for mailman id 371879; Wed, 20 Jul 2022 13:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEAAK-0006ln-6h for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 13:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEAAK-0001Md-3h for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 13:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEAAK-000075-2j for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 13:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bAOXZVahe0gM4C3HEi38NWr8nEpbSvxHYjIXKlXGRXg=; b=BSqvWiD7kfjjBhBciFA7NCXuKa yM7PmjKjnWAc5qc+duDcKD6tOkBFT9TgffyDPjcDqT6GUVFeLS0A4wB075lfLLgJ5YdciCQrAy1kV g8UGAG8YvMdivY+XYagLn+qdW2lL3UnUuk15PsjzIs+Qv9VCy9uTnATvXOatMbMDLUvk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86emul: add memory operand low bits checks for ENQCMD{,S} Message-Id: Date: Wed, 20 Jul 2022 13:55:04 +0000 commit d620c66bdbe5510c3bae89be8cc7ca9a2a6cbaba Author: Jan Beulich AuthorDate: Wed Jul 20 15:46:48 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 20 15:46:48 2022 +0200 x86emul: add memory operand low bits checks for ENQCMD{,S} Already ISE rev 044 added text to this effect; rev 045 further dropped leftover earlier text indicating the contrary: - ENQCMD requires the low 32 bits of the memory operand to be clear, - ENDCMDS requires bits 20...30 of the memory operand to be clear. Fixes: d27385968741 ("x86emul: support ENQCMD insns") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 7f6af911bc..f6778dd493 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -10499,6 +10499,7 @@ x86_emulate( goto done; if ( vex.pfx == vex_f2 ) /* enqcmd */ { + generate_exception_if(mmvalp->data32[0], EXC_GP, 0); fail_if(!ops->read_msr); if ( (rc = ops->read_msr(MSR_PASID, &msr_val, ctxt)) != X86EMUL_OKAY ) @@ -10506,7 +10507,8 @@ x86_emulate( generate_exception_if(!(msr_val & PASID_VALID), EXC_GP, 0); mmvalp->data32[0] = MASK_EXTR(msr_val, PASID_PASID_MASK); } - mmvalp->data32[0] &= ~0x7ff00000; + else + generate_exception_if(mmvalp->data32[0] & 0x7ff00000, EXC_GP, 0); state->blk = blk_enqcmd; if ( (rc = ops->blk(x86_seg_es, src.val, mmvalp, 64, &_regs.eflags, state, ctxt)) != X86EMUL_OKAY ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 13:55:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 13:55:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.371880.603731 (Exim 4.92) (envelope-from ) id 1oEAAV-0006o1-QR; Wed, 20 Jul 2022 13:55:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 371880.603731; Wed, 20 Jul 2022 13:55:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEAAV-0006nt-Nz; Wed, 20 Jul 2022 13:55:15 +0000 Received: by outflank-mailman (input) for mailman id 371880; Wed, 20 Jul 2022 13:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEAAU-0006nf-7h for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 13:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEAAU-0001Mo-6t for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 13:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEAAU-00007f-5y for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 13:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pgcme2gFzxuCFLgbXhwAGPr8XC8E6IOTRNLqUFIaQ2k=; b=GoH6Gp4wiCyKBfYJGST94oRqAp AOeR9dwMlDgEL86enCb74VTV4E+FbPn2YHJgub6wNDngEUrxQKgzkTneQvTnrqvacFgnBT5PpAjU+ OaOtdFSCKIey3YOAOQPuCyrGdvGOrbcZeVkVoCqZVy+1PVaBTuIIEJElc5wNjLdgWiR0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: also suppress use of MMX insns Message-Id: Date: Wed, 20 Jul 2022 13:55:14 +0000 commit 6fe2e39a0243bddba60f83b77b972a5922d25eb8 Author: Jan Beulich AuthorDate: Wed Jul 20 15:48:49 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 20 15:48:49 2022 +0200 x86: also suppress use of MMX insns Passing -mno-sse alone is not enough: The compiler may still find (questionable) reasons to use MMX insns. In particular with gcc12 use of MOVD+PUNPCKLDQ+MOVQ was observed in an apparent attempt to auto- vectorize the storing of two adjacent zeroes, 32 bits each. Reported-by: ChrisD Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/arch.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index fb86cbda46..227d439a45 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -36,9 +36,9 @@ $(call as-option-add,CFLAGS,CC,\ CFLAGS += -mno-red-zone -fpic -# Xen doesn't use SSE interally. If the compiler supports it, also skip the -# SSE setup for variadic function calls. -CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) +# Xen doesn't use MMX or SSE interally. If the compiler supports it, also skip +# the SSE setup for variadic function calls. +CFLAGS += -mno-mmx -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) ifeq ($(CONFIG_INDIRECT_THUNK),y) # Compile with gcc thunk-extern, indirect-branch-register if available. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 18:11:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 18:11:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372117.603919 (Exim 4.92) (envelope-from ) id 1oEEA5-0005DQ-Je; Wed, 20 Jul 2022 18:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372117.603919; Wed, 20 Jul 2022 18:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEA5-0005DI-FM; Wed, 20 Jul 2022 18:11:05 +0000 Received: by outflank-mailman (input) for mailman id 372117; Wed, 20 Jul 2022 18:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEA4-0005DC-2i for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEA4-0006Ve-1p for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEEA3-0001Jn-Vs for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:11:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WjognTBYb3sjXV90GcfoBgEFL2tCrnS9jRV6OAMmr1s=; b=nqj2QjOrvLpYvJ5stRB+gsm9M/ p+QdXfGfOyE6TmgHDq6utqyM1G4Gl8sj5FS6zEDjUAqHO4mwjRNllFmTWM2q6myP4O66Ur12M+36P C4lX9zPt9FrY51qQ47THkSS9TvmoGWU19o2Kr0H/628sznfw0hpya81iqZMpIuvDoAHw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] docs: document dom0less + PV drivers Message-Id: Date: Wed, 20 Jul 2022 18:11:03 +0000 commit 52196c8cd9d38c7b028619f046246ea55ff9f6a7 Author: Stefano Stabellini AuthorDate: Wed May 4 17:16:56 2022 -0700 Commit: Julien Grall CommitDate: Wed Jul 20 19:06:33 2022 +0100 docs: document dom0less + PV drivers Document how to use the feature and how the implementation works. Signed-off-by: Stefano Stabellini Reviewed-by: Luca Fancellu Acked-by: Julien Grall --- docs/features/dom0less.pandoc | 43 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/docs/features/dom0less.pandoc b/docs/features/dom0less.pandoc index c9edb529e1..725afa0558 100644 --- a/docs/features/dom0less.pandoc +++ b/docs/features/dom0less.pandoc @@ -90,6 +90,46 @@ Otherwise, they may be unusable in Xen (for instance if they are compressed). See docs/misc/arm/device-tree/booting.txt for more information. +PV Drivers +---------- + +It is possible to use PV drivers with dom0less guests with some +restrictions: + +- dom0less domUs that want to use PV drivers support should have the + "xen,enhanced" property set under their device tree nodes (see + docs/misc/arm/device-tree/booting.txt) +- a dom0 must be present (or another domain with enough privileges to + run the toolstack) +- after dom0 is booted, the utility "init-dom0less" must be run +- do not run "init-dom0less" while creating other guests with xl + +After the execution of init-dom0less, it is possible to use "xl" to +hotplug PV drivers to dom0less guests. E.g. xl network-attach domU. + +The implementation works as follows: +- Xen allocates the xenstore event channel for each dom0less domU that + has the "xen,enhanced" property, and sets HVM_PARAM_STORE_EVTCHN +- Xen does *not* allocate the xenstore page and sets HVM_PARAM_STORE_PFN + to ~0ULL (invalid) +- Dom0less domU kernels check that HVM_PARAM_STORE_PFN is set to invalid + - Old kernels will continue without xenstore support (Note: some old + buggy kernels might crash because they don't check the validity of + HVM_PARAM_STORE_PFN before using it! Disable "xen,enhanced" in + those cases) + - New kernels will wait for a notification on the xenstore event + channel (HVM_PARAM_STORE_EVTCHN) before continuing with the + initialization +- Once dom0 is booted, init-dom0less is executed: + - it allocates the xenstore shared page and sets HVM_PARAM_STORE_PFN + - it calls xs_introduce_domain +- Xenstored notices the new domain, initializes interfaces as usual, and + sends an event channel notification to the domain using the xenstore + event channel (HVM_PARAM_STORE_EVTCHN) +- The Linux domU kernel receives the event channel notification, checks + HVM_PARAM_STORE_PFN again and continue with the initialization + + Limitations ----------- @@ -107,9 +147,6 @@ limitations: information, the GIC version exposed to the domains started by Xen at boot is the same as the native GIC version. -- No PV drivers. There is no support for PV devices at the moment. All - devices need to be statically assigned to guests. - - Pinning vCPUs of domains started by Xen at boot can be done from the control domain, using `xl vcpu-pin` as usual. It is not currently possible to configure vCPU pinning without a control domain. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 18:22:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 18:22:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372123.603934 (Exim 4.92) (envelope-from ) id 1oEEKj-0006xH-Me; Wed, 20 Jul 2022 18:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372123.603934; Wed, 20 Jul 2022 18:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEKj-0006x9-JK; Wed, 20 Jul 2022 18:22:05 +0000 Received: by outflank-mailman (input) for mailman id 372123; Wed, 20 Jul 2022 18:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEKi-0006x3-9j for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEKi-0006hm-8o for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEEKi-0001mD-80 for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=J0xa332bZBkNXdTB3etStbGGLQM1gv0bhfgEIeG1c/Y=; b=SYtP60wSmviRazyt46loPSuGoi mn34dtPPk9t50eK5r6T+6bRORTRgj/7T0TRy37gXchzpGvLmZnAdhMhH/9CWBiEaR094tbbPgjMXX Hb8hIdc+Nmbuz1cyl5+lwou83Vf8uPBt9pETdpE4NuaYDMRXwqro0Dhk3G7HnsHcHvE4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Harden the P2M code in p2m_remove_mapping() Message-Id: Date: Wed, 20 Jul 2022 18:22:04 +0000 commit 5a4a2cef085d74a247663ed210e9398264ce3fc8 Author: Oleksandr Tyshchenko AuthorDate: Sat Jul 16 17:56:57 2022 +0300 Commit: Julien Grall CommitDate: Wed Jul 20 19:12:22 2022 +0100 xen/arm: Harden the P2M code in p2m_remove_mapping() Borrow the x86's check from p2m_remove_page() which was added by the following commit: c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e "x86/p2m: don't assert that the passed in MFN matches for a remove" and adjust it to the Arm code base. Basically, this check will be strictly needed for the xenheap pages after applying a subsequent commit which will introduce xenheap based M2P approach on Arm. But, it will be a good opportunity to harden the P2M code for *every* RAM pages since it is possible to remove any GFN - MFN mapping currently on Arm (even with the wrong helpers). Suggested-by: Julien Grall Signed-off-by: Oleksandr Tyshchenko Reviewed-by: Julien Grall --- xen/arch/arm/p2m.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index d00c2e462a..46ee675409 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -1308,11 +1308,39 @@ static inline int p2m_remove_mapping(struct domain *d, mfn_t mfn) { struct p2m_domain *p2m = p2m_get_hostp2m(d); + unsigned long i; int rc; p2m_write_lock(p2m); + /* + * Before removing the GFN - MFN mapping for any RAM pages make sure + * that there is no difference between what is already mapped and what + * is requested to be unmapped. + * If they don't match bail out early. For instance, this could happen + * if two CPUs are requesting to unmap the same P2M entry concurrently. + */ + for ( i = 0; i < nr; ) + { + unsigned int cur_order; + p2m_type_t t; + mfn_t mfn_return = p2m_get_entry(p2m, gfn_add(start_gfn, i), &t, NULL, + &cur_order, NULL); + + if ( p2m_is_any_ram(t) && + (!mfn_valid(mfn) || !mfn_eq(mfn_add(mfn, i), mfn_return)) ) + { + rc = -EILSEQ; + goto out; + } + + i += (1UL << cur_order) - + ((gfn_x(start_gfn) + i) & ((1UL << cur_order) - 1)); + } + rc = p2m_set_entry(p2m, start_gfn, nr, INVALID_MFN, p2m_invalid, p2m_access_rwx); + +out: p2m_write_unlock(p2m); return rc; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 18:22:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 18:22:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372124.603936 (Exim 4.92) (envelope-from ) id 1oEEKt-0006zU-NW; Wed, 20 Jul 2022 18:22:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372124.603936; Wed, 20 Jul 2022 18:22:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEKt-0006zN-Ks; Wed, 20 Jul 2022 18:22:15 +0000 Received: by outflank-mailman (input) for mailman id 372124; Wed, 20 Jul 2022 18:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEKs-0006zD-EU for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEKs-0006hx-Da for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEEKs-0001mc-Bd for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=487CcwBUyyt4Sjk6nvG97juCFc1MXrM1w8PTsam2enQ=; b=MvLQ6U1MKkG3T+aMNlJGuZeJnE Mzr/1S2ATkOmXpmZLkXjyoE6WWVuo2p4DRn97O3nquu5ga81IPOdWkxEsaAezi3qroTcmGSs5JEUu ldBt7ctfct99M4Hz6Sz343T7WqD0joS2ugQsiCrIbUHhWhYGcUi7kVWhc25wpD0Peb8U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/gnttab: Store frame GFN in struct page_info on Arm Message-Id: Date: Wed, 20 Jul 2022 18:22:14 +0000 commit 71320946d5edf158b79eb91a5be261adc20f3aa1 Author: Oleksandr Tyshchenko AuthorDate: Sat Jul 16 17:56:58 2022 +0300 Commit: Julien Grall CommitDate: Wed Jul 20 19:12:26 2022 +0100 xen/gnttab: Store frame GFN in struct page_info on Arm Rework Arm implementation to store grant table frame GFN in struct page_info directly instead of keeping it in standalone status/shared arrays. This patch is based on the assumption that a grant table page is a xenheap page. To cover 64-bit/40-bit IPA on Arm64/Arm32 we need the space to hold 52-bit/28-bit + extra bit value respectively. In order to not grow the size of struct page_info borrow the required amount of bits from type_info's count portion which current context won't suffer (currently only 1 bit is used on Arm). Please note, to minimize code changes and avoid introducing an extra #ifdef-s to the header, we keep the same amount of bits on both subarches, although the count portion on Arm64 could be wider, so we waste some bits here. Introduce corresponding PGT_* constructs and access macro page_get(set)_xenheap_gfn. Please note, all accesses to the GFN portion of type_info field should always be protected by the P2M lock. In case when it is not feasible to satisfy that requirement (risk of deadlock, lock inversion, etc) it is important to make sure that all non-protected updates to this field are atomic. As several non-protected read accesses still exist within current code (most calls to page_get_xenheap_gfn() are not protected by the P2M lock) the subsequent patch will introduce hardening code for p2m_remove_mapping() to be called with P2M lock held in order to check any difference between what is already mapped and what is requested to be ummapped. Update existing gnttab macros to deal with GFN value according to new location. Also update the use of count portion of type_info field on Arm in share_xen_page_with_guest(). While at it, extend this simplified M2P-like approach for any xenheap pages which are proccessed in xenmem_add_to_physmap_one() except foreign ones. Update the code to set GFN portion after establishing new mapping for the xenheap page in said function and to clean GFN portion when putting a reference on that page in p2m_put_l3_page(). And for everything to work correctly introduce arch-specific initialization pattern PGT_TYPE_INFO_INITIALIZER to be applied to type_info field during initialization at alloc_heap_pages() and acquire_staticmem_pages(). The pattern's purpose on Arm is to clear the GFN portion before use, on x86 it is just a stub. This patch is intended to fix the potential issue on Arm which might happen when remapping grant-table frame. A guest (or the toolstack) will unmap the grant-table frame using XENMEM_remove_physmap. This is a generic hypercall, so on x86, we are relying on the fact the M2P entry will be cleared on removal. For architecture without the M2P, the GFN would still be present in the grant frame/status array. So on the next call to map the page, we will end up to request the P2M to remove whatever mapping was the given GFN. This could well be another mapping. Please note, this patch also changes the behavior how the shared_info page (which is xenheap RAM page) is mapped in xenmem_add_to_physmap_one(). Now, we only allow to map the shared_info at once. The subsequent attempts to map it will result in -EBUSY. Doing that we mandate the caller to first unmap the page before mapping it again. This is to prevent Xen creating an unwanted hole in the P2M. For instance, this could happen if the firmware stole a RAM address for mapping the shared_info page into but forgot to unmap it afterwards. Besides that, this patch simplifies arch code on Arm by removing arrays and corresponding management code and as the result gnttab_init_arch/gnttab_destroy_arch helpers and struct grant_table_arch become useless and can be dropped globally. Suggested-by: Julien Grall Signed-off-by: Oleksandr Tyshchenko Acked-by: Jan Beulich Reviewed-by: Julien Grall --- xen/arch/arm/include/asm/grant_table.h | 53 +++++++--------------------------- xen/arch/arm/include/asm/mm.h | 47 ++++++++++++++++++++++++++++-- xen/arch/arm/mm.c | 51 ++++++++++++++++++++++++++++---- xen/arch/arm/p2m.c | 7 +++-- xen/arch/x86/include/asm/grant_table.h | 5 ---- xen/common/grant_table.c | 9 ------ xen/common/page_alloc.c | 8 +++-- 7 files changed, 112 insertions(+), 68 deletions(-) diff --git a/xen/arch/arm/include/asm/grant_table.h b/xen/arch/arm/include/asm/grant_table.h index a283dd5cd6..e13dfeefa5 100644 --- a/xen/arch/arm/include/asm/grant_table.h +++ b/xen/arch/arm/include/asm/grant_table.h @@ -11,11 +11,6 @@ #define INITIAL_NR_GRANT_FRAMES 1U #define GNTTAB_MAX_VERSION 1 -struct grant_table_arch { - gfn_t *shared_gfn; - gfn_t *status_gfn; -}; - static inline void gnttab_clear_flags(struct domain *d, unsigned int mask, uint16_t *addr) { @@ -56,53 +51,27 @@ int replace_grant_host_mapping(unsigned long gpaddr, mfn_t mfn, #define gnttab_dom0_frames() \ min_t(unsigned int, opt_max_grant_frames, PFN_DOWN(_etext - _stext)) -#define gnttab_init_arch(gt) \ -({ \ - unsigned int ngf_ = (gt)->max_grant_frames; \ - unsigned int nsf_ = grant_to_status_frames(ngf_); \ - \ - (gt)->arch.shared_gfn = xmalloc_array(gfn_t, ngf_); \ - (gt)->arch.status_gfn = xmalloc_array(gfn_t, nsf_); \ - if ( (gt)->arch.shared_gfn && (gt)->arch.status_gfn ) \ - { \ - while ( ngf_-- ) \ - (gt)->arch.shared_gfn[ngf_] = INVALID_GFN; \ - while ( nsf_-- ) \ - (gt)->arch.status_gfn[nsf_] = INVALID_GFN; \ - } \ - else \ - gnttab_destroy_arch(gt); \ - (gt)->arch.shared_gfn ? 0 : -ENOMEM; \ -}) - -#define gnttab_destroy_arch(gt) \ - do { \ - XFREE((gt)->arch.shared_gfn); \ - XFREE((gt)->arch.status_gfn); \ - } while ( 0 ) - #define gnttab_set_frame_gfn(gt, st, idx, gfn, mfn) \ - ({ \ - int rc_ = 0; \ - gfn_t ogfn = gnttab_get_frame_gfn(gt, st, idx); \ - if ( gfn_eq(ogfn, INVALID_GFN) || gfn_eq(ogfn, gfn) || \ - (rc_ = guest_physmap_remove_page((gt)->domain, ogfn, mfn, \ - 0)) == 0 ) \ - ((st) ? (gt)->arch.status_gfn \ - : (gt)->arch.shared_gfn)[idx] = (gfn); \ - rc_; \ - }) + (gfn_eq(gfn, INVALID_GFN) \ + ? guest_physmap_remove_page((gt)->domain, \ + gnttab_get_frame_gfn(gt, st, idx), \ + mfn, 0) \ + : 0) #define gnttab_get_frame_gfn(gt, st, idx) ({ \ (st) ? gnttab_status_gfn(NULL, gt, idx) \ : gnttab_shared_gfn(NULL, gt, idx); \ }) +#define gnttab_shared_page(t, i) virt_to_page((t)->shared_raw[i]) + +#define gnttab_status_page(t, i) virt_to_page((t)->status[i]) + #define gnttab_shared_gfn(d, t, i) \ - (((i) >= nr_grant_frames(t)) ? INVALID_GFN : (t)->arch.shared_gfn[i]) + page_get_xenheap_gfn(gnttab_shared_page(t, i)) #define gnttab_status_gfn(d, t, i) \ - (((i) >= nr_status_frames(t)) ? INVALID_GFN : (t)->arch.status_gfn[i]) + page_get_xenheap_gfn(gnttab_status_page(t, i)) #define gnttab_need_iommu_mapping(d) \ (is_domain_direct_mapped(d) && is_iommu_enabled(d)) diff --git a/xen/arch/arm/include/asm/mm.h b/xen/arch/arm/include/asm/mm.h index c4bc3cd1e5..6c0a3c789f 100644 --- a/xen/arch/arm/include/asm/mm.h +++ b/xen/arch/arm/include/asm/mm.h @@ -98,9 +98,22 @@ struct page_info #define PGT_writable_page PG_mask(1, 1) /* has writable mappings? */ #define PGT_type_mask PG_mask(1, 1) /* Bits 31 or 63. */ - /* Count of uses of this frame as its current type. */ -#define PGT_count_width PG_shift(2) -#define PGT_count_mask ((1UL<u.inuse.type_info) & PGT_gfn_mask); + + ASSERT(is_xen_heap_page(p)); + + return gfn_eq(gfn_, PGT_INVALID_XENHEAP_GFN) ? INVALID_GFN : gfn_; +} + +static inline void page_set_xenheap_gfn(struct page_info *p, gfn_t gfn) +{ + gfn_t gfn_ = gfn_eq(gfn, INVALID_GFN) ? PGT_INVALID_XENHEAP_GFN : gfn; + unsigned long x, nx, y = p->u.inuse.type_info; + + ASSERT(is_xen_heap_page(p)); + + do { + x = y; + nx = (x & ~PGT_gfn_mask) | gfn_x(gfn_); + } while ( (y = cmpxchg(&p->u.inuse.type_info, x, nx)) != x ); +} + #endif /* __ARCH_ARM_MM__ */ /* * Local variables: diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 009b8cd9ef..e59a4ce6d0 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1449,9 +1449,21 @@ void share_xen_page_with_guest(struct page_info *page, struct domain *d, spin_lock(&d->page_alloc_lock); - /* The incremented type count pins as writable or read-only. */ - page->u.inuse.type_info = - (flags == SHARE_ro ? PGT_none : PGT_writable_page) | 1; + /* + * The incremented type count pins as writable or read-only. + * + * Please note, the update of type_info field here is not atomic as + * we use Read-Modify-Write operation on it. But currently it is fine + * because the caller of page_set_xenheap_gfn() (which is another place + * where type_info is updated) would need to acquire a reference on + * the page. This is only possible after the count_info is updated *and* + * there is a barrier between the type_info and count_info. So there is + * no immediate need to use cmpxchg() here. + */ + page->u.inuse.type_info &= ~(PGT_type_mask | PGT_count_mask); + page->u.inuse.type_info |= (flags == SHARE_ro ? PGT_none + : PGT_writable_page) | + MASK_INSR(1, PGT_count_mask); page_set_owner(page, d); smp_wmb(); /* install valid domain ptr before updating refcnt. */ @@ -1554,8 +1566,37 @@ int xenmem_add_to_physmap_one( return -ENOSYS; } - /* Map at new location. */ - rc = guest_physmap_add_entry(d, gfn, mfn, 0, t); + /* + * Map at new location. Here we need to map xenheap RAM page differently + * because we need to store the valid GFN and make sure that nothing was + * mapped before (the stored GFN is invalid). And these actions need to be + * performed with the P2M lock held. The guest_physmap_add_entry() is just + * a wrapper on top of p2m_set_entry(). + */ + if ( !p2m_is_ram(t) || !is_xen_heap_mfn(mfn) ) + rc = guest_physmap_add_entry(d, gfn, mfn, 0, t); + else + { + struct p2m_domain *p2m = p2m_get_hostp2m(d); + + p2m_write_lock(p2m); + if ( gfn_eq(page_get_xenheap_gfn(mfn_to_page(mfn)), INVALID_GFN) ) + { + rc = p2m_set_entry(p2m, gfn, 1, mfn, t, p2m->default_access); + if ( !rc ) + page_set_xenheap_gfn(mfn_to_page(mfn), gfn); + } + else + /* + * Mandate the caller to first unmap the page before mapping it + * again. This is to prevent Xen creating an unwanted hole in + * the P2M. For instance, this could happen if the firmware stole + * a RAM address for mapping the shared_info page into but forgot + * to unmap it afterwards. + */ + rc = -EBUSY; + p2m_write_unlock(p2m); + } /* * For XENMAPSPACE_gmfn_foreign if we failed to add the mapping, we need diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index 46ee675409..8449f97fe7 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -716,6 +716,8 @@ static int p2m_mem_access_radix_set(struct p2m_domain *p2m, gfn_t gfn, */ static void p2m_put_l3_page(const lpae_t pte) { + mfn_t mfn = lpae_get_mfn(pte); + ASSERT(p2m_is_valid(pte)); /* @@ -727,11 +729,12 @@ static void p2m_put_l3_page(const lpae_t pte) */ if ( p2m_is_foreign(pte.p2m.type) ) { - mfn_t mfn = lpae_get_mfn(pte); - ASSERT(mfn_valid(mfn)); put_page(mfn_to_page(mfn)); } + /* Detect the xenheap page and mark the stored GFN as invalid. */ + else if ( p2m_is_ram(pte.p2m.type) && is_xen_heap_mfn(mfn) ) + page_set_xenheap_gfn(mfn_to_page(mfn), INVALID_GFN); } /* Free lpae sub-tree behind an entry */ diff --git a/xen/arch/x86/include/asm/grant_table.h b/xen/arch/x86/include/asm/grant_table.h index a8a21439a4..5c23cec90c 100644 --- a/xen/arch/x86/include/asm/grant_table.h +++ b/xen/arch/x86/include/asm/grant_table.h @@ -14,9 +14,6 @@ #define INITIAL_NR_GRANT_FRAMES 1U -struct grant_table_arch { -}; - static inline int create_grant_host_mapping(uint64_t addr, mfn_t frame, unsigned int flags, unsigned int cache_flags) @@ -35,8 +32,6 @@ static inline int replace_grant_host_mapping(uint64_t addr, mfn_t frame, return replace_grant_pv_mapping(addr, frame, new_addr, flags); } -#define gnttab_init_arch(gt) 0 -#define gnttab_destroy_arch(gt) do {} while ( 0 ) #define gnttab_set_frame_gfn(gt, st, idx, gfn, mfn) \ (gfn_eq(gfn, INVALID_GFN) \ ? guest_physmap_remove_page((gt)->domain, \ diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index aea0ad30a7..ad773a6996 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -99,8 +99,6 @@ struct grant_table { /* Domain to which this struct grant_table belongs. */ struct domain *domain; - - struct grant_table_arch arch; }; unsigned int __read_mostly opt_max_grant_frames = 64; @@ -2018,14 +2016,9 @@ int grant_table_init(struct domain *d, int max_grant_frames, grant_write_lock(gt); - ret = gnttab_init_arch(gt); - if ( ret ) - goto unlock; - /* gnttab_grow_table() allocates a min number of frames, so 0 is okay. */ ret = gnttab_grow_table(d, 0); - unlock: grant_write_unlock(gt); out: @@ -3939,8 +3932,6 @@ grant_table_destroy( if ( t == NULL ) return; - gnttab_destroy_arch(t); - for ( i = 0; i < nr_grant_frames(t); i++ ) free_xenheap_page(t->shared_raw[i]); xfree(t->shared_raw); diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index fe0e15429a..6ca986584d 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -155,6 +155,10 @@ #define PGC_reserved 0 #endif +#ifndef PGT_TYPE_INFO_INITIALIZER +#define PGT_TYPE_INFO_INITIALIZER 0 +#endif + /* * Comma-separated list of hexadecimal page numbers containing bad bytes. * e.g. 'badpage=0x3f45,0x8a321'. @@ -1024,7 +1028,7 @@ static struct page_info *alloc_heap_pages( &tlbflush_timestamp); /* Initialise fields which have other uses for free pages. */ - pg[i].u.inuse.type_info = 0; + pg[i].u.inuse.type_info = PGT_TYPE_INFO_INITIALIZER; page_set_owner(&pg[i], NULL); } @@ -2702,7 +2706,7 @@ static struct page_info * __init acquire_staticmem_pages(mfn_t smfn, */ pg[i].count_info = PGC_reserved | PGC_state_inuse; /* Initialise fields which have other uses for free pages. */ - pg[i].u.inuse.type_info = 0; + pg[i].u.inuse.type_info = PGT_TYPE_INFO_INITIALIZER; page_set_owner(&pg[i], NULL); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 18:33:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 18:33:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372137.603973 (Exim 4.92) (envelope-from ) id 1oEEVN-0001Cr-Dx; Wed, 20 Jul 2022 18:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372137.603973; Wed, 20 Jul 2022 18:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEVN-0001Ch-AX; Wed, 20 Jul 2022 18:33:05 +0000 Received: by outflank-mailman (input) for mailman id 372137; Wed, 20 Jul 2022 18:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEVM-0001C0-8e for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEVM-0006tL-6M for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEEVM-0002I4-5a for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9o6/WhZ0E+DoyFQAFZNb3RP4Qg46kRDm7YsIh6biEZU=; b=bMCJGrCyuregfnAuiXtjfI/Btk 5mfNWY51ekPvtiZaGY28tebPkJtJZC3IlGlOU5DomIjJXDRng8163o14Ku2c3HG+VruVwhxs5vvEJ LvBqzenaAZ7+kj7zh6FoQSgZqjmKHpHXiYQZS2xuWfC172K5M7Ajb3DRpYIwYbub7sCk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: page_alloc: Don't open-code IS_ALIGNED() Message-Id: Date: Wed, 20 Jul 2022 18:33:04 +0000 commit 7a2b7edad5d5508e2d6a2e5d0ad0399ae16e9c8e Author: Julien Grall AuthorDate: Wed Jul 20 19:22:34 2022 +0100 Commit: Julien Grall CommitDate: Wed Jul 20 19:26:19 2022 +0100 xen: page_alloc: Don't open-code IS_ALIGNED() init_heap_pages() is using an open-code version of IS_ALIGNED(). Replace it to improve the readability of the code. No functional change intended. Signed-off-by: Julien Grall Reviewed-by: Wei Chen Acked-by: Jan Beulich --- xen/common/page_alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 6ca986584d..013f3d142e 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1827,7 +1827,7 @@ static void init_heap_pages( unsigned long s = mfn_x(page_to_mfn(pg + i)); unsigned long e = mfn_x(mfn_add(page_to_mfn(pg + nr_pages - 1), 1)); bool use_tail = (nid == phys_to_nid(pfn_to_paddr(e - 1))) && - !(s & ((1UL << MAX_ORDER) - 1)) && + IS_ALIGNED(s, 1UL << MAX_ORDER) && (find_first_set_bit(e) <= find_first_set_bit(s)); unsigned long n; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 18:33:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 18:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372140.603976 (Exim 4.92) (envelope-from ) id 1oEEVX-0001M1-Et; Wed, 20 Jul 2022 18:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372140.603976; Wed, 20 Jul 2022 18:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEVX-0001Lu-CB; Wed, 20 Jul 2022 18:33:15 +0000 Received: by outflank-mailman (input) for mailman id 372140; Wed, 20 Jul 2022 18:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEVW-0001LZ-AO for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEVW-0006tc-9W for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEEVW-0002Ic-8X for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BVoUEWSTqqL91rav7uFlpnRtGSHvZdgDP9haHDZCJLg=; b=Y8rH3x1dohhAhj+A2+anRSpytb 81EGGif17FJ7c1ejMsd5u9TYyyOZUtmTdOjx7sz6KI/CKX/q3XQee+/YL8Us0q70eBI03GCfS/Cyl XkDHv9T74fT9ASJ0kvseAcF6ao3H86p4gmFhBGoMwWI4gNuLUiJ0MwvzoQNPGAWxtHkI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/heap: Split init_heap_pages() in two Message-Id: Date: Wed, 20 Jul 2022 18:33:14 +0000 commit 24a53060bd375ab7e95eda9417bb66d821524c59 Author: Julien Grall AuthorDate: Wed Jul 20 19:25:16 2022 +0100 Commit: Julien Grall CommitDate: Wed Jul 20 19:26:19 2022 +0100 xen/heap: Split init_heap_pages() in two At the moment, init_heap_pages() will call free_heap_pages() page by page. To reduce the time to initialize the heap, we will want to provide multiple pages at the same time. init_heap_pages() is now split in two parts: - init_heap_pages(): will break down the range in multiple set of contiguous pages. For now, the criteria is the pages should belong to the same NUMA node. - _init_heap_pages(): will initialize a set of pages belonging to the same NUMA node. In a follow-up patch, new requirements will be added (e.g. pages should belong to the same zone). For now the pages are still passed one by one to free_heap_pages(). Note that the comment before init_heap_pages() is heavily outdated and does not reflect the current code. So update it. This patch is a merge/rework of patches from David Woodhouse and Hongyan Xia. Signed-off-by: Julien Grall Reviewed-by: Jan Beulich --- xen/common/page_alloc.c | 77 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 50 insertions(+), 27 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 013f3d142e..e4fd25bc91 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1782,16 +1782,44 @@ int query_page_offline(mfn_t mfn, uint32_t *status) } /* - * Hand the specified arbitrary page range to the specified heap zone - * checking the node_id of the previous page. If they differ and the - * latter is not on a MAX_ORDER boundary, then we reserve the page by - * not freeing it to the buddy allocator. + * This function should only be called with valid pages from the same NUMA + * node. */ +static void _init_heap_pages(const struct page_info *pg, + unsigned long nr_pages, + bool need_scrub) +{ + unsigned long s, e; + unsigned int nid = phys_to_nid(page_to_maddr(pg)); + + s = mfn_x(page_to_mfn(pg)); + e = mfn_x(mfn_add(page_to_mfn(pg + nr_pages - 1), 1)); + if ( unlikely(!avail[nid]) ) + { + bool use_tail = IS_ALIGNED(s, 1UL << MAX_ORDER) && + (find_first_set_bit(e) <= find_first_set_bit(s)); + unsigned long n; + + n = init_node_heap(nid, s, nr_pages, &use_tail); + BUG_ON(n > nr_pages); + if ( use_tail ) + e -= n; + else + s += n; + } + + while ( s < e ) + { + free_heap_pages(mfn_to_page(_mfn(s)), 0, need_scrub); + s += 1UL; + } +} + static void init_heap_pages( struct page_info *pg, unsigned long nr_pages) { unsigned long i; - bool idle_scrub = false; + bool need_scrub = scrub_debug; /* * Keep MFN 0 away from the buddy allocator to avoid crossing zone @@ -1816,35 +1844,30 @@ static void init_heap_pages( spin_unlock(&heap_lock); if ( system_state < SYS_STATE_active && opt_bootscrub == BOOTSCRUB_IDLE ) - idle_scrub = true; + need_scrub = true; - for ( i = 0; i < nr_pages; i++ ) + for ( i = 0; i < nr_pages; ) { - unsigned int nid = phys_to_nid(page_to_maddr(pg+i)); + unsigned int nid = phys_to_nid(page_to_maddr(pg)); + unsigned long left = nr_pages - i; + unsigned long contig_pages; - if ( unlikely(!avail[nid]) ) + /* + * _init_heap_pages() is only able to accept range following + * specific property (see comment on top of _init_heap_pages()). + * + * So break down the range in smaller set. + */ + for ( contig_pages = 1; contig_pages < left; contig_pages++ ) { - unsigned long s = mfn_x(page_to_mfn(pg + i)); - unsigned long e = mfn_x(mfn_add(page_to_mfn(pg + nr_pages - 1), 1)); - bool use_tail = (nid == phys_to_nid(pfn_to_paddr(e - 1))) && - IS_ALIGNED(s, 1UL << MAX_ORDER) && - (find_first_set_bit(e) <= find_first_set_bit(s)); - unsigned long n; - - n = init_node_heap(nid, mfn_x(page_to_mfn(pg + i)), nr_pages - i, - &use_tail); - BUG_ON(i + n > nr_pages); - if ( n && !use_tail ) - { - i += n - 1; - continue; - } - if ( i + n == nr_pages ) + if ( nid != (phys_to_nid(page_to_maddr(pg))) ) break; - nr_pages -= n; } - free_heap_pages(pg + i, 0, scrub_debug || idle_scrub); + _init_heap_pages(pg, contig_pages, need_scrub); + + pg += contig_pages; + i += contig_pages; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 18:33:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 18:33:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372143.603983 (Exim 4.92) (envelope-from ) id 1oEEVh-0001U0-HJ; Wed, 20 Jul 2022 18:33:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372143.603983; Wed, 20 Jul 2022 18:33:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEVh-0001Ts-Dl; Wed, 20 Jul 2022 18:33:25 +0000 Received: by outflank-mailman (input) for mailman id 372143; Wed, 20 Jul 2022 18:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEVg-0001Te-Dc for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEVg-0006tm-Cf for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEEVg-0002J7-Bj for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zu5ftaVqu6ve5CcXi+dXksWvVxr53Gd6YO9RRdbaW14=; b=TdjpxSyJ0iaz8tAqQ2kj1tz6Zc m2/9eEfp2yPiDwaABaj8m1XiLtn2jXJwQX0iUkKyjfAhYLAC+8fsBTB/HDHJbpojnvZojEEYFahkk dpKAOEX0LyvD4LpSpuwpMBIs7PU6rgWK4qnJJw9J/YvGJT24lMap96+ETe085qFhBUdw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/heap: pass order to free_heap_pages() in heap init Message-Id: Date: Wed, 20 Jul 2022 18:33:24 +0000 commit 72b02bc75b47a7f74d82f812fcbebf0f729f77a8 Author: Hongyan Xia AuthorDate: Wed Feb 24 18:43:13 2021 +0000 Commit: Julien Grall CommitDate: Wed Jul 20 19:26:19 2022 +0100 xen/heap: pass order to free_heap_pages() in heap init The idea is to split the range into multiple aligned power-of-2 regions which only needs to call free_heap_pages() once each. We check the least significant set bit of the start address and use its bit index as the order of this increment. This makes sure that each increment is both power-of-2 and properly aligned, which can be safely passed to free_heap_pages(). Of course, the order also needs to be sanity checked against the upper bound and MAX_ORDER. Tested on a nested environment on c5.metal with various amount of RAM and CONFIG_DEBUG=n. Time for end_boot_allocator() to complete: Before After - 90GB: 1445 ms 96 ms - 8GB: 126 ms 8 ms - 4GB: 62 ms 4 ms Signed-off-by: Hongyan Xia Signed-off-by: Julien Grall Reviewed-by: Wei Chen Reviewed-by: Jan Beulich --- xen/common/page_alloc.c | 35 ++++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index e4fd25bc91..c5c5047e7c 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1783,7 +1783,7 @@ int query_page_offline(mfn_t mfn, uint32_t *status) /* * This function should only be called with valid pages from the same NUMA - * node. + * node and zone. */ static void _init_heap_pages(const struct page_info *pg, unsigned long nr_pages, @@ -1810,8 +1810,22 @@ static void _init_heap_pages(const struct page_info *pg, while ( s < e ) { - free_heap_pages(mfn_to_page(_mfn(s)), 0, need_scrub); - s += 1UL; + /* + * For s == 0, we simply use the largest increment by checking the + * MSB of the region size. For s != 0, we also need to ensure that the + * chunk is properly sized to end at power-of-two alignment. We do this + * by checking the LSB of the start address and use its index as + * the increment. Both cases need to be bounded by MAX_ORDER. + * + * Note that the value of ffsl() and flsl() starts from 1 so we need + * to decrement it by 1. + */ + unsigned int inc_order = min(MAX_ORDER, flsl(e - s) - 1); + + if ( s ) + inc_order = min(inc_order, ffsl(s) - 1U); + free_heap_pages(mfn_to_page(_mfn(s)), inc_order, need_scrub); + s += (1UL << inc_order); } } @@ -1848,6 +1862,9 @@ static void init_heap_pages( for ( i = 0; i < nr_pages; ) { +#ifdef CONFIG_SEPARATE_XENHEAP + unsigned int zone = page_to_zone(pg); +#endif unsigned int nid = phys_to_nid(page_to_maddr(pg)); unsigned long left = nr_pages - i; unsigned long contig_pages; @@ -1860,6 +1877,18 @@ static void init_heap_pages( */ for ( contig_pages = 1; contig_pages < left; contig_pages++ ) { + /* + * No need to check for the zone when !CONFIG_SEPARATE_XENHEAP + * because free_heap_pages() can only take power-of-two ranges + * which never cross zone boundaries. But for separate xenheap + * which is manually defined, it is possible for power-of-two + * range to cross zones. + */ +#ifdef CONFIG_SEPARATE_XENHEAP + if ( zone != page_to_zone(pg) ) + break; +#endif + if ( nid != (phys_to_nid(page_to_maddr(pg))) ) break; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 18:44:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 18:44:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372148.603995 (Exim 4.92) (envelope-from ) id 1oEEg1-00037c-H6; Wed, 20 Jul 2022 18:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372148.603995; Wed, 20 Jul 2022 18:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEg1-00037U-EK; Wed, 20 Jul 2022 18:44:05 +0000 Received: by outflank-mailman (input) for mailman id 372148; Wed, 20 Jul 2022 18:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEg0-00036n-DQ for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEEg0-000760-AJ for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEEg0-0002v9-8g for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 18:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WVEUUaDe0bPi9xBo/1Gt0Q//j6HSHlExJNaKmPyWvn4=; b=emW7qjDHGfdkQVyfIhER18XP+u 6KUMCAoY6dlvr7urSyN6KHj+z4XWFHGqQkKd7u751y7IkJlckyGNr0mpT6KIWKS5EGnz6f3pInbQh 4LWiK66mD/Z801Tfl2uw+J0EHcI7npt4n/o5oe5T4bGEXJCFnT+KuRXL66nKgUQs2l1s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: mm: Add more ASSERT() in {destroy, modify}_xen_mappings() Message-Id: Date: Wed, 20 Jul 2022 18:44:04 +0000 commit d2cc5633e2800e698c6a64554de7fa19d9627a24 Author: Julien Grall AuthorDate: Wed Jul 20 19:33:01 2022 +0100 Commit: Julien Grall CommitDate: Wed Jul 20 19:33:23 2022 +0100 xen/arm: mm: Add more ASSERT() in {destroy, modify}_xen_mappings() Both destroy_xen_mappings() and modify_xen_mappings() will take in parameter a range [start, end[. Both end should be page aligned. Add extra ASSERT() to ensure start and end are page aligned. Take the opportunity to rename 'v' to 's' to be consistent with the other helper. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis --- xen/arch/arm/mm.c | 10 +++++++--- xen/include/xen/mm.h | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index e59a4ce6d0..56fd084586 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1368,14 +1368,18 @@ int populate_pt_range(unsigned long virt, unsigned long nr_mfns) return xen_pt_update(virt, INVALID_MFN, nr_mfns, _PAGE_POPULATE); } -int destroy_xen_mappings(unsigned long v, unsigned long e) +int destroy_xen_mappings(unsigned long s, unsigned long e) { - ASSERT(v <= e); - return xen_pt_update(v, INVALID_MFN, (e - v) >> PAGE_SHIFT, 0); + ASSERT(IS_ALIGNED(s, PAGE_SIZE)); + ASSERT(IS_ALIGNED(e, PAGE_SIZE)); + ASSERT(s <= e); + return xen_pt_update(s, INVALID_MFN, (e - s) >> PAGE_SHIFT, 0); } int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int flags) { + ASSERT(IS_ALIGNED(s, PAGE_SIZE)); + ASSERT(IS_ALIGNED(e, PAGE_SIZE)); ASSERT(s <= e); return xen_pt_update(s, INVALID_MFN, (e - s) >> PAGE_SHIFT, flags); } diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 3be754da92..6dee421bb8 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -101,7 +101,7 @@ int map_pages_to_xen( unsigned int flags); /* Alter the permissions of a range of Xen virtual address space. */ int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int flags); -int destroy_xen_mappings(unsigned long v, unsigned long e); +int destroy_xen_mappings(unsigned long s, unsigned long e); /* Retrieve the MFN mapped by VA in Xen virtual address space. */ mfn_t xen_map_to_mfn(unsigned long va); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 23:22:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 23:22:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372489.604251 (Exim 4.92) (envelope-from ) id 1oEJ11-0000lq-J1; Wed, 20 Jul 2022 23:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372489.604251; Wed, 20 Jul 2022 23:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEJ11-0000lg-GD; Wed, 20 Jul 2022 23:22:03 +0000 Received: by outflank-mailman (input) for mailman id 372489; Wed, 20 Jul 2022 23:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEJ10-0000lE-2S for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 23:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEJ10-0003ef-1T for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 23:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEJ10-00089r-0f for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 23:22:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2Fr1mxz+UrAlYwTZ7CSIzQeMWcrnzODCEPEUi0IywZc=; b=2X9ZzF/SXIXmKd9qjdEkS24ek0 4VO92cTJQ9lLJ2sNnBVBXITBkASzsT2Ai5HWSNGgbxwtgOlkoyfWWDZ75B0NU/4S3fUW+6Njdmuo4 omEe2AJ7jOfyZ0zOiTwtjGOLZG374Q6fozhNLUANltqwhUwVw7OaZEnRdOrTYUA5Mfkg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86emul: add memory operand low bits checks for ENQCMD{,S} Message-Id: Date: Wed, 20 Jul 2022 23:22:02 +0000 commit d620c66bdbe5510c3bae89be8cc7ca9a2a6cbaba Author: Jan Beulich AuthorDate: Wed Jul 20 15:46:48 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 20 15:46:48 2022 +0200 x86emul: add memory operand low bits checks for ENQCMD{,S} Already ISE rev 044 added text to this effect; rev 045 further dropped leftover earlier text indicating the contrary: - ENQCMD requires the low 32 bits of the memory operand to be clear, - ENDCMDS requires bits 20...30 of the memory operand to be clear. Fixes: d27385968741 ("x86emul: support ENQCMD insns") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 7f6af911bc..f6778dd493 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -10499,6 +10499,7 @@ x86_emulate( goto done; if ( vex.pfx == vex_f2 ) /* enqcmd */ { + generate_exception_if(mmvalp->data32[0], EXC_GP, 0); fail_if(!ops->read_msr); if ( (rc = ops->read_msr(MSR_PASID, &msr_val, ctxt)) != X86EMUL_OKAY ) @@ -10506,7 +10507,8 @@ x86_emulate( generate_exception_if(!(msr_val & PASID_VALID), EXC_GP, 0); mmvalp->data32[0] = MASK_EXTR(msr_val, PASID_PASID_MASK); } - mmvalp->data32[0] &= ~0x7ff00000; + else + generate_exception_if(mmvalp->data32[0] & 0x7ff00000, EXC_GP, 0); state->blk = blk_enqcmd; if ( (rc = ops->blk(x86_seg_es, src.val, mmvalp, 64, &_regs.eflags, state, ctxt)) != X86EMUL_OKAY ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 20 23:22:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 20 Jul 2022 23:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372492.604257 (Exim 4.92) (envelope-from ) id 1oEJ1B-0000ql-MM; Wed, 20 Jul 2022 23:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372492.604257; Wed, 20 Jul 2022 23:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEJ1B-0000qc-Hq; Wed, 20 Jul 2022 23:22:13 +0000 Received: by outflank-mailman (input) for mailman id 372492; Wed, 20 Jul 2022 23:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEJ1A-0000q9-5L for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 23:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEJ1A-0003ep-4U for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 23:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEJ1A-0008AG-3c for xen-changelog@lists.xenproject.org; Wed, 20 Jul 2022 23:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Am9fOJhaVoyVDJrYi7YLkiSjTfnqGCa1ejwb0Ngk/+Y=; b=jBaP0y5qjPPi5vuWMfmTJZLhK5 OgkpBA+Wii+QzcR3RVuffSqD/DtzeqN06Vt2E6eIL+3MZ7YxvLoR2ZA+mLRHIxgzOn202GS8PD+NH EmQcREH+5BdNtvnQCV7ZfHxUObCzoblwh5/cmWoGy7DxdckfJ7OUPCktKBriI9ZBHOKQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: also suppress use of MMX insns Message-Id: Date: Wed, 20 Jul 2022 23:22:12 +0000 commit 6fe2e39a0243bddba60f83b77b972a5922d25eb8 Author: Jan Beulich AuthorDate: Wed Jul 20 15:48:49 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 20 15:48:49 2022 +0200 x86: also suppress use of MMX insns Passing -mno-sse alone is not enough: The compiler may still find (questionable) reasons to use MMX insns. In particular with gcc12 use of MOVD+PUNPCKLDQ+MOVQ was observed in an apparent attempt to auto- vectorize the storing of two adjacent zeroes, 32 bits each. Reported-by: ChrisD Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/arch.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index fb86cbda46..227d439a45 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -36,9 +36,9 @@ $(call as-option-add,CFLAGS,CC,\ CFLAGS += -mno-red-zone -fpic -# Xen doesn't use SSE interally. If the compiler supports it, also skip the -# SSE setup for variadic function calls. -CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) +# Xen doesn't use MMX or SSE interally. If the compiler supports it, also skip +# the SSE setup for variadic function calls. +CFLAGS += -mno-mmx -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) ifeq ($(CONFIG_INDIRECT_THUNK),y) # Compile with gcc thunk-extern, indirect-branch-register if available. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 21 07:33:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Jul 2022 07:33:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372533.604296 (Exim 4.92) (envelope-from ) id 1oEQgB-0001Zl-8U; Thu, 21 Jul 2022 07:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372533.604296; Thu, 21 Jul 2022 07:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQgB-0001Zd-4s; Thu, 21 Jul 2022 07:33:03 +0000 Received: by outflank-mailman (input) for mailman id 372533; Thu, 21 Jul 2022 07:33:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQg9-0001ZX-Ro for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQg9-0003ng-Pr for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEQg9-0008PE-Os for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QFaewVNj0ZJxWINT10EfxwljJfPeBmDBaVkgH2Pp/Ag=; b=Bwu//SXwPgcjYs4Hgr2Jpz7wD9 ChDSFGub2YS4D7CLmhaQM6qu4Eqbsdy407NQ17bhstdwwiJXC7LRoI3B+euN0kUzBfpRV+JoTWIXW T5MOK/yD1yxAA6h4Vb8Mw/ie3VG+GjRgeMUP+gcfZbAXBCZuGk3oc6vKD4IiNl347Iq0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] docs: document dom0less + PV drivers Message-Id: Date: Thu, 21 Jul 2022 07:33:01 +0000 commit 52196c8cd9d38c7b028619f046246ea55ff9f6a7 Author: Stefano Stabellini AuthorDate: Wed May 4 17:16:56 2022 -0700 Commit: Julien Grall CommitDate: Wed Jul 20 19:06:33 2022 +0100 docs: document dom0less + PV drivers Document how to use the feature and how the implementation works. Signed-off-by: Stefano Stabellini Reviewed-by: Luca Fancellu Acked-by: Julien Grall --- docs/features/dom0less.pandoc | 43 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/docs/features/dom0less.pandoc b/docs/features/dom0less.pandoc index c9edb529e1..725afa0558 100644 --- a/docs/features/dom0less.pandoc +++ b/docs/features/dom0less.pandoc @@ -90,6 +90,46 @@ Otherwise, they may be unusable in Xen (for instance if they are compressed). See docs/misc/arm/device-tree/booting.txt for more information. +PV Drivers +---------- + +It is possible to use PV drivers with dom0less guests with some +restrictions: + +- dom0less domUs that want to use PV drivers support should have the + "xen,enhanced" property set under their device tree nodes (see + docs/misc/arm/device-tree/booting.txt) +- a dom0 must be present (or another domain with enough privileges to + run the toolstack) +- after dom0 is booted, the utility "init-dom0less" must be run +- do not run "init-dom0less" while creating other guests with xl + +After the execution of init-dom0less, it is possible to use "xl" to +hotplug PV drivers to dom0less guests. E.g. xl network-attach domU. + +The implementation works as follows: +- Xen allocates the xenstore event channel for each dom0less domU that + has the "xen,enhanced" property, and sets HVM_PARAM_STORE_EVTCHN +- Xen does *not* allocate the xenstore page and sets HVM_PARAM_STORE_PFN + to ~0ULL (invalid) +- Dom0less domU kernels check that HVM_PARAM_STORE_PFN is set to invalid + - Old kernels will continue without xenstore support (Note: some old + buggy kernels might crash because they don't check the validity of + HVM_PARAM_STORE_PFN before using it! Disable "xen,enhanced" in + those cases) + - New kernels will wait for a notification on the xenstore event + channel (HVM_PARAM_STORE_EVTCHN) before continuing with the + initialization +- Once dom0 is booted, init-dom0less is executed: + - it allocates the xenstore shared page and sets HVM_PARAM_STORE_PFN + - it calls xs_introduce_domain +- Xenstored notices the new domain, initializes interfaces as usual, and + sends an event channel notification to the domain using the xenstore + event channel (HVM_PARAM_STORE_EVTCHN) +- The Linux domU kernel receives the event channel notification, checks + HVM_PARAM_STORE_PFN again and continue with the initialization + + Limitations ----------- @@ -107,9 +147,6 @@ limitations: information, the GIC version exposed to the domains started by Xen at boot is the same as the native GIC version. -- No PV drivers. There is no support for PV devices at the moment. All - devices need to be statically assigned to guests. - - Pinning vCPUs of domains started by Xen at boot can be done from the control domain, using `xl vcpu-pin` as usual. It is not currently possible to configure vCPU pinning without a control domain. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 21 07:33:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Jul 2022 07:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372534.604299 (Exim 4.92) (envelope-from ) id 1oEQgL-0001cJ-Al; Thu, 21 Jul 2022 07:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372534.604299; Thu, 21 Jul 2022 07:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQgL-0001cB-7x; Thu, 21 Jul 2022 07:33:13 +0000 Received: by outflank-mailman (input) for mailman id 372534; Thu, 21 Jul 2022 07:33:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQgJ-0001br-Tp for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQgJ-0003nk-Sv for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEQgJ-0008Pk-S8 for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/5MCgPEFClU3kTTqdyC12W9vjBB+vELRWOTYnbovlVo=; b=oEceYUjQbcrO6orG5JTN5WE4ed BlsS1Dmq7jqfbMI7kgIr8N7eQKNJwcXaGJeeBq1F6mk4/T4vAtsfS/CLqIpzbYbn6kdKDg75yRfvT PNyhI9/tgMdad7o1f8Y3zWsgheS3lPv6z3QkbgqXES3U71Blcdzid/VEF9fOReK4JP3s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Harden the P2M code in p2m_remove_mapping() Message-Id: Date: Thu, 21 Jul 2022 07:33:11 +0000 commit 5a4a2cef085d74a247663ed210e9398264ce3fc8 Author: Oleksandr Tyshchenko AuthorDate: Sat Jul 16 17:56:57 2022 +0300 Commit: Julien Grall CommitDate: Wed Jul 20 19:12:22 2022 +0100 xen/arm: Harden the P2M code in p2m_remove_mapping() Borrow the x86's check from p2m_remove_page() which was added by the following commit: c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e "x86/p2m: don't assert that the passed in MFN matches for a remove" and adjust it to the Arm code base. Basically, this check will be strictly needed for the xenheap pages after applying a subsequent commit which will introduce xenheap based M2P approach on Arm. But, it will be a good opportunity to harden the P2M code for *every* RAM pages since it is possible to remove any GFN - MFN mapping currently on Arm (even with the wrong helpers). Suggested-by: Julien Grall Signed-off-by: Oleksandr Tyshchenko Reviewed-by: Julien Grall --- xen/arch/arm/p2m.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index d00c2e462a..46ee675409 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -1308,11 +1308,39 @@ static inline int p2m_remove_mapping(struct domain *d, mfn_t mfn) { struct p2m_domain *p2m = p2m_get_hostp2m(d); + unsigned long i; int rc; p2m_write_lock(p2m); + /* + * Before removing the GFN - MFN mapping for any RAM pages make sure + * that there is no difference between what is already mapped and what + * is requested to be unmapped. + * If they don't match bail out early. For instance, this could happen + * if two CPUs are requesting to unmap the same P2M entry concurrently. + */ + for ( i = 0; i < nr; ) + { + unsigned int cur_order; + p2m_type_t t; + mfn_t mfn_return = p2m_get_entry(p2m, gfn_add(start_gfn, i), &t, NULL, + &cur_order, NULL); + + if ( p2m_is_any_ram(t) && + (!mfn_valid(mfn) || !mfn_eq(mfn_add(mfn, i), mfn_return)) ) + { + rc = -EILSEQ; + goto out; + } + + i += (1UL << cur_order) - + ((gfn_x(start_gfn) + i) & ((1UL << cur_order) - 1)); + } + rc = p2m_set_entry(p2m, start_gfn, nr, INVALID_MFN, p2m_invalid, p2m_access_rwx); + +out: p2m_write_unlock(p2m); return rc; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 21 07:33:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Jul 2022 07:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372535.604304 (Exim 4.92) (envelope-from ) id 1oEQgV-0001eS-Ce; Thu, 21 Jul 2022 07:33:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372535.604304; Thu, 21 Jul 2022 07:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQgV-0001eI-9b; Thu, 21 Jul 2022 07:33:23 +0000 Received: by outflank-mailman (input) for mailman id 372535; Thu, 21 Jul 2022 07:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQgU-0001e7-1P for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQgU-0003o5-0R for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEQgT-0008QK-Vv for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=trn24npqaN8S2uraTIdCqhH19FWRhLw5oA4MInulRJs=; b=jKKhCOWCRIWqp/iCPCUt66AoHh XkTxrdGLtA8SYLLQfDPTrro/kyQB8WRxrdi7H9mDFTpxIpEJQ3Qf5HhM/GmJm77CxDdBjeeX/dECB 5OE6sYfJsw86efv6TLKRET3kHknK5vBpdk8/Hx7bnKSa8o6z6UAKXagZdS3IRTSpuVlM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/gnttab: Store frame GFN in struct page_info on Arm Message-Id: Date: Thu, 21 Jul 2022 07:33:21 +0000 commit 71320946d5edf158b79eb91a5be261adc20f3aa1 Author: Oleksandr Tyshchenko AuthorDate: Sat Jul 16 17:56:58 2022 +0300 Commit: Julien Grall CommitDate: Wed Jul 20 19:12:26 2022 +0100 xen/gnttab: Store frame GFN in struct page_info on Arm Rework Arm implementation to store grant table frame GFN in struct page_info directly instead of keeping it in standalone status/shared arrays. This patch is based on the assumption that a grant table page is a xenheap page. To cover 64-bit/40-bit IPA on Arm64/Arm32 we need the space to hold 52-bit/28-bit + extra bit value respectively. In order to not grow the size of struct page_info borrow the required amount of bits from type_info's count portion which current context won't suffer (currently only 1 bit is used on Arm). Please note, to minimize code changes and avoid introducing an extra #ifdef-s to the header, we keep the same amount of bits on both subarches, although the count portion on Arm64 could be wider, so we waste some bits here. Introduce corresponding PGT_* constructs and access macro page_get(set)_xenheap_gfn. Please note, all accesses to the GFN portion of type_info field should always be protected by the P2M lock. In case when it is not feasible to satisfy that requirement (risk of deadlock, lock inversion, etc) it is important to make sure that all non-protected updates to this field are atomic. As several non-protected read accesses still exist within current code (most calls to page_get_xenheap_gfn() are not protected by the P2M lock) the subsequent patch will introduce hardening code for p2m_remove_mapping() to be called with P2M lock held in order to check any difference between what is already mapped and what is requested to be ummapped. Update existing gnttab macros to deal with GFN value according to new location. Also update the use of count portion of type_info field on Arm in share_xen_page_with_guest(). While at it, extend this simplified M2P-like approach for any xenheap pages which are proccessed in xenmem_add_to_physmap_one() except foreign ones. Update the code to set GFN portion after establishing new mapping for the xenheap page in said function and to clean GFN portion when putting a reference on that page in p2m_put_l3_page(). And for everything to work correctly introduce arch-specific initialization pattern PGT_TYPE_INFO_INITIALIZER to be applied to type_info field during initialization at alloc_heap_pages() and acquire_staticmem_pages(). The pattern's purpose on Arm is to clear the GFN portion before use, on x86 it is just a stub. This patch is intended to fix the potential issue on Arm which might happen when remapping grant-table frame. A guest (or the toolstack) will unmap the grant-table frame using XENMEM_remove_physmap. This is a generic hypercall, so on x86, we are relying on the fact the M2P entry will be cleared on removal. For architecture without the M2P, the GFN would still be present in the grant frame/status array. So on the next call to map the page, we will end up to request the P2M to remove whatever mapping was the given GFN. This could well be another mapping. Please note, this patch also changes the behavior how the shared_info page (which is xenheap RAM page) is mapped in xenmem_add_to_physmap_one(). Now, we only allow to map the shared_info at once. The subsequent attempts to map it will result in -EBUSY. Doing that we mandate the caller to first unmap the page before mapping it again. This is to prevent Xen creating an unwanted hole in the P2M. For instance, this could happen if the firmware stole a RAM address for mapping the shared_info page into but forgot to unmap it afterwards. Besides that, this patch simplifies arch code on Arm by removing arrays and corresponding management code and as the result gnttab_init_arch/gnttab_destroy_arch helpers and struct grant_table_arch become useless and can be dropped globally. Suggested-by: Julien Grall Signed-off-by: Oleksandr Tyshchenko Acked-by: Jan Beulich Reviewed-by: Julien Grall --- xen/arch/arm/include/asm/grant_table.h | 53 +++++++--------------------------- xen/arch/arm/include/asm/mm.h | 47 ++++++++++++++++++++++++++++-- xen/arch/arm/mm.c | 51 ++++++++++++++++++++++++++++---- xen/arch/arm/p2m.c | 7 +++-- xen/arch/x86/include/asm/grant_table.h | 5 ---- xen/common/grant_table.c | 9 ------ xen/common/page_alloc.c | 8 +++-- 7 files changed, 112 insertions(+), 68 deletions(-) diff --git a/xen/arch/arm/include/asm/grant_table.h b/xen/arch/arm/include/asm/grant_table.h index a283dd5cd6..e13dfeefa5 100644 --- a/xen/arch/arm/include/asm/grant_table.h +++ b/xen/arch/arm/include/asm/grant_table.h @@ -11,11 +11,6 @@ #define INITIAL_NR_GRANT_FRAMES 1U #define GNTTAB_MAX_VERSION 1 -struct grant_table_arch { - gfn_t *shared_gfn; - gfn_t *status_gfn; -}; - static inline void gnttab_clear_flags(struct domain *d, unsigned int mask, uint16_t *addr) { @@ -56,53 +51,27 @@ int replace_grant_host_mapping(unsigned long gpaddr, mfn_t mfn, #define gnttab_dom0_frames() \ min_t(unsigned int, opt_max_grant_frames, PFN_DOWN(_etext - _stext)) -#define gnttab_init_arch(gt) \ -({ \ - unsigned int ngf_ = (gt)->max_grant_frames; \ - unsigned int nsf_ = grant_to_status_frames(ngf_); \ - \ - (gt)->arch.shared_gfn = xmalloc_array(gfn_t, ngf_); \ - (gt)->arch.status_gfn = xmalloc_array(gfn_t, nsf_); \ - if ( (gt)->arch.shared_gfn && (gt)->arch.status_gfn ) \ - { \ - while ( ngf_-- ) \ - (gt)->arch.shared_gfn[ngf_] = INVALID_GFN; \ - while ( nsf_-- ) \ - (gt)->arch.status_gfn[nsf_] = INVALID_GFN; \ - } \ - else \ - gnttab_destroy_arch(gt); \ - (gt)->arch.shared_gfn ? 0 : -ENOMEM; \ -}) - -#define gnttab_destroy_arch(gt) \ - do { \ - XFREE((gt)->arch.shared_gfn); \ - XFREE((gt)->arch.status_gfn); \ - } while ( 0 ) - #define gnttab_set_frame_gfn(gt, st, idx, gfn, mfn) \ - ({ \ - int rc_ = 0; \ - gfn_t ogfn = gnttab_get_frame_gfn(gt, st, idx); \ - if ( gfn_eq(ogfn, INVALID_GFN) || gfn_eq(ogfn, gfn) || \ - (rc_ = guest_physmap_remove_page((gt)->domain, ogfn, mfn, \ - 0)) == 0 ) \ - ((st) ? (gt)->arch.status_gfn \ - : (gt)->arch.shared_gfn)[idx] = (gfn); \ - rc_; \ - }) + (gfn_eq(gfn, INVALID_GFN) \ + ? guest_physmap_remove_page((gt)->domain, \ + gnttab_get_frame_gfn(gt, st, idx), \ + mfn, 0) \ + : 0) #define gnttab_get_frame_gfn(gt, st, idx) ({ \ (st) ? gnttab_status_gfn(NULL, gt, idx) \ : gnttab_shared_gfn(NULL, gt, idx); \ }) +#define gnttab_shared_page(t, i) virt_to_page((t)->shared_raw[i]) + +#define gnttab_status_page(t, i) virt_to_page((t)->status[i]) + #define gnttab_shared_gfn(d, t, i) \ - (((i) >= nr_grant_frames(t)) ? INVALID_GFN : (t)->arch.shared_gfn[i]) + page_get_xenheap_gfn(gnttab_shared_page(t, i)) #define gnttab_status_gfn(d, t, i) \ - (((i) >= nr_status_frames(t)) ? INVALID_GFN : (t)->arch.status_gfn[i]) + page_get_xenheap_gfn(gnttab_status_page(t, i)) #define gnttab_need_iommu_mapping(d) \ (is_domain_direct_mapped(d) && is_iommu_enabled(d)) diff --git a/xen/arch/arm/include/asm/mm.h b/xen/arch/arm/include/asm/mm.h index c4bc3cd1e5..6c0a3c789f 100644 --- a/xen/arch/arm/include/asm/mm.h +++ b/xen/arch/arm/include/asm/mm.h @@ -98,9 +98,22 @@ struct page_info #define PGT_writable_page PG_mask(1, 1) /* has writable mappings? */ #define PGT_type_mask PG_mask(1, 1) /* Bits 31 or 63. */ - /* Count of uses of this frame as its current type. */ -#define PGT_count_width PG_shift(2) -#define PGT_count_mask ((1UL<u.inuse.type_info) & PGT_gfn_mask); + + ASSERT(is_xen_heap_page(p)); + + return gfn_eq(gfn_, PGT_INVALID_XENHEAP_GFN) ? INVALID_GFN : gfn_; +} + +static inline void page_set_xenheap_gfn(struct page_info *p, gfn_t gfn) +{ + gfn_t gfn_ = gfn_eq(gfn, INVALID_GFN) ? PGT_INVALID_XENHEAP_GFN : gfn; + unsigned long x, nx, y = p->u.inuse.type_info; + + ASSERT(is_xen_heap_page(p)); + + do { + x = y; + nx = (x & ~PGT_gfn_mask) | gfn_x(gfn_); + } while ( (y = cmpxchg(&p->u.inuse.type_info, x, nx)) != x ); +} + #endif /* __ARCH_ARM_MM__ */ /* * Local variables: diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 009b8cd9ef..e59a4ce6d0 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1449,9 +1449,21 @@ void share_xen_page_with_guest(struct page_info *page, struct domain *d, spin_lock(&d->page_alloc_lock); - /* The incremented type count pins as writable or read-only. */ - page->u.inuse.type_info = - (flags == SHARE_ro ? PGT_none : PGT_writable_page) | 1; + /* + * The incremented type count pins as writable or read-only. + * + * Please note, the update of type_info field here is not atomic as + * we use Read-Modify-Write operation on it. But currently it is fine + * because the caller of page_set_xenheap_gfn() (which is another place + * where type_info is updated) would need to acquire a reference on + * the page. This is only possible after the count_info is updated *and* + * there is a barrier between the type_info and count_info. So there is + * no immediate need to use cmpxchg() here. + */ + page->u.inuse.type_info &= ~(PGT_type_mask | PGT_count_mask); + page->u.inuse.type_info |= (flags == SHARE_ro ? PGT_none + : PGT_writable_page) | + MASK_INSR(1, PGT_count_mask); page_set_owner(page, d); smp_wmb(); /* install valid domain ptr before updating refcnt. */ @@ -1554,8 +1566,37 @@ int xenmem_add_to_physmap_one( return -ENOSYS; } - /* Map at new location. */ - rc = guest_physmap_add_entry(d, gfn, mfn, 0, t); + /* + * Map at new location. Here we need to map xenheap RAM page differently + * because we need to store the valid GFN and make sure that nothing was + * mapped before (the stored GFN is invalid). And these actions need to be + * performed with the P2M lock held. The guest_physmap_add_entry() is just + * a wrapper on top of p2m_set_entry(). + */ + if ( !p2m_is_ram(t) || !is_xen_heap_mfn(mfn) ) + rc = guest_physmap_add_entry(d, gfn, mfn, 0, t); + else + { + struct p2m_domain *p2m = p2m_get_hostp2m(d); + + p2m_write_lock(p2m); + if ( gfn_eq(page_get_xenheap_gfn(mfn_to_page(mfn)), INVALID_GFN) ) + { + rc = p2m_set_entry(p2m, gfn, 1, mfn, t, p2m->default_access); + if ( !rc ) + page_set_xenheap_gfn(mfn_to_page(mfn), gfn); + } + else + /* + * Mandate the caller to first unmap the page before mapping it + * again. This is to prevent Xen creating an unwanted hole in + * the P2M. For instance, this could happen if the firmware stole + * a RAM address for mapping the shared_info page into but forgot + * to unmap it afterwards. + */ + rc = -EBUSY; + p2m_write_unlock(p2m); + } /* * For XENMAPSPACE_gmfn_foreign if we failed to add the mapping, we need diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index 46ee675409..8449f97fe7 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -716,6 +716,8 @@ static int p2m_mem_access_radix_set(struct p2m_domain *p2m, gfn_t gfn, */ static void p2m_put_l3_page(const lpae_t pte) { + mfn_t mfn = lpae_get_mfn(pte); + ASSERT(p2m_is_valid(pte)); /* @@ -727,11 +729,12 @@ static void p2m_put_l3_page(const lpae_t pte) */ if ( p2m_is_foreign(pte.p2m.type) ) { - mfn_t mfn = lpae_get_mfn(pte); - ASSERT(mfn_valid(mfn)); put_page(mfn_to_page(mfn)); } + /* Detect the xenheap page and mark the stored GFN as invalid. */ + else if ( p2m_is_ram(pte.p2m.type) && is_xen_heap_mfn(mfn) ) + page_set_xenheap_gfn(mfn_to_page(mfn), INVALID_GFN); } /* Free lpae sub-tree behind an entry */ diff --git a/xen/arch/x86/include/asm/grant_table.h b/xen/arch/x86/include/asm/grant_table.h index a8a21439a4..5c23cec90c 100644 --- a/xen/arch/x86/include/asm/grant_table.h +++ b/xen/arch/x86/include/asm/grant_table.h @@ -14,9 +14,6 @@ #define INITIAL_NR_GRANT_FRAMES 1U -struct grant_table_arch { -}; - static inline int create_grant_host_mapping(uint64_t addr, mfn_t frame, unsigned int flags, unsigned int cache_flags) @@ -35,8 +32,6 @@ static inline int replace_grant_host_mapping(uint64_t addr, mfn_t frame, return replace_grant_pv_mapping(addr, frame, new_addr, flags); } -#define gnttab_init_arch(gt) 0 -#define gnttab_destroy_arch(gt) do {} while ( 0 ) #define gnttab_set_frame_gfn(gt, st, idx, gfn, mfn) \ (gfn_eq(gfn, INVALID_GFN) \ ? guest_physmap_remove_page((gt)->domain, \ diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index aea0ad30a7..ad773a6996 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -99,8 +99,6 @@ struct grant_table { /* Domain to which this struct grant_table belongs. */ struct domain *domain; - - struct grant_table_arch arch; }; unsigned int __read_mostly opt_max_grant_frames = 64; @@ -2018,14 +2016,9 @@ int grant_table_init(struct domain *d, int max_grant_frames, grant_write_lock(gt); - ret = gnttab_init_arch(gt); - if ( ret ) - goto unlock; - /* gnttab_grow_table() allocates a min number of frames, so 0 is okay. */ ret = gnttab_grow_table(d, 0); - unlock: grant_write_unlock(gt); out: @@ -3939,8 +3932,6 @@ grant_table_destroy( if ( t == NULL ) return; - gnttab_destroy_arch(t); - for ( i = 0; i < nr_grant_frames(t); i++ ) free_xenheap_page(t->shared_raw[i]); xfree(t->shared_raw); diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index fe0e15429a..6ca986584d 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -155,6 +155,10 @@ #define PGC_reserved 0 #endif +#ifndef PGT_TYPE_INFO_INITIALIZER +#define PGT_TYPE_INFO_INITIALIZER 0 +#endif + /* * Comma-separated list of hexadecimal page numbers containing bad bytes. * e.g. 'badpage=0x3f45,0x8a321'. @@ -1024,7 +1028,7 @@ static struct page_info *alloc_heap_pages( &tlbflush_timestamp); /* Initialise fields which have other uses for free pages. */ - pg[i].u.inuse.type_info = 0; + pg[i].u.inuse.type_info = PGT_TYPE_INFO_INITIALIZER; page_set_owner(&pg[i], NULL); } @@ -2702,7 +2706,7 @@ static struct page_info * __init acquire_staticmem_pages(mfn_t smfn, */ pg[i].count_info = PGC_reserved | PGC_state_inuse; /* Initialise fields which have other uses for free pages. */ - pg[i].u.inuse.type_info = 0; + pg[i].u.inuse.type_info = PGT_TYPE_INFO_INITIALIZER; page_set_owner(&pg[i], NULL); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 21 07:33:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Jul 2022 07:33:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372536.604306 (Exim 4.92) (envelope-from ) id 1oEQgf-0001hN-DN; Thu, 21 Jul 2022 07:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372536.604306; Thu, 21 Jul 2022 07:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQgf-0001hF-As; Thu, 21 Jul 2022 07:33:33 +0000 Received: by outflank-mailman (input) for mailman id 372536; Thu, 21 Jul 2022 07:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQge-0001gx-4T for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQge-0003oG-3c for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEQge-0008Qo-2g for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HtK8mN+oKgqCPad9l0Hkm8Hvung55rX6UMf/XlGKglQ=; b=rkEudIIIaJkRp4ROo8kv3OdODi L15HUtzlo2UhWO0rWNC7FOghCbQpSFdSFrmjIt2bGAMlGXC2O+H092+LZm6MKO0OXs2gdDut3ubU8 +wWZwHcI7VdA0/j0aWew8Qc04fjVrvJTiLeMuQD1klCNOgXrU5+W8/pOb+cH1HNEAHBY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: page_alloc: Don't open-code IS_ALIGNED() Message-Id: Date: Thu, 21 Jul 2022 07:33:32 +0000 commit 7a2b7edad5d5508e2d6a2e5d0ad0399ae16e9c8e Author: Julien Grall AuthorDate: Wed Jul 20 19:22:34 2022 +0100 Commit: Julien Grall CommitDate: Wed Jul 20 19:26:19 2022 +0100 xen: page_alloc: Don't open-code IS_ALIGNED() init_heap_pages() is using an open-code version of IS_ALIGNED(). Replace it to improve the readability of the code. No functional change intended. Signed-off-by: Julien Grall Reviewed-by: Wei Chen Acked-by: Jan Beulich --- xen/common/page_alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 6ca986584d..013f3d142e 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1827,7 +1827,7 @@ static void init_heap_pages( unsigned long s = mfn_x(page_to_mfn(pg + i)); unsigned long e = mfn_x(mfn_add(page_to_mfn(pg + nr_pages - 1), 1)); bool use_tail = (nid == phys_to_nid(pfn_to_paddr(e - 1))) && - !(s & ((1UL << MAX_ORDER) - 1)) && + IS_ALIGNED(s, 1UL << MAX_ORDER) && (find_first_set_bit(e) <= find_first_set_bit(s)); unsigned long n; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 21 07:33:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Jul 2022 07:33:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372537.604311 (Exim 4.92) (envelope-from ) id 1oEQgp-0001kO-FT; Thu, 21 Jul 2022 07:33:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372537.604311; Thu, 21 Jul 2022 07:33:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQgp-0001kG-CX; Thu, 21 Jul 2022 07:33:43 +0000 Received: by outflank-mailman (input) for mailman id 372537; Thu, 21 Jul 2022 07:33:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQgo-0001k3-7X for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQgo-0003oi-6f for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEQgo-0008Sk-5r for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FSyXR+225DWT8Cx3CWBCo/B8iDpkOTl/ZJM5USX87KM=; b=CaeLC1lXf9zuJYo+VgUxivVBEm fJL0pcMR58rDp5tUDw4fNcULV0exjwkM/zRWgBDXybgQFWxRMjNXxC9JycFAUkgYO7f1baGZebC8g mXcbAcZJYPFhxTtyKevJ2psvUlsLWEkMohTvaljYSWidpx25LDnsK+sIXLkvAnnooMf0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/heap: Split init_heap_pages() in two Message-Id: Date: Thu, 21 Jul 2022 07:33:42 +0000 commit 24a53060bd375ab7e95eda9417bb66d821524c59 Author: Julien Grall AuthorDate: Wed Jul 20 19:25:16 2022 +0100 Commit: Julien Grall CommitDate: Wed Jul 20 19:26:19 2022 +0100 xen/heap: Split init_heap_pages() in two At the moment, init_heap_pages() will call free_heap_pages() page by page. To reduce the time to initialize the heap, we will want to provide multiple pages at the same time. init_heap_pages() is now split in two parts: - init_heap_pages(): will break down the range in multiple set of contiguous pages. For now, the criteria is the pages should belong to the same NUMA node. - _init_heap_pages(): will initialize a set of pages belonging to the same NUMA node. In a follow-up patch, new requirements will be added (e.g. pages should belong to the same zone). For now the pages are still passed one by one to free_heap_pages(). Note that the comment before init_heap_pages() is heavily outdated and does not reflect the current code. So update it. This patch is a merge/rework of patches from David Woodhouse and Hongyan Xia. Signed-off-by: Julien Grall Reviewed-by: Jan Beulich --- xen/common/page_alloc.c | 77 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 50 insertions(+), 27 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 013f3d142e..e4fd25bc91 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1782,16 +1782,44 @@ int query_page_offline(mfn_t mfn, uint32_t *status) } /* - * Hand the specified arbitrary page range to the specified heap zone - * checking the node_id of the previous page. If they differ and the - * latter is not on a MAX_ORDER boundary, then we reserve the page by - * not freeing it to the buddy allocator. + * This function should only be called with valid pages from the same NUMA + * node. */ +static void _init_heap_pages(const struct page_info *pg, + unsigned long nr_pages, + bool need_scrub) +{ + unsigned long s, e; + unsigned int nid = phys_to_nid(page_to_maddr(pg)); + + s = mfn_x(page_to_mfn(pg)); + e = mfn_x(mfn_add(page_to_mfn(pg + nr_pages - 1), 1)); + if ( unlikely(!avail[nid]) ) + { + bool use_tail = IS_ALIGNED(s, 1UL << MAX_ORDER) && + (find_first_set_bit(e) <= find_first_set_bit(s)); + unsigned long n; + + n = init_node_heap(nid, s, nr_pages, &use_tail); + BUG_ON(n > nr_pages); + if ( use_tail ) + e -= n; + else + s += n; + } + + while ( s < e ) + { + free_heap_pages(mfn_to_page(_mfn(s)), 0, need_scrub); + s += 1UL; + } +} + static void init_heap_pages( struct page_info *pg, unsigned long nr_pages) { unsigned long i; - bool idle_scrub = false; + bool need_scrub = scrub_debug; /* * Keep MFN 0 away from the buddy allocator to avoid crossing zone @@ -1816,35 +1844,30 @@ static void init_heap_pages( spin_unlock(&heap_lock); if ( system_state < SYS_STATE_active && opt_bootscrub == BOOTSCRUB_IDLE ) - idle_scrub = true; + need_scrub = true; - for ( i = 0; i < nr_pages; i++ ) + for ( i = 0; i < nr_pages; ) { - unsigned int nid = phys_to_nid(page_to_maddr(pg+i)); + unsigned int nid = phys_to_nid(page_to_maddr(pg)); + unsigned long left = nr_pages - i; + unsigned long contig_pages; - if ( unlikely(!avail[nid]) ) + /* + * _init_heap_pages() is only able to accept range following + * specific property (see comment on top of _init_heap_pages()). + * + * So break down the range in smaller set. + */ + for ( contig_pages = 1; contig_pages < left; contig_pages++ ) { - unsigned long s = mfn_x(page_to_mfn(pg + i)); - unsigned long e = mfn_x(mfn_add(page_to_mfn(pg + nr_pages - 1), 1)); - bool use_tail = (nid == phys_to_nid(pfn_to_paddr(e - 1))) && - IS_ALIGNED(s, 1UL << MAX_ORDER) && - (find_first_set_bit(e) <= find_first_set_bit(s)); - unsigned long n; - - n = init_node_heap(nid, mfn_x(page_to_mfn(pg + i)), nr_pages - i, - &use_tail); - BUG_ON(i + n > nr_pages); - if ( n && !use_tail ) - { - i += n - 1; - continue; - } - if ( i + n == nr_pages ) + if ( nid != (phys_to_nid(page_to_maddr(pg))) ) break; - nr_pages -= n; } - free_heap_pages(pg + i, 0, scrub_debug || idle_scrub); + _init_heap_pages(pg, contig_pages, need_scrub); + + pg += contig_pages; + i += contig_pages; } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 21 07:33:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Jul 2022 07:33:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372538.604314 (Exim 4.92) (envelope-from ) id 1oEQgz-0001oB-IH; Thu, 21 Jul 2022 07:33:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372538.604314; Thu, 21 Jul 2022 07:33:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQgz-0001o3-FM; Thu, 21 Jul 2022 07:33:53 +0000 Received: by outflank-mailman (input) for mailman id 372538; Thu, 21 Jul 2022 07:33:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQgy-0001np-Am for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQgy-0003os-9t for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEQgy-0008TC-95 for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:33:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PU2EBfxyy0rJXqF2trK4LWOlT/igHLkFYqaI5itC95Y=; b=v9FjmnmILX0Vl76W/jpKVO89+v ISe9hEVl6ZTssmpyy4COu6UEH9RXSxVzanuYQrl7jucvspqYQh1dRV+AKGf49P10955u6ZtvfdAFi S7+47Z1ZTC87cvxZBo0SZBUpU17lBRl/40rca72h3Kf45KASWu8aZ8Z645Vy+X0OnJkI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/heap: pass order to free_heap_pages() in heap init Message-Id: Date: Thu, 21 Jul 2022 07:33:52 +0000 commit 72b02bc75b47a7f74d82f812fcbebf0f729f77a8 Author: Hongyan Xia AuthorDate: Wed Feb 24 18:43:13 2021 +0000 Commit: Julien Grall CommitDate: Wed Jul 20 19:26:19 2022 +0100 xen/heap: pass order to free_heap_pages() in heap init The idea is to split the range into multiple aligned power-of-2 regions which only needs to call free_heap_pages() once each. We check the least significant set bit of the start address and use its bit index as the order of this increment. This makes sure that each increment is both power-of-2 and properly aligned, which can be safely passed to free_heap_pages(). Of course, the order also needs to be sanity checked against the upper bound and MAX_ORDER. Tested on a nested environment on c5.metal with various amount of RAM and CONFIG_DEBUG=n. Time for end_boot_allocator() to complete: Before After - 90GB: 1445 ms 96 ms - 8GB: 126 ms 8 ms - 4GB: 62 ms 4 ms Signed-off-by: Hongyan Xia Signed-off-by: Julien Grall Reviewed-by: Wei Chen Reviewed-by: Jan Beulich --- xen/common/page_alloc.c | 35 ++++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index e4fd25bc91..c5c5047e7c 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1783,7 +1783,7 @@ int query_page_offline(mfn_t mfn, uint32_t *status) /* * This function should only be called with valid pages from the same NUMA - * node. + * node and zone. */ static void _init_heap_pages(const struct page_info *pg, unsigned long nr_pages, @@ -1810,8 +1810,22 @@ static void _init_heap_pages(const struct page_info *pg, while ( s < e ) { - free_heap_pages(mfn_to_page(_mfn(s)), 0, need_scrub); - s += 1UL; + /* + * For s == 0, we simply use the largest increment by checking the + * MSB of the region size. For s != 0, we also need to ensure that the + * chunk is properly sized to end at power-of-two alignment. We do this + * by checking the LSB of the start address and use its index as + * the increment. Both cases need to be bounded by MAX_ORDER. + * + * Note that the value of ffsl() and flsl() starts from 1 so we need + * to decrement it by 1. + */ + unsigned int inc_order = min(MAX_ORDER, flsl(e - s) - 1); + + if ( s ) + inc_order = min(inc_order, ffsl(s) - 1U); + free_heap_pages(mfn_to_page(_mfn(s)), inc_order, need_scrub); + s += (1UL << inc_order); } } @@ -1848,6 +1862,9 @@ static void init_heap_pages( for ( i = 0; i < nr_pages; ) { +#ifdef CONFIG_SEPARATE_XENHEAP + unsigned int zone = page_to_zone(pg); +#endif unsigned int nid = phys_to_nid(page_to_maddr(pg)); unsigned long left = nr_pages - i; unsigned long contig_pages; @@ -1860,6 +1877,18 @@ static void init_heap_pages( */ for ( contig_pages = 1; contig_pages < left; contig_pages++ ) { + /* + * No need to check for the zone when !CONFIG_SEPARATE_XENHEAP + * because free_heap_pages() can only take power-of-two ranges + * which never cross zone boundaries. But for separate xenheap + * which is manually defined, it is possible for power-of-two + * range to cross zones. + */ +#ifdef CONFIG_SEPARATE_XENHEAP + if ( zone != page_to_zone(pg) ) + break; +#endif + if ( nid != (phys_to_nid(page_to_maddr(pg))) ) break; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 21 07:34:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Jul 2022 07:34:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372539.604319 (Exim 4.92) (envelope-from ) id 1oEQh9-0001rG-Jo; Thu, 21 Jul 2022 07:34:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372539.604319; Thu, 21 Jul 2022 07:34:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQh9-0001r8-Gt; Thu, 21 Jul 2022 07:34:03 +0000 Received: by outflank-mailman (input) for mailman id 372539; Thu, 21 Jul 2022 07:34:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQh8-0001qc-Dn for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:34:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEQh8-0003pH-Cy for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:34:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEQh8-0008Tn-CF for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 07:34:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fu9AeGPvRlfQQb9WNRvh9i0hkCS5xDGwVGb1iiEYiYY=; b=Alvl9OsoPJJzz0S8g5X3PXmBmF kTId7y3JwVSgzMqYpU31NfESgLNIEO6fufVxyVbcLM/Zpa/68yAYImk8omxBmL2P3FONJu59KrTQx xQ/POL8VUYVDXJaUPW0/3xzhOPWgQvReqPriEa4jG6LChmW3o5JgQZHqImrOlYdOGQKo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: mm: Add more ASSERT() in {destroy, modify}_xen_mappings() Message-Id: Date: Thu, 21 Jul 2022 07:34:02 +0000 commit d2cc5633e2800e698c6a64554de7fa19d9627a24 Author: Julien Grall AuthorDate: Wed Jul 20 19:33:01 2022 +0100 Commit: Julien Grall CommitDate: Wed Jul 20 19:33:23 2022 +0100 xen/arm: mm: Add more ASSERT() in {destroy, modify}_xen_mappings() Both destroy_xen_mappings() and modify_xen_mappings() will take in parameter a range [start, end[. Both end should be page aligned. Add extra ASSERT() to ensure start and end are page aligned. Take the opportunity to rename 'v' to 's' to be consistent with the other helper. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis --- xen/arch/arm/mm.c | 10 +++++++--- xen/include/xen/mm.h | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index e59a4ce6d0..56fd084586 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1368,14 +1368,18 @@ int populate_pt_range(unsigned long virt, unsigned long nr_mfns) return xen_pt_update(virt, INVALID_MFN, nr_mfns, _PAGE_POPULATE); } -int destroy_xen_mappings(unsigned long v, unsigned long e) +int destroy_xen_mappings(unsigned long s, unsigned long e) { - ASSERT(v <= e); - return xen_pt_update(v, INVALID_MFN, (e - v) >> PAGE_SHIFT, 0); + ASSERT(IS_ALIGNED(s, PAGE_SIZE)); + ASSERT(IS_ALIGNED(e, PAGE_SIZE)); + ASSERT(s <= e); + return xen_pt_update(s, INVALID_MFN, (e - s) >> PAGE_SHIFT, 0); } int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int flags) { + ASSERT(IS_ALIGNED(s, PAGE_SIZE)); + ASSERT(IS_ALIGNED(e, PAGE_SIZE)); ASSERT(s <= e); return xen_pt_update(s, INVALID_MFN, (e - s) >> PAGE_SHIFT, flags); } diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 3be754da92..6dee421bb8 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -101,7 +101,7 @@ int map_pages_to_xen( unsigned int flags); /* Alter the permissions of a range of Xen virtual address space. */ int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int flags); -int destroy_xen_mappings(unsigned long v, unsigned long e); +int destroy_xen_mappings(unsigned long s, unsigned long e); /* Retrieve the MFN mapped by VA in Xen virtual address space. */ mfn_t xen_map_to_mfn(unsigned long va); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 21 19:44:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Jul 2022 19:44:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372927.604994 (Exim 4.92) (envelope-from ) id 1oEc5d-0001gf-Ni; Thu, 21 Jul 2022 19:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372927.604994; Thu, 21 Jul 2022 19:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEc5d-0001gX-L1; Thu, 21 Jul 2022 19:44:05 +0000 Received: by outflank-mailman (input) for mailman id 372927; Thu, 21 Jul 2022 19:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEc5c-0001gP-Bs for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 19:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEc5c-0001ja-A5 for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 19:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEc5c-0008GG-96 for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 19:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aMwFJP961jSB4MdL7Gkwk522sqH+VZSkL5XEvUKnj9k=; b=JSyl4FgGHM0ET8HEOEGJJuqcZh oL5gmS1vcB7zEQitirjn3UrLNlEL7aOr9D4FOZlTBIucdusM05qWct/jXyiAAD7H1wppJiFGivePV SOD3CLpTJ9/93CFIaWdVRxwOtCyuKxLrhy9fOs4S+eaoqO2mvmEdT1gadaJf3sfQ7PxA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation: fix typo in .gcc-tmpl Message-Id: Date: Thu, 21 Jul 2022 19:44:04 +0000 commit da8ff5be796e061e408a8b7a58bf8030c49399a6 Author: Anthony PERARD AuthorDate: Thu Jul 21 13:45:59 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Jul 21 20:42:40 2022 +0100 automation: fix typo in .gcc-tmpl The name of the field doesn't matter because it's use as a YAML achor, but it's nicer to have the proper spelling. Signed-off-by: Anthony PERARD Acked-by: Andrew Cooper --- automation/gitlab-ci/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index 72f2a317ac..5eb7312754 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -17,7 +17,7 @@ - /^stable-.*/ .gcc-tmpl: - variabes: &gcc + variables: &gcc CC: gcc CXX: g++ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Jul 21 19:44:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Jul 2022 19:44:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372928.604998 (Exim 4.92) (envelope-from ) id 1oEc5m-0001iV-P4; Thu, 21 Jul 2022 19:44:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372928.604998; Thu, 21 Jul 2022 19:44:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEc5m-0001iO-MW; Thu, 21 Jul 2022 19:44:14 +0000 Received: by outflank-mailman (input) for mailman id 372928; Thu, 21 Jul 2022 19:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEc5m-0001iG-E2 for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 19:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEc5m-0001je-D6 for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 19:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEc5m-0008Gi-CA for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 19:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4Kw/3auS3bLlPEJrzGRjMsm5vMUieoL0qgM3CcbetMk=; b=CJZAC1/awgGs4SVMWJ54R0bvYX 3uFktF5MfU73nI/tZOIYNPW1XjaFB9TTX66xrm6eUV7fVQZg/Eyd0fKrTOQpMxYGUSbh+mcI3QjKN eZu7N5x5MjPCVlApm2nNTKMVNeO/PwPFrj+/1T902A1xfy4HtXFU8Hw8QVaJwEAUTN8o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation: add a templates for test jobs Message-Id: Date: Thu, 21 Jul 2022 19:44:14 +0000 commit 22c7a223319e198b511380624164529a671e41c4 Author: Anthony PERARD AuthorDate: Thu Jul 21 13:46:00 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Jul 21 20:42:40 2022 +0100 automation: add a templates for test jobs Allow to set common configuration from a single place for all tests jobs. Signed-off-by: Anthony PERARD Acked-by: Andrew Cooper --- automation/gitlab-ci/test.yaml | 81 ++++++++++-------------------------------- 1 file changed, 18 insertions(+), 63 deletions(-) diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 42cd725a12..53b43801f4 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -1,7 +1,15 @@ -# Test jobs -build-each-commit-gcc: +.test-jobs-common: stage: test image: registry.gitlab.com/xen-project/xen/${CONTAINER} + except: + - master + - smoke + - /^coverity-tested\/.*/ + - /^stable-.*/ + +# Test jobs +build-each-commit-gcc: + extends: .test-jobs-common variables: CONTAINER: debian:stretch XEN_TARGET_ARCH: x86_64 @@ -16,15 +24,9 @@ build-each-commit-gcc: dependencies: [] tags: - x86_64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-alpine-arm64-gcc: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:unstable-arm64v8 script: @@ -41,15 +43,9 @@ qemu-alpine-arm64-gcc: when: always tags: - arm64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-alpine-x86_64-gcc: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:stretch script: @@ -65,15 +61,9 @@ qemu-alpine-x86_64-gcc: when: always tags: - x86_64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-smoke-arm64-gcc: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:unstable-arm64v8 script: @@ -89,15 +79,9 @@ qemu-smoke-arm64-gcc: when: always tags: - arm64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-smoke-arm32-gcc: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:unstable-arm64v8 script: @@ -112,15 +96,9 @@ qemu-smoke-arm32-gcc: when: always tags: - arm64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-smoke-x86-64-gcc: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:stretch script: @@ -134,15 +112,9 @@ qemu-smoke-x86-64-gcc: - debian-stretch-gcc-debug tags: - x86_64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-smoke-x86-64-clang: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:stretch script: @@ -156,15 +128,9 @@ qemu-smoke-x86-64-clang: - debian-unstable-clang-debug tags: - x86_64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-smoke-x86-64-gcc-pvh: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:stretch script: @@ -178,15 +144,9 @@ qemu-smoke-x86-64-gcc-pvh: - debian-stretch-gcc-debug tags: - x86_64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-smoke-x86-64-clang-pvh: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:stretch script: @@ -200,8 +160,3 @@ qemu-smoke-x86-64-clang-pvh: - debian-unstable-clang-debug tags: - x86_64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Jul 21 19:44:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Jul 2022 19:44:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372929.605002 (Exim 4.92) (envelope-from ) id 1oEc5x-0001l5-Qp; Thu, 21 Jul 2022 19:44:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372929.605002; Thu, 21 Jul 2022 19:44:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEc5x-0001kx-O4; Thu, 21 Jul 2022 19:44:25 +0000 Received: by outflank-mailman (input) for mailman id 372929; Thu, 21 Jul 2022 19:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEc5w-0001kn-HA for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 19:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEc5w-0001jv-GE for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 19:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEc5w-0008HH-FH for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 19:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=y3Cu+iRr+NmL5q64J+cMB8siIAN0R18x9d9F1dv2aZA=; b=p7C9Vnk3ehbQqCDvhuvNuya+pT jUoCOYaj41Ktm4QeiMNCHboU4vEUx+DYfZ8LQCyiGEFpPWHngqh2roUeWISX7jLl3Wh2xilDefUXN G0kzElSjQJnG2qEbtE4W9snHMfe3q9gmjAnYJMVLssIxtdPF8JdoO8KbdiFqXqRiPezw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation: only run test artifact jobs when needed Message-Id: Date: Thu, 21 Jul 2022 19:44:24 +0000 commit aa45ffc115e6e2b31baff81a5294c5ac7b8c6b9d Author: Anthony PERARD AuthorDate: Thu Jul 21 13:46:01 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Jul 21 20:42:40 2022 +0100 automation: only run test artifact jobs when needed Share the same "except" as the one used for tests. Signed-off-by: Anthony PERARD Acked-by: Andrew Cooper --- automation/gitlab-ci/build.yaml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index 5eb7312754..23b306e7d0 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -567,10 +567,16 @@ alpine-3.12-gcc-debug-arm64: CONTAINER: alpine:3.12-arm64v8 +## Test artifacts common + +.test-jobs-artifact-common: + stage: build + except: !reference [.test-jobs-common, except] + # Arm test artifacts alpine-3.12-arm64-rootfs-export: - stage: build + extends: .test-jobs-artifact-common image: registry.gitlab.com/xen-project/xen/tests-artifacts/alpine:3.12-arm64v8 script: - mkdir binaries && cp /initrd.tar.gz binaries/initrd.tar.gz @@ -581,7 +587,7 @@ alpine-3.12-arm64-rootfs-export: - arm64 kernel-5.9.9-arm64-export: - stage: build + extends: .test-jobs-artifact-common image: registry.gitlab.com/xen-project/xen/tests-artifacts/kernel:5.9.9-arm64v8 script: - mkdir binaries && cp /Image binaries/Image @@ -592,7 +598,7 @@ kernel-5.9.9-arm64-export: - arm64 qemu-system-aarch64-6.0.0-arm64-export: - stage: build + extends: .test-jobs-artifact-common image: registry.gitlab.com/xen-project/xen/tests-artifacts/qemu-system-aarch64:6.0.0-arm64v8 script: - mkdir binaries && cp /qemu-system-aarch64 binaries/qemu-system-aarch64 @@ -603,7 +609,7 @@ qemu-system-aarch64-6.0.0-arm64-export: - arm64 qemu-system-aarch64-6.0.0-arm32-export: - stage: build + extends: .test-jobs-artifact-common image: registry.gitlab.com/xen-project/xen/tests-artifacts/qemu-system-aarch64:6.0.0-arm64v8 script: - mkdir binaries && cp /qemu-system-arm binaries/qemu-system-arm @@ -616,7 +622,7 @@ qemu-system-aarch64-6.0.0-arm32-export: # x86_64 test artifacts alpine-3.12-rootfs-export: - stage: build + extends: .test-jobs-artifact-common image: registry.gitlab.com/xen-project/xen/tests-artifacts/alpine:3.12 script: - mkdir binaries && cp /initrd.tar.gz binaries/initrd.tar.gz @@ -627,7 +633,7 @@ alpine-3.12-rootfs-export: - x86_64 kernel-5.10.74-export: - stage: build + extends: .test-jobs-artifact-common image: registry.gitlab.com/xen-project/xen/tests-artifacts/kernel:5.10.74 script: - mkdir binaries && cp /bzImage binaries/bzImage -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Jul 21 19:44:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Jul 2022 19:44:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.372930.605008 (Exim 4.92) (envelope-from ) id 1oEc67-0001o3-Tx; Thu, 21 Jul 2022 19:44:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 372930.605008; Thu, 21 Jul 2022 19:44:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEc67-0001nr-Pe; Thu, 21 Jul 2022 19:44:35 +0000 Received: by outflank-mailman (input) for mailman id 372930; Thu, 21 Jul 2022 19:44:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEc66-0001nj-K7 for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 19:44:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEc66-0001k7-JC for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 19:44:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEc66-0008Ho-IM for xen-changelog@lists.xenproject.org; Thu, 21 Jul 2022 19:44:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FYk6AvlV6lG/Idp6/a3mfHQAwMJ43O6n6ZO5mhaJyz8=; b=RKUFbq1qPjDQwOmnFXDGYy7JDT lDH17fdY5LLYREyma3AxamZWqIyaN+f2bfhtBHGHKbauF3KQF/Uh6xoINQVyd1R6KzJnuTFU7JC5b A578Dm1H/+kmJfC9kbpwE+isXmuEhpnr3K/l2QTLNlPnHLwPzmefdU1/B9fcYNLO89oQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation: use "needs" instead of "dependencies" for test jobs Message-Id: Date: Thu, 21 Jul 2022 19:44:34 +0000 commit fcd27b3c759995775afb66be6bb7ba1e85da0506 Author: Anthony PERARD AuthorDate: Thu Jul 21 13:46:02 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Jul 21 20:42:40 2022 +0100 automation: use "needs" instead of "dependencies" for test jobs Like with "dependencies", the jobs will get artifacts from the jobs listed in "needs". But the test jobs can run as soon as the build jobs listed have finished. Signed-off-by: Anthony PERARD Acked-by: Andrew Cooper --- automation/gitlab-ci/test.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 53b43801f4..26bdbcc3ea 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -21,7 +21,7 @@ build-each-commit-gcc: paths: - '*.log' when: always - dependencies: [] + needs: [] tags: - x86_64 @@ -31,7 +31,7 @@ qemu-alpine-arm64-gcc: CONTAINER: debian:unstable-arm64v8 script: - ./automation/scripts/qemu-alpine-arm64.sh 2>&1 | tee qemu-smoke-arm64.log - dependencies: + needs: - alpine-3.12-gcc-arm64 - alpine-3.12-arm64-rootfs-export - kernel-5.9.9-arm64-export @@ -50,7 +50,7 @@ qemu-alpine-x86_64-gcc: CONTAINER: debian:stretch script: - ./automation/scripts/qemu-alpine-x86_64.sh 2>&1 | tee qemu-smoke-x86_64.log - dependencies: + needs: - alpine-3.12-gcc - alpine-3.12-rootfs-export - kernel-5.10.74-export @@ -68,7 +68,7 @@ qemu-smoke-arm64-gcc: CONTAINER: debian:unstable-arm64v8 script: - ./automation/scripts/qemu-smoke-arm64.sh 2>&1 | tee qemu-smoke-arm64.log - dependencies: + needs: - debian-unstable-gcc-arm64 - kernel-5.9.9-arm64-export - qemu-system-aarch64-6.0.0-arm64-export @@ -86,7 +86,7 @@ qemu-smoke-arm32-gcc: CONTAINER: debian:unstable-arm64v8 script: - ./automation/scripts/qemu-smoke-arm32.sh 2>&1 | tee qemu-smoke-arm32.log - dependencies: + needs: - debian-unstable-gcc-arm32 - qemu-system-aarch64-6.0.0-arm32-export artifacts: @@ -108,7 +108,7 @@ qemu-smoke-x86-64-gcc: - smoke.serial - '*.log' when: always - dependencies: + needs: - debian-stretch-gcc-debug tags: - x86_64 @@ -124,7 +124,7 @@ qemu-smoke-x86-64-clang: - smoke.serial - '*.log' when: always - dependencies: + needs: - debian-unstable-clang-debug tags: - x86_64 @@ -140,7 +140,7 @@ qemu-smoke-x86-64-gcc-pvh: - smoke.serial - '*.log' when: always - dependencies: + needs: - debian-stretch-gcc-debug tags: - x86_64 @@ -156,7 +156,7 @@ qemu-smoke-x86-64-clang-pvh: - smoke.serial - '*.log' when: always - dependencies: + needs: - debian-unstable-clang-debug tags: - x86_64 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 22 14:22:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Jul 2022 14:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.373283.605398 (Exim 4.92) (envelope-from ) id 1oEtXY-0000J4-32; Fri, 22 Jul 2022 14:22:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 373283.605398; Fri, 22 Jul 2022 14:22:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEtXX-0000Is-VD; Fri, 22 Jul 2022 14:22:03 +0000 Received: by outflank-mailman (input) for mailman id 373283; Fri, 22 Jul 2022 14:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEtXW-0000GP-1f for xen-changelog@lists.xenproject.org; Fri, 22 Jul 2022 14:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEtXW-0005un-0h for xen-changelog@lists.xenproject.org; Fri, 22 Jul 2022 14:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEtXV-0006jB-W3 for xen-changelog@lists.xenproject.org; Fri, 22 Jul 2022 14:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iTcx2ccfFWxbY6eDl4QsvZNAsMJveHVLh/8B1sDgBY4=; b=V3JzysooivIahrD1wUgfdjY/3o zPIWZB2mX0zd6DleFIasC9HYSa+wzOmkWMtShLcLNK45geKHC7rGKh4aFFe9Zs9ivPqgE4FQlehqB wbbpTcVvdyGl6YFdQCGoCSn8muCvRNc+rG2Tbb2zMLxWMxxHutTqiOtKPV2u7W7ZCX1s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] automation: fix typo in .gcc-tmpl Message-Id: Date: Fri, 22 Jul 2022 14:22:01 +0000 commit da8ff5be796e061e408a8b7a58bf8030c49399a6 Author: Anthony PERARD AuthorDate: Thu Jul 21 13:45:59 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Jul 21 20:42:40 2022 +0100 automation: fix typo in .gcc-tmpl The name of the field doesn't matter because it's use as a YAML achor, but it's nicer to have the proper spelling. Signed-off-by: Anthony PERARD Acked-by: Andrew Cooper --- automation/gitlab-ci/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index 72f2a317ac..5eb7312754 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -17,7 +17,7 @@ - /^stable-.*/ .gcc-tmpl: - variabes: &gcc + variables: &gcc CC: gcc CXX: g++ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Jul 22 14:22:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Jul 2022 14:22:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.373287.605404 (Exim 4.92) (envelope-from ) id 1oEtXi-0000Sb-4f; Fri, 22 Jul 2022 14:22:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 373287.605404; Fri, 22 Jul 2022 14:22:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEtXi-0000ST-0b; Fri, 22 Jul 2022 14:22:14 +0000 Received: by outflank-mailman (input) for mailman id 373287; Fri, 22 Jul 2022 14:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEtXg-0000Pe-4Z for xen-changelog@lists.xenproject.org; Fri, 22 Jul 2022 14:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEtXg-0005uv-3h for xen-changelog@lists.xenproject.org; Fri, 22 Jul 2022 14:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEtXg-0006ja-2s for xen-changelog@lists.xenproject.org; Fri, 22 Jul 2022 14:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MHF8Qi/+UhaQuZkBblVvnHXpTj/wJ0zvv5CbY3sLhOE=; b=Q892R7eUbBR1oDwqKjKRR8N8JF QfYacclRXhwfwAoAjlDaqacx8rKSNrhfYWV3sCxEJvytmWh4MGFUoUg1X09lCUgTLJYZnl0EPpPQG KraXdw/BLjU1Gjs/Nz4/SGHXfReCCGovjGI5czr8UuM5sd9ShndCHXStRz/UUxvl9u/s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] automation: add a templates for test jobs Message-Id: Date: Fri, 22 Jul 2022 14:22:12 +0000 commit 22c7a223319e198b511380624164529a671e41c4 Author: Anthony PERARD AuthorDate: Thu Jul 21 13:46:00 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Jul 21 20:42:40 2022 +0100 automation: add a templates for test jobs Allow to set common configuration from a single place for all tests jobs. Signed-off-by: Anthony PERARD Acked-by: Andrew Cooper --- automation/gitlab-ci/test.yaml | 81 ++++++++++-------------------------------- 1 file changed, 18 insertions(+), 63 deletions(-) diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 42cd725a12..53b43801f4 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -1,7 +1,15 @@ -# Test jobs -build-each-commit-gcc: +.test-jobs-common: stage: test image: registry.gitlab.com/xen-project/xen/${CONTAINER} + except: + - master + - smoke + - /^coverity-tested\/.*/ + - /^stable-.*/ + +# Test jobs +build-each-commit-gcc: + extends: .test-jobs-common variables: CONTAINER: debian:stretch XEN_TARGET_ARCH: x86_64 @@ -16,15 +24,9 @@ build-each-commit-gcc: dependencies: [] tags: - x86_64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-alpine-arm64-gcc: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:unstable-arm64v8 script: @@ -41,15 +43,9 @@ qemu-alpine-arm64-gcc: when: always tags: - arm64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-alpine-x86_64-gcc: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:stretch script: @@ -65,15 +61,9 @@ qemu-alpine-x86_64-gcc: when: always tags: - x86_64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-smoke-arm64-gcc: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:unstable-arm64v8 script: @@ -89,15 +79,9 @@ qemu-smoke-arm64-gcc: when: always tags: - arm64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-smoke-arm32-gcc: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:unstable-arm64v8 script: @@ -112,15 +96,9 @@ qemu-smoke-arm32-gcc: when: always tags: - arm64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-smoke-x86-64-gcc: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:stretch script: @@ -134,15 +112,9 @@ qemu-smoke-x86-64-gcc: - debian-stretch-gcc-debug tags: - x86_64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-smoke-x86-64-clang: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:stretch script: @@ -156,15 +128,9 @@ qemu-smoke-x86-64-clang: - debian-unstable-clang-debug tags: - x86_64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-smoke-x86-64-gcc-pvh: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:stretch script: @@ -178,15 +144,9 @@ qemu-smoke-x86-64-gcc-pvh: - debian-stretch-gcc-debug tags: - x86_64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ qemu-smoke-x86-64-clang-pvh: - stage: test - image: registry.gitlab.com/xen-project/xen/${CONTAINER} + extends: .test-jobs-common variables: CONTAINER: debian:stretch script: @@ -200,8 +160,3 @@ qemu-smoke-x86-64-clang-pvh: - debian-unstable-clang-debug tags: - x86_64 - except: - - master - - smoke - - /^coverity-tested\/.*/ - - /^stable-.*/ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Jul 22 14:22:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Jul 2022 14:22:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.373289.605407 (Exim 4.92) (envelope-from ) id 1oEtXs-0000b6-5M; Fri, 22 Jul 2022 14:22:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 373289.605407; Fri, 22 Jul 2022 14:22:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEtXs-0000ax-27; Fri, 22 Jul 2022 14:22:24 +0000 Received: by outflank-mailman (input) for mailman id 373289; Fri, 22 Jul 2022 14:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEtXq-0000Z9-7Z for xen-changelog@lists.xenproject.org; Fri, 22 Jul 2022 14:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEtXq-0005v9-6d for xen-changelog@lists.xenproject.org; Fri, 22 Jul 2022 14:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEtXq-0006jz-60 for xen-changelog@lists.xenproject.org; Fri, 22 Jul 2022 14:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=88MloUDDmpP1HYVBJ+ePIktsm6Frl7B+31vmai5OMP0=; b=qPuueN+d/EUZlU8kL62U4czzCb EEAV56axKfJxbI5gEXWR9w0v+Hf8xr7/O8Ce2JOBUAIPipNiSY3IfUnjtrm45o+jjkVYqcDqkDKSk chtigyudkPwRGyxM7EKl/Ehc89kSIZBAGsDKtHItl0aGfk2n0TfPqT8aJ5jE1jPLXADc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] automation: only run test artifact jobs when needed Message-Id: Date: Fri, 22 Jul 2022 14:22:22 +0000 commit aa45ffc115e6e2b31baff81a5294c5ac7b8c6b9d Author: Anthony PERARD AuthorDate: Thu Jul 21 13:46:01 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Jul 21 20:42:40 2022 +0100 automation: only run test artifact jobs when needed Share the same "except" as the one used for tests. Signed-off-by: Anthony PERARD Acked-by: Andrew Cooper --- automation/gitlab-ci/build.yaml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index 5eb7312754..23b306e7d0 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -567,10 +567,16 @@ alpine-3.12-gcc-debug-arm64: CONTAINER: alpine:3.12-arm64v8 +## Test artifacts common + +.test-jobs-artifact-common: + stage: build + except: !reference [.test-jobs-common, except] + # Arm test artifacts alpine-3.12-arm64-rootfs-export: - stage: build + extends: .test-jobs-artifact-common image: registry.gitlab.com/xen-project/xen/tests-artifacts/alpine:3.12-arm64v8 script: - mkdir binaries && cp /initrd.tar.gz binaries/initrd.tar.gz @@ -581,7 +587,7 @@ alpine-3.12-arm64-rootfs-export: - arm64 kernel-5.9.9-arm64-export: - stage: build + extends: .test-jobs-artifact-common image: registry.gitlab.com/xen-project/xen/tests-artifacts/kernel:5.9.9-arm64v8 script: - mkdir binaries && cp /Image binaries/Image @@ -592,7 +598,7 @@ kernel-5.9.9-arm64-export: - arm64 qemu-system-aarch64-6.0.0-arm64-export: - stage: build + extends: .test-jobs-artifact-common image: registry.gitlab.com/xen-project/xen/tests-artifacts/qemu-system-aarch64:6.0.0-arm64v8 script: - mkdir binaries && cp /qemu-system-aarch64 binaries/qemu-system-aarch64 @@ -603,7 +609,7 @@ qemu-system-aarch64-6.0.0-arm64-export: - arm64 qemu-system-aarch64-6.0.0-arm32-export: - stage: build + extends: .test-jobs-artifact-common image: registry.gitlab.com/xen-project/xen/tests-artifacts/qemu-system-aarch64:6.0.0-arm64v8 script: - mkdir binaries && cp /qemu-system-arm binaries/qemu-system-arm @@ -616,7 +622,7 @@ qemu-system-aarch64-6.0.0-arm32-export: # x86_64 test artifacts alpine-3.12-rootfs-export: - stage: build + extends: .test-jobs-artifact-common image: registry.gitlab.com/xen-project/xen/tests-artifacts/alpine:3.12 script: - mkdir binaries && cp /initrd.tar.gz binaries/initrd.tar.gz @@ -627,7 +633,7 @@ alpine-3.12-rootfs-export: - x86_64 kernel-5.10.74-export: - stage: build + extends: .test-jobs-artifact-common image: registry.gitlab.com/xen-project/xen/tests-artifacts/kernel:5.10.74 script: - mkdir binaries && cp /bzImage binaries/bzImage -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Jul 22 14:22:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 22 Jul 2022 14:22:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.373291.605412 (Exim 4.92) (envelope-from ) id 1oEtY2-0000eV-79; Fri, 22 Jul 2022 14:22:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 373291.605412; Fri, 22 Jul 2022 14:22:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEtY2-0000eN-3p; Fri, 22 Jul 2022 14:22:34 +0000 Received: by outflank-mailman (input) for mailman id 373291; Fri, 22 Jul 2022 14:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEtY0-0000dn-BF for xen-changelog@lists.xenproject.org; Fri, 22 Jul 2022 14:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oEtY0-0005vN-AL for xen-changelog@lists.xenproject.org; Fri, 22 Jul 2022 14:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oEtY0-0006kO-8m for xen-changelog@lists.xenproject.org; Fri, 22 Jul 2022 14:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kqSaysUhYFE6WXORItkjdZOJWjdcIvJJujX8ieA0UTo=; b=VzSb92mxiI6sQWgEAPbXSmWktx 1gax47lFEIWMEp7lyfuIwYBLgE3D/dqR+Zb813ytRR6PAKsiqfxHwTlNo/vpVgRISJka7thbkbnBZ 7fZVnQmD1Svc38z8DaAonUmW20r0ZIqMcgeKEpPbt4cBtfbb35Z0zPIzN8eIbfloOB3E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] automation: use "needs" instead of "dependencies" for test jobs Message-Id: Date: Fri, 22 Jul 2022 14:22:32 +0000 commit fcd27b3c759995775afb66be6bb7ba1e85da0506 Author: Anthony PERARD AuthorDate: Thu Jul 21 13:46:02 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Jul 21 20:42:40 2022 +0100 automation: use "needs" instead of "dependencies" for test jobs Like with "dependencies", the jobs will get artifacts from the jobs listed in "needs". But the test jobs can run as soon as the build jobs listed have finished. Signed-off-by: Anthony PERARD Acked-by: Andrew Cooper --- automation/gitlab-ci/test.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 53b43801f4..26bdbcc3ea 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -21,7 +21,7 @@ build-each-commit-gcc: paths: - '*.log' when: always - dependencies: [] + needs: [] tags: - x86_64 @@ -31,7 +31,7 @@ qemu-alpine-arm64-gcc: CONTAINER: debian:unstable-arm64v8 script: - ./automation/scripts/qemu-alpine-arm64.sh 2>&1 | tee qemu-smoke-arm64.log - dependencies: + needs: - alpine-3.12-gcc-arm64 - alpine-3.12-arm64-rootfs-export - kernel-5.9.9-arm64-export @@ -50,7 +50,7 @@ qemu-alpine-x86_64-gcc: CONTAINER: debian:stretch script: - ./automation/scripts/qemu-alpine-x86_64.sh 2>&1 | tee qemu-smoke-x86_64.log - dependencies: + needs: - alpine-3.12-gcc - alpine-3.12-rootfs-export - kernel-5.10.74-export @@ -68,7 +68,7 @@ qemu-smoke-arm64-gcc: CONTAINER: debian:unstable-arm64v8 script: - ./automation/scripts/qemu-smoke-arm64.sh 2>&1 | tee qemu-smoke-arm64.log - dependencies: + needs: - debian-unstable-gcc-arm64 - kernel-5.9.9-arm64-export - qemu-system-aarch64-6.0.0-arm64-export @@ -86,7 +86,7 @@ qemu-smoke-arm32-gcc: CONTAINER: debian:unstable-arm64v8 script: - ./automation/scripts/qemu-smoke-arm32.sh 2>&1 | tee qemu-smoke-arm32.log - dependencies: + needs: - debian-unstable-gcc-arm32 - qemu-system-aarch64-6.0.0-arm32-export artifacts: @@ -108,7 +108,7 @@ qemu-smoke-x86-64-gcc: - smoke.serial - '*.log' when: always - dependencies: + needs: - debian-stretch-gcc-debug tags: - x86_64 @@ -124,7 +124,7 @@ qemu-smoke-x86-64-clang: - smoke.serial - '*.log' when: always - dependencies: + needs: - debian-unstable-clang-debug tags: - x86_64 @@ -140,7 +140,7 @@ qemu-smoke-x86-64-gcc-pvh: - smoke.serial - '*.log' when: always - dependencies: + needs: - debian-stretch-gcc-debug tags: - x86_64 @@ -156,7 +156,7 @@ qemu-smoke-x86-64-clang-pvh: - smoke.serial - '*.log' when: always - dependencies: + needs: - debian-unstable-clang-debug tags: - x86_64 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:55:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:55:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374614.606671 (Exim 4.92) (envelope-from ) id 1oFyY6-0003w3-Qy; Mon, 25 Jul 2022 13:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374614.606671; Mon, 25 Jul 2022 13:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyY6-0003vv-OC; Mon, 25 Jul 2022 13:55:06 +0000 Received: by outflank-mailman (input) for mailman id 374614; Mon, 25 Jul 2022 13:55:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyY5-0003vp-FM for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyY5-0008Fc-At for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyY5-0002nT-8S for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JSyu/hCzIRyXQvu+6aZqRuvmdPvQe6PoAbaq5sDRVs0=; b=2wlbJ2CPp8HU8l7JCkMg1Imm3E 9wrYLXc2+Mlofl27pA4mH/hDJQ6O9FUnnb1/0Dz0dF1wQdEf3SrNI8EcZx5JSrRzSMAYN9uDaRtPC +MIn1R/0PtsX3l2IOa73NbZSQ8+SbUzCAxqReFQweN0CeRZ6cdGluSwzCNqr6iWRfEvw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] iommu: add preemption support to iommu_{un,}map() Message-Id: Date: Mon, 25 Jul 2022 13:55:05 +0000 commit c519819ff5c61ae8b36509c9e8ed9d2a2fdac886 Author: Roger Pau Monné AuthorDate: Mon Jul 25 15:31:41 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:31:41 2022 +0200 iommu: add preemption support to iommu_{un,}map() The loop in iommu_{,un}map() can be arbitrary large, and as such it needs to handle preemption. Introduce a new flag that signals whether the function should do preemption checks, returning the number of pages that have been processed in case a need for preemption was actually found. Note that the cleanup done in iommu_map() can now be incomplete if preemption has happened, and hence callers would need to take care of unmapping the whole range (ie: ranges already mapped by previously preempted calls). So far none of the callers care about having those ranges unmapped, so error handling in arch_iommu_hwdom_init() can be kept as-is. Note that iommu_legacy_{un,}map() are left without preemption handling: callers of those interfaces aren't going to modified to pass bigger chunks, and hence the functions won't be modified as they are legacy and uses should be replaced with iommu_{un,}map() instead if preemption is required. Signed-off-by: Roger Pau Monné Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/iommu.c | 38 +++++++++++++++++++++++++++----------- xen/include/xen/iommu.h | 23 +++++++++++++++-------- 2 files changed, 42 insertions(+), 19 deletions(-) diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 77f64e6174..1eae9393b2 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -308,13 +308,13 @@ static unsigned int mapping_order(const struct domain_iommu *hd, return order; } -int iommu_map(struct domain *d, dfn_t dfn0, mfn_t mfn0, - unsigned long page_count, unsigned int flags, - unsigned int *flush_flags) +long iommu_map(struct domain *d, dfn_t dfn0, mfn_t mfn0, + unsigned long page_count, unsigned int flags, + unsigned int *flush_flags) { const struct domain_iommu *hd = dom_iommu(d); unsigned long i; - unsigned int order; + unsigned int order, j = 0; int rc = 0; if ( !is_iommu_enabled(d) ) @@ -329,6 +329,11 @@ int iommu_map(struct domain *d, dfn_t dfn0, mfn_t mfn0, order = mapping_order(hd, dfn, mfn, page_count - i); + if ( (flags & IOMMUF_preempt) && + ((!(++j & 0xfff) && general_preempt_check()) || + i > LONG_MAX - (1UL << order)) ) + return i; + rc = iommu_call(hd->platform_ops, map_page, d, dfn, mfn, flags | IOMMUF_order(order), flush_flags); @@ -341,7 +346,7 @@ int iommu_map(struct domain *d, dfn_t dfn0, mfn_t mfn0, d->domain_id, dfn_x(dfn), mfn_x(mfn), rc); /* while statement to satisfy __must_check */ - while ( iommu_unmap(d, dfn0, i, flush_flags) ) + while ( iommu_unmap(d, dfn0, i, 0, flush_flags) ) break; if ( !is_hardware_domain(d) ) @@ -365,7 +370,10 @@ int iommu_legacy_map(struct domain *d, dfn_t dfn, mfn_t mfn, unsigned long page_count, unsigned int flags) { unsigned int flush_flags = 0; - int rc = iommu_map(d, dfn, mfn, page_count, flags, &flush_flags); + int rc; + + ASSERT(!(flags & IOMMUF_preempt)); + rc = iommu_map(d, dfn, mfn, page_count, flags, &flush_flags); if ( !this_cpu(iommu_dont_flush_iotlb) && !rc ) rc = iommu_iotlb_flush(d, dfn, page_count, flush_flags); @@ -373,25 +381,33 @@ int iommu_legacy_map(struct domain *d, dfn_t dfn, mfn_t mfn, return rc; } -int iommu_unmap(struct domain *d, dfn_t dfn0, unsigned long page_count, - unsigned int *flush_flags) +long iommu_unmap(struct domain *d, dfn_t dfn0, unsigned long page_count, + unsigned int flags, unsigned int *flush_flags) { const struct domain_iommu *hd = dom_iommu(d); unsigned long i; - unsigned int order; + unsigned int order, j = 0; int rc = 0; if ( !is_iommu_enabled(d) ) return 0; + ASSERT(!(flags & ~IOMMUF_preempt)); + for ( i = 0; i < page_count; i += 1UL << order ) { dfn_t dfn = dfn_add(dfn0, i); int err; order = mapping_order(hd, dfn, _mfn(0), page_count - i); + + if ( (flags & IOMMUF_preempt) && + ((!(++j & 0xfff) && general_preempt_check()) || + i > LONG_MAX - (1UL << order)) ) + return i; + err = iommu_call(hd->platform_ops, unmap_page, d, dfn, - order, flush_flags); + flags | IOMMUF_order(order), flush_flags); if ( likely(!err) ) continue; @@ -425,7 +441,7 @@ int iommu_unmap(struct domain *d, dfn_t dfn0, unsigned long page_count, int iommu_legacy_unmap(struct domain *d, dfn_t dfn, unsigned long page_count) { unsigned int flush_flags = 0; - int rc = iommu_unmap(d, dfn, page_count, &flush_flags); + int rc = iommu_unmap(d, dfn, page_count, 0, &flush_flags); if ( !this_cpu(iommu_dont_flush_iotlb) && !rc ) rc = iommu_iotlb_flush(d, dfn, page_count, flush_flags); diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 79529adf1f..1240d7762d 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -124,14 +124,15 @@ void arch_iommu_check_autotranslated_hwdom(struct domain *d); void arch_iommu_hwdom_init(struct domain *d); /* - * The following flags are passed to map operations and passed by lookup - * operations. + * The following flags are passed to map (applicable ones also to unmap) + * operations, while some are passed back by lookup operations. */ #define IOMMUF_order(n) ((n) & 0x3f) #define _IOMMUF_readable 6 #define IOMMUF_readable (1u<<_IOMMUF_readable) #define _IOMMUF_writable 7 #define IOMMUF_writable (1u<<_IOMMUF_writable) +#define IOMMUF_preempt (1u << 8) /* * flush_flags: @@ -153,12 +154,18 @@ enum #define IOMMU_FLUSHF_modified (1u << _IOMMU_FLUSHF_modified) #define IOMMU_FLUSHF_all (1u << _IOMMU_FLUSHF_all) -int __must_check iommu_map(struct domain *d, dfn_t dfn, mfn_t mfn, - unsigned long page_count, unsigned int flags, - unsigned int *flush_flags); -int __must_check iommu_unmap(struct domain *d, dfn_t dfn, - unsigned long page_count, - unsigned int *flush_flags); +/* + * For both of these: Negative return values are error indicators. Zero + * indicates full successful completion of the request, while positive + * values indicate partial completion, which is possible only with + * IOMMUF_preempt passed in. + */ +long __must_check iommu_map(struct domain *d, dfn_t dfn, mfn_t mfn, + unsigned long page_count, unsigned int flags, + unsigned int *flush_flags); +long __must_check iommu_unmap(struct domain *d, dfn_t dfn, + unsigned long page_count, unsigned int flags, + unsigned int *flush_flags); int __must_check iommu_legacy_map(struct domain *d, dfn_t dfn, mfn_t mfn, unsigned long page_count, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374615.606675 (Exim 4.92) (envelope-from ) id 1oFyYG-0003y3-SR; Mon, 25 Jul 2022 13:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374615.606675; Mon, 25 Jul 2022 13:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYG-0003xv-Ph; Mon, 25 Jul 2022 13:55:16 +0000 Received: by outflank-mailman (input) for mailman id 374615; Mon, 25 Jul 2022 13:55:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYF-0003xk-F6 for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYF-0008Fg-EC for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyYF-0002nz-DI for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KC4aR9zFMaOUwq+TSmcfNmXmF5Qv8rYYLrrA7cZHRLI=; b=MPX8dcVoIqvn2TeG0CbsCDto7W oQphEj6m4l9nmN3gkeVM/LZYhJSBaQ3o43z5WJjTRt9cuX9rvjimv0o5okhIJofWsgz8IvM7E2Ght qIx+lfWv8B4iN4StLQbepCXEhabdbLyN/PzLUpyfLWGIjYy749ICCtw1yBvzQs3sEXjc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU/x86: perform PV Dom0 mappings in batches Message-Id: Date: Mon, 25 Jul 2022 13:55:15 +0000 commit c1e1564c8995d8a08891bd9313e4289bbe4662b4 Author: Jan Beulich AuthorDate: Mon Jul 25 15:32:59 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:32:59 2022 +0200 IOMMU/x86: perform PV Dom0 mappings in batches For large page mappings to be easily usable (i.e. in particular without un-shattering of smaller page mappings) and for mapping operations to then also be more efficient, pass batches of Dom0 memory to iommu_map(). In dom0_construct_pv() and its helpers (covering strict mode) this additionally requires establishing the type of those pages (albeit with zero type references). The earlier establishing of PGT_writable_page | PGT_validated requires the existing places where this gets done (through get_page_and_type()) to be updated: For pages which actually have a mapping, the type refcount needs to be 1. There is actually a related bug that gets fixed here as a side effect: Typically the last L1 table would get marked as such only after get_page_and_type(..., PGT_writable_page). While this is fine as far as refcounting goes, the page did remain mapped in the IOMMU in this case (when "iommu=dom0-strict"). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/arch/x86/pv/dom0_build.c | 97 ++++++++++++++++++++++++++++++++++--- xen/drivers/passthrough/x86/iommu.c | 52 +++++++++++++++----- 2 files changed, 129 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index e501979a86..323c49b0bd 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -46,7 +46,8 @@ void __init dom0_update_physmap(bool compat, unsigned long pfn, static __init void mark_pv_pt_pages_rdonly(struct domain *d, l4_pgentry_t *l4start, unsigned long vpt_start, - unsigned long nr_pt_pages) + unsigned long nr_pt_pages, + unsigned int *flush_flags) { unsigned long count; struct page_info *page; @@ -71,6 +72,14 @@ static __init void mark_pv_pt_pages_rdonly(struct domain *d, ASSERT((page->u.inuse.type_info & PGT_type_mask) <= PGT_root_page_table); ASSERT(!(page->u.inuse.type_info & ~(PGT_type_mask | PGT_pae_xen_l2))); + /* + * Page table pages need to be removed from the IOMMU again in case + * iommu_memory_setup() ended up mapping them. + */ + if ( need_iommu_pt_sync(d) && + iommu_unmap(d, _dfn(mfn_x(page_to_mfn(page))), 1, 0, flush_flags) ) + BUG(); + /* Read-only mapping + PGC_allocated + page-table page. */ page->count_info = PGC_allocated | 3; page->u.inuse.type_info |= PGT_validated | 1; @@ -107,11 +116,56 @@ static __init void mark_pv_pt_pages_rdonly(struct domain *d, unmap_domain_page(pl3e); } +static void __init iommu_memory_setup(struct domain *d, const char *what, + struct page_info *page, unsigned long nr, + unsigned int *flush_flags) +{ + long rc; + mfn_t mfn = page_to_mfn(page); + + if ( !need_iommu_pt_sync(d) ) + return; + + while ( (rc = iommu_map(d, _dfn(mfn_x(mfn)), mfn, nr, + IOMMUF_readable | IOMMUF_writable | IOMMUF_preempt, + flush_flags)) > 0 ) + { + mfn_add(mfn, rc); + nr -= rc; + /* See comment below. */ + for ( ; rc--; ++page ) + { + ASSERT(!page->u.inuse.type_info); + page->u.inuse.type_info = PGT_writable_page | PGT_validated; + } + process_pending_softirqs(); + } + if ( rc ) + { + printk(XENLOG_ERR + "pre-mapping %s MFN [%lx,%lx) into IOMMU failed: %ld\n", + what, mfn_x(mfn), mfn_x(mfn) + nr, rc); + return; + } + + /* + * For successfully established IOMMU mappings the type of the page(s) + * needs to match (for _get_page_type() to unmap upon type change). Set + * the page(s) to writable with no type ref. + */ + for ( ; nr--; ++page ) + { + ASSERT(!page->u.inuse.type_info); + page->u.inuse.type_info = PGT_writable_page | PGT_validated; + } +} + static __init void setup_pv_physmap(struct domain *d, unsigned long pgtbl_pfn, unsigned long v_start, unsigned long v_end, unsigned long vphysmap_start, unsigned long vphysmap_end, - unsigned long nr_pages) + unsigned long nr_pages, + unsigned int *flush_flags) { struct page_info *page = NULL; l4_pgentry_t *pl4e, *l4start = map_domain_page(_mfn(pgtbl_pfn)); @@ -177,6 +231,10 @@ static __init void setup_pv_physmap(struct domain *d, unsigned long pgtbl_pfn, L3_PAGETABLE_SHIFT - PAGE_SHIFT, MEMF_no_scrub)) != NULL ) { + iommu_memory_setup(d, "P2M 1G", page, + SUPERPAGE_PAGES * SUPERPAGE_PAGES, + flush_flags); + *pl3e = l3e_from_page(page, L1_PROT|_PAGE_DIRTY|_PAGE_PSE); vphysmap_start += 1UL << L3_PAGETABLE_SHIFT; continue; @@ -203,6 +261,9 @@ static __init void setup_pv_physmap(struct domain *d, unsigned long pgtbl_pfn, L2_PAGETABLE_SHIFT - PAGE_SHIFT, MEMF_no_scrub)) != NULL ) { + iommu_memory_setup(d, "P2M 2M", page, SUPERPAGE_PAGES, + flush_flags); + *pl2e = l2e_from_page(page, L1_PROT|_PAGE_DIRTY|_PAGE_PSE); vphysmap_start += 1UL << L2_PAGETABLE_SHIFT; continue; @@ -311,6 +372,7 @@ int __init dom0_construct_pv(struct domain *d, unsigned long initrd_pfn = -1, initrd_mfn = 0; unsigned long count; struct page_info *page = NULL; + unsigned int flush_flags = 0; start_info_t *si; struct vcpu *v = d->vcpu[0]; void *image_base = bootstrap_map(image); @@ -573,6 +635,9 @@ int __init dom0_construct_pv(struct domain *d, BUG(); } initrd->mod_end = 0; + + iommu_memory_setup(d, "initrd", mfn_to_page(_mfn(initrd_mfn)), + PFN_UP(initrd_len), &flush_flags); } printk("PHYSICAL MEMORY ARRANGEMENT:\n" @@ -606,6 +671,13 @@ int __init dom0_construct_pv(struct domain *d, process_pending_softirqs(); + /* + * Map the full range here and then punch holes for page tables + * alongside marking them as such in mark_pv_pt_pages_rdonly(). + */ + iommu_memory_setup(d, "init-alloc", mfn_to_page(_mfn(alloc_spfn)), + alloc_epfn - alloc_spfn, &flush_flags); + mpt_alloc = (vpt_start - v_start) + pfn_to_paddr(alloc_spfn); if ( vinitrd_start ) mpt_alloc -= PAGE_ALIGN(initrd_len); @@ -690,7 +762,8 @@ int __init dom0_construct_pv(struct domain *d, l1tab++; page = mfn_to_page(_mfn(mfn)); - if ( !page->u.inuse.type_info && + if ( (!page->u.inuse.type_info || + page->u.inuse.type_info == (PGT_writable_page | PGT_validated)) && !get_page_and_type(page, d, PGT_writable_page) ) BUG(); } @@ -719,7 +792,7 @@ int __init dom0_construct_pv(struct domain *d, } /* Pages that are part of page tables must be read only. */ - mark_pv_pt_pages_rdonly(d, l4start, vpt_start, nr_pt_pages); + mark_pv_pt_pages_rdonly(d, l4start, vpt_start, nr_pt_pages, &flush_flags); /* Mask all upcalls... */ for ( i = 0; i < XEN_LEGACY_MAX_VCPUS; i++ ) @@ -794,7 +867,7 @@ int __init dom0_construct_pv(struct domain *d, { pfn = pagetable_get_pfn(v->arch.guest_table); setup_pv_physmap(d, pfn, v_start, v_end, vphysmap_start, vphysmap_end, - nr_pages); + nr_pages, &flush_flags); } /* Write the phys->machine and machine->phys table entries. */ @@ -825,7 +898,9 @@ int __init dom0_construct_pv(struct domain *d, if ( get_gpfn_from_mfn(mfn) >= count ) { BUG_ON(compat); - if ( !page->u.inuse.type_info && + if ( (!page->u.inuse.type_info || + page->u.inuse.type_info == (PGT_writable_page | + PGT_validated)) && !get_page_and_type(page, d, PGT_writable_page) ) BUG(); @@ -841,8 +916,12 @@ int __init dom0_construct_pv(struct domain *d, #endif while ( pfn < nr_pages ) { - if ( (page = alloc_chunk(d, nr_pages - domain_tot_pages(d))) == NULL ) + count = domain_tot_pages(d); + if ( (page = alloc_chunk(d, nr_pages - count)) == NULL ) panic("Not enough RAM for DOM0 reservation\n"); + + iommu_memory_setup(d, "chunk", page, domain_tot_pages(d) - count, + &flush_flags); while ( pfn < domain_tot_pages(d) ) { mfn = mfn_x(page_to_mfn(page)); @@ -857,6 +936,10 @@ int __init dom0_construct_pv(struct domain *d, } } + /* Use while() to avoid compiler warning. */ + while ( iommu_iotlb_flush_all(d, flush_flags) ) + break; + if ( initrd_len != 0 ) { si->mod_start = vinitrd_start ?: initrd_pfn; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 0ba95473c9..be7617b1eb 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -348,8 +348,8 @@ static unsigned int __hwdom_init hwdom_iommu_map(const struct domain *d, void __hwdom_init arch_iommu_hwdom_init(struct domain *d) { - unsigned long i, top, max_pfn; - unsigned int flush_flags = 0; + unsigned long i, top, max_pfn, start, count; + unsigned int flush_flags = 0, start_perms = 0; BUG_ON(!is_hardware_domain(d)); @@ -380,31 +380,57 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) * First Mb will get mapped in one go by pvh_populate_p2m(). Avoid * setting up potentially conflicting mappings here. */ - i = paging_mode_translate(d) ? PFN_DOWN(MB(1)) : 0; + start = paging_mode_translate(d) ? PFN_DOWN(MB(1)) : 0; - for ( ; i < top; i++ ) + for ( i = start, count = 0; i < top; ) { unsigned long pfn = pdx_to_pfn(i); unsigned int perms = hwdom_iommu_map(d, pfn, max_pfn); - int rc; if ( !perms ) - rc = 0; + /* nothing */; else if ( paging_mode_translate(d) ) + { + int rc; + rc = p2m_add_identity_entry(d, pfn, perms & IOMMUF_writable ? p2m_access_rw : p2m_access_r, 0); - else - rc = iommu_map(d, _dfn(pfn), _mfn(pfn), 1ul << PAGE_ORDER_4K, - perms, &flush_flags); + if ( rc ) + printk(XENLOG_WARNING + "%pd: identity mapping of %lx failed: %d\n", + d, pfn, rc); + } + else if ( pfn != start + count || perms != start_perms ) + { + long rc; - if ( rc ) - printk(XENLOG_WARNING "%pd: identity %smapping of %lx failed: %d\n", - d, !paging_mode_translate(d) ? "IOMMU " : "", pfn, rc); + commit: + while ( (rc = iommu_map(d, _dfn(start), _mfn(start), count, + start_perms | IOMMUF_preempt, + &flush_flags)) > 0 ) + { + start += rc; + count -= rc; + process_pending_softirqs(); + } + if ( rc ) + printk(XENLOG_WARNING + "%pd: IOMMU identity mapping of [%lx,%lx) failed: %ld\n", + d, start, start + count, rc); + start = pfn; + count = 1; + start_perms = perms; + } + else + ++count; - if (!(i & 0xfffff)) + if ( !(++i & 0xfffff) ) process_pending_softirqs(); + + if ( i == top && count ) + goto commit; } /* Use if to avoid compiler warning */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374616.606679 (Exim 4.92) (envelope-from ) id 1oFyYQ-00040I-UQ; Mon, 25 Jul 2022 13:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374616.606679; Mon, 25 Jul 2022 13:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYQ-00040A-RC; Mon, 25 Jul 2022 13:55:26 +0000 Received: by outflank-mailman (input) for mailman id 374616; Mon, 25 Jul 2022 13:55:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYP-000400-IH for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYP-0008HX-HO for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyYP-0002pP-GV for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dhf8bq8Yp7XJAalph8ElfzD9z9hwbWxD8E1XevLL+Ko=; b=Mp6ZoBP1z33PNw0zhYmxZ2mNBh p6aXxe3S8AY08HQHfZbcRefMRuR7SqKdasuaDrYsCad3roBqERk8heBRB8Nk8Aqv1AAeYIAjbaMNd r4P8jQpvBnOVYUv0INBiwFMKGso7UIFigdpWQkG03wypYc3s76WOTMef2A9dCJcZFfRc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU/x86: support freeing of pagetables Message-Id: Date: Mon, 25 Jul 2022 13:55:25 +0000 commit 5a991ad8a5caec0f085c1a8d931b67faff498868 Author: Jan Beulich AuthorDate: Mon Jul 25 15:33:34 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:33:34 2022 +0200 IOMMU/x86: support freeing of pagetables For vendor specific code to support superpages we need to be able to deal with a superpage mapping replacing an intermediate page table (or hierarchy thereof). Consequently an iommu_alloc_pgtable() counterpart is needed to free individual page tables while a domain is still alive. Since the freeing needs to be deferred until after a suitable IOTLB flush was performed, released page tables get queued for processing by a tasklet. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/arch/x86/include/asm/iommu.h | 1 + xen/drivers/passthrough/x86/iommu.c | 100 ++++++++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+) diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index 9ccf4f8bdd..a80dfb2d7f 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -147,6 +147,7 @@ void iommu_free_domid(domid_t domid, unsigned long *map); int __must_check iommu_free_pgtables(struct domain *d); struct domain_iommu; struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); +void iommu_queue_free_pgtable(struct domain_iommu *hd, struct page_info *pg); #endif /* !__ARCH_X86_IOMMU_H__ */ /* diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index be7617b1eb..8ac4044c08 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -12,6 +12,7 @@ * this program; If not, see . */ +#include #include #include #include @@ -556,6 +557,105 @@ struct page_info *iommu_alloc_pgtable(struct domain_iommu *hd) return pg; } +/* + * Intermediate page tables which get replaced by large pages may only be + * freed after a suitable IOTLB flush. Hence such pages get queued on a + * per-CPU list, with a per-CPU tasklet processing the list on the assumption + * that the necessary IOTLB flush will have occurred by the time tasklets get + * to run. (List and tasklet being per-CPU has the benefit of accesses not + * requiring any locking.) + */ +static DEFINE_PER_CPU(struct page_list_head, free_pgt_list); +static DEFINE_PER_CPU(struct tasklet, free_pgt_tasklet); + +static void cf_check free_queued_pgtables(void *arg) +{ + struct page_list_head *list = arg; + struct page_info *pg; + unsigned int done = 0; + + ASSERT(list == &this_cpu(free_pgt_list)); + + while ( (pg = page_list_remove_head(list)) ) + { + free_domheap_page(pg); + + /* + * Just to be on the safe side, check for processing softirqs every + * once in a while. Generally it is expected that parties queuing + * pages for freeing will find a need for preemption before too many + * pages can be queued. Granularity of checking is somewhat arbitrary. + */ + if ( !(++done & 0x1ff) ) + process_pending_softirqs(); + } +} + +void iommu_queue_free_pgtable(struct domain_iommu *hd, struct page_info *pg) +{ + unsigned int cpu = smp_processor_id(); + + spin_lock(&hd->arch.pgtables.lock); + page_list_del(pg, &hd->arch.pgtables.list); + spin_unlock(&hd->arch.pgtables.lock); + + page_list_add_tail(pg, &per_cpu(free_pgt_list, cpu)); + + tasklet_schedule(&per_cpu(free_pgt_tasklet, cpu)); +} + +static int cf_check cpu_callback( + struct notifier_block *nfb, unsigned long action, void *hcpu) +{ + unsigned int cpu = (unsigned long)hcpu; + struct page_list_head *list = &per_cpu(free_pgt_list, cpu); + struct tasklet *tasklet = &per_cpu(free_pgt_tasklet, cpu); + + switch ( action ) + { + case CPU_DOWN_PREPARE: + tasklet_kill(tasklet); + break; + + case CPU_DEAD: + if ( !page_list_empty(list) ) + { + page_list_splice(list, &this_cpu(free_pgt_list)); + INIT_PAGE_LIST_HEAD(list); + tasklet_schedule(&this_cpu(free_pgt_tasklet)); + } + break; + + case CPU_UP_PREPARE: + INIT_PAGE_LIST_HEAD(list); + fallthrough; + case CPU_DOWN_FAILED: + tasklet_init(tasklet, free_queued_pgtables, list); + if ( !page_list_empty(list) ) + tasklet_schedule(tasklet); + break; + } + + return NOTIFY_DONE; +} + +static struct notifier_block cpu_nfb = { + .notifier_call = cpu_callback, +}; + +static int __init cf_check bsp_init(void) +{ + if ( iommu_enabled ) + { + cpu_callback(&cpu_nfb, CPU_UP_PREPARE, + (void *)(unsigned long)smp_processor_id()); + register_cpu_notifier(&cpu_nfb); + } + + return 0; +} +presmp_initcall(bsp_init); + bool arch_iommu_use_permitted(const struct domain *d) { /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:55:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374617.606682 (Exim 4.92) (envelope-from ) id 1oFyYa-00043w-0i; Mon, 25 Jul 2022 13:55:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374617.606682; Mon, 25 Jul 2022 13:55:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYZ-00043o-UF; Mon, 25 Jul 2022 13:55:35 +0000 Received: by outflank-mailman (input) for mailman id 374617; Mon, 25 Jul 2022 13:55:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYZ-00043h-Ld for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYZ-0008Hl-Kk for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyYZ-0002pz-Jz for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1scOSoivRxq8nXFNRgcxvREMAk2NJa9neRNh8ufFOfo=; b=Yra8xMwePxcidKOHMlMIwCaiZD 56fNkEnjzvrw/croxVleBccOe021kkc9zNci8dWU2NCqCJ4PmggXIAAEXvZLSu018OlaJLMErT/1K bv282wvfv3+ISmPbUyLLaxrouH40mGsTNmWrheYJx9GxYZUSXaham3wP26bQ3+cpH+9s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU/x86: new command line option to suppress use of superpage mappings Message-Id: Date: Mon, 25 Jul 2022 13:55:35 +0000 commit 6fc03330cdee0286290c650eb0d6fa1fc7778e79 Author: Jan Beulich AuthorDate: Mon Jul 25 15:34:55 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:34:55 2022 +0200 IOMMU/x86: new command line option to suppress use of superpage mappings Before actually enabling their use, provide a means to suppress it in case of problems. Note that using the option can also affect the sharing of page tables in the VT-d / EPT combination: If EPT would use large page mappings but the option is in effect, page table sharing would be suppressed (to properly fulfill the admin request). Requested-by: Roger Pau Monné Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Paul Durrant --- docs/misc/xen-command-line.pandoc | 8 +++++++- xen/arch/x86/include/asm/iommu.h | 2 +- xen/drivers/passthrough/iommu.c | 2 ++ xen/drivers/passthrough/vtd/iommu.c | 6 ++++-- xen/drivers/passthrough/x86/iommu.c | 6 ++++++ 5 files changed, 20 insertions(+), 4 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 971f47a77e..21d632e83a 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -1405,7 +1405,7 @@ detection of systems known to misbehave upon accesses to that port. ### iommu = List of [ , verbose, debug, force, required, quarantine[=scratch-page], - sharept, intremap, intpost, crash-disable, + sharept, superpages, intremap, intpost, crash-disable, snoop, qinval, igfx, amd-iommu-perdev-intremap, dom0-{passthrough,strict} ] @@ -1481,6 +1481,12 @@ boolean (e.g. `iommu=no`) can override this and leave the IOMMUs disabled. This option is ignored on ARM, and the pagetables are always shared. +* The `superpages` boolean controls whether superpage mappings may be used + in IOMMU page tables. If using this option is necessary to fix an issue, + please report a bug. + + This option is only valid on x86. + * The `intremap` boolean controls the Interrupt Remapping sub-feature, and is active by default on compatible hardware. On x86 systems, the first generation of IOMMUs only supported DMA remapping, and Interrupt Remapping diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index a80dfb2d7f..4143723727 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -132,7 +132,7 @@ extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, const uint8_t gvec); -extern bool iommu_non_coherent; +extern bool iommu_non_coherent, iommu_superpages; static inline void iommu_sync_cache(const void *addr, unsigned int size) { diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 1eae9393b2..134cdb47e0 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -88,6 +88,8 @@ static int __init cf_check parse_iommu_param(const char *s) iommu_igfx = val; else if ( (val = parse_boolean("qinval", s, ss)) >= 0 ) iommu_qinval = val; + else if ( (val = parse_boolean("superpages", s, ss)) >= 0 ) + iommu_superpages = val; #endif else if ( (val = parse_boolean("verbose", s, ss)) >= 0 ) iommu_verbose = val; diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index f1e91b3d18..99c28ce160 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2213,8 +2213,10 @@ static bool __init vtd_ept_page_compatible(const struct vtd_iommu *iommu) if ( rdmsr_safe(MSR_IA32_VMX_EPT_VPID_CAP, ept_cap) != 0 ) return false; - return (ept_has_2mb(ept_cap) && opt_hap_2mb) <= cap_sps_2mb(vtd_cap) && - (ept_has_1gb(ept_cap) && opt_hap_1gb) <= cap_sps_1gb(vtd_cap); + return (ept_has_2mb(ept_cap) && opt_hap_2mb) <= + (cap_sps_2mb(vtd_cap) && iommu_superpages) && + (ept_has_1gb(ept_cap) && opt_hap_1gb) <= + (cap_sps_1gb(vtd_cap) && iommu_superpages); } static int cf_check intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 8ac4044c08..b4d9da7cf8 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -31,6 +31,7 @@ const struct iommu_init_ops *__initdata iommu_init_ops; struct iommu_ops __ro_after_init iommu_ops; bool __read_mostly iommu_non_coherent; +bool __initdata iommu_superpages = true; enum iommu_intremap __read_mostly iommu_intremap = iommu_intremap_full; @@ -104,8 +105,13 @@ int __init iommu_hardware_setup(void) mask_IO_APIC_setup(ioapic_entries); } + if ( !iommu_superpages ) + iommu_ops.page_sizes &= PAGE_SIZE_4K; + rc = iommu_init_ops->setup(); + ASSERT(iommu_superpages || iommu_ops.page_sizes == PAGE_SIZE_4K); + if ( ioapic_entries ) { restore_IO_APIC_setup(ioapic_entries, rc); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:55:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:55:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374618.606687 (Exim 4.92) (envelope-from ) id 1oFyYl-00047B-2g; Mon, 25 Jul 2022 13:55:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374618.606687; Mon, 25 Jul 2022 13:55:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYk-000473-Vr; Mon, 25 Jul 2022 13:55:46 +0000 Received: by outflank-mailman (input) for mailman id 374618; Mon, 25 Jul 2022 13:55:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYj-00046s-Od for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYj-0008IG-No for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyYj-0002qO-N1 for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TQVB05eJJMEK9UySFA3Hs3UNu5utHFAcKRGvTd2q2og=; b=xWjkmybcUhbRfuCrlQWr8KXg8D dp2y2b5stE4XIA8b1ElY1sAxjA7zCPfAHrEKctuGCVYA6sx4ayHNRjgBcR5FuXY4aXjvUDnR8shDi MbIL6VbVEZ/zOpf14k2WJ2f5cpeXS53eIpM9RoGK7ApZXTqODSTJ34MFgxI5ofvaxn60=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: allow use of superpage mappings Message-Id: Date: Mon, 25 Jul 2022 13:55:45 +0000 commit 4b7c48b4ba0e9b0c6ab3d680112d011e1767ee71 Author: Jan Beulich AuthorDate: Mon Jul 25 15:35:40 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:35:40 2022 +0200 AMD/IOMMU: allow use of superpage mappings No separate feature flags exist which would control availability of these; the only restriction is HATS (establishing the maximum number of page table levels in general), and even that has a lower bound of 4. Thus we can unconditionally announce 2M and 1G mappings. (Via non- default page sizes the implementation in principle permits arbitrary size mappings, but these require multiple identical leaf PTEs to be written, which isn't all that different from having to write multiple consecutive PTEs with increasing frame numbers. IMO that's therefore beneficial only on hardware where suitable TLBs exist; I'm unaware of such hardware.) Note that in principle 512G and 256T mappings could also be supported right away, but the freeing of page tables (to be introduced in subsequent patches) when replacing a sufficiently populated tree with a single huge page would need suitable preemption, which will require extra work. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu_map.c | 56 +++++++++++++++++++++++++---- xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- xen/include/xen/page-defs.h | 10 ++++++ 3 files changed, 60 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 28da5cc85e..fa8fd6f800 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -32,12 +32,13 @@ static unsigned int pfn_to_pde_idx(unsigned long pfn, unsigned int level) } static union amd_iommu_pte clear_iommu_pte_present(unsigned long l1_mfn, - unsigned long dfn) + unsigned long dfn, + unsigned int level) { union amd_iommu_pte *table, *pte, old; table = map_domain_page(_mfn(l1_mfn)); - pte = &table[pfn_to_pde_idx(dfn, 1)]; + pte = &table[pfn_to_pde_idx(dfn, level)]; old = *pte; write_atomic(&pte->raw, 0); @@ -351,15 +352,39 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, return 0; } +static void queue_free_pt(struct domain_iommu *hd, mfn_t mfn, unsigned int level) +{ + if ( level > 1 ) + { + union amd_iommu_pte *pt = map_domain_page(mfn); + unsigned int i; + + for ( i = 0; i < PTE_PER_TABLE_SIZE; ++i ) + if ( pt[i].pr && pt[i].next_level ) + { + ASSERT(pt[i].next_level < level); + queue_free_pt(hd, _mfn(pt[i].mfn), pt[i].next_level); + } + + unmap_domain_page(pt); + } + + iommu_queue_free_pgtable(hd, mfn_to_page(mfn)); +} + int cf_check amd_iommu_map_page( struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, unsigned int *flush_flags) { struct domain_iommu *hd = dom_iommu(d); + unsigned int level = (IOMMUF_order(flags) / PTE_PER_TABLE_SHIFT) + 1; int rc; unsigned long pt_mfn = 0; union amd_iommu_pte old; + ASSERT((hd->platform_ops->page_sizes >> IOMMUF_order(flags)) & + PAGE_SIZE_4K); + spin_lock(&hd->arch.mapping_lock); /* @@ -384,7 +409,7 @@ int cf_check amd_iommu_map_page( return rc; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, flush_flags, true) || + if ( iommu_pde_from_dfn(d, dfn_x(dfn), level, &pt_mfn, flush_flags, true) || !pt_mfn ) { spin_unlock(&hd->arch.mapping_lock); @@ -394,8 +419,8 @@ int cf_check amd_iommu_map_page( return -EFAULT; } - /* Install 4k mapping */ - old = set_iommu_pte_present(pt_mfn, dfn_x(dfn), mfn_x(mfn), 1, + /* Install mapping */ + old = set_iommu_pte_present(pt_mfn, dfn_x(dfn), mfn_x(mfn), level, (flags & IOMMUF_writable), (flags & IOMMUF_readable)); @@ -403,8 +428,13 @@ int cf_check amd_iommu_map_page( *flush_flags |= IOMMU_FLUSHF_added; if ( old.pr ) + { *flush_flags |= IOMMU_FLUSHF_modified; + if ( IOMMUF_order(flags) && old.next_level ) + queue_free_pt(hd, _mfn(old.mfn), old.next_level); + } + return 0; } @@ -413,8 +443,15 @@ int cf_check amd_iommu_unmap_page( { unsigned long pt_mfn = 0; struct domain_iommu *hd = dom_iommu(d); + unsigned int level = (order / PTE_PER_TABLE_SHIFT) + 1; union amd_iommu_pte old = {}; + /* + * While really we could unmap at any granularity, for now we assume unmaps + * are issued by common code only at the same granularity as maps. + */ + ASSERT((hd->platform_ops->page_sizes >> order) & PAGE_SIZE_4K); + spin_lock(&hd->arch.mapping_lock); if ( !hd->arch.amd.root_table ) @@ -423,7 +460,7 @@ int cf_check amd_iommu_unmap_page( return 0; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, flush_flags, false) ) + if ( iommu_pde_from_dfn(d, dfn_x(dfn), level, &pt_mfn, flush_flags, false) ) { spin_unlock(&hd->arch.mapping_lock); AMD_IOMMU_ERROR("invalid IO pagetable entry dfn = %"PRI_dfn"\n", @@ -435,14 +472,19 @@ int cf_check amd_iommu_unmap_page( if ( pt_mfn ) { /* Mark PTE as 'page not present'. */ - old = clear_iommu_pte_present(pt_mfn, dfn_x(dfn)); + old = clear_iommu_pte_present(pt_mfn, dfn_x(dfn), level); } spin_unlock(&hd->arch.mapping_lock); if ( old.pr ) + { *flush_flags |= IOMMU_FLUSHF_modified; + if ( order && old.next_level ) + queue_free_pt(hd, _mfn(old.mfn), old.next_level); + } + return 0; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index fd91f1367f..02aea838ad 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -747,7 +747,7 @@ static void cf_check amd_dump_page_tables(struct domain *d) } static const struct iommu_ops __initconst_cf_clobber _iommu_ops = { - .page_sizes = PAGE_SIZE_4K, + .page_sizes = PAGE_SIZE_4K | PAGE_SIZE_2M | PAGE_SIZE_1G, .init = amd_iommu_domain_init, .hwdom_init = amd_iommu_hwdom_init, .quarantine_init = amd_iommu_quarantine_init, diff --git a/xen/include/xen/page-defs.h b/xen/include/xen/page-defs.h index 15a90779b5..540f8b0b64 100644 --- a/xen/include/xen/page-defs.h +++ b/xen/include/xen/page-defs.h @@ -21,4 +21,14 @@ #define PAGE_MASK_64K PAGE_MASK_GRAN(64K) #define PAGE_ALIGN_64K(addr) PAGE_ALIGN_GRAN(64K, addr) +#define PAGE_SHIFT_2M 21 +#define PAGE_SIZE_2M PAGE_SIZE_GRAN(2M) +#define PAGE_MASK_2M PAGE_MASK_GRAN(2M) +#define PAGE_ALIGN_2M(addr) PAGE_ALIGN_GRAN(2M, addr) + +#define PAGE_SHIFT_1G 30 +#define PAGE_SIZE_1G PAGE_SIZE_GRAN(1G) +#define PAGE_MASK_1G PAGE_MASK_GRAN(1G) +#define PAGE_ALIGN_1G(addr) PAGE_ALIGN_GRAN(1G, addr) + #endif /* __XEN_PAGE_DEFS_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:55:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:55:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374619.606691 (Exim 4.92) (envelope-from ) id 1oFyYv-0004A0-3l; Mon, 25 Jul 2022 13:55:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374619.606691; Mon, 25 Jul 2022 13:55:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYv-00049s-13; Mon, 25 Jul 2022 13:55:57 +0000 Received: by outflank-mailman (input) for mailman id 374619; Mon, 25 Jul 2022 13:55:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYt-00049i-Rt for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyYt-0008IQ-R4 for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyYt-0002qr-QK for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:55:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tRQnTO9oU3MvlWyly2civFtLTKVpTA+6YksZrRvzWAI=; b=A2vTagIqpmuKCltR0dvEuPyDNJ Yfw/p7Prxrn0xfO+x4N2IL3H2xcAfpPgyCj/TxOH+wdBW+/T23MltFF50cvS1bizZfvLSchEdMsjv JN7PD5Y/5OBP/WIRsvzQ4x6aEny0xW4+26xg12kE+frdPKlSro7+AA5kYut4hZficzvo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: allow use of superpage mappings Message-Id: Date: Mon, 25 Jul 2022 13:55:55 +0000 commit 2e70db30b3bb7fb307377bfa71c2a70ad0f7634f Author: Jan Beulich AuthorDate: Mon Jul 25 15:36:33 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:36:33 2022 +0200 VT-d: allow use of superpage mappings ... depending on feature availability (and absence of quirks). Also make the page table dumping function aware of superpages. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/drivers/passthrough/vtd/iommu.c | 68 ++++++++++++++++++++++++++++++++----- 1 file changed, 60 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 99c28ce160..26e3a84abe 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -779,18 +779,37 @@ static int __must_check cf_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, return ret; } +static void queue_free_pt(struct domain_iommu *hd, mfn_t mfn, unsigned int level) +{ + if ( level > 1 ) + { + struct dma_pte *pt = map_domain_page(mfn); + unsigned int i; + + for ( i = 0; i < PTE_NUM; ++i ) + if ( dma_pte_present(pt[i]) && !dma_pte_superpage(pt[i]) ) + queue_free_pt(hd, maddr_to_mfn(dma_pte_addr(pt[i])), + level - 1); + + unmap_domain_page(pt); + } + + iommu_queue_free_pgtable(hd, mfn_to_page(mfn)); +} + /* clear one page's page table */ static int dma_pte_clear_one(struct domain *domain, daddr_t addr, unsigned int order, unsigned int *flush_flags) { struct domain_iommu *hd = dom_iommu(domain); - struct dma_pte *page = NULL, *pte = NULL; + struct dma_pte *page = NULL, *pte = NULL, old; u64 pg_maddr; + unsigned int level = (order / LEVEL_STRIDE) + 1; spin_lock(&hd->arch.mapping_lock); - /* get last level pte */ - pg_maddr = addr_to_dma_page_maddr(domain, addr, 1, flush_flags, false); + /* get target level pte */ + pg_maddr = addr_to_dma_page_maddr(domain, addr, level, flush_flags, false); if ( pg_maddr < PAGE_SIZE ) { spin_unlock(&hd->arch.mapping_lock); @@ -798,7 +817,7 @@ static int dma_pte_clear_one(struct domain *domain, daddr_t addr, } page = (struct dma_pte *)map_vtd_domain_page(pg_maddr); - pte = page + address_level_offset(addr, 1); + pte = &page[address_level_offset(addr, level)]; if ( !dma_pte_present(*pte) ) { @@ -807,14 +826,20 @@ static int dma_pte_clear_one(struct domain *domain, daddr_t addr, return 0; } + old = *pte; dma_clear_pte(*pte); - *flush_flags |= IOMMU_FLUSHF_modified; spin_unlock(&hd->arch.mapping_lock); iommu_sync_cache(pte, sizeof(struct dma_pte)); unmap_vtd_domain_page(page); + *flush_flags |= IOMMU_FLUSHF_modified; + + if ( order && !dma_pte_superpage(old) ) + queue_free_pt(hd, maddr_to_mfn(dma_pte_addr(old)), + order / LEVEL_STRIDE); + return 0; } @@ -2092,8 +2117,12 @@ static int __must_check cf_check intel_iommu_map_page( struct domain_iommu *hd = dom_iommu(d); struct dma_pte *page, *pte, old, new = {}; u64 pg_maddr; + unsigned int level = (IOMMUF_order(flags) / LEVEL_STRIDE) + 1; int rc = 0; + ASSERT((hd->platform_ops->page_sizes >> IOMMUF_order(flags)) & + PAGE_SIZE_4K); + /* Do nothing if VT-d shares EPT page table */ if ( iommu_use_hap_pt(d) ) return 0; @@ -2116,7 +2145,7 @@ static int __must_check cf_check intel_iommu_map_page( return 0; } - pg_maddr = addr_to_dma_page_maddr(d, dfn_to_daddr(dfn), 1, flush_flags, + pg_maddr = addr_to_dma_page_maddr(d, dfn_to_daddr(dfn), level, flush_flags, true); if ( pg_maddr < PAGE_SIZE ) { @@ -2125,13 +2154,15 @@ static int __must_check cf_check intel_iommu_map_page( } page = (struct dma_pte *)map_vtd_domain_page(pg_maddr); - pte = &page[dfn_x(dfn) & LEVEL_MASK]; + pte = &page[address_level_offset(dfn_to_daddr(dfn), level)]; old = *pte; dma_set_pte_addr(new, mfn_to_maddr(mfn)); dma_set_pte_prot(new, ((flags & IOMMUF_readable) ? DMA_PTE_READ : 0) | ((flags & IOMMUF_writable) ? DMA_PTE_WRITE : 0)); + if ( IOMMUF_order(flags) ) + dma_set_pte_superpage(new); /* Set the SNP on leaf page table if Snoop Control available */ if ( iommu_snoop ) @@ -2152,14 +2183,26 @@ static int __must_check cf_check intel_iommu_map_page( *flush_flags |= IOMMU_FLUSHF_added; if ( dma_pte_present(old) ) + { *flush_flags |= IOMMU_FLUSHF_modified; + if ( IOMMUF_order(flags) && !dma_pte_superpage(old) ) + queue_free_pt(hd, maddr_to_mfn(dma_pte_addr(old)), + IOMMUF_order(flags) / LEVEL_STRIDE); + } + return rc; } static int __must_check cf_check intel_iommu_unmap_page( struct domain *d, dfn_t dfn, unsigned int order, unsigned int *flush_flags) { + /* + * While really we could unmap at any granularity, for now we assume unmaps + * are issued by common code only at the same granularity as maps. + */ + ASSERT((dom_iommu(d)->platform_ops->page_sizes >> order) & PAGE_SIZE_4K); + /* Do nothing if VT-d shares EPT page table */ if ( iommu_use_hap_pt(d) ) return 0; @@ -2516,6 +2559,7 @@ static int __init cf_check vtd_setup(void) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; + unsigned int large_sizes = iommu_superpages ? PAGE_SIZE_2M | PAGE_SIZE_1G : 0; int ret; bool reg_inval_supported = true; @@ -2558,6 +2602,11 @@ static int __init cf_check vtd_setup(void) cap_sps_2mb(iommu->cap) ? ", 2MB" : "", cap_sps_1gb(iommu->cap) ? ", 1GB" : ""); + if ( !cap_sps_2mb(iommu->cap) ) + large_sizes &= ~PAGE_SIZE_2M; + if ( !cap_sps_1gb(iommu->cap) ) + large_sizes &= ~PAGE_SIZE_1G; + #ifndef iommu_snoop if ( iommu_snoop && !ecap_snp_ctl(iommu->ecap) ) iommu_snoop = false; @@ -2629,6 +2678,9 @@ static int __init cf_check vtd_setup(void) if ( ret ) goto error; + ASSERT(iommu_ops.page_sizes == PAGE_SIZE_4K); + iommu_ops.page_sizes |= large_sizes; + register_keyhandler('V', vtd_dump_iommu_info, "dump iommu info", 1); return 0; @@ -2961,7 +3013,7 @@ static void vtd_dump_page_table_level(paddr_t pt_maddr, int level, paddr_t gpa, continue; address = gpa + offset_level_address(i, level); - if ( next_level >= 1 ) + if ( next_level && !dma_pte_superpage(*pte) ) vtd_dump_page_table_level(dma_pte_addr(*pte), next_level, address, indent + 1); else -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:56:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:56:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374620.606695 (Exim 4.92) (envelope-from ) id 1oFyZ5-0004CX-5J; Mon, 25 Jul 2022 13:56:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374620.606695; Mon, 25 Jul 2022 13:56:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZ5-0004CP-2d; Mon, 25 Jul 2022 13:56:07 +0000 Received: by outflank-mailman (input) for mailman id 374620; Mon, 25 Jul 2022 13:56:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZ3-0004CI-Uz for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZ3-0008Iq-U4 for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyZ3-0002rr-TL for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5eRjXZW0W4uvYx98kmh+4FQ61kQ1fiGR4DBI85tFq7s=; b=Rx4U8BW+oukV3lkOfPNTjt5UXb KBUA1Hd6CLf42HulwBtyfvrQqxIbZRmaib9C7tXknxQP9O9QMJ7sZTSVmnFarwZCyNaQwBl/62QK8 bRAXwmbVA0f6L6cbiummCIuTAvT5ACzg9Ei5ulvaFa6xeM0VGDaK2AkdjGUG8BHXL3Vs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: introduce helper for recording degree of contiguity in page tables Message-Id: Date: Mon, 25 Jul 2022 13:56:05 +0000 commit 8c6a4963f07da518a74c35344bc9b28a84a78fee Author: Jan Beulich AuthorDate: Mon Jul 25 15:37:34 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:37:34 2022 +0200 x86: introduce helper for recording degree of contiguity in page tables This is a re-usable helper (kind of a template) which gets introduced without users so that the individual subsequent patches introducing such users can get committed independently of one another. See the comment at the top of the new file. To demonstrate the effect, if a page table had just 16 entries, this would be the set of markers for a page table with fully contiguous mappings: index 0 1 2 3 4 5 6 7 8 9 A B C D E F marker 4 0 1 0 2 0 1 0 3 0 1 0 2 0 1 0 "Contiguous" here means not only present entries with successively increasing MFNs, each one suitably aligned for its slot, but also a respective number of all non-present entries. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/arch/x86/include/asm/pt-contig-markers.h | 110 +++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) diff --git a/xen/arch/x86/include/asm/pt-contig-markers.h b/xen/arch/x86/include/asm/pt-contig-markers.h new file mode 100644 index 0000000000..b3c1fe8035 --- /dev/null +++ b/xen/arch/x86/include/asm/pt-contig-markers.h @@ -0,0 +1,110 @@ +#ifndef __ASM_X86_PT_CONTIG_MARKERS_H +#define __ASM_X86_PT_CONTIG_MARKERS_H + +/* + * Short of having function templates in C, the function defined below is + * intended to be used by multiple parties interested in recording the + * degree of contiguity in mappings by a single page table. + * + * Scheme: Every entry records the order of contiguous successive entries, + * up to the maximum order covered by that entry (which is the number of + * clear low bits in its index, with entry 0 being the exception using + * the base-2 logarithm of the number of entries in a single page table). + * While a few entries need touching upon update, knowing whether the + * table is fully contiguous (and can hence be replaced by a higher level + * leaf entry) is then possible by simply looking at entry 0's marker. + * + * Prereqs: + * - CONTIG_MASK needs to be #define-d, to a value having at least 4 + * contiguous bits (ignored by hardware), before including this file (or + * else only CONTIG_LEVEL_SHIFT and CONTIG_NR will become available), + * - page tables to be passed to the helper need to be initialized with + * correct markers, + * - not-present entries need to be entirely clear except for the marker. + */ + +/* This is the same for all anticipated users, so doesn't need passing in. */ +#define CONTIG_LEVEL_SHIFT 9 +#define CONTIG_NR (1 << CONTIG_LEVEL_SHIFT) + +#ifdef CONTIG_MASK + +#include +#include +#include + +#define GET_MARKER(e) MASK_EXTR(e, CONTIG_MASK) +#define SET_MARKER(e, m) \ + ((void)((e) = ((e) & ~CONTIG_MASK) | MASK_INSR(m, CONTIG_MASK))) + +#define IS_CONTIG(kind, pt, i, idx, shift, b) \ + ((kind) == PTE_kind_leaf \ + ? (((pt)[i] ^ (pt)[idx]) & ~CONTIG_MASK) == (1ULL << ((b) + (shift))) \ + : !((pt)[i] & ~CONTIG_MASK)) + +enum PTE_kind { + PTE_kind_null, + PTE_kind_leaf, + PTE_kind_table, +}; + +static bool pt_update_contig_markers(uint64_t *pt, unsigned int idx, + unsigned int level, enum PTE_kind kind) +{ + unsigned int b, i = idx; + unsigned int shift = (level - 1) * CONTIG_LEVEL_SHIFT + PAGE_SHIFT; + + ASSERT(idx < CONTIG_NR); + ASSERT(!(pt[idx] & CONTIG_MASK)); + + /* Step 1: Reduce markers in lower numbered entries. */ + while ( i ) + { + b = find_first_set_bit(i); + i &= ~(1U << b); + if ( GET_MARKER(pt[i]) <= b ) + break; + SET_MARKER(pt[i], b); + } + + /* An intermediate table is never contiguous with anything. */ + if ( kind == PTE_kind_table ) + return false; + + /* + * Present entries need in-sync index and address to be a candidate + * for being contiguous: What we're after is whether ultimately the + * intermediate table can be replaced by a superpage. + */ + if ( kind != PTE_kind_null && + idx != ((pt[idx] >> shift) & (CONTIG_NR - 1)) ) + return false; + + /* Step 2: Check higher numbered entries for contiguity. */ + for ( b = 0; b < CONTIG_LEVEL_SHIFT && !(idx & (1U << b)); ++b ) + { + i = idx | (1U << b); + if ( !IS_CONTIG(kind, pt, i, idx, shift, b) || GET_MARKER(pt[i]) != b ) + break; + } + + /* Step 3: Update markers in this and lower numbered entries. */ + for ( ; SET_MARKER(pt[idx], b), b < CONTIG_LEVEL_SHIFT; ++b ) + { + i = idx ^ (1U << b); + if ( !IS_CONTIG(kind, pt, i, idx, shift, b) || GET_MARKER(pt[i]) != b ) + break; + idx &= ~(1U << b); + } + + return b == CONTIG_LEVEL_SHIFT; +} + +#undef IS_CONTIG +#undef SET_MARKER +#undef GET_MARKER +#undef CONTIG_MASK + +#endif /* CONTIG_MASK */ + +#endif /* __ASM_X86_PT_CONTIG_MARKERS_H */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:56:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:56:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374621.606699 (Exim 4.92) (envelope-from ) id 1oFyZF-0004GE-8L; Mon, 25 Jul 2022 13:56:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374621.606699; Mon, 25 Jul 2022 13:56:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZF-0004G6-5d; Mon, 25 Jul 2022 13:56:17 +0000 Received: by outflank-mailman (input) for mailman id 374621; Mon, 25 Jul 2022 13:56:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZE-0004Fl-2K for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZE-0008J0-1P for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyZE-0002sU-0V for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gmCIC8G7GDErQYRv6RerKwNdtfw9IRTnwdwMcQhjb3I=; b=Uz+IzKEagZvgDfj3S3GvQSyJji obaoSBiIq6by2QmbwJp28THDAl2H+oSe0MZYkFFG87Bvy/oOxxbBB/tFPx49V5mKxFPGgBd1i7RF4 hXFurFx3w69+7hTnEWU/IEX5YblDzJsvrwYM9LaTNufpX8qnbjksM098KkQYcLnrIoAY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU/x86: prefill newly allocate page tables Message-Id: Date: Mon, 25 Jul 2022 13:56:16 +0000 commit a81d9f9baa8a90db3f30d1f973addc30758a8068 Author: Jan Beulich AuthorDate: Mon Jul 25 15:38:22 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:38:22 2022 +0200 IOMMU/x86: prefill newly allocate page tables Page tables are used for two purposes after allocation: They either start out all empty, or they are filled to replace a superpage. Subsequently, to replace all empty or fully contiguous page tables, contiguous sub-regions will be recorded within individual page tables. Install the initial set of markers immediately after allocation. Make sure to retain these markers when further populating a page table in preparation for it to replace a superpage. The markers are simply 4-bit fields holding the order value of contiguous entries. To demonstrate this, if a page table had just 16 entries, this would be the initial (fully contiguous) set of markers: index 0 1 2 3 4 5 6 7 8 9 A B C D E F marker 4 0 1 0 2 0 1 0 3 0 1 0 2 0 1 0 "Contiguous" here means not only present entries with successively increasing MFNs, each one suitably aligned for its slot, and identical attributes, but also a respective number of all non-present (zero except for the markers) entries. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/arch/x86/include/asm/iommu.h | 3 ++- xen/drivers/passthrough/amd/iommu-defs.h | 4 +++- xen/drivers/passthrough/amd/iommu_map.c | 26 ++++++++++++++++++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 15 ++++++++------- xen/drivers/passthrough/vtd/iommu.h | 8 ++++++-- xen/drivers/passthrough/x86/iommu.c | 30 ++++++++++++++++++++++++++--- 7 files changed, 68 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index 4143723727..fc0afe35bf 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -146,7 +146,8 @@ void iommu_free_domid(domid_t domid, unsigned long *map); int __must_check iommu_free_pgtables(struct domain *d); struct domain_iommu; -struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); +struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd, + uint64_t contig_mask); void iommu_queue_free_pgtable(struct domain_iommu *hd, struct page_info *pg); #endif /* !__ARCH_X86_IOMMU_H__ */ diff --git a/xen/drivers/passthrough/amd/iommu-defs.h b/xen/drivers/passthrough/amd/iommu-defs.h index 8a17697ea7..35de548e3a 100644 --- a/xen/drivers/passthrough/amd/iommu-defs.h +++ b/xen/drivers/passthrough/amd/iommu-defs.h @@ -446,11 +446,13 @@ union amd_iommu_x2apic_control { #define IOMMU_PAGE_TABLE_U32_PER_ENTRY (IOMMU_PAGE_TABLE_ENTRY_SIZE / 4) #define IOMMU_PAGE_TABLE_ALIGNMENT 4096 +#define IOMMU_PTE_CONTIG_MASK 0x1e /* The ign0 field below. */ + union amd_iommu_pte { uint64_t raw; struct { bool pr:1; - unsigned int ign0:4; + unsigned int ign0:4; /* Covered by IOMMU_PTE_CONTIG_MASK. */ bool a:1; bool d:1; unsigned int ign1:2; diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index fa8fd6f800..7d4e0ba587 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -21,6 +21,8 @@ #include "iommu.h" +#include + /* Given pfn and page table level, return pde index */ static unsigned int pfn_to_pde_idx(unsigned long pfn, unsigned int level) { @@ -113,9 +115,23 @@ static void set_iommu_ptes_present(unsigned long pt_mfn, return; } + ASSERT(!(next_mfn & (page_sz - 1))); + while ( nr_ptes-- ) { - set_iommu_pde_present(pde, next_mfn, 0, iw, ir); + ASSERT(!pde->next_level); + ASSERT(!pde->u); + + if ( pde > table ) + ASSERT(pde->ign0 == find_first_set_bit(pde - table)); + else + ASSERT(pde->ign0 == CONTIG_LEVEL_SHIFT); + + pde->iw = iw; + pde->ir = ir; + pde->fc = true; /* See set_iommu_pde_present(). */ + pde->mfn = next_mfn; + pde->pr = true; ++pde; next_mfn += page_sz; @@ -295,7 +311,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, mfn = next_table_mfn; /* allocate lower level page table */ - table = iommu_alloc_pgtable(hd); + table = iommu_alloc_pgtable(hd, IOMMU_PTE_CONTIG_MASK); if ( table == NULL ) { AMD_IOMMU_ERROR("cannot allocate I/O page table\n"); @@ -325,7 +341,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, if ( next_table_mfn == 0 ) { - table = iommu_alloc_pgtable(hd); + table = iommu_alloc_pgtable(hd, IOMMU_PTE_CONTIG_MASK); if ( table == NULL ) { AMD_IOMMU_ERROR("cannot allocate I/O page table\n"); @@ -726,7 +742,7 @@ static int fill_qpt(union amd_iommu_pte *this, unsigned int level, * page table pages, and the resulting allocations are always * zeroed. */ - pgs[level] = iommu_alloc_pgtable(hd); + pgs[level] = iommu_alloc_pgtable(hd, 0); if ( !pgs[level] ) { rc = -ENOMEM; @@ -784,7 +800,7 @@ int cf_check amd_iommu_quarantine_init(struct pci_dev *pdev, bool scratch_page) return 0; } - pdev->arch.amd.root_table = iommu_alloc_pgtable(hd); + pdev->arch.amd.root_table = iommu_alloc_pgtable(hd, 0); if ( !pdev->arch.amd.root_table ) return -ENOMEM; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 02aea838ad..4ba8e764b2 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -342,7 +342,7 @@ int amd_iommu_alloc_root(struct domain *d) if ( unlikely(!hd->arch.amd.root_table) && d != dom_io ) { - hd->arch.amd.root_table = iommu_alloc_pgtable(hd); + hd->arch.amd.root_table = iommu_alloc_pgtable(hd, 0); if ( !hd->arch.amd.root_table ) return -ENOMEM; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 26e3a84abe..28dc54b6bf 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -334,7 +334,7 @@ static uint64_t addr_to_dma_page_maddr(struct domain *domain, daddr_t addr, goto out; pte_maddr = level; - if ( !(pg = iommu_alloc_pgtable(hd)) ) + if ( !(pg = iommu_alloc_pgtable(hd, 0)) ) goto out; hd->arch.vtd.pgd_maddr = page_to_maddr(pg); @@ -376,7 +376,7 @@ static uint64_t addr_to_dma_page_maddr(struct domain *domain, daddr_t addr, } pte_maddr = level - 1; - pg = iommu_alloc_pgtable(hd); + pg = iommu_alloc_pgtable(hd, DMA_PTE_CONTIG_MASK); if ( !pg ) break; @@ -388,12 +388,13 @@ static uint64_t addr_to_dma_page_maddr(struct domain *domain, daddr_t addr, struct dma_pte *split = map_vtd_domain_page(pte_maddr); unsigned long inc = 1UL << level_to_offset_bits(level - 1); - split[0].val = pte->val; + split[0].val |= pte->val & ~DMA_PTE_CONTIG_MASK; if ( inc == PAGE_SIZE ) split[0].val &= ~DMA_PTE_SP; for ( offset = 1; offset < PTE_NUM; ++offset ) - split[offset].val = split[offset - 1].val + inc; + split[offset].val |= + (split[offset - 1].val & ~DMA_PTE_CONTIG_MASK) + inc; iommu_sync_cache(split, PAGE_SIZE); unmap_vtd_domain_page(split); @@ -2168,7 +2169,7 @@ static int __must_check cf_check intel_iommu_map_page( if ( iommu_snoop ) dma_set_pte_snp(new); - if ( old.val == new.val ) + if ( !((old.val ^ new.val) & ~DMA_PTE_CONTIG_MASK) ) { spin_unlock(&hd->arch.mapping_lock); unmap_vtd_domain_page(page); @@ -3058,7 +3059,7 @@ static int fill_qpt(struct dma_pte *this, unsigned int level, * page table pages, and the resulting allocations are always * zeroed. */ - pgs[level] = iommu_alloc_pgtable(hd); + pgs[level] = iommu_alloc_pgtable(hd, 0); if ( !pgs[level] ) { rc = -ENOMEM; @@ -3115,7 +3116,7 @@ static int cf_check intel_iommu_quarantine_init(struct pci_dev *pdev, if ( !drhd ) return -ENODEV; - pg = iommu_alloc_pgtable(hd); + pg = iommu_alloc_pgtable(hd, 0); if ( !pg ) return -ENOMEM; diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 09ec09fe27..7c3fe40150 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -253,7 +253,10 @@ struct context_entry { * 2-6: reserved * 7: super page * 8-11: available - * 12-63: Host physcial address + * 12-51: Host physcial address + * 52-61: available (52-55 used for DMA_PTE_CONTIG_MASK) + * 62: reserved + * 63: available */ struct dma_pte { u64 val; @@ -263,6 +266,7 @@ struct dma_pte { #define DMA_PTE_PROT (DMA_PTE_READ | DMA_PTE_WRITE) #define DMA_PTE_SP (1 << 7) #define DMA_PTE_SNP (1 << 11) +#define DMA_PTE_CONTIG_MASK (0xfull << PADDR_BITS) #define dma_clear_pte(p) do {(p).val = 0;} while(0) #define dma_set_pte_readable(p) do {(p).val |= DMA_PTE_READ;} while(0) #define dma_set_pte_writable(p) do {(p).val |= DMA_PTE_WRITE;} while(0) @@ -276,7 +280,7 @@ struct dma_pte { #define dma_pte_write(p) (dma_pte_prot(p) & DMA_PTE_WRITE) #define dma_pte_addr(p) ((p).val & PADDR_MASK & PAGE_MASK_4K) #define dma_set_pte_addr(p, addr) do {\ - (p).val |= ((addr) & PAGE_MASK_4K); } while (0) + (p).val |= ((addr) & PADDR_MASK & PAGE_MASK_4K); } while (0) #define dma_pte_present(p) (((p).val & DMA_PTE_PROT) != 0) #define dma_pte_superpage(p) (((p).val & DMA_PTE_SP) != 0) diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index b4d9da7cf8..f671b0f2bb 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -26,6 +26,7 @@ #include #include #include +#include #include const struct iommu_init_ops *__initdata iommu_init_ops; @@ -534,11 +535,12 @@ int iommu_free_pgtables(struct domain *d) return 0; } -struct page_info *iommu_alloc_pgtable(struct domain_iommu *hd) +struct page_info *iommu_alloc_pgtable(struct domain_iommu *hd, + uint64_t contig_mask) { unsigned int memflags = 0; struct page_info *pg; - void *p; + uint64_t *p; #ifdef CONFIG_NUMA if ( hd->node != NUMA_NO_NODE ) @@ -550,7 +552,29 @@ struct page_info *iommu_alloc_pgtable(struct domain_iommu *hd) return NULL; p = __map_domain_page(pg); - clear_page(p); + + if ( contig_mask ) + { + /* See pt-contig-markers.h for a description of the marker scheme. */ + unsigned int i, shift = find_first_set_bit(contig_mask); + + ASSERT((CONTIG_LEVEL_SHIFT & (contig_mask >> shift)) == CONTIG_LEVEL_SHIFT); + + p[0] = (CONTIG_LEVEL_SHIFT + 0ull) << shift; + p[1] = 0; + p[2] = 1ull << shift; + p[3] = 0; + + for ( i = 4; i < PAGE_SIZE / sizeof(*p); i += 4 ) + { + p[i + 0] = (find_first_set_bit(i) + 0ull) << shift; + p[i + 1] = 0; + p[i + 2] = 1ull << shift; + p[i + 3] = 0; + } + } + else + clear_page(p); iommu_sync_cache(p, PAGE_SIZE); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:56:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:56:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374622.606703 (Exim 4.92) (envelope-from ) id 1oFyZP-0004KO-9n; Mon, 25 Jul 2022 13:56:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374622.606703; Mon, 25 Jul 2022 13:56:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZP-0004KG-75; Mon, 25 Jul 2022 13:56:27 +0000 Received: by outflank-mailman (input) for mailman id 374622; Mon, 25 Jul 2022 13:56:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZO-0004K8-5X for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZO-0008JA-4Z for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyZO-0002tL-3o for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+a8SB7UK+TUk3WOJbrTlW8O+sEAC37jB5Z7GKrGIumo=; b=3P0oEMEROn0N4XGtyZTmFjpu1L q7l0vwvRDY5kY8mmPczAeU2IjMR/cQmIu5mrjd4Buoms+Mninh+ozZ+NlKUQzYV8kxB0rGcyiKd2E 9RBpxl4hVa3m718LdPoAJj9FbLWzOqcYvxe/wU1tdJDs6nReSLEEbD+mdbuApSpLb+QI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: free all-empty page tables Message-Id: Date: Mon, 25 Jul 2022 13:56:26 +0000 commit 2d1bb66d87c2bec712643593584821d056e3b97e Author: Jan Beulich AuthorDate: Mon Jul 25 15:40:00 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:40:00 2022 +0200 AMD/IOMMU: free all-empty page tables When a page table ends up with no present entries left, it can be replaced by a non-present entry at the next higher level. The page table itself can then be scheduled for freeing. Note that while its output isn't used there yet, pt_update_contig_markers() right away needs to be called in all places where entries get updated, not just the one where entries get cleared. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu_map.c | 37 ++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 7d4e0ba587..a50a6b79ab 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -21,6 +21,7 @@ #include "iommu.h" +#define CONTIG_MASK IOMMU_PTE_CONTIG_MASK #include /* Given pfn and page table level, return pde index */ @@ -35,16 +36,20 @@ static unsigned int pfn_to_pde_idx(unsigned long pfn, unsigned int level) static union amd_iommu_pte clear_iommu_pte_present(unsigned long l1_mfn, unsigned long dfn, - unsigned int level) + unsigned int level, + bool *free) { union amd_iommu_pte *table, *pte, old; + unsigned int idx = pfn_to_pde_idx(dfn, level); table = map_domain_page(_mfn(l1_mfn)); - pte = &table[pfn_to_pde_idx(dfn, level)]; + pte = &table[idx]; old = *pte; write_atomic(&pte->raw, 0); + *free = pt_update_contig_markers(&table->raw, idx, level, PTE_kind_null); + unmap_domain_page(table); return old; @@ -87,7 +92,11 @@ static union amd_iommu_pte set_iommu_pte_present(unsigned long pt_mfn, if ( !old.pr || old.next_level || old.mfn != next_mfn || old.iw != iw || old.ir != ir ) + { set_iommu_pde_present(pde, next_mfn, 0, iw, ir); + pt_update_contig_markers(&table->raw, pfn_to_pde_idx(dfn, level), + level, PTE_kind_leaf); + } else old.pr = false; /* signal "no change" to the caller */ @@ -326,6 +335,9 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, smp_wmb(); set_iommu_pde_present(pde, next_table_mfn, next_level, true, true); + pt_update_contig_markers(&next_table_vaddr->raw, + pfn_to_pde_idx(dfn, level), + level, PTE_kind_table); *flush_flags |= IOMMU_FLUSHF_modified; } @@ -351,6 +363,9 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, next_table_mfn = mfn_x(page_to_mfn(table)); set_iommu_pde_present(pde, next_table_mfn, next_level, true, true); + pt_update_contig_markers(&next_table_vaddr->raw, + pfn_to_pde_idx(dfn, level), + level, PTE_kind_table); } else /* should never reach here */ { @@ -487,8 +502,24 @@ int cf_check amd_iommu_unmap_page( if ( pt_mfn ) { + bool free; + /* Mark PTE as 'page not present'. */ - old = clear_iommu_pte_present(pt_mfn, dfn_x(dfn), level); + old = clear_iommu_pte_present(pt_mfn, dfn_x(dfn), level, &free); + + while ( unlikely(free) && ++level < hd->arch.amd.paging_mode ) + { + struct page_info *pg = mfn_to_page(_mfn(pt_mfn)); + + if ( iommu_pde_from_dfn(d, dfn_x(dfn), level, &pt_mfn, + flush_flags, false) ) + BUG(); + BUG_ON(!pt_mfn); + + clear_iommu_pte_present(pt_mfn, dfn_x(dfn), level, &free); + *flush_flags |= IOMMU_FLUSHF_all; + iommu_queue_free_pgtable(hd, pg); + } } spin_unlock(&hd->arch.mapping_lock); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:56:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:56:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374623.606708 (Exim 4.92) (envelope-from ) id 1oFyZZ-0004U9-Bh; Mon, 25 Jul 2022 13:56:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374623.606708; Mon, 25 Jul 2022 13:56:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZZ-0004Tx-8X; Mon, 25 Jul 2022 13:56:37 +0000 Received: by outflank-mailman (input) for mailman id 374623; Mon, 25 Jul 2022 13:56:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZY-0004Tp-8Y for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZY-0008JO-7g for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyZY-0002tu-70 for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MDDdSXFHzJLriQc7Q7FXzlnOCwvTU+/yA/rlQGLak3o=; b=Mzthsgs4Grz53ChpxVuqqUqF1s Un3RQlrhkAsHfjV0fC3KTQjW1KoKCkJoQAp2wPA72bJCsFEsf753xfRpmWqL4l9H3JIOu79E8Ghh0 kDv2Gy3N0J2azGxezbkjaS0T7ZVvFaOAkRls63mnyeI+0m6Xydbc57Ef+8NTN9UP7df0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: free all-empty page tables Message-Id: Date: Mon, 25 Jul 2022 13:56:36 +0000 commit 00c400edd7f5fed59f109b38522a47cae9943b22 Author: Jan Beulich AuthorDate: Mon Jul 25 15:40:41 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:40:41 2022 +0200 VT-d: free all-empty page tables When a page table ends up with no present entries left, it can be replaced by a non-present entry at the next higher level. The page table itself can then be scheduled for freeing. Note that while its output isn't used there yet, pt_update_contig_markers() right away needs to be called in all places where entries get updated, not just the one where entries get cleared. Note further that while pt_update_contig_markers() updates perhaps several PTEs within the table, since these are changes to "avail" bits only I do not think that cache flushing would be needed afterwards. Such cache flushing (of entire pages, unless adding yet more logic to me more selective) would be quite noticable performance-wise (very prominent during Dom0 boot). Also note that cache sync-ing is likely more strict than necessary. This is both to be on the safe side as well as to maintain the pattern of all updates of (potentially) live tables being accompanied by a flush (if so needed). Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/drivers/passthrough/vtd/iommu.c | 45 +++++++++++++++++++++++++++++++++++-- 1 file changed, 43 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 28dc54b6bf..745c7bae0d 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -43,6 +43,9 @@ #include "vtd.h" #include "../ats.h" +#define CONTIG_MASK DMA_PTE_CONTIG_MASK +#include + /* dom_io is used as a sentinel for quarantined devices */ #define QUARANTINE_SKIP(d, pgd_maddr) ((d) == dom_io && !(pgd_maddr)) #define DEVICE_DOMID(d, pdev) ((d) != dom_io ? (d)->domain_id \ @@ -405,6 +408,9 @@ static uint64_t addr_to_dma_page_maddr(struct domain *domain, daddr_t addr, write_atomic(&pte->val, new_pte.val); iommu_sync_cache(pte, sizeof(struct dma_pte)); + pt_update_contig_markers(&parent->val, + address_level_offset(addr, level), + level, PTE_kind_table); } if ( --level == target ) @@ -829,9 +835,31 @@ static int dma_pte_clear_one(struct domain *domain, daddr_t addr, old = *pte; dma_clear_pte(*pte); + iommu_sync_cache(pte, sizeof(*pte)); + + while ( pt_update_contig_markers(&page->val, + address_level_offset(addr, level), + level, PTE_kind_null) && + ++level < min_pt_levels ) + { + struct page_info *pg = maddr_to_page(pg_maddr); + + unmap_vtd_domain_page(page); + + pg_maddr = addr_to_dma_page_maddr(domain, addr, level, flush_flags, + false); + BUG_ON(pg_maddr < PAGE_SIZE); + + page = map_vtd_domain_page(pg_maddr); + pte = &page[address_level_offset(addr, level)]; + dma_clear_pte(*pte); + iommu_sync_cache(pte, sizeof(*pte)); + + *flush_flags |= IOMMU_FLUSHF_all; + iommu_queue_free_pgtable(hd, pg); + } spin_unlock(&hd->arch.mapping_lock); - iommu_sync_cache(pte, sizeof(struct dma_pte)); unmap_vtd_domain_page(page); @@ -2177,8 +2205,21 @@ static int __must_check cf_check intel_iommu_map_page( } *pte = new; - iommu_sync_cache(pte, sizeof(struct dma_pte)); + + /* + * While the (ab)use of PTE_kind_table here allows to save some work in + * the function, the main motivation for it is that it avoids a so far + * unexplained hang during boot (while preparing Dom0) on a Westmere + * based laptop. + */ + pt_update_contig_markers(&page->val, + address_level_offset(dfn_to_daddr(dfn), level), + level, + (hd->platform_ops->page_sizes & + (1UL << level_to_offset_bits(level + 1)) + ? PTE_kind_leaf : PTE_kind_table)); + spin_unlock(&hd->arch.mapping_lock); unmap_vtd_domain_page(page); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:56:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:56:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374624.606712 (Exim 4.92) (envelope-from ) id 1oFyZj-0004Wg-D2; Mon, 25 Jul 2022 13:56:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374624.606712; Mon, 25 Jul 2022 13:56:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZj-0004WW-A0; Mon, 25 Jul 2022 13:56:47 +0000 Received: by outflank-mailman (input) for mailman id 374624; Mon, 25 Jul 2022 13:56:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZi-0004WC-BF for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZi-0008Jk-AO for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyZi-0002uY-9t for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=s7XI4HpeqrLwbdy/dVpVPNpnA9Go84iWJ8OCBbsqmk8=; b=PMxY5XeWgr8Rzp/kq/7V5RcqBj xTyBz45BXIow8vArA6wdqY0rUvmrQOY+SDqXyR6bl+rrev3NDuzHBWCr5zI8NEcMPhHXmAQtprf14 nG8+HslppLpgvHoxhveXLx6yTvrfixNzVeZqMLJ3fQNTBe2HoX/DVFJxXnQ7Y070o1HM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] AMD/IOMMU: replace all-contiguous page tables by superpage mappings Message-Id: Date: Mon, 25 Jul 2022 13:56:46 +0000 commit 0f91f75eb7ec589700c2c651b03d606bb19471dc Author: Jan Beulich AuthorDate: Mon Jul 25 15:41:12 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:41:12 2022 +0200 AMD/IOMMU: replace all-contiguous page tables by superpage mappings When a page table ends up with all contiguous entries (including all identical attributes), it can be replaced by a superpage entry at the next higher level. The page table itself can then be scheduled for freeing. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu_map.c | 34 ++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index a50a6b79ab..85d3a85fbb 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -81,7 +81,8 @@ static union amd_iommu_pte set_iommu_pte_present(unsigned long pt_mfn, unsigned long dfn, unsigned long next_mfn, unsigned int level, - bool iw, bool ir) + bool iw, bool ir, + bool *contig) { union amd_iommu_pte *table, *pde, old; @@ -94,11 +95,15 @@ static union amd_iommu_pte set_iommu_pte_present(unsigned long pt_mfn, old.iw != iw || old.ir != ir ) { set_iommu_pde_present(pde, next_mfn, 0, iw, ir); - pt_update_contig_markers(&table->raw, pfn_to_pde_idx(dfn, level), - level, PTE_kind_leaf); + *contig = pt_update_contig_markers(&table->raw, + pfn_to_pde_idx(dfn, level), + level, PTE_kind_leaf); } else + { old.pr = false; /* signal "no change" to the caller */ + *contig = false; + } unmap_domain_page(table); @@ -409,6 +414,7 @@ int cf_check amd_iommu_map_page( { struct domain_iommu *hd = dom_iommu(d); unsigned int level = (IOMMUF_order(flags) / PTE_PER_TABLE_SHIFT) + 1; + bool contig; int rc; unsigned long pt_mfn = 0; union amd_iommu_pte old; @@ -452,8 +458,26 @@ int cf_check amd_iommu_map_page( /* Install mapping */ old = set_iommu_pte_present(pt_mfn, dfn_x(dfn), mfn_x(mfn), level, - (flags & IOMMUF_writable), - (flags & IOMMUF_readable)); + flags & IOMMUF_writable, + flags & IOMMUF_readable, &contig); + + while ( unlikely(contig) && ++level < hd->arch.amd.paging_mode ) + { + struct page_info *pg = mfn_to_page(_mfn(pt_mfn)); + unsigned long next_mfn; + + if ( iommu_pde_from_dfn(d, dfn_x(dfn), level, &pt_mfn, flush_flags, + false) ) + BUG(); + BUG_ON(!pt_mfn); + + next_mfn = mfn_x(mfn) & (~0UL << (PTE_PER_TABLE_SHIFT * (level - 1))); + set_iommu_pte_present(pt_mfn, dfn_x(dfn), next_mfn, level, + flags & IOMMUF_writable, + flags & IOMMUF_readable, &contig); + *flush_flags |= IOMMU_FLUSHF_modified | IOMMU_FLUSHF_all; + iommu_queue_free_pgtable(hd, pg); + } spin_unlock(&hd->arch.mapping_lock); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:56:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:56:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374625.606715 (Exim 4.92) (envelope-from ) id 1oFyZt-0004Zx-Fo; Mon, 25 Jul 2022 13:56:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374625.606715; Mon, 25 Jul 2022 13:56:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZt-0004Zq-D1; Mon, 25 Jul 2022 13:56:57 +0000 Received: by outflank-mailman (input) for mailman id 374625; Mon, 25 Jul 2022 13:56:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZs-0004Zf-E8 for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyZs-0008Jq-DF for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyZs-0002v0-Cd for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:56:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bTz8m9rQrS8X2QTSWYL/2VcLjpSsscchV3AJ+UiMBPg=; b=2Rrgw9hs+/xek7KyxF4EqZ37f2 +UQjjSP6+LsMLLJIxBrIZWlnPeWmiQKSmzuuKcZcX19o805yOP3fMmvGA+8xbDCVKdSyqQ/cMZFyM X+sL59uAROJ9m0oxqPAg2nyHFZC9rb8L0waZRb0MNpaMYJ+4ZGEJuZ1MDs5KYl4pVzrY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: replace all-contiguous page tables by superpage mappings Message-Id: Date: Mon, 25 Jul 2022 13:56:56 +0000 commit 3eb5c23542fabeeaff3c20a1fb1f6dddc2874890 Author: Jan Beulich AuthorDate: Mon Jul 25 15:41:48 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:41:48 2022 +0200 VT-d: replace all-contiguous page tables by superpage mappings When a page table ends up with all contiguous entries (including all identical attributes), it can be replaced by a superpage entry at the next higher level. The page table itself can then be scheduled for freeing. The adjustment to LEVEL_MASK is merely to avoid leaving a latent trap for whenever we (and obviously hardware) start supporting 512G mappings. Note that cache sync-ing is likely more strict than necessary. This is both to be on the safe side as well as to maintain the pattern of all updates of (potentially) live tables being accompanied by a flush (if so needed). Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/drivers/passthrough/vtd/iommu.c | 35 ++++++++++++++++++++++++++++------- xen/drivers/passthrough/vtd/iommu.h | 2 +- 2 files changed, 29 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 745c7bae0d..35545bfaef 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2211,14 +2211,35 @@ static int __must_check cf_check intel_iommu_map_page( * While the (ab)use of PTE_kind_table here allows to save some work in * the function, the main motivation for it is that it avoids a so far * unexplained hang during boot (while preparing Dom0) on a Westmere - * based laptop. + * based laptop. This also has the intended effect of terminating the + * loop when super pages aren't supported anymore at the next level. */ - pt_update_contig_markers(&page->val, - address_level_offset(dfn_to_daddr(dfn), level), - level, - (hd->platform_ops->page_sizes & - (1UL << level_to_offset_bits(level + 1)) - ? PTE_kind_leaf : PTE_kind_table)); + while ( pt_update_contig_markers(&page->val, + address_level_offset(dfn_to_daddr(dfn), level), + level, + (hd->platform_ops->page_sizes & + (1UL << level_to_offset_bits(level + 1)) + ? PTE_kind_leaf : PTE_kind_table)) ) + { + struct page_info *pg = maddr_to_page(pg_maddr); + + unmap_vtd_domain_page(page); + + new.val &= ~(LEVEL_MASK << level_to_offset_bits(level)); + dma_set_pte_superpage(new); + + pg_maddr = addr_to_dma_page_maddr(d, dfn_to_daddr(dfn), ++level, + flush_flags, false); + BUG_ON(pg_maddr < PAGE_SIZE); + + page = map_vtd_domain_page(pg_maddr); + pte = &page[address_level_offset(dfn_to_daddr(dfn), level)]; + *pte = new; + iommu_sync_cache(pte, sizeof(*pte)); + + *flush_flags |= IOMMU_FLUSHF_modified | IOMMU_FLUSHF_all; + iommu_queue_free_pgtable(hd, pg); + } spin_unlock(&hd->arch.mapping_lock); unmap_vtd_domain_page(page); diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 7c3fe40150..78aa8a96f5 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -232,7 +232,7 @@ struct context_entry { /* page table handling */ #define LEVEL_STRIDE (9) -#define LEVEL_MASK ((1 << LEVEL_STRIDE) - 1) +#define LEVEL_MASK (PTE_NUM - 1UL) #define PTE_NUM (1 << LEVEL_STRIDE) #define level_to_agaw(val) ((val) - 2) #define agaw_to_level(val) ((val) + 2) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:57:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:57:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374626.606719 (Exim 4.92) (envelope-from ) id 1oFya3-0004cj-Hg; Mon, 25 Jul 2022 13:57:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374626.606719; Mon, 25 Jul 2022 13:57:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFya3-0004cX-Ee; Mon, 25 Jul 2022 13:57:07 +0000 Received: by outflank-mailman (input) for mailman id 374626; Mon, 25 Jul 2022 13:57:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFya2-0004cJ-HA for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFya2-0008KJ-GK for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFya2-0002va-Fe for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=t7c9hTA15gXn75BylzOuah2j/A5mr0xXZYvp1z/iNfE=; b=xrMQghqnD1FFa6WP/KPA20sNqm 6L/t96GzgTKVo6G5fqUGoPUYXabzbOOgpMz1Z1XXnOIBtagI1kCDk5F3mUyOzjpS9gRvXe9ZZtiWh b46ggTtG5CBa4bi8M9Zee+bkkOvXYjv82BBoAV//J6rJ27lL2LKpzwRt29G9bugg2nuc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU/x86: add perf counters for page table splitting / coalescing Message-Id: Date: Mon, 25 Jul 2022 13:57:06 +0000 commit e0a417ce62560edea7b0022e62014252c77ba8cb Author: Jan Beulich AuthorDate: Mon Jul 25 15:42:33 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:42:33 2022 +0200 IOMMU/x86: add perf counters for page table splitting / coalescing Signed-off-by: Jan Beulich Reviewed-by: Kevin tian Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/arch/x86/include/asm/perfc_defn.h | 3 +++ xen/drivers/passthrough/amd/iommu_map.c | 4 ++++ xen/drivers/passthrough/vtd/iommu.c | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/xen/arch/x86/include/asm/perfc_defn.h b/xen/arch/x86/include/asm/perfc_defn.h index b07063b7d8..509afc516b 100644 --- a/xen/arch/x86/include/asm/perfc_defn.h +++ b/xen/arch/x86/include/asm/perfc_defn.h @@ -125,4 +125,7 @@ PERFCOUNTER(realmode_exits, "vmexits from realmode") PERFCOUNTER(pauseloop_exits, "vmexits from Pause-Loop Detection") +PERFCOUNTER(iommu_pt_shatters, "IOMMU page table shatters") +PERFCOUNTER(iommu_pt_coalesces, "IOMMU page table coalesces") + /*#endif*/ /* __XEN_PERFC_DEFN_H__ */ diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 85d3a85fbb..f2157e0043 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -345,6 +345,8 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, level, PTE_kind_table); *flush_flags |= IOMMU_FLUSHF_modified; + + perfc_incr(iommu_pt_shatters); } /* Install lower level page table for non-present entries */ @@ -477,6 +479,7 @@ int cf_check amd_iommu_map_page( flags & IOMMUF_readable, &contig); *flush_flags |= IOMMU_FLUSHF_modified | IOMMU_FLUSHF_all; iommu_queue_free_pgtable(hd, pg); + perfc_incr(iommu_pt_coalesces); } spin_unlock(&hd->arch.mapping_lock); @@ -543,6 +546,7 @@ int cf_check amd_iommu_unmap_page( clear_iommu_pte_present(pt_mfn, dfn_x(dfn), level, &free); *flush_flags |= IOMMU_FLUSHF_all; iommu_queue_free_pgtable(hd, pg); + perfc_incr(iommu_pt_coalesces); } } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 35545bfaef..496d2d50ee 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -404,6 +404,8 @@ static uint64_t addr_to_dma_page_maddr(struct domain *domain, daddr_t addr, if ( flush_flags ) *flush_flags |= IOMMU_FLUSHF_modified; + + perfc_incr(iommu_pt_shatters); } write_atomic(&pte->val, new_pte.val); @@ -857,6 +859,7 @@ static int dma_pte_clear_one(struct domain *domain, daddr_t addr, *flush_flags |= IOMMU_FLUSHF_all; iommu_queue_free_pgtable(hd, pg); + perfc_incr(iommu_pt_coalesces); } spin_unlock(&hd->arch.mapping_lock); @@ -2239,6 +2242,7 @@ static int __must_check cf_check intel_iommu_map_page( *flush_flags |= IOMMU_FLUSHF_modified | IOMMU_FLUSHF_all; iommu_queue_free_pgtable(hd, pg); + perfc_incr(iommu_pt_coalesces); } spin_unlock(&hd->arch.mapping_lock); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:57:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:57:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374627.606723 (Exim 4.92) (envelope-from ) id 1oFyaD-0004gO-Ip; Mon, 25 Jul 2022 13:57:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374627.606723; Mon, 25 Jul 2022 13:57:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyaD-0004gH-GB; Mon, 25 Jul 2022 13:57:17 +0000 Received: by outflank-mailman (input) for mailman id 374627; Mon, 25 Jul 2022 13:57:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyaC-0004g4-Jz for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyaC-0008KT-JC for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyaC-0002w1-Ia for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ou1who5EJUYtUtnFgXo9BY9HtJE76wIOO21UJ+LW8h4=; b=bCy3DQKl9AGcyV96wSvFo0W7lN JvqIhcMHt5M+rOHHeJs9ulqiJa7709Ph1PE98clWKkZl5k7C0aXEyEtRlmTkdueu5GVFsiAwqufPg M1exo0YB038dOrxoG4IJ/j+NotkYzyE2+uPn1TBu8ODZzvrN3ITe+t/AGDqlwd5JW9HQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: fold dma_pte_clear_one() into its only caller Message-Id: Date: Mon, 25 Jul 2022 13:57:16 +0000 commit fbf8e40f3b4ef79f0b38693d6b5e65573cc285f5 Author: Jan Beulich AuthorDate: Mon Jul 25 15:43:35 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:43:35 2022 +0200 VT-d: fold dma_pte_clear_one() into its only caller This way intel_iommu_unmap_page() ends up quite a bit more similar to intel_iommu_map_page(). No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/drivers/passthrough/vtd/iommu.c | 134 +++++++++++++++++------------------- 1 file changed, 63 insertions(+), 71 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 496d2d50ee..62e143125d 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -806,75 +806,6 @@ static void queue_free_pt(struct domain_iommu *hd, mfn_t mfn, unsigned int level iommu_queue_free_pgtable(hd, mfn_to_page(mfn)); } -/* clear one page's page table */ -static int dma_pte_clear_one(struct domain *domain, daddr_t addr, - unsigned int order, - unsigned int *flush_flags) -{ - struct domain_iommu *hd = dom_iommu(domain); - struct dma_pte *page = NULL, *pte = NULL, old; - u64 pg_maddr; - unsigned int level = (order / LEVEL_STRIDE) + 1; - - spin_lock(&hd->arch.mapping_lock); - /* get target level pte */ - pg_maddr = addr_to_dma_page_maddr(domain, addr, level, flush_flags, false); - if ( pg_maddr < PAGE_SIZE ) - { - spin_unlock(&hd->arch.mapping_lock); - return pg_maddr ? -ENOMEM : 0; - } - - page = (struct dma_pte *)map_vtd_domain_page(pg_maddr); - pte = &page[address_level_offset(addr, level)]; - - if ( !dma_pte_present(*pte) ) - { - spin_unlock(&hd->arch.mapping_lock); - unmap_vtd_domain_page(page); - return 0; - } - - old = *pte; - dma_clear_pte(*pte); - iommu_sync_cache(pte, sizeof(*pte)); - - while ( pt_update_contig_markers(&page->val, - address_level_offset(addr, level), - level, PTE_kind_null) && - ++level < min_pt_levels ) - { - struct page_info *pg = maddr_to_page(pg_maddr); - - unmap_vtd_domain_page(page); - - pg_maddr = addr_to_dma_page_maddr(domain, addr, level, flush_flags, - false); - BUG_ON(pg_maddr < PAGE_SIZE); - - page = map_vtd_domain_page(pg_maddr); - pte = &page[address_level_offset(addr, level)]; - dma_clear_pte(*pte); - iommu_sync_cache(pte, sizeof(*pte)); - - *flush_flags |= IOMMU_FLUSHF_all; - iommu_queue_free_pgtable(hd, pg); - perfc_incr(iommu_pt_coalesces); - } - - spin_unlock(&hd->arch.mapping_lock); - - unmap_vtd_domain_page(page); - - *flush_flags |= IOMMU_FLUSHF_modified; - - if ( order && !dma_pte_superpage(old) ) - queue_free_pt(hd, maddr_to_mfn(dma_pte_addr(old)), - order / LEVEL_STRIDE); - - return 0; -} - static int iommu_set_root_entry(struct vtd_iommu *iommu) { u32 sts; @@ -2264,11 +2195,17 @@ static int __must_check cf_check intel_iommu_map_page( static int __must_check cf_check intel_iommu_unmap_page( struct domain *d, dfn_t dfn, unsigned int order, unsigned int *flush_flags) { + struct domain_iommu *hd = dom_iommu(d); + daddr_t addr = dfn_to_daddr(dfn); + struct dma_pte *page = NULL, *pte = NULL, old; + uint64_t pg_maddr; + unsigned int level = (order / LEVEL_STRIDE) + 1; + /* * While really we could unmap at any granularity, for now we assume unmaps * are issued by common code only at the same granularity as maps. */ - ASSERT((dom_iommu(d)->platform_ops->page_sizes >> order) & PAGE_SIZE_4K); + ASSERT((hd->platform_ops->page_sizes >> order) & PAGE_SIZE_4K); /* Do nothing if VT-d shares EPT page table */ if ( iommu_use_hap_pt(d) ) @@ -2278,7 +2215,62 @@ static int __must_check cf_check intel_iommu_unmap_page( if ( iommu_hwdom_passthrough && is_hardware_domain(d) ) return 0; - return dma_pte_clear_one(d, dfn_to_daddr(dfn), order, flush_flags); + spin_lock(&hd->arch.mapping_lock); + /* get target level pte */ + pg_maddr = addr_to_dma_page_maddr(d, addr, level, flush_flags, false); + if ( pg_maddr < PAGE_SIZE ) + { + spin_unlock(&hd->arch.mapping_lock); + return pg_maddr ? -ENOMEM : 0; + } + + page = map_vtd_domain_page(pg_maddr); + pte = &page[address_level_offset(addr, level)]; + + if ( !dma_pte_present(*pte) ) + { + spin_unlock(&hd->arch.mapping_lock); + unmap_vtd_domain_page(page); + return 0; + } + + old = *pte; + dma_clear_pte(*pte); + iommu_sync_cache(pte, sizeof(*pte)); + + while ( pt_update_contig_markers(&page->val, + address_level_offset(addr, level), + level, PTE_kind_null) && + ++level < min_pt_levels ) + { + struct page_info *pg = maddr_to_page(pg_maddr); + + unmap_vtd_domain_page(page); + + pg_maddr = addr_to_dma_page_maddr(d, addr, level, flush_flags, false); + BUG_ON(pg_maddr < PAGE_SIZE); + + page = map_vtd_domain_page(pg_maddr); + pte = &page[address_level_offset(addr, level)]; + dma_clear_pte(*pte); + iommu_sync_cache(pte, sizeof(*pte)); + + *flush_flags |= IOMMU_FLUSHF_all; + iommu_queue_free_pgtable(hd, pg); + perfc_incr(iommu_pt_coalesces); + } + + spin_unlock(&hd->arch.mapping_lock); + + unmap_vtd_domain_page(page); + + *flush_flags |= IOMMU_FLUSHF_modified; + + if ( order && !dma_pte_superpage(old) ) + queue_free_pt(hd, maddr_to_mfn(dma_pte_addr(old)), + order / LEVEL_STRIDE); + + return 0; } static int cf_check intel_iommu_lookup_page( -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:57:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:57:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374628.606726 (Exim 4.92) (envelope-from ) id 1oFyaN-0004iy-KT; Mon, 25 Jul 2022 13:57:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374628.606726; Mon, 25 Jul 2022 13:57:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyaN-0004iq-Hu; Mon, 25 Jul 2022 13:57:27 +0000 Received: by outflank-mailman (input) for mailman id 374628; Mon, 25 Jul 2022 13:57:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyaM-0004ic-Mz for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyaM-0008KX-MB for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyaM-0002wQ-LZ for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+4nAMB1+5hv/h6P4mPIovBAlf2ZZPOa0aR4WOrb2wbE=; b=SkWXatRcWXZbZH3VpcLf3Yl2iO +r0dOBRKs5HJsgwwWtqdhos5ip5dKQtca8dEwi4j2CP+YHRrRYrelMslwqv2b2sDtpVeghVvCUwnV YBVraY6OY2K2Cs1jop6ZDAVNrePfKk4Z4kEcX1zthzRzOXsWC9rOCDuU+91XuR+o4LEs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] golang/xenlight: Update generated code Message-Id: Date: Mon, 25 Jul 2022 13:57:26 +0000 commit 7c5e3cc07dc7c087af4e9175e85c2b21c8a39c81 Author: Oleksandr Tyshchenko AuthorDate: Mon Jul 25 15:44:17 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:44:17 2022 +0200 golang/xenlight: Update generated code Re-generate goland bindings to reflect changes to libxl_types.idl from the following commit: 54d8f27d0477 tools/libxl: report trusted backend status to frontends Signed-off-by: Oleksandr Tyshchenko Reviewed-by: Anthony PERARD --- tools/golang/xenlight/helpers.gen.go | 12 ++++++++++++ tools/golang/xenlight/types.gen.go | 2 ++ 2 files changed, 14 insertions(+) diff --git a/tools/golang/xenlight/helpers.gen.go b/tools/golang/xenlight/helpers.gen.go index dece545ee0..33fe03971f 100644 --- a/tools/golang/xenlight/helpers.gen.go +++ b/tools/golang/xenlight/helpers.gen.go @@ -1774,6 +1774,9 @@ x.ColoPort = int(xc.colo_port) x.ColoExport = C.GoString(xc.colo_export) x.ActiveDisk = C.GoString(xc.active_disk) x.HiddenDisk = C.GoString(xc.hidden_disk) +if err := x.Trusted.fromC(&xc.trusted);err != nil { +return fmt.Errorf("converting field Trusted: %v", err) +} return nil} @@ -1815,6 +1818,9 @@ if x.ActiveDisk != "" { xc.active_disk = C.CString(x.ActiveDisk)} if x.HiddenDisk != "" { xc.hidden_disk = C.CString(x.HiddenDisk)} +if err := x.Trusted.toC(&xc.trusted); err != nil { +return fmt.Errorf("converting field Trusted: %v", err) +} return nil } @@ -1899,6 +1905,9 @@ x.ColoFilterSecRedirector1Outdev = C.GoString(xc.colo_filter_sec_redirector1_out x.ColoFilterSecRewriter0Queue = C.GoString(xc.colo_filter_sec_rewriter0_queue) x.ColoCheckpointHost = C.GoString(xc.colo_checkpoint_host) x.ColoCheckpointPort = C.GoString(xc.colo_checkpoint_port) +if err := x.Trusted.fromC(&xc.trusted);err != nil { +return fmt.Errorf("converting field Trusted: %v", err) +} return nil} @@ -2028,6 +2037,9 @@ if x.ColoCheckpointHost != "" { xc.colo_checkpoint_host = C.CString(x.ColoCheckpointHost)} if x.ColoCheckpointPort != "" { xc.colo_checkpoint_port = C.CString(x.ColoCheckpointPort)} +if err := x.Trusted.toC(&xc.trusted); err != nil { +return fmt.Errorf("converting field Trusted: %v", err) +} return nil } diff --git a/tools/golang/xenlight/types.gen.go b/tools/golang/xenlight/types.gen.go index 253c9ad93d..bb149547fd 100644 --- a/tools/golang/xenlight/types.gen.go +++ b/tools/golang/xenlight/types.gen.go @@ -652,6 +652,7 @@ ColoPort int ColoExport string ActiveDisk string HiddenDisk string +Trusted Defbool } type DeviceNic struct { @@ -718,6 +719,7 @@ ColoFilterSecRedirector1Outdev string ColoFilterSecRewriter0Queue string ColoCheckpointHost string ColoCheckpointPort string +Trusted Defbool } type DevicePci struct { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:57:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:57:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374629.606731 (Exim 4.92) (envelope-from ) id 1oFyaX-0004ly-ME; Mon, 25 Jul 2022 13:57:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374629.606731; Mon, 25 Jul 2022 13:57:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyaX-0004lp-JQ; Mon, 25 Jul 2022 13:57:37 +0000 Received: by outflank-mailman (input) for mailman id 374629; Mon, 25 Jul 2022 13:57:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyaW-0004lh-Ps for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyaW-0008Kh-P6 for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyaW-0002wp-OZ for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1tYWPFV16CS2ZFteE8N71Ivf+qRK90725gvzcQa8k9Y=; b=g2F2x/aRciwD8j1veylXYiXfUD UdDoLoGNV1OU/uKcqQf3Z2gLPSCX2+ZsMFdi0fbZrv9I8/DgzMacIqrj28as4glRVoOP3FtujzUw/ 9yPSmuAtVs/FTWbmpnOQJW0ch6ax0AF/yerhhbPlenShFLOr9wy/peFMWsQle9G1PJgs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/mem_sharing: support forks with active vPMU state Message-Id: Date: Mon, 25 Jul 2022 13:57:36 +0000 commit 755087eb9b10cac418b1327382b2506d32bbfb7d Author: Tamas K Lengyel AuthorDate: Mon Jul 25 15:44:33 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:44:33 2022 +0200 xen/mem_sharing: support forks with active vPMU state Currently the vPMU state from a parent isn't copied to VM forks. To enable the vPMU state to be copied to a fork VM we export certain vPMU functions. First, the vPMU context needs to be allocated for the fork if the parent has one. For this we introduce vpmu->allocate_context, which has previously only been called when the guest enables the PMU on itself. Furthermore, we export vpmu_save_force so that the PMU context can be saved on-demand even if no context switch took place on the parent's CPU yet. Additionally, we make sure all relevant configuration MSRs are saved in the vPMU context so the copy is complete and the fork starts with the same PMU config as the parent. Signed-off-by: Tamas K Lengyel Acked-by: Andrew Cooper --- xen/arch/x86/cpu/vpmu.c | 14 +++++++++++- xen/arch/x86/cpu/vpmu_amd.c | 12 +++++++++++ xen/arch/x86/cpu/vpmu_intel.c | 32 +++++++++++++++++++++++----- xen/arch/x86/include/asm/vpmu.h | 17 +++++++++++++++ xen/arch/x86/mm/mem_sharing.c | 47 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 116 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index d2c03a1104..cacc24a30f 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -336,7 +336,19 @@ void vpmu_do_interrupt(struct cpu_user_regs *regs) #endif } -static void cf_check vpmu_save_force(void *arg) +#ifdef CONFIG_MEM_SHARING +int vpmu_allocate_context(struct vcpu *v) +{ + struct vpmu_struct *vpmu = vcpu_vpmu(v); + + if ( vpmu_is_set(vpmu, VPMU_CONTEXT_ALLOCATED) ) + return 0; + + return alternative_call(vpmu_ops.allocate_context, v) ? 0 : -ENOMEM; +} +#endif + +void cf_check vpmu_save_force(void *arg) { struct vcpu *v = arg; struct vpmu_struct *vpmu = vcpu_vpmu(v); diff --git a/xen/arch/x86/cpu/vpmu_amd.c b/xen/arch/x86/cpu/vpmu_amd.c index 9bacc02ec1..58794a16f0 100644 --- a/xen/arch/x86/cpu/vpmu_amd.c +++ b/xen/arch/x86/cpu/vpmu_amd.c @@ -518,6 +518,14 @@ static int cf_check svm_vpmu_initialise(struct vcpu *v) return 0; } +#ifdef CONFIG_MEM_SHARING +static int cf_check amd_allocate_context(struct vcpu *v) +{ + ASSERT_UNREACHABLE(); + return 0; +} +#endif + static const struct arch_vpmu_ops __initconst_cf_clobber amd_vpmu_ops = { .initialise = svm_vpmu_initialise, .do_wrmsr = amd_vpmu_do_wrmsr, @@ -527,6 +535,10 @@ static const struct arch_vpmu_ops __initconst_cf_clobber amd_vpmu_ops = { .arch_vpmu_save = amd_vpmu_save, .arch_vpmu_load = amd_vpmu_load, .arch_vpmu_dump = amd_vpmu_dump, + +#ifdef CONFIG_MEM_SHARING + .allocate_context = amd_allocate_context, +#endif }; static const struct arch_vpmu_ops *__init common_init(void) diff --git a/xen/arch/x86/cpu/vpmu_intel.c b/xen/arch/x86/cpu/vpmu_intel.c index 8612f46973..b91d818be0 100644 --- a/xen/arch/x86/cpu/vpmu_intel.c +++ b/xen/arch/x86/cpu/vpmu_intel.c @@ -282,10 +282,17 @@ static inline void __core2_vpmu_save(struct vcpu *v) for ( i = 0; i < fixed_pmc_cnt; i++ ) rdmsrl(MSR_CORE_PERF_FIXED_CTR0 + i, fixed_counters[i]); for ( i = 0; i < arch_pmc_cnt; i++ ) + { rdmsrl(MSR_IA32_PERFCTR0 + i, xen_pmu_cntr_pair[i].counter); + rdmsrl(MSR_P6_EVNTSEL(i), xen_pmu_cntr_pair[i].control); + } if ( !is_hvm_vcpu(v) ) rdmsrl(MSR_CORE_PERF_GLOBAL_STATUS, core2_vpmu_cxt->global_status); + /* Save MSR to private context to make it fork-friendly */ + else if ( mem_sharing_enabled(v->domain) ) + vmx_read_guest_msr(v, MSR_CORE_PERF_GLOBAL_CTRL, + &core2_vpmu_cxt->global_ctrl); } static int cf_check core2_vpmu_save(struct vcpu *v, bool to_guest) @@ -346,6 +353,10 @@ static inline void __core2_vpmu_load(struct vcpu *v) core2_vpmu_cxt->global_ovf_ctrl = 0; wrmsrl(MSR_CORE_PERF_GLOBAL_CTRL, core2_vpmu_cxt->global_ctrl); } + /* Restore MSR from context when used with a fork */ + else if ( mem_sharing_is_fork(v->domain) ) + vmx_write_guest_msr(v, MSR_CORE_PERF_GLOBAL_CTRL, + core2_vpmu_cxt->global_ctrl); } static int core2_vpmu_verify(struct vcpu *v) @@ -443,7 +454,7 @@ static int cf_check core2_vpmu_load(struct vcpu *v, bool from_guest) return 0; } -static int core2_vpmu_alloc_resource(struct vcpu *v) +static int cf_check core2_vpmu_alloc_resource(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); struct xen_pmu_intel_ctxt *core2_vpmu_cxt = NULL; @@ -461,11 +472,18 @@ static int core2_vpmu_alloc_resource(struct vcpu *v) goto out_err; } - core2_vpmu_cxt = xzalloc_flex_struct(struct xen_pmu_intel_ctxt, regs, - fixed_pmc_cnt + arch_pmc_cnt * - (sizeof(struct xen_pmu_cntr_pair) / - sizeof(*core2_vpmu_cxt->regs))); + vpmu->priv_context_size = sizeof(uint64_t); + vpmu->context_size = sizeof(struct xen_pmu_intel_ctxt) + + fixed_pmc_cnt * sizeof(uint64_t) + + arch_pmc_cnt * sizeof(struct xen_pmu_cntr_pair); + /* Calculate and add the padding for alignment */ + vpmu->context_size += vpmu->context_size % + sizeof(struct xen_pmu_intel_ctxt); + + core2_vpmu_cxt = _xzalloc(vpmu->context_size, + sizeof(struct xen_pmu_intel_ctxt)); p = xzalloc(uint64_t); + if ( !core2_vpmu_cxt || !p ) goto out_err; @@ -889,6 +907,10 @@ static const struct arch_vpmu_ops __initconst_cf_clobber core2_vpmu_ops = { .arch_vpmu_save = core2_vpmu_save, .arch_vpmu_load = core2_vpmu_load, .arch_vpmu_dump = core2_vpmu_dump, + +#ifdef CONFIG_MEM_SHARING + .allocate_context = core2_vpmu_alloc_resource, +#endif }; const struct arch_vpmu_ops *__init core2_vpmu_init(void) diff --git a/xen/arch/x86/include/asm/vpmu.h b/xen/arch/x86/include/asm/vpmu.h index e5709bd44a..8a3ae11562 100644 --- a/xen/arch/x86/include/asm/vpmu.h +++ b/xen/arch/x86/include/asm/vpmu.h @@ -47,6 +47,10 @@ struct arch_vpmu_ops { int (*arch_vpmu_save)(struct vcpu *v, bool_t to_guest); int (*arch_vpmu_load)(struct vcpu *v, bool_t from_guest); void (*arch_vpmu_dump)(const struct vcpu *); + +#ifdef CONFIG_MEM_SHARING + int (*allocate_context)(struct vcpu *v); +#endif }; const struct arch_vpmu_ops *core2_vpmu_init(void); @@ -59,6 +63,8 @@ struct vpmu_struct { u32 hw_lapic_lvtpc; void *context; /* May be shared with PV guest */ void *priv_context; /* hypervisor-only */ + size_t context_size; + size_t priv_context_size; struct xen_pmu_data *xenpmu_data; spinlock_t vpmu_lock; }; @@ -108,6 +114,7 @@ void vpmu_do_interrupt(struct cpu_user_regs *regs); void vpmu_initialise(struct vcpu *v); void vpmu_destroy(struct vcpu *v); void vpmu_save(struct vcpu *v); +void vpmu_save_force(void *arg); int vpmu_load(struct vcpu *v, bool_t from_guest); void vpmu_dump(struct vcpu *v); @@ -136,5 +143,15 @@ static inline void vpmu_switch_to(struct vcpu *next) vpmu_load(next, 0); } +#ifdef CONFIG_MEM_SHARING +int vpmu_allocate_context(struct vcpu *v); +#else +static inline int vpmu_allocate_context(struct vcpu *v) +{ + ASSERT_UNREACHABLE(); + return 0; +} +#endif + #endif /* __ASM_X86_HVM_VPMU_H_*/ diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index 8f9d9ed9a9..649d93dc54 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -1653,6 +1653,49 @@ static void copy_vcpu_nonreg_state(struct vcpu *d_vcpu, struct vcpu *cd_vcpu) hvm_set_nonreg_state(cd_vcpu, &nrs); } +static int copy_vpmu(struct vcpu *d_vcpu, struct vcpu *cd_vcpu) +{ + struct vpmu_struct *d_vpmu = vcpu_vpmu(d_vcpu); + struct vpmu_struct *cd_vpmu = vcpu_vpmu(cd_vcpu); + int ret; + + if ( !vpmu_are_all_set(d_vpmu, VPMU_INITIALIZED | VPMU_CONTEXT_ALLOCATED) ) + return 0; + if ( (ret = vpmu_allocate_context(cd_vcpu)) ) + return ret; + + /* + * The VPMU subsystem only saves the context when the CPU does a context + * switch. Otherwise, the relevant MSRs are not saved on vmexit. + * We force a save here in case the parent CPU context is still loaded. + */ + if ( vpmu_is_set(d_vpmu, VPMU_CONTEXT_LOADED) ) + { + unsigned int pcpu = smp_processor_id(); + + if ( d_vpmu->last_pcpu != pcpu ) + { + on_selected_cpus(cpumask_of(d_vpmu->last_pcpu), + vpmu_save_force, d_vcpu, 1); + vpmu_reset(d_vpmu, VPMU_CONTEXT_LOADED); + } + else + vpmu_save(d_vcpu); + } + + if ( vpmu_is_set(d_vpmu, VPMU_RUNNING) ) + vpmu_set(cd_vpmu, VPMU_RUNNING); + + /* Make sure context gets (re-)loaded when scheduled next */ + vpmu_reset(cd_vpmu, VPMU_CONTEXT_LOADED); + + memcpy(cd_vpmu->context, d_vpmu->context, d_vpmu->context_size); + memcpy(cd_vpmu->priv_context, d_vpmu->priv_context, + d_vpmu->priv_context_size); + + return 0; +} + static int copy_vcpu_settings(struct domain *cd, const struct domain *d) { unsigned int i; @@ -1702,6 +1745,10 @@ static int copy_vcpu_settings(struct domain *cd, const struct domain *d) copy_domain_page(new_vcpu_info_mfn, vcpu_info_mfn); } + ret = copy_vpmu(d_vcpu, cd_vcpu); + if ( ret ) + return ret; + hvm_vmtrace_reset(cd_vcpu); copy_vcpu_nonreg_state(d_vcpu, cd_vcpu); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:57:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:57:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374630.606735 (Exim 4.92) (envelope-from ) id 1oFyah-0004p8-Ov; Mon, 25 Jul 2022 13:57:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374630.606735; Mon, 25 Jul 2022 13:57:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyah-0004p1-MH; Mon, 25 Jul 2022 13:57:47 +0000 Received: by outflank-mailman (input) for mailman id 374630; Mon, 25 Jul 2022 13:57:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyag-0004ot-Sl for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyag-0008LD-S0 for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyag-0002xF-RJ for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=erFs04HDrDk1tJesI5A68RTBxZu8cgSKuJNBet/GIS8=; b=eTcQblV5rZEsVqdYtB3WU1AGnB wcxRnNTRBTky5mn675dS3v8b/ZX+37EM8QwHqS0gzEI7daz1HD+sWzLmOTS3/ArxMgZzuq8ft9H22 V6JLmB9XY5X1lE88mhiMkHKyB8NuqUveD88xCK20WY8cMXGHYY+10+SBXBLmMiMmBMH4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Arm32: restore proper name of .dtb section start symbol Message-Id: Date: Mon, 25 Jul 2022 13:57:46 +0000 commit e625ddee2767eadaac48d17184f231e9874b4d4b Author: Jan Beulich AuthorDate: Mon Jul 25 15:45:31 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:45:31 2022 +0200 Arm32: restore proper name of .dtb section start symbol This addresses a build failure when CONFIG_DTB_FILE evaluates to a non- empty string. Fixes: d07358f2dccd ("xen/arm32: head.S: Introduce a macro to load the physical address of a symbol") Signed-off-by: Jan Beulich --- xen/arch/arm/arm32/head.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/arm/arm32/head.S b/xen/arch/arm/arm32/head.S index 98ccf18b51..46d93bebba 100644 --- a/xen/arch/arm/arm32/head.S +++ b/xen/arch/arm/arm32/head.S @@ -162,7 +162,7 @@ past_zImage: /* Using the DTB in the .dtb section? */ .ifnes CONFIG_DTB_FILE,"" - load_paddr r8, _stdb + load_paddr r8, _sdtb .endif /* Initialize the UART if earlyprintk has been enabled. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Jul 25 13:57:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 25 Jul 2022 13:57:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374631.606739 (Exim 4.92) (envelope-from ) id 1oFyar-0004sH-Qf; Mon, 25 Jul 2022 13:57:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374631.606739; Mon, 25 Jul 2022 13:57:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyar-0004s7-Ni; Mon, 25 Jul 2022 13:57:57 +0000 Received: by outflank-mailman (input) for mailman id 374631; Mon, 25 Jul 2022 13:57:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyaq-0004ru-Vt for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oFyaq-0008LO-V1 for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oFyaq-0002xh-UN for xen-changelog@lists.xenproject.org; Mon, 25 Jul 2022 13:57:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nslqiwg/KU1ne2kPHRFn4hYs7C+07vGBnMXge31zpXs=; b=kPe5etDtwsd3GcTtTqxMg3Cqag 4XQ6G3lmyJjwF0i4ekb6v+jMSmhZIc3tWfI/YsQZB41lL4X95HgjIiMaLIbNIMFH2Bko7xcONycuO JTuNVnf6bPjOEV0ucQ9x+WwqfgDcapTqydI5HbIyDSVRWLXYlvN8O86r0UOYiwbA4c+U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] include: correct re-building conditions around hypercall-defs.h Message-Id: Date: Mon, 25 Jul 2022 13:57:56 +0000 commit f1c719d5cd8ab4d5d4c8df139b9df3c2c47221d1 Author: Jan Beulich AuthorDate: Mon Jul 25 15:46:21 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:46:21 2022 +0200 include: correct re-building conditions around hypercall-defs.h For a .cmd file to be picked up, the respective target needs to be listed in $(targets). This wasn't the case for hypercall-defs.i, leading to permanent re-building even on an entirely unchanged tree (because of the command apparently having changed). In exchange the target doesn't need naming in $(clean-files) anymore. Fixes: eca1f00d0227 ("xen: generate hypercall interface related code") Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD --- xen/include/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/include/Makefile b/xen/include/Makefile index 65d61fc7f4..65be310eca 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -114,7 +114,7 @@ all: $(obj)/xen/hypercall-defs.h $(obj)/xen/hypercall-defs.h: $(obj)/hypercall-defs.i $(srctree)/scripts/gen_hypercall.awk FORCE $(call if_changed,genhyp) -targets += xen/hypercall-defs.h +targets += hypercall-defs.i xen/hypercall-defs.h ifeq ($(XEN_TARGET_ARCH),$(XEN_COMPILE_ARCH)) @@ -225,4 +225,3 @@ all: lib-x86-all endif clean-files := compat config generated xen/lib/x86/cpuid-autogen.h -clean-files += hypercall-defs.i -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:00:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:00:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374873.607009 (Exim 4.92) (envelope-from ) id 1oG7zY-0004fV-0p; Tue, 26 Jul 2022 00:00:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374873.607009; Tue, 26 Jul 2022 00:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG7zX-0004f4-TJ; Tue, 26 Jul 2022 00:00:03 +0000 Received: by outflank-mailman (input) for mailman id 374873; Tue, 26 Jul 2022 00:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG7zW-0004MZ-BX for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG7zW-0005yX-AR for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG7zW-00040U-8a for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FOQj38vc2xHOxlJ7lsosN3Y6xKGXcOVBuS5syH9dx14=; b=qo5qd93Qx5P9bRVndGcv7C5yrW XeKaf26ek+/CKN+J+9mSCgYpTH1nx75ZrXz13xsBFKB4XwVetEfA+OwKssq6DrIzETXOuL17kXb/I 4AoKJVyJ8nixljmHwnpctahVorQRzMcmFrLyAuz1p1hsn9FnxJdx8lFZzAZDK+WdJqYM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] iommu: add preemption support to iommu_{un,}map() Message-Id: Date: Tue, 26 Jul 2022 00:00:02 +0000 commit c519819ff5c61ae8b36509c9e8ed9d2a2fdac886 Author: Roger Pau Monné AuthorDate: Mon Jul 25 15:31:41 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:31:41 2022 +0200 iommu: add preemption support to iommu_{un,}map() The loop in iommu_{,un}map() can be arbitrary large, and as such it needs to handle preemption. Introduce a new flag that signals whether the function should do preemption checks, returning the number of pages that have been processed in case a need for preemption was actually found. Note that the cleanup done in iommu_map() can now be incomplete if preemption has happened, and hence callers would need to take care of unmapping the whole range (ie: ranges already mapped by previously preempted calls). So far none of the callers care about having those ranges unmapped, so error handling in arch_iommu_hwdom_init() can be kept as-is. Note that iommu_legacy_{un,}map() are left without preemption handling: callers of those interfaces aren't going to modified to pass bigger chunks, and hence the functions won't be modified as they are legacy and uses should be replaced with iommu_{un,}map() instead if preemption is required. Signed-off-by: Roger Pau Monné Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/drivers/passthrough/iommu.c | 38 +++++++++++++++++++++++++++----------- xen/include/xen/iommu.h | 23 +++++++++++++++-------- 2 files changed, 42 insertions(+), 19 deletions(-) diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 77f64e6174..1eae9393b2 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -308,13 +308,13 @@ static unsigned int mapping_order(const struct domain_iommu *hd, return order; } -int iommu_map(struct domain *d, dfn_t dfn0, mfn_t mfn0, - unsigned long page_count, unsigned int flags, - unsigned int *flush_flags) +long iommu_map(struct domain *d, dfn_t dfn0, mfn_t mfn0, + unsigned long page_count, unsigned int flags, + unsigned int *flush_flags) { const struct domain_iommu *hd = dom_iommu(d); unsigned long i; - unsigned int order; + unsigned int order, j = 0; int rc = 0; if ( !is_iommu_enabled(d) ) @@ -329,6 +329,11 @@ int iommu_map(struct domain *d, dfn_t dfn0, mfn_t mfn0, order = mapping_order(hd, dfn, mfn, page_count - i); + if ( (flags & IOMMUF_preempt) && + ((!(++j & 0xfff) && general_preempt_check()) || + i > LONG_MAX - (1UL << order)) ) + return i; + rc = iommu_call(hd->platform_ops, map_page, d, dfn, mfn, flags | IOMMUF_order(order), flush_flags); @@ -341,7 +346,7 @@ int iommu_map(struct domain *d, dfn_t dfn0, mfn_t mfn0, d->domain_id, dfn_x(dfn), mfn_x(mfn), rc); /* while statement to satisfy __must_check */ - while ( iommu_unmap(d, dfn0, i, flush_flags) ) + while ( iommu_unmap(d, dfn0, i, 0, flush_flags) ) break; if ( !is_hardware_domain(d) ) @@ -365,7 +370,10 @@ int iommu_legacy_map(struct domain *d, dfn_t dfn, mfn_t mfn, unsigned long page_count, unsigned int flags) { unsigned int flush_flags = 0; - int rc = iommu_map(d, dfn, mfn, page_count, flags, &flush_flags); + int rc; + + ASSERT(!(flags & IOMMUF_preempt)); + rc = iommu_map(d, dfn, mfn, page_count, flags, &flush_flags); if ( !this_cpu(iommu_dont_flush_iotlb) && !rc ) rc = iommu_iotlb_flush(d, dfn, page_count, flush_flags); @@ -373,25 +381,33 @@ int iommu_legacy_map(struct domain *d, dfn_t dfn, mfn_t mfn, return rc; } -int iommu_unmap(struct domain *d, dfn_t dfn0, unsigned long page_count, - unsigned int *flush_flags) +long iommu_unmap(struct domain *d, dfn_t dfn0, unsigned long page_count, + unsigned int flags, unsigned int *flush_flags) { const struct domain_iommu *hd = dom_iommu(d); unsigned long i; - unsigned int order; + unsigned int order, j = 0; int rc = 0; if ( !is_iommu_enabled(d) ) return 0; + ASSERT(!(flags & ~IOMMUF_preempt)); + for ( i = 0; i < page_count; i += 1UL << order ) { dfn_t dfn = dfn_add(dfn0, i); int err; order = mapping_order(hd, dfn, _mfn(0), page_count - i); + + if ( (flags & IOMMUF_preempt) && + ((!(++j & 0xfff) && general_preempt_check()) || + i > LONG_MAX - (1UL << order)) ) + return i; + err = iommu_call(hd->platform_ops, unmap_page, d, dfn, - order, flush_flags); + flags | IOMMUF_order(order), flush_flags); if ( likely(!err) ) continue; @@ -425,7 +441,7 @@ int iommu_unmap(struct domain *d, dfn_t dfn0, unsigned long page_count, int iommu_legacy_unmap(struct domain *d, dfn_t dfn, unsigned long page_count) { unsigned int flush_flags = 0; - int rc = iommu_unmap(d, dfn, page_count, &flush_flags); + int rc = iommu_unmap(d, dfn, page_count, 0, &flush_flags); if ( !this_cpu(iommu_dont_flush_iotlb) && !rc ) rc = iommu_iotlb_flush(d, dfn, page_count, flush_flags); diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 79529adf1f..1240d7762d 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -124,14 +124,15 @@ void arch_iommu_check_autotranslated_hwdom(struct domain *d); void arch_iommu_hwdom_init(struct domain *d); /* - * The following flags are passed to map operations and passed by lookup - * operations. + * The following flags are passed to map (applicable ones also to unmap) + * operations, while some are passed back by lookup operations. */ #define IOMMUF_order(n) ((n) & 0x3f) #define _IOMMUF_readable 6 #define IOMMUF_readable (1u<<_IOMMUF_readable) #define _IOMMUF_writable 7 #define IOMMUF_writable (1u<<_IOMMUF_writable) +#define IOMMUF_preempt (1u << 8) /* * flush_flags: @@ -153,12 +154,18 @@ enum #define IOMMU_FLUSHF_modified (1u << _IOMMU_FLUSHF_modified) #define IOMMU_FLUSHF_all (1u << _IOMMU_FLUSHF_all) -int __must_check iommu_map(struct domain *d, dfn_t dfn, mfn_t mfn, - unsigned long page_count, unsigned int flags, - unsigned int *flush_flags); -int __must_check iommu_unmap(struct domain *d, dfn_t dfn, - unsigned long page_count, - unsigned int *flush_flags); +/* + * For both of these: Negative return values are error indicators. Zero + * indicates full successful completion of the request, while positive + * values indicate partial completion, which is possible only with + * IOMMUF_preempt passed in. + */ +long __must_check iommu_map(struct domain *d, dfn_t dfn, mfn_t mfn, + unsigned long page_count, unsigned int flags, + unsigned int *flush_flags); +long __must_check iommu_unmap(struct domain *d, dfn_t dfn, + unsigned long page_count, unsigned int flags, + unsigned int *flush_flags); int __must_check iommu_legacy_map(struct domain *d, dfn_t dfn, mfn_t mfn, unsigned long page_count, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:00:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374874.607014 (Exim 4.92) (envelope-from ) id 1oG7zh-0005Ar-2J; Tue, 26 Jul 2022 00:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374874.607014; Tue, 26 Jul 2022 00:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG7zg-0005Ai-VD; Tue, 26 Jul 2022 00:00:12 +0000 Received: by outflank-mailman (input) for mailman id 374874; Tue, 26 Jul 2022 00:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG7zg-0005AW-HM for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG7zg-0006Ex-Eo for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG7zg-00043R-Cx for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vfGtXfd6ayg+7L7xcbtjmamGOpP+y2/Sc+6LojOMCtk=; b=f7LekrVN804tfG4nB+tSGZ53ZS apIS+Q9aneAvMyVV1VHmG6EtI96v/0unfT/JoM1xFq6MNjDmjLsnUMiM9CTZPHpPJaAg9lz3mDdl7 du1eCwydDY60TA99/uWDz5OdW8a/uzGoNNu4eepFfNi7hk5yN7F4MA0w8cbPW1fAlotQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU/x86: perform PV Dom0 mappings in batches Message-Id: Date: Tue, 26 Jul 2022 00:00:12 +0000 commit c1e1564c8995d8a08891bd9313e4289bbe4662b4 Author: Jan Beulich AuthorDate: Mon Jul 25 15:32:59 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:32:59 2022 +0200 IOMMU/x86: perform PV Dom0 mappings in batches For large page mappings to be easily usable (i.e. in particular without un-shattering of smaller page mappings) and for mapping operations to then also be more efficient, pass batches of Dom0 memory to iommu_map(). In dom0_construct_pv() and its helpers (covering strict mode) this additionally requires establishing the type of those pages (albeit with zero type references). The earlier establishing of PGT_writable_page | PGT_validated requires the existing places where this gets done (through get_page_and_type()) to be updated: For pages which actually have a mapping, the type refcount needs to be 1. There is actually a related bug that gets fixed here as a side effect: Typically the last L1 table would get marked as such only after get_page_and_type(..., PGT_writable_page). While this is fine as far as refcounting goes, the page did remain mapped in the IOMMU in this case (when "iommu=dom0-strict"). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant --- xen/arch/x86/pv/dom0_build.c | 97 ++++++++++++++++++++++++++++++++++--- xen/drivers/passthrough/x86/iommu.c | 52 +++++++++++++++----- 2 files changed, 129 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index e501979a86..323c49b0bd 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -46,7 +46,8 @@ void __init dom0_update_physmap(bool compat, unsigned long pfn, static __init void mark_pv_pt_pages_rdonly(struct domain *d, l4_pgentry_t *l4start, unsigned long vpt_start, - unsigned long nr_pt_pages) + unsigned long nr_pt_pages, + unsigned int *flush_flags) { unsigned long count; struct page_info *page; @@ -71,6 +72,14 @@ static __init void mark_pv_pt_pages_rdonly(struct domain *d, ASSERT((page->u.inuse.type_info & PGT_type_mask) <= PGT_root_page_table); ASSERT(!(page->u.inuse.type_info & ~(PGT_type_mask | PGT_pae_xen_l2))); + /* + * Page table pages need to be removed from the IOMMU again in case + * iommu_memory_setup() ended up mapping them. + */ + if ( need_iommu_pt_sync(d) && + iommu_unmap(d, _dfn(mfn_x(page_to_mfn(page))), 1, 0, flush_flags) ) + BUG(); + /* Read-only mapping + PGC_allocated + page-table page. */ page->count_info = PGC_allocated | 3; page->u.inuse.type_info |= PGT_validated | 1; @@ -107,11 +116,56 @@ static __init void mark_pv_pt_pages_rdonly(struct domain *d, unmap_domain_page(pl3e); } +static void __init iommu_memory_setup(struct domain *d, const char *what, + struct page_info *page, unsigned long nr, + unsigned int *flush_flags) +{ + long rc; + mfn_t mfn = page_to_mfn(page); + + if ( !need_iommu_pt_sync(d) ) + return; + + while ( (rc = iommu_map(d, _dfn(mfn_x(mfn)), mfn, nr, + IOMMUF_readable | IOMMUF_writable | IOMMUF_preempt, + flush_flags)) > 0 ) + { + mfn_add(mfn, rc); + nr -= rc; + /* See comment below. */ + for ( ; rc--; ++page ) + { + ASSERT(!page->u.inuse.type_info); + page->u.inuse.type_info = PGT_writable_page | PGT_validated; + } + process_pending_softirqs(); + } + if ( rc ) + { + printk(XENLOG_ERR + "pre-mapping %s MFN [%lx,%lx) into IOMMU failed: %ld\n", + what, mfn_x(mfn), mfn_x(mfn) + nr, rc); + return; + } + + /* + * For successfully established IOMMU mappings the type of the page(s) + * needs to match (for _get_page_type() to unmap upon type change). Set + * the page(s) to writable with no type ref. + */ + for ( ; nr--; ++page ) + { + ASSERT(!page->u.inuse.type_info); + page->u.inuse.type_info = PGT_writable_page | PGT_validated; + } +} + static __init void setup_pv_physmap(struct domain *d, unsigned long pgtbl_pfn, unsigned long v_start, unsigned long v_end, unsigned long vphysmap_start, unsigned long vphysmap_end, - unsigned long nr_pages) + unsigned long nr_pages, + unsigned int *flush_flags) { struct page_info *page = NULL; l4_pgentry_t *pl4e, *l4start = map_domain_page(_mfn(pgtbl_pfn)); @@ -177,6 +231,10 @@ static __init void setup_pv_physmap(struct domain *d, unsigned long pgtbl_pfn, L3_PAGETABLE_SHIFT - PAGE_SHIFT, MEMF_no_scrub)) != NULL ) { + iommu_memory_setup(d, "P2M 1G", page, + SUPERPAGE_PAGES * SUPERPAGE_PAGES, + flush_flags); + *pl3e = l3e_from_page(page, L1_PROT|_PAGE_DIRTY|_PAGE_PSE); vphysmap_start += 1UL << L3_PAGETABLE_SHIFT; continue; @@ -203,6 +261,9 @@ static __init void setup_pv_physmap(struct domain *d, unsigned long pgtbl_pfn, L2_PAGETABLE_SHIFT - PAGE_SHIFT, MEMF_no_scrub)) != NULL ) { + iommu_memory_setup(d, "P2M 2M", page, SUPERPAGE_PAGES, + flush_flags); + *pl2e = l2e_from_page(page, L1_PROT|_PAGE_DIRTY|_PAGE_PSE); vphysmap_start += 1UL << L2_PAGETABLE_SHIFT; continue; @@ -311,6 +372,7 @@ int __init dom0_construct_pv(struct domain *d, unsigned long initrd_pfn = -1, initrd_mfn = 0; unsigned long count; struct page_info *page = NULL; + unsigned int flush_flags = 0; start_info_t *si; struct vcpu *v = d->vcpu[0]; void *image_base = bootstrap_map(image); @@ -573,6 +635,9 @@ int __init dom0_construct_pv(struct domain *d, BUG(); } initrd->mod_end = 0; + + iommu_memory_setup(d, "initrd", mfn_to_page(_mfn(initrd_mfn)), + PFN_UP(initrd_len), &flush_flags); } printk("PHYSICAL MEMORY ARRANGEMENT:\n" @@ -606,6 +671,13 @@ int __init dom0_construct_pv(struct domain *d, process_pending_softirqs(); + /* + * Map the full range here and then punch holes for page tables + * alongside marking them as such in mark_pv_pt_pages_rdonly(). + */ + iommu_memory_setup(d, "init-alloc", mfn_to_page(_mfn(alloc_spfn)), + alloc_epfn - alloc_spfn, &flush_flags); + mpt_alloc = (vpt_start - v_start) + pfn_to_paddr(alloc_spfn); if ( vinitrd_start ) mpt_alloc -= PAGE_ALIGN(initrd_len); @@ -690,7 +762,8 @@ int __init dom0_construct_pv(struct domain *d, l1tab++; page = mfn_to_page(_mfn(mfn)); - if ( !page->u.inuse.type_info && + if ( (!page->u.inuse.type_info || + page->u.inuse.type_info == (PGT_writable_page | PGT_validated)) && !get_page_and_type(page, d, PGT_writable_page) ) BUG(); } @@ -719,7 +792,7 @@ int __init dom0_construct_pv(struct domain *d, } /* Pages that are part of page tables must be read only. */ - mark_pv_pt_pages_rdonly(d, l4start, vpt_start, nr_pt_pages); + mark_pv_pt_pages_rdonly(d, l4start, vpt_start, nr_pt_pages, &flush_flags); /* Mask all upcalls... */ for ( i = 0; i < XEN_LEGACY_MAX_VCPUS; i++ ) @@ -794,7 +867,7 @@ int __init dom0_construct_pv(struct domain *d, { pfn = pagetable_get_pfn(v->arch.guest_table); setup_pv_physmap(d, pfn, v_start, v_end, vphysmap_start, vphysmap_end, - nr_pages); + nr_pages, &flush_flags); } /* Write the phys->machine and machine->phys table entries. */ @@ -825,7 +898,9 @@ int __init dom0_construct_pv(struct domain *d, if ( get_gpfn_from_mfn(mfn) >= count ) { BUG_ON(compat); - if ( !page->u.inuse.type_info && + if ( (!page->u.inuse.type_info || + page->u.inuse.type_info == (PGT_writable_page | + PGT_validated)) && !get_page_and_type(page, d, PGT_writable_page) ) BUG(); @@ -841,8 +916,12 @@ int __init dom0_construct_pv(struct domain *d, #endif while ( pfn < nr_pages ) { - if ( (page = alloc_chunk(d, nr_pages - domain_tot_pages(d))) == NULL ) + count = domain_tot_pages(d); + if ( (page = alloc_chunk(d, nr_pages - count)) == NULL ) panic("Not enough RAM for DOM0 reservation\n"); + + iommu_memory_setup(d, "chunk", page, domain_tot_pages(d) - count, + &flush_flags); while ( pfn < domain_tot_pages(d) ) { mfn = mfn_x(page_to_mfn(page)); @@ -857,6 +936,10 @@ int __init dom0_construct_pv(struct domain *d, } } + /* Use while() to avoid compiler warning. */ + while ( iommu_iotlb_flush_all(d, flush_flags) ) + break; + if ( initrd_len != 0 ) { si->mod_start = vinitrd_start ?: initrd_pfn; diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 0ba95473c9..be7617b1eb 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -348,8 +348,8 @@ static unsigned int __hwdom_init hwdom_iommu_map(const struct domain *d, void __hwdom_init arch_iommu_hwdom_init(struct domain *d) { - unsigned long i, top, max_pfn; - unsigned int flush_flags = 0; + unsigned long i, top, max_pfn, start, count; + unsigned int flush_flags = 0, start_perms = 0; BUG_ON(!is_hardware_domain(d)); @@ -380,31 +380,57 @@ void __hwdom_init arch_iommu_hwdom_init(struct domain *d) * First Mb will get mapped in one go by pvh_populate_p2m(). Avoid * setting up potentially conflicting mappings here. */ - i = paging_mode_translate(d) ? PFN_DOWN(MB(1)) : 0; + start = paging_mode_translate(d) ? PFN_DOWN(MB(1)) : 0; - for ( ; i < top; i++ ) + for ( i = start, count = 0; i < top; ) { unsigned long pfn = pdx_to_pfn(i); unsigned int perms = hwdom_iommu_map(d, pfn, max_pfn); - int rc; if ( !perms ) - rc = 0; + /* nothing */; else if ( paging_mode_translate(d) ) + { + int rc; + rc = p2m_add_identity_entry(d, pfn, perms & IOMMUF_writable ? p2m_access_rw : p2m_access_r, 0); - else - rc = iommu_map(d, _dfn(pfn), _mfn(pfn), 1ul << PAGE_ORDER_4K, - perms, &flush_flags); + if ( rc ) + printk(XENLOG_WARNING + "%pd: identity mapping of %lx failed: %d\n", + d, pfn, rc); + } + else if ( pfn != start + count || perms != start_perms ) + { + long rc; - if ( rc ) - printk(XENLOG_WARNING "%pd: identity %smapping of %lx failed: %d\n", - d, !paging_mode_translate(d) ? "IOMMU " : "", pfn, rc); + commit: + while ( (rc = iommu_map(d, _dfn(start), _mfn(start), count, + start_perms | IOMMUF_preempt, + &flush_flags)) > 0 ) + { + start += rc; + count -= rc; + process_pending_softirqs(); + } + if ( rc ) + printk(XENLOG_WARNING + "%pd: IOMMU identity mapping of [%lx,%lx) failed: %ld\n", + d, start, start + count, rc); + start = pfn; + count = 1; + start_perms = perms; + } + else + ++count; - if (!(i & 0xfffff)) + if ( !(++i & 0xfffff) ) process_pending_softirqs(); + + if ( i == top && count ) + goto commit; } /* Use if to avoid compiler warning */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:00:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:00:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374876.607018 (Exim 4.92) (envelope-from ) id 1oG7zr-0005VG-5j; Tue, 26 Jul 2022 00:00:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374876.607018; Tue, 26 Jul 2022 00:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG7zr-0005V6-2S; Tue, 26 Jul 2022 00:00:23 +0000 Received: by outflank-mailman (input) for mailman id 374876; Tue, 26 Jul 2022 00:00:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG7zq-0005Up-Iq for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG7zq-0006FP-Hz for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG7zq-00044I-HH for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=24r4zp0bcXPAmZPL0fAA7HEDW+JaN4RySLuz64irBFc=; b=1GdG38MXBJNSXai0MFptkN0nR0 nmlyytYmwAnrn74iErn46nDyh1DmHGslKpPCFRlh1Ra5pD5Z5E+gT9J+GsUm69XW4atHGpih+7Zg1 PptwWX7/eT+Rc/r5+Rljb8czckMfm5qn80SDiaE4Bmyzs2d5bmlAqstgJ+2ISJj15MsQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU/x86: support freeing of pagetables Message-Id: Date: Tue, 26 Jul 2022 00:00:22 +0000 commit 5a991ad8a5caec0f085c1a8d931b67faff498868 Author: Jan Beulich AuthorDate: Mon Jul 25 15:33:34 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:33:34 2022 +0200 IOMMU/x86: support freeing of pagetables For vendor specific code to support superpages we need to be able to deal with a superpage mapping replacing an intermediate page table (or hierarchy thereof). Consequently an iommu_alloc_pgtable() counterpart is needed to free individual page tables while a domain is still alive. Since the freeing needs to be deferred until after a suitable IOTLB flush was performed, released page tables get queued for processing by a tasklet. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/arch/x86/include/asm/iommu.h | 1 + xen/drivers/passthrough/x86/iommu.c | 100 ++++++++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+) diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index 9ccf4f8bdd..a80dfb2d7f 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -147,6 +147,7 @@ void iommu_free_domid(domid_t domid, unsigned long *map); int __must_check iommu_free_pgtables(struct domain *d); struct domain_iommu; struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); +void iommu_queue_free_pgtable(struct domain_iommu *hd, struct page_info *pg); #endif /* !__ARCH_X86_IOMMU_H__ */ /* diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index be7617b1eb..8ac4044c08 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -12,6 +12,7 @@ * this program; If not, see . */ +#include #include #include #include @@ -556,6 +557,105 @@ struct page_info *iommu_alloc_pgtable(struct domain_iommu *hd) return pg; } +/* + * Intermediate page tables which get replaced by large pages may only be + * freed after a suitable IOTLB flush. Hence such pages get queued on a + * per-CPU list, with a per-CPU tasklet processing the list on the assumption + * that the necessary IOTLB flush will have occurred by the time tasklets get + * to run. (List and tasklet being per-CPU has the benefit of accesses not + * requiring any locking.) + */ +static DEFINE_PER_CPU(struct page_list_head, free_pgt_list); +static DEFINE_PER_CPU(struct tasklet, free_pgt_tasklet); + +static void cf_check free_queued_pgtables(void *arg) +{ + struct page_list_head *list = arg; + struct page_info *pg; + unsigned int done = 0; + + ASSERT(list == &this_cpu(free_pgt_list)); + + while ( (pg = page_list_remove_head(list)) ) + { + free_domheap_page(pg); + + /* + * Just to be on the safe side, check for processing softirqs every + * once in a while. Generally it is expected that parties queuing + * pages for freeing will find a need for preemption before too many + * pages can be queued. Granularity of checking is somewhat arbitrary. + */ + if ( !(++done & 0x1ff) ) + process_pending_softirqs(); + } +} + +void iommu_queue_free_pgtable(struct domain_iommu *hd, struct page_info *pg) +{ + unsigned int cpu = smp_processor_id(); + + spin_lock(&hd->arch.pgtables.lock); + page_list_del(pg, &hd->arch.pgtables.list); + spin_unlock(&hd->arch.pgtables.lock); + + page_list_add_tail(pg, &per_cpu(free_pgt_list, cpu)); + + tasklet_schedule(&per_cpu(free_pgt_tasklet, cpu)); +} + +static int cf_check cpu_callback( + struct notifier_block *nfb, unsigned long action, void *hcpu) +{ + unsigned int cpu = (unsigned long)hcpu; + struct page_list_head *list = &per_cpu(free_pgt_list, cpu); + struct tasklet *tasklet = &per_cpu(free_pgt_tasklet, cpu); + + switch ( action ) + { + case CPU_DOWN_PREPARE: + tasklet_kill(tasklet); + break; + + case CPU_DEAD: + if ( !page_list_empty(list) ) + { + page_list_splice(list, &this_cpu(free_pgt_list)); + INIT_PAGE_LIST_HEAD(list); + tasklet_schedule(&this_cpu(free_pgt_tasklet)); + } + break; + + case CPU_UP_PREPARE: + INIT_PAGE_LIST_HEAD(list); + fallthrough; + case CPU_DOWN_FAILED: + tasklet_init(tasklet, free_queued_pgtables, list); + if ( !page_list_empty(list) ) + tasklet_schedule(tasklet); + break; + } + + return NOTIFY_DONE; +} + +static struct notifier_block cpu_nfb = { + .notifier_call = cpu_callback, +}; + +static int __init cf_check bsp_init(void) +{ + if ( iommu_enabled ) + { + cpu_callback(&cpu_nfb, CPU_UP_PREPARE, + (void *)(unsigned long)smp_processor_id()); + register_cpu_notifier(&cpu_nfb); + } + + return 0; +} +presmp_initcall(bsp_init); + bool arch_iommu_use_permitted(const struct domain *d) { /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:00:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:00:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374877.607023 (Exim 4.92) (envelope-from ) id 1oG801-0005db-7x; Tue, 26 Jul 2022 00:00:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374877.607023; Tue, 26 Jul 2022 00:00:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG801-0005dT-46; Tue, 26 Jul 2022 00:00:33 +0000 Received: by outflank-mailman (input) for mailman id 374877; Tue, 26 Jul 2022 00:00:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG800-0005dJ-MD for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG800-0006H6-LN for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG800-00044k-KU for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RuSuW70n3qLm5EARzahFpl8vRrTsZfomBRy7KVeOaCc=; b=5VDqp3vkLzsrLBuUpVCjzHqkHe MVWFCrPYId4TnEZUfmdV5Xmeod+IKgSJHS3PkpCNW6J7pwqHDIX5HivrqsjjlrTU8qfynNj6vjg4x l8464wRR+W6rnaltevfv9d9ev0FD/58CaJec1UZMy6hCzaPwbLiwzpt6eaCXgs0fcEXU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU/x86: new command line option to suppress use of superpage mappings Message-Id: Date: Tue, 26 Jul 2022 00:00:32 +0000 commit 6fc03330cdee0286290c650eb0d6fa1fc7778e79 Author: Jan Beulich AuthorDate: Mon Jul 25 15:34:55 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:34:55 2022 +0200 IOMMU/x86: new command line option to suppress use of superpage mappings Before actually enabling their use, provide a means to suppress it in case of problems. Note that using the option can also affect the sharing of page tables in the VT-d / EPT combination: If EPT would use large page mappings but the option is in effect, page table sharing would be suppressed (to properly fulfill the admin request). Requested-by: Roger Pau Monné Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Paul Durrant --- docs/misc/xen-command-line.pandoc | 8 +++++++- xen/arch/x86/include/asm/iommu.h | 2 +- xen/drivers/passthrough/iommu.c | 2 ++ xen/drivers/passthrough/vtd/iommu.c | 6 ++++-- xen/drivers/passthrough/x86/iommu.c | 6 ++++++ 5 files changed, 20 insertions(+), 4 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 971f47a77e..21d632e83a 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -1405,7 +1405,7 @@ detection of systems known to misbehave upon accesses to that port. ### iommu = List of [ , verbose, debug, force, required, quarantine[=scratch-page], - sharept, intremap, intpost, crash-disable, + sharept, superpages, intremap, intpost, crash-disable, snoop, qinval, igfx, amd-iommu-perdev-intremap, dom0-{passthrough,strict} ] @@ -1481,6 +1481,12 @@ boolean (e.g. `iommu=no`) can override this and leave the IOMMUs disabled. This option is ignored on ARM, and the pagetables are always shared. +* The `superpages` boolean controls whether superpage mappings may be used + in IOMMU page tables. If using this option is necessary to fix an issue, + please report a bug. + + This option is only valid on x86. + * The `intremap` boolean controls the Interrupt Remapping sub-feature, and is active by default on compatible hardware. On x86 systems, the first generation of IOMMUs only supported DMA remapping, and Interrupt Remapping diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index a80dfb2d7f..4143723727 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -132,7 +132,7 @@ extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, const uint8_t gvec); -extern bool iommu_non_coherent; +extern bool iommu_non_coherent, iommu_superpages; static inline void iommu_sync_cache(const void *addr, unsigned int size) { diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 1eae9393b2..134cdb47e0 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -88,6 +88,8 @@ static int __init cf_check parse_iommu_param(const char *s) iommu_igfx = val; else if ( (val = parse_boolean("qinval", s, ss)) >= 0 ) iommu_qinval = val; + else if ( (val = parse_boolean("superpages", s, ss)) >= 0 ) + iommu_superpages = val; #endif else if ( (val = parse_boolean("verbose", s, ss)) >= 0 ) iommu_verbose = val; diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index f1e91b3d18..99c28ce160 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2213,8 +2213,10 @@ static bool __init vtd_ept_page_compatible(const struct vtd_iommu *iommu) if ( rdmsr_safe(MSR_IA32_VMX_EPT_VPID_CAP, ept_cap) != 0 ) return false; - return (ept_has_2mb(ept_cap) && opt_hap_2mb) <= cap_sps_2mb(vtd_cap) && - (ept_has_1gb(ept_cap) && opt_hap_1gb) <= cap_sps_1gb(vtd_cap); + return (ept_has_2mb(ept_cap) && opt_hap_2mb) <= + (cap_sps_2mb(vtd_cap) && iommu_superpages) && + (ept_has_1gb(ept_cap) && opt_hap_1gb) <= + (cap_sps_1gb(vtd_cap) && iommu_superpages); } static int cf_check intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 8ac4044c08..b4d9da7cf8 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -31,6 +31,7 @@ const struct iommu_init_ops *__initdata iommu_init_ops; struct iommu_ops __ro_after_init iommu_ops; bool __read_mostly iommu_non_coherent; +bool __initdata iommu_superpages = true; enum iommu_intremap __read_mostly iommu_intremap = iommu_intremap_full; @@ -104,8 +105,13 @@ int __init iommu_hardware_setup(void) mask_IO_APIC_setup(ioapic_entries); } + if ( !iommu_superpages ) + iommu_ops.page_sizes &= PAGE_SIZE_4K; + rc = iommu_init_ops->setup(); + ASSERT(iommu_superpages || iommu_ops.page_sizes == PAGE_SIZE_4K); + if ( ioapic_entries ) { restore_IO_APIC_setup(ioapic_entries, rc); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:00:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:00:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374880.607026 (Exim 4.92) (envelope-from ) id 1oG80B-0005iE-9N; Tue, 26 Jul 2022 00:00:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374880.607026; Tue, 26 Jul 2022 00:00:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80B-0005i6-5n; Tue, 26 Jul 2022 00:00:43 +0000 Received: by outflank-mailman (input) for mailman id 374880; Tue, 26 Jul 2022 00:00:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80A-0005hC-P9 for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80A-0006HH-OG for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG80A-00045B-Nb for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3lda9/XLesVO6TP2UeghUYEVUChbJLZYN+mhIf3fCqo=; b=xJcLrbhNtx/rk2H4yQu4dsHtcL AtJAOd+PebsyfD0IyYXi478qUV+EScFMmcTy6/gxYAAFNVj2cQprhbtPjlRBmT8Q2BhBN0q3UVi9Q sZAR8xqiw9Zlea3kPA3Gpf8fjAA6YdwEYeDX7vXr9b21RKg7+P6JAs1+aSmeGGagwPfc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: allow use of superpage mappings Message-Id: Date: Tue, 26 Jul 2022 00:00:42 +0000 commit 4b7c48b4ba0e9b0c6ab3d680112d011e1767ee71 Author: Jan Beulich AuthorDate: Mon Jul 25 15:35:40 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:35:40 2022 +0200 AMD/IOMMU: allow use of superpage mappings No separate feature flags exist which would control availability of these; the only restriction is HATS (establishing the maximum number of page table levels in general), and even that has a lower bound of 4. Thus we can unconditionally announce 2M and 1G mappings. (Via non- default page sizes the implementation in principle permits arbitrary size mappings, but these require multiple identical leaf PTEs to be written, which isn't all that different from having to write multiple consecutive PTEs with increasing frame numbers. IMO that's therefore beneficial only on hardware where suitable TLBs exist; I'm unaware of such hardware.) Note that in principle 512G and 256T mappings could also be supported right away, but the freeing of page tables (to be introduced in subsequent patches) when replacing a sufficiently populated tree with a single huge page would need suitable preemption, which will require extra work. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu_map.c | 56 +++++++++++++++++++++++++---- xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- xen/include/xen/page-defs.h | 10 ++++++ 3 files changed, 60 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 28da5cc85e..fa8fd6f800 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -32,12 +32,13 @@ static unsigned int pfn_to_pde_idx(unsigned long pfn, unsigned int level) } static union amd_iommu_pte clear_iommu_pte_present(unsigned long l1_mfn, - unsigned long dfn) + unsigned long dfn, + unsigned int level) { union amd_iommu_pte *table, *pte, old; table = map_domain_page(_mfn(l1_mfn)); - pte = &table[pfn_to_pde_idx(dfn, 1)]; + pte = &table[pfn_to_pde_idx(dfn, level)]; old = *pte; write_atomic(&pte->raw, 0); @@ -351,15 +352,39 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, return 0; } +static void queue_free_pt(struct domain_iommu *hd, mfn_t mfn, unsigned int level) +{ + if ( level > 1 ) + { + union amd_iommu_pte *pt = map_domain_page(mfn); + unsigned int i; + + for ( i = 0; i < PTE_PER_TABLE_SIZE; ++i ) + if ( pt[i].pr && pt[i].next_level ) + { + ASSERT(pt[i].next_level < level); + queue_free_pt(hd, _mfn(pt[i].mfn), pt[i].next_level); + } + + unmap_domain_page(pt); + } + + iommu_queue_free_pgtable(hd, mfn_to_page(mfn)); +} + int cf_check amd_iommu_map_page( struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, unsigned int *flush_flags) { struct domain_iommu *hd = dom_iommu(d); + unsigned int level = (IOMMUF_order(flags) / PTE_PER_TABLE_SHIFT) + 1; int rc; unsigned long pt_mfn = 0; union amd_iommu_pte old; + ASSERT((hd->platform_ops->page_sizes >> IOMMUF_order(flags)) & + PAGE_SIZE_4K); + spin_lock(&hd->arch.mapping_lock); /* @@ -384,7 +409,7 @@ int cf_check amd_iommu_map_page( return rc; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, flush_flags, true) || + if ( iommu_pde_from_dfn(d, dfn_x(dfn), level, &pt_mfn, flush_flags, true) || !pt_mfn ) { spin_unlock(&hd->arch.mapping_lock); @@ -394,8 +419,8 @@ int cf_check amd_iommu_map_page( return -EFAULT; } - /* Install 4k mapping */ - old = set_iommu_pte_present(pt_mfn, dfn_x(dfn), mfn_x(mfn), 1, + /* Install mapping */ + old = set_iommu_pte_present(pt_mfn, dfn_x(dfn), mfn_x(mfn), level, (flags & IOMMUF_writable), (flags & IOMMUF_readable)); @@ -403,8 +428,13 @@ int cf_check amd_iommu_map_page( *flush_flags |= IOMMU_FLUSHF_added; if ( old.pr ) + { *flush_flags |= IOMMU_FLUSHF_modified; + if ( IOMMUF_order(flags) && old.next_level ) + queue_free_pt(hd, _mfn(old.mfn), old.next_level); + } + return 0; } @@ -413,8 +443,15 @@ int cf_check amd_iommu_unmap_page( { unsigned long pt_mfn = 0; struct domain_iommu *hd = dom_iommu(d); + unsigned int level = (order / PTE_PER_TABLE_SHIFT) + 1; union amd_iommu_pte old = {}; + /* + * While really we could unmap at any granularity, for now we assume unmaps + * are issued by common code only at the same granularity as maps. + */ + ASSERT((hd->platform_ops->page_sizes >> order) & PAGE_SIZE_4K); + spin_lock(&hd->arch.mapping_lock); if ( !hd->arch.amd.root_table ) @@ -423,7 +460,7 @@ int cf_check amd_iommu_unmap_page( return 0; } - if ( iommu_pde_from_dfn(d, dfn_x(dfn), 1, &pt_mfn, flush_flags, false) ) + if ( iommu_pde_from_dfn(d, dfn_x(dfn), level, &pt_mfn, flush_flags, false) ) { spin_unlock(&hd->arch.mapping_lock); AMD_IOMMU_ERROR("invalid IO pagetable entry dfn = %"PRI_dfn"\n", @@ -435,14 +472,19 @@ int cf_check amd_iommu_unmap_page( if ( pt_mfn ) { /* Mark PTE as 'page not present'. */ - old = clear_iommu_pte_present(pt_mfn, dfn_x(dfn)); + old = clear_iommu_pte_present(pt_mfn, dfn_x(dfn), level); } spin_unlock(&hd->arch.mapping_lock); if ( old.pr ) + { *flush_flags |= IOMMU_FLUSHF_modified; + if ( order && old.next_level ) + queue_free_pt(hd, _mfn(old.mfn), old.next_level); + } + return 0; } diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index fd91f1367f..02aea838ad 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -747,7 +747,7 @@ static void cf_check amd_dump_page_tables(struct domain *d) } static const struct iommu_ops __initconst_cf_clobber _iommu_ops = { - .page_sizes = PAGE_SIZE_4K, + .page_sizes = PAGE_SIZE_4K | PAGE_SIZE_2M | PAGE_SIZE_1G, .init = amd_iommu_domain_init, .hwdom_init = amd_iommu_hwdom_init, .quarantine_init = amd_iommu_quarantine_init, diff --git a/xen/include/xen/page-defs.h b/xen/include/xen/page-defs.h index 15a90779b5..540f8b0b64 100644 --- a/xen/include/xen/page-defs.h +++ b/xen/include/xen/page-defs.h @@ -21,4 +21,14 @@ #define PAGE_MASK_64K PAGE_MASK_GRAN(64K) #define PAGE_ALIGN_64K(addr) PAGE_ALIGN_GRAN(64K, addr) +#define PAGE_SHIFT_2M 21 +#define PAGE_SIZE_2M PAGE_SIZE_GRAN(2M) +#define PAGE_MASK_2M PAGE_MASK_GRAN(2M) +#define PAGE_ALIGN_2M(addr) PAGE_ALIGN_GRAN(2M, addr) + +#define PAGE_SHIFT_1G 30 +#define PAGE_SIZE_1G PAGE_SIZE_GRAN(1G) +#define PAGE_MASK_1G PAGE_MASK_GRAN(1G) +#define PAGE_ALIGN_1G(addr) PAGE_ALIGN_GRAN(1G, addr) + #endif /* __XEN_PAGE_DEFS_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:00:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:00:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374881.607031 (Exim 4.92) (envelope-from ) id 1oG80M-0005mU-Ao; Tue, 26 Jul 2022 00:00:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374881.607031; Tue, 26 Jul 2022 00:00:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80M-0005mL-7P; Tue, 26 Jul 2022 00:00:54 +0000 Received: by outflank-mailman (input) for mailman id 374881; Tue, 26 Jul 2022 00:00:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80K-0005m4-SE for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80K-0006Hh-RN for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG80K-00045a-QZ for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:00:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=A53yZpto3RDGpYXj5LVesqEg9CwQqe8jyT2uJGYMn5k=; b=3tjFOf5DFcd68n96I8bIRzAmse s8FxyViMTTyw+AdUtLVjLFtP2JiqX82YAr1tTelF4nYrHKjxHlf+Qg1yXF7hgCfgUmQKOTKBajr0y 7GnazOulz0DmhHVDM7SSQ3Ev56WWWTJC5B78yPPyoK1LbgFvNMdf8/5kGmYQBUxaZ4HE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: allow use of superpage mappings Message-Id: Date: Tue, 26 Jul 2022 00:00:52 +0000 commit 2e70db30b3bb7fb307377bfa71c2a70ad0f7634f Author: Jan Beulich AuthorDate: Mon Jul 25 15:36:33 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:36:33 2022 +0200 VT-d: allow use of superpage mappings ... depending on feature availability (and absence of quirks). Also make the page table dumping function aware of superpages. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/drivers/passthrough/vtd/iommu.c | 68 ++++++++++++++++++++++++++++++++----- 1 file changed, 60 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 99c28ce160..26e3a84abe 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -779,18 +779,37 @@ static int __must_check cf_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, return ret; } +static void queue_free_pt(struct domain_iommu *hd, mfn_t mfn, unsigned int level) +{ + if ( level > 1 ) + { + struct dma_pte *pt = map_domain_page(mfn); + unsigned int i; + + for ( i = 0; i < PTE_NUM; ++i ) + if ( dma_pte_present(pt[i]) && !dma_pte_superpage(pt[i]) ) + queue_free_pt(hd, maddr_to_mfn(dma_pte_addr(pt[i])), + level - 1); + + unmap_domain_page(pt); + } + + iommu_queue_free_pgtable(hd, mfn_to_page(mfn)); +} + /* clear one page's page table */ static int dma_pte_clear_one(struct domain *domain, daddr_t addr, unsigned int order, unsigned int *flush_flags) { struct domain_iommu *hd = dom_iommu(domain); - struct dma_pte *page = NULL, *pte = NULL; + struct dma_pte *page = NULL, *pte = NULL, old; u64 pg_maddr; + unsigned int level = (order / LEVEL_STRIDE) + 1; spin_lock(&hd->arch.mapping_lock); - /* get last level pte */ - pg_maddr = addr_to_dma_page_maddr(domain, addr, 1, flush_flags, false); + /* get target level pte */ + pg_maddr = addr_to_dma_page_maddr(domain, addr, level, flush_flags, false); if ( pg_maddr < PAGE_SIZE ) { spin_unlock(&hd->arch.mapping_lock); @@ -798,7 +817,7 @@ static int dma_pte_clear_one(struct domain *domain, daddr_t addr, } page = (struct dma_pte *)map_vtd_domain_page(pg_maddr); - pte = page + address_level_offset(addr, 1); + pte = &page[address_level_offset(addr, level)]; if ( !dma_pte_present(*pte) ) { @@ -807,14 +826,20 @@ static int dma_pte_clear_one(struct domain *domain, daddr_t addr, return 0; } + old = *pte; dma_clear_pte(*pte); - *flush_flags |= IOMMU_FLUSHF_modified; spin_unlock(&hd->arch.mapping_lock); iommu_sync_cache(pte, sizeof(struct dma_pte)); unmap_vtd_domain_page(page); + *flush_flags |= IOMMU_FLUSHF_modified; + + if ( order && !dma_pte_superpage(old) ) + queue_free_pt(hd, maddr_to_mfn(dma_pte_addr(old)), + order / LEVEL_STRIDE); + return 0; } @@ -2092,8 +2117,12 @@ static int __must_check cf_check intel_iommu_map_page( struct domain_iommu *hd = dom_iommu(d); struct dma_pte *page, *pte, old, new = {}; u64 pg_maddr; + unsigned int level = (IOMMUF_order(flags) / LEVEL_STRIDE) + 1; int rc = 0; + ASSERT((hd->platform_ops->page_sizes >> IOMMUF_order(flags)) & + PAGE_SIZE_4K); + /* Do nothing if VT-d shares EPT page table */ if ( iommu_use_hap_pt(d) ) return 0; @@ -2116,7 +2145,7 @@ static int __must_check cf_check intel_iommu_map_page( return 0; } - pg_maddr = addr_to_dma_page_maddr(d, dfn_to_daddr(dfn), 1, flush_flags, + pg_maddr = addr_to_dma_page_maddr(d, dfn_to_daddr(dfn), level, flush_flags, true); if ( pg_maddr < PAGE_SIZE ) { @@ -2125,13 +2154,15 @@ static int __must_check cf_check intel_iommu_map_page( } page = (struct dma_pte *)map_vtd_domain_page(pg_maddr); - pte = &page[dfn_x(dfn) & LEVEL_MASK]; + pte = &page[address_level_offset(dfn_to_daddr(dfn), level)]; old = *pte; dma_set_pte_addr(new, mfn_to_maddr(mfn)); dma_set_pte_prot(new, ((flags & IOMMUF_readable) ? DMA_PTE_READ : 0) | ((flags & IOMMUF_writable) ? DMA_PTE_WRITE : 0)); + if ( IOMMUF_order(flags) ) + dma_set_pte_superpage(new); /* Set the SNP on leaf page table if Snoop Control available */ if ( iommu_snoop ) @@ -2152,14 +2183,26 @@ static int __must_check cf_check intel_iommu_map_page( *flush_flags |= IOMMU_FLUSHF_added; if ( dma_pte_present(old) ) + { *flush_flags |= IOMMU_FLUSHF_modified; + if ( IOMMUF_order(flags) && !dma_pte_superpage(old) ) + queue_free_pt(hd, maddr_to_mfn(dma_pte_addr(old)), + IOMMUF_order(flags) / LEVEL_STRIDE); + } + return rc; } static int __must_check cf_check intel_iommu_unmap_page( struct domain *d, dfn_t dfn, unsigned int order, unsigned int *flush_flags) { + /* + * While really we could unmap at any granularity, for now we assume unmaps + * are issued by common code only at the same granularity as maps. + */ + ASSERT((dom_iommu(d)->platform_ops->page_sizes >> order) & PAGE_SIZE_4K); + /* Do nothing if VT-d shares EPT page table */ if ( iommu_use_hap_pt(d) ) return 0; @@ -2516,6 +2559,7 @@ static int __init cf_check vtd_setup(void) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; + unsigned int large_sizes = iommu_superpages ? PAGE_SIZE_2M | PAGE_SIZE_1G : 0; int ret; bool reg_inval_supported = true; @@ -2558,6 +2602,11 @@ static int __init cf_check vtd_setup(void) cap_sps_2mb(iommu->cap) ? ", 2MB" : "", cap_sps_1gb(iommu->cap) ? ", 1GB" : ""); + if ( !cap_sps_2mb(iommu->cap) ) + large_sizes &= ~PAGE_SIZE_2M; + if ( !cap_sps_1gb(iommu->cap) ) + large_sizes &= ~PAGE_SIZE_1G; + #ifndef iommu_snoop if ( iommu_snoop && !ecap_snp_ctl(iommu->ecap) ) iommu_snoop = false; @@ -2629,6 +2678,9 @@ static int __init cf_check vtd_setup(void) if ( ret ) goto error; + ASSERT(iommu_ops.page_sizes == PAGE_SIZE_4K); + iommu_ops.page_sizes |= large_sizes; + register_keyhandler('V', vtd_dump_iommu_info, "dump iommu info", 1); return 0; @@ -2961,7 +3013,7 @@ static void vtd_dump_page_table_level(paddr_t pt_maddr, int level, paddr_t gpa, continue; address = gpa + offset_level_address(i, level); - if ( next_level >= 1 ) + if ( next_level && !dma_pte_superpage(*pte) ) vtd_dump_page_table_level(dma_pte_addr(*pte), next_level, address, indent + 1); else -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:01:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:01:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374882.607034 (Exim 4.92) (envelope-from ) id 1oG80W-0005qC-DL; Tue, 26 Jul 2022 00:01:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374882.607034; Tue, 26 Jul 2022 00:01:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80W-0005q4-AJ; Tue, 26 Jul 2022 00:01:04 +0000 Received: by outflank-mailman (input) for mailman id 374882; Tue, 26 Jul 2022 00:01:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80U-0005pq-Vo for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80U-0006I1-Ux for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG80U-00046v-TY for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QFYBYSRIUnqE3U6G0dxUAA/O33A4gJXYRS2A0XJZs4U=; b=WeJgWaHsRl/RweLNvAMG+bDliP taehqxeBFHtAwa3olueirjKEB2zjAp4/0ONB6AtZuVuJbzIg4I7zCzQoFsR1B/6xVyN8d2Amz9+zj asQi6Hpo3EJZTbY65KoPYezfIEAkzyrPDbwLsI8Wbd7mDf1xyPPBB2UhE2nRWdC9DiQg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: introduce helper for recording degree of contiguity in page tables Message-Id: Date: Tue, 26 Jul 2022 00:01:02 +0000 commit 8c6a4963f07da518a74c35344bc9b28a84a78fee Author: Jan Beulich AuthorDate: Mon Jul 25 15:37:34 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:37:34 2022 +0200 x86: introduce helper for recording degree of contiguity in page tables This is a re-usable helper (kind of a template) which gets introduced without users so that the individual subsequent patches introducing such users can get committed independently of one another. See the comment at the top of the new file. To demonstrate the effect, if a page table had just 16 entries, this would be the set of markers for a page table with fully contiguous mappings: index 0 1 2 3 4 5 6 7 8 9 A B C D E F marker 4 0 1 0 2 0 1 0 3 0 1 0 2 0 1 0 "Contiguous" here means not only present entries with successively increasing MFNs, each one suitably aligned for its slot, but also a respective number of all non-present entries. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/arch/x86/include/asm/pt-contig-markers.h | 110 +++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) diff --git a/xen/arch/x86/include/asm/pt-contig-markers.h b/xen/arch/x86/include/asm/pt-contig-markers.h new file mode 100644 index 0000000000..b3c1fe8035 --- /dev/null +++ b/xen/arch/x86/include/asm/pt-contig-markers.h @@ -0,0 +1,110 @@ +#ifndef __ASM_X86_PT_CONTIG_MARKERS_H +#define __ASM_X86_PT_CONTIG_MARKERS_H + +/* + * Short of having function templates in C, the function defined below is + * intended to be used by multiple parties interested in recording the + * degree of contiguity in mappings by a single page table. + * + * Scheme: Every entry records the order of contiguous successive entries, + * up to the maximum order covered by that entry (which is the number of + * clear low bits in its index, with entry 0 being the exception using + * the base-2 logarithm of the number of entries in a single page table). + * While a few entries need touching upon update, knowing whether the + * table is fully contiguous (and can hence be replaced by a higher level + * leaf entry) is then possible by simply looking at entry 0's marker. + * + * Prereqs: + * - CONTIG_MASK needs to be #define-d, to a value having at least 4 + * contiguous bits (ignored by hardware), before including this file (or + * else only CONTIG_LEVEL_SHIFT and CONTIG_NR will become available), + * - page tables to be passed to the helper need to be initialized with + * correct markers, + * - not-present entries need to be entirely clear except for the marker. + */ + +/* This is the same for all anticipated users, so doesn't need passing in. */ +#define CONTIG_LEVEL_SHIFT 9 +#define CONTIG_NR (1 << CONTIG_LEVEL_SHIFT) + +#ifdef CONTIG_MASK + +#include +#include +#include + +#define GET_MARKER(e) MASK_EXTR(e, CONTIG_MASK) +#define SET_MARKER(e, m) \ + ((void)((e) = ((e) & ~CONTIG_MASK) | MASK_INSR(m, CONTIG_MASK))) + +#define IS_CONTIG(kind, pt, i, idx, shift, b) \ + ((kind) == PTE_kind_leaf \ + ? (((pt)[i] ^ (pt)[idx]) & ~CONTIG_MASK) == (1ULL << ((b) + (shift))) \ + : !((pt)[i] & ~CONTIG_MASK)) + +enum PTE_kind { + PTE_kind_null, + PTE_kind_leaf, + PTE_kind_table, +}; + +static bool pt_update_contig_markers(uint64_t *pt, unsigned int idx, + unsigned int level, enum PTE_kind kind) +{ + unsigned int b, i = idx; + unsigned int shift = (level - 1) * CONTIG_LEVEL_SHIFT + PAGE_SHIFT; + + ASSERT(idx < CONTIG_NR); + ASSERT(!(pt[idx] & CONTIG_MASK)); + + /* Step 1: Reduce markers in lower numbered entries. */ + while ( i ) + { + b = find_first_set_bit(i); + i &= ~(1U << b); + if ( GET_MARKER(pt[i]) <= b ) + break; + SET_MARKER(pt[i], b); + } + + /* An intermediate table is never contiguous with anything. */ + if ( kind == PTE_kind_table ) + return false; + + /* + * Present entries need in-sync index and address to be a candidate + * for being contiguous: What we're after is whether ultimately the + * intermediate table can be replaced by a superpage. + */ + if ( kind != PTE_kind_null && + idx != ((pt[idx] >> shift) & (CONTIG_NR - 1)) ) + return false; + + /* Step 2: Check higher numbered entries for contiguity. */ + for ( b = 0; b < CONTIG_LEVEL_SHIFT && !(idx & (1U << b)); ++b ) + { + i = idx | (1U << b); + if ( !IS_CONTIG(kind, pt, i, idx, shift, b) || GET_MARKER(pt[i]) != b ) + break; + } + + /* Step 3: Update markers in this and lower numbered entries. */ + for ( ; SET_MARKER(pt[idx], b), b < CONTIG_LEVEL_SHIFT; ++b ) + { + i = idx ^ (1U << b); + if ( !IS_CONTIG(kind, pt, i, idx, shift, b) || GET_MARKER(pt[i]) != b ) + break; + idx &= ~(1U << b); + } + + return b == CONTIG_LEVEL_SHIFT; +} + +#undef IS_CONTIG +#undef SET_MARKER +#undef GET_MARKER +#undef CONTIG_MASK + +#endif /* CONTIG_MASK */ + +#endif /* __ASM_X86_PT_CONTIG_MARKERS_H */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:01:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:01:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374883.607037 (Exim 4.92) (envelope-from ) id 1oG80g-0005tW-Ek; Tue, 26 Jul 2022 00:01:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374883.607037; Tue, 26 Jul 2022 00:01:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80g-0005tP-C3; Tue, 26 Jul 2022 00:01:14 +0000 Received: by outflank-mailman (input) for mailman id 374883; Tue, 26 Jul 2022 00:01:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80f-0005t5-2d for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80f-0006I5-1s for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG80f-00047Y-1C for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=x4cGfbu4x3mv3j+iSdukHtF7+KVEBFWQ536NtjSd5zA=; b=P5YzdH4DGGkP5T5ZT5vNBL+0i9 0EKBamss0dLPge0DvoKdRP5IKJJS79YTuAWaw1IS1i5bWX8gZiin/HTnlXuBBOGJjkOcU0ACk5H6E 1gWY3A1WDo49g4wTulo0pwEknmZwD3H4OuWONykbPTERuMAreq0usDD6E0lkIgLJ7T4o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU/x86: prefill newly allocate page tables Message-Id: Date: Tue, 26 Jul 2022 00:01:13 +0000 commit a81d9f9baa8a90db3f30d1f973addc30758a8068 Author: Jan Beulich AuthorDate: Mon Jul 25 15:38:22 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:38:22 2022 +0200 IOMMU/x86: prefill newly allocate page tables Page tables are used for two purposes after allocation: They either start out all empty, or they are filled to replace a superpage. Subsequently, to replace all empty or fully contiguous page tables, contiguous sub-regions will be recorded within individual page tables. Install the initial set of markers immediately after allocation. Make sure to retain these markers when further populating a page table in preparation for it to replace a superpage. The markers are simply 4-bit fields holding the order value of contiguous entries. To demonstrate this, if a page table had just 16 entries, this would be the initial (fully contiguous) set of markers: index 0 1 2 3 4 5 6 7 8 9 A B C D E F marker 4 0 1 0 2 0 1 0 3 0 1 0 2 0 1 0 "Contiguous" here means not only present entries with successively increasing MFNs, each one suitably aligned for its slot, and identical attributes, but also a respective number of all non-present (zero except for the markers) entries. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/arch/x86/include/asm/iommu.h | 3 ++- xen/drivers/passthrough/amd/iommu-defs.h | 4 +++- xen/drivers/passthrough/amd/iommu_map.c | 26 ++++++++++++++++++++----- xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 15 ++++++++------- xen/drivers/passthrough/vtd/iommu.h | 8 ++++++-- xen/drivers/passthrough/x86/iommu.c | 30 ++++++++++++++++++++++++++--- 7 files changed, 68 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index 4143723727..fc0afe35bf 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -146,7 +146,8 @@ void iommu_free_domid(domid_t domid, unsigned long *map); int __must_check iommu_free_pgtables(struct domain *d); struct domain_iommu; -struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd); +struct page_info *__must_check iommu_alloc_pgtable(struct domain_iommu *hd, + uint64_t contig_mask); void iommu_queue_free_pgtable(struct domain_iommu *hd, struct page_info *pg); #endif /* !__ARCH_X86_IOMMU_H__ */ diff --git a/xen/drivers/passthrough/amd/iommu-defs.h b/xen/drivers/passthrough/amd/iommu-defs.h index 8a17697ea7..35de548e3a 100644 --- a/xen/drivers/passthrough/amd/iommu-defs.h +++ b/xen/drivers/passthrough/amd/iommu-defs.h @@ -446,11 +446,13 @@ union amd_iommu_x2apic_control { #define IOMMU_PAGE_TABLE_U32_PER_ENTRY (IOMMU_PAGE_TABLE_ENTRY_SIZE / 4) #define IOMMU_PAGE_TABLE_ALIGNMENT 4096 +#define IOMMU_PTE_CONTIG_MASK 0x1e /* The ign0 field below. */ + union amd_iommu_pte { uint64_t raw; struct { bool pr:1; - unsigned int ign0:4; + unsigned int ign0:4; /* Covered by IOMMU_PTE_CONTIG_MASK. */ bool a:1; bool d:1; unsigned int ign1:2; diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index fa8fd6f800..7d4e0ba587 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -21,6 +21,8 @@ #include "iommu.h" +#include + /* Given pfn and page table level, return pde index */ static unsigned int pfn_to_pde_idx(unsigned long pfn, unsigned int level) { @@ -113,9 +115,23 @@ static void set_iommu_ptes_present(unsigned long pt_mfn, return; } + ASSERT(!(next_mfn & (page_sz - 1))); + while ( nr_ptes-- ) { - set_iommu_pde_present(pde, next_mfn, 0, iw, ir); + ASSERT(!pde->next_level); + ASSERT(!pde->u); + + if ( pde > table ) + ASSERT(pde->ign0 == find_first_set_bit(pde - table)); + else + ASSERT(pde->ign0 == CONTIG_LEVEL_SHIFT); + + pde->iw = iw; + pde->ir = ir; + pde->fc = true; /* See set_iommu_pde_present(). */ + pde->mfn = next_mfn; + pde->pr = true; ++pde; next_mfn += page_sz; @@ -295,7 +311,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, mfn = next_table_mfn; /* allocate lower level page table */ - table = iommu_alloc_pgtable(hd); + table = iommu_alloc_pgtable(hd, IOMMU_PTE_CONTIG_MASK); if ( table == NULL ) { AMD_IOMMU_ERROR("cannot allocate I/O page table\n"); @@ -325,7 +341,7 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, if ( next_table_mfn == 0 ) { - table = iommu_alloc_pgtable(hd); + table = iommu_alloc_pgtable(hd, IOMMU_PTE_CONTIG_MASK); if ( table == NULL ) { AMD_IOMMU_ERROR("cannot allocate I/O page table\n"); @@ -726,7 +742,7 @@ static int fill_qpt(union amd_iommu_pte *this, unsigned int level, * page table pages, and the resulting allocations are always * zeroed. */ - pgs[level] = iommu_alloc_pgtable(hd); + pgs[level] = iommu_alloc_pgtable(hd, 0); if ( !pgs[level] ) { rc = -ENOMEM; @@ -784,7 +800,7 @@ int cf_check amd_iommu_quarantine_init(struct pci_dev *pdev, bool scratch_page) return 0; } - pdev->arch.amd.root_table = iommu_alloc_pgtable(hd); + pdev->arch.amd.root_table = iommu_alloc_pgtable(hd, 0); if ( !pdev->arch.amd.root_table ) return -ENOMEM; diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 02aea838ad..4ba8e764b2 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -342,7 +342,7 @@ int amd_iommu_alloc_root(struct domain *d) if ( unlikely(!hd->arch.amd.root_table) && d != dom_io ) { - hd->arch.amd.root_table = iommu_alloc_pgtable(hd); + hd->arch.amd.root_table = iommu_alloc_pgtable(hd, 0); if ( !hd->arch.amd.root_table ) return -ENOMEM; } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 26e3a84abe..28dc54b6bf 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -334,7 +334,7 @@ static uint64_t addr_to_dma_page_maddr(struct domain *domain, daddr_t addr, goto out; pte_maddr = level; - if ( !(pg = iommu_alloc_pgtable(hd)) ) + if ( !(pg = iommu_alloc_pgtable(hd, 0)) ) goto out; hd->arch.vtd.pgd_maddr = page_to_maddr(pg); @@ -376,7 +376,7 @@ static uint64_t addr_to_dma_page_maddr(struct domain *domain, daddr_t addr, } pte_maddr = level - 1; - pg = iommu_alloc_pgtable(hd); + pg = iommu_alloc_pgtable(hd, DMA_PTE_CONTIG_MASK); if ( !pg ) break; @@ -388,12 +388,13 @@ static uint64_t addr_to_dma_page_maddr(struct domain *domain, daddr_t addr, struct dma_pte *split = map_vtd_domain_page(pte_maddr); unsigned long inc = 1UL << level_to_offset_bits(level - 1); - split[0].val = pte->val; + split[0].val |= pte->val & ~DMA_PTE_CONTIG_MASK; if ( inc == PAGE_SIZE ) split[0].val &= ~DMA_PTE_SP; for ( offset = 1; offset < PTE_NUM; ++offset ) - split[offset].val = split[offset - 1].val + inc; + split[offset].val |= + (split[offset - 1].val & ~DMA_PTE_CONTIG_MASK) + inc; iommu_sync_cache(split, PAGE_SIZE); unmap_vtd_domain_page(split); @@ -2168,7 +2169,7 @@ static int __must_check cf_check intel_iommu_map_page( if ( iommu_snoop ) dma_set_pte_snp(new); - if ( old.val == new.val ) + if ( !((old.val ^ new.val) & ~DMA_PTE_CONTIG_MASK) ) { spin_unlock(&hd->arch.mapping_lock); unmap_vtd_domain_page(page); @@ -3058,7 +3059,7 @@ static int fill_qpt(struct dma_pte *this, unsigned int level, * page table pages, and the resulting allocations are always * zeroed. */ - pgs[level] = iommu_alloc_pgtable(hd); + pgs[level] = iommu_alloc_pgtable(hd, 0); if ( !pgs[level] ) { rc = -ENOMEM; @@ -3115,7 +3116,7 @@ static int cf_check intel_iommu_quarantine_init(struct pci_dev *pdev, if ( !drhd ) return -ENODEV; - pg = iommu_alloc_pgtable(hd); + pg = iommu_alloc_pgtable(hd, 0); if ( !pg ) return -ENOMEM; diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 09ec09fe27..7c3fe40150 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -253,7 +253,10 @@ struct context_entry { * 2-6: reserved * 7: super page * 8-11: available - * 12-63: Host physcial address + * 12-51: Host physcial address + * 52-61: available (52-55 used for DMA_PTE_CONTIG_MASK) + * 62: reserved + * 63: available */ struct dma_pte { u64 val; @@ -263,6 +266,7 @@ struct dma_pte { #define DMA_PTE_PROT (DMA_PTE_READ | DMA_PTE_WRITE) #define DMA_PTE_SP (1 << 7) #define DMA_PTE_SNP (1 << 11) +#define DMA_PTE_CONTIG_MASK (0xfull << PADDR_BITS) #define dma_clear_pte(p) do {(p).val = 0;} while(0) #define dma_set_pte_readable(p) do {(p).val |= DMA_PTE_READ;} while(0) #define dma_set_pte_writable(p) do {(p).val |= DMA_PTE_WRITE;} while(0) @@ -276,7 +280,7 @@ struct dma_pte { #define dma_pte_write(p) (dma_pte_prot(p) & DMA_PTE_WRITE) #define dma_pte_addr(p) ((p).val & PADDR_MASK & PAGE_MASK_4K) #define dma_set_pte_addr(p, addr) do {\ - (p).val |= ((addr) & PAGE_MASK_4K); } while (0) + (p).val |= ((addr) & PADDR_MASK & PAGE_MASK_4K); } while (0) #define dma_pte_present(p) (((p).val & DMA_PTE_PROT) != 0) #define dma_pte_superpage(p) (((p).val & DMA_PTE_SP) != 0) diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index b4d9da7cf8..f671b0f2bb 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -26,6 +26,7 @@ #include #include #include +#include #include const struct iommu_init_ops *__initdata iommu_init_ops; @@ -534,11 +535,12 @@ int iommu_free_pgtables(struct domain *d) return 0; } -struct page_info *iommu_alloc_pgtable(struct domain_iommu *hd) +struct page_info *iommu_alloc_pgtable(struct domain_iommu *hd, + uint64_t contig_mask) { unsigned int memflags = 0; struct page_info *pg; - void *p; + uint64_t *p; #ifdef CONFIG_NUMA if ( hd->node != NUMA_NO_NODE ) @@ -550,7 +552,29 @@ struct page_info *iommu_alloc_pgtable(struct domain_iommu *hd) return NULL; p = __map_domain_page(pg); - clear_page(p); + + if ( contig_mask ) + { + /* See pt-contig-markers.h for a description of the marker scheme. */ + unsigned int i, shift = find_first_set_bit(contig_mask); + + ASSERT((CONTIG_LEVEL_SHIFT & (contig_mask >> shift)) == CONTIG_LEVEL_SHIFT); + + p[0] = (CONTIG_LEVEL_SHIFT + 0ull) << shift; + p[1] = 0; + p[2] = 1ull << shift; + p[3] = 0; + + for ( i = 4; i < PAGE_SIZE / sizeof(*p); i += 4 ) + { + p[i + 0] = (find_first_set_bit(i) + 0ull) << shift; + p[i + 1] = 0; + p[i + 2] = 1ull << shift; + p[i + 3] = 0; + } + } + else + clear_page(p); iommu_sync_cache(p, PAGE_SIZE); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:01:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:01:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374884.607043 (Exim 4.92) (envelope-from ) id 1oG80q-0005wR-Ge; Tue, 26 Jul 2022 00:01:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374884.607043; Tue, 26 Jul 2022 00:01:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80q-0005wI-De; Tue, 26 Jul 2022 00:01:24 +0000 Received: by outflank-mailman (input) for mailman id 374884; Tue, 26 Jul 2022 00:01:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80p-0005wA-5T for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80p-0006IG-4f for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG80p-000480-49 for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WAWdbgBnfHTRunzHLGC9OAyzvyKQEr83vSWCxHmzAAQ=; b=O8aJlorD8R34IyMd772lTDD/OW jFly3UWZvmzt1mrAsixyCC5nB1uNWfMrMRYminzRJcRNSw6Es9WXE6pShP6VVWukboaKipJb11yUk 7yJO7G8dnCKziRiXjWs8QcFpTCX3i7QVePUW2FujZpLkIgC5RsDJFX2vpQjlqk8jxYzA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: free all-empty page tables Message-Id: Date: Tue, 26 Jul 2022 00:01:23 +0000 commit 2d1bb66d87c2bec712643593584821d056e3b97e Author: Jan Beulich AuthorDate: Mon Jul 25 15:40:00 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:40:00 2022 +0200 AMD/IOMMU: free all-empty page tables When a page table ends up with no present entries left, it can be replaced by a non-present entry at the next higher level. The page table itself can then be scheduled for freeing. Note that while its output isn't used there yet, pt_update_contig_markers() right away needs to be called in all places where entries get updated, not just the one where entries get cleared. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu_map.c | 37 ++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 7d4e0ba587..a50a6b79ab 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -21,6 +21,7 @@ #include "iommu.h" +#define CONTIG_MASK IOMMU_PTE_CONTIG_MASK #include /* Given pfn and page table level, return pde index */ @@ -35,16 +36,20 @@ static unsigned int pfn_to_pde_idx(unsigned long pfn, unsigned int level) static union amd_iommu_pte clear_iommu_pte_present(unsigned long l1_mfn, unsigned long dfn, - unsigned int level) + unsigned int level, + bool *free) { union amd_iommu_pte *table, *pte, old; + unsigned int idx = pfn_to_pde_idx(dfn, level); table = map_domain_page(_mfn(l1_mfn)); - pte = &table[pfn_to_pde_idx(dfn, level)]; + pte = &table[idx]; old = *pte; write_atomic(&pte->raw, 0); + *free = pt_update_contig_markers(&table->raw, idx, level, PTE_kind_null); + unmap_domain_page(table); return old; @@ -87,7 +92,11 @@ static union amd_iommu_pte set_iommu_pte_present(unsigned long pt_mfn, if ( !old.pr || old.next_level || old.mfn != next_mfn || old.iw != iw || old.ir != ir ) + { set_iommu_pde_present(pde, next_mfn, 0, iw, ir); + pt_update_contig_markers(&table->raw, pfn_to_pde_idx(dfn, level), + level, PTE_kind_leaf); + } else old.pr = false; /* signal "no change" to the caller */ @@ -326,6 +335,9 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, smp_wmb(); set_iommu_pde_present(pde, next_table_mfn, next_level, true, true); + pt_update_contig_markers(&next_table_vaddr->raw, + pfn_to_pde_idx(dfn, level), + level, PTE_kind_table); *flush_flags |= IOMMU_FLUSHF_modified; } @@ -351,6 +363,9 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, next_table_mfn = mfn_x(page_to_mfn(table)); set_iommu_pde_present(pde, next_table_mfn, next_level, true, true); + pt_update_contig_markers(&next_table_vaddr->raw, + pfn_to_pde_idx(dfn, level), + level, PTE_kind_table); } else /* should never reach here */ { @@ -487,8 +502,24 @@ int cf_check amd_iommu_unmap_page( if ( pt_mfn ) { + bool free; + /* Mark PTE as 'page not present'. */ - old = clear_iommu_pte_present(pt_mfn, dfn_x(dfn), level); + old = clear_iommu_pte_present(pt_mfn, dfn_x(dfn), level, &free); + + while ( unlikely(free) && ++level < hd->arch.amd.paging_mode ) + { + struct page_info *pg = mfn_to_page(_mfn(pt_mfn)); + + if ( iommu_pde_from_dfn(d, dfn_x(dfn), level, &pt_mfn, + flush_flags, false) ) + BUG(); + BUG_ON(!pt_mfn); + + clear_iommu_pte_present(pt_mfn, dfn_x(dfn), level, &free); + *flush_flags |= IOMMU_FLUSHF_all; + iommu_queue_free_pgtable(hd, pg); + } } spin_unlock(&hd->arch.mapping_lock); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:01:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:01:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374885.607046 (Exim 4.92) (envelope-from ) id 1oG810-0005zX-Hu; Tue, 26 Jul 2022 00:01:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374885.607046; Tue, 26 Jul 2022 00:01:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG810-0005zO-F8; Tue, 26 Jul 2022 00:01:34 +0000 Received: by outflank-mailman (input) for mailman id 374885; Tue, 26 Jul 2022 00:01:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80z-0005zB-8r for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG80z-0006IW-81 for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG80z-00048X-7B for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kFgViRQSWWDRZBu/SSCt1E2Jo3y68Rc0qS6rbwoZoPE=; b=HsPS93DC8YT5bOC7n+6LRconpb yVVSmVOx5XW4BnVC9eJf7dyUVSrSI03shATU8lvfJYTUScSG0aS4cnkuio9vuV6VWglue9vlPuZQz YdlKDXXMWklH/qPIBDRxYyLxtvbjZpoc75cjzd0o2bfe5nAnmBpdePCc5HlQtsnyz1As=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: free all-empty page tables Message-Id: Date: Tue, 26 Jul 2022 00:01:33 +0000 commit 00c400edd7f5fed59f109b38522a47cae9943b22 Author: Jan Beulich AuthorDate: Mon Jul 25 15:40:41 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:40:41 2022 +0200 VT-d: free all-empty page tables When a page table ends up with no present entries left, it can be replaced by a non-present entry at the next higher level. The page table itself can then be scheduled for freeing. Note that while its output isn't used there yet, pt_update_contig_markers() right away needs to be called in all places where entries get updated, not just the one where entries get cleared. Note further that while pt_update_contig_markers() updates perhaps several PTEs within the table, since these are changes to "avail" bits only I do not think that cache flushing would be needed afterwards. Such cache flushing (of entire pages, unless adding yet more logic to me more selective) would be quite noticable performance-wise (very prominent during Dom0 boot). Also note that cache sync-ing is likely more strict than necessary. This is both to be on the safe side as well as to maintain the pattern of all updates of (potentially) live tables being accompanied by a flush (if so needed). Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/drivers/passthrough/vtd/iommu.c | 45 +++++++++++++++++++++++++++++++++++-- 1 file changed, 43 insertions(+), 2 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 28dc54b6bf..745c7bae0d 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -43,6 +43,9 @@ #include "vtd.h" #include "../ats.h" +#define CONTIG_MASK DMA_PTE_CONTIG_MASK +#include + /* dom_io is used as a sentinel for quarantined devices */ #define QUARANTINE_SKIP(d, pgd_maddr) ((d) == dom_io && !(pgd_maddr)) #define DEVICE_DOMID(d, pdev) ((d) != dom_io ? (d)->domain_id \ @@ -405,6 +408,9 @@ static uint64_t addr_to_dma_page_maddr(struct domain *domain, daddr_t addr, write_atomic(&pte->val, new_pte.val); iommu_sync_cache(pte, sizeof(struct dma_pte)); + pt_update_contig_markers(&parent->val, + address_level_offset(addr, level), + level, PTE_kind_table); } if ( --level == target ) @@ -829,9 +835,31 @@ static int dma_pte_clear_one(struct domain *domain, daddr_t addr, old = *pte; dma_clear_pte(*pte); + iommu_sync_cache(pte, sizeof(*pte)); + + while ( pt_update_contig_markers(&page->val, + address_level_offset(addr, level), + level, PTE_kind_null) && + ++level < min_pt_levels ) + { + struct page_info *pg = maddr_to_page(pg_maddr); + + unmap_vtd_domain_page(page); + + pg_maddr = addr_to_dma_page_maddr(domain, addr, level, flush_flags, + false); + BUG_ON(pg_maddr < PAGE_SIZE); + + page = map_vtd_domain_page(pg_maddr); + pte = &page[address_level_offset(addr, level)]; + dma_clear_pte(*pte); + iommu_sync_cache(pte, sizeof(*pte)); + + *flush_flags |= IOMMU_FLUSHF_all; + iommu_queue_free_pgtable(hd, pg); + } spin_unlock(&hd->arch.mapping_lock); - iommu_sync_cache(pte, sizeof(struct dma_pte)); unmap_vtd_domain_page(page); @@ -2177,8 +2205,21 @@ static int __must_check cf_check intel_iommu_map_page( } *pte = new; - iommu_sync_cache(pte, sizeof(struct dma_pte)); + + /* + * While the (ab)use of PTE_kind_table here allows to save some work in + * the function, the main motivation for it is that it avoids a so far + * unexplained hang during boot (while preparing Dom0) on a Westmere + * based laptop. + */ + pt_update_contig_markers(&page->val, + address_level_offset(dfn_to_daddr(dfn), level), + level, + (hd->platform_ops->page_sizes & + (1UL << level_to_offset_bits(level + 1)) + ? PTE_kind_leaf : PTE_kind_table)); + spin_unlock(&hd->arch.mapping_lock); unmap_vtd_domain_page(page); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:01:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:01:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374886.607050 (Exim 4.92) (envelope-from ) id 1oG81A-00063S-Ky; Tue, 26 Jul 2022 00:01:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374886.607050; Tue, 26 Jul 2022 00:01:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81A-00063K-I3; Tue, 26 Jul 2022 00:01:44 +0000 Received: by outflank-mailman (input) for mailman id 374886; Tue, 26 Jul 2022 00:01:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG819-000631-Bv for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG819-0006Ia-B2 for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG819-00048w-AQ for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YGoeo3eDqLNYCQyvypmnH7NlW2kn4t28dL/oOunRfnk=; b=aK+EvVQtZjZBo7wUEj/IsMBLir 72yE1UQzfiKpqcVn12F1yUe7wXd/WAd885QilK4Pv2kRdIbdv27cLKlVL35R6bYr7+1AYjJqOj2NK aVBHcn2ppZhCMWuFBgDLUBvmTDo/pvq0R1LpfRh6teCQ7XDdRaH1Ck+9/yWASM5TMnaI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] AMD/IOMMU: replace all-contiguous page tables by superpage mappings Message-Id: Date: Tue, 26 Jul 2022 00:01:43 +0000 commit 0f91f75eb7ec589700c2c651b03d606bb19471dc Author: Jan Beulich AuthorDate: Mon Jul 25 15:41:12 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:41:12 2022 +0200 AMD/IOMMU: replace all-contiguous page tables by superpage mappings When a page table ends up with all contiguous entries (including all identical attributes), it can be replaced by a superpage entry at the next higher level. The page table itself can then be scheduled for freeing. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/drivers/passthrough/amd/iommu_map.c | 34 ++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index a50a6b79ab..85d3a85fbb 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -81,7 +81,8 @@ static union amd_iommu_pte set_iommu_pte_present(unsigned long pt_mfn, unsigned long dfn, unsigned long next_mfn, unsigned int level, - bool iw, bool ir) + bool iw, bool ir, + bool *contig) { union amd_iommu_pte *table, *pde, old; @@ -94,11 +95,15 @@ static union amd_iommu_pte set_iommu_pte_present(unsigned long pt_mfn, old.iw != iw || old.ir != ir ) { set_iommu_pde_present(pde, next_mfn, 0, iw, ir); - pt_update_contig_markers(&table->raw, pfn_to_pde_idx(dfn, level), - level, PTE_kind_leaf); + *contig = pt_update_contig_markers(&table->raw, + pfn_to_pde_idx(dfn, level), + level, PTE_kind_leaf); } else + { old.pr = false; /* signal "no change" to the caller */ + *contig = false; + } unmap_domain_page(table); @@ -409,6 +414,7 @@ int cf_check amd_iommu_map_page( { struct domain_iommu *hd = dom_iommu(d); unsigned int level = (IOMMUF_order(flags) / PTE_PER_TABLE_SHIFT) + 1; + bool contig; int rc; unsigned long pt_mfn = 0; union amd_iommu_pte old; @@ -452,8 +458,26 @@ int cf_check amd_iommu_map_page( /* Install mapping */ old = set_iommu_pte_present(pt_mfn, dfn_x(dfn), mfn_x(mfn), level, - (flags & IOMMUF_writable), - (flags & IOMMUF_readable)); + flags & IOMMUF_writable, + flags & IOMMUF_readable, &contig); + + while ( unlikely(contig) && ++level < hd->arch.amd.paging_mode ) + { + struct page_info *pg = mfn_to_page(_mfn(pt_mfn)); + unsigned long next_mfn; + + if ( iommu_pde_from_dfn(d, dfn_x(dfn), level, &pt_mfn, flush_flags, + false) ) + BUG(); + BUG_ON(!pt_mfn); + + next_mfn = mfn_x(mfn) & (~0UL << (PTE_PER_TABLE_SHIFT * (level - 1))); + set_iommu_pte_present(pt_mfn, dfn_x(dfn), next_mfn, level, + flags & IOMMUF_writable, + flags & IOMMUF_readable, &contig); + *flush_flags |= IOMMU_FLUSHF_modified | IOMMU_FLUSHF_all; + iommu_queue_free_pgtable(hd, pg); + } spin_unlock(&hd->arch.mapping_lock); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:01:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:01:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374887.607054 (Exim 4.92) (envelope-from ) id 1oG81K-00066g-MX; Tue, 26 Jul 2022 00:01:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374887.607054; Tue, 26 Jul 2022 00:01:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81K-00066Y-Js; Tue, 26 Jul 2022 00:01:54 +0000 Received: by outflank-mailman (input) for mailman id 374887; Tue, 26 Jul 2022 00:01:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81J-00066N-F3 for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81J-0006J5-EC for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG81J-00049L-DZ for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:01:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XaGwyGM1s7I42phjBlG0aWkqtUnVi8Vm1KjatYg7gSI=; b=J7gNvWeW7BiRvbMGTWY3zP6d+f kqZeuIIRIE5PF9nIHBrHAJgcoNdR9hlzlkVQO8tOfr4ekDMB/rZKizE42fEpv9vFow6bA8JSynTac 0zIiBtl8MQR9kqL9Xq9JL1u60/Q+0V4vz61iA+FYvHsGyQCPxHZKf+8tLl0u/U5Soq1o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: replace all-contiguous page tables by superpage mappings Message-Id: Date: Tue, 26 Jul 2022 00:01:53 +0000 commit 3eb5c23542fabeeaff3c20a1fb1f6dddc2874890 Author: Jan Beulich AuthorDate: Mon Jul 25 15:41:48 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:41:48 2022 +0200 VT-d: replace all-contiguous page tables by superpage mappings When a page table ends up with all contiguous entries (including all identical attributes), it can be replaced by a superpage entry at the next higher level. The page table itself can then be scheduled for freeing. The adjustment to LEVEL_MASK is merely to avoid leaving a latent trap for whenever we (and obviously hardware) start supporting 512G mappings. Note that cache sync-ing is likely more strict than necessary. This is both to be on the safe side as well as to maintain the pattern of all updates of (potentially) live tables being accompanied by a flush (if so needed). Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/drivers/passthrough/vtd/iommu.c | 35 ++++++++++++++++++++++++++++------- xen/drivers/passthrough/vtd/iommu.h | 2 +- 2 files changed, 29 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 745c7bae0d..35545bfaef 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2211,14 +2211,35 @@ static int __must_check cf_check intel_iommu_map_page( * While the (ab)use of PTE_kind_table here allows to save some work in * the function, the main motivation for it is that it avoids a so far * unexplained hang during boot (while preparing Dom0) on a Westmere - * based laptop. + * based laptop. This also has the intended effect of terminating the + * loop when super pages aren't supported anymore at the next level. */ - pt_update_contig_markers(&page->val, - address_level_offset(dfn_to_daddr(dfn), level), - level, - (hd->platform_ops->page_sizes & - (1UL << level_to_offset_bits(level + 1)) - ? PTE_kind_leaf : PTE_kind_table)); + while ( pt_update_contig_markers(&page->val, + address_level_offset(dfn_to_daddr(dfn), level), + level, + (hd->platform_ops->page_sizes & + (1UL << level_to_offset_bits(level + 1)) + ? PTE_kind_leaf : PTE_kind_table)) ) + { + struct page_info *pg = maddr_to_page(pg_maddr); + + unmap_vtd_domain_page(page); + + new.val &= ~(LEVEL_MASK << level_to_offset_bits(level)); + dma_set_pte_superpage(new); + + pg_maddr = addr_to_dma_page_maddr(d, dfn_to_daddr(dfn), ++level, + flush_flags, false); + BUG_ON(pg_maddr < PAGE_SIZE); + + page = map_vtd_domain_page(pg_maddr); + pte = &page[address_level_offset(dfn_to_daddr(dfn), level)]; + *pte = new; + iommu_sync_cache(pte, sizeof(*pte)); + + *flush_flags |= IOMMU_FLUSHF_modified | IOMMU_FLUSHF_all; + iommu_queue_free_pgtable(hd, pg); + } spin_unlock(&hd->arch.mapping_lock); unmap_vtd_domain_page(page); diff --git a/xen/drivers/passthrough/vtd/iommu.h b/xen/drivers/passthrough/vtd/iommu.h index 7c3fe40150..78aa8a96f5 100644 --- a/xen/drivers/passthrough/vtd/iommu.h +++ b/xen/drivers/passthrough/vtd/iommu.h @@ -232,7 +232,7 @@ struct context_entry { /* page table handling */ #define LEVEL_STRIDE (9) -#define LEVEL_MASK ((1 << LEVEL_STRIDE) - 1) +#define LEVEL_MASK (PTE_NUM - 1UL) #define PTE_NUM (1 << LEVEL_STRIDE) #define level_to_agaw(val) ((val) - 2) #define agaw_to_level(val) ((val) + 2) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:02:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:02:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374888.607058 (Exim 4.92) (envelope-from ) id 1oG81U-00069o-PS; Tue, 26 Jul 2022 00:02:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374888.607058; Tue, 26 Jul 2022 00:02:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81U-00069f-M4; Tue, 26 Jul 2022 00:02:04 +0000 Received: by outflank-mailman (input) for mailman id 374888; Tue, 26 Jul 2022 00:02:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81T-00069U-I0 for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81T-0006Jc-HG for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG81T-00049t-GW for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=H5P31ExCcWrjMa6jYVPEzwMBDqEhRFYp5krOiij6Mus=; b=3auzj5t6OBkXtidEp+TLEtrYsu l9xMi26lDbtoa/YjZgvOTRuJscZ0+mS5ZZ69CiSpwevHfbS2OQD0++4bhtN4rmNS+55VDmgVDfX9u CyoK0DT/ZbWhDhdn9vEnTbFUFRAZEYdQlaz6xpfiImN+kIXMSkvIETs9TVMuCOeyxdIk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU/x86: add perf counters for page table splitting / coalescing Message-Id: Date: Tue, 26 Jul 2022 00:02:03 +0000 commit e0a417ce62560edea7b0022e62014252c77ba8cb Author: Jan Beulich AuthorDate: Mon Jul 25 15:42:33 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:42:33 2022 +0200 IOMMU/x86: add perf counters for page table splitting / coalescing Signed-off-by: Jan Beulich Reviewed-by: Kevin tian Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/arch/x86/include/asm/perfc_defn.h | 3 +++ xen/drivers/passthrough/amd/iommu_map.c | 4 ++++ xen/drivers/passthrough/vtd/iommu.c | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/xen/arch/x86/include/asm/perfc_defn.h b/xen/arch/x86/include/asm/perfc_defn.h index b07063b7d8..509afc516b 100644 --- a/xen/arch/x86/include/asm/perfc_defn.h +++ b/xen/arch/x86/include/asm/perfc_defn.h @@ -125,4 +125,7 @@ PERFCOUNTER(realmode_exits, "vmexits from realmode") PERFCOUNTER(pauseloop_exits, "vmexits from Pause-Loop Detection") +PERFCOUNTER(iommu_pt_shatters, "IOMMU page table shatters") +PERFCOUNTER(iommu_pt_coalesces, "IOMMU page table coalesces") + /*#endif*/ /* __XEN_PERFC_DEFN_H__ */ diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index 85d3a85fbb..f2157e0043 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -345,6 +345,8 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, level, PTE_kind_table); *flush_flags |= IOMMU_FLUSHF_modified; + + perfc_incr(iommu_pt_shatters); } /* Install lower level page table for non-present entries */ @@ -477,6 +479,7 @@ int cf_check amd_iommu_map_page( flags & IOMMUF_readable, &contig); *flush_flags |= IOMMU_FLUSHF_modified | IOMMU_FLUSHF_all; iommu_queue_free_pgtable(hd, pg); + perfc_incr(iommu_pt_coalesces); } spin_unlock(&hd->arch.mapping_lock); @@ -543,6 +546,7 @@ int cf_check amd_iommu_unmap_page( clear_iommu_pte_present(pt_mfn, dfn_x(dfn), level, &free); *flush_flags |= IOMMU_FLUSHF_all; iommu_queue_free_pgtable(hd, pg); + perfc_incr(iommu_pt_coalesces); } } diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 35545bfaef..496d2d50ee 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -404,6 +404,8 @@ static uint64_t addr_to_dma_page_maddr(struct domain *domain, daddr_t addr, if ( flush_flags ) *flush_flags |= IOMMU_FLUSHF_modified; + + perfc_incr(iommu_pt_shatters); } write_atomic(&pte->val, new_pte.val); @@ -857,6 +859,7 @@ static int dma_pte_clear_one(struct domain *domain, daddr_t addr, *flush_flags |= IOMMU_FLUSHF_all; iommu_queue_free_pgtable(hd, pg); + perfc_incr(iommu_pt_coalesces); } spin_unlock(&hd->arch.mapping_lock); @@ -2239,6 +2242,7 @@ static int __must_check cf_check intel_iommu_map_page( *flush_flags |= IOMMU_FLUSHF_modified | IOMMU_FLUSHF_all; iommu_queue_free_pgtable(hd, pg); + perfc_incr(iommu_pt_coalesces); } spin_unlock(&hd->arch.mapping_lock); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:02:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:02:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374889.607062 (Exim 4.92) (envelope-from ) id 1oG81e-0006By-QH; Tue, 26 Jul 2022 00:02:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374889.607062; Tue, 26 Jul 2022 00:02:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81e-0006Br-Np; Tue, 26 Jul 2022 00:02:14 +0000 Received: by outflank-mailman (input) for mailman id 374889; Tue, 26 Jul 2022 00:02:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81d-0006Bj-Kt for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81d-0006Jg-K8 for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG81d-0004AI-JZ for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JSTeBq63+wK2X68wBc437rylo/BfV/26lZ5W3SvcItw=; b=NC6dkP9nWZURpn4Fcp/IWZk+jT cbEq05jtZvkrQXhX5YkzqGJsh1eMeS2X0gWnj9w46TXl3L533vE5AkEn6e9HKm0X6xAHbL0T5NJ5V +hFkK+Plcjv1aNHUxKvqi7f7zhO4s2q+AHJAS3n1aRFtjOGUXy0F+MUg2IBj2C/XGEQA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: fold dma_pte_clear_one() into its only caller Message-Id: Date: Tue, 26 Jul 2022 00:02:13 +0000 commit fbf8e40f3b4ef79f0b38693d6b5e65573cc285f5 Author: Jan Beulich AuthorDate: Mon Jul 25 15:43:35 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:43:35 2022 +0200 VT-d: fold dma_pte_clear_one() into its only caller This way intel_iommu_unmap_page() ends up quite a bit more similar to intel_iommu_map_page(). No functional change intended. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Roger Pau Monné Reviewed-by: Paul Durrant --- xen/drivers/passthrough/vtd/iommu.c | 134 +++++++++++++++++------------------- 1 file changed, 63 insertions(+), 71 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 496d2d50ee..62e143125d 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -806,75 +806,6 @@ static void queue_free_pt(struct domain_iommu *hd, mfn_t mfn, unsigned int level iommu_queue_free_pgtable(hd, mfn_to_page(mfn)); } -/* clear one page's page table */ -static int dma_pte_clear_one(struct domain *domain, daddr_t addr, - unsigned int order, - unsigned int *flush_flags) -{ - struct domain_iommu *hd = dom_iommu(domain); - struct dma_pte *page = NULL, *pte = NULL, old; - u64 pg_maddr; - unsigned int level = (order / LEVEL_STRIDE) + 1; - - spin_lock(&hd->arch.mapping_lock); - /* get target level pte */ - pg_maddr = addr_to_dma_page_maddr(domain, addr, level, flush_flags, false); - if ( pg_maddr < PAGE_SIZE ) - { - spin_unlock(&hd->arch.mapping_lock); - return pg_maddr ? -ENOMEM : 0; - } - - page = (struct dma_pte *)map_vtd_domain_page(pg_maddr); - pte = &page[address_level_offset(addr, level)]; - - if ( !dma_pte_present(*pte) ) - { - spin_unlock(&hd->arch.mapping_lock); - unmap_vtd_domain_page(page); - return 0; - } - - old = *pte; - dma_clear_pte(*pte); - iommu_sync_cache(pte, sizeof(*pte)); - - while ( pt_update_contig_markers(&page->val, - address_level_offset(addr, level), - level, PTE_kind_null) && - ++level < min_pt_levels ) - { - struct page_info *pg = maddr_to_page(pg_maddr); - - unmap_vtd_domain_page(page); - - pg_maddr = addr_to_dma_page_maddr(domain, addr, level, flush_flags, - false); - BUG_ON(pg_maddr < PAGE_SIZE); - - page = map_vtd_domain_page(pg_maddr); - pte = &page[address_level_offset(addr, level)]; - dma_clear_pte(*pte); - iommu_sync_cache(pte, sizeof(*pte)); - - *flush_flags |= IOMMU_FLUSHF_all; - iommu_queue_free_pgtable(hd, pg); - perfc_incr(iommu_pt_coalesces); - } - - spin_unlock(&hd->arch.mapping_lock); - - unmap_vtd_domain_page(page); - - *flush_flags |= IOMMU_FLUSHF_modified; - - if ( order && !dma_pte_superpage(old) ) - queue_free_pt(hd, maddr_to_mfn(dma_pte_addr(old)), - order / LEVEL_STRIDE); - - return 0; -} - static int iommu_set_root_entry(struct vtd_iommu *iommu) { u32 sts; @@ -2264,11 +2195,17 @@ static int __must_check cf_check intel_iommu_map_page( static int __must_check cf_check intel_iommu_unmap_page( struct domain *d, dfn_t dfn, unsigned int order, unsigned int *flush_flags) { + struct domain_iommu *hd = dom_iommu(d); + daddr_t addr = dfn_to_daddr(dfn); + struct dma_pte *page = NULL, *pte = NULL, old; + uint64_t pg_maddr; + unsigned int level = (order / LEVEL_STRIDE) + 1; + /* * While really we could unmap at any granularity, for now we assume unmaps * are issued by common code only at the same granularity as maps. */ - ASSERT((dom_iommu(d)->platform_ops->page_sizes >> order) & PAGE_SIZE_4K); + ASSERT((hd->platform_ops->page_sizes >> order) & PAGE_SIZE_4K); /* Do nothing if VT-d shares EPT page table */ if ( iommu_use_hap_pt(d) ) @@ -2278,7 +2215,62 @@ static int __must_check cf_check intel_iommu_unmap_page( if ( iommu_hwdom_passthrough && is_hardware_domain(d) ) return 0; - return dma_pte_clear_one(d, dfn_to_daddr(dfn), order, flush_flags); + spin_lock(&hd->arch.mapping_lock); + /* get target level pte */ + pg_maddr = addr_to_dma_page_maddr(d, addr, level, flush_flags, false); + if ( pg_maddr < PAGE_SIZE ) + { + spin_unlock(&hd->arch.mapping_lock); + return pg_maddr ? -ENOMEM : 0; + } + + page = map_vtd_domain_page(pg_maddr); + pte = &page[address_level_offset(addr, level)]; + + if ( !dma_pte_present(*pte) ) + { + spin_unlock(&hd->arch.mapping_lock); + unmap_vtd_domain_page(page); + return 0; + } + + old = *pte; + dma_clear_pte(*pte); + iommu_sync_cache(pte, sizeof(*pte)); + + while ( pt_update_contig_markers(&page->val, + address_level_offset(addr, level), + level, PTE_kind_null) && + ++level < min_pt_levels ) + { + struct page_info *pg = maddr_to_page(pg_maddr); + + unmap_vtd_domain_page(page); + + pg_maddr = addr_to_dma_page_maddr(d, addr, level, flush_flags, false); + BUG_ON(pg_maddr < PAGE_SIZE); + + page = map_vtd_domain_page(pg_maddr); + pte = &page[address_level_offset(addr, level)]; + dma_clear_pte(*pte); + iommu_sync_cache(pte, sizeof(*pte)); + + *flush_flags |= IOMMU_FLUSHF_all; + iommu_queue_free_pgtable(hd, pg); + perfc_incr(iommu_pt_coalesces); + } + + spin_unlock(&hd->arch.mapping_lock); + + unmap_vtd_domain_page(page); + + *flush_flags |= IOMMU_FLUSHF_modified; + + if ( order && !dma_pte_superpage(old) ) + queue_free_pt(hd, maddr_to_mfn(dma_pte_addr(old)), + order / LEVEL_STRIDE); + + return 0; } static int cf_check intel_iommu_lookup_page( -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:02:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:02:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374890.607066 (Exim 4.92) (envelope-from ) id 1oG81o-0006FS-Rq; Tue, 26 Jul 2022 00:02:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374890.607066; Tue, 26 Jul 2022 00:02:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81o-0006FL-PJ; Tue, 26 Jul 2022 00:02:24 +0000 Received: by outflank-mailman (input) for mailman id 374890; Tue, 26 Jul 2022 00:02:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81n-0006F1-O5 for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81n-0006Jr-NI for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG81n-0004B0-MW for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NlYKyNtaibAxWX3RGbRZZ6XKuJb23fJayuwSftmRAtg=; b=CtHj+x9eUgA8nPOQNJ7TH2z2N9 h+DpBChno7PcusFly9rkIpPwAy99ZpHqsfCeJhZ95Op6E9sAqWxJZh0i2xcp+4qqyJ95g/djWaHdR EatXItsPSAuLAjgqmRSGZok8Fc6SoGFyWv//AxHxZ6nnlybp7ayCxVYmCmsF3xWAon+A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] golang/xenlight: Update generated code Message-Id: Date: Tue, 26 Jul 2022 00:02:23 +0000 commit 7c5e3cc07dc7c087af4e9175e85c2b21c8a39c81 Author: Oleksandr Tyshchenko AuthorDate: Mon Jul 25 15:44:17 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:44:17 2022 +0200 golang/xenlight: Update generated code Re-generate goland bindings to reflect changes to libxl_types.idl from the following commit: 54d8f27d0477 tools/libxl: report trusted backend status to frontends Signed-off-by: Oleksandr Tyshchenko Reviewed-by: Anthony PERARD --- tools/golang/xenlight/helpers.gen.go | 12 ++++++++++++ tools/golang/xenlight/types.gen.go | 2 ++ 2 files changed, 14 insertions(+) diff --git a/tools/golang/xenlight/helpers.gen.go b/tools/golang/xenlight/helpers.gen.go index dece545ee0..33fe03971f 100644 --- a/tools/golang/xenlight/helpers.gen.go +++ b/tools/golang/xenlight/helpers.gen.go @@ -1774,6 +1774,9 @@ x.ColoPort = int(xc.colo_port) x.ColoExport = C.GoString(xc.colo_export) x.ActiveDisk = C.GoString(xc.active_disk) x.HiddenDisk = C.GoString(xc.hidden_disk) +if err := x.Trusted.fromC(&xc.trusted);err != nil { +return fmt.Errorf("converting field Trusted: %v", err) +} return nil} @@ -1815,6 +1818,9 @@ if x.ActiveDisk != "" { xc.active_disk = C.CString(x.ActiveDisk)} if x.HiddenDisk != "" { xc.hidden_disk = C.CString(x.HiddenDisk)} +if err := x.Trusted.toC(&xc.trusted); err != nil { +return fmt.Errorf("converting field Trusted: %v", err) +} return nil } @@ -1899,6 +1905,9 @@ x.ColoFilterSecRedirector1Outdev = C.GoString(xc.colo_filter_sec_redirector1_out x.ColoFilterSecRewriter0Queue = C.GoString(xc.colo_filter_sec_rewriter0_queue) x.ColoCheckpointHost = C.GoString(xc.colo_checkpoint_host) x.ColoCheckpointPort = C.GoString(xc.colo_checkpoint_port) +if err := x.Trusted.fromC(&xc.trusted);err != nil { +return fmt.Errorf("converting field Trusted: %v", err) +} return nil} @@ -2028,6 +2037,9 @@ if x.ColoCheckpointHost != "" { xc.colo_checkpoint_host = C.CString(x.ColoCheckpointHost)} if x.ColoCheckpointPort != "" { xc.colo_checkpoint_port = C.CString(x.ColoCheckpointPort)} +if err := x.Trusted.toC(&xc.trusted); err != nil { +return fmt.Errorf("converting field Trusted: %v", err) +} return nil } diff --git a/tools/golang/xenlight/types.gen.go b/tools/golang/xenlight/types.gen.go index 253c9ad93d..bb149547fd 100644 --- a/tools/golang/xenlight/types.gen.go +++ b/tools/golang/xenlight/types.gen.go @@ -652,6 +652,7 @@ ColoPort int ColoExport string ActiveDisk string HiddenDisk string +Trusted Defbool } type DeviceNic struct { @@ -718,6 +719,7 @@ ColoFilterSecRedirector1Outdev string ColoFilterSecRewriter0Queue string ColoCheckpointHost string ColoCheckpointPort string +Trusted Defbool } type DevicePci struct { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:02:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:02:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374891.607070 (Exim 4.92) (envelope-from ) id 1oG81y-0006JM-Ux; Tue, 26 Jul 2022 00:02:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374891.607070; Tue, 26 Jul 2022 00:02:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81y-0006JF-SG; Tue, 26 Jul 2022 00:02:34 +0000 Received: by outflank-mailman (input) for mailman id 374891; Tue, 26 Jul 2022 00:02:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81x-0006Iz-RF for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG81x-0006Jv-QG for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG81x-0004BR-Pd for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+/fRU7JQu442o8wRbEksL+2uMhJ6R4jg1G8jr4eNIHY=; b=NrC901gis7ajIrLU6KSrygzqcx IBD+hUhPWmQN3qlYKKBEKTwCTua4+Yl60U4FUKF6oMI5qCRucSmLBL9h4Ah9HRykJQBcs7j32sUuY 3n0YFNHVv9VOWj0ooZlfC719G3SxY+vq8AyRbjmFQ2sczCjhmmUxrld5MiZ5EMp9HaIE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/mem_sharing: support forks with active vPMU state Message-Id: Date: Tue, 26 Jul 2022 00:02:33 +0000 commit 755087eb9b10cac418b1327382b2506d32bbfb7d Author: Tamas K Lengyel AuthorDate: Mon Jul 25 15:44:33 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:44:33 2022 +0200 xen/mem_sharing: support forks with active vPMU state Currently the vPMU state from a parent isn't copied to VM forks. To enable the vPMU state to be copied to a fork VM we export certain vPMU functions. First, the vPMU context needs to be allocated for the fork if the parent has one. For this we introduce vpmu->allocate_context, which has previously only been called when the guest enables the PMU on itself. Furthermore, we export vpmu_save_force so that the PMU context can be saved on-demand even if no context switch took place on the parent's CPU yet. Additionally, we make sure all relevant configuration MSRs are saved in the vPMU context so the copy is complete and the fork starts with the same PMU config as the parent. Signed-off-by: Tamas K Lengyel Acked-by: Andrew Cooper --- xen/arch/x86/cpu/vpmu.c | 14 +++++++++++- xen/arch/x86/cpu/vpmu_amd.c | 12 +++++++++++ xen/arch/x86/cpu/vpmu_intel.c | 32 +++++++++++++++++++++++----- xen/arch/x86/include/asm/vpmu.h | 17 +++++++++++++++ xen/arch/x86/mm/mem_sharing.c | 47 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 116 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index d2c03a1104..cacc24a30f 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -336,7 +336,19 @@ void vpmu_do_interrupt(struct cpu_user_regs *regs) #endif } -static void cf_check vpmu_save_force(void *arg) +#ifdef CONFIG_MEM_SHARING +int vpmu_allocate_context(struct vcpu *v) +{ + struct vpmu_struct *vpmu = vcpu_vpmu(v); + + if ( vpmu_is_set(vpmu, VPMU_CONTEXT_ALLOCATED) ) + return 0; + + return alternative_call(vpmu_ops.allocate_context, v) ? 0 : -ENOMEM; +} +#endif + +void cf_check vpmu_save_force(void *arg) { struct vcpu *v = arg; struct vpmu_struct *vpmu = vcpu_vpmu(v); diff --git a/xen/arch/x86/cpu/vpmu_amd.c b/xen/arch/x86/cpu/vpmu_amd.c index 9bacc02ec1..58794a16f0 100644 --- a/xen/arch/x86/cpu/vpmu_amd.c +++ b/xen/arch/x86/cpu/vpmu_amd.c @@ -518,6 +518,14 @@ static int cf_check svm_vpmu_initialise(struct vcpu *v) return 0; } +#ifdef CONFIG_MEM_SHARING +static int cf_check amd_allocate_context(struct vcpu *v) +{ + ASSERT_UNREACHABLE(); + return 0; +} +#endif + static const struct arch_vpmu_ops __initconst_cf_clobber amd_vpmu_ops = { .initialise = svm_vpmu_initialise, .do_wrmsr = amd_vpmu_do_wrmsr, @@ -527,6 +535,10 @@ static const struct arch_vpmu_ops __initconst_cf_clobber amd_vpmu_ops = { .arch_vpmu_save = amd_vpmu_save, .arch_vpmu_load = amd_vpmu_load, .arch_vpmu_dump = amd_vpmu_dump, + +#ifdef CONFIG_MEM_SHARING + .allocate_context = amd_allocate_context, +#endif }; static const struct arch_vpmu_ops *__init common_init(void) diff --git a/xen/arch/x86/cpu/vpmu_intel.c b/xen/arch/x86/cpu/vpmu_intel.c index 8612f46973..b91d818be0 100644 --- a/xen/arch/x86/cpu/vpmu_intel.c +++ b/xen/arch/x86/cpu/vpmu_intel.c @@ -282,10 +282,17 @@ static inline void __core2_vpmu_save(struct vcpu *v) for ( i = 0; i < fixed_pmc_cnt; i++ ) rdmsrl(MSR_CORE_PERF_FIXED_CTR0 + i, fixed_counters[i]); for ( i = 0; i < arch_pmc_cnt; i++ ) + { rdmsrl(MSR_IA32_PERFCTR0 + i, xen_pmu_cntr_pair[i].counter); + rdmsrl(MSR_P6_EVNTSEL(i), xen_pmu_cntr_pair[i].control); + } if ( !is_hvm_vcpu(v) ) rdmsrl(MSR_CORE_PERF_GLOBAL_STATUS, core2_vpmu_cxt->global_status); + /* Save MSR to private context to make it fork-friendly */ + else if ( mem_sharing_enabled(v->domain) ) + vmx_read_guest_msr(v, MSR_CORE_PERF_GLOBAL_CTRL, + &core2_vpmu_cxt->global_ctrl); } static int cf_check core2_vpmu_save(struct vcpu *v, bool to_guest) @@ -346,6 +353,10 @@ static inline void __core2_vpmu_load(struct vcpu *v) core2_vpmu_cxt->global_ovf_ctrl = 0; wrmsrl(MSR_CORE_PERF_GLOBAL_CTRL, core2_vpmu_cxt->global_ctrl); } + /* Restore MSR from context when used with a fork */ + else if ( mem_sharing_is_fork(v->domain) ) + vmx_write_guest_msr(v, MSR_CORE_PERF_GLOBAL_CTRL, + core2_vpmu_cxt->global_ctrl); } static int core2_vpmu_verify(struct vcpu *v) @@ -443,7 +454,7 @@ static int cf_check core2_vpmu_load(struct vcpu *v, bool from_guest) return 0; } -static int core2_vpmu_alloc_resource(struct vcpu *v) +static int cf_check core2_vpmu_alloc_resource(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); struct xen_pmu_intel_ctxt *core2_vpmu_cxt = NULL; @@ -461,11 +472,18 @@ static int core2_vpmu_alloc_resource(struct vcpu *v) goto out_err; } - core2_vpmu_cxt = xzalloc_flex_struct(struct xen_pmu_intel_ctxt, regs, - fixed_pmc_cnt + arch_pmc_cnt * - (sizeof(struct xen_pmu_cntr_pair) / - sizeof(*core2_vpmu_cxt->regs))); + vpmu->priv_context_size = sizeof(uint64_t); + vpmu->context_size = sizeof(struct xen_pmu_intel_ctxt) + + fixed_pmc_cnt * sizeof(uint64_t) + + arch_pmc_cnt * sizeof(struct xen_pmu_cntr_pair); + /* Calculate and add the padding for alignment */ + vpmu->context_size += vpmu->context_size % + sizeof(struct xen_pmu_intel_ctxt); + + core2_vpmu_cxt = _xzalloc(vpmu->context_size, + sizeof(struct xen_pmu_intel_ctxt)); p = xzalloc(uint64_t); + if ( !core2_vpmu_cxt || !p ) goto out_err; @@ -889,6 +907,10 @@ static const struct arch_vpmu_ops __initconst_cf_clobber core2_vpmu_ops = { .arch_vpmu_save = core2_vpmu_save, .arch_vpmu_load = core2_vpmu_load, .arch_vpmu_dump = core2_vpmu_dump, + +#ifdef CONFIG_MEM_SHARING + .allocate_context = core2_vpmu_alloc_resource, +#endif }; const struct arch_vpmu_ops *__init core2_vpmu_init(void) diff --git a/xen/arch/x86/include/asm/vpmu.h b/xen/arch/x86/include/asm/vpmu.h index e5709bd44a..8a3ae11562 100644 --- a/xen/arch/x86/include/asm/vpmu.h +++ b/xen/arch/x86/include/asm/vpmu.h @@ -47,6 +47,10 @@ struct arch_vpmu_ops { int (*arch_vpmu_save)(struct vcpu *v, bool_t to_guest); int (*arch_vpmu_load)(struct vcpu *v, bool_t from_guest); void (*arch_vpmu_dump)(const struct vcpu *); + +#ifdef CONFIG_MEM_SHARING + int (*allocate_context)(struct vcpu *v); +#endif }; const struct arch_vpmu_ops *core2_vpmu_init(void); @@ -59,6 +63,8 @@ struct vpmu_struct { u32 hw_lapic_lvtpc; void *context; /* May be shared with PV guest */ void *priv_context; /* hypervisor-only */ + size_t context_size; + size_t priv_context_size; struct xen_pmu_data *xenpmu_data; spinlock_t vpmu_lock; }; @@ -108,6 +114,7 @@ void vpmu_do_interrupt(struct cpu_user_regs *regs); void vpmu_initialise(struct vcpu *v); void vpmu_destroy(struct vcpu *v); void vpmu_save(struct vcpu *v); +void vpmu_save_force(void *arg); int vpmu_load(struct vcpu *v, bool_t from_guest); void vpmu_dump(struct vcpu *v); @@ -136,5 +143,15 @@ static inline void vpmu_switch_to(struct vcpu *next) vpmu_load(next, 0); } +#ifdef CONFIG_MEM_SHARING +int vpmu_allocate_context(struct vcpu *v); +#else +static inline int vpmu_allocate_context(struct vcpu *v) +{ + ASSERT_UNREACHABLE(); + return 0; +} +#endif + #endif /* __ASM_X86_HVM_VPMU_H_*/ diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index 8f9d9ed9a9..649d93dc54 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -1653,6 +1653,49 @@ static void copy_vcpu_nonreg_state(struct vcpu *d_vcpu, struct vcpu *cd_vcpu) hvm_set_nonreg_state(cd_vcpu, &nrs); } +static int copy_vpmu(struct vcpu *d_vcpu, struct vcpu *cd_vcpu) +{ + struct vpmu_struct *d_vpmu = vcpu_vpmu(d_vcpu); + struct vpmu_struct *cd_vpmu = vcpu_vpmu(cd_vcpu); + int ret; + + if ( !vpmu_are_all_set(d_vpmu, VPMU_INITIALIZED | VPMU_CONTEXT_ALLOCATED) ) + return 0; + if ( (ret = vpmu_allocate_context(cd_vcpu)) ) + return ret; + + /* + * The VPMU subsystem only saves the context when the CPU does a context + * switch. Otherwise, the relevant MSRs are not saved on vmexit. + * We force a save here in case the parent CPU context is still loaded. + */ + if ( vpmu_is_set(d_vpmu, VPMU_CONTEXT_LOADED) ) + { + unsigned int pcpu = smp_processor_id(); + + if ( d_vpmu->last_pcpu != pcpu ) + { + on_selected_cpus(cpumask_of(d_vpmu->last_pcpu), + vpmu_save_force, d_vcpu, 1); + vpmu_reset(d_vpmu, VPMU_CONTEXT_LOADED); + } + else + vpmu_save(d_vcpu); + } + + if ( vpmu_is_set(d_vpmu, VPMU_RUNNING) ) + vpmu_set(cd_vpmu, VPMU_RUNNING); + + /* Make sure context gets (re-)loaded when scheduled next */ + vpmu_reset(cd_vpmu, VPMU_CONTEXT_LOADED); + + memcpy(cd_vpmu->context, d_vpmu->context, d_vpmu->context_size); + memcpy(cd_vpmu->priv_context, d_vpmu->priv_context, + d_vpmu->priv_context_size); + + return 0; +} + static int copy_vcpu_settings(struct domain *cd, const struct domain *d) { unsigned int i; @@ -1702,6 +1745,10 @@ static int copy_vcpu_settings(struct domain *cd, const struct domain *d) copy_domain_page(new_vcpu_info_mfn, vcpu_info_mfn); } + ret = copy_vpmu(d_vcpu, cd_vcpu); + if ( ret ) + return ret; + hvm_vmtrace_reset(cd_vcpu); copy_vcpu_nonreg_state(d_vcpu, cd_vcpu); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:02:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:02:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374892.607074 (Exim 4.92) (envelope-from ) id 1oG829-0006Lz-0I; Tue, 26 Jul 2022 00:02:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374892.607074; Tue, 26 Jul 2022 00:02:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG828-0006Lr-Tx; Tue, 26 Jul 2022 00:02:44 +0000 Received: by outflank-mailman (input) for mailman id 374892; Tue, 26 Jul 2022 00:02:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG827-0006Lh-Ui for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG827-0006K5-Ty for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG827-0004CD-Sc for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=52+sFsfKjaYKUN1wptPEUXn8GWLM+XRrVVryBTHiBeo=; b=LPqRgnJVVR0ztUm3LLoPgBUxvv VpCjFYcU9tDRDxN0PZDFW7BAkhct1vDArHnIOFa2dqFPy1x3bkJU7bq1IhEukq7UevWSfeEuqgY6I 0pwlAFAjBZpQU5MMC9XgLWtFaA5ohZgw2fQwzVbB7XxP6yxb6NoBRSmYC9asqgoC2d7c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] Arm32: restore proper name of .dtb section start symbol Message-Id: Date: Tue, 26 Jul 2022 00:02:43 +0000 commit e625ddee2767eadaac48d17184f231e9874b4d4b Author: Jan Beulich AuthorDate: Mon Jul 25 15:45:31 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:45:31 2022 +0200 Arm32: restore proper name of .dtb section start symbol This addresses a build failure when CONFIG_DTB_FILE evaluates to a non- empty string. Fixes: d07358f2dccd ("xen/arm32: head.S: Introduce a macro to load the physical address of a symbol") Signed-off-by: Jan Beulich --- xen/arch/arm/arm32/head.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/arm/arm32/head.S b/xen/arch/arm/arm32/head.S index 98ccf18b51..46d93bebba 100644 --- a/xen/arch/arm/arm32/head.S +++ b/xen/arch/arm/arm32/head.S @@ -162,7 +162,7 @@ past_zImage: /* Using the DTB in the .dtb section? */ .ifnes CONFIG_DTB_FILE,"" - load_paddr r8, _stdb + load_paddr r8, _sdtb .endif /* Initialize the UART if earlyprintk has been enabled. */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 00:02:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 00:02:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.374893.607077 (Exim 4.92) (envelope-from ) id 1oG82J-0006Os-1h; Tue, 26 Jul 2022 00:02:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 374893.607077; Tue, 26 Jul 2022 00:02:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG82I-0006Ol-VT; Tue, 26 Jul 2022 00:02:54 +0000 Received: by outflank-mailman (input) for mailman id 374893; Tue, 26 Jul 2022 00:02:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG82I-0006Oa-1L for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oG82I-0006KS-0X for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oG82H-0004Cg-WA for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 00:02:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1STPQ8Lwhk/KHys9647+raT/1OWWaocfdJt7D8uj9OM=; b=MtyUfCLCFL4MlK8gEy3+EtfGbp hxXA6Z52fxUn+s8Bf6k89EbOLadhhUJUihYkpwBh1SOj4okUY2n/j+qTsojpTg4GtkeFpFfccoUT2 q/mzJAvP5O2zoas0oEPk1TQkFiGIvhoWUwYStC/lmk4NhmpKOLtSCyptNmVd8i+etk8Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] include: correct re-building conditions around hypercall-defs.h Message-Id: Date: Tue, 26 Jul 2022 00:02:53 +0000 commit f1c719d5cd8ab4d5d4c8df139b9df3c2c47221d1 Author: Jan Beulich AuthorDate: Mon Jul 25 15:46:21 2022 +0200 Commit: Jan Beulich CommitDate: Mon Jul 25 15:46:21 2022 +0200 include: correct re-building conditions around hypercall-defs.h For a .cmd file to be picked up, the respective target needs to be listed in $(targets). This wasn't the case for hypercall-defs.i, leading to permanent re-building even on an entirely unchanged tree (because of the command apparently having changed). In exchange the target doesn't need naming in $(clean-files) anymore. Fixes: eca1f00d0227 ("xen: generate hypercall interface related code") Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD --- xen/include/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/include/Makefile b/xen/include/Makefile index 65d61fc7f4..65be310eca 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -114,7 +114,7 @@ all: $(obj)/xen/hypercall-defs.h $(obj)/xen/hypercall-defs.h: $(obj)/hypercall-defs.i $(srctree)/scripts/gen_hypercall.awk FORCE $(call if_changed,genhyp) -targets += xen/hypercall-defs.h +targets += hypercall-defs.i xen/hypercall-defs.h ifeq ($(XEN_TARGET_ARCH),$(XEN_COMPILE_ARCH)) @@ -225,4 +225,3 @@ all: lib-x86-all endif clean-files := compat config generated xen/lib/x86/cpuid-autogen.h -clean-files += hypercall-defs.i -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 06:44:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 06:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375072.607358 (Exim 4.92) (envelope-from ) id 1oGEIX-0001mQ-QB; Tue, 26 Jul 2022 06:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375072.607358; Tue, 26 Jul 2022 06:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGEIX-0001mJ-M3; Tue, 26 Jul 2022 06:44:05 +0000 Received: by outflank-mailman (input) for mailman id 375072; Tue, 26 Jul 2022 06:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGEIW-0001m6-AL for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 06:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGEIW-0006AN-7c for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 06:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGEIW-0007Uu-5w for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 06:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5SQaR2CZdXeKw3XqxjvvqGU/yZnMsBRnNTn7fE7LkM0=; b=nsF5LIqh2PCvyy0TKx8vwHtP8B eIDX8BDUC65dUnFrbA+f/pn/Y2yK5WlfG0oonoa+uSNzBwz8bf/3wfQv8g/Fleqm2U332ymCHsFUH Ej0UK+insVwPXbTw8oR8Pd/W8XBzy6w0Ls0f/ijaEShvmHYVnF865Y4dLGoNqmpPhWKk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] page-alloc: fix initialization of cross-node regions Message-Id: Date: Tue, 26 Jul 2022 06:44:04 +0000 commit bd0bb8a0058b10ef6039b1a9a20ad982108d295c Author: Jan Beulich AuthorDate: Tue Jul 26 08:33:10 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 26 08:33:10 2022 +0200 page-alloc: fix initialization of cross-node regions Quite obviously to determine the split condition successive pages' attributes need to be evaluated, not always those of the initial page. Fixes: 72b02bc75b47 ("xen/heap: pass order to free_heap_pages() in heap init") Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/common/page_alloc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index c5c5047e7c..8bdaffeb3d 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1885,11 +1885,11 @@ static void init_heap_pages( * range to cross zones. */ #ifdef CONFIG_SEPARATE_XENHEAP - if ( zone != page_to_zone(pg) ) + if ( zone != page_to_zone(pg + contig_pages) ) break; #endif - if ( nid != (phys_to_nid(page_to_maddr(pg))) ) + if ( nid != (phys_to_nid(page_to_maddr(pg + contig_pages))) ) break; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 06:44:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 06:44:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375074.607372 (Exim 4.92) (envelope-from ) id 1oGEIi-00028o-7Z; Tue, 26 Jul 2022 06:44:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375074.607372; Tue, 26 Jul 2022 06:44:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGEIi-00028f-3L; Tue, 26 Jul 2022 06:44:16 +0000 Received: by outflank-mailman (input) for mailman id 375074; Tue, 26 Jul 2022 06:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGEIg-00027j-Be for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 06:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGEIg-0006AX-Ah for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 06:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGEIg-0007VM-9t for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 06:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xA+0cNYtznanbrpcLnVCQQ/IUGicketnM4IY2Eps/mA=; b=MXDaJOq5eR6D73cvKkTlacGjLb tGlAZgLnP+dSt4TJqy0quNHQaMGj6UUtQpjAAFAIMnB2JfXqn2HtCWzwLqvmG/F8f7G7G4/meKcwM sJ0Uh+8hWLLzkv/JinQwTz3EX2pxBQCPgFrlTv3J4d0cTEkns4CyqMgAHP3pefJ/TURw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] common/memory: Fix ifdefs for ptdom_max_order Message-Id: Date: Tue, 26 Jul 2022 06:44:14 +0000 commit 5707470bf3103ebae43697a7ac2faced6cd35f92 Author: Luca Fancellu AuthorDate: Tue Jul 26 08:33:46 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 26 08:33:46 2022 +0200 common/memory: Fix ifdefs for ptdom_max_order In common/memory.c the ifdef code surrounding ptdom_max_order is using HAS_PASSTHROUGH instead of CONFIG_HAS_PASSTHROUGH, fix the problem using the correct macro. Fixes: e0d44c1f9461 ("build: convert HAS_PASSTHROUGH use to Kconfig") Signed-off-by: Luca Fancellu Reviewed-by: Jan Beulich --- xen/common/memory.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/common/memory.c b/xen/common/memory.c index f6f794914d..bc89442ba5 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -58,7 +58,7 @@ struct memop_args { static unsigned int __read_mostly domu_max_order = CONFIG_DOMU_MAX_ORDER; static unsigned int __read_mostly ctldom_max_order = CONFIG_CTLDOM_MAX_ORDER; static unsigned int __read_mostly hwdom_max_order = CONFIG_HWDOM_MAX_ORDER; -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH static unsigned int __read_mostly ptdom_max_order = CONFIG_PTDOM_MAX_ORDER; #endif @@ -70,7 +70,7 @@ static int __init cf_check parse_max_order(const char *s) ctldom_max_order = simple_strtoul(s, &s, 0); if ( *s == ',' && *++s != ',' ) hwdom_max_order = simple_strtoul(s, &s, 0); -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH if ( *s == ',' && *++s != ',' ) ptdom_max_order = simple_strtoul(s, &s, 0); #endif @@ -83,7 +83,7 @@ static unsigned int max_order(const struct domain *d) { unsigned int order = domu_max_order; -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH if ( cache_flush_permitted(d) && order < ptdom_max_order ) order = ptdom_max_order; #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 13:00:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 13:00:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375290.607587 (Exim 4.92) (envelope-from ) id 1oGKAQ-0002ds-8l; Tue, 26 Jul 2022 13:00:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375290.607587; Tue, 26 Jul 2022 13:00:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKAQ-0002dk-5E; Tue, 26 Jul 2022 13:00:06 +0000 Received: by outflank-mailman (input) for mailman id 375290; Tue, 26 Jul 2022 13:00:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKAO-0002Pu-Nr for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:00:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKAO-0006nv-LG for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:00:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGKAO-000459-KJ for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:00:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nyXXK3gnH439rtRTb4IluOYw/QfivxlxTlSPuhR2cLk=; b=RGsjGCuX1dynQPetNQfNMBfBra YtPYg19JDwL20syn8yZeh7iVc53rJAogsG02sF/H7ZvBFVmuBEPtfB0Nds+tQzK+X7LyQi8pcM+hg VIpTg7/iw7OVHSQLfWbppn/OZKPVp6K93+pMKCReBVQFpv3EvzgqwFIOAlNeGjsE4iro=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mm: correct TLB flush condition in _get_page_type() Message-Id: Date: Tue, 26 Jul 2022 13:00:04 +0000 commit a9949efb288fd6e21bbaf9d5826207c7c41cda27 Author: Jan Beulich AuthorDate: Tue Jul 26 14:54:34 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 26 14:54:34 2022 +0200 x86/mm: correct TLB flush condition in _get_page_type() When this logic was moved, it was moved across the point where nx is updated to hold the new type for the page. IOW originally it was equivalent to using x (and perhaps x would better have been used), but now it isn't anymore. Switch to using x, which then brings things in line again with the slightly earlier comment there (now) talking about transitions _from_ writable. I have to confess though that I cannot make a direct connection between the reported observed behavior of guests leaving several pages around with pending general references and the change here. Repeated testing, nevertheless, confirms the reported issue is no longer there. This is CVE-2022-33745 / XSA-408. Reported-by: Charles Arnold Fixes: 8cc5036bc385 ("x86/pv: Fix ABAC cmpxchg() race in _get_page_type()") Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/mm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 5b81d5fbdb..2c1c35151a 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3038,7 +3038,7 @@ static int _get_page_type(struct page_info *page, unsigned long type, if ( unlikely(!cpumask_empty(mask)) && /* Shadow mode: track only writable pages. */ (!shadow_mode_enabled(d) || - ((nx & PGT_type_mask) == PGT_writable_page)) ) + ((x & PGT_type_mask) == PGT_writable_page)) ) { perfc_incr(need_flush_tlb_flush); /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 13:00:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 13:00:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375291.607591 (Exim 4.92) (envelope-from ) id 1oGKAZ-0002oS-9Q; Tue, 26 Jul 2022 13:00:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375291.607591; Tue, 26 Jul 2022 13:00:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKAZ-0002oK-6k; Tue, 26 Jul 2022 13:00:15 +0000 Received: by outflank-mailman (input) for mailman id 375291; Tue, 26 Jul 2022 13:00:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKAY-0002oE-Ur for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:00:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKAY-0006o2-U4 for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:00:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGKAY-00046v-TH for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:00:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/Fdr/uKttfRctTIoV6WK3xr80y/8/bs0ldxABxSSlPE=; b=lHCOOzv6A0j4VVo5yAAuBzU5dZ IWvQiQdaX9neTEUDHODEtqbq3Mghfngj5I6t9Dl2fux5VnsOrpTKEdwaL+b4GG4dEhgxXhiS+mGMv ydEVuawG7NS+xQIJsh7eVBkiYp3wyAeBUmeQjhZKCw94Gvi6bwz26OwXwypsAU0iEmQY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/mm: correct TLB flush condition in _get_page_type() Message-Id: Date: Tue, 26 Jul 2022 13:00:14 +0000 commit 221f6a97b59e008f11eb310ad0c9b802f3bea233 Author: Jan Beulich AuthorDate: Tue Jul 26 14:59:07 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 26 14:59:07 2022 +0200 x86/mm: correct TLB flush condition in _get_page_type() When this logic was moved, it was moved across the point where nx is updated to hold the new type for the page. IOW originally it was equivalent to using x (and perhaps x would better have been used), but now it isn't anymore. Switch to using x, which then brings things in line again with the slightly earlier comment there (now) talking about transitions _from_ writable. I have to confess though that I cannot make a direct connection between the reported observed behavior of guests leaving several pages around with pending general references and the change here. Repeated testing, nevertheless, confirms the reported issue is no longer there. This is CVE-2022-33745 / XSA-408. Reported-by: Charles Arnold Fixes: 8cc5036bc385 ("x86/pv: Fix ABAC cmpxchg() race in _get_page_type()") Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: a9949efb288fd6e21bbaf9d5826207c7c41cda27 master date: 2022-07-26 14:54:34 +0200 --- xen/arch/x86/mm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index c1b9a3bb10..5812321cae 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3004,7 +3004,7 @@ static int _get_page_type(struct page_info *page, unsigned long type, if ( unlikely(!cpumask_empty(mask)) && /* Shadow mode: track only writable pages. */ (!shadow_mode_enabled(d) || - ((nx & PGT_type_mask) == PGT_writable_page)) ) + ((x & PGT_type_mask) == PGT_writable_page)) ) { perfc_incr(need_flush_tlb_flush); /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 13:11:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 13:11:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375302.607594 (Exim 4.92) (envelope-from ) id 1oGKL3-0003wW-2k; Tue, 26 Jul 2022 13:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375302.607594; Tue, 26 Jul 2022 13:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKL2-0003wP-WE; Tue, 26 Jul 2022 13:11:05 +0000 Received: by outflank-mailman (input) for mailman id 375302; Tue, 26 Jul 2022 13:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKL2-0003wJ-HE for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKL2-0007Aj-EY for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGKL2-0004sg-Dg for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=w29059xbeBjnTK7Nw+9RixTlUFEGr2tG/tkr6pZah1I=; b=2ykGzZYhZ6EcrcFg9c/yvQxGiM 8ONrRhWOOwnRqDvGzupJqmJfcZp3ErCUwuKlyNQzJh3roexIFLcrcGABlVyfcVQyDY32fyJwD+NDO lk2FIbz40HsLNma78UjkHP+81vVN6VJXi5tErGUFe4WnMso5pcP0OyvkrNB2bpGpVWHk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/mm: correct TLB flush condition in _get_page_type() Message-Id: Date: Tue, 26 Jul 2022 13:11:04 +0000 commit 3859f3ee7e37323ae5e0014c07ba8d3a4d7890b2 Author: Jan Beulich AuthorDate: Tue Jul 26 15:03:14 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 26 15:03:14 2022 +0200 x86/mm: correct TLB flush condition in _get_page_type() When this logic was moved, it was moved across the point where nx is updated to hold the new type for the page. IOW originally it was equivalent to using x (and perhaps x would better have been used), but now it isn't anymore. Switch to using x, which then brings things in line again with the slightly earlier comment there (now) talking about transitions _from_ writable. I have to confess though that I cannot make a direct connection between the reported observed behavior of guests leaving several pages around with pending general references and the change here. Repeated testing, nevertheless, confirms the reported issue is no longer there. This is CVE-2022-33745 / XSA-408. Reported-by: Charles Arnold Fixes: 8cc5036bc385 ("x86/pv: Fix ABAC cmpxchg() race in _get_page_type()") Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: a9949efb288fd6e21bbaf9d5826207c7c41cda27 master date: 2022-07-26 14:54:34 +0200 --- xen/arch/x86/mm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 7d0747017d..c88dc749d4 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -2992,7 +2992,7 @@ static int _get_page_type(struct page_info *page, unsigned long type, if ( unlikely(!cpumask_empty(mask)) && /* Shadow mode: track only writable pages. */ (!shadow_mode_enabled(d) || - ((nx & PGT_type_mask) == PGT_writable_page)) ) + ((x & PGT_type_mask) == PGT_writable_page)) ) { perfc_incr(need_flush_tlb_flush); /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 13:11:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 13:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375303.607599 (Exim 4.92) (envelope-from ) id 1oGKLE-0003yX-4G; Tue, 26 Jul 2022 13:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375303.607599; Tue, 26 Jul 2022 13:11:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKLE-0003yP-1d; Tue, 26 Jul 2022 13:11:16 +0000 Received: by outflank-mailman (input) for mailman id 375303; Tue, 26 Jul 2022 13:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKLC-0003yD-OE for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKLC-0007Au-NI for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGKLC-0004tX-M9 for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bTSF7I6XDRRXqri04JSV3mFL10PPOaWL0QO0hXOdGVk=; b=mHicYd8e8n9ZKWpdqyIkyijb/2 aSceuzCGIfz+aQnMa1CgwT2fHZIXAQkKZ2jkKD3VtpZGJHnCxJ3To0Bstz04Lh47gQHqLGDAznBkf 4/6LB59TWNMjKW4i4wGL8xaqMjzkGFxUYM+Oq7vMcYQvTQrAP9UNZhmIgp+pDQB+oqjY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/mm: correct TLB flush condition in _get_page_type() Message-Id: Date: Tue, 26 Jul 2022 13:11:14 +0000 commit ef571a5a11e70365106db15144236d7bb5117abe Author: Jan Beulich AuthorDate: Tue Jul 26 15:04:11 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 26 15:04:11 2022 +0200 x86/mm: correct TLB flush condition in _get_page_type() When this logic was moved, it was moved across the point where nx is updated to hold the new type for the page. IOW originally it was equivalent to using x (and perhaps x would better have been used), but now it isn't anymore. Switch to using x, which then brings things in line again with the slightly earlier comment there (now) talking about transitions _from_ writable. I have to confess though that I cannot make a direct connection between the reported observed behavior of guests leaving several pages around with pending general references and the change here. Repeated testing, nevertheless, confirms the reported issue is no longer there. This is CVE-2022-33745 / XSA-408. Reported-by: Charles Arnold Fixes: 8cc5036bc385 ("x86/pv: Fix ABAC cmpxchg() race in _get_page_type()") Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: a9949efb288fd6e21bbaf9d5826207c7c41cda27 master date: 2022-07-26 14:54:34 +0200 --- xen/arch/x86/mm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 3b72d9e8d3..f11ad9cb2d 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -2994,7 +2994,7 @@ static int _get_page_type(struct page_info *page, unsigned long type, if ( unlikely(!cpumask_empty(mask)) && /* Shadow mode: track only writable pages. */ (!shadow_mode_enabled(d) || - ((nx & PGT_type_mask) == PGT_writable_page)) ) + ((x & PGT_type_mask) == PGT_writable_page)) ) { perfc_incr(need_flush_tlb_flush); /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 13:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 13:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375304.607603 (Exim 4.92) (envelope-from ) id 1oGKLO-00041c-6D; Tue, 26 Jul 2022 13:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375304.607603; Tue, 26 Jul 2022 13:11:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKLO-00041T-32; Tue, 26 Jul 2022 13:11:26 +0000 Received: by outflank-mailman (input) for mailman id 375304; Tue, 26 Jul 2022 13:11:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKLN-00041C-0O for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:11:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGKLM-0007B5-Vi for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGKLM-0004uM-Uv for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 13:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nY1TXH+4eTbz1OVgKESjX+jYALVu5rARniNqScPatfo=; b=vKjTuvJi4d/k1pXRrePCc7Ztgl QU09t5i/ohn0PpjmjOyIyHJl6HgPkk1FdEh2nKQEciOAVBQ0rdEeq4SeyylBd2zKkdaFYOnofZZ5q Cm7hYSRCWfDV+XLvRAqXb1jb99TWX+1TFYXwGtWzSjPa3cy+hpg3up0oGEavmaWY5Tcw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/mm: correct TLB flush condition in _get_page_type() Message-Id: Date: Tue, 26 Jul 2022 13:11:24 +0000 commit c946524a65f3f7b795c48d304953be6d7672cfb6 Author: Jan Beulich AuthorDate: Tue Jul 26 15:05:08 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 26 15:05:08 2022 +0200 x86/mm: correct TLB flush condition in _get_page_type() When this logic was moved, it was moved across the point where nx is updated to hold the new type for the page. IOW originally it was equivalent to using x (and perhaps x would better have been used), but now it isn't anymore. Switch to using x, which then brings things in line again with the slightly earlier comment there (now) talking about transitions _from_ writable. I have to confess though that I cannot make a direct connection between the reported observed behavior of guests leaving several pages around with pending general references and the change here. Repeated testing, nevertheless, confirms the reported issue is no longer there. This is CVE-2022-33745 / XSA-408. Reported-by: Charles Arnold Fixes: 8cc5036bc385 ("x86/pv: Fix ABAC cmpxchg() race in _get_page_type()") Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: a9949efb288fd6e21bbaf9d5826207c7c41cda27 master date: 2022-07-26 14:54:34 +0200 --- xen/arch/x86/mm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 12531d3bff..2e63008570 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3080,7 +3080,7 @@ static int _get_page_type(struct page_info *page, unsigned long type, if ( unlikely(!cpumask_empty(mask)) && /* Shadow mode: track only writable pages. */ (!shadow_mode_enabled(d) || - ((nx & PGT_type_mask) == PGT_writable_page)) ) + ((x & PGT_type_mask) == PGT_writable_page)) ) { perfc_incr(need_flush_tlb_flush); flush_tlb_mask(mask); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 14:11:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 14:11:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375341.607662 (Exim 4.92) (envelope-from ) id 1oGLH7-0004iJ-Iv; Tue, 26 Jul 2022 14:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375341.607662; Tue, 26 Jul 2022 14:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGLH7-0004iB-Fx; Tue, 26 Jul 2022 14:11:05 +0000 Received: by outflank-mailman (input) for mailman id 375341; Tue, 26 Jul 2022 14:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGLH6-0004i5-Tm for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 14:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGLH6-0008U7-S8 for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 14:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGLH6-0007qg-RG for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 14:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Inghc2JQmMmHvx7DqdwTAiZxeOFVAaKn6yoKuCTNWRA=; b=BPUOIkSvjS7N16sbUs2QUZl2wD z/bOG3AwhY3nrpbL+q10Jarok/AhJDYeGnocLCpKS7aKh1TO1fRHYlWCZ/6280v9H5UlYEb0fqfku mnH/uMZlYxwsFOI/ZX3ZAv5h34bxENnDqzTtVCv9hfKP/mq2BPqvMjv+2G+3kl0z4FQo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/pv: Inject #GP for implicit grant unmaps Message-Id: Date: Tue, 26 Jul 2022 14:11:04 +0000 commit f61c54967f4a5ea7e0c9fc3a4e966efa26481cb9 Author: Andrew Cooper AuthorDate: Tue Jul 19 21:37:43 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 26 15:09:48 2022 +0100 x86/pv: Inject #GP for implicit grant unmaps This is a debug behaviour to identify buggy kernels. Crashing the domain is the most unhelpful thing to do, because it discards the relevant context. Instead, inject #GP[0] like other permission errors in x86. In particular, this lets the kernel provide a backtrace which is more likely to be helpful to a developer. As a bugfix, this always injects #GP[0] to current, not l1e_owner. It is not l1e_owner's fault if dom0 using superpowers triggers an implicit unmap. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/mm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 2c1c35151a..22a4dfa838 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -1229,10 +1229,10 @@ void put_page_from_l1e(l1_pgentry_t l1e, struct domain *l1e_owner) if ( (l1e_get_flags(l1e) & _PAGE_GNTTAB) && !l1e_owner->is_shutting_down && !l1e_owner->is_dying ) { - gdprintk(XENLOG_WARNING, - "Attempt to implicitly unmap a granted PTE %" PRIpte "\n", - l1e_get_intpte(l1e)); - domain_crash(l1e_owner); + gprintk(XENLOG_WARNING, + "Attempt to implicitly unmap %pd's grant PTE %" PRIpte "\n", + l1e_owner, l1e_get_intpte(l1e)); + pv_inject_hw_exception(TRAP_gp_fault, 0); } #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 14:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 14:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375342.607666 (Exim 4.92) (envelope-from ) id 1oGLHH-0004kI-KK; Tue, 26 Jul 2022 14:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375342.607666; Tue, 26 Jul 2022 14:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGLHH-0004kA-HS; Tue, 26 Jul 2022 14:11:15 +0000 Received: by outflank-mailman (input) for mailman id 375342; Tue, 26 Jul 2022 14:11:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGLHG-0004k4-W5 for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 14:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGLHG-0008UI-VD for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 14:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGLHG-0007rK-UJ for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 14:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FHZmPyf228h+6c4ll4XeOr1kdbKarQeNqML8xk2iQIc=; b=TPjKCh2Lqm4VjHlpJisgIu6L3I yiq0CQCo/mOpkx+MkdULXNYJXZDNUUeyZFPB41I2EcNdp5yxy49r1L7g4F31rrwau3ig1GYu78iCb JMuTKdFdcgBFmUDGNl630WR3x24NeIv7dWwNSBCLvFERocHO3yeXkLTUUAvtFfbXPd+U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/vpmu: Fix build following vmfork addition Message-Id: Date: Tue, 26 Jul 2022 14:11:14 +0000 commit b1f0183e5067fbcb87517795e27929982b2404fb Author: Andrew Cooper AuthorDate: Tue Jul 26 14:11:33 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 26 15:09:48 2022 +0100 x86/vpmu: Fix build following vmfork addition GCC with IBT extensions complains: arch/x86/cpu/vpmu.c:351:15: error: conflicting types for 'vpmu_save_force'; have 'void(void *)' with implied 'nocf_check' attribute 351 | void cf_check vpmu_save_force(void *arg) | ^~~~~~~~~~~~~~~ In file included from ./arch/x86/include/asm/domain.h:10, from ./include/xen/domain.h:8, from ./include/xen/sched.h:11, from ./include/xen/event.h:12, from arch/x86/cpu/vpmu.c:23: ./arch/x86/include/asm/vpmu.h:117:6: note: previous declaration of 'vpmu_save_force' with type 'void(void *)' 117 | void vpmu_save_force(void *arg); | ^~~~~~~~~~~~~~~ Adjust the declaraion. Fixes: 755087eb9b10 ("xen/mem_sharing: support forks with active vPMU state") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/vpmu.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/include/asm/vpmu.h b/xen/arch/x86/include/asm/vpmu.h index 8a3ae11562..05e1fbfccf 100644 --- a/xen/arch/x86/include/asm/vpmu.h +++ b/xen/arch/x86/include/asm/vpmu.h @@ -114,7 +114,7 @@ void vpmu_do_interrupt(struct cpu_user_regs *regs); void vpmu_initialise(struct vcpu *v); void vpmu_destroy(struct vcpu *v); void vpmu_save(struct vcpu *v); -void vpmu_save_force(void *arg); +void cf_check vpmu_save_force(void *arg); int vpmu_load(struct vcpu *v, bool_t from_guest); void vpmu_dump(struct vcpu *v); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 19:22:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 19:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375707.608182 (Exim 4.92) (envelope-from ) id 1oGQ84-00065J-9W; Tue, 26 Jul 2022 19:22:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375707.608182; Tue, 26 Jul 2022 19:22:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGQ84-00065B-61; Tue, 26 Jul 2022 19:22:04 +0000 Received: by outflank-mailman (input) for mailman id 375707; Tue, 26 Jul 2022 19:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGQ82-000655-3L for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 19:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGQ82-0008A7-1X for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 19:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGQ81-0002cp-W5 for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 19:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5igjyF/6PGG1keLXvLFkewPZ2SGH0BBE1HJInsfy+kE=; b=THdKcemY4fXUzJ4Uylek2pU1+I IhWXVNq/ik5BZzyxqBqLRcVKIrdZUCH/JkTZ+nnPJn+XcRz4+J7ftQqJwlvIoEGfDOaE5l75hF87O ubTbfNQlE2/8OX/A/v4E+C9Jvi+dwxYSt77R9gIgLqd8renhGXQwlGUfZaCt+ozoPiBM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] page-alloc: fix initialization of cross-node regions Message-Id: Date: Tue, 26 Jul 2022 19:22:01 +0000 commit bd0bb8a0058b10ef6039b1a9a20ad982108d295c Author: Jan Beulich AuthorDate: Tue Jul 26 08:33:10 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 26 08:33:10 2022 +0200 page-alloc: fix initialization of cross-node regions Quite obviously to determine the split condition successive pages' attributes need to be evaluated, not always those of the initial page. Fixes: 72b02bc75b47 ("xen/heap: pass order to free_heap_pages() in heap init") Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/common/page_alloc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index c5c5047e7c..8bdaffeb3d 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1885,11 +1885,11 @@ static void init_heap_pages( * range to cross zones. */ #ifdef CONFIG_SEPARATE_XENHEAP - if ( zone != page_to_zone(pg) ) + if ( zone != page_to_zone(pg + contig_pages) ) break; #endif - if ( nid != (phys_to_nid(page_to_maddr(pg))) ) + if ( nid != (phys_to_nid(page_to_maddr(pg + contig_pages))) ) break; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Jul 26 19:22:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 26 Jul 2022 19:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375708.608187 (Exim 4.92) (envelope-from ) id 1oGQ8D-00067a-CO; Tue, 26 Jul 2022 19:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375708.608187; Tue, 26 Jul 2022 19:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGQ8D-00067S-9m; Tue, 26 Jul 2022 19:22:13 +0000 Received: by outflank-mailman (input) for mailman id 375708; Tue, 26 Jul 2022 19:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGQ8C-00067E-6I for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 19:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGQ8C-0008AU-4a for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 19:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGQ8C-0002dW-3l for xen-changelog@lists.xenproject.org; Tue, 26 Jul 2022 19:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZdCgCOxQGjubevSyyYOsAKK2pFYqCA/kkhxt5VXC4vI=; b=LHC35ZT+LNyfSEyMqaLZ8tKOCY DwDwYFxGBKpCtkrAqh1djZZoOGw9Xk/zmayMGXgbknfbxgrJDapC7QJR8pV42Boo1yonNzJ+fbE9k XYoH377obPhRCOFxbsA1H1BT5YncWlvkYI/xJjBZsOJPPgWuZkPRKsaDaWLbEOzGKZBU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] common/memory: Fix ifdefs for ptdom_max_order Message-Id: Date: Tue, 26 Jul 2022 19:22:12 +0000 commit 5707470bf3103ebae43697a7ac2faced6cd35f92 Author: Luca Fancellu AuthorDate: Tue Jul 26 08:33:46 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 26 08:33:46 2022 +0200 common/memory: Fix ifdefs for ptdom_max_order In common/memory.c the ifdef code surrounding ptdom_max_order is using HAS_PASSTHROUGH instead of CONFIG_HAS_PASSTHROUGH, fix the problem using the correct macro. Fixes: e0d44c1f9461 ("build: convert HAS_PASSTHROUGH use to Kconfig") Signed-off-by: Luca Fancellu Reviewed-by: Jan Beulich --- xen/common/memory.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/common/memory.c b/xen/common/memory.c index f6f794914d..bc89442ba5 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -58,7 +58,7 @@ struct memop_args { static unsigned int __read_mostly domu_max_order = CONFIG_DOMU_MAX_ORDER; static unsigned int __read_mostly ctldom_max_order = CONFIG_CTLDOM_MAX_ORDER; static unsigned int __read_mostly hwdom_max_order = CONFIG_HWDOM_MAX_ORDER; -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH static unsigned int __read_mostly ptdom_max_order = CONFIG_PTDOM_MAX_ORDER; #endif @@ -70,7 +70,7 @@ static int __init cf_check parse_max_order(const char *s) ctldom_max_order = simple_strtoul(s, &s, 0); if ( *s == ',' && *++s != ',' ) hwdom_max_order = simple_strtoul(s, &s, 0); -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH if ( *s == ',' && *++s != ',' ) ptdom_max_order = simple_strtoul(s, &s, 0); #endif @@ -83,7 +83,7 @@ static unsigned int max_order(const struct domain *d) { unsigned int order = domu_max_order; -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH if ( cache_flush_permitted(d) && order < ptdom_max_order ) order = ptdom_max_order; #endif -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 01:00:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 01:00:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375827.608282 (Exim 4.92) (envelope-from ) id 1oGVP9-0005D0-RP; Wed, 27 Jul 2022 01:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375827.608282; Wed, 27 Jul 2022 01:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGVP9-0005Bx-Nd; Wed, 27 Jul 2022 01:00:03 +0000 Received: by outflank-mailman (input) for mailman id 375827; Wed, 27 Jul 2022 01:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGVP8-0004Mt-1j for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 01:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGVP7-0007TZ-Tw for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 01:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGVP7-0005KM-SX for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 01:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2dWehM/SND5XvRYrErqD7nvtal4aokgW6gWEmbwIGW8=; b=hNND+K+8KpIhTWdjiYQyvnEWab iGl9Uksay/KYlx8kBgUJbkZnbyz1FYswfJ9mWhN8lSE7bzOf8Ym2MzCggncoKmyPCRd6zZ9BxkAg+ Hcl+TIaz7JRM733KdKM7WKiO2EpPllywRdbdd4dw3nB+EqCu05fhrgXbWZc0wLeCI02U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/mm: correct TLB flush condition in _get_page_type() Message-Id: Date: Wed, 27 Jul 2022 01:00:01 +0000 commit ef571a5a11e70365106db15144236d7bb5117abe Author: Jan Beulich AuthorDate: Tue Jul 26 15:04:11 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 26 15:04:11 2022 +0200 x86/mm: correct TLB flush condition in _get_page_type() When this logic was moved, it was moved across the point where nx is updated to hold the new type for the page. IOW originally it was equivalent to using x (and perhaps x would better have been used), but now it isn't anymore. Switch to using x, which then brings things in line again with the slightly earlier comment there (now) talking about transitions _from_ writable. I have to confess though that I cannot make a direct connection between the reported observed behavior of guests leaving several pages around with pending general references and the change here. Repeated testing, nevertheless, confirms the reported issue is no longer there. This is CVE-2022-33745 / XSA-408. Reported-by: Charles Arnold Fixes: 8cc5036bc385 ("x86/pv: Fix ABAC cmpxchg() race in _get_page_type()") Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: a9949efb288fd6e21bbaf9d5826207c7c41cda27 master date: 2022-07-26 14:54:34 +0200 --- xen/arch/x86/mm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 3b72d9e8d3..f11ad9cb2d 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -2994,7 +2994,7 @@ static int _get_page_type(struct page_info *page, unsigned long type, if ( unlikely(!cpumask_empty(mask)) && /* Shadow mode: track only writable pages. */ (!shadow_mode_enabled(d) || - ((nx & PGT_type_mask) == PGT_writable_page)) ) + ((x & PGT_type_mask) == PGT_writable_page)) ) { perfc_incr(need_flush_tlb_flush); /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 03:33:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 03:33:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375849.608296 (Exim 4.92) (envelope-from ) id 1oGXnD-0003d4-4a; Wed, 27 Jul 2022 03:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375849.608296; Wed, 27 Jul 2022 03:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGXnD-0003cv-1J; Wed, 27 Jul 2022 03:33:03 +0000 Received: by outflank-mailman (input) for mailman id 375849; Wed, 27 Jul 2022 03:33:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGXnB-0003cp-Ei for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 03:33:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGXnB-0000oc-Cr for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 03:33:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGXnB-0004ct-C8 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 03:33:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vPe10jRpHq78mRxoU7Q5QQoT4PmqSDGkFoDc9Jzceko=; b=vEG/gB9IQRwgucqP/yMOHlzow4 4J/j+yb2xFHRi4rOwKYBG999Y55D8owtjiepiBwwc2PWa9c1swheUOrMsoyZANmlXEW0xMfEu669z L+KRmMCh6lcQ2byF3Lk64EDI2fOYypYlNennY2Cp6o/8/VniuhSlclFox0bY8dtx3+r0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/mm: correct TLB flush condition in _get_page_type() Message-Id: Date: Wed, 27 Jul 2022 03:33:01 +0000 commit 3859f3ee7e37323ae5e0014c07ba8d3a4d7890b2 Author: Jan Beulich AuthorDate: Tue Jul 26 15:03:14 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 26 15:03:14 2022 +0200 x86/mm: correct TLB flush condition in _get_page_type() When this logic was moved, it was moved across the point where nx is updated to hold the new type for the page. IOW originally it was equivalent to using x (and perhaps x would better have been used), but now it isn't anymore. Switch to using x, which then brings things in line again with the slightly earlier comment there (now) talking about transitions _from_ writable. I have to confess though that I cannot make a direct connection between the reported observed behavior of guests leaving several pages around with pending general references and the change here. Repeated testing, nevertheless, confirms the reported issue is no longer there. This is CVE-2022-33745 / XSA-408. Reported-by: Charles Arnold Fixes: 8cc5036bc385 ("x86/pv: Fix ABAC cmpxchg() race in _get_page_type()") Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: a9949efb288fd6e21bbaf9d5826207c7c41cda27 master date: 2022-07-26 14:54:34 +0200 --- xen/arch/x86/mm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 7d0747017d..c88dc749d4 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -2992,7 +2992,7 @@ static int _get_page_type(struct page_info *page, unsigned long type, if ( unlikely(!cpumask_empty(mask)) && /* Shadow mode: track only writable pages. */ (!shadow_mode_enabled(d) || - ((nx & PGT_type_mask) == PGT_writable_page)) ) + ((x & PGT_type_mask) == PGT_writable_page)) ) { perfc_incr(need_flush_tlb_flush); /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 05:22:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 05:22:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375878.608333 (Exim 4.92) (envelope-from ) id 1oGZUg-0000Uz-Md; Wed, 27 Jul 2022 05:22:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375878.608333; Wed, 27 Jul 2022 05:22:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGZUg-0000Ur-Jg; Wed, 27 Jul 2022 05:22:02 +0000 Received: by outflank-mailman (input) for mailman id 375878; Wed, 27 Jul 2022 05:22:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGZUf-0000Ul-S5 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 05:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGZUf-0003aK-PS for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 05:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGZUf-0001jW-Nl for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 05:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+LOuCLzl+1YutIST+7H00Y7aaUY7o6CXWrxd/27Q/Jc=; b=swbdbfY7pN+inb3g7HoMLAOq1B D1FMCcWWsfUVU0wQNKo7zpIqn7TscdRNzRkXbLrRVmuFXyO3RF2g69cT+BglV1GdypT4WbcBdixG6 thuHz57OQ1GruTaPrm12YJVVV8ZpaQGqSZmXbrmKKpQkJ+79+UsYzTKD8Sva77sIVqZQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/mm: correct TLB flush condition in _get_page_type() Message-Id: Date: Wed, 27 Jul 2022 05:22:01 +0000 commit 221f6a97b59e008f11eb310ad0c9b802f3bea233 Author: Jan Beulich AuthorDate: Tue Jul 26 14:59:07 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 26 14:59:07 2022 +0200 x86/mm: correct TLB flush condition in _get_page_type() When this logic was moved, it was moved across the point where nx is updated to hold the new type for the page. IOW originally it was equivalent to using x (and perhaps x would better have been used), but now it isn't anymore. Switch to using x, which then brings things in line again with the slightly earlier comment there (now) talking about transitions _from_ writable. I have to confess though that I cannot make a direct connection between the reported observed behavior of guests leaving several pages around with pending general references and the change here. Repeated testing, nevertheless, confirms the reported issue is no longer there. This is CVE-2022-33745 / XSA-408. Reported-by: Charles Arnold Fixes: 8cc5036bc385 ("x86/pv: Fix ABAC cmpxchg() race in _get_page_type()") Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: a9949efb288fd6e21bbaf9d5826207c7c41cda27 master date: 2022-07-26 14:54:34 +0200 --- xen/arch/x86/mm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index c1b9a3bb10..5812321cae 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3004,7 +3004,7 @@ static int _get_page_type(struct page_info *page, unsigned long type, if ( unlikely(!cpumask_empty(mask)) && /* Shadow mode: track only writable pages. */ (!shadow_mode_enabled(d) || - ((nx & PGT_type_mask) == PGT_writable_page)) ) + ((x & PGT_type_mask) == PGT_writable_page)) ) { perfc_incr(need_flush_tlb_flush); /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:33:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:33:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375934.608425 (Exim 4.92) (envelope-from ) id 1oGbXW-00020H-8W; Wed, 27 Jul 2022 07:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375934.608425; Wed, 27 Jul 2022 07:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbXW-000209-5b; Wed, 27 Jul 2022 07:33:06 +0000 Received: by outflank-mailman (input) for mailman id 375934; Wed, 27 Jul 2022 07:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbXU-000203-QJ for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbXU-0006Kq-Ls for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbXU-0001Bo-KJ for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Qrj/IL9dcWx88/taL6nLwBR+QTYgBYFbZqBSRiZ7Pv4=; b=IOj0l4Eq6rVszhVLWOKddEGbvy rCrh/V+wst/nSlVmUKAW2O2E5gl8269kYoJI9j21ZT9Qr9eNeHyHuFdgIImx91ssP4H0djoOdriIw /COwUnW6r6UQTDy6TMtRJdFQjVAXUV0jKWp910DTfXectIexVV6wBT4GfkVwN2btZSxo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xl: relax freemem()'s retry calculation Message-Id: Date: Wed, 27 Jul 2022 07:33:04 +0000 commit 6f814c377bb6959af0f8e74edc2582e14c427091 Author: Jan Beulich AuthorDate: Wed Jul 27 09:14:32 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:14:32 2022 +0200 xl: relax freemem()'s retry calculation While in principle possible also under other conditions as long as other parallel operations potentially consuming memory aren't "locked out", in particular with IOMMU large page mappings used in Dom0 (for PV when in strict mode; for PVH when not sharing page tables with HAP) ballooning out of individual pages can actually lead to less free memory available afterwards. This is because to split a large page, one or more page table pages are necessary (one per level that is split). When rebooting a guest I've observed freemem() to fail: A single page was required to be ballooned out (presumably because of heap fragmentation in the hypervisor). This ballooning out of a single page of course went fast, but freemem() then found that it would require to balloon out another page. This repeating just another time leads to the function to signal failure to the caller - without having come anywhere near the designated 30s that the whole process is allowed to not make any progress at all. Convert from a simple retry count to actually calculating elapsed time, subtracting from an initial credit of 30s. Don't go as far as limiting the "wait_secs" value passed to libxl_wait_for_memory_target(), though. While this leads to the overall process now possibly taking longer (if the previous iteration ended very close to the intended 30s), this compensates to some degree for the value passed really meaning "allowed to run for this long without making progress". Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD master commit: e58370df76eacf1f7ca0340e9b96430c77b41a79 master date: 2022-07-12 15:25:00 +0200 --- tools/xl/xl_vmcontrol.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/xl/xl_vmcontrol.c b/tools/xl/xl_vmcontrol.c index 435155a033..5dee7730ca 100644 --- a/tools/xl/xl_vmcontrol.c +++ b/tools/xl/xl_vmcontrol.c @@ -321,7 +321,8 @@ static int domain_wait_event(uint32_t domid, libxl_event **event_r) */ static bool freemem(uint32_t domid, libxl_domain_config *d_config) { - int rc, retries = 3; + int rc; + double credit = 30; uint64_t need_memkb, free_memkb; if (!autoballoon) @@ -332,6 +333,8 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) return false; do { + time_t start; + rc = libxl_get_free_memory(ctx, &free_memkb); if (rc < 0) return false; @@ -345,12 +348,13 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) /* wait until dom0 reaches its target, as long as we are making * progress */ + start = time(NULL); rc = libxl_wait_for_memory_target(ctx, 0, 10); if (rc < 0) return false; - retries--; - } while (retries > 0); + credit -= difftime(time(NULL), start); + } while (credit > 0); return false; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:33:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:33:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375935.608428 (Exim 4.92) (envelope-from ) id 1oGbXg-00022H-9y; Wed, 27 Jul 2022 07:33:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375935.608428; Wed, 27 Jul 2022 07:33:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbXg-000229-7D; Wed, 27 Jul 2022 07:33:16 +0000 Received: by outflank-mailman (input) for mailman id 375935; Wed, 27 Jul 2022 07:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbXe-00021u-Qe for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbXe-0006LA-Pl for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbXe-0001CM-O1 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+3f0Su/vGRaeFCOI7kosEBRNwXAIIfaxLxxwEvnvesk=; b=FZ7S0bc5A8bOlB7tDUGoMWVzE9 mw95L1gxbwtjcO3bCejjm5SFyUrlB3v68zVdUp84BDBon4AIWEiNCWOQatyFnzrg1sbZxj5fF4M9s Q/Ql/zziwN+1JKP24D5VdxiYHw6VHAtbllFmFxpe7FRlAQGcFWORtiBUUyrysyOerlEk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] tools/init-xenstore-domain: fix memory map for PVH stubdom Message-Id: Date: Wed, 27 Jul 2022 07:33:14 +0000 commit 6e542a835de8554eae716e17cc565a2f7e217b39 Author: Juergen Gross AuthorDate: Wed Jul 27 09:19:41 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:19:41 2022 +0200 tools/init-xenstore-domain: fix memory map for PVH stubdom In case of maxmem != memsize the E820 map of the PVH stubdom is wrong, as it is missing the RAM above memsize. Additionally the memory map should only specify the Xen special pages as reserved. Signed-off-by: Juergen Gross Reviewed-by: Anthony PERARD master commit: 134d53f577076d4f26091e25762f27cc3c73bf58 master date: 2022-07-12 15:25:20 +0200 --- tools/helpers/init-xenstore-domain.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tools/helpers/init-xenstore-domain.c b/tools/helpers/init-xenstore-domain.c index b205a79ee6..11ebf79e6d 100644 --- a/tools/helpers/init-xenstore-domain.c +++ b/tools/helpers/init-xenstore-domain.c @@ -72,8 +72,9 @@ static int build(xc_interface *xch) char cmdline[512]; int rv, xs_fd; struct xc_dom_image *dom = NULL; - int limit_kb = (maxmem ? : (memory + 1)) * 1024; + int limit_kb = (maxmem ? : memory) * 1024 + X86_HVM_NR_SPECIAL_PAGES * 4; uint64_t mem_size = MB(memory); + uint64_t max_size = MB(maxmem ? : memory); struct e820entry e820[3]; struct xen_domctl_createdomain config = { .ssidref = SECINITSID_DOMU, @@ -166,13 +167,16 @@ static int build(xc_interface *xch) dom->mmio_start = LAPIC_BASE_ADDRESS; dom->max_vcpus = 1; e820[0].addr = 0; - e820[0].size = dom->lowmem_end; + e820[0].size = (max_size > LAPIC_BASE_ADDRESS) ? + LAPIC_BASE_ADDRESS : max_size; e820[0].type = E820_RAM; - e820[1].addr = LAPIC_BASE_ADDRESS; - e820[1].size = dom->mmio_size; + e820[1].addr = (X86_HVM_END_SPECIAL_REGION - + X86_HVM_NR_SPECIAL_PAGES) << XC_PAGE_SHIFT; + e820[1].size = X86_HVM_NR_SPECIAL_PAGES << XC_PAGE_SHIFT; e820[1].type = E820_RESERVED; e820[2].addr = GB(4); - e820[2].size = dom->highmem_end - GB(4); + e820[2].size = (max_size > LAPIC_BASE_ADDRESS) ? + max_size - LAPIC_BASE_ADDRESS : 0; e820[2].type = E820_RAM; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:33:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:33:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375936.608433 (Exim 4.92) (envelope-from ) id 1oGbXq-00025E-By; Wed, 27 Jul 2022 07:33:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375936.608433; Wed, 27 Jul 2022 07:33:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbXq-000256-8g; Wed, 27 Jul 2022 07:33:26 +0000 Received: by outflank-mailman (input) for mailman id 375936; Wed, 27 Jul 2022 07:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbXo-00024h-U9 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbXo-0006LV-Sp for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbXo-0001Cq-S6 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/BzmhifbXtGLAYcFrSVMp2cX6Fd2l0dkfdk8GbN83WE=; b=GkHzJ6YM6cO81LrCdYlwqEUAfI QPTZeVSPHyGlOpSD4eHmNWAoR6UYtukP+axmOdxxBnKrRvgYpXPIZO3QMut7OH/XlGlXq5XTnAtyb JjsbWN4D8/T8Sqla4pMWl1QSQknzVWNvL+GH5rX6wvwIQD0rg439zOc4lCWUXgKlumis=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xl: move freemem()'s "credit expired" loop exit Message-Id: Date: Wed, 27 Jul 2022 07:33:24 +0000 commit bfbcae445cd118cee6d0aa25c15f9eb7f8baa353 Author: Jan Beulich AuthorDate: Wed Jul 27 09:20:06 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:20:06 2022 +0200 xl: move freemem()'s "credit expired" loop exit Move the "credit expired" loop exit to the middle of the loop, immediately after "return true". This way having reached the goal on the last iteration would be reported as success to the caller, rather than as "timed out". Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD master commit: d8f8cb8bdd02fad3b6986ae93511f750fa7f7e6a master date: 2022-07-18 17:48:18 +0200 --- tools/xl/xl_vmcontrol.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tools/xl/xl_vmcontrol.c b/tools/xl/xl_vmcontrol.c index 5dee7730ca..d1c6f8aae6 100644 --- a/tools/xl/xl_vmcontrol.c +++ b/tools/xl/xl_vmcontrol.c @@ -332,7 +332,7 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) if (rc < 0) return false; - do { + for (;;) { time_t start; rc = libxl_get_free_memory(ctx, &free_memkb); @@ -342,6 +342,9 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) if (free_memkb >= need_memkb) return true; + if (credit <= 0) + return false; + rc = libxl_set_memory_target(ctx, 0, free_memkb - need_memkb, 1, 0); if (rc < 0) return false; @@ -354,9 +357,7 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) return false; credit -= difftime(time(NULL), start); - } while (credit > 0); - - return false; + } } static void reload_domain_config(uint32_t domid, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:33:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:33:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375937.608437 (Exim 4.92) (envelope-from ) id 1oGbY0-00028c-F9; Wed, 27 Jul 2022 07:33:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375937.608437; Wed, 27 Jul 2022 07:33:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbY0-00028T-CX; Wed, 27 Jul 2022 07:33:36 +0000 Received: by outflank-mailman (input) for mailman id 375937; Wed, 27 Jul 2022 07:33:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbXz-000281-0c for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbXy-0006Lf-Vz for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbXy-0001DH-V8 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=V/HX/nFWi5pA9jLKPR3oTXiOEncI8gt7d2fyQjH/TFs=; b=6K6AKhyZh0bK8oeeWJs5W/zFiM 4eXvRi4uebjLdkoO/jEVUHm7z4A5vMI0Utbo5ugmaEI+d0OpNUgPiA4ca4KdhW02S+ZjAYOrsrEC/ p592nlMLZDKUuUeNwVct3RvMDjunwTalWRlKpFdoNPrsjABIWVPoxOeEx9TaXXDvhBIs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR Message-Id: Date: Wed, 27 Jul 2022 07:33:34 +0000 commit 9ab8e95d8f53005bfe28c558c183cbd67335cf49 Author: Jan Beulich AuthorDate: Wed Jul 27 09:20:36 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:20:36 2022 +0200 x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR There are command line controls for this and the default also isn't "always enable when hardware supports it", which logging should take into account. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: fdbf8bdfebc2ed323c521848f642cc4f6b8cb662 master date: 2022-07-19 08:36:53 +0200 --- xen/arch/x86/spec_ctrl.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 1d9796c34d..864233f4cf 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -511,13 +511,12 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || - boot_cpu_has(X86_FEATURE_MD_CLEAR) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - opt_eager_fpu) ? "" : " None", + opt_eager_fpu || opt_md_clear_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + opt_md_clear_hvm ? " MD_CLEAR" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif @@ -525,13 +524,12 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || - boot_cpu_has(X86_FEATURE_MD_CLEAR) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - opt_eager_fpu) ? "" : " None", + opt_eager_fpu || opt_md_clear_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + opt_md_clear_pv ? " MD_CLEAR" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:33:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:33:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375938.608440 (Exim 4.92) (envelope-from ) id 1oGbYA-0002BB-Gh; Wed, 27 Jul 2022 07:33:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375938.608440; Wed, 27 Jul 2022 07:33:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYA-0002B3-E8; Wed, 27 Jul 2022 07:33:46 +0000 Received: by outflank-mailman (input) for mailman id 375938; Wed, 27 Jul 2022 07:33:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbY9-0002As-3p for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbY9-0006Lr-2v for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbY9-0001FD-24 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GDDCkU/Cd6pnfg/SPJHoFOv7rGptaloO6xwrDUlYfF4=; b=AM2gxx2SoQgmbNV7C8RAAwmzNs hZQaKIHb6TQ4/Zm+yUFtEu6K9dWQ/WZlQGtxRFLHPJpqp3KVtqCwLvr0GiQP1E7815WayztO3FZOO U67I2osuLpueqr655gd1WfDYejJZ/ZqsyIkN0hJXyk2ECDq3kKSKLIM+qugF3agr6HcY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86: deal with gcc12 release build issues Message-Id: Date: Wed, 27 Jul 2022 07:33:45 +0000 commit d09c4272de5640c5a7ccb7a42fb643ad6fd1032e Author: Jan Beulich AuthorDate: Wed Jul 27 09:21:20 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:21:20 2022 +0200 x86: deal with gcc12 release build issues While a number of issues we previously had with pre-release gcc12 were fixed in the final release, we continue to have one issue (with multiple instances) when doing release builds (i.e. at higher optimization levels): The compiler takes issue with subtracting (always 1 in our case) from artifical labels (expressed as array) marking the end of certain regions. This isn't an unreasonable position to take. Simply hide the "array-ness" by casting to an integer type. To keep things looking consistently, apply the same cast also on the respective expressions dealing with the starting addresses. (Note how efi_arch_memory_setup()'s l2_table_offset() invocations avoid a similar issue by already having the necessary casts.) In is_xen_fixed_mfn() further switch from __pa() to virt_to_maddr() to better match the left sides of the <= operators. Reported-by: Charles Arnold Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 9723507daf2120131410c91980d4e4d9b0d0aa90 master date: 2022-07-19 08:37:29 +0200 --- xen/arch/x86/efi/efi-boot.h | 6 +++--- xen/include/asm-x86/mm.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index 9b0cc29aae..4ee77fb9bf 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -626,10 +626,10 @@ static void __init efi_arch_memory_setup(void) * appropriate l2 slots to map. */ #define l2_4G_offset(a) \ - (((UINTN)(a) >> L2_PAGETABLE_SHIFT) & (4 * L2_PAGETABLE_ENTRIES - 1)) + (((a) >> L2_PAGETABLE_SHIFT) & (4 * L2_PAGETABLE_ENTRIES - 1)) - for ( i = l2_4G_offset(_start); - i <= l2_4G_offset(_end - 1); ++i ) + for ( i = l2_4G_offset((UINTN)_start); + i <= l2_4G_offset((UINTN)_end - 1); ++i ) { l2_pgentry_t pte = l2e_from_paddr(i << L2_PAGETABLE_SHIFT, __PAGE_HYPERVISOR | _PAGE_PSE); diff --git a/xen/include/asm-x86/mm.h b/xen/include/asm-x86/mm.h index 7464167ae1..7bdf9c2290 100644 --- a/xen/include/asm-x86/mm.h +++ b/xen/include/asm-x86/mm.h @@ -309,8 +309,8 @@ struct page_info #define is_xen_heap_mfn(mfn) \ (mfn_valid(mfn) && is_xen_heap_page(mfn_to_page(mfn))) #define is_xen_fixed_mfn(mfn) \ - (((mfn_to_maddr(mfn)) >= __pa(_stext)) && \ - ((mfn_to_maddr(mfn)) <= __pa(__2M_rwdata_end - 1))) + (((mfn_to_maddr(mfn)) >= virt_to_maddr((unsigned long)_stext)) && \ + ((mfn_to_maddr(mfn)) <= virt_to_maddr((unsigned long)__2M_rwdata_end - 1))) #define PRtype_info "016lx"/* should only be used for printk's */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:33:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:33:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375939.608444 (Exim 4.92) (envelope-from ) id 1oGbYK-0002ET-Ib; Wed, 27 Jul 2022 07:33:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375939.608444; Wed, 27 Jul 2022 07:33:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYK-0002EL-FY; Wed, 27 Jul 2022 07:33:56 +0000 Received: by outflank-mailman (input) for mailman id 375939; Wed, 27 Jul 2022 07:33:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYJ-0002E1-7P for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYJ-0006M2-6U for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbYJ-0001Ff-5m for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:33:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HwjnH0nPL/xLWIwYHYs7IoEo2D/1YQ1GtIhVz+1fbHM=; b=ZN9+GDmkqlJkK2CxiBiiXyGfnV FqEPknzaU4qz+XXsDyqASj9bF6QTM3Uy+FEUCxStguQcIvW7I8pPY49X02KQajuz+5P6QgHv302rO 1bEtGdclLnk2N0jdVsdczet51Leag3Uek6yByDpqkErx63r9F1pw31m7P6HuDyVMGcKw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86emul: add memory operand low bits checks for ENQCMD{,S} Message-Id: Date: Wed, 27 Jul 2022 07:33:55 +0000 commit a5361f912c8a9e05bd371df57d6387fde03ab075 Author: Jan Beulich AuthorDate: Wed Jul 27 09:21:59 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:21:59 2022 +0200 x86emul: add memory operand low bits checks for ENQCMD{,S} Already ISE rev 044 added text to this effect; rev 045 further dropped leftover earlier text indicating the contrary: - ENQCMD requires the low 32 bits of the memory operand to be clear, - ENDCMDS requires bits 20...30 of the memory operand to be clear. Fixes: d27385968741 ("x86emul: support ENQCMD insns") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: d620c66bdbe5510c3bae89be8cc7ca9a2a6cbaba master date: 2022-07-20 15:46:48 +0200 --- xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index e3667cb1a3..441086ea86 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -10499,6 +10499,7 @@ x86_emulate( goto done; if ( vex.pfx == vex_f2 ) /* enqcmd */ { + generate_exception_if(mmvalp->data32[0], EXC_GP, 0); fail_if(!ops->read_msr); if ( (rc = ops->read_msr(MSR_PASID, &msr_val, ctxt)) != X86EMUL_OKAY ) @@ -10506,7 +10507,8 @@ x86_emulate( generate_exception_if(!(msr_val & PASID_VALID), EXC_GP, 0); mmvalp->data32[0] = MASK_EXTR(msr_val, PASID_PASID_MASK); } - mmvalp->data32[0] &= ~0x7ff00000; + else + generate_exception_if(mmvalp->data32[0] & 0x7ff00000, EXC_GP, 0); state->blk = blk_enqcmd; if ( (rc = ops->blk(x86_seg_es, src.val, mmvalp, 64, &_regs.eflags, state, ctxt)) != X86EMUL_OKAY ) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:34:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:34:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375940.608449 (Exim 4.92) (envelope-from ) id 1oGbYU-0002HD-K4; Wed, 27 Jul 2022 07:34:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375940.608449; Wed, 27 Jul 2022 07:34:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYU-0002H5-HN; Wed, 27 Jul 2022 07:34:06 +0000 Received: by outflank-mailman (input) for mailman id 375940; Wed, 27 Jul 2022 07:34:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYT-0002Gu-AE for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYT-0006MP-9P for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbYT-0001GJ-8m for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3Lldz9e3uq0NVehqop4l0solU678u313lkrJCMNr7wY=; b=ZDVTOct/Gdk80z+Z3t5BSdsh3c ysjZxZAl1lCEd968wUQfKPMJE7VVJZ+mnJuUMtqDt3svi3OwoxxFLP52uwga1smnHk7nWaKdGPaJ2 ortZol46Msk7cmB2V0L/ALuUjQbq+/4Qv+fJyiexrWE7DX21lkhUgyTLbmDGkviofdmM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86: also suppress use of MMX insns Message-Id: Date: Wed, 27 Jul 2022 07:34:05 +0000 commit 5e3a9b45c74d51c7908f809ca3ff59f18e84ab5d Author: Jan Beulich AuthorDate: Wed Jul 27 09:22:31 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:22:31 2022 +0200 x86: also suppress use of MMX insns Passing -mno-sse alone is not enough: The compiler may still find (questionable) reasons to use MMX insns. In particular with gcc12 use of MOVD+PUNPCKLDQ+MOVQ was observed in an apparent attempt to auto- vectorize the storing of two adjacent zeroes, 32 bits each. Reported-by: ChrisD Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 6fe2e39a0243bddba60f83b77b972a5922d25eb8 master date: 2022-07-20 15:48:49 +0200 --- xen/arch/x86/arch.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 976ac5aafe..27272f767a 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -37,9 +37,9 @@ $(call as-option-add,CFLAGS,CC,\ CFLAGS += -mno-red-zone -fpic -# Xen doesn't use SSE interally. If the compiler supports it, also skip the -# SSE setup for variadic function calls. -CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) +# Xen doesn't use MMX or SSE interally. If the compiler supports it, also skip +# the SSE setup for variadic function calls. +CFLAGS += -mno-mmx -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) ifeq ($(CONFIG_INDIRECT_THUNK),y) # Compile with gcc thunk-extern, indirect-branch-register if available. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:34:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:34:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375941.608453 (Exim 4.92) (envelope-from ) id 1oGbYe-0002JW-LP; Wed, 27 Jul 2022 07:34:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375941.608453; Wed, 27 Jul 2022 07:34:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYe-0002JO-Is; Wed, 27 Jul 2022 07:34:16 +0000 Received: by outflank-mailman (input) for mailman id 375941; Wed, 27 Jul 2022 07:34:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYd-0002JF-DI for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYd-0006Ms-CN for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbYd-0001HY-Bh for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FXtdPCVX8AU4kb2b9BfnL6AVbEdt7W8M8lNCkJlpdjQ=; b=4PeIZGZIbfk66MG55BSKYcuaSj azrkagB3iNGPZbW4g5HJA25QJW9aFTO4E84tv54QdTwdGSnVCkzkKGl3mWPmLhvSiLDO//XddIVVN Idw3RtJplTF380c+F0lzmhvrPIAaoGcCqG6Vvl42QyCQ6dme405sv+oc/V58A7NT5TX0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] common/memory: Fix ifdefs for ptdom_max_order Message-Id: Date: Wed, 27 Jul 2022 07:34:15 +0000 commit d77bb6e5375f19c64d182fb7b2e53138152421b5 Author: Luca Fancellu AuthorDate: Wed Jul 27 09:22:54 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:22:54 2022 +0200 common/memory: Fix ifdefs for ptdom_max_order In common/memory.c the ifdef code surrounding ptdom_max_order is using HAS_PASSTHROUGH instead of CONFIG_HAS_PASSTHROUGH, fix the problem using the correct macro. Fixes: e0d44c1f9461 ("build: convert HAS_PASSTHROUGH use to Kconfig") Signed-off-by: Luca Fancellu Reviewed-by: Jan Beulich master commit: 5707470bf3103ebae43697a7ac2faced6cd35f92 master date: 2022-07-26 08:33:46 +0200 --- xen/common/memory.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/common/memory.c b/xen/common/memory.c index 30d255da35..064de4ad8d 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -58,7 +58,7 @@ struct memop_args { static unsigned int __read_mostly domu_max_order = CONFIG_DOMU_MAX_ORDER; static unsigned int __read_mostly ctldom_max_order = CONFIG_CTLDOM_MAX_ORDER; static unsigned int __read_mostly hwdom_max_order = CONFIG_HWDOM_MAX_ORDER; -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH static unsigned int __read_mostly ptdom_max_order = CONFIG_PTDOM_MAX_ORDER; #endif @@ -70,7 +70,7 @@ static int __init parse_max_order(const char *s) ctldom_max_order = simple_strtoul(s, &s, 0); if ( *s == ',' && *++s != ',' ) hwdom_max_order = simple_strtoul(s, &s, 0); -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH if ( *s == ',' && *++s != ',' ) ptdom_max_order = simple_strtoul(s, &s, 0); #endif @@ -83,7 +83,7 @@ static unsigned int max_order(const struct domain *d) { unsigned int order = domu_max_order; -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH if ( cache_flush_permitted(d) && order < ptdom_max_order ) order = ptdom_max_order; #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:34:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:34:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375942.608456 (Exim 4.92) (envelope-from ) id 1oGbYp-0002Mj-Mq; Wed, 27 Jul 2022 07:34:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375942.608456; Wed, 27 Jul 2022 07:34:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYp-0002Mb-KM; Wed, 27 Jul 2022 07:34:27 +0000 Received: by outflank-mailman (input) for mailman id 375942; Wed, 27 Jul 2022 07:34:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYn-0002MM-Rn for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYn-0006N4-Qx for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbYn-0001Jr-QE for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VSteGpH4dxeA65MEo6+3b3fThhD4ucZStBmdOoxO4/k=; b=FjZ/LTpny2xqlDQ3O0fY5dOLOy 6sfASdFpaMGc6Z5QFRJXuzf+18wjeHPeKq7DVtAUkTxBflAjK80C7B95pyFBMaujFZHBMrCA/w05R cqK9Kc8o8Sp+0dIcqld9uFsqTZv8I8XVsEMvoo19MuhMXsldMpC97RGjfkYVGG/W2KRw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xl: relax freemem()'s retry calculation Message-Id: Date: Wed, 27 Jul 2022 07:34:25 +0000 commit 2173d9c8be28d5f33c0e299a363ac994867d111b Author: Jan Beulich AuthorDate: Wed Jul 27 09:28:46 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:28:46 2022 +0200 xl: relax freemem()'s retry calculation While in principle possible also under other conditions as long as other parallel operations potentially consuming memory aren't "locked out", in particular with IOMMU large page mappings used in Dom0 (for PV when in strict mode; for PVH when not sharing page tables with HAP) ballooning out of individual pages can actually lead to less free memory available afterwards. This is because to split a large page, one or more page table pages are necessary (one per level that is split). When rebooting a guest I've observed freemem() to fail: A single page was required to be ballooned out (presumably because of heap fragmentation in the hypervisor). This ballooning out of a single page of course went fast, but freemem() then found that it would require to balloon out another page. This repeating just another time leads to the function to signal failure to the caller - without having come anywhere near the designated 30s that the whole process is allowed to not make any progress at all. Convert from a simple retry count to actually calculating elapsed time, subtracting from an initial credit of 30s. Don't go as far as limiting the "wait_secs" value passed to libxl_wait_for_memory_target(), though. While this leads to the overall process now possibly taking longer (if the previous iteration ended very close to the intended 30s), this compensates to some degree for the value passed really meaning "allowed to run for this long without making progress". Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD master commit: e58370df76eacf1f7ca0340e9b96430c77b41a79 master date: 2022-07-12 15:25:00 +0200 --- tools/xl/xl_vmcontrol.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/xl/xl_vmcontrol.c b/tools/xl/xl_vmcontrol.c index 435155a033..5dee7730ca 100644 --- a/tools/xl/xl_vmcontrol.c +++ b/tools/xl/xl_vmcontrol.c @@ -321,7 +321,8 @@ static int domain_wait_event(uint32_t domid, libxl_event **event_r) */ static bool freemem(uint32_t domid, libxl_domain_config *d_config) { - int rc, retries = 3; + int rc; + double credit = 30; uint64_t need_memkb, free_memkb; if (!autoballoon) @@ -332,6 +333,8 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) return false; do { + time_t start; + rc = libxl_get_free_memory(ctx, &free_memkb); if (rc < 0) return false; @@ -345,12 +348,13 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) /* wait until dom0 reaches its target, as long as we are making * progress */ + start = time(NULL); rc = libxl_wait_for_memory_target(ctx, 0, 10); if (rc < 0) return false; - retries--; - } while (retries > 0); + credit -= difftime(time(NULL), start); + } while (credit > 0); return false; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:34:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:34:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375943.608462 (Exim 4.92) (envelope-from ) id 1oGbYz-0002Pi-PH; Wed, 27 Jul 2022 07:34:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375943.608462; Wed, 27 Jul 2022 07:34:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYz-0002PZ-Lq; Wed, 27 Jul 2022 07:34:37 +0000 Received: by outflank-mailman (input) for mailman id 375943; Wed, 27 Jul 2022 07:34:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYx-0002P1-UX for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbYx-0006NE-Tj for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbYx-0001L7-TD for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0QU0/qZbkpAlZYIJABtdwbDkx7LfCwzQjVu1TWJPof0=; b=B6b+7mwLZQV8T1DUhR+xl+Nb2y +kzsWOnvmneLjDrDngsStKzHpg27YpyjgpBPacVE9AAMQfXd+zalbDh5zmWOWfR6NmOQpbCM6x4iX LmCKmd5tq1GdJxciN2pbvTwgTK/uicHFLjJabYx0MxrWn11yFdb+Voj/b533IbwYouF8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] tools/init-xenstore-domain: fix memory map for PVH stubdom Message-Id: Date: Wed, 27 Jul 2022 07:34:35 +0000 commit a2684d9cbbfb02b268be7e551674f709db0617a4 Author: Juergen Gross AuthorDate: Wed Jul 27 09:29:08 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:29:08 2022 +0200 tools/init-xenstore-domain: fix memory map for PVH stubdom In case of maxmem != memsize the E820 map of the PVH stubdom is wrong, as it is missing the RAM above memsize. Additionally the memory map should only specify the Xen special pages as reserved. Signed-off-by: Juergen Gross Reviewed-by: Anthony PERARD master commit: 134d53f577076d4f26091e25762f27cc3c73bf58 master date: 2022-07-12 15:25:20 +0200 --- tools/helpers/init-xenstore-domain.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tools/helpers/init-xenstore-domain.c b/tools/helpers/init-xenstore-domain.c index 6836002f0b..32689abd74 100644 --- a/tools/helpers/init-xenstore-domain.c +++ b/tools/helpers/init-xenstore-domain.c @@ -72,8 +72,9 @@ static int build(xc_interface *xch) char cmdline[512]; int rv, xs_fd; struct xc_dom_image *dom = NULL; - int limit_kb = (maxmem ? : (memory + 1)) * 1024; + int limit_kb = (maxmem ? : memory) * 1024 + X86_HVM_NR_SPECIAL_PAGES * 4; uint64_t mem_size = MB(memory); + uint64_t max_size = MB(maxmem ? : memory); struct e820entry e820[3]; struct xen_domctl_createdomain config = { .ssidref = SECINITSID_DOMU, @@ -157,13 +158,16 @@ static int build(xc_interface *xch) dom->mmio_start = LAPIC_BASE_ADDRESS; dom->max_vcpus = 1; e820[0].addr = 0; - e820[0].size = dom->lowmem_end; + e820[0].size = (max_size > LAPIC_BASE_ADDRESS) ? + LAPIC_BASE_ADDRESS : max_size; e820[0].type = E820_RAM; - e820[1].addr = LAPIC_BASE_ADDRESS; - e820[1].size = dom->mmio_size; + e820[1].addr = (X86_HVM_END_SPECIAL_REGION - + X86_HVM_NR_SPECIAL_PAGES) << XC_PAGE_SHIFT; + e820[1].size = X86_HVM_NR_SPECIAL_PAGES << XC_PAGE_SHIFT; e820[1].type = E820_RESERVED; e820[2].addr = GB(4); - e820[2].size = dom->highmem_end - GB(4); + e820[2].size = (max_size > LAPIC_BASE_ADDRESS) ? + max_size - LAPIC_BASE_ADDRESS : 0; e820[2].type = E820_RAM; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:34:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:34:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375944.608465 (Exim 4.92) (envelope-from ) id 1oGbZ9-0002TL-Rs; Wed, 27 Jul 2022 07:34:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375944.608465; Wed, 27 Jul 2022 07:34:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZ9-0002TC-PI; Wed, 27 Jul 2022 07:34:47 +0000 Received: by outflank-mailman (input) for mailman id 375944; Wed, 27 Jul 2022 07:34:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZ8-0002Sr-17 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZ8-0006NS-0J for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbZ7-0001M7-Vq for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ap7A9Pj6Pkn5KzFbQR5K3hh6Dxr3m2G6GJt497FSNn8=; b=GF/Q5fQ773P+xZaShfsAE17BBI HCWseBvbC6KfTLFNvYOpXa3DE6z6dObxs+/SMoKIPo1AR4F7FZZ/18mfGGx69FPTIQK14Tlzg7v3H dhc7pnTgBq/jepmJcrwol3p+DKPfJBPIAtxBTkudkeipUdSlC05/6OvID5iHmMiq1L9o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xl: move freemem()'s "credit expired" loop exit Message-Id: Date: Wed, 27 Jul 2022 07:34:45 +0000 commit c37099426ea678c1d5b6c99ae5ad6834f4edd2e6 Author: Jan Beulich AuthorDate: Wed Jul 27 09:29:31 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:29:31 2022 +0200 xl: move freemem()'s "credit expired" loop exit Move the "credit expired" loop exit to the middle of the loop, immediately after "return true". This way having reached the goal on the last iteration would be reported as success to the caller, rather than as "timed out". Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD master commit: d8f8cb8bdd02fad3b6986ae93511f750fa7f7e6a master date: 2022-07-18 17:48:18 +0200 --- tools/xl/xl_vmcontrol.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tools/xl/xl_vmcontrol.c b/tools/xl/xl_vmcontrol.c index 5dee7730ca..d1c6f8aae6 100644 --- a/tools/xl/xl_vmcontrol.c +++ b/tools/xl/xl_vmcontrol.c @@ -332,7 +332,7 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) if (rc < 0) return false; - do { + for (;;) { time_t start; rc = libxl_get_free_memory(ctx, &free_memkb); @@ -342,6 +342,9 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) if (free_memkb >= need_memkb) return true; + if (credit <= 0) + return false; + rc = libxl_set_memory_target(ctx, 0, free_memkb - need_memkb, 1, 0); if (rc < 0) return false; @@ -354,9 +357,7 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) return false; credit -= difftime(time(NULL), start); - } while (credit > 0); - - return false; + } } static void reload_domain_config(uint32_t domid, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:34:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:34:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375945.608469 (Exim 4.92) (envelope-from ) id 1oGbZJ-0002Vo-TR; Wed, 27 Jul 2022 07:34:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375945.608469; Wed, 27 Jul 2022 07:34:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZJ-0002Vh-Qp; Wed, 27 Jul 2022 07:34:57 +0000 Received: by outflank-mailman (input) for mailman id 375945; Wed, 27 Jul 2022 07:34:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZI-0002VY-44 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZI-0006Nh-3E for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbZI-0001Mt-2b for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:34:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eX6YN0mFD0IvtTcK9SYkugj0SpCwaAYZ3GAeP1/HXBo=; b=G1j4Rz1FHxAfXoWNx3aaKkmpuw iEvnKmX6aWBwF3g5UXaxXgetplDFVfdOjBMtTqTRRoscOMautFhBa2QQM3rk7AXQcbV0QUl4F3+OE Qakjw2kb8MLYa0zmpiLzySC+HnOLnVEWJf8aP1dVCtFBWlfKjIQnCeZYBYXfMbKS0sEs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR Message-Id: Date: Wed, 27 Jul 2022 07:34:56 +0000 commit 5f1d0179e15d726622a49044a825894d5010df15 Author: Jan Beulich AuthorDate: Wed Jul 27 09:29:54 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:29:54 2022 +0200 x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR There are command line controls for this and the default also isn't "always enable when hardware supports it", which logging should take into account. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: fdbf8bdfebc2ed323c521848f642cc4f6b8cb662 master date: 2022-07-19 08:36:53 +0200 --- xen/arch/x86/spec_ctrl.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 563519ce0e..f7b0251c42 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -511,13 +511,12 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || - boot_cpu_has(X86_FEATURE_MD_CLEAR) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - opt_eager_fpu) ? "" : " None", + opt_eager_fpu || opt_md_clear_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + opt_md_clear_hvm ? " MD_CLEAR" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif @@ -525,13 +524,12 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || - boot_cpu_has(X86_FEATURE_MD_CLEAR) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - opt_eager_fpu) ? "" : " None", + opt_eager_fpu || opt_md_clear_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + opt_md_clear_pv ? " MD_CLEAR" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:35:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:35:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375946.608473 (Exim 4.92) (envelope-from ) id 1oGbZT-0002YW-VU; Wed, 27 Jul 2022 07:35:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375946.608473; Wed, 27 Jul 2022 07:35:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZT-0002YP-Sc; Wed, 27 Jul 2022 07:35:07 +0000 Received: by outflank-mailman (input) for mailman id 375946; Wed, 27 Jul 2022 07:35:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZS-0002YF-77 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:35:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZS-0006O4-6J for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:35:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbZS-0001Nv-5V for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:35:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Fa3G4Fq1/na7nCQ/Tm6diAQvbjC4ATY+gur0v+TplaM=; b=Pnlzltldx4tFrUdFc+JTIBG6// D/S9bu7hH1AaLkvBQd01DoaWFlSBuMMebrV1K4zOuys9CqAdml1PXK7pRz8QbQEhXMsrsfIEN5QWW jqxKhph+cWw05lnI5dRrJGt26v9OzHlxfXrB139eBuqY4amGj4KMDNKcIZyHMkEo0ENE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86: deal with gcc12 release build issues Message-Id: Date: Wed, 27 Jul 2022 07:35:06 +0000 commit a095c6cde8a717325cc31bb393c547cad5e16e35 Author: Jan Beulich AuthorDate: Wed Jul 27 09:30:24 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:30:24 2022 +0200 x86: deal with gcc12 release build issues While a number of issues we previously had with pre-release gcc12 were fixed in the final release, we continue to have one issue (with multiple instances) when doing release builds (i.e. at higher optimization levels): The compiler takes issue with subtracting (always 1 in our case) from artifical labels (expressed as array) marking the end of certain regions. This isn't an unreasonable position to take. Simply hide the "array-ness" by casting to an integer type. To keep things looking consistently, apply the same cast also on the respective expressions dealing with the starting addresses. (Note how efi_arch_memory_setup()'s l2_table_offset() invocations avoid a similar issue by already having the necessary casts.) In is_xen_fixed_mfn() further switch from __pa() to virt_to_maddr() to better match the left sides of the <= operators. Reported-by: Charles Arnold Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 9723507daf2120131410c91980d4e4d9b0d0aa90 master date: 2022-07-19 08:37:29 +0200 --- xen/arch/x86/efi/efi-boot.h | 6 +++--- xen/include/asm-x86/mm.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index 2541ba1f32..84fd779314 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -624,10 +624,10 @@ static void __init efi_arch_memory_setup(void) * appropriate l2 slots to map. */ #define l2_4G_offset(a) \ - (((UINTN)(a) >> L2_PAGETABLE_SHIFT) & (4 * L2_PAGETABLE_ENTRIES - 1)) + (((a) >> L2_PAGETABLE_SHIFT) & (4 * L2_PAGETABLE_ENTRIES - 1)) - for ( i = l2_4G_offset(_start); - i <= l2_4G_offset(_end - 1); ++i ) + for ( i = l2_4G_offset((UINTN)_start); + i <= l2_4G_offset((UINTN)_end - 1); ++i ) { l2_pgentry_t pte = l2e_from_paddr(i << L2_PAGETABLE_SHIFT, __PAGE_HYPERVISOR | _PAGE_PSE); diff --git a/xen/include/asm-x86/mm.h b/xen/include/asm-x86/mm.h index 5c19b71eca..71dd28f126 100644 --- a/xen/include/asm-x86/mm.h +++ b/xen/include/asm-x86/mm.h @@ -309,8 +309,8 @@ struct page_info #define is_xen_heap_mfn(mfn) \ (mfn_valid(mfn) && is_xen_heap_page(mfn_to_page(mfn))) #define is_xen_fixed_mfn(mfn) \ - (((mfn_to_maddr(mfn)) >= __pa(_stext)) && \ - ((mfn_to_maddr(mfn)) <= __pa(__2M_rwdata_end - 1))) + (((mfn_to_maddr(mfn)) >= virt_to_maddr((unsigned long)_stext)) && \ + ((mfn_to_maddr(mfn)) <= virt_to_maddr((unsigned long)__2M_rwdata_end - 1))) #define PRtype_info "016lx"/* should only be used for printk's */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:35:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:35:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375947.608476 (Exim 4.92) (envelope-from ) id 1oGbZe-0002bX-0U; Wed, 27 Jul 2022 07:35:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375947.608476; Wed, 27 Jul 2022 07:35:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZd-0002bQ-UC; Wed, 27 Jul 2022 07:35:17 +0000 Received: by outflank-mailman (input) for mailman id 375947; Wed, 27 Jul 2022 07:35:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZc-0002b5-AV for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:35:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZc-0006OU-9c for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:35:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbZc-0001Or-92 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:35:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AmsqUuWp2fp0PeeFLf1bAJnKT0FTmtoEUlCRHBtYtdc=; b=X3BzEZk+AccunSS/CfUg+MhXJg 7FdywrjCuNWQ7Tr3QaETavyaFaBL2d/S/ORwfIOI+sRqgsdn+PEvN2P6R6Lyw+d4N/PHoxgbb5TL7 /sAXQI+bgS6RWBh5E4yFlXt/THMw/Mu0+k0XSDlRfe3Ll89itqnxgPnFSIqMY+bYJ4to=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86emul: add memory operand low bits checks for ENQCMD{,S} Message-Id: Date: Wed, 27 Jul 2022 07:35:16 +0000 commit 4799a202a9017360708c18aa8cd699bd8d6be08b Author: Jan Beulich AuthorDate: Wed Jul 27 09:31:01 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:31:01 2022 +0200 x86emul: add memory operand low bits checks for ENQCMD{,S} Already ISE rev 044 added text to this effect; rev 045 further dropped leftover earlier text indicating the contrary: - ENQCMD requires the low 32 bits of the memory operand to be clear, - ENDCMDS requires bits 20...30 of the memory operand to be clear. Fixes: d27385968741 ("x86emul: support ENQCMD insns") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: d620c66bdbe5510c3bae89be8cc7ca9a2a6cbaba master date: 2022-07-20 15:46:48 +0200 --- xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 5e297f7971..247c14dc4e 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -10464,6 +10464,7 @@ x86_emulate( goto done; if ( vex.pfx == vex_f2 ) /* enqcmd */ { + generate_exception_if(mmvalp->data32[0], EXC_GP, 0); fail_if(!ops->read_msr); if ( (rc = ops->read_msr(MSR_PASID, &msr_val, ctxt)) != X86EMUL_OKAY ) @@ -10471,7 +10472,8 @@ x86_emulate( generate_exception_if(!(msr_val & PASID_VALID), EXC_GP, 0); mmvalp->data32[0] = MASK_EXTR(msr_val, PASID_PASID_MASK); } - mmvalp->data32[0] &= ~0x7ff00000; + else + generate_exception_if(mmvalp->data32[0] & 0x7ff00000, EXC_GP, 0); state->blk = blk_enqcmd; if ( (rc = ops->blk(x86_seg_es, src.val, mmvalp, 64, &_regs.eflags, state, ctxt)) != X86EMUL_OKAY ) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:35:28 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:35:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375948.608480 (Exim 4.92) (envelope-from ) id 1oGbZo-0002e8-2J; Wed, 27 Jul 2022 07:35:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375948.608480; Wed, 27 Jul 2022 07:35:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZn-0002dz-Vl; Wed, 27 Jul 2022 07:35:27 +0000 Received: by outflank-mailman (input) for mailman id 375948; Wed, 27 Jul 2022 07:35:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZm-0002dp-DC for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:35:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZm-0006QE-CR for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:35:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbZm-0001Pe-Bm for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:35:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EBJ2N7ASt995+aVXY+KaT1mRuTRo7HOeMoSDSoRw8mw=; b=blmaBJlrnzvvGdbT0iHx9TKa9q TmtskSS1KjGYJhTznEjBs5OfqRJQBkZ8uYETrVALeB6obM19V7V4FYjn5WFG9UqgPRpAUF452YMoq 1Ar+Oi4IZoRsAPyZkqWW8rfNN0G8Tudp3SqZYsYQan7KkHelNJFYME/oeMDCGL6yrjlU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86: also suppress use of MMX insns Message-Id: Date: Wed, 27 Jul 2022 07:35:26 +0000 commit 30d3de4c61c297e12662df1fdb89af335947e59d Author: Jan Beulich AuthorDate: Wed Jul 27 09:31:31 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:31:31 2022 +0200 x86: also suppress use of MMX insns Passing -mno-sse alone is not enough: The compiler may still find (questionable) reasons to use MMX insns. In particular with gcc12 use of MOVD+PUNPCKLDQ+MOVQ was observed in an apparent attempt to auto- vectorize the storing of two adjacent zeroes, 32 bits each. Reported-by: ChrisD Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 6fe2e39a0243bddba60f83b77b972a5922d25eb8 master date: 2022-07-20 15:48:49 +0200 --- xen/arch/x86/arch.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 456e5d5c1a..c4337a1a11 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -37,9 +37,9 @@ $(call as-option-add,CFLAGS,CC,\ CFLAGS += -mno-red-zone -fpic -# Xen doesn't use SSE interally. If the compiler supports it, also skip the -# SSE setup for variadic function calls. -CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) +# Xen doesn't use MMX or SSE interally. If the compiler supports it, also skip +# the SSE setup for variadic function calls. +CFLAGS += -mno-mmx -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) # Compile with thunk-extern, indirect-branch-register if avaiable. CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:35:38 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:35:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375949.608485 (Exim 4.92) (envelope-from ) id 1oGbZy-0002hE-3i; Wed, 27 Jul 2022 07:35:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375949.608485; Wed, 27 Jul 2022 07:35:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZy-0002h6-17; Wed, 27 Jul 2022 07:35:38 +0000 Received: by outflank-mailman (input) for mailman id 375949; Wed, 27 Jul 2022 07:35:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZw-0002gr-G4 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:35:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbZw-0006QP-FI for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:35:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbZw-0001QS-Ek for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:35:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=otfwPmXILnxEHmUQUqM6F99kwAohStsVnjX2vzyvd3Y=; b=TXZ1YS07X6eUs9rwnAoUIZBwsW KPL4jIs8Vj9rFNUGJOqXH3YAKGfvmC5xCyhMfauO1RBqut/tcfd3qDk0x7trOFz/tIGlbbTnJR/Q1 1cH4vFNda6XvHEbF5C2un3lycdRqoQFQWxzX0TTuJ0hAnrgmyLky96z8pDx5WKVi/JeI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] common/memory: Fix ifdefs for ptdom_max_order Message-Id: Date: Wed, 27 Jul 2022 07:35:36 +0000 commit b64f1c9e3e3a2a416c7bb5aab77ba5d2cba98638 Author: Luca Fancellu AuthorDate: Wed Jul 27 09:31:49 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:31:49 2022 +0200 common/memory: Fix ifdefs for ptdom_max_order In common/memory.c the ifdef code surrounding ptdom_max_order is using HAS_PASSTHROUGH instead of CONFIG_HAS_PASSTHROUGH, fix the problem using the correct macro. Fixes: e0d44c1f9461 ("build: convert HAS_PASSTHROUGH use to Kconfig") Signed-off-by: Luca Fancellu Reviewed-by: Jan Beulich master commit: 5707470bf3103ebae43697a7ac2faced6cd35f92 master date: 2022-07-26 08:33:46 +0200 --- xen/common/memory.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/common/memory.c b/xen/common/memory.c index 297b98a562..95b2b934e4 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -58,7 +58,7 @@ struct memop_args { static unsigned int __read_mostly domu_max_order = CONFIG_DOMU_MAX_ORDER; static unsigned int __read_mostly ctldom_max_order = CONFIG_CTLDOM_MAX_ORDER; static unsigned int __read_mostly hwdom_max_order = CONFIG_HWDOM_MAX_ORDER; -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH static unsigned int __read_mostly ptdom_max_order = CONFIG_PTDOM_MAX_ORDER; #endif @@ -70,7 +70,7 @@ static int __init parse_max_order(const char *s) ctldom_max_order = simple_strtoul(s, &s, 0); if ( *s == ',' && *++s != ',' ) hwdom_max_order = simple_strtoul(s, &s, 0); -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH if ( *s == ',' && *++s != ',' ) ptdom_max_order = simple_strtoul(s, &s, 0); #endif @@ -83,7 +83,7 @@ static unsigned int max_order(const struct domain *d) { unsigned int order = domu_max_order; -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH if ( cache_flush_permitted(d) && order < ptdom_max_order ) order = ptdom_max_order; #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 07:55:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 07:55:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.375950.608489 (Exim 4.92) (envelope-from ) id 1oGbsl-0004nb-I0; Wed, 27 Jul 2022 07:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 375950.608489; Wed, 27 Jul 2022 07:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbsl-0004nT-Ef; Wed, 27 Jul 2022 07:55:03 +0000 Received: by outflank-mailman (input) for mailman id 375950; Wed, 27 Jul 2022 07:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbsk-0004nN-63 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGbsk-0006ph-45 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGbsk-0002K5-3D for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 07:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HkszaJx2MAZcBzmioe3DEN7uHADJ0U/wYOKso5g2Cu0=; b=Pef4UHBQFMFd2CpOHz/ambBNMY +z7QgKHy5PSaMLw9joHh29HSHV5ouAUyfI6XS8QUkak5CqFe8lI/UD+Esjtt0LFbsKRdmRJ4jWb/7 I3g6cp2ZcFfo1Z1b03ljS/RT1FGUpA+VKYeOJPe7ZG4jBbtv6ro3iH2SsKAXDFn/MroM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/mm: correct TLB flush condition in _get_page_type() Message-Id: Date: Wed, 27 Jul 2022 07:55:02 +0000 commit c946524a65f3f7b795c48d304953be6d7672cfb6 Author: Jan Beulich AuthorDate: Tue Jul 26 15:05:08 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 26 15:05:08 2022 +0200 x86/mm: correct TLB flush condition in _get_page_type() When this logic was moved, it was moved across the point where nx is updated to hold the new type for the page. IOW originally it was equivalent to using x (and perhaps x would better have been used), but now it isn't anymore. Switch to using x, which then brings things in line again with the slightly earlier comment there (now) talking about transitions _from_ writable. I have to confess though that I cannot make a direct connection between the reported observed behavior of guests leaving several pages around with pending general references and the change here. Repeated testing, nevertheless, confirms the reported issue is no longer there. This is CVE-2022-33745 / XSA-408. Reported-by: Charles Arnold Fixes: 8cc5036bc385 ("x86/pv: Fix ABAC cmpxchg() race in _get_page_type()") Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: a9949efb288fd6e21bbaf9d5826207c7c41cda27 master date: 2022-07-26 14:54:34 +0200 --- xen/arch/x86/mm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 12531d3bff..2e63008570 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3080,7 +3080,7 @@ static int _get_page_type(struct page_info *page, unsigned long type, if ( unlikely(!cpumask_empty(mask)) && /* Shadow mode: track only writable pages. */ (!shadow_mode_enabled(d) || - ((nx & PGT_type_mask) == PGT_writable_page)) ) + ((x & PGT_type_mask) == PGT_writable_page)) ) { perfc_incr(need_flush_tlb_flush); flush_tlb_mask(mask); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 11:11:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 11:11:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376108.608687 (Exim 4.92) (envelope-from ) id 1oGewT-000352-Gf; Wed, 27 Jul 2022 11:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376108.608687; Wed, 27 Jul 2022 11:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGewT-00034u-Dm; Wed, 27 Jul 2022 11:11:05 +0000 Received: by outflank-mailman (input) for mailman id 376108; Wed, 27 Jul 2022 11:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGewS-00034o-1j for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 11:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGewR-0003D9-VE for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 11:11:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGewR-00040r-UZ for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 11:11:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5ULEDwrydgI06pQvsgGrs/UGKwuh3Zus0AJ36uq5xS0=; b=BNqKKOGf/pqrxS3goDSmaApbgc 4lZpUpa3iV6SiISnbNrTYbli4ockLKlFe2ugbPa+D6DPAgb18U8AK7215JKL/oQKKbSpHT0z8bkFY zYnN2r/FRl6+e3ktCok3ZR4dXJ9vC3ylFGH0jpE/GBDcZJapCbO438ScFrjst8SGfgPY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/msr: fix X2APIC_LAST Message-Id: Date: Wed, 27 Jul 2022 11:11:03 +0000 commit 13316827faadbb4f72ae6c625af9938d8f976f86 Author: Edwin Török AuthorDate: Wed Jul 27 12:57:10 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 12:57:10 2022 +0200 x86/msr: fix X2APIC_LAST The latest Intel manual now says the X2APIC reserved range is only 0x800 to 0x8ff (NOT 0xbff). This changed between SDM 68 (Nov 2018) and SDM 69 (Jan 2019). The AMD manual documents 0x800-0x8ff too. There are non-X2APIC MSRs in the 0x900-0xbff range now: e.g. 0x981 is IA32_TME_CAPABILITY, an architectural MSR. The new MSR in this range appears to have been introduced in Icelake, so this commit should be backported to Xen versions supporting Icelake. Backport: 4.13+ Signed-off-by: Edwin Török Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/vmx/vmx.c | 4 ++-- xen/arch/x86/include/asm/msr-index.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 47554cc004..17e103188a 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3397,7 +3397,7 @@ void vmx_vlapic_msr_changed(struct vcpu *v) if ( cpu_has_vmx_apic_reg_virt ) { for ( msr = MSR_X2APIC_FIRST; - msr <= MSR_X2APIC_FIRST + 0xff; msr++ ) + msr <= MSR_X2APIC_LAST; msr++ ) vmx_clear_msr_intercept(v, msr, VMX_MSR_R); vmx_set_msr_intercept(v, MSR_X2APIC_PPR, VMX_MSR_R); @@ -3418,7 +3418,7 @@ void vmx_vlapic_msr_changed(struct vcpu *v) if ( !(v->arch.hvm.vmx.secondary_exec_control & SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE) ) for ( msr = MSR_X2APIC_FIRST; - msr <= MSR_X2APIC_FIRST + 0xff; msr++ ) + msr <= MSR_X2APIC_LAST; msr++ ) vmx_set_msr_intercept(v, msr, VMX_MSR_RW); vmx_update_secondary_exec_control(v); diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index 8cab8736d8..1a928ea6af 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -148,7 +148,7 @@ #define MSR_INTERRUPT_SSP_TABLE 0x000006a8 #define MSR_X2APIC_FIRST 0x00000800 -#define MSR_X2APIC_LAST 0x00000bff +#define MSR_X2APIC_LAST 0x000008ff #define MSR_X2APIC_TPR 0x00000808 #define MSR_X2APIC_PPR 0x0000080a -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 11:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 11:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376109.608690 (Exim 4.92) (envelope-from ) id 1oGewd-00036n-Hr; Wed, 27 Jul 2022 11:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376109.608690; Wed, 27 Jul 2022 11:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGewd-00036g-FH; Wed, 27 Jul 2022 11:11:15 +0000 Received: by outflank-mailman (input) for mailman id 376109; Wed, 27 Jul 2022 11:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGewc-00036R-3b for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 11:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGewc-0003DT-2j for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 11:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGewc-00041Q-1j for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 11:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OAFYxA7dbGRqUD8UoWy08tGjZnIvk2BIT/1f+jkx3ac=; b=mqcfDiayQm4CmeJE2rqUDwrPNT nbE9+JqCi4CBe6sSuBusJ0YOdGwgvmeLK7Qx5/m9GKJ0Mp6d8fUjGpKLptO4qotbyVSa4OYcVgucH c5o99RBDJxNwnS5GeyC1Pfjc+NtAEOFTt+bDFWd2Bb+PoeVpHXeqvwJOvxfRpMHRgyXU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/shadow: drop shadow_prepare_page_type_change()'s 3rd parameter Message-Id: Date: Wed, 27 Jul 2022 11:11:14 +0000 commit cdfe7b050761853319bdb4c6d1e405687c9978ef Author: Jan Beulich AuthorDate: Wed Jul 27 12:58:16 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 12:58:16 2022 +0200 x86/shadow: drop shadow_prepare_page_type_change()'s 3rd parameter As of 8cc5036bc385 ("x86/pv: Fix ABAC cmpxchg() race in _get_page_type()") this no longer needs passing separately - the type can now be read from struct page_info, as the call now happens after its writing. While there also constify the 2nd parameter. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/include/asm/shadow.h | 7 +++---- xen/arch/x86/mm.c | 2 +- xen/arch/x86/mm/shadow/common.c | 6 +++--- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/include/asm/shadow.h b/xen/arch/x86/include/asm/shadow.h index 7ef76cc063..1365fe4805 100644 --- a/xen/arch/x86/include/asm/shadow.h +++ b/xen/arch/x86/include/asm/shadow.h @@ -84,8 +84,8 @@ void shadow_final_teardown(struct domain *d); void sh_remove_shadows(struct domain *d, mfn_t gmfn, int fast, int all); /* Adjust shadows ready for a guest page to change its type. */ -void shadow_prepare_page_type_change(struct domain *d, struct page_info *page, - unsigned long new_type); +void shadow_prepare_page_type_change(struct domain *d, + const struct page_info *page); /* Discard _all_ mappings from the domain's shadows. */ void shadow_blow_tables_per_domain(struct domain *d); @@ -113,8 +113,7 @@ static inline void sh_remove_shadows(struct domain *d, mfn_t gmfn, int fast, int all) {} static inline void shadow_prepare_page_type_change(struct domain *d, - struct page_info *page, - unsigned long new_type) {} + const struct page_info *page) {} static inline void shadow_blow_tables_per_domain(struct domain *d) {} diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 22a4dfa838..40e132b9ba 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3018,7 +3018,7 @@ static int _get_page_type(struct page_info *page, unsigned long type, struct domain *d = page_get_owner(page); if ( d && shadow_mode_enabled(d) ) - shadow_prepare_page_type_change(d, page, type); + shadow_prepare_page_type_change(d, page); if ( (x & PGT_type_mask) != type ) { diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 06a0f22906..c37c3bb077 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -2265,8 +2265,8 @@ void sh_remove_shadows(struct domain *d, mfn_t gmfn, int fast, int all) paging_unlock(d); } -void shadow_prepare_page_type_change(struct domain *d, struct page_info *page, - unsigned long new_type) +void shadow_prepare_page_type_change(struct domain *d, + const struct page_info *page) { if ( !(page->count_info & PGC_page_table) ) return; @@ -2278,7 +2278,7 @@ void shadow_prepare_page_type_change(struct domain *d, struct page_info *page, * pages are allowed to become writeable. */ if ( (page->shadow_flags & SHF_oos_may_write) && - new_type == PGT_writable_page ) + (page->u.inuse.type_info & PGT_type_mask) == PGT_writable_page ) return; #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 11:11:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 11:11:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376110.608694 (Exim 4.92) (envelope-from ) id 1oGewn-00039y-JG; Wed, 27 Jul 2022 11:11:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376110.608694; Wed, 27 Jul 2022 11:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGewn-00039q-Gl; Wed, 27 Jul 2022 11:11:25 +0000 Received: by outflank-mailman (input) for mailman id 376110; Wed, 27 Jul 2022 11:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGewm-00039f-6f for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 11:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGewm-0003Dk-5m for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 11:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGewm-00041s-4x for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 11:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uQxwkhcOZPucJ4wszCqrVGmKkwbZ88a9f14OoWPziSw=; b=EFB3p2vQSDNXYY9pY4o/xgwHZl QtDz2TPKNZJui7sKB3MUqHdaa766S9xAba5cP7hXjqBS7lzH/Ssr6QRfnULLNZa6DddmFaXq6ERwJ +A8OyhUk/wKjZFezRsQoM1cBab2i9VncKkUUu4CO/mQ8bPkpLWj+ZBKKDhMnAXfQbbCE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] mm: enforce return value checking on get_page() Message-Id: Date: Wed, 27 Jul 2022 11:11:24 +0000 commit b06edbf70e1a417a6f16b2cf9d799c560a2483b3 Author: Jan Beulich AuthorDate: Wed Jul 27 12:58:50 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 12:58:50 2022 +0200 mm: enforce return value checking on get_page() It's hard to imagine a case where an error may legitimately be ignored here. It's bad enough that in at least one case (set_shadow_status()) the return value was checked only by way of ASSERT()ing. Signed-off-by: Jan Beulich Acked-by: Julien Grall --- xen/include/xen/mm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 6dee421bb8..35b065146f 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -61,7 +61,7 @@ struct page_info; void put_page(struct page_info *); -bool get_page(struct page_info *, const struct domain *); +bool __must_check get_page(struct page_info *, const struct domain *); struct domain *__must_check page_get_owner_and_reference(struct page_info *); /* Boot-time allocator. Turns into generic allocator after bootstrap. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 11:11:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 11:11:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376111.608698 (Exim 4.92) (envelope-from ) id 1oGewx-0003CS-Kt; Wed, 27 Jul 2022 11:11:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376111.608698; Wed, 27 Jul 2022 11:11:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGewx-0003CL-IN; Wed, 27 Jul 2022 11:11:35 +0000 Received: by outflank-mailman (input) for mailman id 376111; Wed, 27 Jul 2022 11:11:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGeww-0003CB-BW for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 11:11:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGeww-0003Dx-Ae for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 11:11:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGeww-00042O-86 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 11:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IH9PQrgqm4vnbO5KX2/92qQ7viwKymsrBgsLA1GtDKg=; b=EVJl8806fzVU/zJH0pN3P2zHW+ y4ziuor0P8bEyWRuN9nb6QYiik67Rh0aTFTtAZxdJCnokudlh57r2sRUdaBouBRFM0uZ4JNi6KJW6 B/qxAgiPDCnteluSd29l7Q3ChM0BJboW5SFnUSx37d/xajk+4JGQRPWa4IkcTeICqTyg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/PV: correct post-preemption progress recording in iommu_memory_setup() Message-Id: Date: Wed, 27 Jul 2022 11:11:34 +0000 commit f732240fd3bac25116151db5ddeb7203b62e85ce Author: Jan Beulich AuthorDate: Wed Jul 27 13:00:08 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 13:00:08 2022 +0200 x86/PV: correct post-preemption progress recording in iommu_memory_setup() Coverity validly points out that the mfn_add() as used was dead code. Coverity ID: 1507475 Fixes: c1e1564c8995 ("IOMMU/x86: perform PV Dom0 mappings in batches") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/pv/dom0_build.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index 323c49b0bd..a62f0fa2ef 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -130,7 +130,7 @@ static void __init iommu_memory_setup(struct domain *d, const char *what, IOMMUF_readable | IOMMUF_writable | IOMMUF_preempt, flush_flags)) > 0 ) { - mfn_add(mfn, rc); + mfn = mfn_add(mfn, rc); nr -= rc; /* See comment below. */ for ( ; rc--; ++page ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 16:44:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 16:44:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376365.609077 (Exim 4.92) (envelope-from ) id 1oGk8h-0000R5-9N; Wed, 27 Jul 2022 16:44:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376365.609077; Wed, 27 Jul 2022 16:44:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGk8h-0000Qw-6J; Wed, 27 Jul 2022 16:44:03 +0000 Received: by outflank-mailman (input) for mailman id 376365; Wed, 27 Jul 2022 16:44:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGk8f-0000Qq-SB for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 16:44:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGk8f-0002DK-RB for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 16:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGk8f-0004dM-PW for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 16:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jo9unF+7/EyIELJ+3yleSRnxKlCNwiM/qAzGXu//ORk=; b=Rt6zO6pmbD2jaV7N5lEh4wI7vL uNYdXhnBw8zhkEeZ4e0ynOQc1QFAR1UySqOc9qoSgqSFHnBxkRmkcyTfzuZRWAFRZzsl1uwbldtH2 W3SqfBA6UQ5zjNLgMBg5GohpnUmHYrlIUA4WKNuNBQ//bqw/S+MwgCjnLhCSIxtaJQuM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/mm: correct TLB flush condition in _get_page_type() Message-Id: Date: Wed, 27 Jul 2022 16:44:01 +0000 commit a9949efb288fd6e21bbaf9d5826207c7c41cda27 Author: Jan Beulich AuthorDate: Tue Jul 26 14:54:34 2022 +0200 Commit: Jan Beulich CommitDate: Tue Jul 26 14:54:34 2022 +0200 x86/mm: correct TLB flush condition in _get_page_type() When this logic was moved, it was moved across the point where nx is updated to hold the new type for the page. IOW originally it was equivalent to using x (and perhaps x would better have been used), but now it isn't anymore. Switch to using x, which then brings things in line again with the slightly earlier comment there (now) talking about transitions _from_ writable. I have to confess though that I cannot make a direct connection between the reported observed behavior of guests leaving several pages around with pending general references and the change here. Repeated testing, nevertheless, confirms the reported issue is no longer there. This is CVE-2022-33745 / XSA-408. Reported-by: Charles Arnold Fixes: 8cc5036bc385 ("x86/pv: Fix ABAC cmpxchg() race in _get_page_type()") Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/mm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 5b81d5fbdb..2c1c35151a 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3038,7 +3038,7 @@ static int _get_page_type(struct page_info *page, unsigned long type, if ( unlikely(!cpumask_empty(mask)) && /* Shadow mode: track only writable pages. */ (!shadow_mode_enabled(d) || - ((nx & PGT_type_mask) == PGT_writable_page)) ) + ((x & PGT_type_mask) == PGT_writable_page)) ) { perfc_incr(need_flush_tlb_flush); /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 20:55:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 20:55:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376480.609268 (Exim 4.92) (envelope-from ) id 1oGo3b-0003wg-C5; Wed, 27 Jul 2022 20:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376480.609268; Wed, 27 Jul 2022 20:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo3b-0003wZ-9Q; Wed, 27 Jul 2022 20:55:03 +0000 Received: by outflank-mailman (input) for mailman id 376480; Wed, 27 Jul 2022 20:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo3a-0003wT-7J for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo3a-0007Ll-6G for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGo3a-0005Jt-5H for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NEryQaq+/9XDDXpN4cMAm+XrNhKcAfFPfyfmXGcvtQk=; b=0A+gw5tgfGyRF4R4oX1Or2rhB8 UVt0/3YjtjNaxnTBSqB4JZrHswJERpMwA4Uxi+i7qzi+hwKHxNoy7e6YhKERJ/+VTMrMeQMVVjaj4 R0PdI3p5ziTOYj+gaEmR0aDOrhMcBDB3LMrLJyywQKCdLhLOQgA5IwIYVnWZiael7VbI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xl: relax freemem()'s retry calculation Message-Id: Date: Wed, 27 Jul 2022 20:55:02 +0000 commit 2173d9c8be28d5f33c0e299a363ac994867d111b Author: Jan Beulich AuthorDate: Wed Jul 27 09:28:46 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:28:46 2022 +0200 xl: relax freemem()'s retry calculation While in principle possible also under other conditions as long as other parallel operations potentially consuming memory aren't "locked out", in particular with IOMMU large page mappings used in Dom0 (for PV when in strict mode; for PVH when not sharing page tables with HAP) ballooning out of individual pages can actually lead to less free memory available afterwards. This is because to split a large page, one or more page table pages are necessary (one per level that is split). When rebooting a guest I've observed freemem() to fail: A single page was required to be ballooned out (presumably because of heap fragmentation in the hypervisor). This ballooning out of a single page of course went fast, but freemem() then found that it would require to balloon out another page. This repeating just another time leads to the function to signal failure to the caller - without having come anywhere near the designated 30s that the whole process is allowed to not make any progress at all. Convert from a simple retry count to actually calculating elapsed time, subtracting from an initial credit of 30s. Don't go as far as limiting the "wait_secs" value passed to libxl_wait_for_memory_target(), though. While this leads to the overall process now possibly taking longer (if the previous iteration ended very close to the intended 30s), this compensates to some degree for the value passed really meaning "allowed to run for this long without making progress". Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD master commit: e58370df76eacf1f7ca0340e9b96430c77b41a79 master date: 2022-07-12 15:25:00 +0200 --- tools/xl/xl_vmcontrol.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/xl/xl_vmcontrol.c b/tools/xl/xl_vmcontrol.c index 435155a033..5dee7730ca 100644 --- a/tools/xl/xl_vmcontrol.c +++ b/tools/xl/xl_vmcontrol.c @@ -321,7 +321,8 @@ static int domain_wait_event(uint32_t domid, libxl_event **event_r) */ static bool freemem(uint32_t domid, libxl_domain_config *d_config) { - int rc, retries = 3; + int rc; + double credit = 30; uint64_t need_memkb, free_memkb; if (!autoballoon) @@ -332,6 +333,8 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) return false; do { + time_t start; + rc = libxl_get_free_memory(ctx, &free_memkb); if (rc < 0) return false; @@ -345,12 +348,13 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) /* wait until dom0 reaches its target, as long as we are making * progress */ + start = time(NULL); rc = libxl_wait_for_memory_target(ctx, 0, 10); if (rc < 0) return false; - retries--; - } while (retries > 0); + credit -= difftime(time(NULL), start); + } while (credit > 0); return false; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 20:55:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 20:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376481.609272 (Exim 4.92) (envelope-from ) id 1oGo3l-0003yx-Do; Wed, 27 Jul 2022 20:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376481.609272; Wed, 27 Jul 2022 20:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo3l-0003yn-Aw; Wed, 27 Jul 2022 20:55:13 +0000 Received: by outflank-mailman (input) for mailman id 376481; Wed, 27 Jul 2022 20:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo3k-0003yb-Ad for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo3k-0007Lt-9q for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGo3k-0005KN-8W for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O44CN4D+hCGeiCoLskMK3Z9O3P0HA/OJh3LG6ekSCl0=; b=DlGLGPzyj8trfr5umfzyIsVbxu F8lrBALGYVXVwFvOy2tkEkLHQl/LdCnSmWyKe5HKrGmnfT0LcB3mb2APaAwjPMSUrNDvIHLfmGsN9 CzJS66LW0pWg0I0QU391Igwsc7x0Ro9hB85psdyaar85p0q8rhrlCT1OpeE6LDIHzbjc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] tools/init-xenstore-domain: fix memory map for PVH stubdom Message-Id: Date: Wed, 27 Jul 2022 20:55:12 +0000 commit a2684d9cbbfb02b268be7e551674f709db0617a4 Author: Juergen Gross AuthorDate: Wed Jul 27 09:29:08 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:29:08 2022 +0200 tools/init-xenstore-domain: fix memory map for PVH stubdom In case of maxmem != memsize the E820 map of the PVH stubdom is wrong, as it is missing the RAM above memsize. Additionally the memory map should only specify the Xen special pages as reserved. Signed-off-by: Juergen Gross Reviewed-by: Anthony PERARD master commit: 134d53f577076d4f26091e25762f27cc3c73bf58 master date: 2022-07-12 15:25:20 +0200 --- tools/helpers/init-xenstore-domain.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tools/helpers/init-xenstore-domain.c b/tools/helpers/init-xenstore-domain.c index 6836002f0b..32689abd74 100644 --- a/tools/helpers/init-xenstore-domain.c +++ b/tools/helpers/init-xenstore-domain.c @@ -72,8 +72,9 @@ static int build(xc_interface *xch) char cmdline[512]; int rv, xs_fd; struct xc_dom_image *dom = NULL; - int limit_kb = (maxmem ? : (memory + 1)) * 1024; + int limit_kb = (maxmem ? : memory) * 1024 + X86_HVM_NR_SPECIAL_PAGES * 4; uint64_t mem_size = MB(memory); + uint64_t max_size = MB(maxmem ? : memory); struct e820entry e820[3]; struct xen_domctl_createdomain config = { .ssidref = SECINITSID_DOMU, @@ -157,13 +158,16 @@ static int build(xc_interface *xch) dom->mmio_start = LAPIC_BASE_ADDRESS; dom->max_vcpus = 1; e820[0].addr = 0; - e820[0].size = dom->lowmem_end; + e820[0].size = (max_size > LAPIC_BASE_ADDRESS) ? + LAPIC_BASE_ADDRESS : max_size; e820[0].type = E820_RAM; - e820[1].addr = LAPIC_BASE_ADDRESS; - e820[1].size = dom->mmio_size; + e820[1].addr = (X86_HVM_END_SPECIAL_REGION - + X86_HVM_NR_SPECIAL_PAGES) << XC_PAGE_SHIFT; + e820[1].size = X86_HVM_NR_SPECIAL_PAGES << XC_PAGE_SHIFT; e820[1].type = E820_RESERVED; e820[2].addr = GB(4); - e820[2].size = dom->highmem_end - GB(4); + e820[2].size = (max_size > LAPIC_BASE_ADDRESS) ? + max_size - LAPIC_BASE_ADDRESS : 0; e820[2].type = E820_RAM; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 20:55:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 20:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376482.609276 (Exim 4.92) (envelope-from ) id 1oGo3v-00041o-F9; Wed, 27 Jul 2022 20:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376482.609276; Wed, 27 Jul 2022 20:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo3v-00041f-CV; Wed, 27 Jul 2022 20:55:23 +0000 Received: by outflank-mailman (input) for mailman id 376482; Wed, 27 Jul 2022 20:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo3u-00041V-Dp for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo3u-0007MP-D2 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGo3u-0005Kv-C7 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3TLZKXAvAv46aHEZA+5pDgj548X3+aIGIrVal6GTmGk=; b=WYC9J1TT7hWRDB9lGWK+iE9o8e jPLDW+apG+rMPc/+ljfpPHGLrCTlX11Z9sFYQi54YxAnMnl2rcEb9AH5ZrQ/qlabQ+7FxzSNRxQZE P83OKxR7174YGWmRdHsaGgmeHalcvRBWkFmVl2n2tSVZt8fNvt/dFBqawqpQuhIMcyeg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xl: move freemem()'s "credit expired" loop exit Message-Id: Date: Wed, 27 Jul 2022 20:55:22 +0000 commit c37099426ea678c1d5b6c99ae5ad6834f4edd2e6 Author: Jan Beulich AuthorDate: Wed Jul 27 09:29:31 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:29:31 2022 +0200 xl: move freemem()'s "credit expired" loop exit Move the "credit expired" loop exit to the middle of the loop, immediately after "return true". This way having reached the goal on the last iteration would be reported as success to the caller, rather than as "timed out". Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD master commit: d8f8cb8bdd02fad3b6986ae93511f750fa7f7e6a master date: 2022-07-18 17:48:18 +0200 --- tools/xl/xl_vmcontrol.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tools/xl/xl_vmcontrol.c b/tools/xl/xl_vmcontrol.c index 5dee7730ca..d1c6f8aae6 100644 --- a/tools/xl/xl_vmcontrol.c +++ b/tools/xl/xl_vmcontrol.c @@ -332,7 +332,7 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) if (rc < 0) return false; - do { + for (;;) { time_t start; rc = libxl_get_free_memory(ctx, &free_memkb); @@ -342,6 +342,9 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) if (free_memkb >= need_memkb) return true; + if (credit <= 0) + return false; + rc = libxl_set_memory_target(ctx, 0, free_memkb - need_memkb, 1, 0); if (rc < 0) return false; @@ -354,9 +357,7 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) return false; credit -= difftime(time(NULL), start); - } while (credit > 0); - - return false; + } } static void reload_domain_config(uint32_t domid, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 20:55:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 20:55:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376483.609280 (Exim 4.92) (envelope-from ) id 1oGo45-00044i-Gh; Wed, 27 Jul 2022 20:55:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376483.609280; Wed, 27 Jul 2022 20:55:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo45-00044a-Dx; Wed, 27 Jul 2022 20:55:33 +0000 Received: by outflank-mailman (input) for mailman id 376483; Wed, 27 Jul 2022 20:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo44-00044N-Hw for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo44-0007O6-H3 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGo44-0005Lb-G2 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n7SOqOR9BTi03Aw9du9ZRHXuE9ERUuDiOB32XfviVpg=; b=Wfr77H2TK5h3vqW8WF0Ckqujwi coH71Ndf+IYnU/YJwzZM6jl57wdAza0LcA6BxOelYPViYUYub8CT4tIp/95iXkrCxnMyEHxvauqK9 sAzMcbkdaLlxCrVYsfJ3JX9oTLFQAXd6edMMdxEZ5QmEnh+wF5skDmK9KORr8Ov+eLOA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR Message-Id: Date: Wed, 27 Jul 2022 20:55:32 +0000 commit 5f1d0179e15d726622a49044a825894d5010df15 Author: Jan Beulich AuthorDate: Wed Jul 27 09:29:54 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:29:54 2022 +0200 x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR There are command line controls for this and the default also isn't "always enable when hardware supports it", which logging should take into account. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: fdbf8bdfebc2ed323c521848f642cc4f6b8cb662 master date: 2022-07-19 08:36:53 +0200 --- xen/arch/x86/spec_ctrl.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 563519ce0e..f7b0251c42 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -511,13 +511,12 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || - boot_cpu_has(X86_FEATURE_MD_CLEAR) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - opt_eager_fpu) ? "" : " None", + opt_eager_fpu || opt_md_clear_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + opt_md_clear_hvm ? " MD_CLEAR" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif @@ -525,13 +524,12 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || - boot_cpu_has(X86_FEATURE_MD_CLEAR) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - opt_eager_fpu) ? "" : " None", + opt_eager_fpu || opt_md_clear_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + opt_md_clear_pv ? " MD_CLEAR" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 20:55:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 20:55:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376484.609283 (Exim 4.92) (envelope-from ) id 1oGo4F-000489-IM; Wed, 27 Jul 2022 20:55:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376484.609283; Wed, 27 Jul 2022 20:55:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo4F-000484-FQ; Wed, 27 Jul 2022 20:55:43 +0000 Received: by outflank-mailman (input) for mailman id 376484; Wed, 27 Jul 2022 20:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo4E-00046z-Kt for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo4E-0007OH-K4 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGo4E-0005M4-JK for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zrENlFvLEmwux3MyLRvJfFtBWVx5sO3edkpDinMru0k=; b=et2CQP3ddG8MZL0GP68gdWuPPI itwvtkeeIy+S75fAzd6rHJnURx7XzC4TnK1n4sYoMxU9iFF3OybX+7OLJuwCI02lJ3j65fgMmAQcJ eA6/kXw7dHsifOsMp9q0/MG7g6/AQStPH/OtyMfUzWXOhzxIKSpnYK9nnTQt3XUfsaAI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86: deal with gcc12 release build issues Message-Id: Date: Wed, 27 Jul 2022 20:55:42 +0000 commit a095c6cde8a717325cc31bb393c547cad5e16e35 Author: Jan Beulich AuthorDate: Wed Jul 27 09:30:24 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:30:24 2022 +0200 x86: deal with gcc12 release build issues While a number of issues we previously had with pre-release gcc12 were fixed in the final release, we continue to have one issue (with multiple instances) when doing release builds (i.e. at higher optimization levels): The compiler takes issue with subtracting (always 1 in our case) from artifical labels (expressed as array) marking the end of certain regions. This isn't an unreasonable position to take. Simply hide the "array-ness" by casting to an integer type. To keep things looking consistently, apply the same cast also on the respective expressions dealing with the starting addresses. (Note how efi_arch_memory_setup()'s l2_table_offset() invocations avoid a similar issue by already having the necessary casts.) In is_xen_fixed_mfn() further switch from __pa() to virt_to_maddr() to better match the left sides of the <= operators. Reported-by: Charles Arnold Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 9723507daf2120131410c91980d4e4d9b0d0aa90 master date: 2022-07-19 08:37:29 +0200 --- xen/arch/x86/efi/efi-boot.h | 6 +++--- xen/include/asm-x86/mm.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index 2541ba1f32..84fd779314 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -624,10 +624,10 @@ static void __init efi_arch_memory_setup(void) * appropriate l2 slots to map. */ #define l2_4G_offset(a) \ - (((UINTN)(a) >> L2_PAGETABLE_SHIFT) & (4 * L2_PAGETABLE_ENTRIES - 1)) + (((a) >> L2_PAGETABLE_SHIFT) & (4 * L2_PAGETABLE_ENTRIES - 1)) - for ( i = l2_4G_offset(_start); - i <= l2_4G_offset(_end - 1); ++i ) + for ( i = l2_4G_offset((UINTN)_start); + i <= l2_4G_offset((UINTN)_end - 1); ++i ) { l2_pgentry_t pte = l2e_from_paddr(i << L2_PAGETABLE_SHIFT, __PAGE_HYPERVISOR | _PAGE_PSE); diff --git a/xen/include/asm-x86/mm.h b/xen/include/asm-x86/mm.h index 5c19b71eca..71dd28f126 100644 --- a/xen/include/asm-x86/mm.h +++ b/xen/include/asm-x86/mm.h @@ -309,8 +309,8 @@ struct page_info #define is_xen_heap_mfn(mfn) \ (mfn_valid(mfn) && is_xen_heap_page(mfn_to_page(mfn))) #define is_xen_fixed_mfn(mfn) \ - (((mfn_to_maddr(mfn)) >= __pa(_stext)) && \ - ((mfn_to_maddr(mfn)) <= __pa(__2M_rwdata_end - 1))) + (((mfn_to_maddr(mfn)) >= virt_to_maddr((unsigned long)_stext)) && \ + ((mfn_to_maddr(mfn)) <= virt_to_maddr((unsigned long)__2M_rwdata_end - 1))) #define PRtype_info "016lx"/* should only be used for printk's */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 20:55:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 20:55:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376485.609289 (Exim 4.92) (envelope-from ) id 1oGo4P-0004C1-Kg; Wed, 27 Jul 2022 20:55:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376485.609289; Wed, 27 Jul 2022 20:55:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo4P-0004Bt-H3; Wed, 27 Jul 2022 20:55:53 +0000 Received: by outflank-mailman (input) for mailman id 376485; Wed, 27 Jul 2022 20:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo4O-0004Bb-Nx for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo4O-0007OR-NF for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGo4O-0005MT-Me for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LugpbZdsprXoVXDPN8+Bkte0JQZK8OA/deQRhMe0PIg=; b=aKJiV3O3NGkiHN/Z91lvtNUaEc FSvit1O4WDnU6gTUIaN/sHe/h4sb3yVo+A1wLRYPHFQO3vnr/y6GE8dkLCMATjGQZFGoZ1291WKhH TzA2tlzt6ahI3xqpEfzhGpx71TdL1bEn2SmL7eKNdpxwvbLdEbQNoRsOMg12Rw6q1tzY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86emul: add memory operand low bits checks for ENQCMD{,S} Message-Id: Date: Wed, 27 Jul 2022 20:55:52 +0000 commit 4799a202a9017360708c18aa8cd699bd8d6be08b Author: Jan Beulich AuthorDate: Wed Jul 27 09:31:01 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:31:01 2022 +0200 x86emul: add memory operand low bits checks for ENQCMD{,S} Already ISE rev 044 added text to this effect; rev 045 further dropped leftover earlier text indicating the contrary: - ENQCMD requires the low 32 bits of the memory operand to be clear, - ENDCMDS requires bits 20...30 of the memory operand to be clear. Fixes: d27385968741 ("x86emul: support ENQCMD insns") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: d620c66bdbe5510c3bae89be8cc7ca9a2a6cbaba master date: 2022-07-20 15:46:48 +0200 --- xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 5e297f7971..247c14dc4e 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -10464,6 +10464,7 @@ x86_emulate( goto done; if ( vex.pfx == vex_f2 ) /* enqcmd */ { + generate_exception_if(mmvalp->data32[0], EXC_GP, 0); fail_if(!ops->read_msr); if ( (rc = ops->read_msr(MSR_PASID, &msr_val, ctxt)) != X86EMUL_OKAY ) @@ -10471,7 +10472,8 @@ x86_emulate( generate_exception_if(!(msr_val & PASID_VALID), EXC_GP, 0); mmvalp->data32[0] = MASK_EXTR(msr_val, PASID_PASID_MASK); } - mmvalp->data32[0] &= ~0x7ff00000; + else + generate_exception_if(mmvalp->data32[0] & 0x7ff00000, EXC_GP, 0); state->blk = blk_enqcmd; if ( (rc = ops->blk(x86_seg_es, src.val, mmvalp, 64, &_regs.eflags, state, ctxt)) != X86EMUL_OKAY ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 20:56:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 20:56:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376486.609292 (Exim 4.92) (envelope-from ) id 1oGo4Z-0004FM-NE; Wed, 27 Jul 2022 20:56:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376486.609292; Wed, 27 Jul 2022 20:56:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo4Z-0004FE-KR; Wed, 27 Jul 2022 20:56:03 +0000 Received: by outflank-mailman (input) for mailman id 376486; Wed, 27 Jul 2022 20:56:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo4Y-0004F2-R4 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:56:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo4Y-0007Op-QI for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:56:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGo4Y-0005N7-PW for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=a52OeYIhu+qHdgVkAlmS+ihvGnSidbXey9Wog+oIvuw=; b=sgFe+0w3NlqExRb1p0oEx/S0AF T/XO3J4iePxvC7tQpvmSQekjAshkkXZhph+1yIsvYK4O5Im62ztnL2ANKK+TuAfCozruwUpL5e4uF sGXVWRZ9ZYy53BlVcQ5wKxiryAkNWqzDwCZJdzxAmNljt8uvJWDOsTgRgtoKqb+4Ngbo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86: also suppress use of MMX insns Message-Id: Date: Wed, 27 Jul 2022 20:56:02 +0000 commit 30d3de4c61c297e12662df1fdb89af335947e59d Author: Jan Beulich AuthorDate: Wed Jul 27 09:31:31 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:31:31 2022 +0200 x86: also suppress use of MMX insns Passing -mno-sse alone is not enough: The compiler may still find (questionable) reasons to use MMX insns. In particular with gcc12 use of MOVD+PUNPCKLDQ+MOVQ was observed in an apparent attempt to auto- vectorize the storing of two adjacent zeroes, 32 bits each. Reported-by: ChrisD Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 6fe2e39a0243bddba60f83b77b972a5922d25eb8 master date: 2022-07-20 15:48:49 +0200 --- xen/arch/x86/arch.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 456e5d5c1a..c4337a1a11 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -37,9 +37,9 @@ $(call as-option-add,CFLAGS,CC,\ CFLAGS += -mno-red-zone -fpic -# Xen doesn't use SSE interally. If the compiler supports it, also skip the -# SSE setup for variadic function calls. -CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) +# Xen doesn't use MMX or SSE interally. If the compiler supports it, also skip +# the SSE setup for variadic function calls. +CFLAGS += -mno-mmx -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) # Compile with thunk-extern, indirect-branch-register if avaiable. CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 20:56:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 20:56:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376487.609296 (Exim 4.92) (envelope-from ) id 1oGo4j-0004IF-Od; Wed, 27 Jul 2022 20:56:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376487.609296; Wed, 27 Jul 2022 20:56:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo4j-0004I7-Lv; Wed, 27 Jul 2022 20:56:13 +0000 Received: by outflank-mailman (input) for mailman id 376487; Wed, 27 Jul 2022 20:56:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo4i-0004Hv-U2 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:56:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGo4i-0007Oz-TG for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:56:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGo4i-0005NW-SZ for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 20:56:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Lfsnis8il377yR6UD3xyQOLtvpo9A2EnPJI/Ld76loE=; b=7BWGUwHPI9kNYbuzb3cI4rPMfI XW9Ua9EtOVUB6WjE6t2EzvojW90GWfALSot+AJHHYS+yTy5kOwVboSLMrgfczm9Y89A+pQOVc/L15 k4WiEbtrI/QKzjkK904/fkxq052+TJ/J6xIuc4j1Lfzoz/xxcwUUwSxKz8oCwv5dp8NM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] common/memory: Fix ifdefs for ptdom_max_order Message-Id: Date: Wed, 27 Jul 2022 20:56:12 +0000 commit b64f1c9e3e3a2a416c7bb5aab77ba5d2cba98638 Author: Luca Fancellu AuthorDate: Wed Jul 27 09:31:49 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:31:49 2022 +0200 common/memory: Fix ifdefs for ptdom_max_order In common/memory.c the ifdef code surrounding ptdom_max_order is using HAS_PASSTHROUGH instead of CONFIG_HAS_PASSTHROUGH, fix the problem using the correct macro. Fixes: e0d44c1f9461 ("build: convert HAS_PASSTHROUGH use to Kconfig") Signed-off-by: Luca Fancellu Reviewed-by: Jan Beulich master commit: 5707470bf3103ebae43697a7ac2faced6cd35f92 master date: 2022-07-26 08:33:46 +0200 --- xen/common/memory.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/common/memory.c b/xen/common/memory.c index 297b98a562..95b2b934e4 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -58,7 +58,7 @@ struct memop_args { static unsigned int __read_mostly domu_max_order = CONFIG_DOMU_MAX_ORDER; static unsigned int __read_mostly ctldom_max_order = CONFIG_CTLDOM_MAX_ORDER; static unsigned int __read_mostly hwdom_max_order = CONFIG_HWDOM_MAX_ORDER; -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH static unsigned int __read_mostly ptdom_max_order = CONFIG_PTDOM_MAX_ORDER; #endif @@ -70,7 +70,7 @@ static int __init parse_max_order(const char *s) ctldom_max_order = simple_strtoul(s, &s, 0); if ( *s == ',' && *++s != ',' ) hwdom_max_order = simple_strtoul(s, &s, 0); -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH if ( *s == ',' && *++s != ',' ) ptdom_max_order = simple_strtoul(s, &s, 0); #endif @@ -83,7 +83,7 @@ static unsigned int max_order(const struct domain *d) { unsigned int order = domu_max_order; -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH if ( cache_flush_permitted(d) && order < ptdom_max_order ) order = ptdom_max_order; #endif -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 23:22:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 23:22:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376504.609322 (Exim 4.92) (envelope-from ) id 1oGqLr-0004sk-GH; Wed, 27 Jul 2022 23:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376504.609322; Wed, 27 Jul 2022 23:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqLr-0004sa-DM; Wed, 27 Jul 2022 23:22:03 +0000 Received: by outflank-mailman (input) for mailman id 376504; Wed, 27 Jul 2022 23:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqLp-0004sU-UW for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqLp-0001eK-R0 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGqLp-0003zt-PQ for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CeER72lh1iFDHwhUeITQSsTDFL/g+CmAKYQYvSubU3E=; b=rwsfdKLF7SBJQ/A76lfQduV+S5 fhwadSPA6x0Z3PwnazpUcQB53vkNOTZt6THlAGcCwHZ87JpeQner9Of9bvgJGcalM9j7S32DkSMsN 8+8MzB+OEoUzYiXod2pX/G+pducLXoCWt/MUbPrYNpBGMjckBQcL2jGaUvH0vW25kg00=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xl: relax freemem()'s retry calculation Message-Id: Date: Wed, 27 Jul 2022 23:22:01 +0000 commit 6f814c377bb6959af0f8e74edc2582e14c427091 Author: Jan Beulich AuthorDate: Wed Jul 27 09:14:32 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:14:32 2022 +0200 xl: relax freemem()'s retry calculation While in principle possible also under other conditions as long as other parallel operations potentially consuming memory aren't "locked out", in particular with IOMMU large page mappings used in Dom0 (for PV when in strict mode; for PVH when not sharing page tables with HAP) ballooning out of individual pages can actually lead to less free memory available afterwards. This is because to split a large page, one or more page table pages are necessary (one per level that is split). When rebooting a guest I've observed freemem() to fail: A single page was required to be ballooned out (presumably because of heap fragmentation in the hypervisor). This ballooning out of a single page of course went fast, but freemem() then found that it would require to balloon out another page. This repeating just another time leads to the function to signal failure to the caller - without having come anywhere near the designated 30s that the whole process is allowed to not make any progress at all. Convert from a simple retry count to actually calculating elapsed time, subtracting from an initial credit of 30s. Don't go as far as limiting the "wait_secs" value passed to libxl_wait_for_memory_target(), though. While this leads to the overall process now possibly taking longer (if the previous iteration ended very close to the intended 30s), this compensates to some degree for the value passed really meaning "allowed to run for this long without making progress". Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD master commit: e58370df76eacf1f7ca0340e9b96430c77b41a79 master date: 2022-07-12 15:25:00 +0200 --- tools/xl/xl_vmcontrol.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/xl/xl_vmcontrol.c b/tools/xl/xl_vmcontrol.c index 435155a033..5dee7730ca 100644 --- a/tools/xl/xl_vmcontrol.c +++ b/tools/xl/xl_vmcontrol.c @@ -321,7 +321,8 @@ static int domain_wait_event(uint32_t domid, libxl_event **event_r) */ static bool freemem(uint32_t domid, libxl_domain_config *d_config) { - int rc, retries = 3; + int rc; + double credit = 30; uint64_t need_memkb, free_memkb; if (!autoballoon) @@ -332,6 +333,8 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) return false; do { + time_t start; + rc = libxl_get_free_memory(ctx, &free_memkb); if (rc < 0) return false; @@ -345,12 +348,13 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) /* wait until dom0 reaches its target, as long as we are making * progress */ + start = time(NULL); rc = libxl_wait_for_memory_target(ctx, 0, 10); if (rc < 0) return false; - retries--; - } while (retries > 0); + credit -= difftime(time(NULL), start); + } while (credit > 0); return false; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 23:22:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 23:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376505.609326 (Exim 4.92) (envelope-from ) id 1oGqM0-0004uF-HW; Wed, 27 Jul 2022 23:22:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376505.609326; Wed, 27 Jul 2022 23:22:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqM0-0004u7-Eo; Wed, 27 Jul 2022 23:22:12 +0000 Received: by outflank-mailman (input) for mailman id 376505; Wed, 27 Jul 2022 23:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqLz-0004u1-Vi for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqLz-0001eb-U0 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGqLz-00040I-TH for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vrw+qjEic15eVHO27ikl8hVreqEEnj0/GqMgjRhvwX4=; b=6Ugpn2JqjmVlmJ8yJ6aw0gyWJW SBHsvdmZd14U7+WBUPw0AmohcyiMNt0u5QTodPsUXrB7LZPC0/+/u7of6ARKdcKLbZ0d9qON5Y0LL te6o7fLHlOtFo1e2B0FT1KXOt4edHrifG+o5orlElfzCMH+AjORakzYxTfBk6823D+w8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] tools/init-xenstore-domain: fix memory map for PVH stubdom Message-Id: Date: Wed, 27 Jul 2022 23:22:11 +0000 commit 6e542a835de8554eae716e17cc565a2f7e217b39 Author: Juergen Gross AuthorDate: Wed Jul 27 09:19:41 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:19:41 2022 +0200 tools/init-xenstore-domain: fix memory map for PVH stubdom In case of maxmem != memsize the E820 map of the PVH stubdom is wrong, as it is missing the RAM above memsize. Additionally the memory map should only specify the Xen special pages as reserved. Signed-off-by: Juergen Gross Reviewed-by: Anthony PERARD master commit: 134d53f577076d4f26091e25762f27cc3c73bf58 master date: 2022-07-12 15:25:20 +0200 --- tools/helpers/init-xenstore-domain.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tools/helpers/init-xenstore-domain.c b/tools/helpers/init-xenstore-domain.c index b205a79ee6..11ebf79e6d 100644 --- a/tools/helpers/init-xenstore-domain.c +++ b/tools/helpers/init-xenstore-domain.c @@ -72,8 +72,9 @@ static int build(xc_interface *xch) char cmdline[512]; int rv, xs_fd; struct xc_dom_image *dom = NULL; - int limit_kb = (maxmem ? : (memory + 1)) * 1024; + int limit_kb = (maxmem ? : memory) * 1024 + X86_HVM_NR_SPECIAL_PAGES * 4; uint64_t mem_size = MB(memory); + uint64_t max_size = MB(maxmem ? : memory); struct e820entry e820[3]; struct xen_domctl_createdomain config = { .ssidref = SECINITSID_DOMU, @@ -166,13 +167,16 @@ static int build(xc_interface *xch) dom->mmio_start = LAPIC_BASE_ADDRESS; dom->max_vcpus = 1; e820[0].addr = 0; - e820[0].size = dom->lowmem_end; + e820[0].size = (max_size > LAPIC_BASE_ADDRESS) ? + LAPIC_BASE_ADDRESS : max_size; e820[0].type = E820_RAM; - e820[1].addr = LAPIC_BASE_ADDRESS; - e820[1].size = dom->mmio_size; + e820[1].addr = (X86_HVM_END_SPECIAL_REGION - + X86_HVM_NR_SPECIAL_PAGES) << XC_PAGE_SHIFT; + e820[1].size = X86_HVM_NR_SPECIAL_PAGES << XC_PAGE_SHIFT; e820[1].type = E820_RESERVED; e820[2].addr = GB(4); - e820[2].size = dom->highmem_end - GB(4); + e820[2].size = (max_size > LAPIC_BASE_ADDRESS) ? + max_size - LAPIC_BASE_ADDRESS : 0; e820[2].type = E820_RAM; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 23:22:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 23:22:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376506.609330 (Exim 4.92) (envelope-from ) id 1oGqMA-0004xJ-Iy; Wed, 27 Jul 2022 23:22:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376506.609330; Wed, 27 Jul 2022 23:22:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMA-0004xB-GM; Wed, 27 Jul 2022 23:22:22 +0000 Received: by outflank-mailman (input) for mailman id 376506; Wed, 27 Jul 2022 23:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMA-0004wx-2r for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMA-0001fE-1w for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGqMA-00040n-02 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jravc9WIimMRkdSms/l2HTs2/Y85AAUJtUTYkBEkaDs=; b=eKjtNo/F+5MR9CEruro6VZQ4in cttcmrJcZZVQ0DWZwxAiVpbQWXhnSdlYI/c0dT8a5tizmBYz3KwyWE+ZYh4E6iPKhWPX+a5/DP/6e myeW9yoV1Hu0LblNw1MuD+XGnv5rscHs7CRMgeswKT1MLiy/u7jXz1bPVH63rkb2CXKU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xl: move freemem()'s "credit expired" loop exit Message-Id: Date: Wed, 27 Jul 2022 23:22:22 +0000 commit bfbcae445cd118cee6d0aa25c15f9eb7f8baa353 Author: Jan Beulich AuthorDate: Wed Jul 27 09:20:06 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:20:06 2022 +0200 xl: move freemem()'s "credit expired" loop exit Move the "credit expired" loop exit to the middle of the loop, immediately after "return true". This way having reached the goal on the last iteration would be reported as success to the caller, rather than as "timed out". Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD master commit: d8f8cb8bdd02fad3b6986ae93511f750fa7f7e6a master date: 2022-07-18 17:48:18 +0200 --- tools/xl/xl_vmcontrol.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tools/xl/xl_vmcontrol.c b/tools/xl/xl_vmcontrol.c index 5dee7730ca..d1c6f8aae6 100644 --- a/tools/xl/xl_vmcontrol.c +++ b/tools/xl/xl_vmcontrol.c @@ -332,7 +332,7 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) if (rc < 0) return false; - do { + for (;;) { time_t start; rc = libxl_get_free_memory(ctx, &free_memkb); @@ -342,6 +342,9 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) if (free_memkb >= need_memkb) return true; + if (credit <= 0) + return false; + rc = libxl_set_memory_target(ctx, 0, free_memkb - need_memkb, 1, 0); if (rc < 0) return false; @@ -354,9 +357,7 @@ static bool freemem(uint32_t domid, libxl_domain_config *d_config) return false; credit -= difftime(time(NULL), start); - } while (credit > 0); - - return false; + } } static void reload_domain_config(uint32_t domid, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 23:22:32 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 23:22:32 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376507.609334 (Exim 4.92) (envelope-from ) id 1oGqMK-000503-Kd; Wed, 27 Jul 2022 23:22:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376507.609334; Wed, 27 Jul 2022 23:22:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMK-0004zv-Ho; Wed, 27 Jul 2022 23:22:32 +0000 Received: by outflank-mailman (input) for mailman id 376507; Wed, 27 Jul 2022 23:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMK-0004zp-6a for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMK-0001fV-5i for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGqMK-00041E-4G for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zV2qQhMCUOi4q0EL3SXswd1b2appHM0NUJiS8MlpXec=; b=kTdSAz+aQIhJsJadVEizbCeXBI q7+cEdY9cps567gV6u1EBtcF4BqR/AX9b1DPIuJWBcKPuyXlBCdY2rSdvDhL28DYo5FQsLL5e9aYX uHgrYEv2g6fH90iVYGi+RvFsfVQo5t2qHOtvTCI/ZCy87a8k0oKrgmEgGEHBgL32wgIU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR Message-Id: Date: Wed, 27 Jul 2022 23:22:32 +0000 commit 9ab8e95d8f53005bfe28c558c183cbd67335cf49 Author: Jan Beulich AuthorDate: Wed Jul 27 09:20:36 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:20:36 2022 +0200 x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR There are command line controls for this and the default also isn't "always enable when hardware supports it", which logging should take into account. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: fdbf8bdfebc2ed323c521848f642cc4f6b8cb662 master date: 2022-07-19 08:36:53 +0200 --- xen/arch/x86/spec_ctrl.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 1d9796c34d..864233f4cf 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -511,13 +511,12 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || - boot_cpu_has(X86_FEATURE_MD_CLEAR) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - opt_eager_fpu) ? "" : " None", + opt_eager_fpu || opt_md_clear_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + opt_md_clear_hvm ? " MD_CLEAR" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); #endif @@ -525,13 +524,12 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk(" Support for PV VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || - boot_cpu_has(X86_FEATURE_MD_CLEAR) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - opt_eager_fpu) ? "" : " None", + opt_eager_fpu || opt_md_clear_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : "", + opt_md_clear_pv ? " MD_CLEAR" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 23:22:42 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 23:22:42 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376508.609337 (Exim 4.92) (envelope-from ) id 1oGqMU-00052a-MF; Wed, 27 Jul 2022 23:22:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376508.609337; Wed, 27 Jul 2022 23:22:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMU-00052S-JX; Wed, 27 Jul 2022 23:22:42 +0000 Received: by outflank-mailman (input) for mailman id 376508; Wed, 27 Jul 2022 23:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMU-00052M-9e for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMU-0001fm-8k for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGqMU-00041d-86 for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IWtyA6GOB9QVjhlnR2xnf69KCTs3lOmQFEBb5O9Dvz0=; b=lk+jqWhgvksZgbWODr4eatUml5 OPTdonuPGIFWZsz51oV7yg6QhWugFpt+Juo9wb1HFPFXIwbV1Ehh8hobay6R6YRdA9T4oI0Ax05Rt q3WXF/5rx6waPYGsz1whSx2j87//zXEq761NswhObwDo+PEp44IQn0OXy+zBhJRZB80I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86: deal with gcc12 release build issues Message-Id: Date: Wed, 27 Jul 2022 23:22:42 +0000 commit d09c4272de5640c5a7ccb7a42fb643ad6fd1032e Author: Jan Beulich AuthorDate: Wed Jul 27 09:21:20 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:21:20 2022 +0200 x86: deal with gcc12 release build issues While a number of issues we previously had with pre-release gcc12 were fixed in the final release, we continue to have one issue (with multiple instances) when doing release builds (i.e. at higher optimization levels): The compiler takes issue with subtracting (always 1 in our case) from artifical labels (expressed as array) marking the end of certain regions. This isn't an unreasonable position to take. Simply hide the "array-ness" by casting to an integer type. To keep things looking consistently, apply the same cast also on the respective expressions dealing with the starting addresses. (Note how efi_arch_memory_setup()'s l2_table_offset() invocations avoid a similar issue by already having the necessary casts.) In is_xen_fixed_mfn() further switch from __pa() to virt_to_maddr() to better match the left sides of the <= operators. Reported-by: Charles Arnold Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 9723507daf2120131410c91980d4e4d9b0d0aa90 master date: 2022-07-19 08:37:29 +0200 --- xen/arch/x86/efi/efi-boot.h | 6 +++--- xen/include/asm-x86/mm.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index 9b0cc29aae..4ee77fb9bf 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -626,10 +626,10 @@ static void __init efi_arch_memory_setup(void) * appropriate l2 slots to map. */ #define l2_4G_offset(a) \ - (((UINTN)(a) >> L2_PAGETABLE_SHIFT) & (4 * L2_PAGETABLE_ENTRIES - 1)) + (((a) >> L2_PAGETABLE_SHIFT) & (4 * L2_PAGETABLE_ENTRIES - 1)) - for ( i = l2_4G_offset(_start); - i <= l2_4G_offset(_end - 1); ++i ) + for ( i = l2_4G_offset((UINTN)_start); + i <= l2_4G_offset((UINTN)_end - 1); ++i ) { l2_pgentry_t pte = l2e_from_paddr(i << L2_PAGETABLE_SHIFT, __PAGE_HYPERVISOR | _PAGE_PSE); diff --git a/xen/include/asm-x86/mm.h b/xen/include/asm-x86/mm.h index 7464167ae1..7bdf9c2290 100644 --- a/xen/include/asm-x86/mm.h +++ b/xen/include/asm-x86/mm.h @@ -309,8 +309,8 @@ struct page_info #define is_xen_heap_mfn(mfn) \ (mfn_valid(mfn) && is_xen_heap_page(mfn_to_page(mfn))) #define is_xen_fixed_mfn(mfn) \ - (((mfn_to_maddr(mfn)) >= __pa(_stext)) && \ - ((mfn_to_maddr(mfn)) <= __pa(__2M_rwdata_end - 1))) + (((mfn_to_maddr(mfn)) >= virt_to_maddr((unsigned long)_stext)) && \ + ((mfn_to_maddr(mfn)) <= virt_to_maddr((unsigned long)__2M_rwdata_end - 1))) #define PRtype_info "016lx"/* should only be used for printk's */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 23:22:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 23:22:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376509.609341 (Exim 4.92) (envelope-from ) id 1oGqMf-00056c-Or; Wed, 27 Jul 2022 23:22:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376509.609341; Wed, 27 Jul 2022 23:22:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMf-00056V-MN; Wed, 27 Jul 2022 23:22:53 +0000 Received: by outflank-mailman (input) for mailman id 376509; Wed, 27 Jul 2022 23:22:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMe-000566-DN for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMe-0001gA-CW for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGqMe-00042J-Bi for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:22:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5EQP+neF6tvXufwz3Y4ZDN0PDOD4ysXPQeH3TvNQ9vw=; b=YvwGWp3jA0AJyTY11sCFfwic2Y wixP9kagT+JxCW1aFG7nfOWVUIOhV11s8PAXe6G7ygQUyW+96BEsg58uNUb6c0NOg7wD1kq59jg0f puKgGE9WHuDo8ayZjRpV0ihr44S++ewJvMhzx2G+HL7skBKj4e9GGb0StVbimsoSJlls=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86emul: add memory operand low bits checks for ENQCMD{,S} Message-Id: Date: Wed, 27 Jul 2022 23:22:52 +0000 commit a5361f912c8a9e05bd371df57d6387fde03ab075 Author: Jan Beulich AuthorDate: Wed Jul 27 09:21:59 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:21:59 2022 +0200 x86emul: add memory operand low bits checks for ENQCMD{,S} Already ISE rev 044 added text to this effect; rev 045 further dropped leftover earlier text indicating the contrary: - ENQCMD requires the low 32 bits of the memory operand to be clear, - ENDCMDS requires bits 20...30 of the memory operand to be clear. Fixes: d27385968741 ("x86emul: support ENQCMD insns") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: d620c66bdbe5510c3bae89be8cc7ca9a2a6cbaba master date: 2022-07-20 15:46:48 +0200 --- xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index e3667cb1a3..441086ea86 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -10499,6 +10499,7 @@ x86_emulate( goto done; if ( vex.pfx == vex_f2 ) /* enqcmd */ { + generate_exception_if(mmvalp->data32[0], EXC_GP, 0); fail_if(!ops->read_msr); if ( (rc = ops->read_msr(MSR_PASID, &msr_val, ctxt)) != X86EMUL_OKAY ) @@ -10506,7 +10507,8 @@ x86_emulate( generate_exception_if(!(msr_val & PASID_VALID), EXC_GP, 0); mmvalp->data32[0] = MASK_EXTR(msr_val, PASID_PASID_MASK); } - mmvalp->data32[0] &= ~0x7ff00000; + else + generate_exception_if(mmvalp->data32[0] & 0x7ff00000, EXC_GP, 0); state->blk = blk_enqcmd; if ( (rc = ops->blk(x86_seg_es, src.val, mmvalp, 64, &_regs.eflags, state, ctxt)) != X86EMUL_OKAY ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 23:23:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 23:23:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376510.609346 (Exim 4.92) (envelope-from ) id 1oGqMp-00059d-Qs; Wed, 27 Jul 2022 23:23:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376510.609346; Wed, 27 Jul 2022 23:23:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMp-00059V-Ns; Wed, 27 Jul 2022 23:23:03 +0000 Received: by outflank-mailman (input) for mailman id 376510; Wed, 27 Jul 2022 23:23:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMo-00059K-Gn for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:23:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMo-0001gb-Fy for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:23:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGqMo-00042w-Ek for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:23:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4lsYmQ4/NHRyMHL9z9hPQGVDQCzDUozTG0hGg6TKo2Q=; b=s0yZDkETRIbs1NTITzeE2NgjMN k+DrvTPqqPJf+/VLGuvVa6XMnxVvikrWLjTPTldvdJA1RqnLEgiU9t9NFX4/eYMnlk8C2+TY4Kn6Z w6pV5WU0qWM+uAeh2myexZU1vjp6sp+YU65H8weqCUE+BXilnDFLg3pg+LQUTQ39WGKw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86: also suppress use of MMX insns Message-Id: Date: Wed, 27 Jul 2022 23:23:02 +0000 commit 5e3a9b45c74d51c7908f809ca3ff59f18e84ab5d Author: Jan Beulich AuthorDate: Wed Jul 27 09:22:31 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:22:31 2022 +0200 x86: also suppress use of MMX insns Passing -mno-sse alone is not enough: The compiler may still find (questionable) reasons to use MMX insns. In particular with gcc12 use of MOVD+PUNPCKLDQ+MOVQ was observed in an apparent attempt to auto- vectorize the storing of two adjacent zeroes, 32 bits each. Reported-by: ChrisD Signed-off-by: Jan Beulich Acked-by: Andrew Cooper master commit: 6fe2e39a0243bddba60f83b77b972a5922d25eb8 master date: 2022-07-20 15:48:49 +0200 --- xen/arch/x86/arch.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 976ac5aafe..27272f767a 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -37,9 +37,9 @@ $(call as-option-add,CFLAGS,CC,\ CFLAGS += -mno-red-zone -fpic -# Xen doesn't use SSE interally. If the compiler supports it, also skip the -# SSE setup for variadic function calls. -CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) +# Xen doesn't use MMX or SSE interally. If the compiler supports it, also skip +# the SSE setup for variadic function calls. +CFLAGS += -mno-mmx -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) ifeq ($(CONFIG_INDIRECT_THUNK),y) # Compile with gcc thunk-extern, indirect-branch-register if available. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Jul 27 23:23:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 27 Jul 2022 23:23:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376511.609349 (Exim 4.92) (envelope-from ) id 1oGqMz-0005Cm-S2; Wed, 27 Jul 2022 23:23:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376511.609349; Wed, 27 Jul 2022 23:23:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMz-0005Ce-PW; Wed, 27 Jul 2022 23:23:13 +0000 Received: by outflank-mailman (input) for mailman id 376511; Wed, 27 Jul 2022 23:23:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMy-0005CV-Jc for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:23:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGqMy-0001gl-In for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:23:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGqMy-00043W-IF for xen-changelog@lists.xenproject.org; Wed, 27 Jul 2022 23:23:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CI87a9Vo5XvYD3enlzDCMhDeQiQRisGhByV+ddJ17ro=; b=KwUzI7+C4E52qVvCYhzh6u9His 0ohLkVAPulP2mcicI3tQTXi6R2WvsCV5QvktGH9AsFYlRQm+NspD/QuV2hk8h69iXJNYEtlL69oV8 ub6mUpGLq0PKfEpEvpzWiGdzN7h8TG+Us8bhZaKeCbZS4hRhlJklnFWek1ToiDSgoEmU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] common/memory: Fix ifdefs for ptdom_max_order Message-Id: Date: Wed, 27 Jul 2022 23:23:12 +0000 commit d77bb6e5375f19c64d182fb7b2e53138152421b5 Author: Luca Fancellu AuthorDate: Wed Jul 27 09:22:54 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 09:22:54 2022 +0200 common/memory: Fix ifdefs for ptdom_max_order In common/memory.c the ifdef code surrounding ptdom_max_order is using HAS_PASSTHROUGH instead of CONFIG_HAS_PASSTHROUGH, fix the problem using the correct macro. Fixes: e0d44c1f9461 ("build: convert HAS_PASSTHROUGH use to Kconfig") Signed-off-by: Luca Fancellu Reviewed-by: Jan Beulich master commit: 5707470bf3103ebae43697a7ac2faced6cd35f92 master date: 2022-07-26 08:33:46 +0200 --- xen/common/memory.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/common/memory.c b/xen/common/memory.c index 30d255da35..064de4ad8d 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -58,7 +58,7 @@ struct memop_args { static unsigned int __read_mostly domu_max_order = CONFIG_DOMU_MAX_ORDER; static unsigned int __read_mostly ctldom_max_order = CONFIG_CTLDOM_MAX_ORDER; static unsigned int __read_mostly hwdom_max_order = CONFIG_HWDOM_MAX_ORDER; -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH static unsigned int __read_mostly ptdom_max_order = CONFIG_PTDOM_MAX_ORDER; #endif @@ -70,7 +70,7 @@ static int __init parse_max_order(const char *s) ctldom_max_order = simple_strtoul(s, &s, 0); if ( *s == ',' && *++s != ',' ) hwdom_max_order = simple_strtoul(s, &s, 0); -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH if ( *s == ',' && *++s != ',' ) ptdom_max_order = simple_strtoul(s, &s, 0); #endif @@ -83,7 +83,7 @@ static unsigned int max_order(const struct domain *d) { unsigned int order = domu_max_order; -#ifdef HAS_PASSTHROUGH +#ifdef CONFIG_HAS_PASSTHROUGH if ( cache_flush_permitted(d) && order < ptdom_max_order ) order = ptdom_max_order; #endif -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Jul 28 08:33:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Jul 2022 08:33:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376689.609618 (Exim 4.92) (envelope-from ) id 1oGyx4-0003SW-Pg; Thu, 28 Jul 2022 08:33:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376689.609618; Thu, 28 Jul 2022 08:33:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyx4-0003SO-Mb; Thu, 28 Jul 2022 08:33:02 +0000 Received: by outflank-mailman (input) for mailman id 376689; Thu, 28 Jul 2022 08:33:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyx3-0003SI-L6 for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyx3-0003vS-JK for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGyx3-00079S-IL for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=i/ZmRM5vKt3Xw5T+QWIn7hq37cvG1RF4/KSuHZzF5yQ=; b=vFDrN0HsKQa1rZo5udy2qUz50+ c1afWqExmguYrrghaeU5ehRwwmwWxrRjShCxMMNtetgLXJ04ntb0ogrzEe428ooo8bkuJJbDSRXNk 8nURyVSgGpnoOrzs+Bfap0Y3AceXM8N0OXnPYrydquMnZHpNNfj7Z0iKQR/A8pnem7as=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/pv: Inject #GP for implicit grant unmaps Message-Id: Date: Thu, 28 Jul 2022 08:33:01 +0000 commit f61c54967f4a5ea7e0c9fc3a4e966efa26481cb9 Author: Andrew Cooper AuthorDate: Tue Jul 19 21:37:43 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 26 15:09:48 2022 +0100 x86/pv: Inject #GP for implicit grant unmaps This is a debug behaviour to identify buggy kernels. Crashing the domain is the most unhelpful thing to do, because it discards the relevant context. Instead, inject #GP[0] like other permission errors in x86. In particular, this lets the kernel provide a backtrace which is more likely to be helpful to a developer. As a bugfix, this always injects #GP[0] to current, not l1e_owner. It is not l1e_owner's fault if dom0 using superpowers triggers an implicit unmap. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/mm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 2c1c35151a..22a4dfa838 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -1229,10 +1229,10 @@ void put_page_from_l1e(l1_pgentry_t l1e, struct domain *l1e_owner) if ( (l1e_get_flags(l1e) & _PAGE_GNTTAB) && !l1e_owner->is_shutting_down && !l1e_owner->is_dying ) { - gdprintk(XENLOG_WARNING, - "Attempt to implicitly unmap a granted PTE %" PRIpte "\n", - l1e_get_intpte(l1e)); - domain_crash(l1e_owner); + gprintk(XENLOG_WARNING, + "Attempt to implicitly unmap %pd's grant PTE %" PRIpte "\n", + l1e_owner, l1e_get_intpte(l1e)); + pv_inject_hw_exception(TRAP_gp_fault, 0); } #endif -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 28 08:33:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Jul 2022 08:33:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376690.609622 (Exim 4.92) (envelope-from ) id 1oGyxE-0003UQ-Qo; Thu, 28 Jul 2022 08:33:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376690.609622; Thu, 28 Jul 2022 08:33:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxE-0003UH-O6; Thu, 28 Jul 2022 08:33:12 +0000 Received: by outflank-mailman (input) for mailman id 376690; Thu, 28 Jul 2022 08:33:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxD-0003Tz-O9 for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxD-0003vW-NN for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGyxD-0007AL-LZ for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=U7j3bjnKIkPV3+2if2WyOu2hxgiF3jYTSdtEflZ8/gQ=; b=pQklNvZf1B27zM6A4YInQeSPF7 tx4VfSKG824//PXRQO+votH+hH1Qo0NBBBWlpxh7faPTbnQWI1lRs1WecKm9G8OX1wDiUCZbGxoT6 1gb1Wfjsanb56BjBqHHUVyjvx3PCUXZGU8OWgp8uUpqlUFEyiZXb3wvWBKFXI7WdgNzg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/vpmu: Fix build following vmfork addition Message-Id: Date: Thu, 28 Jul 2022 08:33:11 +0000 commit b1f0183e5067fbcb87517795e27929982b2404fb Author: Andrew Cooper AuthorDate: Tue Jul 26 14:11:33 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Jul 26 15:09:48 2022 +0100 x86/vpmu: Fix build following vmfork addition GCC with IBT extensions complains: arch/x86/cpu/vpmu.c:351:15: error: conflicting types for 'vpmu_save_force'; have 'void(void *)' with implied 'nocf_check' attribute 351 | void cf_check vpmu_save_force(void *arg) | ^~~~~~~~~~~~~~~ In file included from ./arch/x86/include/asm/domain.h:10, from ./include/xen/domain.h:8, from ./include/xen/sched.h:11, from ./include/xen/event.h:12, from arch/x86/cpu/vpmu.c:23: ./arch/x86/include/asm/vpmu.h:117:6: note: previous declaration of 'vpmu_save_force' with type 'void(void *)' 117 | void vpmu_save_force(void *arg); | ^~~~~~~~~~~~~~~ Adjust the declaraion. Fixes: 755087eb9b10 ("xen/mem_sharing: support forks with active vPMU state") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/vpmu.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/include/asm/vpmu.h b/xen/arch/x86/include/asm/vpmu.h index 8a3ae11562..05e1fbfccf 100644 --- a/xen/arch/x86/include/asm/vpmu.h +++ b/xen/arch/x86/include/asm/vpmu.h @@ -114,7 +114,7 @@ void vpmu_do_interrupt(struct cpu_user_regs *regs); void vpmu_initialise(struct vcpu *v); void vpmu_destroy(struct vcpu *v); void vpmu_save(struct vcpu *v); -void vpmu_save_force(void *arg); +void cf_check vpmu_save_force(void *arg); int vpmu_load(struct vcpu *v, bool_t from_guest); void vpmu_dump(struct vcpu *v); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 28 08:33:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Jul 2022 08:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376695.609637 (Exim 4.92) (envelope-from ) id 1oGyxP-0003pM-9f; Thu, 28 Jul 2022 08:33:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376695.609637; Thu, 28 Jul 2022 08:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxP-0003pC-6e; Thu, 28 Jul 2022 08:33:23 +0000 Received: by outflank-mailman (input) for mailman id 376695; Thu, 28 Jul 2022 08:33:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxN-0003oQ-RP for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxN-0003w3-Qa for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGyxN-0007B3-Pg for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6F+Cd2/tcgJku9YI+brYtsWeveJLNI0NueTeq1QHDh8=; b=hQmfkYrsTzBXPCY0ne4yfO52J3 niMxSM9WpSi+Um0c7oWjE1Scp10y0v8RNJClb1LL+P/WL21NZSKk9ZrpeUvAwJfGQ2JgSmtcK7GXL e2DihF84KsFshrXnZG4X0P4s5h5CSHO0qdZYrVNqN/pg4jBqDYz/NVta5wcAQ1ZWh4u4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/msr: fix X2APIC_LAST Message-Id: Date: Thu, 28 Jul 2022 08:33:21 +0000 commit 13316827faadbb4f72ae6c625af9938d8f976f86 Author: Edwin Török AuthorDate: Wed Jul 27 12:57:10 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 12:57:10 2022 +0200 x86/msr: fix X2APIC_LAST The latest Intel manual now says the X2APIC reserved range is only 0x800 to 0x8ff (NOT 0xbff). This changed between SDM 68 (Nov 2018) and SDM 69 (Jan 2019). The AMD manual documents 0x800-0x8ff too. There are non-X2APIC MSRs in the 0x900-0xbff range now: e.g. 0x981 is IA32_TME_CAPABILITY, an architectural MSR. The new MSR in this range appears to have been introduced in Icelake, so this commit should be backported to Xen versions supporting Icelake. Backport: 4.13+ Signed-off-by: Edwin Török Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/vmx/vmx.c | 4 ++-- xen/arch/x86/include/asm/msr-index.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 47554cc004..17e103188a 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3397,7 +3397,7 @@ void vmx_vlapic_msr_changed(struct vcpu *v) if ( cpu_has_vmx_apic_reg_virt ) { for ( msr = MSR_X2APIC_FIRST; - msr <= MSR_X2APIC_FIRST + 0xff; msr++ ) + msr <= MSR_X2APIC_LAST; msr++ ) vmx_clear_msr_intercept(v, msr, VMX_MSR_R); vmx_set_msr_intercept(v, MSR_X2APIC_PPR, VMX_MSR_R); @@ -3418,7 +3418,7 @@ void vmx_vlapic_msr_changed(struct vcpu *v) if ( !(v->arch.hvm.vmx.secondary_exec_control & SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE) ) for ( msr = MSR_X2APIC_FIRST; - msr <= MSR_X2APIC_FIRST + 0xff; msr++ ) + msr <= MSR_X2APIC_LAST; msr++ ) vmx_set_msr_intercept(v, msr, VMX_MSR_RW); vmx_update_secondary_exec_control(v); diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index 8cab8736d8..1a928ea6af 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -148,7 +148,7 @@ #define MSR_INTERRUPT_SSP_TABLE 0x000006a8 #define MSR_X2APIC_FIRST 0x00000800 -#define MSR_X2APIC_LAST 0x00000bff +#define MSR_X2APIC_LAST 0x000008ff #define MSR_X2APIC_TPR 0x00000808 #define MSR_X2APIC_PPR 0x0000080a -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 28 08:33:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Jul 2022 08:33:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376696.609640 (Exim 4.92) (envelope-from ) id 1oGyxZ-0003v4-BF; Thu, 28 Jul 2022 08:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376696.609640; Thu, 28 Jul 2022 08:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxZ-0003ux-89; Thu, 28 Jul 2022 08:33:33 +0000 Received: by outflank-mailman (input) for mailman id 376696; Thu, 28 Jul 2022 08:33:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxX-0003uL-Ug for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxX-0003wU-Tm for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGyxX-0007Bn-T7 for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9UkUfwXz2C0ztnVPUXJ1khHhLX+SLgL29Ni6WWquuM4=; b=noSSFZeGEj42zgEiCRZ827Vjob 1664lapx4YU/j6SrOqzAxTbbuwPbn4OvR57o2jiGdGj4ATJbv5kxjGMo8PMgPfcjqBDzdrq7gnuNW oliMIWxGiH5xu5PPwbIzkCA7dyW37gwk26H9g8Xq66IGZaKbcaXJLLU+hrB5xlpllVG0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/shadow: drop shadow_prepare_page_type_change()'s 3rd parameter Message-Id: Date: Thu, 28 Jul 2022 08:33:31 +0000 commit cdfe7b050761853319bdb4c6d1e405687c9978ef Author: Jan Beulich AuthorDate: Wed Jul 27 12:58:16 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 12:58:16 2022 +0200 x86/shadow: drop shadow_prepare_page_type_change()'s 3rd parameter As of 8cc5036bc385 ("x86/pv: Fix ABAC cmpxchg() race in _get_page_type()") this no longer needs passing separately - the type can now be read from struct page_info, as the call now happens after its writing. While there also constify the 2nd parameter. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/include/asm/shadow.h | 7 +++---- xen/arch/x86/mm.c | 2 +- xen/arch/x86/mm/shadow/common.c | 6 +++--- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/include/asm/shadow.h b/xen/arch/x86/include/asm/shadow.h index 7ef76cc063..1365fe4805 100644 --- a/xen/arch/x86/include/asm/shadow.h +++ b/xen/arch/x86/include/asm/shadow.h @@ -84,8 +84,8 @@ void shadow_final_teardown(struct domain *d); void sh_remove_shadows(struct domain *d, mfn_t gmfn, int fast, int all); /* Adjust shadows ready for a guest page to change its type. */ -void shadow_prepare_page_type_change(struct domain *d, struct page_info *page, - unsigned long new_type); +void shadow_prepare_page_type_change(struct domain *d, + const struct page_info *page); /* Discard _all_ mappings from the domain's shadows. */ void shadow_blow_tables_per_domain(struct domain *d); @@ -113,8 +113,7 @@ static inline void sh_remove_shadows(struct domain *d, mfn_t gmfn, int fast, int all) {} static inline void shadow_prepare_page_type_change(struct domain *d, - struct page_info *page, - unsigned long new_type) {} + const struct page_info *page) {} static inline void shadow_blow_tables_per_domain(struct domain *d) {} diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 22a4dfa838..40e132b9ba 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3018,7 +3018,7 @@ static int _get_page_type(struct page_info *page, unsigned long type, struct domain *d = page_get_owner(page); if ( d && shadow_mode_enabled(d) ) - shadow_prepare_page_type_change(d, page, type); + shadow_prepare_page_type_change(d, page); if ( (x & PGT_type_mask) != type ) { diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 06a0f22906..c37c3bb077 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -2265,8 +2265,8 @@ void sh_remove_shadows(struct domain *d, mfn_t gmfn, int fast, int all) paging_unlock(d); } -void shadow_prepare_page_type_change(struct domain *d, struct page_info *page, - unsigned long new_type) +void shadow_prepare_page_type_change(struct domain *d, + const struct page_info *page) { if ( !(page->count_info & PGC_page_table) ) return; @@ -2278,7 +2278,7 @@ void shadow_prepare_page_type_change(struct domain *d, struct page_info *page, * pages are allowed to become writeable. */ if ( (page->shadow_flags & SHF_oos_may_write) && - new_type == PGT_writable_page ) + (page->u.inuse.type_info & PGT_type_mask) == PGT_writable_page ) return; #endif -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 28 08:33:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Jul 2022 08:33:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376699.609645 (Exim 4.92) (envelope-from ) id 1oGyxj-000440-Dy; Thu, 28 Jul 2022 08:33:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376699.609645; Thu, 28 Jul 2022 08:33:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxj-00043s-BI; Thu, 28 Jul 2022 08:33:43 +0000 Received: by outflank-mailman (input) for mailman id 376699; Thu, 28 Jul 2022 08:33:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxi-00043d-2A for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxi-0003wg-1G for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGyxh-0007Dm-W3 for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dOXkPNeibnc911RYBUk+sm6N4ESO6iTmqr/OBYH3AxU=; b=ZJNcNViVZ7YvmSrIBEbaGubHhj DhFoHRfGi6QSrsDiHDGC4ILo/GE9YJfHPQj3rjlMXzYIWsGVRR7heN1Ylam215w0vCktPH3i5OfVn UUmkKFXK4L+8b5x8u7uKOhWK46P9AWZ6BXzJkpQt6wjhBUm0692hoBEmy8ARGv/ppHoI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] mm: enforce return value checking on get_page() Message-Id: Date: Thu, 28 Jul 2022 08:33:41 +0000 commit b06edbf70e1a417a6f16b2cf9d799c560a2483b3 Author: Jan Beulich AuthorDate: Wed Jul 27 12:58:50 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 12:58:50 2022 +0200 mm: enforce return value checking on get_page() It's hard to imagine a case where an error may legitimately be ignored here. It's bad enough that in at least one case (set_shadow_status()) the return value was checked only by way of ASSERT()ing. Signed-off-by: Jan Beulich Acked-by: Julien Grall --- xen/include/xen/mm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 6dee421bb8..35b065146f 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -61,7 +61,7 @@ struct page_info; void put_page(struct page_info *); -bool get_page(struct page_info *, const struct domain *); +bool __must_check get_page(struct page_info *, const struct domain *); struct domain *__must_check page_get_owner_and_reference(struct page_info *); /* Boot-time allocator. Turns into generic allocator after bootstrap. */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 28 08:33:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Jul 2022 08:33:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.376701.609649 (Exim 4.92) (envelope-from ) id 1oGyxt-0004DY-FW; Thu, 28 Jul 2022 08:33:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 376701.609649; Thu, 28 Jul 2022 08:33:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxt-0004DT-Co; Thu, 28 Jul 2022 08:33:53 +0000 Received: by outflank-mailman (input) for mailman id 376701; Thu, 28 Jul 2022 08:33:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxs-0004Ad-5G for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oGyxs-0003wq-4O for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oGyxs-0007ER-3d for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 08:33:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/DCwo58SUqC3cCkclufnYxsGNzwXnoADKT3fUOfUov4=; b=BvUISwnTH0hd1XJ4L3w7bU96k2 ouVnPC59kjhqp2DeU4PzBgh0unFSh0bAVQwJgLYtNbMeV3LCbhW0rk/9oPUEaFgQ1P25zU7D2CFzw 2PVlelJmgCWpgmslRRaiA988lW1gao73Hvh8x8H0xhmOSkrWuutGuXmNr7prFo3udNKw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/PV: correct post-preemption progress recording in iommu_memory_setup() Message-Id: Date: Thu, 28 Jul 2022 08:33:52 +0000 commit f732240fd3bac25116151db5ddeb7203b62e85ce Author: Jan Beulich AuthorDate: Wed Jul 27 13:00:08 2022 +0200 Commit: Jan Beulich CommitDate: Wed Jul 27 13:00:08 2022 +0200 x86/PV: correct post-preemption progress recording in iommu_memory_setup() Coverity validly points out that the mfn_add() as used was dead code. Coverity ID: 1507475 Fixes: c1e1564c8995 ("IOMMU/x86: perform PV Dom0 mappings in batches") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/pv/dom0_build.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index 323c49b0bd..a62f0fa2ef 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -130,7 +130,7 @@ static void __init iommu_memory_setup(struct domain *d, const char *what, IOMMUF_readable | IOMMUF_writable | IOMMUF_preempt, flush_flags)) > 0 ) { - mfn_add(mfn, rc); + mfn = mfn_add(mfn, rc); nr -= rc; /* See comment below. */ for ( ; rc--; ++page ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Jul 28 18:33:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Jul 2022 18:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377030.610087 (Exim 4.92) (envelope-from ) id 1oH8Jl-0000mh-LZ; Thu, 28 Jul 2022 18:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377030.610087; Thu, 28 Jul 2022 18:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oH8Jl-0000ma-HH; Thu, 28 Jul 2022 18:33:05 +0000 Received: by outflank-mailman (input) for mailman id 377030; Thu, 28 Jul 2022 18:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oH8Jk-0000mU-GA for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 18:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oH8Jk-0007TW-F2 for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 18:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oH8Jk-0008Rk-E7 for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 18:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KrrfjxwS89IEe01F371XaxKLOjl8Mb4jcMdzpE8AGxM=; b=lSS1jIFib2r1jMI9azNnQ9BNxz edL/JRQ4CKZZj54JjUC6RI363CBr82pTR1Q9fGO7PUCpWxNattiw0r7AxKU8NvSYTyhTtgjCi2bRL YaX5b/utNcOkqmcuZraZOj0vsOInNHLjBGxvMIbReQHvsLdftDcfhDC3LyP+ekkyCRzM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxl: Add support for Virtio disk configuration Message-Id: Date: Thu, 28 Jul 2022 18:33:04 +0000 commit 66dd1c62b2a3c707bd5c55750d10a8223fbd577f Author: Oleksandr Tyshchenko AuthorDate: Fri Jul 15 22:20:24 2022 +0300 Commit: Julien Grall CommitDate: Thu Jul 28 19:25:43 2022 +0100 libxl: Add support for Virtio disk configuration This patch adds basic support for configuring and assisting virtio-mmio based virtio-disk backend (emulator) which is intended to run out of Qemu and could be run in any domain. Although the Virtio block device is quite different from traditional Xen PV block device (vbd) from the toolstack's point of view: - as the frontend is virtio-blk which is not a Xenbus driver, nothing written to Xenstore are fetched by the frontend currently ("vdev" is not passed to the frontend). But this might need to be revised in future, so frontend data might be written to Xenstore in order to support hotplugging virtio devices or passing the backend domain id on arch where the device-tree is not available. - the ring-ref/event-channel are not used for the backend<->frontend communication, the proposed IPC for Virtio is IOREQ/DM it is still a "block device" and ought to be integrated in existing "disk" handling. So, re-use (and adapt) "disk" parsing/configuration logic to deal with Virtio devices as well. For the immediate purpose and an ability to extend that support for other use-cases in future (Qemu, virtio-pci, etc) perform the following actions: - Add new disk backend type (LIBXL_DISK_BACKEND_STANDALONE) and reflect that in the configuration - Introduce new disk "specification" and "transport" fields to struct libxl_device_disk. Both are written to the Xenstore. The transport field is only used for the specification "virtio" and it assumes only "mmio" value for now. - Introduce new "specification" option with "xen" communication protocol being default value. - Add new device kind (LIBXL__DEVICE_KIND_VIRTIO_DISK) as current one (LIBXL__DEVICE_KIND_VBD) doesn't fit into Virtio disk model An example of domain configuration for Virtio disk: disk = [ 'phy:/dev/mmcblk0p3, xvda1, backendtype=standalone, specification=virtio'] Nothing has changed for default Xen disk configuration. Please note, this patch is not enough for virtio-disk to work on Xen (Arm), as for every Virtio device (including disk) we need to allocate Virtio MMIO params (IRQ and memory region) and pass them to the backend, also update Guest device-tree. The subsequent patch will add these missing bits. For the current patch, the default "irq" and "base" are just written to the Xenstore. This is not an ideal splitting, but this way we avoid breaking the bisectability. Signed-off-by: Oleksandr Tyshchenko Reviewed-by: Anthony PERARD Acked-by: George Dunlap Tested-by: Jiamei Xie --- docs/man/xl-disk-configuration.5.pod.in | 38 +- tools/golang/xenlight/helpers.gen.go | 8 + tools/golang/xenlight/types.gen.go | 18 + tools/include/libxl.h | 7 + tools/libs/light/libxl_device.c | 62 +- tools/libs/light/libxl_disk.c | 146 ++++- tools/libs/light/libxl_internal.h | 2 + tools/libs/light/libxl_types.idl | 18 + tools/libs/light/libxl_types_internal.idl | 1 + tools/libs/light/libxl_utils.c | 2 + tools/libs/util/libxlu_disk_l.c | 959 +++++++++++++++--------------- tools/libs/util/libxlu_disk_l.h | 2 +- tools/libs/util/libxlu_disk_l.l | 9 + tools/xl/xl_block.c | 6 + 14 files changed, 798 insertions(+), 480 deletions(-) diff --git a/docs/man/xl-disk-configuration.5.pod.in b/docs/man/xl-disk-configuration.5.pod.in index 95d039655a..bc945cc517 100644 --- a/docs/man/xl-disk-configuration.5.pod.in +++ b/docs/man/xl-disk-configuration.5.pod.in @@ -232,7 +232,7 @@ Specifies the backend implementation to use =item Supported values -phy, qdisk +phy, qdisk, standalone =item Mandatory @@ -244,11 +244,13 @@ Automatically determine which backend to use. =back -This does not affect the guest's view of the device. It controls -which software implementation of the Xen backend driver is used. +It controls which software implementation of the backend driver is used. +Depending on the "specification" option this may affect the guest's view +of the device. Not all backend drivers support all combinations of other options. -For example, "phy" does not support formats other than "raw". +For example, "phy" and "standalone" do not support formats other than "raw" +and "standalone" does not support specifications other than "virtio". Normally this option should not be specified, in which case libxl will automatically determine the most suitable backend. @@ -373,8 +375,36 @@ processing or causing malfunction to the frontend or the whole domain. Note frontends can ignore such recommendation. +=item B=I + +=over 4 + +=item Description + +Specifies the communication protocol (specification) to use for the chosen +"backendtype" option + +=item Supported values + +xen, virtio + +=item Mandatory + +No + +=item Default value + +xen + =back +Besides forcing toolstack to use specific backend implementation, this also +affects the guest's view of the device. For example, "virtio" requires +Virtio frontend driver (virtio-blk) to be used. Please note, the virtual +device (vdev) is not passed to the guest in that case, but it still must be +specified for the internal purposes. + +=back =head1 COLO Parameters diff --git a/tools/golang/xenlight/helpers.gen.go b/tools/golang/xenlight/helpers.gen.go index 33fe03971f..fa3cf2ab76 100644 --- a/tools/golang/xenlight/helpers.gen.go +++ b/tools/golang/xenlight/helpers.gen.go @@ -1763,6 +1763,10 @@ x.DirectIoSafe = bool(xc.direct_io_safe) if err := x.DiscardEnable.fromC(&xc.discard_enable);err != nil { return fmt.Errorf("converting field DiscardEnable: %v", err) } +x.Specification = DiskSpecification(xc.specification) +x.Transport = DiskTransport(xc.transport) +x.Irq = uint32(xc.irq) +x.Base = uint64(xc.base) if err := x.ColoEnable.fromC(&xc.colo_enable);err != nil { return fmt.Errorf("converting field ColoEnable: %v", err) } @@ -1803,6 +1807,10 @@ xc.direct_io_safe = C.bool(x.DirectIoSafe) if err := x.DiscardEnable.toC(&xc.discard_enable); err != nil { return fmt.Errorf("converting field DiscardEnable: %v", err) } +xc.specification = C.libxl_disk_specification(x.Specification) +xc.transport = C.libxl_disk_transport(x.Transport) +xc.irq = C.uint32_t(x.Irq) +xc.base = C.uint64_t(x.Base) if err := x.ColoEnable.toC(&xc.colo_enable); err != nil { return fmt.Errorf("converting field ColoEnable: %v", err) } diff --git a/tools/golang/xenlight/types.gen.go b/tools/golang/xenlight/types.gen.go index bb149547fd..a0be7ada8c 100644 --- a/tools/golang/xenlight/types.gen.go +++ b/tools/golang/xenlight/types.gen.go @@ -99,6 +99,20 @@ DiskBackendUnknown DiskBackend = 0 DiskBackendPhy DiskBackend = 1 DiskBackendTap DiskBackend = 2 DiskBackendQdisk DiskBackend = 3 +DiskBackendStandalone DiskBackend = 4 +) + +type DiskSpecification int +const( +DiskSpecificationUnknown DiskSpecification = 0 +DiskSpecificationXen DiskSpecification = 1 +DiskSpecificationVirtio DiskSpecification = 2 +) + +type DiskTransport int +const( +DiskTransportUnknown DiskTransport = 0 +DiskTransportMmio DiskTransport = 1 ) type NicType int @@ -645,6 +659,10 @@ Readwrite int IsCdrom int DirectIoSafe bool DiscardEnable Defbool +Specification DiskSpecification +Transport DiskTransport +Irq uint32 +Base uint64 ColoEnable Defbool ColoRestoreEnable Defbool ColoHost string diff --git a/tools/include/libxl.h b/tools/include/libxl.h index f351669039..2321a648a5 100644 --- a/tools/include/libxl.h +++ b/tools/include/libxl.h @@ -549,6 +549,13 @@ */ #define LIBXL_HAVE_ASSISTED_APIC 1 +/* + * LIBXL_HAVE_DEVICE_DISK_SPECIFICATION indicates that 'specification' and + * 'transport' fields (of libxl_disk_specification and libxl_disk_transport + * types respectively) are present in libxl_device_disk. + */ +#define LIBXL_HAVE_DEVICE_DISK_SPECIFICATION 1 + /* * libxl ABI compatibility * diff --git a/tools/libs/light/libxl_device.c b/tools/libs/light/libxl_device.c index e6025d135e..a75c21d433 100644 --- a/tools/libs/light/libxl_device.c +++ b/tools/libs/light/libxl_device.c @@ -289,9 +289,16 @@ static int disk_try_backend(disk_try_backend_args *a, libxl_disk_backend backend) { libxl__gc *gc = a->gc; + libxl_disk_specification specification = a->disk->specification; /* returns 0 (ie, DISK_BACKEND_UNKNOWN) on failure, or * backend on success */ + if ((specification == LIBXL_DISK_SPECIFICATION_VIRTIO && + backend != LIBXL_DISK_BACKEND_STANDALONE) || + (specification != LIBXL_DISK_SPECIFICATION_VIRTIO && + backend == LIBXL_DISK_BACKEND_STANDALONE)) + goto bad_specification; + switch (backend) { case LIBXL_DISK_BACKEND_PHY: if (a->disk->format != LIBXL_DISK_FORMAT_RAW) { @@ -329,6 +336,29 @@ static int disk_try_backend(disk_try_backend_args *a, if (a->disk->script) goto bad_script; return backend; + case LIBXL_DISK_BACKEND_STANDALONE: + if (a->disk->format != LIBXL_DISK_FORMAT_RAW) + goto bad_format; + + if (a->disk->script) + goto bad_script; + + if (libxl_defbool_val(a->disk->colo_enable)) + goto bad_colo; + + if (a->disk->backend_domid != LIBXL_TOOLSTACK_DOMID) { + LOG(DEBUG, "Disk vdev=%s, is using a storage driver domain, " + "skipping physical device check", a->disk->vdev); + return backend; + } + + if (libxl__try_phy_backend(a->stab.st_mode)) + return backend; + + LOG(DEBUG, "Disk vdev=%s, backend standalone unsuitable as phys path not a " + "block device", a->disk->vdev); + return 0; + default: LOG(DEBUG, "Disk vdev=%s, backend %d unknown", a->disk->vdev, backend); return 0; @@ -352,6 +382,12 @@ static int disk_try_backend(disk_try_backend_args *a, LOG(DEBUG, "Disk vdev=%s, backend %s not compatible with colo", a->disk->vdev, libxl_disk_backend_to_string(backend)); return 0; + + bad_specification: + LOG(DEBUG, "Disk vdev=%s, backend %s not compatible with specification %s", + a->disk->vdev, libxl_disk_backend_to_string(backend), + libxl_disk_specification_to_string(specification)); + return 0; } int libxl__backendpath_parse_domid(libxl__gc *gc, const char *be_path, @@ -376,8 +412,9 @@ int libxl__device_disk_set_backend(libxl__gc *gc, libxl_device_disk *disk) { a.gc = gc; a.disk = disk; - LOG(DEBUG, "Disk vdev=%s spec.backend=%s", disk->vdev, - libxl_disk_backend_to_string(disk->backend)); + LOG(DEBUG, "Disk vdev=%s spec.backend=%s specification=%s", disk->vdev, + libxl_disk_backend_to_string(disk->backend), + libxl_disk_specification_to_string(disk->specification)); if (disk->format == LIBXL_DISK_FORMAT_EMPTY) { if (!disk->is_cdrom) { @@ -392,7 +429,8 @@ int libxl__device_disk_set_backend(libxl__gc *gc, libxl_device_disk *disk) { } memset(&a.stab, 0, sizeof(a.stab)); } else if ((disk->backend == LIBXL_DISK_BACKEND_UNKNOWN || - disk->backend == LIBXL_DISK_BACKEND_PHY) && + disk->backend == LIBXL_DISK_BACKEND_PHY || + disk->backend == LIBXL_DISK_BACKEND_STANDALONE) && disk->backend_domid == LIBXL_TOOLSTACK_DOMID && !disk->script) { if (stat(disk->pdev_path, &a.stab)) { @@ -408,7 +446,8 @@ int libxl__device_disk_set_backend(libxl__gc *gc, libxl_device_disk *disk) { ok= disk_try_backend(&a, LIBXL_DISK_BACKEND_PHY) ?: disk_try_backend(&a, LIBXL_DISK_BACKEND_QDISK) ?: - disk_try_backend(&a, LIBXL_DISK_BACKEND_TAP); + disk_try_backend(&a, LIBXL_DISK_BACKEND_TAP) ?: + disk_try_backend(&a, LIBXL_DISK_BACKEND_STANDALONE); if (ok) LOG(DEBUG, "Disk vdev=%s, using backend %s", disk->vdev, @@ -441,10 +480,25 @@ char *libxl__device_disk_string_of_backend(libxl_disk_backend backend) case LIBXL_DISK_BACKEND_QDISK: return "qdisk"; case LIBXL_DISK_BACKEND_TAP: return "phy"; case LIBXL_DISK_BACKEND_PHY: return "phy"; + case LIBXL_DISK_BACKEND_STANDALONE: return "standalone"; + default: return NULL; + } +} + +char *libxl__device_disk_string_of_specification(libxl_disk_specification specification) +{ + switch (specification) { + case LIBXL_DISK_SPECIFICATION_XEN: return "xen"; + case LIBXL_DISK_SPECIFICATION_VIRTIO: return "virtio"; default: return NULL; } } +char *libxl__device_disk_string_of_transport(libxl_disk_transport transport) +{ + return (transport == LIBXL_DISK_TRANSPORT_MMIO ? "mmio" : NULL); +} + const char *libxl__qemu_disk_format_string(libxl_disk_format format) { switch (format) { diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c index 9da2b2ed27..ea3623dd6f 100644 --- a/tools/libs/light/libxl_disk.c +++ b/tools/libs/light/libxl_disk.c @@ -164,6 +164,30 @@ static int libxl__device_disk_setdefault(libxl__gc *gc, uint32_t domid, rc = libxl__resolve_domid(gc, disk->backend_domname, &disk->backend_domid); if (rc < 0) return rc; + if (disk->specification == LIBXL_DISK_SPECIFICATION_UNKNOWN) + disk->specification = LIBXL_DISK_SPECIFICATION_XEN; + + if (disk->specification == LIBXL_DISK_SPECIFICATION_XEN && + disk->transport != LIBXL_DISK_TRANSPORT_UNKNOWN) { + LOGD(ERROR, domid, "Transport is only supported for specification virtio"); + return ERROR_INVAL; + } + + /* Force transport mmio for specification virtio for now */ + if (disk->specification == LIBXL_DISK_SPECIFICATION_VIRTIO) { + if (!(disk->transport == LIBXL_DISK_TRANSPORT_UNKNOWN || + disk->transport == LIBXL_DISK_TRANSPORT_MMIO)) { + LOGD(ERROR, domid, "Unsupported transport for specification virtio"); + return ERROR_INVAL; + } + disk->transport = LIBXL_DISK_TRANSPORT_MMIO; + } + + if (hotplug && disk->specification == LIBXL_DISK_SPECIFICATION_VIRTIO) { + LOGD(ERROR, domid, "Hotplug isn't supported for specification virtio"); + return ERROR_FAIL; + } + /* Force Qdisk backend for CDROM devices of guests with a device model. */ if (disk->is_cdrom != 0 && libxl__domain_type(gc, domid) == LIBXL_DOMAIN_TYPE_HVM) { @@ -205,6 +229,9 @@ static int libxl__device_from_disk(libxl__gc *gc, uint32_t domid, case LIBXL_DISK_BACKEND_QDISK: device->backend_kind = LIBXL__DEVICE_KIND_QDISK; break; + case LIBXL_DISK_BACKEND_STANDALONE: + device->backend_kind = LIBXL__DEVICE_KIND_VIRTIO_DISK; + break; default: LOGD(ERROR, domid, "Unrecognized disk backend type: %d", disk->backend); @@ -213,7 +240,8 @@ static int libxl__device_from_disk(libxl__gc *gc, uint32_t domid, device->domid = domid; device->devid = devid; - device->kind = LIBXL__DEVICE_KIND_VBD; + device->kind = disk->backend == LIBXL_DISK_BACKEND_STANDALONE ? + LIBXL__DEVICE_KIND_VIRTIO_DISK : LIBXL__DEVICE_KIND_VBD; return 0; } @@ -331,7 +359,14 @@ static void device_disk_add(libxl__egc *egc, uint32_t domid, assert(device->backend_kind == LIBXL__DEVICE_KIND_VBD); break; + case LIBXL_DISK_BACKEND_STANDALONE: + dev = disk->pdev_path; + + flexarray_append(back, "params"); + flexarray_append(back, dev); + assert(device->backend_kind == LIBXL__DEVICE_KIND_VIRTIO_DISK); + break; case LIBXL_DISK_BACKEND_TAP: LOG(ERROR, "blktap is not supported"); rc = ERROR_FAIL; @@ -387,6 +422,14 @@ static void device_disk_add(libxl__egc *egc, uint32_t domid, flexarray_append_pair(back, "discard-enable", libxl_defbool_val(disk->discard_enable) ? "1" : "0"); + flexarray_append(back, "specification"); + flexarray_append(back, libxl__device_disk_string_of_specification(disk->specification)); + if (disk->specification == LIBXL_DISK_SPECIFICATION_VIRTIO) { + flexarray_append(back, "transport"); + flexarray_append(back, libxl__device_disk_string_of_transport(disk->transport)); + flexarray_append_pair(back, "base", GCSPRINTF("%"PRIu64, disk->base)); + flexarray_append_pair(back, "irq", GCSPRINTF("%u", disk->irq)); + } flexarray_append(front, "backend-id"); flexarray_append(front, GCSPRINTF("%d", disk->backend_domid)); @@ -535,6 +578,53 @@ static int libxl__disk_from_xenstore(libxl__gc *gc, const char *libxl_path, } libxl_string_to_backend(ctx, tmp, &(disk->backend)); + tmp = libxl__xs_read(gc, XBT_NULL, + GCSPRINTF("%s/specification", libxl_path)); + if (!tmp) { + LOG(DEBUG, "Missing xenstore node %s/specification, assuming specification xen", libxl_path); + disk->specification = LIBXL_DISK_SPECIFICATION_XEN; + } else { + rc = libxl_disk_specification_from_string(tmp, &disk->specification); + if (rc) { + LOG(ERROR, "Unable to parse xenstore node %s/specification", libxl_path); + goto cleanup; + } + } + + if (disk->specification == LIBXL_DISK_SPECIFICATION_VIRTIO) { + tmp = libxl__xs_read(gc, XBT_NULL, + GCSPRINTF("%s/transport", libxl_path)); + if (!tmp) { + LOG(ERROR, "Missing xenstore node %s/transport", libxl_path); + goto cleanup; + } + rc = libxl_disk_transport_from_string(tmp, &disk->transport); + if (rc) { + LOG(ERROR, "Unable to parse xenstore node %s/transport", libxl_path); + goto cleanup; + } + if (disk->transport != LIBXL_DISK_TRANSPORT_MMIO) { + LOG(ERROR, "Only transport mmio is expected for specification virtio"); + goto cleanup; + } + + tmp = libxl__xs_read(gc, XBT_NULL, + GCSPRINTF("%s/base", libxl_path)); + if (!tmp) { + LOG(ERROR, "Missing xenstore node %s/base", libxl_path); + goto cleanup; + } + disk->base = strtoul(tmp, NULL, 10); + + tmp = libxl__xs_read(gc, XBT_NULL, + GCSPRINTF("%s/irq", libxl_path)); + if (!tmp) { + LOG(ERROR, "Missing xenstore node %s/irq", libxl_path); + goto cleanup; + } + disk->irq = strtoul(tmp, NULL, 10); + } + disk->vdev = xs_read(ctx->xsh, XBT_NULL, GCSPRINTF("%s/dev", libxl_path), &len); if (!disk->vdev) { @@ -578,6 +668,42 @@ cleanup: return rc; } +static int libxl__device_disk_get_path(libxl__gc *gc, uint32_t domid, + char **path) +{ + const char *xen_dir, *virtio_dir; + char *xen_path, *virtio_path; + int rc; + + /* default path */ + xen_path = GCSPRINTF("%s/device/%s", + libxl__xs_libxl_path(gc, domid), + libxl__device_kind_to_string(LIBXL__DEVICE_KIND_VBD)); + + rc = libxl__xs_read_checked(gc, XBT_NULL, xen_path, &xen_dir); + if (rc) + return rc; + + virtio_path = GCSPRINTF("%s/device/%s", + libxl__xs_libxl_path(gc, domid), + libxl__device_kind_to_string(LIBXL__DEVICE_KIND_VIRTIO_DISK)); + + rc = libxl__xs_read_checked(gc, XBT_NULL, virtio_path, &virtio_dir); + if (rc) + return rc; + + if (xen_dir && virtio_dir) { + LOGD(ERROR, domid, "Invalid configuration, both xen and virtio paths are present"); + return ERROR_INVAL; + } else if (virtio_dir) { + *path = virtio_path; + } else { + *path = xen_path; + } + + return 0; +} + int libxl_vdev_to_device_disk(libxl_ctx *ctx, uint32_t domid, const char *vdev, libxl_device_disk *disk) { @@ -591,10 +717,12 @@ int libxl_vdev_to_device_disk(libxl_ctx *ctx, uint32_t domid, libxl_device_disk_init(disk); - libxl_path = libxl__domain_device_libxl_path(gc, domid, devid, - LIBXL__DEVICE_KIND_VBD); + rc = libxl__device_disk_get_path(gc, domid, &libxl_path); + if (rc) + return rc; - rc = libxl__disk_from_xenstore(gc, libxl_path, devid, disk); + rc = libxl__disk_from_xenstore(gc, GCSPRINTF("%s/%d", libxl_path, devid), + devid, disk); GC_FREE; return rc; @@ -608,16 +736,19 @@ int libxl_device_disk_getinfo(libxl_ctx *ctx, uint32_t domid, char *fe_path, *libxl_path; char *val; int rc; + libxl__device_kind kind; diskinfo->backend = NULL; diskinfo->devid = libxl__device_disk_dev_number(disk->vdev, NULL, NULL); - /* tap devices entries in xenstore are written as vbd devices. */ + /* tap devices entries in xenstore are written as vbd/virtio_disk devices. */ + kind = disk->backend == LIBXL_DISK_BACKEND_STANDALONE ? + LIBXL__DEVICE_KIND_VIRTIO_DISK : LIBXL__DEVICE_KIND_VBD; fe_path = libxl__domain_device_frontend_path(gc, domid, diskinfo->devid, - LIBXL__DEVICE_KIND_VBD); + kind); libxl_path = libxl__domain_device_libxl_path(gc, domid, diskinfo->devid, - LIBXL__DEVICE_KIND_VBD); + kind); diskinfo->backend = xs_read(ctx->xsh, XBT_NULL, GCSPRINTF("%s/backend", libxl_path), NULL); if (!diskinfo->backend) { @@ -1421,6 +1552,7 @@ LIBXL_DEFINE_DEVICE_LIST(disk) #define libxl__device_disk_update_devid NULL DEFINE_DEVICE_TYPE_STRUCT(disk, VBD, disks, + .get_path = libxl__device_disk_get_path, .merge = libxl_device_disk_merge, .dm_needed = libxl_device_disk_dm_needed, .from_xenstore = (device_from_xenstore_fn_t)libxl__disk_from_xenstore, diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index bdef5a605e..cb9e8b3b8b 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -1493,6 +1493,8 @@ _hidden char * libxl__domain_pvcontrol_read(libxl__gc *gc, /* from xl_device */ _hidden char *libxl__device_disk_string_of_backend(libxl_disk_backend backend); +_hidden char *libxl__device_disk_string_of_specification(libxl_disk_specification specification); +_hidden char *libxl__device_disk_string_of_transport(libxl_disk_transport transport); _hidden char *libxl__device_disk_string_of_format(libxl_disk_format format); _hidden const char *libxl__qemu_disk_format_string(libxl_disk_format format); _hidden int libxl__device_disk_set_backend(libxl__gc*, libxl_device_disk*); diff --git a/tools/libs/light/libxl_types.idl b/tools/libs/light/libxl_types.idl index f3ceb38c9e..d634f304cd 100644 --- a/tools/libs/light/libxl_types.idl +++ b/tools/libs/light/libxl_types.idl @@ -130,6 +130,18 @@ libxl_disk_backend = Enumeration("disk_backend", [ (1, "PHY"), (2, "TAP"), (3, "QDISK"), + (4, "STANDALONE"), # Only relying on the Xenstore data + ]) + +libxl_disk_specification = Enumeration("disk_specification", [ + (0, "UNKNOWN"), + (1, "XEN"), + (2, "VIRTIO"), + ]) + +libxl_disk_transport = Enumeration("disk_transport", [ + (0, "UNKNOWN"), + (1, "MMIO"), ]) libxl_nic_type = Enumeration("nic_type", [ @@ -706,6 +718,12 @@ libxl_device_disk = Struct("device_disk", [ ("is_cdrom", integer), ("direct_io_safe", bool), ("discard_enable", libxl_defbool), + ("specification", libxl_disk_specification), + ("transport", libxl_disk_transport), + # Note that virtio-mmio parameters (irq and base) are for internal use + # by libxl and can't be modified. + ("irq", uint32), + ("base", uint64), # Note that the COLO configuration settings should be considered unstable. # They may change incompatibly in future versions of Xen. ("colo_enable", libxl_defbool), diff --git a/tools/libs/light/libxl_types_internal.idl b/tools/libs/light/libxl_types_internal.idl index 3593e21dbb..8f71980aec 100644 --- a/tools/libs/light/libxl_types_internal.idl +++ b/tools/libs/light/libxl_types_internal.idl @@ -32,6 +32,7 @@ libxl__device_kind = Enumeration("device_kind", [ (14, "PVCALLS"), (15, "VSND"), (16, "VINPUT"), + (17, "VIRTIO_DISK"), ]) libxl__console_backend = Enumeration("console_backend", [ diff --git a/tools/libs/light/libxl_utils.c b/tools/libs/light/libxl_utils.c index e5e6b2da96..e403bd9bcf 100644 --- a/tools/libs/light/libxl_utils.c +++ b/tools/libs/light/libxl_utils.c @@ -297,6 +297,8 @@ int libxl_string_to_backend(libxl_ctx *ctx, char *s, libxl_disk_backend *backend *backend = LIBXL_DISK_BACKEND_TAP; } else if (!strcmp(s, "qdisk")) { *backend = LIBXL_DISK_BACKEND_QDISK; + } else if (!strcmp(s, "standalone")) { + *backend = LIBXL_DISK_BACKEND_STANDALONE; } else if (!strcmp(s, "tap")) { p = strchr(s, ':'); if (!p) { diff --git a/tools/libs/util/libxlu_disk_l.c b/tools/libs/util/libxlu_disk_l.c index 32d4b74b58..0b59723b71 100644 --- a/tools/libs/util/libxlu_disk_l.c +++ b/tools/libs/util/libxlu_disk_l.c @@ -549,8 +549,8 @@ static void yynoreturn yy_fatal_error ( const char* msg , yyscan_t yyscanner ); yyg->yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ yyg->yy_c_buf_p = yy_cp; -#define YY_NUM_RULES 36 -#define YY_END_OF_BUFFER 37 +#define YY_NUM_RULES 37 +#define YY_END_OF_BUFFER 38 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -558,74 +558,77 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static const flex_int16_t yy_acclist[575] = +static const flex_int16_t yy_acclist[594] = { 0, - 35, 35, 37, 33, 34, 36, 8193, 33, 34, 36, - 16385, 8193, 33, 36,16385, 33, 34, 36, 34, 36, - 33, 34, 36, 33, 34, 36, 33, 34, 36, 33, - 34, 36, 33, 34, 36, 33, 34, 36, 33, 34, - 36, 33, 34, 36, 33, 34, 36, 33, 34, 36, - 33, 34, 36, 33, 34, 36, 33, 34, 36, 33, - 34, 36, 33, 34, 36, 33, 34, 36, 35, 36, - 36, 33, 33, 8193, 33, 8193, 33,16385, 8193, 33, - 8193, 33, 33, 8224, 33,16416, 33, 33, 33, 33, - 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, - - 33, 33, 33, 33, 33, 33, 33, 33, 33, 35, - 8193, 33, 8193, 33, 8193, 8224, 33, 8224, 33, 8224, - 23, 33, 33, 33, 33, 33, 33, 33, 33, 33, - 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, - 33, 33, 33, 33, 33, 8224, 33, 8224, 33, 8224, - 23, 33, 33, 28, 8224, 33,16416, 33, 33, 15, - 33, 33, 33, 33, 33, 33, 33, 33, 33, 8217, - 8224, 33,16409,16416, 33, 33, 31, 8224, 33,16416, - 33, 8216, 8224, 33,16408,16416, 33, 33, 8219, 8224, - 33,16411,16416, 33, 33, 33, 33, 33, 28, 8224, - - 33, 28, 8224, 33, 28, 33, 28, 8224, 33, 3, - 33, 15, 33, 33, 33, 33, 33, 30, 8224, 33, - 16416, 33, 33, 33, 8217, 8224, 33, 8217, 8224, 33, - 8217, 33, 8217, 8224, 33, 33, 31, 8224, 33, 31, - 8224, 33, 31, 33, 31, 8224, 8216, 8224, 33, 8216, - 8224, 33, 8216, 33, 8216, 8224, 33, 8219, 8224, 33, - 8219, 8224, 33, 8219, 33, 8219, 8224, 33, 33, 10, - 33, 33, 28, 8224, 33, 28, 8224, 33, 28, 8224, - 28, 33, 28, 33, 3, 33, 33, 33, 33, 33, - 33, 33, 30, 8224, 33, 30, 8224, 33, 30, 33, - - 30, 8224, 33, 33, 29, 8224, 33,16416, 8217, 8224, - 33, 8217, 8224, 33, 8217, 8224, 8217, 33, 8217, 33, - 33, 31, 8224, 33, 31, 8224, 33, 31, 8224, 31, - 33, 31, 8216, 8224, 33, 8216, 8224, 33, 8216, 8224, - 8216, 33, 8216, 33, 8219, 8224, 33, 8219, 8224, 33, - 8219, 8224, 8219, 33, 8219, 33, 33, 10, 23, 10, - 7, 33, 33, 33, 33, 33, 33, 33, 13, 33, - 30, 8224, 33, 30, 8224, 33, 30, 8224, 30, 33, - 30, 2, 33, 29, 8224, 33, 29, 8224, 33, 29, - 33, 29, 8224, 16, 33, 33, 11, 33, 22, 10, - - 10, 23, 7, 23, 7, 33, 8, 33, 33, 33, - 33, 6, 33, 13, 33, 2, 23, 2, 33, 29, - 8224, 33, 29, 8224, 33, 29, 8224, 29, 33, 29, - 16, 33, 33, 11, 23, 11, 26, 8224, 33,16416, - 22, 23, 22, 7, 7, 23, 33, 8, 23, 8, - 33, 33, 33, 33, 6, 23, 6, 6, 23, 6, - 23, 33, 2, 2, 23, 33, 33, 11, 11, 23, - 26, 8224, 33, 26, 8224, 33, 26, 33, 26, 8224, - 22, 23, 33, 8, 8, 23, 33, 33, 17, 18, - 6, 6, 23, 6, 6, 33, 33, 14, 33, 26, - - 8224, 33, 26, 8224, 33, 26, 8224, 26, 33, 26, - 33, 33, 33, 17, 23, 17, 18, 23, 18, 6, - 6, 33, 33, 14, 33, 20, 9, 19, 17, 17, - 23, 18, 18, 23, 6, 5, 6, 33, 21, 20, - 23, 20, 9, 23, 9, 19, 23, 19, 4, 6, - 5, 6, 33, 21, 23, 21, 20, 20, 23, 9, - 9, 23, 19, 19, 23, 4, 6, 12, 33, 21, - 21, 23, 12, 33 + 36, 36, 38, 34, 35, 37, 8193, 34, 35, 37, + 16385, 8193, 34, 37,16385, 34, 35, 37, 35, 37, + 34, 35, 37, 34, 35, 37, 34, 35, 37, 34, + 35, 37, 34, 35, 37, 34, 35, 37, 34, 35, + 37, 34, 35, 37, 34, 35, 37, 34, 35, 37, + 34, 35, 37, 34, 35, 37, 34, 35, 37, 34, + 35, 37, 34, 35, 37, 34, 35, 37, 36, 37, + 37, 34, 34, 8193, 34, 8193, 34,16385, 8193, 34, + 8193, 34, 34, 8225, 34,16417, 34, 34, 34, 34, + 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, + + 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, + 36, 8193, 34, 8193, 34, 8193, 8225, 34, 8225, 34, + 8225, 24, 34, 34, 34, 34, 34, 34, 34, 34, + 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, + 34, 34, 34, 34, 34, 34, 34, 8225, 34, 8225, + 34, 8225, 24, 34, 34, 29, 8225, 34,16417, 34, + 34, 16, 34, 34, 34, 34, 34, 34, 34, 34, + 34, 8218, 8225, 34,16410,16417, 34, 34, 32, 8225, + 34,16417, 34, 8217, 8225, 34,16409,16417, 34, 34, + 34, 8220, 8225, 34,16412,16417, 34, 34, 34, 34, + + 34, 29, 8225, 34, 29, 8225, 34, 29, 34, 29, + 8225, 34, 3, 34, 16, 34, 34, 34, 34, 34, + 31, 8225, 34,16417, 34, 34, 34, 8218, 8225, 34, + 8218, 8225, 34, 8218, 34, 8218, 8225, 34, 34, 32, + 8225, 34, 32, 8225, 34, 32, 34, 32, 8225, 8217, + 8225, 34, 8217, 8225, 34, 8217, 34, 8217, 8225, 34, + 34, 8220, 8225, 34, 8220, 8225, 34, 8220, 34, 8220, + 8225, 34, 34, 11, 34, 34, 29, 8225, 34, 29, + 8225, 34, 29, 8225, 29, 34, 29, 34, 3, 34, + 34, 34, 34, 34, 34, 34, 31, 8225, 34, 31, + + 8225, 34, 31, 34, 31, 8225, 34, 34, 30, 8225, + 34,16417, 8218, 8225, 34, 8218, 8225, 34, 8218, 8225, + 8218, 34, 8218, 34, 34, 32, 8225, 34, 32, 8225, + 34, 32, 8225, 32, 34, 32, 8217, 8225, 34, 8217, + 8225, 34, 8217, 8225, 8217, 34, 8217, 34, 34, 8220, + 8225, 34, 8220, 8225, 34, 8220, 8225, 8220, 34, 8220, + 34, 34, 11, 24, 11, 7, 34, 34, 34, 34, + 34, 34, 34, 14, 34, 31, 8225, 34, 31, 8225, + 34, 31, 8225, 31, 34, 31, 2, 34, 30, 8225, + 34, 30, 8225, 34, 30, 34, 30, 8225, 17, 34, + + 34, 12, 34, 34, 23, 11, 11, 24, 7, 24, + 7, 34, 8, 34, 34, 34, 34, 6, 34, 14, + 34, 2, 24, 2, 34, 30, 8225, 34, 30, 8225, + 34, 30, 8225, 30, 34, 30, 17, 34, 34, 12, + 24, 12, 34, 27, 8225, 34,16417, 23, 24, 23, + 7, 7, 24, 34, 8, 24, 8, 34, 34, 34, + 34, 6, 24, 6, 6, 24, 6, 24, 34, 2, + 2, 24, 34, 34, 12, 12, 24, 34, 27, 8225, + 34, 27, 8225, 34, 27, 34, 27, 8225, 23, 24, + 34, 8, 8, 24, 34, 34, 18, 19, 6, 6, + + 24, 6, 6, 34, 34, 15, 34, 34, 27, 8225, + 34, 27, 8225, 34, 27, 8225, 27, 34, 27, 34, + 34, 34, 18, 24, 18, 19, 24, 19, 6, 6, + 34, 34, 15, 34, 34, 21, 9, 20, 18, 18, + 24, 19, 19, 24, 6, 5, 6, 34, 22, 34, + 21, 24, 21, 9, 24, 9, 20, 24, 20, 4, + 6, 5, 6, 34, 22, 24, 22, 34, 21, 21, + 24, 9, 9, 24, 20, 20, 24, 4, 6, 13, + 34, 22, 22, 24, 10, 13, 34, 10, 24, 10, + 10, 10, 24 + } ; -static const flex_int16_t yy_accept[356] = +static const flex_int16_t yy_accept[373] = { 0, 1, 1, 1, 2, 3, 4, 7, 12, 16, 19, 21, 24, 27, 30, 33, 36, 39, 42, 45, 48, @@ -633,39 +636,41 @@ static const flex_int16_t yy_accept[356] = 74, 76, 79, 81, 82, 83, 84, 87, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, - 109, 110, 111, 113, 115, 116, 118, 120, 121, 122, + 109, 110, 111, 112, 114, 116, 117, 119, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, - 143, 144, 145, 146, 148, 150, 151, 152, 153, 154, - - 158, 159, 160, 162, 163, 164, 165, 166, 167, 168, - 169, 170, 175, 176, 177, 181, 182, 187, 188, 189, - 194, 195, 196, 197, 198, 199, 202, 205, 207, 209, - 210, 212, 214, 215, 216, 217, 218, 222, 223, 224, - 225, 228, 231, 233, 235, 236, 237, 240, 243, 245, - 247, 250, 253, 255, 257, 258, 261, 264, 266, 268, - 269, 270, 271, 272, 273, 276, 279, 281, 283, 284, - 285, 287, 288, 289, 290, 291, 292, 293, 296, 299, - 301, 303, 304, 305, 309, 312, 315, 317, 319, 320, - 321, 322, 325, 328, 330, 332, 333, 336, 339, 341, - - 343, 344, 345, 348, 351, 353, 355, 356, 357, 358, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 371, 374, 377, 379, 381, 382, 383, 384, 387, 390, - 392, 394, 396, 397, 398, 399, 400, 401, 403, 405, - 406, 407, 408, 409, 410, 411, 412, 413, 414, 416, - 418, 419, 420, 423, 426, 428, 430, 431, 433, 434, - 436, 437, 441, 443, 444, 445, 447, 448, 450, 451, - 452, 453, 454, 455, 457, 458, 460, 462, 463, 464, - 466, 467, 468, 469, 471, 474, 477, 479, 481, 483, - 484, 485, 487, 488, 489, 490, 491, 492, 494, 495, - - 496, 497, 498, 500, 503, 506, 508, 510, 511, 512, - 513, 514, 516, 517, 519, 520, 521, 522, 523, 524, - 526, 527, 528, 529, 530, 532, 533, 535, 536, 538, - 539, 540, 542, 543, 545, 546, 548, 549, 551, 553, - 554, 556, 557, 558, 560, 561, 563, 564, 566, 568, - 570, 571, 573, 575, 575 + 143, 144, 145, 146, 147, 148, 150, 152, 153, 154, + + 155, 156, 160, 161, 162, 164, 165, 166, 167, 168, + 169, 170, 171, 172, 177, 178, 179, 183, 184, 189, + 190, 191, 192, 197, 198, 199, 200, 201, 202, 205, + 208, 210, 212, 213, 215, 217, 218, 219, 220, 221, + 225, 226, 227, 228, 231, 234, 236, 238, 239, 240, + 243, 246, 248, 250, 253, 256, 258, 260, 261, 262, + 265, 268, 270, 272, 273, 274, 275, 276, 277, 280, + 283, 285, 287, 288, 289, 291, 292, 293, 294, 295, + 296, 297, 300, 303, 305, 307, 308, 309, 313, 316, + 319, 321, 323, 324, 325, 326, 329, 332, 334, 336, + + 337, 340, 343, 345, 347, 348, 349, 350, 353, 356, + 358, 360, 361, 362, 363, 365, 366, 367, 368, 369, + 370, 371, 372, 373, 374, 376, 379, 382, 384, 386, + 387, 388, 389, 392, 395, 397, 399, 401, 402, 403, + 404, 405, 406, 407, 409, 411, 412, 413, 414, 415, + 416, 417, 418, 419, 420, 422, 424, 425, 426, 429, + 432, 434, 436, 437, 439, 440, 442, 443, 444, 448, + 450, 451, 452, 454, 455, 457, 458, 459, 460, 461, + 462, 464, 465, 467, 469, 470, 471, 473, 474, 475, + 476, 478, 479, 482, 485, 487, 489, 491, 492, 493, + + 495, 496, 497, 498, 499, 500, 502, 503, 504, 505, + 506, 508, 509, 512, 515, 517, 519, 520, 521, 522, + 523, 525, 526, 528, 529, 530, 531, 532, 533, 535, + 536, 537, 538, 539, 540, 542, 543, 545, 546, 548, + 549, 550, 551, 553, 554, 556, 557, 559, 560, 562, + 564, 565, 567, 568, 569, 570, 572, 573, 575, 576, + 578, 580, 582, 583, 585, 586, 588, 590, 591, 592, + 594, 594 } ; static const YY_CHAR yy_ec[256] = @@ -708,216 +713,224 @@ static const YY_CHAR yy_meta[35] = 1, 1, 1, 1 } ; -static const flex_int16_t yy_base[424] = +static const flex_int16_t yy_base[443] = { 0, - 0, 0, 901, 900, 902, 897, 33, 36, 905, 905, - 45, 63, 31, 42, 51, 52, 890, 33, 65, 67, - 69, 70, 889, 71, 888, 75, 0, 905, 893, 905, - 91, 94, 0, 0, 103, 886, 112, 0, 89, 98, - 113, 92, 114, 99, 100, 48, 121, 116, 119, 74, - 124, 129, 123, 135, 132, 133, 137, 134, 138, 139, - 141, 0, 155, 0, 0, 164, 0, 0, 849, 142, - 152, 164, 140, 161, 165, 166, 167, 168, 169, 173, - 174, 178, 176, 180, 184, 208, 189, 183, 192, 195, - 215, 191, 193, 223, 0, 0, 905, 208, 204, 236, - - 219, 209, 238, 196, 237, 831, 242, 815, 241, 224, - 243, 261, 244, 259, 277, 266, 286, 250, 288, 298, - 249, 283, 274, 282, 294, 308, 0, 310, 0, 295, - 305, 905, 308, 306, 313, 314, 342, 319, 316, 320, - 331, 0, 349, 0, 342, 344, 356, 0, 358, 0, - 365, 0, 367, 0, 354, 375, 0, 377, 0, 363, - 356, 809, 327, 322, 384, 0, 0, 0, 0, 379, - 905, 382, 384, 386, 390, 372, 392, 403, 0, 410, - 0, 407, 413, 423, 426, 0, 0, 0, 0, 409, - 424, 435, 0, 0, 0, 0, 437, 0, 0, 0, - - 0, 433, 444, 0, 0, 0, 0, 391, 440, 781, - 905, 769, 439, 445, 444, 447, 449, 454, 453, 399, - 464, 0, 0, 0, 0, 757, 465, 476, 0, 478, - 0, 479, 476, 753, 462, 490, 749, 905, 745, 905, - 483, 737, 424, 485, 487, 490, 500, 493, 905, 729, - 905, 502, 518, 0, 0, 0, 0, 905, 498, 721, - 905, 527, 713, 0, 705, 905, 495, 697, 905, 365, - 521, 528, 530, 685, 905, 534, 540, 540, 657, 905, - 537, 542, 650, 905, 553, 0, 557, 0, 0, 551, - 641, 905, 558, 557, 633, 614, 613, 905, 547, 555, - - 563, 565, 569, 584, 0, 0, 0, 0, 583, 570, - 585, 612, 905, 601, 905, 522, 580, 589, 594, 905, - 600, 585, 563, 520, 905, 514, 905, 586, 486, 597, - 480, 441, 905, 416, 905, 345, 905, 334, 905, 601, - 254, 905, 242, 905, 200, 905, 151, 905, 905, 607, - 86, 905, 905, 905, 620, 624, 627, 631, 635, 639, - 643, 647, 651, 655, 659, 663, 667, 671, 675, 679, - 683, 687, 691, 695, 699, 703, 707, 711, 715, 719, - 723, 727, 731, 735, 739, 743, 747, 751, 755, 759, - 763, 767, 771, 775, 779, 783, 787, 791, 795, 799, - - 803, 807, 811, 815, 819, 823, 827, 831, 835, 839, - 843, 847, 851, 855, 859, 863, 867, 871, 875, 879, - 883, 887, 891 + 0, 0, 936, 935, 937, 932, 33, 36, 940, 940, + 45, 63, 31, 42, 51, 52, 925, 33, 65, 67, + 69, 70, 924, 71, 923, 75, 0, 940, 928, 940, + 91, 95, 0, 0, 104, 921, 113, 0, 91, 99, + 114, 92, 115, 80, 100, 48, 119, 121, 122, 74, + 123, 128, 131, 129, 125, 133, 135, 136, 137, 143, + 138, 145, 0, 157, 0, 0, 168, 0, 0, 926, + 140, 146, 165, 159, 152, 164, 155, 168, 171, 176, + 177, 170, 180, 175, 184, 188, 212, 191, 185, 192, + 193, 194, 219, 212, 199, 230, 0, 0, 940, 195, + + 200, 239, 235, 197, 246, 225, 226, 919, 244, 918, + 243, 236, 245, 266, 248, 264, 282, 271, 291, 248, + 270, 254, 300, 279, 296, 302, 288, 303, 311, 0, + 315, 0, 311, 318, 940, 313, 319, 208, 313, 344, + 321, 331, 325, 333, 0, 352, 0, 345, 347, 359, + 0, 361, 0, 368, 0, 370, 0, 322, 366, 379, + 0, 381, 0, 359, 357, 923, 382, 384, 392, 0, + 0, 0, 0, 387, 940, 386, 390, 392, 329, 401, + 397, 409, 0, 417, 0, 399, 412, 426, 429, 0, + 0, 0, 0, 412, 427, 438, 0, 0, 0, 0, + + 440, 0, 0, 0, 0, 436, 405, 447, 0, 0, + 0, 0, 438, 443, 922, 940, 921, 442, 450, 449, + 452, 454, 459, 458, 453, 469, 0, 0, 0, 0, + 920, 470, 481, 0, 483, 0, 484, 481, 919, 368, + 467, 495, 918, 940, 917, 940, 488, 916, 479, 490, + 492, 495, 505, 498, 940, 915, 940, 507, 523, 0, + 0, 0, 0, 940, 503, 864, 940, 846, 532, 836, + 0, 824, 940, 516, 796, 940, 513, 530, 536, 538, + 784, 940, 542, 535, 547, 772, 940, 549, 551, 768, + 940, 502, 562, 0, 564, 0, 0, 562, 764, 940, + + 544, 557, 760, 752, 744, 940, 552, 568, 571, 568, + 581, 577, 588, 0, 0, 0, 0, 589, 580, 591, + 736, 940, 728, 940, 601, 602, 597, 599, 940, 603, + 720, 712, 700, 672, 940, 665, 940, 610, 656, 603, + 648, 607, 629, 940, 627, 940, 625, 940, 624, 940, + 607, 574, 940, 614, 572, 940, 491, 940, 433, 940, + 940, 622, 389, 940, 303, 940, 261, 940, 204, 940, + 940, 635, 639, 642, 646, 650, 654, 658, 662, 666, + 670, 674, 678, 682, 686, 690, 694, 698, 702, 706, + 710, 714, 718, 722, 726, 730, 734, 738, 742, 746, + + 750, 754, 758, 762, 766, 770, 774, 778, 782, 786, + 790, 794, 798, 802, 806, 810, 814, 818, 822, 826, + 830, 834, 838, 842, 846, 850, 854, 858, 862, 866, + 870, 874, 878, 882, 886, 890, 894, 898, 902, 906, + 910, 914 } ; -static const flex_int16_t yy_def[424] = +static const flex_int16_t yy_def[443] = { 0, - 354, 1, 355, 355, 354, 356, 357, 357, 354, 354, - 358, 358, 12, 12, 12, 12, 12, 12, 12, 12, - 12, 12, 12, 12, 12, 12, 359, 354, 356, 354, - 360, 357, 361, 361, 362, 12, 356, 363, 12, 12, - 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, + 371, 1, 372, 372, 371, 373, 374, 374, 371, 371, + 375, 375, 12, 12, 12, 12, 12, 12, 12, 12, + 12, 12, 12, 12, 12, 12, 376, 371, 373, 371, + 377, 374, 378, 378, 379, 12, 373, 380, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, - 12, 359, 360, 361, 361, 364, 365, 365, 354, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, - 12, 12, 12, 12, 12, 362, 12, 12, 12, 12, - 12, 12, 12, 364, 365, 365, 354, 12, 12, 366, - + 12, 12, 376, 377, 378, 378, 381, 382, 382, 371, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, - 12, 367, 86, 86, 368, 12, 369, 12, 12, 370, - 12, 12, 12, 12, 12, 371, 372, 366, 372, 12, - 12, 354, 86, 12, 12, 12, 373, 12, 12, 12, - 374, 375, 367, 375, 86, 86, 376, 377, 368, 377, - 378, 379, 369, 379, 12, 380, 381, 370, 381, 12, - 12, 382, 12, 12, 371, 372, 372, 383, 383, 12, - 354, 86, 86, 86, 12, 12, 12, 384, 385, 373, - 385, 12, 12, 386, 374, 375, 375, 387, 387, 86, - 86, 376, 377, 377, 388, 388, 378, 379, 379, 389, - - 389, 12, 380, 381, 381, 390, 390, 12, 12, 391, - 354, 392, 86, 12, 86, 86, 86, 12, 86, 12, - 384, 385, 385, 393, 393, 394, 86, 395, 396, 386, - 396, 86, 86, 397, 12, 398, 391, 354, 399, 354, - 86, 400, 12, 86, 86, 86, 401, 86, 354, 402, - 354, 86, 395, 396, 396, 403, 403, 354, 86, 404, - 354, 405, 406, 406, 399, 354, 86, 407, 354, 12, - 86, 86, 86, 408, 354, 408, 408, 86, 402, 354, - 86, 86, 404, 354, 409, 410, 405, 410, 406, 86, - 407, 354, 12, 86, 411, 412, 408, 354, 408, 408, - - 86, 86, 86, 409, 410, 410, 413, 413, 86, 12, - 86, 414, 354, 415, 354, 408, 408, 86, 86, 354, - 416, 417, 418, 414, 354, 415, 354, 408, 408, 86, - 419, 420, 354, 421, 354, 422, 354, 408, 354, 86, - 423, 354, 420, 354, 421, 354, 422, 354, 354, 86, - 423, 354, 354, 0, 354, 354, 354, 354, 354, 354, - 354, 354, 354, 354, 354, 354, 354, 354, 354, 354, - 354, 354, 354, 354, 354, 354, 354, 354, 354, 354, - 354, 354, 354, 354, 354, 354, 354, 354, 354, 354, - 354, 354, 354, 354, 354, 354, 354, 354, 354, 354, - - 354, 354, 354, 354, 354, 354, 354, 354, 354, 354, - 354, 354, 354, 354, 354, 354, 354, 354, 354, 354, - 354, 354, 354 + 12, 12, 12, 12, 12, 12, 379, 12, 12, 12, + 12, 12, 12, 12, 12, 381, 382, 382, 371, 12, + + 12, 383, 12, 12, 12, 12, 12, 12, 12, 12, + 12, 12, 12, 384, 87, 87, 385, 12, 386, 12, + 12, 12, 387, 12, 12, 12, 12, 12, 388, 389, + 383, 389, 12, 12, 371, 87, 12, 12, 12, 390, + 12, 12, 12, 391, 392, 384, 392, 87, 87, 393, + 394, 385, 394, 395, 396, 386, 396, 12, 12, 397, + 398, 387, 398, 12, 12, 399, 12, 12, 388, 389, + 389, 400, 400, 12, 371, 87, 87, 87, 12, 12, + 12, 401, 402, 390, 402, 12, 12, 403, 391, 392, + 392, 404, 404, 87, 87, 393, 394, 394, 405, 405, + + 395, 396, 396, 406, 406, 12, 12, 397, 398, 398, + 407, 407, 12, 12, 408, 371, 409, 87, 12, 87, + 87, 87, 12, 87, 12, 401, 402, 402, 410, 410, + 411, 87, 412, 413, 403, 413, 87, 87, 414, 12, + 12, 415, 408, 371, 416, 371, 87, 417, 12, 87, + 87, 87, 418, 87, 371, 419, 371, 87, 412, 413, + 413, 420, 420, 371, 87, 421, 371, 12, 422, 423, + 423, 416, 371, 87, 424, 371, 12, 87, 87, 87, + 425, 371, 425, 425, 87, 419, 371, 87, 87, 421, + 371, 12, 426, 427, 422, 427, 423, 87, 424, 371, + + 12, 87, 428, 429, 425, 371, 425, 425, 87, 87, + 87, 12, 426, 427, 427, 430, 430, 87, 12, 87, + 431, 371, 432, 371, 425, 425, 87, 87, 371, 12, + 433, 434, 435, 431, 371, 432, 371, 425, 425, 87, + 436, 12, 437, 371, 438, 371, 439, 371, 425, 371, + 87, 440, 371, 12, 437, 371, 438, 371, 439, 371, + 371, 87, 440, 371, 441, 371, 442, 371, 442, 371, + 0, 371, 371, 371, 371, 371, 371, 371, 371, 371, + 371, 371, 371, 371, 371, 371, 371, 371, 371, 371, + 371, 371, 371, 371, 371, 371, 371, 371, 371, 371, + + 371, 371, 371, 371, 371, 371, 371, 371, 371, 371, + 371, 371, 371, 371, 371, 371, 371, 371, 371, 371, + 371, 371, 371, 371, 371, 371, 371, 371, 371, 371, + 371, 371, 371, 371, 371, 371, 371, 371, 371, 371, + 371, 371 } ; -static const flex_int16_t yy_nxt[940] = +static const flex_int16_t yy_nxt[975] = { 0, 6, 7, 8, 9, 6, 6, 6, 6, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 17, 17, 17, 17, 20, 17, 21, 22, 23, 24, 25, 17, 26, 17, 17, 17, 32, 32, 33, 32, 32, 33, 36, 34, 36, 42, 34, 29, 29, 29, 30, 35, - 50, 36, 37, 38, 43, 44, 39, 36, 79, 45, + 50, 36, 37, 38, 43, 44, 39, 36, 80, 45, 36, 36, 40, 29, 29, 29, 30, 35, 46, 48, 37, 38, 41, 47, 36, 49, 36, 53, 36, 36, - 36, 56, 58, 36, 36, 55, 82, 60, 51, 342, - 54, 61, 52, 29, 64, 32, 32, 33, 36, 65, - - 70, 36, 34, 29, 29, 29, 30, 36, 36, 36, - 29, 38, 66, 66, 66, 67, 66, 71, 74, 66, - 68, 72, 36, 36, 73, 36, 77, 78, 36, 76, - 36, 53, 36, 36, 75, 85, 80, 83, 36, 86, - 84, 36, 36, 36, 36, 81, 36, 36, 36, 36, - 36, 36, 93, 89, 337, 98, 88, 29, 64, 101, - 90, 36, 91, 65, 92, 87, 29, 95, 89, 99, - 36, 100, 96, 36, 36, 36, 36, 36, 36, 106, - 105, 85, 36, 36, 102, 36, 107, 36, 103, 36, - 109, 112, 36, 36, 104, 108, 115, 110, 36, 117, - - 36, 36, 36, 335, 36, 36, 122, 111, 29, 29, - 29, 30, 118, 36, 116, 29, 38, 36, 36, 113, - 114, 119, 120, 123, 36, 29, 95, 121, 36, 134, - 131, 96, 130, 36, 125, 124, 126, 126, 66, 127, - 126, 132, 133, 126, 129, 333, 36, 36, 135, 137, - 36, 36, 36, 140, 139, 35, 35, 352, 36, 36, - 85, 141, 141, 66, 142, 141, 160, 145, 141, 144, - 35, 35, 89, 117, 155, 36, 146, 147, 147, 66, - 148, 147, 162, 36, 147, 150, 151, 151, 66, 152, - 151, 36, 36, 151, 154, 120, 161, 36, 156, 156, - - 66, 157, 156, 36, 36, 156, 159, 164, 171, 163, - 29, 166, 29, 168, 36, 36, 167, 170, 169, 35, - 35, 172, 36, 36, 173, 36, 213, 184, 36, 36, - 175, 36, 174, 29, 186, 212, 36, 349, 183, 187, - 177, 176, 178, 178, 66, 179, 178, 182, 348, 178, - 181, 29, 188, 35, 35, 35, 35, 189, 29, 193, - 29, 195, 190, 36, 194, 36, 196, 29, 198, 29, - 200, 191, 36, 199, 36, 201, 219, 29, 204, 29, - 206, 36, 202, 205, 209, 207, 29, 166, 36, 293, - 208, 214, 167, 35, 35, 35, 35, 35, 35, 36, - - 36, 36, 249, 218, 220, 29, 222, 216, 36, 217, - 235, 223, 29, 224, 215, 226, 36, 227, 225, 346, - 35, 35, 36, 228, 228, 66, 229, 228, 29, 186, - 228, 231, 232, 36, 187, 233, 35, 29, 193, 29, - 198, 234, 36, 194, 344, 199, 29, 204, 236, 36, - 35, 241, 205, 242, 36, 35, 35, 270, 35, 35, - 35, 35, 247, 36, 35, 35, 29, 222, 244, 262, - 248, 36, 223, 243, 245, 246, 35, 252, 29, 254, - 29, 256, 258, 342, 255, 259, 257, 35, 35, 339, - 35, 35, 69, 264, 35, 35, 35, 35, 35, 35, - - 267, 35, 35, 275, 35, 35, 35, 35, 271, 35, - 35, 276, 277, 35, 35, 272, 278, 315, 273, 281, - 29, 254, 290, 313, 282, 275, 255, 285, 285, 66, - 286, 285, 35, 35, 285, 288, 295, 298, 296, 35, - 35, 35, 35, 298, 301, 328, 299, 294, 35, 35, - 275, 35, 35, 35, 303, 29, 305, 300, 275, 29, - 307, 306, 35, 35, 302, 308, 337, 36, 35, 35, - 309, 310, 320, 316, 35, 35, 35, 35, 322, 36, - 35, 35, 317, 275, 319, 311, 29, 305, 335, 275, - 318, 321, 306, 323, 35, 35, 35, 35, 330, 329, - - 35, 35, 331, 333, 327, 35, 35, 338, 35, 35, - 353, 340, 35, 35, 350, 325, 275, 315, 35, 35, - 27, 27, 27, 27, 29, 29, 29, 31, 31, 31, - 31, 36, 36, 36, 36, 62, 313, 62, 62, 63, - 63, 63, 63, 65, 269, 65, 65, 35, 35, 35, - 35, 69, 69, 261, 69, 94, 94, 94, 94, 96, - 251, 96, 96, 128, 128, 128, 128, 143, 143, 143, - 143, 149, 149, 149, 149, 153, 153, 153, 153, 158, - 158, 158, 158, 165, 165, 165, 165, 167, 298, 167, - 167, 180, 180, 180, 180, 185, 185, 185, 185, 187, - - 292, 187, 187, 192, 192, 192, 192, 194, 240, 194, - 194, 197, 197, 197, 197, 199, 289, 199, 199, 203, - 203, 203, 203, 205, 284, 205, 205, 210, 210, 210, - 210, 169, 280, 169, 169, 221, 221, 221, 221, 223, - 269, 223, 223, 230, 230, 230, 230, 189, 266, 189, - 189, 196, 211, 196, 196, 201, 261, 201, 201, 207, - 251, 207, 207, 237, 237, 237, 237, 239, 239, 239, - 239, 225, 240, 225, 225, 250, 250, 250, 250, 253, - 253, 253, 253, 255, 238, 255, 255, 260, 260, 260, - 260, 263, 263, 263, 263, 265, 265, 265, 265, 268, - - 268, 268, 268, 274, 274, 274, 274, 279, 279, 279, - 279, 257, 211, 257, 257, 283, 283, 283, 283, 287, - 287, 287, 287, 264, 138, 264, 264, 291, 291, 291, - 291, 297, 297, 297, 297, 304, 304, 304, 304, 306, - 136, 306, 306, 312, 312, 312, 312, 314, 314, 314, - 314, 308, 97, 308, 308, 324, 324, 324, 324, 326, - 326, 326, 326, 332, 332, 332, 332, 334, 334, 334, - 334, 336, 336, 336, 336, 341, 341, 341, 341, 343, - 343, 343, 343, 345, 345, 345, 345, 347, 347, 347, - 347, 351, 351, 351, 351, 36, 30, 59, 57, 36, - - 30, 354, 28, 28, 5, 354, 354, 354, 354, 354, - 354, 354, 354, 354, 354, 354, 354, 354, 354, 354, - 354, 354, 354, 354, 354, 354, 354, 354, 354, 354, - 354, 354, 354, 354, 354, 354, 354, 354, 354 + 36, 56, 58, 36, 36, 55, 83, 61, 51, 36, + 54, 62, 52, 29, 65, 59, 32, 32, 33, 66, + + 36, 36, 71, 34, 29, 29, 29, 30, 36, 36, + 77, 29, 38, 67, 67, 67, 68, 67, 75, 72, + 67, 69, 73, 36, 36, 74, 78, 79, 36, 53, + 36, 36, 36, 87, 36, 76, 84, 36, 36, 85, + 36, 81, 36, 86, 36, 36, 36, 36, 82, 36, + 92, 95, 36, 100, 36, 36, 89, 90, 88, 29, + 65, 36, 91, 101, 36, 66, 90, 93, 36, 94, + 29, 97, 102, 36, 36, 104, 98, 36, 103, 36, + 36, 107, 108, 106, 36, 36, 36, 105, 86, 36, + 109, 110, 111, 36, 36, 114, 112, 36, 117, 119, + + 36, 36, 36, 36, 36, 121, 36, 368, 36, 36, + 120, 113, 29, 29, 29, 30, 118, 36, 134, 29, + 38, 36, 127, 115, 116, 122, 123, 125, 36, 126, + 128, 124, 29, 97, 36, 36, 180, 138, 98, 129, + 129, 67, 130, 129, 36, 36, 129, 132, 133, 135, + 136, 140, 36, 36, 36, 36, 142, 36, 137, 35, + 35, 123, 86, 36, 370, 143, 144, 144, 67, 145, + 144, 148, 158, 144, 147, 35, 35, 90, 119, 36, + 36, 149, 150, 150, 67, 151, 150, 159, 36, 150, + 153, 154, 154, 67, 155, 154, 164, 36, 154, 157, + + 160, 160, 67, 161, 160, 36, 368, 160, 163, 165, + 166, 36, 36, 29, 170, 167, 168, 29, 172, 171, + 36, 175, 36, 173, 35, 35, 176, 36, 36, 177, + 36, 36, 188, 174, 36, 29, 190, 178, 36, 181, + 36, 191, 223, 179, 182, 182, 67, 183, 182, 186, + 206, 182, 185, 187, 29, 192, 35, 35, 35, 35, + 193, 29, 197, 29, 199, 194, 36, 198, 36, 200, + 29, 202, 29, 204, 195, 36, 203, 36, 205, 268, + 207, 29, 209, 29, 211, 214, 213, 210, 218, 212, + 217, 36, 353, 36, 29, 170, 36, 35, 35, 219, + + 171, 35, 35, 35, 35, 224, 36, 231, 36, 225, + 36, 29, 227, 221, 36, 222, 232, 228, 220, 29, + 229, 36, 240, 35, 35, 230, 233, 233, 67, 234, + 233, 29, 190, 233, 236, 237, 348, 191, 238, 35, + 29, 197, 29, 202, 239, 36, 198, 36, 203, 29, + 209, 242, 36, 35, 247, 210, 255, 241, 248, 36, + 35, 35, 36, 35, 35, 35, 35, 253, 36, 35, + 35, 29, 227, 250, 269, 254, 36, 228, 249, 251, + 252, 35, 258, 29, 260, 29, 262, 264, 36, 261, + 265, 263, 35, 35, 346, 35, 35, 70, 271, 35, + + 35, 35, 35, 35, 35, 274, 35, 35, 282, 35, + 35, 36, 277, 278, 35, 35, 283, 284, 35, 35, + 279, 285, 36, 280, 288, 29, 260, 35, 35, 289, + 312, 261, 293, 293, 67, 294, 293, 301, 306, 293, + 296, 35, 35, 298, 303, 306, 304, 35, 35, 35, + 35, 309, 308, 36, 307, 282, 302, 319, 35, 35, + 35, 35, 35, 311, 29, 314, 29, 316, 35, 35, + 315, 282, 317, 35, 35, 344, 310, 364, 325, 35, + 35, 318, 35, 35, 329, 320, 36, 328, 332, 36, + 29, 314, 35, 35, 330, 326, 315, 331, 327, 333, + + 35, 35, 35, 35, 282, 282, 340, 341, 35, 35, + 35, 35, 36, 282, 35, 35, 36, 351, 35, 35, + 362, 339, 365, 36, 338, 366, 342, 361, 360, 354, + 358, 349, 356, 35, 35, 27, 27, 27, 27, 29, + 29, 29, 31, 31, 31, 31, 36, 36, 36, 36, + 63, 353, 63, 63, 64, 64, 64, 64, 66, 350, + 66, 66, 35, 35, 35, 35, 70, 70, 324, 70, + 96, 96, 96, 96, 98, 322, 98, 98, 131, 131, + 131, 131, 146, 146, 146, 146, 152, 152, 152, 152, + 156, 156, 156, 156, 162, 162, 162, 162, 169, 169, + + 169, 169, 171, 348, 171, 171, 184, 184, 184, 184, + 189, 189, 189, 189, 191, 346, 191, 191, 196, 196, + 196, 196, 198, 344, 198, 198, 201, 201, 201, 201, + 203, 337, 203, 203, 208, 208, 208, 208, 210, 335, + 210, 210, 215, 215, 215, 215, 173, 282, 173, 173, + 226, 226, 226, 226, 228, 324, 228, 228, 235, 235, + 235, 235, 193, 322, 193, 193, 200, 276, 200, 200, + 205, 267, 205, 205, 212, 257, 212, 212, 243, 243, + 243, 243, 245, 245, 245, 245, 230, 306, 230, 230, + 256, 256, 256, 256, 259, 259, 259, 259, 261, 300, + + 261, 261, 266, 266, 266, 266, 270, 270, 270, 270, + 272, 272, 272, 272, 275, 275, 275, 275, 281, 281, + 281, 281, 286, 286, 286, 286, 263, 246, 263, 263, + 290, 290, 290, 290, 295, 295, 295, 295, 271, 297, + 271, 271, 299, 299, 299, 299, 305, 305, 305, 305, + 313, 313, 313, 313, 315, 292, 315, 315, 321, 321, + 321, 321, 323, 323, 323, 323, 317, 291, 317, 317, + 334, 334, 334, 334, 336, 336, 336, 336, 343, 343, + 343, 343, 345, 345, 345, 345, 347, 347, 347, 347, + 352, 352, 352, 352, 355, 355, 355, 355, 357, 357, + + 357, 357, 359, 359, 359, 359, 363, 363, 363, 363, + 367, 367, 367, 367, 369, 369, 369, 369, 287, 276, + 273, 216, 267, 257, 246, 244, 216, 141, 139, 99, + 36, 30, 60, 57, 36, 30, 371, 28, 28, 5, + 371, 371, 371, 371, 371, 371, 371, 371, 371, 371, + 371, 371, 371, 371, 371, 371, 371, 371, 371, 371, + 371, 371, 371, 371, 371, 371, 371, 371, 371, 371, + 371, 371, 371, 371 } ; -static const flex_int16_t yy_chk[940] = +static const flex_int16_t yy_chk[975] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -927,101 +940,105 @@ static const flex_int16_t yy_chk[940] = 18, 14, 11, 11, 13, 14, 11, 46, 46, 14, 15, 16, 11, 12, 12, 12, 12, 12, 14, 16, 12, 12, 12, 15, 19, 16, 20, 20, 21, 22, - 24, 22, 24, 50, 26, 21, 50, 26, 19, 351, - 20, 26, 19, 31, 31, 32, 32, 32, 39, 31, - - 39, 42, 32, 35, 35, 35, 35, 40, 44, 45, - 35, 35, 37, 37, 37, 37, 37, 39, 42, 37, - 37, 40, 41, 43, 41, 48, 45, 45, 49, 44, - 47, 47, 53, 51, 43, 53, 48, 51, 52, 54, - 52, 55, 56, 58, 54, 49, 57, 59, 60, 73, - 61, 70, 60, 61, 347, 70, 56, 63, 63, 73, - 58, 71, 59, 63, 59, 55, 66, 66, 57, 71, - 74, 72, 66, 72, 75, 76, 77, 78, 79, 78, - 77, 79, 80, 81, 74, 83, 80, 82, 75, 84, - 82, 85, 88, 85, 76, 81, 87, 83, 87, 89, - - 92, 89, 93, 345, 90, 104, 92, 84, 86, 86, - 86, 86, 90, 99, 88, 86, 86, 98, 102, 86, - 86, 91, 91, 93, 91, 94, 94, 91, 101, 104, - 102, 94, 101, 110, 99, 98, 100, 100, 100, 100, - 100, 103, 103, 100, 100, 343, 105, 103, 105, 107, - 109, 107, 111, 110, 109, 113, 113, 341, 121, 118, - 111, 112, 112, 112, 112, 112, 121, 113, 112, 112, - 114, 114, 116, 116, 118, 116, 114, 115, 115, 115, - 115, 115, 123, 123, 115, 115, 117, 117, 117, 117, - 117, 124, 122, 117, 117, 119, 122, 119, 120, 120, - - 120, 120, 120, 125, 130, 120, 120, 125, 131, 124, - 126, 126, 128, 128, 131, 134, 126, 130, 128, 133, - 133, 133, 135, 136, 133, 139, 164, 140, 138, 140, - 134, 164, 133, 141, 141, 163, 163, 338, 139, 141, - 136, 135, 137, 137, 137, 137, 137, 138, 336, 137, - 137, 143, 143, 145, 145, 146, 146, 143, 147, 147, - 149, 149, 145, 155, 147, 161, 149, 151, 151, 153, - 153, 146, 160, 151, 270, 153, 176, 156, 156, 158, - 158, 176, 155, 156, 161, 158, 165, 165, 170, 270, - 160, 170, 165, 172, 172, 173, 173, 174, 174, 175, - - 208, 177, 220, 175, 177, 178, 178, 173, 220, 174, - 208, 178, 180, 180, 172, 182, 182, 183, 180, 334, - 190, 190, 183, 184, 184, 184, 184, 184, 185, 185, - 184, 184, 190, 243, 185, 191, 191, 192, 192, 197, - 197, 202, 202, 192, 332, 197, 203, 203, 209, 209, - 213, 213, 203, 214, 214, 215, 215, 243, 216, 216, - 217, 217, 218, 218, 219, 219, 221, 221, 215, 235, - 219, 235, 221, 214, 216, 217, 227, 227, 228, 228, - 230, 230, 232, 331, 228, 233, 230, 233, 233, 329, - 232, 232, 236, 236, 241, 241, 244, 244, 245, 245, - - 241, 246, 246, 247, 248, 248, 267, 267, 244, 259, - 259, 247, 247, 252, 252, 245, 248, 326, 246, 252, - 253, 253, 267, 324, 259, 316, 253, 262, 262, 262, - 262, 262, 271, 271, 262, 262, 272, 276, 273, 272, - 272, 273, 273, 277, 278, 316, 276, 271, 281, 281, - 299, 278, 278, 282, 282, 285, 285, 277, 300, 287, - 287, 285, 290, 290, 281, 287, 323, 293, 294, 294, - 290, 293, 303, 299, 301, 301, 302, 302, 310, 310, - 303, 303, 300, 317, 302, 294, 304, 304, 322, 328, - 301, 309, 304, 311, 309, 309, 311, 311, 318, 317, - - 318, 318, 319, 321, 314, 319, 319, 328, 330, 330, - 350, 330, 340, 340, 340, 312, 297, 296, 350, 350, - 355, 355, 355, 355, 356, 356, 356, 357, 357, 357, - 357, 358, 358, 358, 358, 359, 295, 359, 359, 360, - 360, 360, 360, 361, 291, 361, 361, 362, 362, 362, - 362, 363, 363, 283, 363, 364, 364, 364, 364, 365, - 279, 365, 365, 366, 366, 366, 366, 367, 367, 367, - 367, 368, 368, 368, 368, 369, 369, 369, 369, 370, - 370, 370, 370, 371, 371, 371, 371, 372, 274, 372, - 372, 373, 373, 373, 373, 374, 374, 374, 374, 375, - - 268, 375, 375, 376, 376, 376, 376, 377, 265, 377, - 377, 378, 378, 378, 378, 379, 263, 379, 379, 380, - 380, 380, 380, 381, 260, 381, 381, 382, 382, 382, - 382, 383, 250, 383, 383, 384, 384, 384, 384, 385, - 242, 385, 385, 386, 386, 386, 386, 387, 239, 387, - 387, 388, 237, 388, 388, 389, 234, 389, 389, 390, - 226, 390, 390, 391, 391, 391, 391, 392, 392, 392, - 392, 393, 212, 393, 393, 394, 394, 394, 394, 395, - 395, 395, 395, 396, 210, 396, 396, 397, 397, 397, - 397, 398, 398, 398, 398, 399, 399, 399, 399, 400, - - 400, 400, 400, 401, 401, 401, 401, 402, 402, 402, - 402, 403, 162, 403, 403, 404, 404, 404, 404, 405, - 405, 405, 405, 406, 108, 406, 406, 407, 407, 407, - 407, 408, 408, 408, 408, 409, 409, 409, 409, 410, - 106, 410, 410, 411, 411, 411, 411, 412, 412, 412, - 412, 413, 69, 413, 413, 414, 414, 414, 414, 415, - 415, 415, 415, 416, 416, 416, 416, 417, 417, 417, - 417, 418, 418, 418, 418, 419, 419, 419, 419, 420, - 420, 420, 420, 421, 421, 421, 421, 422, 422, 422, - 422, 423, 423, 423, 423, 36, 29, 25, 23, 17, - - 6, 5, 4, 3, 354, 354, 354, 354, 354, 354, - 354, 354, 354, 354, 354, 354, 354, 354, 354, 354, - 354, 354, 354, 354, 354, 354, 354, 354, 354, 354, - 354, 354, 354, 354, 354, 354, 354, 354, 354 + 24, 22, 24, 50, 26, 21, 50, 26, 19, 44, + 20, 26, 19, 31, 31, 24, 32, 32, 32, 31, + + 39, 42, 39, 32, 35, 35, 35, 35, 40, 45, + 44, 35, 35, 37, 37, 37, 37, 37, 42, 39, + 37, 37, 40, 41, 43, 41, 45, 45, 47, 47, + 48, 49, 51, 54, 55, 43, 51, 52, 54, 52, + 53, 48, 56, 53, 57, 58, 59, 61, 49, 71, + 59, 61, 60, 71, 62, 72, 56, 62, 55, 64, + 64, 75, 58, 72, 77, 64, 57, 60, 74, 60, + 67, 67, 73, 76, 73, 75, 67, 78, 74, 82, + 79, 78, 79, 77, 84, 80, 81, 76, 80, 83, + 81, 82, 83, 85, 89, 86, 84, 86, 88, 90, + + 88, 90, 91, 92, 100, 92, 104, 369, 95, 101, + 91, 85, 87, 87, 87, 87, 89, 138, 104, 87, + 87, 94, 100, 87, 87, 93, 93, 94, 93, 95, + 101, 93, 96, 96, 106, 107, 138, 107, 96, 102, + 102, 102, 102, 102, 103, 112, 102, 102, 103, 105, + 105, 109, 111, 109, 113, 105, 111, 120, 106, 115, + 115, 122, 113, 122, 367, 112, 114, 114, 114, 114, + 114, 115, 120, 114, 114, 116, 116, 118, 118, 121, + 118, 116, 117, 117, 117, 117, 117, 121, 124, 117, + 117, 119, 119, 119, 119, 119, 124, 127, 119, 119, + + 123, 123, 123, 123, 123, 125, 365, 123, 123, 125, + 126, 126, 128, 129, 129, 127, 128, 131, 131, 129, + 133, 134, 139, 131, 136, 136, 136, 134, 137, 136, + 141, 158, 143, 133, 143, 144, 144, 136, 179, 139, + 142, 144, 179, 137, 140, 140, 140, 140, 140, 141, + 158, 140, 140, 142, 146, 146, 148, 148, 149, 149, + 146, 150, 150, 152, 152, 148, 165, 150, 164, 152, + 154, 154, 156, 156, 149, 159, 154, 240, 156, 240, + 159, 160, 160, 162, 162, 165, 164, 160, 168, 162, + 167, 167, 363, 168, 169, 169, 174, 176, 176, 174, + + 169, 177, 177, 178, 178, 180, 181, 186, 186, 181, + 180, 182, 182, 177, 207, 178, 187, 182, 176, 184, + 184, 187, 207, 194, 194, 184, 188, 188, 188, 188, + 188, 189, 189, 188, 188, 194, 359, 189, 195, 195, + 196, 196, 201, 201, 206, 206, 196, 213, 201, 208, + 208, 214, 214, 218, 218, 208, 225, 213, 219, 219, + 220, 220, 225, 221, 221, 222, 222, 223, 223, 224, + 224, 226, 226, 220, 241, 224, 241, 226, 219, 221, + 222, 232, 232, 233, 233, 235, 235, 237, 249, 233, + 238, 235, 238, 238, 357, 237, 237, 242, 242, 247, + + 247, 250, 250, 251, 251, 247, 252, 252, 253, 254, + 254, 292, 249, 250, 265, 265, 253, 253, 258, 258, + 251, 254, 277, 252, 258, 259, 259, 274, 274, 265, + 292, 259, 269, 269, 269, 269, 269, 277, 284, 269, + 269, 278, 278, 274, 279, 283, 280, 279, 279, 280, + 280, 285, 284, 301, 283, 307, 278, 301, 285, 285, + 288, 288, 289, 289, 293, 293, 295, 295, 302, 302, + 293, 308, 295, 298, 298, 355, 288, 352, 307, 310, + 310, 298, 309, 309, 311, 302, 312, 310, 319, 319, + 313, 313, 311, 311, 312, 308, 313, 318, 309, 320, + + 318, 318, 320, 320, 325, 326, 327, 328, 327, 327, + 328, 328, 330, 338, 340, 340, 342, 340, 351, 351, + 351, 326, 354, 354, 325, 362, 330, 349, 347, 342, + 345, 338, 343, 362, 362, 372, 372, 372, 372, 373, + 373, 373, 374, 374, 374, 374, 375, 375, 375, 375, + 376, 341, 376, 376, 377, 377, 377, 377, 378, 339, + 378, 378, 379, 379, 379, 379, 380, 380, 336, 380, + 381, 381, 381, 381, 382, 334, 382, 382, 383, 383, + 383, 383, 384, 384, 384, 384, 385, 385, 385, 385, + 386, 386, 386, 386, 387, 387, 387, 387, 388, 388, + + 388, 388, 389, 333, 389, 389, 390, 390, 390, 390, + 391, 391, 391, 391, 392, 332, 392, 392, 393, 393, + 393, 393, 394, 331, 394, 394, 395, 395, 395, 395, + 396, 323, 396, 396, 397, 397, 397, 397, 398, 321, + 398, 398, 399, 399, 399, 399, 400, 305, 400, 400, + 401, 401, 401, 401, 402, 304, 402, 402, 403, 403, + 403, 403, 404, 303, 404, 404, 405, 299, 405, 405, + 406, 290, 406, 406, 407, 286, 407, 407, 408, 408, + 408, 408, 409, 409, 409, 409, 410, 281, 410, 410, + 411, 411, 411, 411, 412, 412, 412, 412, 413, 275, + + 413, 413, 414, 414, 414, 414, 415, 415, 415, 415, + 416, 416, 416, 416, 417, 417, 417, 417, 418, 418, + 418, 418, 419, 419, 419, 419, 420, 272, 420, 420, + 421, 421, 421, 421, 422, 422, 422, 422, 423, 270, + 423, 423, 424, 424, 424, 424, 425, 425, 425, 425, + 426, 426, 426, 426, 427, 268, 427, 427, 428, 428, + 428, 428, 429, 429, 429, 429, 430, 266, 430, 430, + 431, 431, 431, 431, 432, 432, 432, 432, 433, 433, + 433, 433, 434, 434, 434, 434, 435, 435, 435, 435, + 436, 436, 436, 436, 437, 437, 437, 437, 438, 438, + + 438, 438, 439, 439, 439, 439, 440, 440, 440, 440, + 441, 441, 441, 441, 442, 442, 442, 442, 256, 248, + 245, 243, 239, 231, 217, 215, 166, 110, 108, 70, + 36, 29, 25, 23, 17, 6, 5, 4, 3, 371, + 371, 371, 371, 371, 371, 371, 371, 371, 371, 371, + 371, 371, 371, 371, 371, 371, 371, 371, 371, 371, + 371, 371, 371, 371, 371, 371, 371, 371, 371, 371, + 371, 371, 371, 371 } ; #define YY_TRAILING_MASK 0x2000 @@ -1160,9 +1177,17 @@ static void setbackendtype(DiskParseContext *dpc, const char *str) { if ( !strcmp(str,"phy")) DSET(dpc,backend,BACKEND,str,PHY); else if (!strcmp(str,"tap")) DSET(dpc,backend,BACKEND,str,TAP); else if (!strcmp(str,"qdisk")) DSET(dpc,backend,BACKEND,str,QDISK); + else if (!strcmp(str,"standalone")) DSET(dpc,backend,BACKEND,str,STANDALONE); else xlu__disk_err(dpc,str,"unknown value for backendtype"); } +/* Sets ->specification from the string. IDL should provide something for this. */ +static void setspecification(DiskParseContext *dpc, const char *str) { + if (!strcmp(str,"xen")) DSET(dpc,specification,SPECIFICATION,str,XEN); + else if (!strcmp(str,"virtio")) DSET(dpc,specification,SPECIFICATION,str,VIRTIO); + else xlu__disk_err(dpc,str,"unknown value for specification"); +} + /* Sets ->colo-port from the string. COLO need this. */ static void setcoloport(DiskParseContext *dpc, const char *str) { int port = atoi(str); @@ -1199,9 +1224,9 @@ static int vdev_and_devtype(DiskParseContext *dpc, char *str) { #undef DPC /* needs to be defined differently the actual lexer */ #define DPC ((DiskParseContext*)yyextra) -#line 1202 "libxlu_disk_l.c" +#line 1227 "libxlu_disk_l.c" -#line 1204 "libxlu_disk_l.c" +#line 1229 "libxlu_disk_l.c" #define INITIAL 0 #define LEXERR 1 @@ -1477,13 +1502,13 @@ YY_DECL } { -#line 177 "libxlu_disk_l.l" +#line 185 "libxlu_disk_l.l" -#line 180 "libxlu_disk_l.l" +#line 188 "libxlu_disk_l.l" /*----- the scanner rules which do the parsing -----*/ -#line 1486 "libxlu_disk_l.c" +#line 1511 "libxlu_disk_l.c" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -1515,14 +1540,14 @@ yy_match: while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 355 ) + if ( yy_current_state >= 372 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; *yyg->yy_state_ptr++ = yy_current_state; ++yy_cp; } - while ( yy_current_state != 354 ); + while ( yy_current_state != 371 ); yy_find_action: yy_current_state = *--yyg->yy_state_ptr; @@ -1572,152 +1597,158 @@ do_action: /* This label is used only to access EOF actions. */ case 1: /* rule 1 can match eol */ YY_RULE_SETUP -#line 182 "libxlu_disk_l.l" +#line 190 "libxlu_disk_l.l" { /* ignore whitespace before parameters */ } YY_BREAK /* ordinary parameters setting enums or strings */ case 2: /* rule 2 can match eol */ YY_RULE_SETUP -#line 186 "libxlu_disk_l.l" +#line 194 "libxlu_disk_l.l" { STRIP(','); setformat(DPC, FROMEQUALS); } YY_BREAK case 3: YY_RULE_SETUP -#line 188 "libxlu_disk_l.l" +#line 196 "libxlu_disk_l.l" { DPC->disk->is_cdrom = 1; } YY_BREAK case 4: YY_RULE_SETUP -#line 189 "libxlu_disk_l.l" +#line 197 "libxlu_disk_l.l" { DPC->disk->is_cdrom = 1; } YY_BREAK case 5: YY_RULE_SETUP -#line 190 "libxlu_disk_l.l" +#line 198 "libxlu_disk_l.l" { DPC->disk->is_cdrom = 0; } YY_BREAK case 6: /* rule 6 can match eol */ YY_RULE_SETUP -#line 191 "libxlu_disk_l.l" +#line 199 "libxlu_disk_l.l" { xlu__disk_err(DPC,yytext,"unknown value for type"); } YY_BREAK case 7: /* rule 7 can match eol */ YY_RULE_SETUP -#line 193 "libxlu_disk_l.l" +#line 201 "libxlu_disk_l.l" { STRIP(','); setaccess(DPC, FROMEQUALS); } YY_BREAK case 8: /* rule 8 can match eol */ YY_RULE_SETUP -#line 194 "libxlu_disk_l.l" +#line 202 "libxlu_disk_l.l" { STRIP(','); SAVESTRING("backend", backend_domname, FROMEQUALS); } YY_BREAK case 9: /* rule 9 can match eol */ YY_RULE_SETUP -#line 195 "libxlu_disk_l.l" +#line 203 "libxlu_disk_l.l" { STRIP(','); setbackendtype(DPC,FROMEQUALS); } YY_BREAK case 10: /* rule 10 can match eol */ YY_RULE_SETUP -#line 197 "libxlu_disk_l.l" -{ STRIP(','); SAVESTRING("vdev", vdev, FROMEQUALS); } +#line 204 "libxlu_disk_l.l" +{ STRIP(','); setspecification(DPC,FROMEQUALS); } YY_BREAK case 11: /* rule 11 can match eol */ YY_RULE_SETUP -#line 198 "libxlu_disk_l.l" -{ STRIP(','); SAVESTRING("script", script, FROMEQUALS); } +#line 206 "libxlu_disk_l.l" +{ STRIP(','); SAVESTRING("vdev", vdev, FROMEQUALS); } YY_BREAK case 12: +/* rule 12 can match eol */ YY_RULE_SETUP -#line 199 "libxlu_disk_l.l" -{ DPC->disk->direct_io_safe = 1; } +#line 207 "libxlu_disk_l.l" +{ STRIP(','); SAVESTRING("script", script, FROMEQUALS); } YY_BREAK case 13: YY_RULE_SETUP -#line 200 "libxlu_disk_l.l" -{ libxl_defbool_set(&DPC->disk->discard_enable, true); } +#line 208 "libxlu_disk_l.l" +{ DPC->disk->direct_io_safe = 1; } YY_BREAK case 14: YY_RULE_SETUP -#line 201 "libxlu_disk_l.l" -{ libxl_defbool_set(&DPC->disk->discard_enable, false); } +#line 209 "libxlu_disk_l.l" +{ libxl_defbool_set(&DPC->disk->discard_enable, true); } YY_BREAK -/* Note that the COLO configuration settings should be considered unstable. - * They may change incompatibly in future versions of Xen. */ case 15: YY_RULE_SETUP -#line 204 "libxlu_disk_l.l" -{ libxl_defbool_set(&DPC->disk->colo_enable, true); } +#line 210 "libxlu_disk_l.l" +{ libxl_defbool_set(&DPC->disk->discard_enable, false); } YY_BREAK +/* Note that the COLO configuration settings should be considered unstable. + * They may change incompatibly in future versions of Xen. */ case 16: YY_RULE_SETUP -#line 205 "libxlu_disk_l.l" -{ libxl_defbool_set(&DPC->disk->colo_enable, false); } +#line 213 "libxlu_disk_l.l" +{ libxl_defbool_set(&DPC->disk->colo_enable, true); } YY_BREAK case 17: -/* rule 17 can match eol */ YY_RULE_SETUP -#line 206 "libxlu_disk_l.l" -{ STRIP(','); SAVESTRING("colo-host", colo_host, FROMEQUALS); } +#line 214 "libxlu_disk_l.l" +{ libxl_defbool_set(&DPC->disk->colo_enable, false); } YY_BREAK case 18: /* rule 18 can match eol */ YY_RULE_SETUP -#line 207 "libxlu_disk_l.l" -{ STRIP(','); setcoloport(DPC, FROMEQUALS); } +#line 215 "libxlu_disk_l.l" +{ STRIP(','); SAVESTRING("colo-host", colo_host, FROMEQUALS); } YY_BREAK case 19: /* rule 19 can match eol */ YY_RULE_SETUP -#line 208 "libxlu_disk_l.l" -{ STRIP(','); SAVESTRING("colo-export", colo_export, FROMEQUALS); } +#line 216 "libxlu_disk_l.l" +{ STRIP(','); setcoloport(DPC, FROMEQUALS); } YY_BREAK case 20: /* rule 20 can match eol */ YY_RULE_SETUP -#line 209 "libxlu_disk_l.l" -{ STRIP(','); SAVESTRING("active-disk", active_disk, FROMEQUALS); } +#line 217 "libxlu_disk_l.l" +{ STRIP(','); SAVESTRING("colo-export", colo_export, FROMEQUALS); } YY_BREAK case 21: /* rule 21 can match eol */ YY_RULE_SETUP -#line 210 "libxlu_disk_l.l" +#line 218 "libxlu_disk_l.l" +{ STRIP(','); SAVESTRING("active-disk", active_disk, FROMEQUALS); } + YY_BREAK +case 22: +/* rule 22 can match eol */ +YY_RULE_SETUP +#line 219 "libxlu_disk_l.l" { STRIP(','); SAVESTRING("hidden-disk", hidden_disk, FROMEQUALS); } YY_BREAK /* the target magic parameter, eats the rest of the string */ -case 22: +case 23: YY_RULE_SETUP -#line 214 "libxlu_disk_l.l" +#line 223 "libxlu_disk_l.l" { STRIP(','); SAVESTRING("target", pdev_path, FROMEQUALS); } YY_BREAK /* unknown parameters */ -case 23: -/* rule 23 can match eol */ +case 24: +/* rule 24 can match eol */ YY_RULE_SETUP -#line 218 "libxlu_disk_l.l" +#line 227 "libxlu_disk_l.l" { xlu__disk_err(DPC,yytext,"unknown parameter"); } YY_BREAK /* deprecated prefixes */ /* the "/.*" in these patterns ensures that they count as if they * matched the whole string, so these patterns take precedence */ -case 24: +case 25: YY_RULE_SETUP -#line 225 "libxlu_disk_l.l" +#line 234 "libxlu_disk_l.l" { STRIP(':'); DPC->had_depr_prefix=1; DEPRECATE("use `[format=]...,'"); setformat(DPC, yytext); } YY_BREAK -case 25: +case 26: YY_RULE_SETUP -#line 231 "libxlu_disk_l.l" +#line 240 "libxlu_disk_l.l" { char *newscript; STRIP(':'); @@ -1731,65 +1762,65 @@ YY_RULE_SETUP free(newscript); } YY_BREAK -case 26: +case 27: *yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */ yyg->yy_c_buf_p = yy_cp = yy_bp + 8; YY_DO_BEFORE_ACTION; /* set up yytext again */ YY_RULE_SETUP -#line 244 "libxlu_disk_l.l" +#line 253 "libxlu_disk_l.l" { DPC->had_depr_prefix=1; DEPRECATE(0); } YY_BREAK -case 27: +case 28: YY_RULE_SETUP -#line 245 "libxlu_disk_l.l" +#line 254 "libxlu_disk_l.l" { DPC->had_depr_prefix=1; DEPRECATE(0); } YY_BREAK -case 28: +case 29: *yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */ yyg->yy_c_buf_p = yy_cp = yy_bp + 4; YY_DO_BEFORE_ACTION; /* set up yytext again */ YY_RULE_SETUP -#line 246 "libxlu_disk_l.l" +#line 255 "libxlu_disk_l.l" { DPC->had_depr_prefix=1; DEPRECATE(0); } YY_BREAK -case 29: +case 30: *yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */ yyg->yy_c_buf_p = yy_cp = yy_bp + 6; YY_DO_BEFORE_ACTION; /* set up yytext again */ YY_RULE_SETUP -#line 247 "libxlu_disk_l.l" +#line 256 "libxlu_disk_l.l" { DPC->had_depr_prefix=1; DEPRECATE(0); } YY_BREAK -case 30: +case 31: *yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */ yyg->yy_c_buf_p = yy_cp = yy_bp + 5; YY_DO_BEFORE_ACTION; /* set up yytext again */ YY_RULE_SETUP -#line 248 "libxlu_disk_l.l" +#line 257 "libxlu_disk_l.l" { DPC->had_depr_prefix=1; DEPRECATE(0); } YY_BREAK -case 31: +case 32: *yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */ yyg->yy_c_buf_p = yy_cp = yy_bp + 4; YY_DO_BEFORE_ACTION; /* set up yytext again */ YY_RULE_SETUP -#line 249 "libxlu_disk_l.l" +#line 258 "libxlu_disk_l.l" { DPC->had_depr_prefix=1; DEPRECATE(0); } YY_BREAK -case 32: -/* rule 32 can match eol */ +case 33: +/* rule 33 can match eol */ YY_RULE_SETUP -#line 251 "libxlu_disk_l.l" +#line 260 "libxlu_disk_l.l" { xlu__disk_err(DPC,yytext,"unknown deprecated disk prefix"); return 0; } YY_BREAK /* positional parameters */ -case 33: -/* rule 33 can match eol */ +case 34: +/* rule 34 can match eol */ YY_RULE_SETUP -#line 258 "libxlu_disk_l.l" +#line 267 "libxlu_disk_l.l" { STRIP(','); @@ -1816,27 +1847,27 @@ YY_RULE_SETUP } } YY_BREAK -case 34: +case 35: YY_RULE_SETUP -#line 284 "libxlu_disk_l.l" +#line 293 "libxlu_disk_l.l" { BEGIN(LEXERR); yymore(); } YY_BREAK -case 35: +case 36: YY_RULE_SETUP -#line 288 "libxlu_disk_l.l" +#line 297 "libxlu_disk_l.l" { xlu__disk_err(DPC,yytext,"bad disk syntax"); return 0; } YY_BREAK -case 36: +case 37: YY_RULE_SETUP -#line 291 "libxlu_disk_l.l" +#line 300 "libxlu_disk_l.l" YY_FATAL_ERROR( "flex scanner jammed" ); YY_BREAK -#line 1839 "libxlu_disk_l.c" +#line 1870 "libxlu_disk_l.c" case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(LEXERR): yyterminate(); @@ -2104,7 +2135,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 355 ) + if ( yy_current_state >= 372 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; @@ -2128,11 +2159,11 @@ static int yy_get_next_buffer (yyscan_t yyscanner) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 355 ) + if ( yy_current_state >= 372 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; - yy_is_jam = (yy_current_state == 354); + yy_is_jam = (yy_current_state == 371); if ( ! yy_is_jam ) *yyg->yy_state_ptr++ = yy_current_state; @@ -2941,4 +2972,4 @@ void yyfree (void * ptr , yyscan_t yyscanner) #define YYTABLES_NAME "yytables" -#line 291 "libxlu_disk_l.l" +#line 300 "libxlu_disk_l.l" diff --git a/tools/libs/util/libxlu_disk_l.h b/tools/libs/util/libxlu_disk_l.h index 6abeecf279..509aad67dc 100644 --- a/tools/libs/util/libxlu_disk_l.h +++ b/tools/libs/util/libxlu_disk_l.h @@ -694,7 +694,7 @@ extern int yylex (yyscan_t yyscanner); #undef yyTABLES_NAME #endif -#line 291 "libxlu_disk_l.l" +#line 300 "libxlu_disk_l.l" #line 699 "libxlu_disk_l.h" #undef xlu__disk_yyIN_HEADER diff --git a/tools/libs/util/libxlu_disk_l.l b/tools/libs/util/libxlu_disk_l.l index e115460d99..6d53c093a3 100644 --- a/tools/libs/util/libxlu_disk_l.l +++ b/tools/libs/util/libxlu_disk_l.l @@ -122,9 +122,17 @@ static void setbackendtype(DiskParseContext *dpc, const char *str) { if ( !strcmp(str,"phy")) DSET(dpc,backend,BACKEND,str,PHY); else if (!strcmp(str,"tap")) DSET(dpc,backend,BACKEND,str,TAP); else if (!strcmp(str,"qdisk")) DSET(dpc,backend,BACKEND,str,QDISK); + else if (!strcmp(str,"standalone")) DSET(dpc,backend,BACKEND,str,STANDALONE); else xlu__disk_err(dpc,str,"unknown value for backendtype"); } +/* Sets ->specification from the string. IDL should provide something for this. */ +static void setspecification(DiskParseContext *dpc, const char *str) { + if (!strcmp(str,"xen")) DSET(dpc,specification,SPECIFICATION,str,XEN); + else if (!strcmp(str,"virtio")) DSET(dpc,specification,SPECIFICATION,str,VIRTIO); + else xlu__disk_err(dpc,str,"unknown value for specification"); +} + /* Sets ->colo-port from the string. COLO need this. */ static void setcoloport(DiskParseContext *dpc, const char *str) { int port = atoi(str); @@ -192,6 +200,7 @@ devtype=[^,]*,? { xlu__disk_err(DPC,yytext,"unknown value for type"); } access=[^,]*,? { STRIP(','); setaccess(DPC, FROMEQUALS); } backend=[^,]*,? { STRIP(','); SAVESTRING("backend", backend_domname, FROMEQUALS); } backendtype=[^,]*,? { STRIP(','); setbackendtype(DPC,FROMEQUALS); } +specification=[^,]*,? { STRIP(','); setspecification(DPC,FROMEQUALS); } vdev=[^,]*,? { STRIP(','); SAVESTRING("vdev", vdev, FROMEQUALS); } script=[^,]*,? { STRIP(','); SAVESTRING("script", script, FROMEQUALS); } diff --git a/tools/xl/xl_block.c b/tools/xl/xl_block.c index 70eed431e4..8836c07d6b 100644 --- a/tools/xl/xl_block.c +++ b/tools/xl/xl_block.c @@ -119,6 +119,12 @@ int main_blockdetach(int argc, char **argv) fprintf(stderr, "Error: Device %s not connected.\n", argv[optind+1]); return 1; } + + if (disk.specification == LIBXL_DISK_SPECIFICATION_VIRTIO) { + fprintf(stderr, "Hotunplug isn't supported for specification virtio\n"); + return 1; + } + rc = !force ? libxl_device_disk_safe_remove(ctx, domid, &disk, 0) : libxl_device_disk_destroy(ctx, domid, &disk, 0); if (rc) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Jul 28 18:33:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Jul 2022 18:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377031.610090 (Exim 4.92) (envelope-from ) id 1oH8Jv-0000pN-Nr; Thu, 28 Jul 2022 18:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377031.610090; Thu, 28 Jul 2022 18:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oH8Jv-0000pF-LB; Thu, 28 Jul 2022 18:33:15 +0000 Received: by outflank-mailman (input) for mailman id 377031; Thu, 28 Jul 2022 18:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oH8Ju-0000p7-JQ for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 18:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oH8Ju-0007Ta-IS for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 18:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oH8Ju-0008SI-HM for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 18:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Vq1gULaFCwAqOdBNIWo/rEps2PSrsodM9mqYBkcY/2Y=; b=Wws6ZD3WV/rYsKWf+5a9JvfnLZ mEHmFcMHqdPBi9m53hoIwCwcWtoRV0G2v2dArMZNcEUPPUoQ8cuL/jBTbihI78i6qUnwQhvXyRfie mGGbaudqx8zf5fUybMF72D1fWbJNoRY34T4E2wLs/NV+Dl6Iy8j+VncnVZZTVMN68luw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxl: Introduce basic virtio-mmio support on Arm Message-Id: Date: Thu, 28 Jul 2022 18:33:14 +0000 commit 2128143c114c52c7536e37c32935fdd77f23edc1 Author: Julien Grall AuthorDate: Fri Jul 15 22:20:25 2022 +0300 Commit: Julien Grall CommitDate: Thu Jul 28 19:26:37 2022 +0100 libxl: Introduce basic virtio-mmio support on Arm This patch introduces helpers to allocate Virtio MMIO params (IRQ and memory region) and create specific device node in the Guest device-tree with allocated params. In order to deal with multiple Virtio devices, reserve corresponding ranges. For now, we reserve 1MB for memory regions and 10 SPIs. As these helpers should be used for every Virtio device attached to the Guest, call them for Virtio disk(s). Please note, with statically allocated Virtio IRQs there is a risk of a clash with a physical IRQs of passthrough devices. For the first version, it's fine, but we should consider allocating the Virtio IRQs automatically. Thankfully, we know in advance which IRQs will be used for passthrough to be able to choose non-clashed ones. Signed-off-by: Julien Grall Signed-off-by: Oleksandr Tyshchenko Reviewed-by: Stefano Stabellini Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_arm.c | 121 +++++++++++++++++++++++++++++++++++++++++- xen/include/public/arch-arm.h | 7 +++ 2 files changed, 126 insertions(+), 2 deletions(-) diff --git a/tools/libs/light/libxl_arm.c b/tools/libs/light/libxl_arm.c index 7dee2afd4b..866e58c66b 100644 --- a/tools/libs/light/libxl_arm.c +++ b/tools/libs/light/libxl_arm.c @@ -8,6 +8,46 @@ #include #include +/* + * There is no clear requirements for the total size of Virtio MMIO region. + * The size of control registers is 0x100 and device-specific configuration + * registers starts at the offset 0x100, however it's size depends on the device + * and the driver. Pick the biggest known size at the moment to cover most + * of the devices (also consider allowing the user to configure the size via + * config file for the one not conforming with the proposed value). + */ +#define VIRTIO_MMIO_DEV_SIZE xen_mk_ullong(0x200) + +static uint64_t alloc_virtio_mmio_base(libxl__gc *gc, uint64_t *virtio_mmio_base) +{ + uint64_t base = *virtio_mmio_base; + + /* Make sure we have enough reserved resources */ + if (base + VIRTIO_MMIO_DEV_SIZE > + GUEST_VIRTIO_MMIO_BASE + GUEST_VIRTIO_MMIO_SIZE) { + LOG(ERROR, "Ran out of reserved range for Virtio MMIO BASE 0x%"PRIx64"\n", + base); + return 0; + } + *virtio_mmio_base += VIRTIO_MMIO_DEV_SIZE; + + return base; +} + +static uint32_t alloc_virtio_mmio_irq(libxl__gc *gc, uint32_t *virtio_mmio_irq) +{ + uint32_t irq = *virtio_mmio_irq; + + /* Make sure we have enough reserved resources */ + if (irq > GUEST_VIRTIO_MMIO_SPI_LAST) { + LOG(ERROR, "Ran out of reserved range for Virtio MMIO IRQ %u\n", irq); + return 0; + } + (*virtio_mmio_irq)++; + + return irq; +} + static const char *gicv_to_string(libxl_gic_version gic_version) { switch (gic_version) { @@ -26,8 +66,10 @@ int libxl__arch_domain_prepare_config(libxl__gc *gc, { uint32_t nr_spis = 0; unsigned int i; - uint32_t vuart_irq; - bool vuart_enabled = false; + uint32_t vuart_irq, virtio_irq = 0; + bool vuart_enabled = false, virtio_enabled = false; + uint64_t virtio_mmio_base = GUEST_VIRTIO_MMIO_BASE; + uint32_t virtio_mmio_irq = GUEST_VIRTIO_MMIO_SPI_FIRST; /* * If pl011 vuart is enabled then increment the nr_spis to allow allocation @@ -39,6 +81,35 @@ int libxl__arch_domain_prepare_config(libxl__gc *gc, vuart_enabled = true; } + for (i = 0; i < d_config->num_disks; i++) { + libxl_device_disk *disk = &d_config->disks[i]; + + if (disk->specification == LIBXL_DISK_SPECIFICATION_VIRTIO) { + disk->base = alloc_virtio_mmio_base(gc, &virtio_mmio_base); + if (!disk->base) + return ERROR_FAIL; + + disk->irq = alloc_virtio_mmio_irq(gc, &virtio_mmio_irq); + if (!disk->irq) + return ERROR_FAIL; + + if (virtio_irq < disk->irq) + virtio_irq = disk->irq; + virtio_enabled = true; + + LOG(DEBUG, "Allocate Virtio MMIO params for Vdev %s: IRQ %u BASE 0x%"PRIx64, + disk->vdev, disk->irq, disk->base); + } + } + + /* + * Every virtio-mmio device uses one emulated SPI. If Virtio devices are + * present, make sure that we allocate enough SPIs for them. + * The resulting "nr_spis" needs to cover the highest possible SPI. + */ + if (virtio_enabled) + nr_spis = max(nr_spis, virtio_irq - 32 + 1); + for (i = 0; i < d_config->b_info.num_irqs; i++) { uint32_t irq = d_config->b_info.irqs[i]; uint32_t spi; @@ -58,6 +129,13 @@ int libxl__arch_domain_prepare_config(libxl__gc *gc, return ERROR_FAIL; } + /* The same check as for vpl011 */ + if (virtio_enabled && + (irq >= GUEST_VIRTIO_MMIO_SPI_FIRST && irq <= virtio_irq)) { + LOG(ERROR, "Physical IRQ %u conflicting with Virtio MMIO IRQ range\n", irq); + return ERROR_FAIL; + } + if (irq < 32) continue; @@ -787,6 +865,37 @@ static int make_vpci_node(libxl__gc *gc, void *fdt, return 0; } + +static int make_virtio_mmio_node(libxl__gc *gc, void *fdt, + uint64_t base, uint32_t irq) +{ + int res; + gic_interrupt intr; + const char *name = GCSPRINTF("virtio@%"PRIx64, base); + + res = fdt_begin_node(fdt, name); + if (res) return res; + + res = fdt_property_compat(gc, fdt, 1, "virtio,mmio"); + if (res) return res; + + res = fdt_property_regs(gc, fdt, GUEST_ROOT_ADDRESS_CELLS, GUEST_ROOT_SIZE_CELLS, + 1, base, VIRTIO_MMIO_DEV_SIZE); + if (res) return res; + + set_interrupt(intr, irq, 0xf, DT_IRQ_TYPE_EDGE_RISING); + res = fdt_property_interrupts(gc, fdt, &intr, 1); + if (res) return res; + + res = fdt_property(fdt, "dma-coherent", NULL, 0); + if (res) return res; + + res = fdt_end_node(fdt); + if (res) return res; + + return 0; +} + static const struct arch_info *get_arch_info(libxl__gc *gc, const struct xc_dom_image *dom) { @@ -988,6 +1097,7 @@ static int libxl__prepare_dtb(libxl__gc *gc, libxl_domain_config *d_config, size_t fdt_size = 0; int pfdt_size = 0; libxl_domain_build_info *const info = &d_config->b_info; + unsigned int i; const libxl_version_info *vers; const struct arch_info *ainfo; @@ -1094,6 +1204,13 @@ next_resize: if (d_config->num_pcidevs) FDT( make_vpci_node(gc, fdt, ainfo, dom) ); + for (i = 0; i < d_config->num_disks; i++) { + libxl_device_disk *disk = &d_config->disks[i]; + + if (disk->specification == LIBXL_DISK_SPECIFICATION_VIRTIO) + FDT( make_virtio_mmio_node(gc, fdt, disk->base, disk->irq) ); + } + if (pfdt) FDT( copy_partial_fdt(gc, fdt, pfdt) ); diff --git a/xen/include/public/arch-arm.h b/xen/include/public/arch-arm.h index ab05fe12b0..c8b6058d3a 100644 --- a/xen/include/public/arch-arm.h +++ b/xen/include/public/arch-arm.h @@ -407,6 +407,10 @@ typedef uint64_t xen_callback_t; /* Physical Address Space */ +/* Virtio MMIO mappings */ +#define GUEST_VIRTIO_MMIO_BASE xen_mk_ullong(0x02000000) +#define GUEST_VIRTIO_MMIO_SIZE xen_mk_ullong(0x00100000) + /* * vGIC mappings: Only one set of mapping is used by the guest. * Therefore they can overlap. @@ -493,6 +497,9 @@ typedef uint64_t xen_callback_t; #define GUEST_VPL011_SPI 32 +#define GUEST_VIRTIO_MMIO_SPI_FIRST 33 +#define GUEST_VIRTIO_MMIO_SPI_LAST 43 + /* PSCI functions */ #define PSCI_cpu_suspend 0 #define PSCI_cpu_off 1 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Jul 28 18:33:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Jul 2022 18:33:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377032.610094 (Exim 4.92) (envelope-from ) id 1oH8K5-0000rs-PS; Thu, 28 Jul 2022 18:33:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377032.610094; Thu, 28 Jul 2022 18:33:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oH8K5-0000rk-Mh; Thu, 28 Jul 2022 18:33:25 +0000 Received: by outflank-mailman (input) for mailman id 377032; Thu, 28 Jul 2022 18:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oH8K4-0000rX-M6 for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 18:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oH8K4-0007Tv-LE for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 18:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oH8K4-0008Sq-Kg for xen-changelog@lists.xenproject.org; Thu, 28 Jul 2022 18:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fi0LsfD4Hy6CqiBoSWM03YvcjmSIWebWUdHGnChh08g=; b=m4j+RT2eMVXVsjAp7LHeXCAyqv tSvop5d+8ycrQVnnoWPsbopZBhQZtZcmhIDkjnrYXbpMKz48HjIjE/qoOdY0OW4K0rgrxUbfWw86k cGAh0akBjMxc55le3gBhBicUjo0qLJ78dFZp8CuiESu5gdJa7XWyqLRChcd3MeKJErJA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxl/arm: Create specific IOMMU node to be referred by virtio-mmio device Message-Id: Date: Thu, 28 Jul 2022 18:33:24 +0000 commit ca45d3cb4586372909f350e54482246f994e1bc7 Author: Oleksandr Tyshchenko AuthorDate: Fri Jul 15 22:20:26 2022 +0300 Commit: Julien Grall CommitDate: Thu Jul 28 19:26:37 2022 +0100 libxl/arm: Create specific IOMMU node to be referred by virtio-mmio device Reuse generic IOMMU device tree bindings to communicate Xen specific information for the virtio devices for which the restricted memory access using Xen grant mappings need to be enabled. Insert "iommus" property pointed to the IOMMU node with "xen,grant-dma" compatible to all virtio devices which backends are going to run in non-hardware domains (which are non-trusted by default). Based on device-tree binding from Linux: Documentation/devicetree/bindings/iommu/xen,grant-dma.yaml The example of generated nodes: xen_iommu { compatible = "xen,grant-dma"; #iommu-cells = <0x01>; phandle = <0xfde9>; }; virtio@2000000 { compatible = "virtio,mmio"; reg = <0x00 0x2000000 0x00 0x200>; interrupts = <0x00 0x01 0xf01>; interrupt-parent = <0xfde8>; dma-coherent; iommus = <0xfde9 0x01>; }; virtio@2000200 { compatible = "virtio,mmio"; reg = <0x00 0x2000200 0x00 0x200>; interrupts = <0x00 0x02 0xf01>; interrupt-parent = <0xfde8>; dma-coherent; iommus = <0xfde9 0x01>; }; Signed-off-by: Oleksandr Tyshchenko Reviewed-by: Stefano Stabellini Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_arm.c | 49 ++++++++++++++++++++++++++++++++--- xen/include/public/device_tree_defs.h | 3 ++- 2 files changed, 48 insertions(+), 4 deletions(-) diff --git a/tools/libs/light/libxl_arm.c b/tools/libs/light/libxl_arm.c index 866e58c66b..1a3ac1646e 100644 --- a/tools/libs/light/libxl_arm.c +++ b/tools/libs/light/libxl_arm.c @@ -865,9 +865,32 @@ static int make_vpci_node(libxl__gc *gc, void *fdt, return 0; } +static int make_xen_iommu_node(libxl__gc *gc, void *fdt) +{ + int res; + + /* See Linux Documentation/devicetree/bindings/iommu/xen,grant-dma.yaml */ + res = fdt_begin_node(fdt, "xen_iommu"); + if (res) return res; + + res = fdt_property_compat(gc, fdt, 1, "xen,grant-dma"); + if (res) return res; + + res = fdt_property_cell(fdt, "#iommu-cells", 1); + if (res) return res; + + res = fdt_property_cell(fdt, "phandle", GUEST_PHANDLE_IOMMU); + if (res) return res; + + res = fdt_end_node(fdt); + if (res) return res; + + return 0; +} static int make_virtio_mmio_node(libxl__gc *gc, void *fdt, - uint64_t base, uint32_t irq) + uint64_t base, uint32_t irq, + uint32_t backend_domid) { int res; gic_interrupt intr; @@ -890,6 +913,16 @@ static int make_virtio_mmio_node(libxl__gc *gc, void *fdt, res = fdt_property(fdt, "dma-coherent", NULL, 0); if (res) return res; + if (backend_domid != LIBXL_TOOLSTACK_DOMID) { + uint32_t iommus_prop[2]; + + iommus_prop[0] = cpu_to_fdt32(GUEST_PHANDLE_IOMMU); + iommus_prop[1] = cpu_to_fdt32(backend_domid); + + res = fdt_property(fdt, "iommus", iommus_prop, sizeof(iommus_prop)); + if (res) return res; + } + res = fdt_end_node(fdt); if (res) return res; @@ -1097,6 +1130,7 @@ static int libxl__prepare_dtb(libxl__gc *gc, libxl_domain_config *d_config, size_t fdt_size = 0; int pfdt_size = 0; libxl_domain_build_info *const info = &d_config->b_info; + bool iommu_created; unsigned int i; const libxl_version_info *vers; @@ -1204,11 +1238,20 @@ next_resize: if (d_config->num_pcidevs) FDT( make_vpci_node(gc, fdt, ainfo, dom) ); + iommu_created = false; for (i = 0; i < d_config->num_disks; i++) { libxl_device_disk *disk = &d_config->disks[i]; - if (disk->specification == LIBXL_DISK_SPECIFICATION_VIRTIO) - FDT( make_virtio_mmio_node(gc, fdt, disk->base, disk->irq) ); + if (disk->specification == LIBXL_DISK_SPECIFICATION_VIRTIO) { + if (disk->backend_domid != LIBXL_TOOLSTACK_DOMID && + !iommu_created) { + FDT( make_xen_iommu_node(gc, fdt) ); + iommu_created = true; + } + + FDT( make_virtio_mmio_node(gc, fdt, disk->base, disk->irq, + disk->backend_domid) ); + } } if (pfdt) diff --git a/xen/include/public/device_tree_defs.h b/xen/include/public/device_tree_defs.h index 209d43de3f..228daafe81 100644 --- a/xen/include/public/device_tree_defs.h +++ b/xen/include/public/device_tree_defs.h @@ -4,9 +4,10 @@ #if defined(__XEN__) || defined(__XEN_TOOLS__) /* * The device tree compiler (DTC) is allocating the phandle from 1 to - * onwards. Reserve a high value for the GIC phandle. + * onwards. Reserve high values for the specific phandles. */ #define GUEST_PHANDLE_GIC (65000) +#define GUEST_PHANDLE_IOMMU (GUEST_PHANDLE_GIC + 1) #define GUEST_ROOT_ADDRESS_CELLS 2 #define GUEST_ROOT_SIZE_CELLS 2 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 00:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 00:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377238.610348 (Exim 4.92) (envelope-from ) id 1oHDar-0001A2-IX; Fri, 29 Jul 2022 00:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377238.610348; Fri, 29 Jul 2022 00:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHDar-00019t-EU; Fri, 29 Jul 2022 00:11:05 +0000 Received: by outflank-mailman (input) for mailman id 377238; Fri, 29 Jul 2022 00:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHDaq-00019n-Jz for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 00:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHDaq-0005pH-IB for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 00:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHDaq-0000TW-HV for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 00:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YYugXnzN8/zseVylbHqCe9gBsKDTIBN1X3SQKXCLF1E=; b=nH4utZ+LQaHzljUj1zH4OWGf3X tnXq9UhB1hhqpGaZN4uFxx77O0jEIYDz6J67KumT4fVlJH/0SqAv19ySIk5EDK7UuPmSpuJOUHYHN 42jA4U9G1+7x1+B47SFhnK4j2Ew4eK72XXb2A/6j4Htd0Z86OCTuvap4c5OlI1SCu0PY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation: Remove XEN_CONFIG_EXPERT leftovers Message-Id: Date: Fri, 29 Jul 2022 00:11:04 +0000 commit 37339ba9ef46cf55e077ca50235279f058b01779 Author: Xenia Ragiadakou AuthorDate: Thu Jul 28 10:58:55 2022 +0300 Commit: Stefano Stabellini CommitDate: Thu Jul 28 16:02:48 2022 -0700 automation: Remove XEN_CONFIG_EXPERT leftovers The EXPERT config option cannot anymore be selected via the environmental variable XEN_CONFIG_EXPERT. Remove stale references to XEN_CONFIG_EXPERT from the automation code. Signed-off-by: Xenia Ragiadakou Reviewed-by: Stefano Stabellini --- automation/build/README.md | 3 --- automation/scripts/build | 4 ++-- automation/scripts/containerize | 1 - 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/automation/build/README.md b/automation/build/README.md index 2137957408..00305eed03 100644 --- a/automation/build/README.md +++ b/automation/build/README.md @@ -65,9 +65,6 @@ understands. - CONTAINER_NO_PULL: If set to 1, the script will not pull from docker hub. This is useful when testing container locally. -- XEN_CONFIG_EXPERT: If this is defined in your shell it will be - automatically passed through to the container. - If your docker host has Linux kernel > 4.11, and you want to use containers that run old glibc (for example, CentOS 6 or SLES11SP4), you may need to add diff --git a/automation/scripts/build b/automation/scripts/build index 281f8b1fcc..21b3bc57c8 100755 --- a/automation/scripts/build +++ b/automation/scripts/build @@ -91,6 +91,6 @@ for cfg in `ls ${cfg_dir}`; do echo "Building $cfg" make -j$(nproc) -C xen clean rm -f xen/.config - make -C xen KBUILD_DEFCONFIG=../../../../${cfg_dir}/${cfg} XEN_CONFIG_EXPERT=y defconfig - make -j$(nproc) -C xen XEN_CONFIG_EXPERT=y + make -C xen KBUILD_DEFCONFIG=../../../../${cfg_dir}/${cfg} defconfig + make -j$(nproc) -C xen done diff --git a/automation/scripts/containerize b/automation/scripts/containerize index 8992c67278..9d4beca4fa 100755 --- a/automation/scripts/containerize +++ b/automation/scripts/containerize @@ -101,7 +101,6 @@ exec ${docker_cmd} run \ -v "${CONTAINER_PATH}":/build:rw${selinux} \ -v "${HOME}/.ssh":/root/.ssh:ro \ ${SSH_AUTH_DIR:+-v "${SSH_AUTH_DIR}":/tmp/ssh-agent${selinux}} \ - ${XEN_CONFIG_EXPERT:+-e XEN_CONFIG_EXPERT=${XEN_CONFIG_EXPERT}} \ ${CONTAINER_ARGS} \ -${termint}i --rm -- \ ${CONTAINER} \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 00:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 00:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377239.610351 (Exim 4.92) (envelope-from ) id 1oHDb1-0001Bz-Ij; Fri, 29 Jul 2022 00:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377239.610351; Fri, 29 Jul 2022 00:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHDb1-0001Br-G7; Fri, 29 Jul 2022 00:11:15 +0000 Received: by outflank-mailman (input) for mailman id 377239; Fri, 29 Jul 2022 00:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHDb0-0001Bh-MG for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 00:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHDb0-0005pP-LO for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 00:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHDb0-0000Tv-KV for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 00:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ys1MElgYtCSZhsEr+1LYo+5wRmCcn1Djpe84Npptzbk=; b=CTYZyq5b6sEGJWm8cpRF/Yx3ba SCWOGhglMjE0nh4B8ljjuFHM18379PCKkHpV1nrn4nvO57PxLkirAMUF2QPDYSpPelCoROd3H4R+C 2wx5DIs5ITr0HwbC4XOwP/yT6yQGUpcbBSKv2pfilX5bJabJZtE9XZnemZMii2/xv0Bs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation: arm64: Create a test job for testing static allocation on qemu Message-Id: Date: Fri, 29 Jul 2022 00:11:14 +0000 commit 108e6f282d2c2b8442ac9e1487e6fd7865cd6ede Author: Xenia Ragiadakou AuthorDate: Thu Jul 28 10:58:56 2022 +0300 Commit: Stefano Stabellini CommitDate: Thu Jul 28 16:17:46 2022 -0700 automation: arm64: Create a test job for testing static allocation on qemu Enable CONFIG_STATIC_MEMORY in the existing arm64 build. Create a new test job, called qemu-smoke-arm64-gcc-staticmem. Adjust qemu-smoke-arm64.sh script to accomodate the static memory test as a new test variant. The test variant is determined based on the first argument passed to the script. For testing static memory, the argument is 'static-mem'. The test configures DOM1 with a static memory region and adds a check in the init script. The check consists in comparing the contents of the /proc/device-tree memory entry with the static memory range with which DOM1 was configured. If the memory layout is correct, a message gets printed by DOM1. At the end of the qemu run, the script searches for the specific message in the logs and fails if not found. Signed-off-by: Xenia Ragiadakou Signed-off-by: Stefano Stabellini Reviewed-by: Penny Zheng Reviewed-by: Stefano Stabellini --- automation/gitlab-ci/test.yaml | 18 ++++++++++++++++++ automation/scripts/build | 10 +++++++++- automation/scripts/qemu-smoke-arm64.sh | 27 ++++++++++++++++++++++++++- 3 files changed, 53 insertions(+), 2 deletions(-) diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 26bdbcc3ea..6f9f64a8da 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -80,6 +80,24 @@ qemu-smoke-arm64-gcc: tags: - arm64 +qemu-smoke-arm64-gcc-staticmem: + extends: .test-jobs-common + variables: + CONTAINER: debian:unstable-arm64v8 + script: + - ./automation/scripts/qemu-smoke-arm64.sh static-mem 2>&1 | tee qemu-smoke-arm64.log + needs: + - debian-unstable-gcc-arm64 + - kernel-5.9.9-arm64-export + - qemu-system-aarch64-6.0.0-arm64-export + artifacts: + paths: + - smoke.serial + - '*.log' + when: always + tags: + - arm64 + qemu-smoke-arm32-gcc: extends: .test-jobs-common variables: diff --git a/automation/scripts/build b/automation/scripts/build index 21b3bc57c8..2b9f2d2b54 100755 --- a/automation/scripts/build +++ b/automation/scripts/build @@ -15,7 +15,15 @@ if [[ "${RANDCONFIG}" == "y" ]]; then make -j$(nproc) -C xen KCONFIG_ALLCONFIG=tools/kconfig/allrandom.config randconfig hypervisor_only="y" else - make -j$(nproc) -C xen defconfig + if [[ "${XEN_TARGET_ARCH}" = "arm64" ]]; then + echo " +CONFIG_EXPERT=y +CONFIG_UNSUPPORTED=y +CONFIG_STATIC_MEMORY=y" > xen/.config + make -j$(nproc) -C xen olddefconfig + else + make -j$(nproc) -C xen defconfig + fi fi # Save the config file before building because build failure causes the script diff --git a/automation/scripts/qemu-smoke-arm64.sh b/automation/scripts/qemu-smoke-arm64.sh index 53086a5ac7..898398196a 100755 --- a/automation/scripts/qemu-smoke-arm64.sh +++ b/automation/scripts/qemu-smoke-arm64.sh @@ -2,6 +2,25 @@ set -ex +test_variant=$1 + +passed="BusyBox" +check="" + +if [[ "${test_variant}" == "static-mem" ]]; then + # Memory range that is statically allocated to DOM1 + domu_base="50000000" + domu_size="10000000" + passed="${test_variant} test passed" + check=" +current=\$(hexdump -e '16/1 \"%02x\"' /proc/device-tree/memory@${domu_base}/reg 2>/dev/null) +expected=$(printf \"%016x%016x\" 0x${domu_base} 0x${domu_size}) +if [[ \"\${expected}\" == \"\${current}\" ]]; then + echo \"${passed}\" +fi +" +fi + # Install QEMU export DEBIAN_FRONTENT=noninteractive apt-get -qy update @@ -43,6 +62,7 @@ echo "#!/bin/sh mount -t proc proc /proc mount -t sysfs sysfs /sys mount -t devtmpfs devtmpfs /dev +${check} /bin/sh" > initrd/init chmod +x initrd/init cd initrd @@ -68,6 +88,11 @@ DOMU_MEM[0]="256" LOAD_CMD="tftpb" UBOOT_SOURCE="boot.source" UBOOT_SCRIPT="boot.scr"' > binaries/config + +if [[ "${test_variant}" == "static-mem" ]]; then + echo -e "\nDOMU_STATIC_MEM[0]=\"0x${domu_base} 0x${domu_size}\"" >> binaries/config +fi + rm -rf imagebuilder git clone https://gitlab.com/ViryaOS/imagebuilder bash imagebuilder/scripts/uboot-script-gen -t tftp -d binaries/ -c binaries/config @@ -89,5 +114,5 @@ timeout -k 1 240 \ -bios /usr/lib/u-boot/qemu_arm64/u-boot.bin |& tee smoke.serial set -e -(grep -q "^BusyBox" smoke.serial && grep -q "DOM1: BusyBox" smoke.serial) || exit 1 +(grep -q "^BusyBox" smoke.serial && grep -q "DOM1: ${passed}" smoke.serial) || exit 1 exit 0 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 06:55:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 06:55:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377352.610522 (Exim 4.92) (envelope-from ) id 1oHJtq-0001hV-IR; Fri, 29 Jul 2022 06:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377352.610522; Fri, 29 Jul 2022 06:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJtq-0001hN-FH; Fri, 29 Jul 2022 06:55:06 +0000 Received: by outflank-mailman (input) for mailman id 377352; Fri, 29 Jul 2022 06:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJto-0001hH-N6 for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJto-0003uM-JC for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHJto-0003cc-IJ for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Jm6jlu30x2xcfkIa0uIa9G43Jp91BoriER2/i5ZnoNk=; b=oFXWm9FJEkKiq7EycuNsipXGvN ndheYF9FBXSdnBvLVSfYm5l1fSuj0w0oF2XxOAXuawIIpFi0jNIpwjVAhFrun8K/wdPvCOStan890 ukbm0OLZsD0XsdC31V5CcFrSV+0R5Hhf4UbHHNJMMsLvA6a0uRPGVMTg3SpwayfNpiKw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/shadow: properly handle get_page() failing Message-Id: Date: Fri, 29 Jul 2022 06:55:04 +0000 commit 3629759626ac7201a670a8a2d4d4a536e7443575 Author: Jan Beulich AuthorDate: Fri Jul 29 08:48:26 2022 +0200 Commit: Jan Beulich CommitDate: Fri Jul 29 08:48:26 2022 +0200 x86/shadow: properly handle get_page() failing We should not blindly (in a release build) insert the new entry in the hash if a reference to the guest page cannot be obtained, or else an excess reference would be put when removing the hash entry again. Crash the domain in that case instead. The sole caller doesn't further care about the state of the guest page: All it does is return the corresponding shadow page (which was obtained successfully before) to its caller. To compensate we further need to adjust hash removal: Since the shadow page already has had its backlink set, domain cleanup code would try to destroy the shadow, and hence still cause a put_page() without corresponding get_page(). Leverage that the failed get_page() leads to no hash insertion, making shadow_hash_delete() no longer assume it will find the requested entry. Instead return back whether the entry was found. This way delete_shadow_status() can avoid calling put_page() in the problem scenario. For the other caller of shadow_hash_delete() simply reinstate the otherwise dropped assertion at the call site. While touching the conditionals in {set,delete}_shadow_status() anyway, also switch around their two pre-existing parts, to have the cheap one first (frequently allowing to avoid evaluation of the expensive - due to evaluate_nospec() - one altogether). Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/mm/shadow/common.c | 10 ++++++---- xen/arch/x86/mm/shadow/multi.c | 8 +++++++- xen/arch/x86/mm/shadow/private.h | 19 ++++++++++--------- 3 files changed, 23 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index c37c3bb077..0fd00a2f96 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -1581,7 +1581,7 @@ void shadow_hash_insert(struct domain *d, unsigned long n, unsigned int t, sh_hash_audit_bucket(d, key); } -void shadow_hash_delete(struct domain *d, unsigned long n, unsigned int t, +bool shadow_hash_delete(struct domain *d, unsigned long n, unsigned int t, mfn_t smfn) /* Excise the mapping (n,t)->smfn from the hash table */ { @@ -1606,10 +1606,8 @@ void shadow_hash_delete(struct domain *d, unsigned long n, unsigned int t, { /* Need to search for the one we want */ x = d->arch.paging.shadow.hash_table[key]; - while ( 1 ) + while ( x ) { - ASSERT(x); /* We can't have hit the end, since our target is - * still in the chain somehwere... */ if ( next_shadow(x) == sp ) { x->next_shadow = sp->next_shadow; @@ -1617,10 +1615,14 @@ void shadow_hash_delete(struct domain *d, unsigned long n, unsigned int t, } x = next_shadow(x); } + if ( !x ) + return false; } set_next_shadow(sp, NULL); sh_hash_audit_bucket(d, key); + + return true; } typedef int (*hash_vcpu_callback_t)(struct vcpu *v, mfn_t smfn, mfn_t other_mfn); diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c index b0b1c31ee0..869d7baed0 100644 --- a/xen/arch/x86/mm/shadow/multi.c +++ b/xen/arch/x86/mm/shadow/multi.c @@ -132,7 +132,13 @@ delete_fl1_shadow_status(struct domain *d, gfn_t gfn, mfn_t smfn) SHADOW_PRINTK("gfn=%"SH_PRI_gfn", type=%08x, smfn=%"PRI_mfn"\n", gfn_x(gfn), SH_type_fl1_shadow, mfn_x(smfn)); ASSERT(mfn_to_page(smfn)->u.sh.head); - shadow_hash_delete(d, gfn_x(gfn), SH_type_fl1_shadow, smfn); + if ( !shadow_hash_delete(d, gfn_x(gfn), SH_type_fl1_shadow, smfn) ) + { + printk(XENLOG_G_ERR + "%pd: %"PRI_gfn":FL1 hash entry not found for %"PRI_mfn"\n", + d, gfn_x(gfn), mfn_x(smfn)); + domain_crash(d); + } } diff --git a/xen/arch/x86/mm/shadow/private.h b/xen/arch/x86/mm/shadow/private.h index 3dc024e30f..3a74f45362 100644 --- a/xen/arch/x86/mm/shadow/private.h +++ b/xen/arch/x86/mm/shadow/private.h @@ -375,7 +375,7 @@ shadow_size(unsigned int shadow_type) mfn_t shadow_hash_lookup(struct domain *d, unsigned long n, unsigned int t); void shadow_hash_insert(struct domain *d, unsigned long n, unsigned int t, mfn_t smfn); -void shadow_hash_delete(struct domain *d, +bool shadow_hash_delete(struct domain *d, unsigned long n, unsigned int t, mfn_t smfn); /* shadow promotion */ @@ -773,18 +773,19 @@ static inline void set_shadow_status(struct domain *d, mfn_t gmfn, u32 shadow_type, mfn_t smfn) /* Put a shadow into the hash table */ { - int res; - SHADOW_PRINTK("d%d gmfn=%lx, type=%08x, smfn=%lx\n", d->domain_id, mfn_x(gmfn), shadow_type, mfn_x(smfn)); ASSERT(mfn_to_page(smfn)->u.sh.head); /* 32-bit PV guests don't own their l4 pages so can't get_page them */ - if ( !is_pv_32bit_domain(d) || shadow_type != SH_type_l4_64_shadow ) + if ( (shadow_type != SH_type_l4_64_shadow || !is_pv_32bit_domain(d)) && + !get_page(mfn_to_page(gmfn), d) ) { - res = get_page(mfn_to_page(gmfn), d); - ASSERT(res == 1); + printk(XENLOG_G_ERR "%pd: cannot get page for MFN %" PRI_mfn "\n", + d, mfn_x(gmfn)); + domain_crash(d); + return; } shadow_hash_insert(d, mfn_x(gmfn), shadow_type, smfn); @@ -797,9 +798,9 @@ delete_shadow_status(struct domain *d, mfn_t gmfn, u32 shadow_type, mfn_t smfn) SHADOW_PRINTK("d%d gmfn=%"PRI_mfn", type=%08x, smfn=%"PRI_mfn"\n", d->domain_id, mfn_x(gmfn), shadow_type, mfn_x(smfn)); ASSERT(mfn_to_page(smfn)->u.sh.head); - shadow_hash_delete(d, mfn_x(gmfn), shadow_type, smfn); - /* 32-bit PV guests don't own their l4 pages; see set_shadow_status */ - if ( !is_pv_32bit_domain(d) || shadow_type != SH_type_l4_64_shadow ) + if ( shadow_hash_delete(d, mfn_x(gmfn), shadow_type, smfn) && + /* 32-bit PV guests don't own their l4 pages; see set_shadow_status */ + (shadow_type != SH_type_l4_64_shadow || !is_pv_32bit_domain(d)) ) put_page(mfn_to_page(gmfn)); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 06:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 06:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377353.610526 (Exim 4.92) (envelope-from ) id 1oHJu0-0001kS-LF; Fri, 29 Jul 2022 06:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377353.610526; Fri, 29 Jul 2022 06:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJu0-0001kK-Ig; Fri, 29 Jul 2022 06:55:16 +0000 Received: by outflank-mailman (input) for mailman id 377353; Fri, 29 Jul 2022 06:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJty-0001jy-Ni for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJty-0003uQ-MS for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHJty-0003dA-Ld for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aw6io89wsF6VWSz8dqMqq/3184OdImHkv4H9hFuvOO0=; b=vdVY6dRfKslkg3bNPLdEvh7Eyh MWnqrdg93Z/Jzmob0jub4qK/YVJkmQ8iGUyl+p2cACwpcdxz9J/RiBrKCZIdqk5F8lhJwO/wzO2Lf /Ohj6v8CrBuchi/I5xVGLkqaX0mvU7oj03lqQM5h/S/PVLFmFBjYjzvsTQPHmkghi5G0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/shadow: exclude HVM-only code from sh_remove_shadows() when !HVM Message-Id: Date: Fri, 29 Jul 2022 06:55:14 +0000 commit 8a3b89e4307da260675483bb86fc06cc62ed7c08 Author: Jan Beulich AuthorDate: Fri Jul 29 08:49:06 2022 +0200 Commit: Jan Beulich CommitDate: Fri Jul 29 08:49:06 2022 +0200 x86/shadow: exclude HVM-only code from sh_remove_shadows() when !HVM In my (debug) build this amounts to well over 500 bytes of dead code. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/mm/shadow/common.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 0fd00a2f96..ca4afb74e4 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -2240,10 +2240,12 @@ void sh_remove_shadows(struct domain *d, mfn_t gmfn, int fast, int all) } \ } while (0) +#ifdef CONFIG_HVM DO_UNSHADOW(SH_type_l2_32_shadow); DO_UNSHADOW(SH_type_l1_32_shadow); DO_UNSHADOW(SH_type_l2_pae_shadow); DO_UNSHADOW(SH_type_l1_pae_shadow); +#endif DO_UNSHADOW(SH_type_l4_64_shadow); DO_UNSHADOW(SH_type_l3_64_shadow); DO_UNSHADOW(SH_type_l2h_64_shadow); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 06:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 06:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377354.610530 (Exim 4.92) (envelope-from ) id 1oHJuA-0001n7-Mt; Fri, 29 Jul 2022 06:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377354.610530; Fri, 29 Jul 2022 06:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJuA-0001mz-K8; Fri, 29 Jul 2022 06:55:26 +0000 Received: by outflank-mailman (input) for mailman id 377354; Fri, 29 Jul 2022 06:55:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJu8-0001mp-RE for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJu8-0003wH-Pu for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHJu8-0003du-P6 for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9s8mA65245IywhGqVn3MyM0zF5wumbmOGrR8NQgke/E=; b=ko8RbhMKv6dDt8hOZX1Vl6PTD1 OSfNkz2NTbdJdnO8gS/XclsoaJ8t2PhE1j1G3c2rqfwRaklAgmKJFNSbjSuYQTR+mE0cgWRFuQIIL ELz9Pqu2NotJ12Aoz9oj+EbBRrFC1kZe7jFap+xJ6Z0bHPZ6BIODzX5cEQ0nC00w+3zg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/shadow: don't open-code shadow_remove_all_shadows() Message-Id: Date: Fri, 29 Jul 2022 06:55:24 +0000 commit 5b04fe78646a8222626996113c9d1e598cb84831 Author: Jan Beulich AuthorDate: Fri Jul 29 08:49:48 2022 +0200 Commit: Jan Beulich CommitDate: Fri Jul 29 08:49:48 2022 +0200 x86/shadow: don't open-code shadow_remove_all_shadows() Let's use the existing inline wrapper instead of repeating respective commentary at every site. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/mm/shadow/common.c | 2 +- xen/arch/x86/mm/shadow/hvm.c | 2 +- xen/arch/x86/mm/shadow/multi.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index ca4afb74e4..0247f0c84e 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -389,7 +389,7 @@ static int oos_remove_write_access(struct vcpu *v, mfn_t gmfn, * the page. If that doesn't work either, the guest is granting * his pagetables and must be killed after all. * This will flush the tlb, so we can return with no worries. */ - sh_remove_shadows(d, gmfn, 0 /* Be thorough */, 1 /* Must succeed */); + shadow_remove_all_shadows(d, gmfn); return 1; } diff --git a/xen/arch/x86/mm/shadow/hvm.c b/xen/arch/x86/mm/shadow/hvm.c index 27dd99f1a1..9438a1a7ad 100644 --- a/xen/arch/x86/mm/shadow/hvm.c +++ b/xen/arch/x86/mm/shadow/hvm.c @@ -783,7 +783,7 @@ sh_remove_all_shadows_and_parents(struct domain *d, mfn_t gmfn) /* Even harsher: this is a HVM page that we thing is no longer a pagetable. * Unshadow it, and recursively unshadow pages that reference it. */ { - sh_remove_shadows(d, gmfn, 0, 1); + shadow_remove_all_shadows(d, gmfn); /* XXX TODO: * Rework this hashtable walker to return a linked-list of all * the shadows it modified, then do breadth-first recursion diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c index 869d7baed0..8626cebc3d 100644 --- a/xen/arch/x86/mm/shadow/multi.c +++ b/xen/arch/x86/mm/shadow/multi.c @@ -2637,7 +2637,7 @@ static int cf_check sh_page_fault( SHADOW_PRINTK("user-mode fault to PT, unshadowing mfn %#lx\n", mfn_x(gmfn)); perfc_incr(shadow_fault_emulate_failed); - sh_remove_shadows(d, gmfn, 0 /* thorough */, 1 /* must succeed */); + shadow_remove_all_shadows(d, gmfn); trace_shadow_emulate_other(TRC_SHADOW_EMULATE_UNSHADOW_USER, va, gfn); goto done; @@ -2723,7 +2723,7 @@ static int cf_check sh_page_fault( v->arch.paging.last_write_emul_ok = 0; } #endif - sh_remove_shadows(d, gmfn, 0 /* thorough */, 1 /* must succeed */); + shadow_remove_all_shadows(d, gmfn); trace_shadow_emulate_other(TRC_SHADOW_EMULATE_UNSHADOW_EVTINJ, va, gfn); return EXCRET_fault_fixed; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 06:55:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 06:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377355.610534 (Exim 4.92) (envelope-from ) id 1oHJuK-0001pc-O9; Fri, 29 Jul 2022 06:55:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377355.610534; Fri, 29 Jul 2022 06:55:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJuK-0001pU-Le; Fri, 29 Jul 2022 06:55:36 +0000 Received: by outflank-mailman (input) for mailman id 377355; Fri, 29 Jul 2022 06:55:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJuI-0001p9-VB for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJuI-0003wW-UN for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHJuI-0003eb-SZ for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oUS4mwLhVh+AmIMQGuqOYXy1P4SWpLn/Jg3OPX/cZHw=; b=C8Fo5U2N/CzczrR+VpcLLk+W1c iIB0j1cMe+WPS+/Yf9mjP6C32XotW5h38kE+NEg0qlIt5JSqpQpR9RffyrLVPg7LIfICkbv8QzN3h rQ7CArjcDvOk7tAEi4YgneLM5lbPxfJa8gBOzDvR3sgSgKdLeqN4F8BKpr8WA/EjSkgI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/shadow: drop CONFIG_HVM conditionals from sh_update_cr3() Message-Id: Date: Fri, 29 Jul 2022 06:55:34 +0000 commit 9ff3231f955cee4d62c7be6a03d061c037d7ca69 Author: Jan Beulich AuthorDate: Fri Jul 29 08:50:25 2022 +0200 Commit: Jan Beulich CommitDate: Fri Jul 29 08:50:25 2022 +0200 x86/shadow: drop CONFIG_HVM conditionals from sh_update_cr3() Now that we're not building multi.c anymore for 2 and 3 guest levels when !HVM, there's no point in having these conditionals anymore. (As somewhat a special case, the last of the removed conditionals really builds on shadow_mode_external() always returning false when !HVM.) This way the code becomes a tiny bit more readable. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/mm/shadow/multi.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c index 8626cebc3d..e10de449f1 100644 --- a/xen/arch/x86/mm/shadow/multi.c +++ b/xen/arch/x86/mm/shadow/multi.c @@ -3233,7 +3233,7 @@ static void cf_check sh_update_cr3(struct vcpu *v, int do_locking, bool noflush) { struct domain *d = v->domain; mfn_t gmfn; -#if GUEST_PAGING_LEVELS == 3 && defined(CONFIG_HVM) +#if GUEST_PAGING_LEVELS == 3 const guest_l3e_t *gl3e; unsigned int i, guest_idx; #endif @@ -3284,7 +3284,7 @@ static void cf_check sh_update_cr3(struct vcpu *v, int do_locking, bool noflush) #endif gmfn = pagetable_get_mfn(v->arch.guest_table); -#if GUEST_PAGING_LEVELS == 3 && defined(CONFIG_HVM) +#if GUEST_PAGING_LEVELS == 3 /* * On PAE guests we don't use a mapping of the guest's own top-level * table. We cache the current state of that table and shadow that, @@ -3326,8 +3326,6 @@ static void cf_check sh_update_cr3(struct vcpu *v, int do_locking, bool noflush) !VM_ASSIST(d, m2p_strict) ) fill_ro_mpt(smfn); } -#elif !defined(CONFIG_HVM) - ASSERT_UNREACHABLE(); #elif GUEST_PAGING_LEVELS == 3 /* PAE guests have four shadow_table entries, based on the * current values of the guest's four l3es. */ @@ -3378,8 +3376,6 @@ static void cf_check sh_update_cr3(struct vcpu *v, int do_locking, bool noflush) #error This should never happen #endif - -#ifdef CONFIG_HVM /// /// v->arch.paging.shadow.l3table /// @@ -3405,7 +3401,6 @@ static void cf_check sh_update_cr3(struct vcpu *v, int do_locking, bool noflush) } } #endif /* SHADOW_PAGING_LEVELS == 3 */ -#endif /* CONFIG_HVM */ /// /// v->arch.cr3 @@ -3424,8 +3419,6 @@ static void cf_check sh_update_cr3(struct vcpu *v, int do_locking, bool noflush) } #endif - -#ifdef CONFIG_HVM /// /// v->arch.hvm.hw_cr[3] /// @@ -3442,7 +3435,6 @@ static void cf_check sh_update_cr3(struct vcpu *v, int do_locking, bool noflush) #endif hvm_update_guest_cr3(v, noflush); } -#endif /* CONFIG_HVM */ /* Fix up the linear pagetable mappings */ sh_update_linear_entries(v); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 06:55:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 06:55:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377356.610538 (Exim 4.92) (envelope-from ) id 1oHJuU-0001tl-Ph; Fri, 29 Jul 2022 06:55:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377356.610538; Fri, 29 Jul 2022 06:55:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJuU-0001td-N9; Fri, 29 Jul 2022 06:55:46 +0000 Received: by outflank-mailman (input) for mailman id 377356; Fri, 29 Jul 2022 06:55:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJuT-0001tK-1p for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJuT-0003wx-0v for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHJuT-0003fB-0P for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jHCTp5rQ9P9nvYTTZSg/5n2h0XJRKkNrWUIyl13R+QM=; b=WvWEmfur0o/4gEyQTgb154PkRW lFQZkaYwRtV5D3lFYkiuNx0JRJUTo3jbCrl+xQh28kukWlhWA0zjd+b+wJD+XdLx/kvlx3+BPNeyn KHlIHear1JVTiXytQ4hntYhZpWN+Q0aFav3qYrYyhYk8mlSdf9+4Dz8g2fs9gP4cWQb8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xsm/dummy: fix MISRA C 2012 Directive 4.10 violation Message-Id: Date: Fri, 29 Jul 2022 06:55:45 +0000 commit 124f138b37d595294b3100349e26ffb3f1df7b13 Author: Xenia Ragiadakou AuthorDate: Fri Jul 29 08:50:58 2022 +0200 Commit: Jan Beulich CommitDate: Fri Jul 29 08:50:58 2022 +0200 xsm/dummy: fix MISRA C 2012 Directive 4.10 violation Protect header file from being included more than once by adding ifndef guard. Signed-off-by: Xenia Ragiadakou Reviewed-by: Luca Fancellu Acked-by: Daniel P. Smith --- xen/include/xsm/dummy.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 77f27e7163..8671af1ba4 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -15,6 +15,9 @@ * value of action. */ +#ifndef __XEN_XSM_DUMMY_H__ +#define __XEN_XSM_DUMMY_H__ + #include #include #include @@ -843,3 +846,5 @@ static XSM_INLINE int cf_check xsm_domain_resource_map( XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } + +#endif /* __XEN_XSM_DUMMY_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 06:55:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 06:55:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377357.610541 (Exim 4.92) (envelope-from ) id 1oHJue-0001wv-Qz; Fri, 29 Jul 2022 06:55:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377357.610541; Fri, 29 Jul 2022 06:55:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJue-0001wo-OZ; Fri, 29 Jul 2022 06:55:56 +0000 Received: by outflank-mailman (input) for mailman id 377357; Fri, 29 Jul 2022 06:55:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJud-0001wa-4g for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHJud-0003x7-3s for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHJud-0003ff-3E for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 06:55:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rCPFnlvsk0yXID7AI4lIauSxOX+AW8NN10vvC8t65R8=; b=VBccXi9U2lbNeF+tZGZGyorMsM GQMTqXJFkCYxCfCoxbvKHtG/2JjURViqv8oK5yvpTbUz4ynlc0vNAu1AADvIQbPylilrp6ChvuIvS 0rOEI+ZuxIxWeXl2zacnTPu5HrchtXWj+41SVkUxxYvj6U6WkU/0x+BIfr6QeeezTVxw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] arm/atomic: fix MISRA C 2012 Rule 20.7 violation Message-Id: Date: Fri, 29 Jul 2022 06:55:55 +0000 commit 062790aca6b1faea62c9ed2737c3791efb0d0f4c Author: Xenia Ragiadakou AuthorDate: Fri Jul 29 08:51:31 2022 +0200 Commit: Jan Beulich CommitDate: Fri Jul 29 08:51:31 2022 +0200 arm/atomic: fix MISRA C 2012 Rule 20.7 violation The macro parameter 'p' is used as an expression and needs to be enclosed in parentheses. Signed-off-by: Xenia Ragiadakou Reviewed-by: Stefano Stabellini --- xen/arch/arm/include/asm/atomic.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/include/asm/atomic.h b/xen/arch/arm/include/asm/atomic.h index ac2798d095..1f60c28b1b 100644 --- a/xen/arch/arm/include/asm/atomic.h +++ b/xen/arch/arm/include/asm/atomic.h @@ -123,15 +123,15 @@ static always_inline void write_atomic_size(volatile void *p, } #define read_atomic(p) ({ \ - union { typeof(*p) val; char c[0]; } x_; \ - read_atomic_size(p, x_.c, sizeof(*p)); \ + union { typeof(*(p)) val; char c[0]; } x_; \ + read_atomic_size(p, x_.c, sizeof(*(p))); \ x_.val; \ }) #define write_atomic(p, x) \ do { \ - typeof(*p) x_ = (x); \ - write_atomic_size(p, &x_, sizeof(*p)); \ + typeof(*(p)) x_ = (x); \ + write_atomic_size(p, &x_, sizeof(*(p))); \ } while ( false ) #define add_sized(p, x) ({ \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 22:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 22:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377895.611198 (Exim 4.92) (envelope-from ) id 1oHYCH-0005rs-7A; Fri, 29 Jul 2022 22:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377895.611198; Fri, 29 Jul 2022 22:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCH-0005rl-4J; Fri, 29 Jul 2022 22:11:05 +0000 Received: by outflank-mailman (input) for mailman id 377895; Fri, 29 Jul 2022 22:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCG-0005rf-F3 for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCG-0004Sd-Bm for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHYCG-0005ee-As for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9lXyNzxlZWYf9yPDt5Lp60yu5KUVUKps/T6B9fGD/ew=; b=SOPP1gebIOLmAIGTQKGDefLt7q xC1+L+4a759ICC2+naLCVs1Q3miecvZiKBHNsDKKWVAn1Qv0MXZuqJSpz9X5CQkGthVUI/ixGJ1tT ytv8IQrRNz72qu9jIf+qApFfEdSnvPv3ZNYf3Ipo32DFjrQwX/tSweIN9+TcC/C3etIk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Remove most of the *_VIRT_END defines Message-Id: Date: Fri, 29 Jul 2022 22:11:04 +0000 commit 6dc9a1fe982f52c709ed03df8fdc6d58c4d96826 Author: Julien Grall AuthorDate: Fri Jul 29 22:41:43 2022 +0100 Commit: Julien Grall CommitDate: Fri Jul 29 23:03:22 2022 +0100 xen/arm: Remove most of the *_VIRT_END defines At the moment, *_VIRT_END may either point to the address after the end or the last address of the region. The lack of consistency make quite difficult to reason with them. Furthermore, there is a risk of overflow in the case where the address points past to the end. I am not aware of any cases, so this is only a latent bug. Start to solve the problem by removing all the *_VIRT_END exclusively used by the Arm code and add *_VIRT_SIZE when it is not present. Take the opportunity to rename BOOT_FDT_SLOT_SIZE to BOOT_FDT_VIRT_SIZE for better consistency and use _AT(vaddr_t, ). Also take the opportunity to fix the coding style of the comment touched in mm.c. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis Reviewed-by: Luca Fancellu Tested-By: Luca Fancellu --- xen/arch/arm/include/asm/config.h | 18 ++++++++---------- xen/arch/arm/livepatch.c | 2 +- xen/arch/arm/mm.c | 13 ++++++++----- 3 files changed, 17 insertions(+), 16 deletions(-) diff --git a/xen/arch/arm/include/asm/config.h b/xen/arch/arm/include/asm/config.h index 3e2a55a910..66db618b34 100644 --- a/xen/arch/arm/include/asm/config.h +++ b/xen/arch/arm/include/asm/config.h @@ -111,12 +111,11 @@ #define FIXMAP_ADDR(n) (_AT(vaddr_t,0x00400000) + (n) * PAGE_SIZE) #define BOOT_FDT_VIRT_START _AT(vaddr_t,0x00600000) -#define BOOT_FDT_SLOT_SIZE MB(4) -#define BOOT_FDT_VIRT_END (BOOT_FDT_VIRT_START + BOOT_FDT_SLOT_SIZE) +#define BOOT_FDT_VIRT_SIZE _AT(vaddr_t, MB(4)) #ifdef CONFIG_LIVEPATCH #define LIVEPATCH_VMAP_START _AT(vaddr_t,0x00a00000) -#define LIVEPATCH_VMAP_END (LIVEPATCH_VMAP_START + MB(2)) +#define LIVEPATCH_VMAP_SIZE _AT(vaddr_t, MB(2)) #endif #define HYPERVISOR_VIRT_START XEN_VIRT_START @@ -132,18 +131,18 @@ #define FRAMETABLE_VIRT_END (FRAMETABLE_VIRT_START + FRAMETABLE_SIZE - 1) #define VMAP_VIRT_START _AT(vaddr_t,0x10000000) +#define VMAP_VIRT_SIZE _AT(vaddr_t, GB(1) - MB(256)) #define XENHEAP_VIRT_START _AT(vaddr_t,0x40000000) -#define XENHEAP_VIRT_END _AT(vaddr_t,0x7fffffff) -#define DOMHEAP_VIRT_START _AT(vaddr_t,0x80000000) -#define DOMHEAP_VIRT_END _AT(vaddr_t,0xffffffff) +#define XENHEAP_VIRT_SIZE _AT(vaddr_t, GB(1)) -#define VMAP_VIRT_END XENHEAP_VIRT_START +#define DOMHEAP_VIRT_START _AT(vaddr_t,0x80000000) +#define DOMHEAP_VIRT_SIZE _AT(vaddr_t, GB(2)) #define DOMHEAP_ENTRIES 1024 /* 1024 2MB mapping slots */ /* Number of domheap pagetable pages required at the second level (2MB mappings) */ -#define DOMHEAP_SECOND_PAGES ((DOMHEAP_VIRT_END - DOMHEAP_VIRT_START + 1) >> FIRST_SHIFT) +#define DOMHEAP_SECOND_PAGES (DOMHEAP_VIRT_SIZE >> FIRST_SHIFT) #else /* ARM_64 */ @@ -152,12 +151,11 @@ #define SLOT0_ENTRY_SIZE SLOT0(1) #define VMAP_VIRT_START GB(1) -#define VMAP_VIRT_END (VMAP_VIRT_START + GB(1)) +#define VMAP_VIRT_SIZE GB(1) #define FRAMETABLE_VIRT_START GB(32) #define FRAMETABLE_SIZE GB(32) #define FRAMETABLE_NR (FRAMETABLE_SIZE / sizeof(*frame_table)) -#define FRAMETABLE_VIRT_END (FRAMETABLE_VIRT_START + FRAMETABLE_SIZE - 1) #define DIRECTMAP_VIRT_START SLOT0(256) #define DIRECTMAP_SIZE (SLOT0_ENTRY_SIZE * (265-256)) diff --git a/xen/arch/arm/livepatch.c b/xen/arch/arm/livepatch.c index 75e8adcfd6..57abc746e6 100644 --- a/xen/arch/arm/livepatch.c +++ b/xen/arch/arm/livepatch.c @@ -175,7 +175,7 @@ void __init arch_livepatch_init(void) void *start, *end; start = (void *)LIVEPATCH_VMAP_START; - end = (void *)LIVEPATCH_VMAP_END; + end = start + LIVEPATCH_VMAP_SIZE; vm_init_type(VMAP_XEN, start, end); diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 56fd084586..0177bc6b34 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -128,9 +128,11 @@ static DEFINE_PAGE_TABLE(xen_first); /* xen_pgtable == root of the trie (zeroeth level on 64-bit, first on 32-bit) */ static DEFINE_PER_CPU(lpae_t *, xen_pgtable); #define THIS_CPU_PGTABLE this_cpu(xen_pgtable) -/* xen_dommap == pages used by map_domain_page, these pages contain +/* + * xen_dommap == pages used by map_domain_page, these pages contain * the second level pagetables which map the domheap region - * DOMHEAP_VIRT_START...DOMHEAP_VIRT_END in 2MB chunks. */ + * starting at DOMHEAP_VIRT_START in 2MB chunks. + */ static DEFINE_PER_CPU(lpae_t *, xen_dommap); /* Root of the trie for cpu0, other CPU's PTs are dynamically allocated */ static DEFINE_PAGE_TABLE(cpu0_pgtable); @@ -476,7 +478,7 @@ mfn_t domain_page_map_to_mfn(const void *ptr) int slot = (va - DOMHEAP_VIRT_START) >> SECOND_SHIFT; unsigned long offset = (va>>THIRD_SHIFT) & XEN_PT_LPAE_ENTRY_MASK; - if ( va >= VMAP_VIRT_START && va < VMAP_VIRT_END ) + if ( (va >= VMAP_VIRT_START) && ((va - VMAP_VIRT_START) < VMAP_VIRT_SIZE) ) return virt_to_mfn(va); ASSERT(slot >= 0 && slot < DOMHEAP_ENTRIES); @@ -570,7 +572,8 @@ void __init remove_early_mappings(void) int rc; /* destroy the _PAGE_BLOCK mapping */ - rc = modify_xen_mappings(BOOT_FDT_VIRT_START, BOOT_FDT_VIRT_END, + rc = modify_xen_mappings(BOOT_FDT_VIRT_START, + BOOT_FDT_VIRT_START + BOOT_FDT_VIRT_SIZE, _PAGE_BLOCK); BUG_ON(rc); } @@ -850,7 +853,7 @@ void __init setup_frametable_mappings(paddr_t ps, paddr_t pe) void *__init arch_vmap_virt_end(void) { - return (void *)VMAP_VIRT_END; + return (void *)(VMAP_VIRT_START + VMAP_VIRT_SIZE); } /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 22:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 22:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377896.611202 (Exim 4.92) (envelope-from ) id 1oHYCR-0005tj-8g; Fri, 29 Jul 2022 22:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377896.611202; Fri, 29 Jul 2022 22:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCR-0005tc-5y; Fri, 29 Jul 2022 22:11:15 +0000 Received: by outflank-mailman (input) for mailman id 377896; Fri, 29 Jul 2022 22:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCQ-0005tT-G5 for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCQ-0004Si-FE for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHYCQ-0005f3-EN for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GCYIz0zuGpUilOwG+w4sYgRYt6xA1kDQAERbm7KsWL4=; b=TClokfF3IDYY0Ag+XSNQZ3RZ2z QYxGmCa+jNbaLF1PKbj5vpFK8t7hFXD2+qRlFWnkvX3xIzdbqLOEnrbU9rM9oB59Rizso/eGXiujG NAJ/uCKTCuIej6fb0VY7itROgJyLlpoGQcSIpuZXwpWmxZ0uzwiYfAvks1WY/c4W6obI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm32: mm: Consolidate the domheap mappings initialization Message-Id: Date: Fri, 29 Jul 2022 22:11:14 +0000 commit 04248b82f9621c511f3d5502ce74df7122ed157e Author: Julien Grall AuthorDate: Fri Jul 29 22:48:16 2022 +0100 Commit: Julien Grall CommitDate: Fri Jul 29 23:03:22 2022 +0100 xen/arm32: mm: Consolidate the domheap mappings initialization At the moment, the domheap mappings initialization is done separately for the boot CPU and secondary CPUs. The main difference is for the former the pages are part of Xen binary whilst for the latter they are dynamically allocated. It would be good to have a single helper so it is easier to rework on the domheap is initialized. For CPU0, we still need to use pre-allocated pages because the allocators may use domain_map_page(), so we need to have the domheap area ready first. But we can still delay the initialization to setup_mm(). Introduce a new helper init_domheap_mappings() that will be called from setup_mm() for the boot CPU and from init_secondary_pagetables() for secondary CPUs. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis Reviewed-by: Luca Fancellu Tested-by: Luca Fancellu --- xen/arch/arm/include/asm/arm32/mm.h | 2 + xen/arch/arm/mm.c | 92 ++++++++++++++++++++++++------------- xen/arch/arm/setup.c | 8 ++++ 3 files changed, 71 insertions(+), 31 deletions(-) diff --git a/xen/arch/arm/include/asm/arm32/mm.h b/xen/arch/arm/include/asm/arm32/mm.h index 6b039d9cea..575373aeb9 100644 --- a/xen/arch/arm/include/asm/arm32/mm.h +++ b/xen/arch/arm/include/asm/arm32/mm.h @@ -10,6 +10,8 @@ static inline bool arch_mfns_in_directmap(unsigned long mfn, unsigned long nr) return false; } +bool init_domheap_mappings(unsigned int cpu); + #endif /* __ARM_ARM32_MM_H__ */ /* diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 0177bc6b34..a36f047f50 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -372,6 +372,58 @@ void clear_fixmap(unsigned int map) } #ifdef CONFIG_DOMAIN_PAGE +/* + * Prepare the area that will be used to map domheap pages. They are + * mapped in 2MB chunks, so we need to allocate the page-tables up to + * the 2nd level. + * + * The caller should make sure the root page-table for @cpu has been + * allocated. + */ +bool init_domheap_mappings(unsigned int cpu) +{ + unsigned int order = get_order_from_pages(DOMHEAP_SECOND_PAGES); + lpae_t *root = per_cpu(xen_pgtable, cpu); + unsigned int i, first_idx; + lpae_t *domheap; + mfn_t mfn; + + ASSERT(root); + ASSERT(!per_cpu(xen_dommap, cpu)); + + /* + * The domheap for cpu0 is initialized before the heap is initialized. + * So we need to use pre-allocated pages. + */ + if ( !cpu ) + domheap = cpu0_dommap; + else + domheap = alloc_xenheap_pages(order, 0); + + if ( !domheap ) + return false; + + /* Ensure the domheap has no stray mappings */ + memset(domheap, 0, DOMHEAP_SECOND_PAGES * PAGE_SIZE); + + /* + * Update the first level mapping to reference the local CPUs + * domheap mapping pages. + */ + mfn = virt_to_mfn(domheap); + first_idx = first_table_offset(DOMHEAP_VIRT_START); + for ( i = 0; i < DOMHEAP_SECOND_PAGES; i++ ) + { + lpae_t pte = mfn_to_xen_entry(mfn_add(mfn, i), MT_NORMAL); + pte.pt.table = 1; + write_pte(&root[first_idx + i], pte); + } + + per_cpu(xen_dommap, cpu) = domheap; + + return true; +} + void *map_domain_page_global(mfn_t mfn) { return vmap(&mfn, 1); @@ -633,16 +685,6 @@ void __init setup_pagetables(unsigned long boot_phys_offset) p[i].pt.xn = 0; } -#ifdef CONFIG_ARM_32 - for ( i = 0; i < DOMHEAP_SECOND_PAGES; i++ ) - { - p[first_table_offset(DOMHEAP_VIRT_START+i*FIRST_SIZE)] - = pte_of_xenaddr((uintptr_t)(cpu0_dommap + - i * XEN_PT_LPAE_ENTRIES)); - p[first_table_offset(DOMHEAP_VIRT_START+i*FIRST_SIZE)].pt.table = 1; - } -#endif - /* Break up the Xen mapping into 4k pages and protect them separately. */ for ( i = 0; i < XEN_PT_LPAE_ENTRIES; i++ ) { @@ -686,7 +728,6 @@ void __init setup_pagetables(unsigned long boot_phys_offset) #ifdef CONFIG_ARM_32 per_cpu(xen_pgtable, 0) = cpu0_pgtable; - per_cpu(xen_dommap, 0) = cpu0_dommap; #endif } @@ -719,39 +760,28 @@ int init_secondary_pagetables(int cpu) #else int init_secondary_pagetables(int cpu) { - lpae_t *first, *domheap, pte; - int i; + lpae_t *first; first = alloc_xenheap_page(); /* root == first level on 32-bit 3-level trie */ - domheap = alloc_xenheap_pages(get_order_from_pages(DOMHEAP_SECOND_PAGES), 0); - if ( domheap == NULL || first == NULL ) + if ( !first ) { - printk("Not enough free memory for secondary CPU%d pagetables\n", cpu); - free_xenheap_pages(domheap, get_order_from_pages(DOMHEAP_SECOND_PAGES)); - free_xenheap_page(first); + printk("CPU%u: Unable to allocate the first page-table\n", cpu); return -ENOMEM; } /* Initialise root pagetable from root of boot tables */ memcpy(first, cpu0_pgtable, PAGE_SIZE); + per_cpu(xen_pgtable, cpu) = first; - /* Ensure the domheap has no stray mappings */ - memset(domheap, 0, DOMHEAP_SECOND_PAGES*PAGE_SIZE); - - /* Update the first level mapping to reference the local CPUs - * domheap mapping pages. */ - for ( i = 0; i < DOMHEAP_SECOND_PAGES; i++ ) + if ( !init_domheap_mappings(cpu) ) { - pte = mfn_to_xen_entry(virt_to_mfn(domheap + i * XEN_PT_LPAE_ENTRIES), - MT_NORMAL); - pte.pt.table = 1; - write_pte(&first[first_table_offset(DOMHEAP_VIRT_START+i*FIRST_SIZE)], pte); + printk("CPU%u: Unable to prepare the domheap page-tables\n", cpu); + per_cpu(xen_pgtable, cpu) = NULL; + free_xenheap_page(first); + return -ENOMEM; } - per_cpu(xen_pgtable, cpu) = first; - per_cpu(xen_dommap, cpu) = domheap; - clear_boot_pagetables(); /* Set init_ttbr for this CPU coming up */ diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 85ff956ec2..068e84b103 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -783,6 +783,14 @@ static void __init setup_mm(void) setup_frametable_mappings(ram_start, ram_end); max_page = PFN_DOWN(ram_end); + /* + * The allocators may need to use map_domain_page() (such as for + * scrubbing pages). So we need to prepare the domheap area first. + */ + if ( !init_domheap_mappings(smp_processor_id()) ) + panic("CPU%u: Unable to prepare the domheap page-tables\n", + smp_processor_id()); + /* Add xenheap memory that was not already added to the boot allocator. */ init_xenheap_pages(mfn_to_maddr(xenheap_mfn_start), mfn_to_maddr(xenheap_mfn_end)); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 22:11:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 22:11:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377897.611206 (Exim 4.92) (envelope-from ) id 1oHYCb-0005x3-AK; Fri, 29 Jul 2022 22:11:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377897.611206; Fri, 29 Jul 2022 22:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCb-0005wv-7Z; Fri, 29 Jul 2022 22:11:25 +0000 Received: by outflank-mailman (input) for mailman id 377897; Fri, 29 Jul 2022 22:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCa-0005wh-JC for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCa-0004Sz-IL for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHYCa-0005fa-Hb for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ow4FRIvWfzc+15YDu/hQ0dGb8z6KMfYTO44Mt8dKuJE=; b=QZE0jvArPI7o5GwXXmv+rC6Syt 4x01VUH/vyNKfdAn6fnWJjzf5PGs3OhLtEKF1TSWiEaFPv++HbFTzOsCiRbuyUg0m7NugtAnv4TyR Ktn8UFRf2n1yr2xLz2AlPr/5FErJ/ujxyQ1AfBU+FLrr96kr3o14ceAn6IkjE8SpH2eg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: Rename CONFIG_DOMAIN_PAGE to CONFIG_ARCH_MAP_DOMAIN_PAGE and... Message-Id: Date: Fri, 29 Jul 2022 22:11:24 +0000 commit 8417757310cdad9b20902a39eea671d7cce8d396 Author: Julien Grall AuthorDate: Fri Jul 29 22:53:10 2022 +0100 Commit: Julien Grall CommitDate: Fri Jul 29 23:03:22 2022 +0100 xen: Rename CONFIG_DOMAIN_PAGE to CONFIG_ARCH_MAP_DOMAIN_PAGE and... move it to Kconfig. The define CONFIG_DOMAIN_PAGE indicates whether the architecture provide helpers to map/unmap a domain page. Rename it to CONFIG_ARCH_MAP_DOMAIN_PAGE so it is clearer that support for domain page is not something that can be disabled in Xen. Take the opportunity to move CONFIG_MAP_DOMAIN_PAGE to Kconfig as this will soon be necessary to use it in the Makefile. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis #arm part --- xen/arch/arm/Kconfig | 1 + xen/arch/arm/include/asm/config.h | 1 - xen/arch/arm/mm.c | 4 ++-- xen/arch/x86/Kconfig | 1 + xen/arch/x86/include/asm/config.h | 1 - xen/common/Kconfig | 3 +++ xen/include/xen/domain_page.h | 6 +++--- 7 files changed, 10 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig index be9eff0141..33e004d702 100644 --- a/xen/arch/arm/Kconfig +++ b/xen/arch/arm/Kconfig @@ -1,6 +1,7 @@ config ARM_32 def_bool y depends on "$(ARCH)" = "arm32" + select ARCH_MAP_DOMAIN_PAGE config ARM_64 def_bool y diff --git a/xen/arch/arm/include/asm/config.h b/xen/arch/arm/include/asm/config.h index 66db618b34..2fafb9f228 100644 --- a/xen/arch/arm/include/asm/config.h +++ b/xen/arch/arm/include/asm/config.h @@ -122,7 +122,6 @@ #ifdef CONFIG_ARM_32 -#define CONFIG_DOMAIN_PAGE 1 #define CONFIG_SEPARATE_XENHEAP 1 #define FRAMETABLE_VIRT_START _AT(vaddr_t,0x02000000) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index a36f047f50..1423bdd700 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -194,7 +194,7 @@ static void __init __maybe_unused build_assertions(void) #endif BUILD_BUG_ON(first_table_offset(XEN_VIRT_START)); BUILD_BUG_ON(second_linear_offset(XEN_VIRT_START) >= XEN_PT_LPAE_ENTRIES); -#ifdef CONFIG_DOMAIN_PAGE +#ifdef CONFIG_ARCH_MAP_DOMAIN_PAGE BUILD_BUG_ON(DOMHEAP_VIRT_START & ~FIRST_MASK); #endif /* @@ -371,7 +371,7 @@ void clear_fixmap(unsigned int map) BUG_ON(res != 0); } -#ifdef CONFIG_DOMAIN_PAGE +#ifdef CONFIG_ARCH_MAP_DOMAIN_PAGE /* * Prepare the area that will be used to map domheap pages. They are * mapped in 2MB chunks, so we need to allocate the page-tables up to diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 6bed72b791..6a7825f4ba 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -8,6 +8,7 @@ config X86 select ACPI_LEGACY_TABLES_LOOKUP select ACPI_NUMA select ALTERNATIVE_CALL + select ARCH_MAP_DOMAIN_PAGE select ARCH_SUPPORTS_INT128 select CORE_PARKING select HAS_ALTERNATIVE diff --git a/xen/arch/x86/include/asm/config.h b/xen/arch/x86/include/asm/config.h index 07bcd15831..fbc4bb3416 100644 --- a/xen/arch/x86/include/asm/config.h +++ b/xen/arch/x86/include/asm/config.h @@ -22,7 +22,6 @@ #define CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS 1 #define CONFIG_DISCONTIGMEM 1 #define CONFIG_NUMA_EMU 1 -#define CONFIG_DOMAIN_PAGE 1 #define CONFIG_PAGEALLOC_MAX_ORDER (2 * PAGETABLE_ORDER) #define CONFIG_DOMU_MAX_ORDER PAGETABLE_ORDER diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 41a67891bc..f1ea3199c8 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -25,6 +25,9 @@ config GRANT_TABLE config ALTERNATIVE_CALL bool +config ARCH_MAP_DOMAIN_PAGE + bool + config HAS_ALTERNATIVE bool diff --git a/xen/include/xen/domain_page.h b/xen/include/xen/domain_page.h index a182d33b67..149b217b96 100644 --- a/xen/include/xen/domain_page.h +++ b/xen/include/xen/domain_page.h @@ -17,7 +17,7 @@ void clear_domain_page(mfn_t mfn); void copy_domain_page(mfn_t dst, const mfn_t src); -#ifdef CONFIG_DOMAIN_PAGE +#ifdef CONFIG_ARCH_MAP_DOMAIN_PAGE /* * Map a given page frame, returning the mapped virtual address. The page is @@ -51,7 +51,7 @@ static inline void *__map_domain_page_global(const struct page_info *pg) return map_domain_page_global(page_to_mfn(pg)); } -#else /* !CONFIG_DOMAIN_PAGE */ +#else /* !CONFIG_ARCH_MAP_DOMAIN_PAGE */ #define map_domain_page(mfn) __mfn_to_virt(mfn_x(mfn)) #define __map_domain_page(pg) page_to_virt(pg) @@ -70,7 +70,7 @@ static inline void *__map_domain_page_global(const struct page_info *pg) static inline void unmap_domain_page_global(const void *va) {}; -#endif /* !CONFIG_DOMAIN_PAGE */ +#endif /* !CONFIG_ARCH_MAP_DOMAIN_PAGE */ #define UNMAP_DOMAIN_PAGE(p) do { \ unmap_domain_page(p); \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 22:11:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 22:11:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377898.611210 (Exim 4.92) (envelope-from ) id 1oHYCl-0005zl-Cs; Fri, 29 Jul 2022 22:11:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377898.611210; Fri, 29 Jul 2022 22:11:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCl-0005zd-93; Fri, 29 Jul 2022 22:11:35 +0000 Received: by outflank-mailman (input) for mailman id 377898; Fri, 29 Jul 2022 22:11:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCk-0005zX-Of for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCk-0004TC-Nk for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHYCk-0005g6-Kg for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=F902sz0xb66iQRZDsUB+qq2cT7qeEh7IjE4GgImVom4=; b=Cz5Y8hJzZA0bOK7k6lEaIK3X2B YWmn/qoh2zAuyuPYNYY4wDAG9gBbqtvvC5VKVk+E0nzg6hXriM761XroJXJhZgOru3a1NyJ5HZ3zs E9VTHruTy8ZDTbF1BzETEt95XRUZ8pd8Mw6dK7s4WCjB7pjnfuf9NsRApQNXCFgt51IU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: mm: Move domain_{,un}map_* helpers in a separate file Message-Id: Date: Fri, 29 Jul 2022 22:11:34 +0000 commit 68b01ef0b3c182d207bff01dd3e20d287668c855 Author: Julien Grall AuthorDate: Fri Jul 29 22:59:01 2022 +0100 Commit: Julien Grall CommitDate: Fri Jul 29 23:03:22 2022 +0100 xen/arm: mm: Move domain_{,un}map_* helpers in a separate file The file xen/arch/mm.c has been growing quite a lot. It now contains various independent part of the MM subsytem. One of them is the helpers to map/unmap a page which is only used by arm32 and protected by CONFIG_ARCH_MAP_DOMAIN_PAGE. Move them in a new file xen/arch/arm/domain_page.c. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis --- xen/arch/arm/Makefile | 1 + xen/arch/arm/domain_page.c | 193 +++++++++++++++++++++++++++++++++++ xen/arch/arm/include/asm/arm32/mm.h | 6 ++ xen/arch/arm/include/asm/lpae.h | 17 ++++ xen/arch/arm/mm.c | 198 +----------------------------------- 5 files changed, 219 insertions(+), 196 deletions(-) diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index bb7a6151c1..4d076b278b 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -17,6 +17,7 @@ obj-y += device.o obj-$(CONFIG_IOREQ_SERVER) += dm.o obj-y += domain.o obj-y += domain_build.init.o +obj-$(CONFIG_ARCH_MAP_DOMAIN_PAGE) += domain_page.o obj-y += domctl.o obj-$(CONFIG_EARLY_PRINTK) += early_printk.o obj-y += efi/ diff --git a/xen/arch/arm/domain_page.c b/xen/arch/arm/domain_page.c new file mode 100644 index 0000000000..71182575f9 --- /dev/null +++ b/xen/arch/arm/domain_page.c @@ -0,0 +1,193 @@ +#include +#include +#include + +/* Override macros from asm/page.h to make them work with mfn_t */ +#undef virt_to_mfn +#define virt_to_mfn(va) _mfn(__virt_to_mfn(va)) + +/* cpu0's domheap page tables */ +static DEFINE_PAGE_TABLES(cpu0_dommap, DOMHEAP_SECOND_PAGES); + +/* + * xen_dommap == pages used by map_domain_page, these pages contain + * the second level pagetables which map the domheap region + * starting at DOMHEAP_VIRT_START in 2MB chunks. + */ +static DEFINE_PER_CPU(lpae_t *, xen_dommap); + +/* + * Prepare the area that will be used to map domheap pages. They are + * mapped in 2MB chunks, so we need to allocate the page-tables up to + * the 2nd level. + * + * The caller should make sure the root page-table for @cpu has been + * allocated. + */ +bool init_domheap_mappings(unsigned int cpu) +{ + unsigned int order = get_order_from_pages(DOMHEAP_SECOND_PAGES); + lpae_t *root = per_cpu(xen_pgtable, cpu); + unsigned int i, first_idx; + lpae_t *domheap; + mfn_t mfn; + + ASSERT(root); + ASSERT(!per_cpu(xen_dommap, cpu)); + + /* + * The domheap for cpu0 is initialized before the heap is initialized. + * So we need to use pre-allocated pages. + */ + if ( !cpu ) + domheap = cpu0_dommap; + else + domheap = alloc_xenheap_pages(order, 0); + + if ( !domheap ) + return false; + + /* Ensure the domheap has no stray mappings */ + memset(domheap, 0, DOMHEAP_SECOND_PAGES * PAGE_SIZE); + + /* + * Update the first level mapping to reference the local CPUs + * domheap mapping pages. + */ + mfn = virt_to_mfn(domheap); + first_idx = first_table_offset(DOMHEAP_VIRT_START); + for ( i = 0; i < DOMHEAP_SECOND_PAGES; i++ ) + { + lpae_t pte = mfn_to_xen_entry(mfn_add(mfn, i), MT_NORMAL); + pte.pt.table = 1; + write_pte(&root[first_idx + i], pte); + } + + per_cpu(xen_dommap, cpu) = domheap; + + return true; +} + +void *map_domain_page_global(mfn_t mfn) +{ + return vmap(&mfn, 1); +} + +void unmap_domain_page_global(const void *va) +{ + vunmap(va); +} + +/* Map a page of domheap memory */ +void *map_domain_page(mfn_t mfn) +{ + unsigned long flags; + lpae_t *map = this_cpu(xen_dommap); + unsigned long slot_mfn = mfn_x(mfn) & ~XEN_PT_LPAE_ENTRY_MASK; + vaddr_t va; + lpae_t pte; + int i, slot; + + local_irq_save(flags); + + /* The map is laid out as an open-addressed hash table where each + * entry is a 2MB superpage pte. We use the available bits of each + * PTE as a reference count; when the refcount is zero the slot can + * be reused. */ + for ( slot = (slot_mfn >> XEN_PT_LPAE_SHIFT) % DOMHEAP_ENTRIES, i = 0; + i < DOMHEAP_ENTRIES; + slot = (slot + 1) % DOMHEAP_ENTRIES, i++ ) + { + if ( map[slot].pt.avail < 0xf && + map[slot].pt.base == slot_mfn && + map[slot].pt.valid ) + { + /* This slot already points to the right place; reuse it */ + map[slot].pt.avail++; + break; + } + else if ( map[slot].pt.avail == 0 ) + { + /* Commandeer this 2MB slot */ + pte = mfn_to_xen_entry(_mfn(slot_mfn), MT_NORMAL); + pte.pt.avail = 1; + write_pte(map + slot, pte); + break; + } + + } + /* If the map fills up, the callers have misbehaved. */ + BUG_ON(i == DOMHEAP_ENTRIES); + +#ifndef NDEBUG + /* Searching the hash could get slow if the map starts filling up. + * Cross that bridge when we come to it */ + { + static int max_tries = 32; + if ( i >= max_tries ) + { + dprintk(XENLOG_WARNING, "Domheap map is filling: %i tries\n", i); + max_tries *= 2; + } + } +#endif + + local_irq_restore(flags); + + va = (DOMHEAP_VIRT_START + + (slot << SECOND_SHIFT) + + ((mfn_x(mfn) & XEN_PT_LPAE_ENTRY_MASK) << THIRD_SHIFT)); + + /* + * We may not have flushed this specific subpage at map time, + * since we only flush the 4k page not the superpage + */ + flush_xen_tlb_range_va_local(va, PAGE_SIZE); + + return (void *)va; +} + +/* Release a mapping taken with map_domain_page() */ +void unmap_domain_page(const void *va) +{ + unsigned long flags; + lpae_t *map = this_cpu(xen_dommap); + int slot = ((unsigned long) va - DOMHEAP_VIRT_START) >> SECOND_SHIFT; + + if ( !va ) + return; + + local_irq_save(flags); + + ASSERT(slot >= 0 && slot < DOMHEAP_ENTRIES); + ASSERT(map[slot].pt.avail != 0); + + map[slot].pt.avail--; + + local_irq_restore(flags); +} + +mfn_t domain_page_map_to_mfn(const void *ptr) +{ + unsigned long va = (unsigned long)ptr; + lpae_t *map = this_cpu(xen_dommap); + int slot = (va - DOMHEAP_VIRT_START) >> SECOND_SHIFT; + unsigned long offset = (va>>THIRD_SHIFT) & XEN_PT_LPAE_ENTRY_MASK; + + if ( (va >= VMAP_VIRT_START) && ((va - VMAP_VIRT_START) < VMAP_VIRT_SIZE) ) + return virt_to_mfn(va); + + ASSERT(slot >= 0 && slot < DOMHEAP_ENTRIES); + ASSERT(map[slot].pt.avail != 0); + + return mfn_add(lpae_get_mfn(map[slot]), offset); +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/arch/arm/include/asm/arm32/mm.h b/xen/arch/arm/include/asm/arm32/mm.h index 575373aeb9..8bfc906e71 100644 --- a/xen/arch/arm/include/asm/arm32/mm.h +++ b/xen/arch/arm/include/asm/arm32/mm.h @@ -1,6 +1,12 @@ #ifndef __ARM_ARM32_MM_H__ #define __ARM_ARM32_MM_H__ +#include + +#include + +DECLARE_PER_CPU(lpae_t *, xen_pgtable); + /* * Only a limited amount of RAM, called xenheap, is always mapped on ARM32. * For convenience always return false. diff --git a/xen/arch/arm/include/asm/lpae.h b/xen/arch/arm/include/asm/lpae.h index fc19cbd847..3fdd5d0de2 100644 --- a/xen/arch/arm/include/asm/lpae.h +++ b/xen/arch/arm/include/asm/lpae.h @@ -261,6 +261,23 @@ lpae_t mfn_to_xen_entry(mfn_t mfn, unsigned int attr); #define third_table_offset(va) TABLE_OFFSET(third_linear_offset(va)) #define zeroeth_table_offset(va) TABLE_OFFSET(zeroeth_linear_offset(va)) +/* + * Macros to define page-tables: + * - DEFINE_BOOT_PAGE_TABLE is used to define page-table that are used + * in assembly code before BSS is zeroed. + * - DEFINE_PAGE_TABLE{,S} are used to define one or multiple + * page-tables to be used after BSS is zeroed (typically they are only used + * in C). + */ +#define DEFINE_BOOT_PAGE_TABLE(name) \ +lpae_t __aligned(PAGE_SIZE) __section(".data.page_aligned") \ + name[XEN_PT_LPAE_ENTRIES] + +#define DEFINE_PAGE_TABLES(name, nr) \ +lpae_t __aligned(PAGE_SIZE) name[XEN_PT_LPAE_ENTRIES * (nr)] + +#define DEFINE_PAGE_TABLE(name) DEFINE_PAGE_TABLES(name, 1) + #endif /* __ARM_LPAE_H__ */ /* diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 1423bdd700..77bec199e7 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -57,23 +57,6 @@ mm_printk(const char *fmt, ...) {} } while (0) #endif -/* - * Macros to define page-tables: - * - DEFINE_BOOT_PAGE_TABLE is used to define page-table that are used - * in assembly code before BSS is zeroed. - * - DEFINE_PAGE_TABLE{,S} are used to define one or multiple - * page-tables to be used after BSS is zeroed (typically they are only used - * in C). - */ -#define DEFINE_BOOT_PAGE_TABLE(name) \ -lpae_t __aligned(PAGE_SIZE) __section(".data.page_aligned") \ - name[XEN_PT_LPAE_ENTRIES] - -#define DEFINE_PAGE_TABLES(name, nr) \ -lpae_t __aligned(PAGE_SIZE) name[XEN_PT_LPAE_ENTRIES * (nr)] - -#define DEFINE_PAGE_TABLE(name) DEFINE_PAGE_TABLES(name, 1) - /* Static start-of-day pagetables that we use before the allocators * are up. These are used by all CPUs during bringup before switching * to the CPUs own pagetables. @@ -110,7 +93,7 @@ DEFINE_BOOT_PAGE_TABLE(boot_third); /* Main runtime page tables */ /* - * For arm32 xen_pgtable and xen_dommap are per-PCPU and are allocated before + * For arm32 xen_pgtable are per-PCPU and are allocated before * bringing up each CPU. For arm64 xen_pgtable is common to all PCPUs. * * xen_second, xen_fixmap and xen_xenmap are always shared between all @@ -126,18 +109,10 @@ static DEFINE_PAGE_TABLE(xen_first); #define HYP_PT_ROOT_LEVEL 1 /* Per-CPU pagetable pages */ /* xen_pgtable == root of the trie (zeroeth level on 64-bit, first on 32-bit) */ -static DEFINE_PER_CPU(lpae_t *, xen_pgtable); +DEFINE_PER_CPU(lpae_t *, xen_pgtable); #define THIS_CPU_PGTABLE this_cpu(xen_pgtable) -/* - * xen_dommap == pages used by map_domain_page, these pages contain - * the second level pagetables which map the domheap region - * starting at DOMHEAP_VIRT_START in 2MB chunks. - */ -static DEFINE_PER_CPU(lpae_t *, xen_dommap); /* Root of the trie for cpu0, other CPU's PTs are dynamically allocated */ static DEFINE_PAGE_TABLE(cpu0_pgtable); -/* cpu0's domheap page tables */ -static DEFINE_PAGE_TABLES(cpu0_dommap, DOMHEAP_SECOND_PAGES); #endif /* Common pagetable leaves */ @@ -371,175 +346,6 @@ void clear_fixmap(unsigned int map) BUG_ON(res != 0); } -#ifdef CONFIG_ARCH_MAP_DOMAIN_PAGE -/* - * Prepare the area that will be used to map domheap pages. They are - * mapped in 2MB chunks, so we need to allocate the page-tables up to - * the 2nd level. - * - * The caller should make sure the root page-table for @cpu has been - * allocated. - */ -bool init_domheap_mappings(unsigned int cpu) -{ - unsigned int order = get_order_from_pages(DOMHEAP_SECOND_PAGES); - lpae_t *root = per_cpu(xen_pgtable, cpu); - unsigned int i, first_idx; - lpae_t *domheap; - mfn_t mfn; - - ASSERT(root); - ASSERT(!per_cpu(xen_dommap, cpu)); - - /* - * The domheap for cpu0 is initialized before the heap is initialized. - * So we need to use pre-allocated pages. - */ - if ( !cpu ) - domheap = cpu0_dommap; - else - domheap = alloc_xenheap_pages(order, 0); - - if ( !domheap ) - return false; - - /* Ensure the domheap has no stray mappings */ - memset(domheap, 0, DOMHEAP_SECOND_PAGES * PAGE_SIZE); - - /* - * Update the first level mapping to reference the local CPUs - * domheap mapping pages. - */ - mfn = virt_to_mfn(domheap); - first_idx = first_table_offset(DOMHEAP_VIRT_START); - for ( i = 0; i < DOMHEAP_SECOND_PAGES; i++ ) - { - lpae_t pte = mfn_to_xen_entry(mfn_add(mfn, i), MT_NORMAL); - pte.pt.table = 1; - write_pte(&root[first_idx + i], pte); - } - - per_cpu(xen_dommap, cpu) = domheap; - - return true; -} - -void *map_domain_page_global(mfn_t mfn) -{ - return vmap(&mfn, 1); -} - -void unmap_domain_page_global(const void *va) -{ - vunmap(va); -} - -/* Map a page of domheap memory */ -void *map_domain_page(mfn_t mfn) -{ - unsigned long flags; - lpae_t *map = this_cpu(xen_dommap); - unsigned long slot_mfn = mfn_x(mfn) & ~XEN_PT_LPAE_ENTRY_MASK; - vaddr_t va; - lpae_t pte; - int i, slot; - - local_irq_save(flags); - - /* The map is laid out as an open-addressed hash table where each - * entry is a 2MB superpage pte. We use the available bits of each - * PTE as a reference count; when the refcount is zero the slot can - * be reused. */ - for ( slot = (slot_mfn >> XEN_PT_LPAE_SHIFT) % DOMHEAP_ENTRIES, i = 0; - i < DOMHEAP_ENTRIES; - slot = (slot + 1) % DOMHEAP_ENTRIES, i++ ) - { - if ( map[slot].pt.avail < 0xf && - map[slot].pt.base == slot_mfn && - map[slot].pt.valid ) - { - /* This slot already points to the right place; reuse it */ - map[slot].pt.avail++; - break; - } - else if ( map[slot].pt.avail == 0 ) - { - /* Commandeer this 2MB slot */ - pte = mfn_to_xen_entry(_mfn(slot_mfn), MT_NORMAL); - pte.pt.avail = 1; - write_pte(map + slot, pte); - break; - } - - } - /* If the map fills up, the callers have misbehaved. */ - BUG_ON(i == DOMHEAP_ENTRIES); - -#ifndef NDEBUG - /* Searching the hash could get slow if the map starts filling up. - * Cross that bridge when we come to it */ - { - static int max_tries = 32; - if ( i >= max_tries ) - { - dprintk(XENLOG_WARNING, "Domheap map is filling: %i tries\n", i); - max_tries *= 2; - } - } -#endif - - local_irq_restore(flags); - - va = (DOMHEAP_VIRT_START - + (slot << SECOND_SHIFT) - + ((mfn_x(mfn) & XEN_PT_LPAE_ENTRY_MASK) << THIRD_SHIFT)); - - /* - * We may not have flushed this specific subpage at map time, - * since we only flush the 4k page not the superpage - */ - flush_xen_tlb_range_va_local(va, PAGE_SIZE); - - return (void *)va; -} - -/* Release a mapping taken with map_domain_page() */ -void unmap_domain_page(const void *va) -{ - unsigned long flags; - lpae_t *map = this_cpu(xen_dommap); - int slot = ((unsigned long) va - DOMHEAP_VIRT_START) >> SECOND_SHIFT; - - if ( !va ) - return; - - local_irq_save(flags); - - ASSERT(slot >= 0 && slot < DOMHEAP_ENTRIES); - ASSERT(map[slot].pt.avail != 0); - - map[slot].pt.avail--; - - local_irq_restore(flags); -} - -mfn_t domain_page_map_to_mfn(const void *ptr) -{ - unsigned long va = (unsigned long)ptr; - lpae_t *map = this_cpu(xen_dommap); - int slot = (va - DOMHEAP_VIRT_START) >> SECOND_SHIFT; - unsigned long offset = (va>>THIRD_SHIFT) & XEN_PT_LPAE_ENTRY_MASK; - - if ( (va >= VMAP_VIRT_START) && ((va - VMAP_VIRT_START) < VMAP_VIRT_SIZE) ) - return virt_to_mfn(va); - - ASSERT(slot >= 0 && slot < DOMHEAP_ENTRIES); - ASSERT(map[slot].pt.avail != 0); - - return mfn_add(lpae_get_mfn(map[slot]), offset); -} -#endif - void flush_page_to_ram(unsigned long mfn, bool sync_icache) { void *v = map_domain_page(_mfn(mfn)); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 22:11:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 22:11:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377899.611214 (Exim 4.92) (envelope-from ) id 1oHYCw-000638-FO; Fri, 29 Jul 2022 22:11:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377899.611214; Fri, 29 Jul 2022 22:11:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCw-000631-Ch; Fri, 29 Jul 2022 22:11:46 +0000 Received: by outflank-mailman (input) for mailman id 377899; Fri, 29 Jul 2022 22:11:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCu-00062o-Rn for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHYCu-0004TQ-Qw for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHYCu-0005gd-Q1 for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 22:11:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0NsvsWCOUZ8FKjZNcg+ga2j0nbUZ/8NRG5MvlUUeoY8=; b=tQ4J5XxKxEMwa1ztrv+6MRkGzY lN2MP7HbiI3uBgKOxKKKWG4O538ptZ1eRc7eKuYWWYgLwxT/uC1MiYo2qRpYqb+qPeWRprLg+YUfA Mp+kC0flk3h43dypKZGNNLBuLmjAA5t/wzMR8kZeAveUOM4/92Nh13NI+QcjFO04yumc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: mm: Reduce the area that xen_second covers Message-Id: Date: Fri, 29 Jul 2022 22:11:44 +0000 commit 7451fdeb696df1fec33d7e5d6de8fa6676afee27 Author: Julien Grall AuthorDate: Fri Jul 29 22:59:49 2022 +0100 Commit: Julien Grall CommitDate: Fri Jul 29 23:03:22 2022 +0100 xen/arm: mm: Reduce the area that xen_second covers At the moment, xen_second is used to cover the first 2GB of the virtual address space. With the recent rework of the page-tables, only the first 1GB region (where Xen resides) is effectively used. In addition to that, I would like to reshuffle the memory layout. So Xen mappings may not be anymore in the first 2GB of the virtual address space. Therefore, rework xen_second so it only covers the 1GB region where Xen will reside. With this change, xen_second doesn't cover anymore the xenheap area on arm32. So, we first need to add memory to the boot allocator before setting up the xenheap mappings. Take the opportunity to update the comments on top of xen_fixmap and xen_xenmap. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis --- xen/arch/arm/mm.c | 32 +++++++++++--------------------- xen/arch/arm/setup.c | 13 +++++++++++-- 2 files changed, 22 insertions(+), 23 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 77bec199e7..b42cddb1b4 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -116,17 +116,14 @@ static DEFINE_PAGE_TABLE(cpu0_pgtable); #endif /* Common pagetable leaves */ -/* Second level page tables. - * - * The second-level table is 2 contiguous pages long, and covers all - * addresses from 0 to 0x7fffffff. Offsets into it are calculated - * with second_linear_offset(), not second_table_offset(). - */ -static DEFINE_PAGE_TABLES(xen_second, 2); -/* First level page table used for fixmap */ +/* Second level page table used to cover Xen virtual address space */ +static DEFINE_PAGE_TABLE(xen_second); +/* Third level page table used for fixmap */ DEFINE_BOOT_PAGE_TABLE(xen_fixmap); -/* First level page table used to map Xen itself with the XN bit set - * as appropriate. */ +/* + * Third level page table used to map Xen itself with the XN bit set + * as appropriate. + */ static DEFINE_PAGE_TABLE(xen_xenmap); /* Non-boot CPUs use this to find the correct pagetables. */ @@ -168,7 +165,6 @@ static void __init __maybe_unused build_assertions(void) BUILD_BUG_ON(zeroeth_table_offset(XEN_VIRT_START)); #endif BUILD_BUG_ON(first_table_offset(XEN_VIRT_START)); - BUILD_BUG_ON(second_linear_offset(XEN_VIRT_START) >= XEN_PT_LPAE_ENTRIES); #ifdef CONFIG_ARCH_MAP_DOMAIN_PAGE BUILD_BUG_ON(DOMHEAP_VIRT_START & ~FIRST_MASK); #endif @@ -482,14 +478,10 @@ void __init setup_pagetables(unsigned long boot_phys_offset) p = (void *) cpu0_pgtable; #endif - /* Initialise first level entries, to point to second level entries */ - for ( i = 0; i < 2; i++) - { - p[i] = pte_of_xenaddr((uintptr_t)(xen_second + - i * XEN_PT_LPAE_ENTRIES)); - p[i].pt.table = 1; - p[i].pt.xn = 0; - } + /* Map xen second level page-table */ + p[0] = pte_of_xenaddr((uintptr_t)(xen_second)); + p[0].pt.table = 1; + p[0].pt.xn = 0; /* Break up the Xen mapping into 4k pages and protect them separately. */ for ( i = 0; i < XEN_PT_LPAE_ENTRIES; i++ ) @@ -618,8 +610,6 @@ void __init setup_xenheap_mappings(unsigned long base_mfn, /* Record where the xenheap is, for translation routines. */ xenheap_virt_end = XENHEAP_VIRT_START + nr_mfns * PAGE_SIZE; - xenheap_mfn_start = _mfn(base_mfn); - xenheap_mfn_end = _mfn(base_mfn + nr_mfns); } #else /* CONFIG_ARM_64 */ void __init setup_xenheap_mappings(unsigned long base_mfn, diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 068e84b103..500307edc0 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -774,11 +774,20 @@ static void __init setup_mm(void) opt_xenheap_megabytes ? ", from command-line" : ""); printk("Dom heap: %lu pages\n", domheap_pages); - setup_xenheap_mappings((e >> PAGE_SHIFT) - xenheap_pages, xenheap_pages); + /* + * We need some memory to allocate the page-tables used for the + * xenheap mappings. So populate the boot allocator first. + * + * This requires us to set xenheap_mfn_{start, end} first so the Xenheap + * region can be avoided. + */ + xenheap_mfn_start = _mfn((e >> PAGE_SHIFT) - xenheap_pages); + xenheap_mfn_end = mfn_add(xenheap_mfn_start, xenheap_pages); - /* Add non-xenheap memory */ populate_boot_allocator(); + setup_xenheap_mappings(mfn_x(xenheap_mfn_start), xenheap_pages); + /* Frame table covers all of RAM region, including holes */ setup_frametable_mappings(ram_start, ram_end); max_page = PFN_DOWN(ram_end); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 23:11:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 23:11:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377908.611217 (Exim 4.92) (envelope-from ) id 1oHZ8L-0004MA-Ha; Fri, 29 Jul 2022 23:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377908.611217; Fri, 29 Jul 2022 23:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHZ8L-0004M2-Es; Fri, 29 Jul 2022 23:11:05 +0000 Received: by outflank-mailman (input) for mailman id 377908; Fri, 29 Jul 2022 23:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHZ8J-0004Lw-Ve for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 23:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHZ8J-0005V8-UM for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 23:11:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHZ8J-00006l-Sf for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 23:11:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DHf96+S7EW2j/zq5d93FdsyVgC01opceFGaU6WJjzts=; b=GIjM79dpMPsKSwxTqZ9hfuwROz hy9YYefOr8WOGR8K8EciALB8cz7AiNnTzklZY9yEW2V45iGzJLUF3KqJO09Gx9Iz3i0BUk7aCLBI1 91teSeFhgK3duBd8+jyvPADJMCdCXG7dO83N37AX/F9LNlCHrekQj30oYzJfjr4EKAQk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: domain: Fix MISRA C 2012 Rule 8.7 violation Message-Id: Date: Fri, 29 Jul 2022 23:11:03 +0000 commit 2ce6a719a0cbfec5b57a2d257123146be1853f4a Author: Xenia Ragiadakou AuthorDate: Thu Jul 28 19:21:51 2022 +0300 Commit: Stefano Stabellini CommitDate: Fri Jul 29 16:01:10 2022 -0700 xen/arm: domain: Fix MISRA C 2012 Rule 8.7 violation The function idle_loop() is referenced only in domain.c. Change its linkage from external to internal by adding the storage-class specifier static to its definitions. Add the function as a 'fake' input operand to the inline assembly statement, to make the compiler aware that the function is used. Fake means that the function is not actually used as an operand by the asm code. That is because there is not a suitable gcc arm32 asm constraint for labels. Declare return_to_new_vcpu32() and return_to_new_vcpu64() that are also referenced by this inline asm statement. Also, this patch resolves indirectly a MISRA C 2012 Rule 8.4 violation warning. Signed-off-by: Xenia Ragiadakou [add noreturn] Signed-off-by: Stefano Stabellini Reviewed-by: Jan Beulich Reviewed-by: Bertrand Marquis --- xen/arch/arm/domain.c | 5 ++++- xen/arch/arm/include/asm/current.h | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index 2f8eaab7b5..2cd481979c 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -63,7 +63,7 @@ static void do_idle(void) rcu_idle_exit(cpu); } -void idle_loop(void) +static void noreturn idle_loop(void) { unsigned int cpu = smp_processor_id(); @@ -331,6 +331,9 @@ static void schedule_tail(struct vcpu *prev) update_vcpu_system_time(current); } +extern void noreturn return_to_new_vcpu32(void); +extern void noreturn return_to_new_vcpu64(void); + static void continue_new_vcpu(struct vcpu *prev) { current->arch.actlr = READ_SYSREG(ACTLR_EL1); diff --git a/xen/arch/arm/include/asm/current.h b/xen/arch/arm/include/asm/current.h index 73e81458e5..6973eeb1d1 100644 --- a/xen/arch/arm/include/asm/current.h +++ b/xen/arch/arm/include/asm/current.h @@ -45,7 +45,7 @@ static inline struct cpu_info *get_cpu_info(void) #define guest_cpu_user_regs() (&get_cpu_info()->guest_cpu_user_regs) #define switch_stack_and_jump(stack, fn) do { \ - asm volatile ("mov sp,%0; b " STR(fn) : : "r" (stack) : "memory" ); \ + asm volatile ("mov sp,%0; b " STR(fn) : : "r" (stack), "X" (fn) : "memory" ); \ unreachable(); \ } while ( false ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 23:33:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 23:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377928.611255 (Exim 4.92) (envelope-from ) id 1oHZTc-0008Pq-Ty; Fri, 29 Jul 2022 23:33:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377928.611255; Fri, 29 Jul 2022 23:33:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHZTc-0008Pi-Qs; Fri, 29 Jul 2022 23:33:04 +0000 Received: by outflank-mailman (input) for mailman id 377928; Fri, 29 Jul 2022 23:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHZTc-0008Pc-3q for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 23:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHZTc-0005rf-0O for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 23:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHZTb-00013j-Uy for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 23:33:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NzAWlK1O0YFYqFMKDxmo4TMErpJXiuMYl+5Qcv07GCY=; b=V8JodTt0vXHjwVa9MaoFYXlNhR dTqD4nhKEm1ahmXgMuckeN8HWdLzp2r0ZviDWgXSo9fJ21CU5xUujDxCI4TlVj6cX/M/yedtjkdVZ Tbq20wTPp2DUwBUk2NeGyYoTWlOojvQODAgLAD23AbIi9O+cmBZ1MSCOnH4N+XcLMfv4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation: qemu-smoke-arm64.sh: Remove some stale comments Message-Id: Date: Fri, 29 Jul 2022 23:33:03 +0000 commit d7cb99c378c759c2f00fb1ee33e65a4379cf334f Author: Xenia Ragiadakou AuthorDate: Fri Jul 29 17:52:27 2022 +0300 Commit: Stefano Stabellini CommitDate: Fri Jul 29 16:25:44 2022 -0700 automation: qemu-smoke-arm64.sh: Remove some stale comments Remove comment "# Install QEMU" because qemu is not installed, it is taken from a test-artifacts container. Change comment "# Busybox Dom0" to "# Busybox" because busybox is not used only for the Dom0 but also for the DomU. Signed-off-by: Xenia Ragiadakou Reviewed-by: Stefano Stabellini --- automation/scripts/qemu-smoke-arm64.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/automation/scripts/qemu-smoke-arm64.sh b/automation/scripts/qemu-smoke-arm64.sh index 898398196a..f483a2ffc1 100755 --- a/automation/scripts/qemu-smoke-arm64.sh +++ b/automation/scripts/qemu-smoke-arm64.sh @@ -21,7 +21,6 @@ fi " fi -# Install QEMU export DEBIAN_FRONTENT=noninteractive apt-get -qy update apt-get -qy install --no-install-recommends u-boot-qemu \ @@ -44,7 +43,7 @@ sed 's/compatible = "arm,pl061.*/status = "disabled";/g' binaries/virt-gicv3.dts dtc -I dts -O dtb binaries/virt-gicv3-edited.dts > binaries/virt-gicv3.dtb -# Busybox Dom0 +# Busybox mkdir -p initrd mkdir -p initrd/bin mkdir -p initrd/sbin -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 23:33:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 23:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377929.611259 (Exim 4.92) (envelope-from ) id 1oHZTm-0008S6-VJ; Fri, 29 Jul 2022 23:33:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377929.611259; Fri, 29 Jul 2022 23:33:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHZTm-0008Rz-SY; Fri, 29 Jul 2022 23:33:14 +0000 Received: by outflank-mailman (input) for mailman id 377929; Fri, 29 Jul 2022 23:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHZTm-0008Rk-4v for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 23:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHZTm-0005rq-44 for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 23:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHZTm-00014X-2T for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 23:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bR6Oxt+zk5QjS4+wXI3A7CsRXeXUW9x8q4V1xQtYBGI=; b=ksGwAssr6324N5VnCXa3E+YT6H I3OdYc+UXEpIeKMAEBHhjtYbS1m75AQhwKpKvkG+z28q7MhYU5SeaSW3uZMV1pIDsU3bSYIxFO+JR RHfMjmp/6eHa1tL184Z0CkFSPshYfWMZAYWbeN+6QKEKE615okiG5OykFJ1J3uHOIShU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation: qemu-smoke-arm64.sh: Rename the device tree to avoid confusion Message-Id: Date: Fri, 29 Jul 2022 23:33:14 +0000 commit 1971609550024e1567788088aa24026845b5523c Author: Xenia Ragiadakou AuthorDate: Fri Jul 29 17:52:28 2022 +0300 Commit: Stefano Stabellini CommitDate: Fri Jul 29 16:25:44 2022 -0700 automation: qemu-smoke-arm64.sh: Rename the device tree to avoid confusion Rename the device tree from virt-gicv3 to virt-gicv2 to avoid confusion since the version of the generic interrupt controller used for this test is the v2 and not the v3. Signed-off-by: Xenia Ragiadakou Reviewed-by: Stefano Stabellini --- automation/scripts/qemu-smoke-arm64.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/automation/scripts/qemu-smoke-arm64.sh b/automation/scripts/qemu-smoke-arm64.sh index f483a2ffc1..7ac82b2278 100755 --- a/automation/scripts/qemu-smoke-arm64.sh +++ b/automation/scripts/qemu-smoke-arm64.sh @@ -36,11 +36,11 @@ curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom -machine virtualization=true \ -cpu cortex-a57 -machine type=virt \ -m 1024 -display none \ - -machine dumpdtb=binaries/virt-gicv3.dtb + -machine dumpdtb=binaries/virt-gicv2.dtb # XXX disable pl061 to avoid Linux crash -dtc -I dtb -O dts binaries/virt-gicv3.dtb > binaries/virt-gicv3.dts -sed 's/compatible = "arm,pl061.*/status = "disabled";/g' binaries/virt-gicv3.dts > binaries/virt-gicv3-edited.dts -dtc -I dts -O dtb binaries/virt-gicv3-edited.dts > binaries/virt-gicv3.dtb +dtc -I dtb -O dts binaries/virt-gicv2.dtb > binaries/virt-gicv2.dts +sed 's/compatible = "arm,pl061.*/status = "disabled";/g' binaries/virt-gicv2.dts > binaries/virt-gicv2-edited.dts +dtc -I dts -O dtb binaries/virt-gicv2-edited.dts > binaries/virt-gicv2.dtb # Busybox @@ -73,7 +73,7 @@ cd .. echo 'MEMORY_START="0x40000000" MEMORY_END="0x80000000" -DEVICE_TREE="virt-gicv3.dtb" +DEVICE_TREE="virt-gicv2.dtb" XEN="xen" DOM0_KERNEL="Image" DOM0_RAMDISK="initrd" -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Jul 29 23:33:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 29 Jul 2022 23:33:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.377930.611263 (Exim 4.92) (envelope-from ) id 1oHZTx-0008V6-0g; Fri, 29 Jul 2022 23:33:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 377930.611263; Fri, 29 Jul 2022 23:33:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHZTw-0008Uz-U8; Fri, 29 Jul 2022 23:33:24 +0000 Received: by outflank-mailman (input) for mailman id 377930; Fri, 29 Jul 2022 23:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHZTw-0008Ur-7p for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 23:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oHZTw-0005s3-6w for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 23:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1oHZTw-000159-6C for xen-changelog@lists.xenproject.org; Fri, 29 Jul 2022 23:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+KU0gHYmuNMZsoYJIhGWj8L8xOKC8O1S4dJQ54H0GuM=; b=Kwpq+6wF1WjNfMI3/HuFNJQzZW WTO0WPnPFFW5OPCSqvqKecr8ZfZZgLSID9BkT/9zxprs2GZtPT6S16Ums5yadlaRXmPto+o/EyfZe rPD/MWU8Sxe3/sADYa9oN0wfkBoK+LBpRPsseFOes9PO+WII5SDUg2HHZOpsdoRVXH2o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation: qemu-smoke-arm64.sh: Fix the number of cpus in the device tree Message-Id: Date: Fri, 29 Jul 2022 23:33:24 +0000 commit 9dc3f006a831cd20d531123f097e3de176ac3cae Author: Xenia Ragiadakou AuthorDate: Fri Jul 29 17:52:29 2022 +0300 Commit: Stefano Stabellini CommitDate: Fri Jul 29 16:25:45 2022 -0700 automation: qemu-smoke-arm64.sh: Fix the number of cpus in the device tree Qemu VM is configured with 2 cpus but the device tree passed has only 1. Generate a device tree with 2 cpus. Signed-off-by: Xenia Ragiadakou Reviewed-by: Stefano Stabellini --- automation/scripts/qemu-smoke-arm64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation/scripts/qemu-smoke-arm64.sh b/automation/scripts/qemu-smoke-arm64.sh index 7ac82b2278..b48a20988f 100755 --- a/automation/scripts/qemu-smoke-arm64.sh +++ b/automation/scripts/qemu-smoke-arm64.sh @@ -35,7 +35,7 @@ curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom ./binaries/qemu-system-aarch64 \ -machine virtualization=true \ -cpu cortex-a57 -machine type=virt \ - -m 1024 -display none \ + -m 1024 -smp 2 -display none \ -machine dumpdtb=binaries/virt-gicv2.dtb # XXX disable pl061 to avoid Linux crash dtc -I dtb -O dts binaries/virt-gicv2.dtb > binaries/virt-gicv2.dts -- generated by git-patchbot for /home/xen/git/xen.git#staging